merge changesdiff -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/Configure
(christos)
--- src/crypto/external/bsd/openssl/dist/Configure 2012/07/26 19:58:36 1.3
+++ src/crypto/external/bsd/openssl/dist/Configure 2013/02/05 21:31:23 1.4
@@ -161,40 +161,41 @@ my %table=( | @@ -161,40 +161,41 @@ my %table=( | |||
161 | 161 | |||
162 | #"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", | 162 | #"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", | |
163 | #"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", | 163 | #"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", | |
164 | #"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", | 164 | #"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", | |
165 | #"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", | 165 | #"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", | |
166 | 166 | |||
167 | # Our development configs | 167 | # Our development configs | |
168 | "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", | 168 | "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", | |
169 | "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", | 169 | "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", | |
170 | "debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", | 170 | "debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", | |
171 | "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | 171 | "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | |
172 | "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | 172 | "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | |
173 | "debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::", | 173 | "debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::", | |
174 | "debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |||
174 | "debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::", | 175 | "debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::", | |
175 | "debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", | 176 | "debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", | |
176 | "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", | 177 | "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", | |
177 | "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", | 178 | "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", | |
178 | "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | 179 | "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | |
179 | "debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | 180 | "debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | |
180 | "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", | 181 | "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", | |
181 | "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 182 | "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
182 | "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 183 | "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
183 | "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 184 | "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
184 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 185 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
185 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 186 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
186 | "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 187 | "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
187 | "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 188 | "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
188 | "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 189 | "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
189 | "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 190 | "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
190 | "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | 191 | "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | |
191 | "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | 192 | "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | |
192 | "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 193 | "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
193 | "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 194 | "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
194 | "debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 195 | "debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
195 | "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 196 | "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
196 | "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 197 | "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
197 | "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | 198 | "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | |
198 | "dist", "cc:-O::(unknown)::::::", | 199 | "dist", "cc:-O::(unknown)::::::", | |
199 | 200 | |||
200 | # Basic configs that should work on any (32 and less bit) box | 201 | # Basic configs that should work on any (32 and less bit) box | |
@@ -233,27 +234,27 @@ my %table=( | @@ -233,27 +234,27 @@ my %table=( | |||
233 | "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 234 | "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
234 | "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", | 235 | "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", | |
235 | #### | 236 | #### | |
236 | "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 237 | "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
237 | "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 238 | "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
238 | 239 | |||
239 | #### SPARC Solaris with Sun C setups | 240 | #### SPARC Solaris with Sun C setups | |
240 | # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. | 241 | # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. | |
241 | # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 | 242 | # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 | |
242 | # SC5.0 note: Compiler common patch 107357-01 or later is required! | 243 | # SC5.0 note: Compiler common patch 107357-01 or later is required! | |
243 | "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 244 | "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
244 | "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 245 | "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
245 | "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 246 | "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
246 | "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", | 247 | "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", | |
247 | #### | 248 | #### | |
248 | "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 249 | "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
249 | "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 250 | "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
250 | 251 | |||
251 | #### SunOS configs, assuming sparc for the gcc one. | 252 | #### SunOS configs, assuming sparc for the gcc one. | |
252 | #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", | 253 | #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", | |
253 | "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", | 254 | "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", | |
254 | 255 | |||
255 | #### IRIX 5.x configs | 256 | #### IRIX 5.x configs | |
256 | # -mips2 flag is added by ./config when appropriate. | 257 | # -mips2 flag is added by ./config when appropriate. | |
257 | "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 258 | "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
258 | "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 259 | "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
259 | #### IRIX 6.x configs | 260 | #### IRIX 6.x configs | |
@@ -454,28 +455,28 @@ my %table=( | @@ -454,28 +455,28 @@ my %table=( | |||
454 | "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", | 455 | "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", | |
455 | "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 456 | "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
456 | "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 457 | "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
457 | # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc. | 458 | # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc. | |
458 | "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 459 | "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
459 | "sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 460 | "sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
460 | 461 | |||
461 | #### IBM's AIX. | 462 | #### IBM's AIX. | |
462 | "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", | 463 | "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", | |
463 | "aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", | 464 | "aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", | |
464 | "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", | 465 | "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", | |
465 | # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE | 466 | # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE | |
466 | # at build time. $OBJECT_MODE is respected at ./config stage! | 467 | # at build time. $OBJECT_MODE is respected at ./config stage! | |
467 | "aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", | 468 | "aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", | |
468 | "aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", | 469 | "aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", | |
469 | 470 | |||
470 | # | 471 | # | |
471 | # Cray T90 and similar (SDSC) | 472 | # Cray T90 and similar (SDSC) | |
472 | # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT | 473 | # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT | |
473 | # defined. The T90 ints and longs are 8 bytes long, and apparently the | 474 | # defined. The T90 ints and longs are 8 bytes long, and apparently the | |
474 | # B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and | 475 | # B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and | |
475 | # non L_ENDIAN code aligns the bytes in each word correctly. | 476 | # non L_ENDIAN code aligns the bytes in each word correctly. | |
476 | # | 477 | # | |
477 | # The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: | 478 | # The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: | |
478 | #'Taking the address of a bit field is not allowed. ' | 479 | #'Taking the address of a bit field is not allowed. ' | |
479 | #'An expression with bit field exists as the operand of "sizeof" ' | 480 | #'An expression with bit field exists as the operand of "sizeof" ' | |
480 | # (written by Wayne Schroeder <schroede@SDSC.EDU>) | 481 | # (written by Wayne Schroeder <schroede@SDSC.EDU>) | |
481 | # | 482 | # |
--- src/crypto/external/bsd/openssl/dist/apps/ca.c 2012/07/26 19:58:36 1.5
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c 2013/02/05 21:31:24 1.6
@@ -1398,26 +1398,27 @@ bad: | @@ -1398,26 +1398,27 @@ bad: | |||
1398 | { | 1398 | { | |
1399 | BIO_printf(bio_err,"error while loading CRL number\n"); | 1399 | BIO_printf(bio_err,"error while loading CRL number\n"); | |
1400 | goto err; | 1400 | goto err; | |
1401 | } | 1401 | } | |
1402 | 1402 | |||
1403 | if (!crldays && !crlhours && !crlsec) | 1403 | if (!crldays && !crlhours && !crlsec) | |
1404 | { | 1404 | { | |
1405 | if (!NCONF_get_number(conf,section, | 1405 | if (!NCONF_get_number(conf,section, | |
1406 | ENV_DEFAULT_CRL_DAYS, &crldays)) | 1406 | ENV_DEFAULT_CRL_DAYS, &crldays)) | |
1407 | crldays = 0; | 1407 | crldays = 0; | |
1408 | if (!NCONF_get_number(conf,section, | 1408 | if (!NCONF_get_number(conf,section, | |
1409 | ENV_DEFAULT_CRL_HOURS, &crlhours)) | 1409 | ENV_DEFAULT_CRL_HOURS, &crlhours)) | |
1410 | crlhours = 0; | 1410 | crlhours = 0; | |
1411 | ERR_clear_error(); | |||
1411 | } | 1412 | } | |
1412 | if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) | 1413 | if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) | |
1413 | { | 1414 | { | |
1414 | BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n"); | 1415 | BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n"); | |
1415 | goto err; | 1416 | goto err; | |
1416 | } | 1417 | } | |
1417 | 1418 | |||
1418 | if (verbose) BIO_printf(bio_err,"making CRL\n"); | 1419 | if (verbose) BIO_printf(bio_err,"making CRL\n"); | |
1419 | if ((crl=X509_CRL_new()) == NULL) goto err; | 1420 | if ((crl=X509_CRL_new()) == NULL) goto err; | |
1420 | if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; | 1421 | if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; | |
1421 | 1422 | |||
1422 | tmptm = ASN1_TIME_new(); | 1423 | tmptm = ASN1_TIME_new(); | |
1423 | if (!tmptm) goto err; | 1424 | if (!tmptm) goto err; |
--- src/crypto/external/bsd/openssl/dist/apps/speed.c 2012/07/26 19:58:36 1.5
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c 2013/02/05 21:31:24 1.6
@@ -244,27 +244,27 @@ static int do_multi(int multi); | @@ -244,27 +244,27 @@ static int do_multi(int multi); | |||
244 | #define RSA_NUM 4 | 244 | #define RSA_NUM 4 | |
245 | #define DSA_NUM 3 | 245 | #define DSA_NUM 3 | |
246 | 246 | |||
247 | #define EC_NUM 16 | 247 | #define EC_NUM 16 | |
248 | #define MAX_ECDH_SIZE 256 | 248 | #define MAX_ECDH_SIZE 256 | |
249 | 249 | |||
250 | static const char *names[ALGOR_NUM]={ | 250 | static const char *names[ALGOR_NUM]={ | |
251 | "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", | 251 | "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", | |
252 | "des cbc","des ede3","idea cbc","seed cbc", | 252 | "des cbc","des ede3","idea cbc","seed cbc", | |
253 | "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", | 253 | "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", | |
254 | "aes-128 cbc","aes-192 cbc","aes-256 cbc", | 254 | "aes-128 cbc","aes-192 cbc","aes-256 cbc", | |
255 | "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", | 255 | "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", | |
256 | "evp","sha256","sha512","whirlpool", | 256 | "evp","sha256","sha512","whirlpool", | |
257 | "aes-128 ige","aes-192 ige","aes-256 ige","ghash"}; | 257 | "aes-128 ige","aes-192 ige","aes-256 ige","ghash" }; | |
258 | static double results[ALGOR_NUM][SIZE_NUM]; | 258 | static double results[ALGOR_NUM][SIZE_NUM]; | |
259 | static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; | 259 | static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; | |
260 | #ifndef OPENSSL_NO_RSA | 260 | #ifndef OPENSSL_NO_RSA | |
261 | static double rsa_results[RSA_NUM][2]; | 261 | static double rsa_results[RSA_NUM][2]; | |
262 | #endif | 262 | #endif | |
263 | #ifndef OPENSSL_NO_DSA | 263 | #ifndef OPENSSL_NO_DSA | |
264 | static double dsa_results[DSA_NUM][2]; | 264 | static double dsa_results[DSA_NUM][2]; | |
265 | #endif | 265 | #endif | |
266 | #ifndef OPENSSL_NO_ECDSA | 266 | #ifndef OPENSSL_NO_ECDSA | |
267 | static double ecdsa_results[EC_NUM][2]; | 267 | static double ecdsa_results[EC_NUM][2]; | |
268 | #endif | 268 | #endif | |
269 | #ifndef OPENSSL_NO_ECDH | 269 | #ifndef OPENSSL_NO_ECDH | |
270 | static double ecdh_results[EC_NUM][1]; | 270 | static double ecdh_results[EC_NUM][1]; | |
@@ -289,27 +289,27 @@ static SIGRETTYPE sig_done(int sig) | @@ -289,27 +289,27 @@ static SIGRETTYPE sig_done(int sig) | |||
289 | run=0; | 289 | run=0; | |
290 | #ifdef LINT | 290 | #ifdef LINT | |
291 | sig=sig; | 291 | sig=sig; | |
292 | #endif | 292 | #endif | |
293 | } | 293 | } | |
294 | #endif | 294 | #endif | |
295 | 295 | |||
296 | #define START 0 | 296 | #define START 0 | |
297 | #define STOP 1 | 297 | #define STOP 1 | |
298 | 298 | |||
299 | #if defined(_WIN32) | 299 | #if defined(_WIN32) | |
300 | 300 | |||
301 | #if !defined(SIGALRM) | 301 | #if !defined(SIGALRM) | |
302 | #define SIGALRM | 302 | # define SIGALRM | |
303 | #endif | 303 | #endif | |
304 | static unsigned int lapse,schlock; | 304 | static unsigned int lapse,schlock; | |
305 | static void alarm_win32(unsigned int secs) { lapse = secs*1000; } | 305 | static void alarm_win32(unsigned int secs) { lapse = secs*1000; } | |
306 | #define alarm alarm_win32 | 306 | #define alarm alarm_win32 | |
307 | 307 | |||
308 | static DWORD WINAPI sleepy(VOID *arg) | 308 | static DWORD WINAPI sleepy(VOID *arg) | |
309 | { | 309 | { | |
310 | schlock = 1; | 310 | schlock = 1; | |
311 | Sleep(lapse); | 311 | Sleep(lapse); | |
312 | run = 0; | 312 | run = 0; | |
313 | return 0; | 313 | return 0; | |
314 | } | 314 | } | |
315 | 315 |
--- src/crypto/external/bsd/openssl/dist/apps/ocsp.c 2009/12/27 00:48:55 1.3
+++ src/crypto/external/bsd/openssl/dist/apps/ocsp.c 2013/02/05 21:31:24 1.4
@@ -607,27 +607,27 @@ int MAIN(int argc, char **argv) | @@ -607,27 +607,27 @@ int MAIN(int argc, char **argv) | |||
607 | BIO_printf (bio_err, "-no_chain don't chain verify response\n"); | 607 | BIO_printf (bio_err, "-no_chain don't chain verify response\n"); | |
608 | BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); | 608 | BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); | |
609 | BIO_printf (bio_err, "-port num port to run responder on\n"); | 609 | BIO_printf (bio_err, "-port num port to run responder on\n"); | |
610 | BIO_printf (bio_err, "-index file certificate status index file\n"); | 610 | BIO_printf (bio_err, "-index file certificate status index file\n"); | |
611 | BIO_printf (bio_err, "-CA file CA certificate\n"); | 611 | BIO_printf (bio_err, "-CA file CA certificate\n"); | |
612 | BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); | 612 | BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); | |
613 | BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); | 613 | BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); | |
614 | BIO_printf (bio_err, "-rother file other certificates to include in response\n"); | 614 | BIO_printf (bio_err, "-rother file other certificates to include in response\n"); | |
615 | BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); | 615 | BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); | |
616 | BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); | 616 | BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); | |
617 | BIO_printf (bio_err, "-ndays n number of days before next update\n"); | 617 | BIO_printf (bio_err, "-ndays n number of days before next update\n"); | |
618 | BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); | 618 | BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); | |
619 | BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); | 619 | BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); | |
620 | BIO_printf (bio_err, "-<dgst alg> use specified digest in the request"); | 620 | BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n"); | |
621 | goto end; | 621 | goto end; | |
622 | } | 622 | } | |
623 | 623 | |||
624 | if(outfile) out = BIO_new_file(outfile, "w"); | 624 | if(outfile) out = BIO_new_file(outfile, "w"); | |
625 | else out = BIO_new_fp(stdout, BIO_NOCLOSE); | 625 | else out = BIO_new_fp(stdout, BIO_NOCLOSE); | |
626 | 626 | |||
627 | if(!out) | 627 | if(!out) | |
628 | { | 628 | { | |
629 | BIO_printf(bio_err, "Error opening output file\n"); | 629 | BIO_printf(bio_err, "Error opening output file\n"); | |
630 | goto end; | 630 | goto end; | |
631 | } | 631 | } | |
632 | 632 | |||
633 | if (!req && (add_nonce != 2)) add_nonce = 0; | 633 | if (!req && (add_nonce != 2)) add_nonce = 0; |
--- src/crypto/external/bsd/openssl/dist/apps/s_client.c 2012/07/26 19:58:36 1.3
+++ src/crypto/external/bsd/openssl/dist/apps/s_client.c 2013/02/05 21:31:24 1.4
@@ -347,27 +347,27 @@ static void sc_usage(void) | @@ -347,27 +347,27 @@ static void sc_usage(void) | |||
347 | BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); | 347 | BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); | |
348 | BIO_printf(bio_err," are supported.\n"); | 348 | BIO_printf(bio_err," are supported.\n"); | |
349 | #ifndef OPENSSL_NO_ENGINE | 349 | #ifndef OPENSSL_NO_ENGINE | |
350 | BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); | 350 | BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); | |
351 | #endif | 351 | #endif | |
352 | BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); | 352 | BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); | |
353 | BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); | 353 | BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); | |
354 | BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); | 354 | BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); | |
355 | #ifndef OPENSSL_NO_TLSEXT | 355 | #ifndef OPENSSL_NO_TLSEXT | |
356 | BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); | 356 | BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); | |
357 | BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); | 357 | BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); | |
358 | BIO_printf(bio_err," -status - request certificate status from server\n"); | 358 | BIO_printf(bio_err," -status - request certificate status from server\n"); | |
359 | BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); | 359 | BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); | |
360 | # if !defined(OPENSSL_NO_NEXTPROTONEG) | 360 | # ifndef OPENSSL_NO_NEXTPROTONEG | |
361 | BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); | 361 | BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); | |
362 | # endif | 362 | # endif | |
363 | #endif | 363 | #endif | |
364 | BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); | 364 | BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); | |
365 | BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); | 365 | BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); | |
366 | BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); | 366 | BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); | |
367 | BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); | 367 | BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); | |
368 | } | 368 | } | |
369 | 369 | |||
370 | #ifndef OPENSSL_NO_TLSEXT | 370 | #ifndef OPENSSL_NO_TLSEXT | |
371 | 371 | |||
372 | /* This is a context that we pass to callbacks */ | 372 | /* This is a context that we pass to callbacks */ | |
373 | typedef struct tlsextctx_st { | 373 | typedef struct tlsextctx_st { | |
@@ -526,27 +526,27 @@ static int next_proto_cb(SSL *s, unsigne | @@ -526,27 +526,27 @@ static int next_proto_cb(SSL *s, unsigne | |||
526 | for (i = 0; i < inlen; ) | 526 | for (i = 0; i < inlen; ) | |
527 | { | 527 | { | |
528 | if (i) | 528 | if (i) | |
529 | BIO_write(bio_c_out, ", ", 2); | 529 | BIO_write(bio_c_out, ", ", 2); | |
530 | BIO_write(bio_c_out, &in[i + 1], in[i]); | 530 | BIO_write(bio_c_out, &in[i + 1], in[i]); | |
531 | i += in[i] + 1; | 531 | i += in[i] + 1; | |
532 | } | 532 | } | |
533 | BIO_write(bio_c_out, "\n", 1); | 533 | BIO_write(bio_c_out, "\n", 1); | |
534 | } | 534 | } | |
535 | 535 | |||
536 | ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); | 536 | ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); | |
537 | return SSL_TLSEXT_ERR_OK; | 537 | return SSL_TLSEXT_ERR_OK; | |
538 | } | 538 | } | |
539 | # endif | 539 | # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ | |
540 | #endif | 540 | #endif | |
541 | 541 | |||
542 | enum | 542 | enum | |
543 | { | 543 | { | |
544 | PROTO_OFF = 0, | 544 | PROTO_OFF = 0, | |
545 | PROTO_SMTP, | 545 | PROTO_SMTP, | |
546 | PROTO_POP3, | 546 | PROTO_POP3, | |
547 | PROTO_IMAP, | 547 | PROTO_IMAP, | |
548 | PROTO_FTP, | 548 | PROTO_FTP, | |
549 | PROTO_XMPP | 549 | PROTO_XMPP | |
550 | }; | 550 | }; | |
551 | 551 | |||
552 | int MAIN(int, char **); | 552 | int MAIN(int, char **); | |
@@ -1893,33 +1893,39 @@ printf("read=%d pending=%d peek=%d\n",k, | @@ -1893,33 +1893,39 @@ printf("read=%d pending=%d peek=%d\n",k, | |||
1893 | ret=0; | 1893 | ret=0; | |
1894 | shut: | 1894 | shut: | |
1895 | if (in_init) | 1895 | if (in_init) | |
1896 | print_stuff(bio_c_out,con,full_log); | 1896 | print_stuff(bio_c_out,con,full_log); | |
1897 | SSL_shutdown(con); | 1897 | SSL_shutdown(con); | |
1898 | SHUTDOWN(SSL_get_fd(con)); | 1898 | SHUTDOWN(SSL_get_fd(con)); | |
1899 | end: | 1899 | end: | |
1900 | if (con != NULL) | 1900 | if (con != NULL) | |
1901 | { | 1901 | { | |
1902 | if (prexit != 0) | 1902 | if (prexit != 0) | |
1903 | print_stuff(bio_c_out,con,1); | 1903 | print_stuff(bio_c_out,con,1); | |
1904 | SSL_free(con); | 1904 | SSL_free(con); | |
1905 | } | 1905 | } | |
1906 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |||
1907 | if (next_proto.data) | |||
1908 | OPENSSL_free(next_proto.data); | |||
1909 | #endif | |||
1906 | if (ctx != NULL) SSL_CTX_free(ctx); | 1910 | if (ctx != NULL) SSL_CTX_free(ctx); | |
1907 | if (cert) | 1911 | if (cert) | |
1908 | X509_free(cert); | 1912 | X509_free(cert); | |
1909 | if (key) | 1913 | if (key) | |
1910 | EVP_PKEY_free(key); | 1914 | EVP_PKEY_free(key); | |
1911 | if (pass) | 1915 | if (pass) | |
1912 | OPENSSL_free(pass); | 1916 | OPENSSL_free(pass); | |
1917 | if (vpm) | |||
1918 | X509_VERIFY_PARAM_free(vpm); | |||
1913 | if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } | 1919 | if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } | |
1914 | if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } | 1920 | if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } | |
1915 | if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } | 1921 | if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } | |
1916 | if (bio_c_out != NULL) | 1922 | if (bio_c_out != NULL) | |
1917 | { | 1923 | { | |
1918 | BIO_free(bio_c_out); | 1924 | BIO_free(bio_c_out); | |
1919 | bio_c_out=NULL; | 1925 | bio_c_out=NULL; | |
1920 | } | 1926 | } | |
1921 | apps_shutdown(); | 1927 | apps_shutdown(); | |
1922 | OPENSSL_EXIT(ret); | 1928 | OPENSSL_EXIT(ret); | |
1923 | } | 1929 | } | |
1924 | 1930 | |||
1925 | 1931 |
--- src/crypto/external/bsd/openssl/dist/apps/s_server.c 2012/07/26 19:58:36 1.3
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c 2013/02/05 21:31:24 1.4
@@ -1196,33 +1196,33 @@ int MAIN(int argc, char *argv[]) | @@ -1196,33 +1196,33 @@ int MAIN(int argc, char *argv[]) | |||
1196 | { | 1196 | { | |
1197 | if (isxdigit((unsigned char)psk_key[i])) | 1197 | if (isxdigit((unsigned char)psk_key[i])) | |
1198 | continue; | 1198 | continue; | |
1199 | BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); | 1199 | BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); | |
1200 | goto bad; | 1200 | goto bad; | |
1201 | } | 1201 | } | |
1202 | } | 1202 | } | |
1203 | #endif | 1203 | #endif | |
1204 | #ifndef OPENSSL_NO_SRP | 1204 | #ifndef OPENSSL_NO_SRP | |
1205 | else if (strcmp(*argv, "-srpvfile") == 0) | 1205 | else if (strcmp(*argv, "-srpvfile") == 0) | |
1206 | { | 1206 | { | |
1207 | if (--argc < 1) goto bad; | 1207 | if (--argc < 1) goto bad; | |
1208 | srp_verifier_file = *(++argv); | 1208 | srp_verifier_file = *(++argv); | |
1209 | meth=TLSv1_server_method(); | 1209 | meth = TLSv1_server_method(); | |
1210 | } | 1210 | } | |
1211 | else if (strcmp(*argv, "-srpuserseed") == 0) | 1211 | else if (strcmp(*argv, "-srpuserseed") == 0) | |
1212 | { | 1212 | { | |
1213 | if (--argc < 1) goto bad; | 1213 | if (--argc < 1) goto bad; | |
1214 | srpuserseed = *(++argv); | 1214 | srpuserseed = *(++argv); | |
1215 | meth=TLSv1_server_method(); | 1215 | meth = TLSv1_server_method(); | |
1216 | } | 1216 | } | |
1217 | #endif | 1217 | #endif | |
1218 | else if (strcmp(*argv,"-www") == 0) | 1218 | else if (strcmp(*argv,"-www") == 0) | |
1219 | { www=1; } | 1219 | { www=1; } | |
1220 | else if (strcmp(*argv,"-WWW") == 0) | 1220 | else if (strcmp(*argv,"-WWW") == 0) | |
1221 | { www=2; } | 1221 | { www=2; } | |
1222 | else if (strcmp(*argv,"-HTTP") == 0) | 1222 | else if (strcmp(*argv,"-HTTP") == 0) | |
1223 | { www=3; } | 1223 | { www=3; } | |
1224 | else if (strcmp(*argv,"-no_ssl2") == 0) | 1224 | else if (strcmp(*argv,"-no_ssl2") == 0) | |
1225 | { off|=SSL_OP_NO_SSLv2; } | 1225 | { off|=SSL_OP_NO_SSLv2; } | |
1226 | else if (strcmp(*argv,"-no_ssl3") == 0) | 1226 | else if (strcmp(*argv,"-no_ssl3") == 0) | |
1227 | { off|=SSL_OP_NO_SSLv3; } | 1227 | { off|=SSL_OP_NO_SSLv3; } | |
1228 | else if (strcmp(*argv,"-no_tls1") == 0) | 1228 | else if (strcmp(*argv,"-no_tls1") == 0) | |
@@ -1421,45 +1421,44 @@ bad: | @@ -1421,45 +1421,44 @@ bad: | |||
1421 | ERR_print_errors(bio_err); | 1421 | ERR_print_errors(bio_err); | |
1422 | goto end; | 1422 | goto end; | |
1423 | } | 1423 | } | |
1424 | 1424 | |||
1425 | s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, | 1425 | s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, | |
1426 | NULL, e, "second server certificate file"); | 1426 | NULL, e, "second server certificate file"); | |
1427 | 1427 | |||
1428 | if (!s_cert2) | 1428 | if (!s_cert2) | |
1429 | { | 1429 | { | |
1430 | ERR_print_errors(bio_err); | 1430 | ERR_print_errors(bio_err); | |
1431 | goto end; | 1431 | goto end; | |
1432 | } | 1432 | } | |
1433 | } | 1433 | } | |
1434 | ||||
1435 | # ifndef OPENSSL_NO_NEXTPROTONEG | |||
1436 | if (next_proto_neg_in) | |||
1437 | { | |||
1438 | unsigned short len; | |||
1439 | next_proto.data = next_protos_parse(&len, | |||
1440 | next_proto_neg_in); | |||
1441 | if (next_proto.data == NULL) | |||
1442 | goto end; | |||
1443 | next_proto.len = len; | |||
1444 | } | |||
1445 | else | |||
1446 | { | |||
1447 | next_proto.data = NULL; | |||
1448 | } | |||
1449 | # endif | |||
1450 | #endif | 1434 | #endif | |
1451 | } | 1435 | } | |
1452 | 1436 | |||
1437 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |||
1438 | if (next_proto_neg_in) | |||
1439 | { | |||
1440 | unsigned short len; | |||
1441 | next_proto.data = next_protos_parse(&len, next_proto_neg_in); | |||
1442 | if (next_proto.data == NULL) | |||
1443 | goto end; | |||
1444 | next_proto.len = len; | |||
1445 | } | |||
1446 | else | |||
1447 | { | |||
1448 | next_proto.data = NULL; | |||
1449 | } | |||
1450 | #endif | |||
1451 | ||||
1453 | 1452 | |||
1454 | if (s_dcert_file) | 1453 | if (s_dcert_file) | |
1455 | { | 1454 | { | |
1456 | 1455 | |||
1457 | if (s_dkey_file == NULL) | 1456 | if (s_dkey_file == NULL) | |
1458 | s_dkey_file = s_dcert_file; | 1457 | s_dkey_file = s_dcert_file; | |
1459 | 1458 | |||
1460 | s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, | 1459 | s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, | |
1461 | 0, dpass, e, | 1460 | 0, dpass, e, | |
1462 | "second certificate private key file"); | 1461 | "second certificate private key file"); | |
1463 | if (!s_dkey) | 1462 | if (!s_dkey) | |
1464 | { | 1463 | { | |
1465 | ERR_print_errors(bio_err); | 1464 | ERR_print_errors(bio_err); | |
@@ -1720,35 +1719,35 @@ bad: | @@ -1720,35 +1719,35 @@ bad: | |||
1720 | } | 1719 | } | |
1721 | } | 1720 | } | |
1722 | (void)BIO_flush(bio_s_out); | 1721 | (void)BIO_flush(bio_s_out); | |
1723 | 1722 | |||
1724 | SSL_CTX_set_tmp_ecdh(ctx,ecdh); | 1723 | SSL_CTX_set_tmp_ecdh(ctx,ecdh); | |
1725 | #ifndef OPENSSL_NO_TLSEXT | 1724 | #ifndef OPENSSL_NO_TLSEXT | |
1726 | if (ctx2) | 1725 | if (ctx2) | |
1727 | SSL_CTX_set_tmp_ecdh(ctx2,ecdh); | 1726 | SSL_CTX_set_tmp_ecdh(ctx2,ecdh); | |
1728 | #endif | 1727 | #endif | |
1729 | EC_KEY_free(ecdh); | 1728 | EC_KEY_free(ecdh); | |
1730 | } | 1729 | } | |
1731 | #endif | 1730 | #endif | |
1732 | 1731 | |||
1733 | if (!set_cert_key_stuff(ctx,s_cert,s_key)) | 1732 | if (!set_cert_key_stuff(ctx, s_cert, s_key)) | |
1734 | goto end; | 1733 | goto end; | |
1735 | #ifndef OPENSSL_NO_TLSEXT | 1734 | #ifndef OPENSSL_NO_TLSEXT | |
1736 | if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) | 1735 | if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) | |
1737 | goto end; | 1736 | goto end; | |
1738 | #endif | 1737 | #endif | |
1739 | if (s_dcert != NULL) | 1738 | if (s_dcert != NULL) | |
1740 | { | 1739 | { | |
1741 | if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) | 1740 | if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) | |
1742 | goto end; | 1741 | goto end; | |
1743 | } | 1742 | } | |
1744 | 1743 | |||
1745 | #ifndef OPENSSL_NO_RSA | 1744 | #ifndef OPENSSL_NO_RSA | |
1746 | #if 1 | 1745 | #if 1 | |
1747 | if (!no_tmp_rsa) | 1746 | if (!no_tmp_rsa) | |
1748 | { | 1747 | { | |
1749 | SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); | 1748 | SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); | |
1750 | #ifndef OPENSSL_NO_TLSEXT | 1749 | #ifndef OPENSSL_NO_TLSEXT | |
1751 | if (ctx2) | 1750 | if (ctx2) | |
1752 | SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); | 1751 | SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); | |
1753 | #endif | 1752 | #endif | |
1754 | } | 1753 | } | |
@@ -1883,27 +1882,35 @@ end: | @@ -1883,27 +1882,35 @@ end: | |||
1883 | if (ctx != NULL) SSL_CTX_free(ctx); | 1882 | if (ctx != NULL) SSL_CTX_free(ctx); | |
1884 | if (s_cert) | 1883 | if (s_cert) | |
1885 | X509_free(s_cert); | 1884 | X509_free(s_cert); | |
1886 | if (s_dcert) | 1885 | if (s_dcert) | |
1887 | X509_free(s_dcert); | 1886 | X509_free(s_dcert); | |
1888 | if (s_key) | 1887 | if (s_key) | |
1889 | EVP_PKEY_free(s_key); | 1888 | EVP_PKEY_free(s_key); | |
1890 | if (s_dkey) | 1889 | if (s_dkey) | |
1891 | EVP_PKEY_free(s_dkey); | 1890 | EVP_PKEY_free(s_dkey); | |
1892 | if (pass) | 1891 | if (pass) | |
1893 | OPENSSL_free(pass); | 1892 | OPENSSL_free(pass); | |
1894 | if (dpass) | 1893 | if (dpass) | |
1895 | OPENSSL_free(dpass); | 1894 | OPENSSL_free(dpass); | |
1895 | if (vpm) | |||
1896 | X509_VERIFY_PARAM_free(vpm); | |||
1896 | #ifndef OPENSSL_NO_TLSEXT | 1897 | #ifndef OPENSSL_NO_TLSEXT | |
1898 | if (tlscstatp.host) | |||
1899 | OPENSSL_free(tlscstatp.host); | |||
1900 | if (tlscstatp.port) | |||
1901 | OPENSSL_free(tlscstatp.port); | |||
1902 | if (tlscstatp.path) | |||
1903 | OPENSSL_free(tlscstatp.path); | |||
1897 | if (ctx2 != NULL) SSL_CTX_free(ctx2); | 1904 | if (ctx2 != NULL) SSL_CTX_free(ctx2); | |
1898 | if (s_cert2) | 1905 | if (s_cert2) | |
1899 | X509_free(s_cert2); | 1906 | X509_free(s_cert2); | |
1900 | if (s_key2) | 1907 | if (s_key2) | |
1901 | EVP_PKEY_free(s_key2); | 1908 | EVP_PKEY_free(s_key2); | |
1902 | #endif | 1909 | #endif | |
1903 | if (bio_s_out != NULL) | 1910 | if (bio_s_out != NULL) | |
1904 | { | 1911 | { | |
1905 | BIO_free(bio_s_out); | 1912 | BIO_free(bio_s_out); | |
1906 | bio_s_out=NULL; | 1913 | bio_s_out=NULL; | |
1907 | } | 1914 | } | |
1908 | apps_shutdown(); | 1915 | apps_shutdown(); | |
1909 | OPENSSL_EXIT(ret); | 1916 | OPENSSL_EXIT(ret); | |
@@ -2429,26 +2436,27 @@ static int init_ssl_connection(SSL *con) | @@ -2429,26 +2436,27 @@ static int init_ssl_connection(SSL *con) | |||
2429 | BIO_printf(bio_s_out,"Client certificate\n"); | 2436 | BIO_printf(bio_s_out,"Client certificate\n"); | |
2430 | PEM_write_bio_X509(bio_s_out,peer); | 2437 | PEM_write_bio_X509(bio_s_out,peer); | |
2431 | X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); | 2438 | X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); | |
2432 | BIO_printf(bio_s_out,"subject=%s\n",buf); | 2439 | BIO_printf(bio_s_out,"subject=%s\n",buf); | |
2433 | X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); | 2440 | X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); | |
2434 | BIO_printf(bio_s_out,"issuer=%s\n",buf); | 2441 | BIO_printf(bio_s_out,"issuer=%s\n",buf); | |
2435 | X509_free(peer); | 2442 | X509_free(peer); | |
2436 | } | 2443 | } | |
2437 | 2444 | |||
2438 | if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) | 2445 | if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) | |
2439 | BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); | 2446 | BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); | |
2440 | str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); | 2447 | str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); | |
2441 | BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); | 2448 | BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); | |
2449 | ||||
2442 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | 2450 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
2443 | SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); | 2451 | SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); | |
2444 | if (next_proto_neg) | 2452 | if (next_proto_neg) | |
2445 | { | 2453 | { | |
2446 | BIO_printf(bio_s_out,"NEXTPROTO is "); | 2454 | BIO_printf(bio_s_out,"NEXTPROTO is "); | |
2447 | BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); | 2455 | BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); | |
2448 | BIO_printf(bio_s_out, "\n"); | 2456 | BIO_printf(bio_s_out, "\n"); | |
2449 | } | 2457 | } | |
2450 | #endif | 2458 | #endif | |
2451 | { | 2459 | { | |
2452 | SRTP_PROTECTION_PROFILE *srtp_profile | 2460 | SRTP_PROTECTION_PROFILE *srtp_profile | |
2453 | = SSL_get_selected_srtp_profile(con); | 2461 | = SSL_get_selected_srtp_profile(con); | |
2454 | 2462 | |||
@@ -2697,26 +2705,31 @@ static int www_body(char *hostname, int | @@ -2697,26 +2705,31 @@ static int www_body(char *hostname, int | |||
2697 | 2705 | |||
2698 | BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); | 2706 | BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); | |
2699 | BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); | 2707 | BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); | |
2700 | BIO_puts(io,"<pre>\n"); | 2708 | BIO_puts(io,"<pre>\n"); | |
2701 | /* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ | 2709 | /* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ | |
2702 | BIO_puts(io,"\n"); | 2710 | BIO_puts(io,"\n"); | |
2703 | for (i=0; i<local_argc; i++) | 2711 | for (i=0; i<local_argc; i++) | |
2704 | { | 2712 | { | |
2705 | BIO_puts(io,local_argv[i]); | 2713 | BIO_puts(io,local_argv[i]); | |
2706 | BIO_write(io," ",1); | 2714 | BIO_write(io," ",1); | |
2707 | } | 2715 | } | |
2708 | BIO_puts(io,"\n"); | 2716 | BIO_puts(io,"\n"); | |
2709 | 2717 | |||
2718 | BIO_printf(io, | |||
2719 | "Secure Renegotiation IS%s supported\n", | |||
2720 | SSL_get_secure_renegotiation_support(con) ? | |||
2721 | "" : " NOT"); | |||
2722 | ||||
2710 | /* The following is evil and should not really | 2723 | /* The following is evil and should not really | |
2711 | * be done */ | 2724 | * be done */ | |
2712 | BIO_printf(io,"Ciphers supported in s_server binary\n"); | 2725 | BIO_printf(io,"Ciphers supported in s_server binary\n"); | |
2713 | sk=SSL_get_ciphers(con); | 2726 | sk=SSL_get_ciphers(con); | |
2714 | j=sk_SSL_CIPHER_num(sk); | 2727 | j=sk_SSL_CIPHER_num(sk); | |
2715 | for (i=0; i<j; i++) | 2728 | for (i=0; i<j; i++) | |
2716 | { | 2729 | { | |
2717 | c=sk_SSL_CIPHER_value(sk,i); | 2730 | c=sk_SSL_CIPHER_value(sk,i); | |
2718 | BIO_printf(io,"%-11s:%-25s", | 2731 | BIO_printf(io,"%-11s:%-25s", | |
2719 | SSL_CIPHER_get_version(c), | 2732 | SSL_CIPHER_get_version(c), | |
2720 | SSL_CIPHER_get_name(c)); | 2733 | SSL_CIPHER_get_name(c)); | |
2721 | if ((((i+1)%2) == 0) && (i+1 != j)) | 2734 | if ((((i+1)%2) == 0) && (i+1 != j)) | |
2722 | BIO_puts(io,"\n"); | 2735 | BIO_puts(io,"\n"); |
--- src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c 2012/07/27 18:10:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c 2013/02/05 21:31:24 1.3
@@ -494,27 +494,27 @@ void CRYPTO_THREADID_current(CRYPTO_THRE | @@ -494,27 +494,27 @@ void CRYPTO_THREADID_current(CRYPTO_THRE | |||
494 | CRYPTO_THREADID_set_numeric(id, id_callback()); | 494 | CRYPTO_THREADID_set_numeric(id, id_callback()); | |
495 | return; | 495 | return; | |
496 | } | 496 | } | |
497 | #endif | 497 | #endif | |
498 | /* Else pick a backup */ | 498 | /* Else pick a backup */ | |
499 | #ifdef OPENSSL_SYS_WIN16 | 499 | #ifdef OPENSSL_SYS_WIN16 | |
500 | CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); | 500 | CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); | |
501 | #elif defined(OPENSSL_SYS_WIN32) | 501 | #elif defined(OPENSSL_SYS_WIN32) | |
502 | CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); | 502 | CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); | |
503 | #elif defined(OPENSSL_SYS_BEOS) | 503 | #elif defined(OPENSSL_SYS_BEOS) | |
504 | CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); | 504 | CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); | |
505 | #else | 505 | #else | |
506 | /* For everything else, default to using the address of 'errno' */ | 506 | /* For everything else, default to using the address of 'errno' */ | |
507 | CRYPTO_THREADID_set_pointer(id, &errno); | 507 | CRYPTO_THREADID_set_pointer(id, (void*)&errno); | |
508 | #endif | 508 | #endif | |
509 | } | 509 | } | |
510 | 510 | |||
511 | int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) | 511 | int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) | |
512 | { | 512 | { | |
513 | return memcmp(a, b, sizeof(*a)); | 513 | return memcmp(a, b, sizeof(*a)); | |
514 | } | 514 | } | |
515 | 515 | |||
516 | void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) | 516 | void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) | |
517 | { | 517 | { | |
518 | memcpy(dest, src, sizeof(*src)); | 518 | memcpy(dest, src, sizeof(*src)); | |
519 | } | 519 | } | |
520 | 520 | |||
@@ -694,26 +694,27 @@ void OPENSSL_cpuid_setup(void) | @@ -694,26 +694,27 @@ void OPENSSL_cpuid_setup(void) | |||
694 | 694 | |||
695 | trigger=1; | 695 | trigger=1; | |
696 | if ((env=getenv("OPENSSL_ia32cap"))) { | 696 | if ((env=getenv("OPENSSL_ia32cap"))) { | |
697 | int off = (env[0]=='~')?1:0; | 697 | int off = (env[0]=='~')?1:0; | |
698 | #if defined(_WIN32) | 698 | #if defined(_WIN32) | |
699 | if (!sscanf(env+off,"%I64i",&vec)) vec = strtoul(env+off,NULL,0); | 699 | if (!sscanf(env+off,"%I64i",&vec)) vec = strtoul(env+off,NULL,0); | |
700 | #else | 700 | #else | |
701 | if (!sscanf(env+off,"%lli",(long long *)&vec)) vec = strtoul(env+off,NULL,0); | 701 | if (!sscanf(env+off,"%lli",(long long *)&vec)) vec = strtoul(env+off,NULL,0); | |
702 | #endif | 702 | #endif | |
703 | if (off) vec = OPENSSL_ia32_cpuid()&~vec; | 703 | if (off) vec = OPENSSL_ia32_cpuid()&~vec; | |
704 | } | 704 | } | |
705 | else | 705 | else | |
706 | vec = OPENSSL_ia32_cpuid(); | 706 | vec = OPENSSL_ia32_cpuid(); | |
707 | ||||
707 | /* | 708 | /* | |
708 | * |(1<<10) sets a reserved bit to signal that variable | 709 | * |(1<<10) sets a reserved bit to signal that variable | |
709 | * was initialized already... This is to avoid interference | 710 | * was initialized already... This is to avoid interference | |
710 | * with cpuid snippets in ELF .init segment. | 711 | * with cpuid snippets in ELF .init segment. | |
711 | */ | 712 | */ | |
712 | OPENSSL_ia32cap_P[0] = (unsigned int)vec|(1<<10); | 713 | OPENSSL_ia32cap_P[0] = (unsigned int)vec|(1<<10); | |
713 | OPENSSL_ia32cap_P[1] = (unsigned int)(vec>>32); | 714 | OPENSSL_ia32cap_P[1] = (unsigned int)(vec>>32); | |
714 | } | 715 | } | |
715 | #endif | 716 | #endif | |
716 | 717 | |||
717 | #else | 718 | #else | |
718 | unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } | 719 | unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } | |
719 | #endif | 720 | #endif | |
@@ -914,13 +915,26 @@ void OpenSSLDie(const char *file,int lin | @@ -914,13 +915,26 @@ void OpenSSLDie(const char *file,int lin | |||
914 | OPENSSL_showfatal( | 915 | OPENSSL_showfatal( | |
915 | "%s(%d): OpenSSL internal error, assertion failed: %s\n", | 916 | "%s(%d): OpenSSL internal error, assertion failed: %s\n", | |
916 | file,line,assertion); | 917 | file,line,assertion); | |
917 | #if !defined(_WIN32) || defined(__CYGWIN__) | 918 | #if !defined(_WIN32) || defined(__CYGWIN__) | |
918 | abort(); | 919 | abort(); | |
919 | #else | 920 | #else | |
920 | /* Win32 abort() customarily shows a dialog, but we just did that... */ | 921 | /* Win32 abort() customarily shows a dialog, but we just did that... */ | |
921 | raise(SIGABRT); | 922 | raise(SIGABRT); | |
922 | _exit(3); | 923 | _exit(3); | |
923 | #endif | 924 | #endif | |
924 | } | 925 | } | |
925 | 926 | |||
926 | void *OPENSSL_stderr(void) { return stderr; } | 927 | void *OPENSSL_stderr(void) { return stderr; } | |
928 | ||||
929 | int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) | |||
930 | { | |||
931 | size_t i; | |||
932 | const unsigned char *a = in_a; | |||
933 | const unsigned char *b = in_b; | |||
934 | unsigned char x = 0; | |||
935 | ||||
936 | for (i = 0; i < len; i++) | |||
937 | x |= a[i] ^ b[i]; | |||
938 | ||||
939 | return x; | |||
940 | } |
--- src/crypto/external/bsd/openssl/dist/crypto/Attic/cryptlib.h 2012/07/26 20:21:20 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/Attic/cryptlib.h 2013/02/05 21:31:24 1.3
@@ -90,22 +90,22 @@ extern "C" { | @@ -90,22 +90,22 @@ extern "C" { | |||
90 | #define X509_CERT_FILE "SSLCERTS:cert.pem" | 90 | #define X509_CERT_FILE "SSLCERTS:cert.pem" | |
91 | #define X509_PRIVATE_DIR "SSLPRIVATE:" | 91 | #define X509_PRIVATE_DIR "SSLPRIVATE:" | |
92 | #endif | 92 | #endif | |
93 | 93 | |||
94 | #define X509_CERT_DIR_EVP "SSL_CERT_DIR" | 94 | #define X509_CERT_DIR_EVP "SSL_CERT_DIR" | |
95 | #define X509_CERT_FILE_EVP "SSL_CERT_FILE" | 95 | #define X509_CERT_FILE_EVP "SSL_CERT_FILE" | |
96 | 96 | |||
97 | /* size of string representations */ | 97 | /* size of string representations */ | |
98 | #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) | 98 | #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) | |
99 | #define HEX_SIZE(type) (sizeof(type)*2) | 99 | #define HEX_SIZE(type) (sizeof(type)*2) | |
100 | 100 | |||
101 | void OPENSSL_cpuid_setup(void); | 101 | void OPENSSL_cpuid_setup(void); | |
102 | extern unsigned int OPENSSL_ia32cap_P[2]; | 102 | extern unsigned int OPENSSL_ia32cap_P[2]; | |
103 | void OPENSSL_showfatal(const char *,...); | 103 | void OPENSSL_showfatal(const char *, ...); | |
104 | void *OPENSSL_stderr(void); | 104 | void *OPENSSL_stderr(void); | |
105 | extern int OPENSSL_NONPIC_relocated; | 105 | extern int OPENSSL_NONPIC_relocated; | |
106 | 106 | |||
107 | #ifdef __cplusplus | 107 | #ifdef __cplusplus | |
108 | } | 108 | } | |
109 | #endif | 109 | #endif | |
110 | 110 | |||
111 | #endif | 111 | #endif |
--- src/crypto/external/bsd/openssl/dist/crypto/ppccap.c 2012/07/27 23:01:23 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/ppccap.c 2013/02/05 21:31:24 1.3
@@ -1,18 +1,19 @@ | @@ -1,18 +1,19 @@ | |||
1 | #include <stdio.h> | 1 | #include <stdio.h> | |
2 | #include <stdlib.h> | 2 | #include <stdlib.h> | |
3 | #include <string.h> | 3 | #include <string.h> | |
4 | #include <setjmp.h> | 4 | #include <setjmp.h> | |
5 | #include <signal.h> | 5 | #include <signal.h> | |
6 | #include <unistd.h> | |||
6 | #include <crypto.h> | 7 | #include <crypto.h> | |
7 | #include <openssl/bn.h> | 8 | #include <openssl/bn.h> | |
8 | 9 | |||
9 | #define PPC_FPU64 (1<<0) | 10 | #define PPC_FPU64 (1<<0) | |
10 | #define PPC_ALTIVEC (1<<1) | 11 | #define PPC_ALTIVEC (1<<1) | |
11 | 12 | |||
12 | static int OPENSSL_ppccap_P = 0; | 13 | static int OPENSSL_ppccap_P = 0; | |
13 | 14 | |||
14 | static sigset_t all_masked; | 15 | static sigset_t all_masked; | |
15 | 16 | |||
16 | #ifdef OPENSSL_BN_ASM_MONT | 17 | #ifdef OPENSSL_BN_ASM_MONT | |
17 | int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num) | 18 | int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num) | |
18 | { | 19 | { | |
@@ -43,26 +44,27 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U | @@ -43,26 +44,27 @@ int bn_mul_mont(BN_ULONG *rp, const BN_U | |||
43 | else if ((OPENSSL_ppccap_P&PPC_FPU64)) | 44 | else if ((OPENSSL_ppccap_P&PPC_FPU64)) | |
44 | /* this is a "must" on POWER6, but run-time detection | 45 | /* this is a "must" on POWER6, but run-time detection | |
45 | * is not implemented yet... */ | 46 | * is not implemented yet... */ | |
46 | return bn_mul_mont_fpu64(rp,ap,bp,np,n0,num); | 47 | return bn_mul_mont_fpu64(rp,ap,bp,np,n0,num); | |
47 | 48 | |||
48 | return bn_mul_mont_int(rp,ap,bp,np,n0,num); | 49 | return bn_mul_mont_int(rp,ap,bp,np,n0,num); | |
49 | } | 50 | } | |
50 | #endif | 51 | #endif | |
51 | 52 | |||
52 | static sigjmp_buf ill_jmp; | 53 | static sigjmp_buf ill_jmp; | |
53 | static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } | 54 | static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } | |
54 | 55 | |||
55 | void OPENSSL_ppc64_probe(void); | 56 | void OPENSSL_ppc64_probe(void); | |
57 | void OPENSSL_altivec_probe(void); | |||
56 | 58 | |||
57 | void OPENSSL_cpuid_setup(void) | 59 | void OPENSSL_cpuid_setup(void) | |
58 | { | 60 | { | |
59 | char *e; | 61 | char *e; | |
60 | struct sigaction ill_oact,ill_act; | 62 | struct sigaction ill_oact,ill_act; | |
61 | sigset_t oset; | 63 | sigset_t oset; | |
62 | static int trigger=0; | 64 | static int trigger=0; | |
63 | 65 | |||
64 | if (trigger) return; | 66 | if (trigger) return; | |
65 | trigger=1; | 67 | trigger=1; | |
66 | 68 | |||
67 | sigfillset(&all_masked); | 69 | sigfillset(&all_masked); | |
68 | sigdelset(&all_masked,SIGILL); | 70 | sigdelset(&all_masked,SIGILL); | |
@@ -72,26 +74,35 @@ void OPENSSL_cpuid_setup(void) | @@ -72,26 +74,35 @@ void OPENSSL_cpuid_setup(void) | |||
72 | #endif | 74 | #endif | |
73 | sigdelset(&all_masked,SIGFPE); | 75 | sigdelset(&all_masked,SIGFPE); | |
74 | sigdelset(&all_masked,SIGBUS); | 76 | sigdelset(&all_masked,SIGBUS); | |
75 | sigdelset(&all_masked,SIGSEGV); | 77 | sigdelset(&all_masked,SIGSEGV); | |
76 | 78 | |||
77 | if ((e=getenv("OPENSSL_ppccap")) != NULL) | 79 | if ((e=getenv("OPENSSL_ppccap")) != NULL) | |
78 | { | 80 | { | |
79 | OPENSSL_ppccap_P=strtoul(e,NULL,0); | 81 | OPENSSL_ppccap_P=strtoul(e,NULL,0); | |
80 | return; | 82 | return; | |
81 | } | 83 | } | |
82 | 84 | |||
83 | OPENSSL_ppccap_P = 0; | 85 | OPENSSL_ppccap_P = 0; | |
84 | 86 | |||
87 | #if defined(_AIX) | |||
88 | if (sizeof(size_t)==4 | |||
89 | # if defined(_SC_AIX_KERNEL_BITMODE) | |||
90 | && sysconf(_SC_AIX_KERNEL_BITMODE)!=64 | |||
91 | # endif | |||
92 | ) | |||
93 | return; | |||
94 | #endif | |||
95 | ||||
85 | memset(&ill_act,0,sizeof(ill_act)); | 96 | memset(&ill_act,0,sizeof(ill_act)); | |
86 | ill_act.sa_handler = ill_handler; | 97 | ill_act.sa_handler = ill_handler; | |
87 | ill_act.sa_mask = all_masked; | 98 | ill_act.sa_mask = all_masked; | |
88 | 99 | |||
89 | sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset); | 100 | sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset); | |
90 | sigaction(SIGILL,&ill_act,&ill_oact); | 101 | sigaction(SIGILL,&ill_act,&ill_oact); | |
91 | 102 | |||
92 | if (sizeof(size_t)==4) | 103 | if (sizeof(size_t)==4) | |
93 | { | 104 | { | |
94 | if (sigsetjmp(ill_jmp,1) == 0) | 105 | if (sigsetjmp(ill_jmp,1) == 0) | |
95 | { | 106 | { | |
96 | OPENSSL_ppc64_probe(); | 107 | OPENSSL_ppc64_probe(); | |
97 | OPENSSL_ppccap_P |= PPC_FPU64; | 108 | OPENSSL_ppccap_P |= PPC_FPU64; |
--- src/crypto/external/bsd/openssl/dist/crypto/Attic/crypto.h 2011/06/05 23:09:44 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/Attic/crypto.h 2013/02/05 21:31:24 1.4
@@ -478,30 +478,30 @@ void CRYPTO_get_mem_functions(void *(**m | @@ -478,30 +478,30 @@ void CRYPTO_get_mem_functions(void *(**m | |||
478 | void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); | 478 | void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); | |
479 | void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), | 479 | void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), | |
480 | void *(**r)(void *, size_t,const char *,int), | 480 | void *(**r)(void *, size_t,const char *,int), | |
481 | void (**f)(void *)); | 481 | void (**f)(void *)); | |
482 | void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), | 482 | void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), | |
483 | void (**f)(void *)); | 483 | void (**f)(void *)); | |
484 | void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), | 484 | void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), | |
485 | void (**r)(void *,void *,int,const char *,int,int), | 485 | void (**r)(void *,void *,int,const char *,int,int), | |
486 | void (**f)(void *,int), | 486 | void (**f)(void *,int), | |
487 | void (**so)(long), | 487 | void (**so)(long), | |
488 | long (**go)(void)); | 488 | long (**go)(void)); | |
489 | 489 | |||
490 | void *CRYPTO_malloc_locked(int num, const char *file, int line); | 490 | void *CRYPTO_malloc_locked(int num, const char *file, int line); | |
491 | void CRYPTO_free_locked(void *); | 491 | void CRYPTO_free_locked(void *ptr); | |
492 | void *CRYPTO_malloc(int num, const char *file, int line); | 492 | void *CRYPTO_malloc(int num, const char *file, int line); | |
493 | char *CRYPTO_strdup(const char *str, const char *file, int line); | 493 | char *CRYPTO_strdup(const char *str, const char *file, int line); | |
494 | void CRYPTO_free(void *); | 494 | void CRYPTO_free(void *ptr); | |
495 | void *CRYPTO_realloc(void *addr,int num, const char *file, int line); | 495 | void *CRYPTO_realloc(void *addr,int num, const char *file, int line); | |
496 | void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, | 496 | void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, | |
497 | int line); | 497 | int line); | |
498 | void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); | 498 | void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); | |
499 | 499 | |||
500 | void OPENSSL_cleanse(void *ptr, size_t len); | 500 | void OPENSSL_cleanse(void *ptr, size_t len); | |
501 | 501 | |||
502 | void CRYPTO_set_mem_debug_options(long bits); | 502 | void CRYPTO_set_mem_debug_options(long bits); | |
503 | long CRYPTO_get_mem_debug_options(void); | 503 | long CRYPTO_get_mem_debug_options(void); | |
504 | 504 | |||
505 | #define CRYPTO_push_info(info) \ | 505 | #define CRYPTO_push_info(info) \ | |
506 | CRYPTO_push_info_(info, __FILE__, __LINE__); | 506 | CRYPTO_push_info_(info, __FILE__, __LINE__); | |
507 | int CRYPTO_push_info_(const char *info, const char *file, int line); | 507 | int CRYPTO_push_info_(const char *info, const char *file, int line); | |
@@ -564,26 +564,33 @@ void OPENSSL_init(void); | @@ -564,26 +564,33 @@ void OPENSSL_init(void); | |||
564 | } \ | 564 | } \ | |
565 | int private_##alg##_Init(cx##_CTX *c) | 565 | int private_##alg##_Init(cx##_CTX *c) | |
566 | 566 | |||
567 | #define fips_cipher_abort(alg) \ | 567 | #define fips_cipher_abort(alg) \ | |
568 | if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ | 568 | if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ | |
569 | "Low level API call to cipher " #alg " forbidden in FIPS mode!") | 569 | "Low level API call to cipher " #alg " forbidden in FIPS mode!") | |
570 | 570 | |||
571 | #else | 571 | #else | |
572 | #define fips_md_init_ctx(alg, cx) \ | 572 | #define fips_md_init_ctx(alg, cx) \ | |
573 | int alg##_Init(cx##_CTX *c) | 573 | int alg##_Init(cx##_CTX *c) | |
574 | #define fips_cipher_abort(alg) while(0) | 574 | #define fips_cipher_abort(alg) while(0) | |
575 | #endif | 575 | #endif | |
576 | 576 | |||
577 | /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It | |||
578 | * takes an amount of time dependent on |len|, but independent of the contents | |||
579 | * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a | |||
580 | * defined order as the return value when a != b is undefined, other than to be | |||
581 | * non-zero. */ | |||
582 | int CRYPTO_memcmp(const void *a, const void *b, size_t len); | |||
583 | ||||
577 | /* BEGIN ERROR CODES */ | 584 | /* BEGIN ERROR CODES */ | |
578 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 585 | /* The following lines are auto generated by the script mkerr.pl. Any changes | |
579 | * made after this point may be overwritten when the script is next run. | 586 | * made after this point may be overwritten when the script is next run. | |
580 | */ | 587 | */ | |
581 | void ERR_load_CRYPTO_strings(void); | 588 | void ERR_load_CRYPTO_strings(void); | |
582 | 589 | |||
583 | /* Error codes for the CRYPTO functions. */ | 590 | /* Error codes for the CRYPTO functions. */ | |
584 | 591 | |||
585 | /* Function codes. */ | 592 | /* Function codes. */ | |
586 | #define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 | 593 | #define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 | |
587 | #define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 | 594 | #define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 | |
588 | #define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 | 595 | #define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 | |
589 | #define CRYPTO_F_CRYPTO_SET_EX_DATA 102 | 596 | #define CRYPTO_F_CRYPTO_SET_EX_DATA 102 |
--- src/crypto/external/bsd/openssl/dist/crypto/mem.c 2012/07/26 19:58:37 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/mem.c 2013/02/05 21:31:24 1.4
@@ -111,30 +111,30 @@ static void (*free_debug_func)(void *,in | @@ -111,30 +111,30 @@ static void (*free_debug_func)(void *,in | |||
111 | static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; | 111 | static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; | |
112 | static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; | 112 | static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; | |
113 | #else | 113 | #else | |
114 | /* applications can use CRYPTO_malloc_debug_init() to select above case | 114 | /* applications can use CRYPTO_malloc_debug_init() to select above case | |
115 | * at run-time */ | 115 | * at run-time */ | |
116 | static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL; | 116 | static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL; | |
117 | static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) | 117 | static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) | |
118 | = NULL; | 118 | = NULL; | |
119 | static void (*free_debug_func)(void *,int) = NULL; | 119 | static void (*free_debug_func)(void *,int) = NULL; | |
120 | static void (*set_debug_options_func)(long) = NULL; | 120 | static void (*set_debug_options_func)(long) = NULL; | |
121 | static long (*get_debug_options_func)(void) = NULL; | 121 | static long (*get_debug_options_func)(void) = NULL; | |
122 | #endif | 122 | #endif | |
123 | 123 | |||
124 | ||||
125 | int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), | 124 | int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), | |
126 | void (*f)(void *)) | 125 | void (*f)(void *)) | |
127 | { | 126 | { | |
127 | /* Dummy call just to ensure OPENSSL_init() gets linked in */ | |||
128 | OPENSSL_init(); | 128 | OPENSSL_init(); | |
129 | if (!allow_customize) | 129 | if (!allow_customize) | |
130 | return 0; | 130 | return 0; | |
131 | if ((m == 0) || (r == 0) || (f == 0)) | 131 | if ((m == 0) || (r == 0) || (f == 0)) | |
132 | return 0; | 132 | return 0; | |
133 | malloc_func=m; malloc_ex_func=default_malloc_ex; | 133 | malloc_func=m; malloc_ex_func=default_malloc_ex; | |
134 | realloc_func=r; realloc_ex_func=default_realloc_ex; | 134 | realloc_func=r; realloc_ex_func=default_realloc_ex; | |
135 | free_func=f; | 135 | free_func=f; | |
136 | malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; | 136 | malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; | |
137 | free_locked_func=f; | 137 | free_locked_func=f; | |
138 | return 1; | 138 | return 1; | |
139 | } | 139 | } | |
140 | 140 |
--- src/crypto/external/bsd/openssl/dist/crypto/Attic/opensslv.h 2012/07/26 19:58:37 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/Attic/opensslv.h 2013/02/05 21:31:24 1.5
@@ -15,31 +15,31 @@ | @@ -15,31 +15,31 @@ | |||
15 | * 0.9.4 0x0090400f | 15 | * 0.9.4 0x0090400f | |
16 | * 1.2.3z 0x102031af | 16 | * 1.2.3z 0x102031af | |
17 | * | 17 | * | |
18 | * For continuity reasons (because 0.9.5 is already out, and is coded | 18 | * For continuity reasons (because 0.9.5 is already out, and is coded | |
19 | * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level | 19 | * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level | |
20 | * part is slightly different, by setting the highest bit. This means | 20 | * part is slightly different, by setting the highest bit. This means | |
21 | * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start | 21 | * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start | |
22 | * with 0x0090600S... | 22 | * with 0x0090600S... | |
23 | * | 23 | * | |
24 | * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) | 24 | * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) | |
25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | |
26 | * major minor fix final patch/beta) | 26 | * major minor fix final patch/beta) | |
27 | */ | 27 | */ | |
28 | #define OPENSSL_VERSION_NUMBER 0x1000103fL | 28 | #define OPENSSL_VERSION_NUMBER 0x1000104fL | |
29 | #ifdef OPENSSL_FIPS | 29 | #ifdef OPENSSL_FIPS | |
30 | #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012" | 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d-fips 5 Feb 2013" | |
31 | #else | 31 | #else | |
32 | #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012" | 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1d 5 Feb 2013" | |
33 | #endif | 33 | #endif | |
34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | |
35 | 35 | |||
36 | 36 | |||
37 | /* The macros below are to be used for shared library (.so, .dll, ...) | 37 | /* The macros below are to be used for shared library (.so, .dll, ...) | |
38 | * versioning. That kind of versioning works a bit differently between | 38 | * versioning. That kind of versioning works a bit differently between | |
39 | * operating systems. The most usual scheme is to set a major and a minor | 39 | * operating systems. The most usual scheme is to set a major and a minor | |
40 | * number, and have the runtime loader check that the major number is equal | 40 | * number, and have the runtime loader check that the major number is equal | |
41 | * to what it was at application link time, while the minor number has to | 41 | * to what it was at application link time, while the minor number has to | |
42 | * be greater or equal to what it was at application link time. With this | 42 | * be greater or equal to what it was at application link time. With this | |
43 | * scheme, the version number is usually part of the file name, like this: | 43 | * scheme, the version number is usually part of the file name, like this: | |
44 | * | 44 | * | |
45 | * libcrypto.so.0.9 | 45 | * libcrypto.so.0.9 |
--- src/crypto/external/bsd/openssl/dist/crypto/ec/Attic/ectest.c 2012/07/26 19:58:38 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/Attic/ectest.c 2013/02/05 21:31:25 1.4
@@ -226,27 +226,27 @@ static void group_order_tests(EC_GROUP * | @@ -226,27 +226,27 @@ static void group_order_tests(EC_GROUP * | |||
226 | if (!BN_mul(n2, n1, n2, ctx)) ABORT; | 226 | if (!BN_mul(n2, n1, n2, ctx)) ABORT; | |
227 | if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; | 227 | if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT; | |
228 | if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; | 228 | if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT; | |
229 | fprintf(stdout, "ok\n"); | 229 | fprintf(stdout, "ok\n"); | |
230 | EC_POINT_free(P); | 230 | EC_POINT_free(P); | |
231 | EC_POINT_free(Q); | 231 | EC_POINT_free(Q); | |
232 | BN_free(n1); | 232 | BN_free(n1); | |
233 | BN_free(n2); | 233 | BN_free(n2); | |
234 | BN_free(order); | 234 | BN_free(order); | |
235 | BN_CTX_free(ctx); | 235 | BN_CTX_free(ctx); | |
236 | } | 236 | } | |
237 | 237 | |||
238 | static void prime_field_tests(void) | 238 | static void prime_field_tests(void) | |
239 | { | 239 | { | |
240 | BN_CTX *ctx = NULL; | 240 | BN_CTX *ctx = NULL; | |
241 | BIGNUM *p, *a, *b; | 241 | BIGNUM *p, *a, *b; | |
242 | EC_GROUP *group; | 242 | EC_GROUP *group; | |
243 | EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; | 243 | EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; | |
244 | EC_POINT *P, *Q, *R; | 244 | EC_POINT *P, *Q, *R; | |
245 | BIGNUM *x, *y, *z; | 245 | BIGNUM *x, *y, *z; | |
246 | unsigned char buf[100]; | 246 | unsigned char buf[100]; | |
247 | size_t i, len; | 247 | size_t i, len; | |
248 | int k; | 248 | int k; | |
249 | 249 | |||
250 | #if 1 /* optional */ | 250 | #if 1 /* optional */ | |
251 | ctx = BN_CTX_new(); | 251 | ctx = BN_CTX_new(); | |
252 | if (!ctx) ABORT; | 252 | if (!ctx) ABORT; |
--- src/crypto/external/bsd/openssl/dist/crypto/evp/Attic/m_sha1.c 2011/06/05 23:09:46 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/Attic/m_sha1.c 2013/02/05 21:31:25 1.5
@@ -55,27 +55,27 @@ | @@ -55,27 +55,27 @@ | |||
55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] | |
57 | */ | 57 | */ | |
58 | 58 | |||
59 | #include <stdio.h> | 59 | #include <stdio.h> | |
60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" | |
61 | 61 | |||
62 | #ifndef OPENSSL_FIPS | 62 | #ifndef OPENSSL_FIPS | |
63 | 63 | |||
64 | #ifndef OPENSSL_NO_SHA | 64 | #ifndef OPENSSL_NO_SHA | |
65 | 65 | |||
66 | #include <openssl/evp.h> | 66 | #include <openssl/evp.h> | |
67 | #include <openssl/objects.h> | 67 | #include <openssl/objects.h> | |
68 | #include <openssl/x509.h> | 68 | #include <openssl/sha.h> | |
69 | #ifndef OPENSSL_NO_RSA | 69 | #ifndef OPENSSL_NO_RSA | |
70 | #include <openssl/rsa.h> | 70 | #include <openssl/rsa.h> | |
71 | #endif | 71 | #endif | |
72 | 72 | |||
73 | 73 | |||
74 | static int init(EVP_MD_CTX *ctx) | 74 | static int init(EVP_MD_CTX *ctx) | |
75 | { return SHA1_Init(ctx->md_data); } | 75 | { return SHA1_Init(ctx->md_data); } | |
76 | 76 | |||
77 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) | 77 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) | |
78 | { return SHA1_Update(ctx->md_data,data,count); } | 78 | { return SHA1_Update(ctx->md_data,data,count); } | |
79 | 79 | |||
80 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 80 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | |
81 | { return SHA1_Final(md,ctx->md_data); } | 81 | { return SHA1_Final(md,ctx->md_data); } |
--- src/crypto/external/bsd/openssl/dist/crypto/md4/md4_dgst.c 2011/06/05 23:09:47 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/md4/md4_dgst.c 2013/02/05 21:31:25 1.4
@@ -96,42 +96,43 @@ void md4_block_data_order (MD4_CTX *c, c | @@ -96,42 +96,43 @@ void md4_block_data_order (MD4_CTX *c, c | |||
96 | # define X(i) XX##i | 96 | # define X(i) XX##i | |
97 | #else | 97 | #else | |
98 | MD4_LONG XX[MD4_LBLOCK]; | 98 | MD4_LONG XX[MD4_LBLOCK]; | |
99 | # define X(i) XX[i] | 99 | # define X(i) XX[i] | |
100 | #endif | 100 | #endif | |
101 | 101 | |||
102 | A=c->A; | 102 | A=c->A; | |
103 | B=c->B; | 103 | B=c->B; | |
104 | C=c->C; | 104 | C=c->C; | |
105 | D=c->D; | 105 | D=c->D; | |
106 | 106 | |||
107 | for (;num--;) | 107 | for (;num--;) | |
108 | { | 108 | { | |
109 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; | 109 | (void)HOST_c2l(data,l); X( 0)=l; | |
110 | (void)HOST_c2l(data,l); X( 1)=l; | |||
110 | /* Round 0 */ | 111 | /* Round 0 */ | |
111 | R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l; | 112 | R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l; | |
112 | R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l; | 113 | R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l; | |
113 | R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l; | 114 | R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l; | |
114 | R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l; | 115 | R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l; | |
115 | R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l; | 116 | R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l; | |
116 | R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l; | 117 | R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l; | |
117 | R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l; | 118 | R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l; | |
118 | R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l; | 119 | R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l; | |
119 | R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l; | 120 | R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l; | |
120 | R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l; | 121 | R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l; | |
121 | R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l; | 122 | R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l; | |
122 | R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l; | 123 | R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l; | |
123 | R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l; | 124 | R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l; | |
124 | R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l; | 125 | R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l; | |
125 | R0(C,D,A,B,X(14),11,0); | 126 | R0(C,D,A,B,X(14),11,0); | |
126 | R0(B,C,D,A,X(15),19,0); | 127 | R0(B,C,D,A,X(15),19,0); | |
127 | /* Round 1 */ | 128 | /* Round 1 */ | |
128 | R1(A,B,C,D,X( 0), 3,0x5A827999L); | 129 | R1(A,B,C,D,X( 0), 3,0x5A827999L); | |
129 | R1(D,A,B,C,X( 4), 5,0x5A827999L); | 130 | R1(D,A,B,C,X( 4), 5,0x5A827999L); | |
130 | R1(C,D,A,B,X( 8), 9,0x5A827999L); | 131 | R1(C,D,A,B,X( 8), 9,0x5A827999L); | |
131 | R1(B,C,D,A,X(12),13,0x5A827999L); | 132 | R1(B,C,D,A,X(12),13,0x5A827999L); | |
132 | R1(A,B,C,D,X( 1), 3,0x5A827999L); | 133 | R1(A,B,C,D,X( 1), 3,0x5A827999L); | |
133 | R1(D,A,B,C,X( 5), 5,0x5A827999L); | 134 | R1(D,A,B,C,X( 5), 5,0x5A827999L); | |
134 | R1(C,D,A,B,X( 9), 9,0x5A827999L); | 135 | R1(C,D,A,B,X( 9), 9,0x5A827999L); | |
135 | R1(B,C,D,A,X(13),13,0x5A827999L); | 136 | R1(B,C,D,A,X(13),13,0x5A827999L); | |
136 | R1(A,B,C,D,X( 2), 3,0x5A827999L); | 137 | R1(A,B,C,D,X( 2), 3,0x5A827999L); | |
137 | R1(D,A,B,C,X( 6), 5,0x5A827999L); | 138 | R1(D,A,B,C,X( 6), 5,0x5A827999L); |
--- src/crypto/external/bsd/openssl/dist/crypto/md5/Attic/md5_locl.h 2009/07/19 23:30:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/md5/Attic/md5_locl.h 2013/02/05 21:31:25 1.3
@@ -75,30 +75,30 @@ | @@ -75,30 +75,30 @@ | |||
75 | 75 | |||
76 | void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); | 76 | void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); | |
77 | 77 | |||
78 | #define DATA_ORDER_IS_LITTLE_ENDIAN | 78 | #define DATA_ORDER_IS_LITTLE_ENDIAN | |
79 | 79 | |||
80 | #define HASH_LONG MD5_LONG | 80 | #define HASH_LONG MD5_LONG | |
81 | #define HASH_CTX MD5_CTX | 81 | #define HASH_CTX MD5_CTX | |
82 | #define HASH_CBLOCK MD5_CBLOCK | 82 | #define HASH_CBLOCK MD5_CBLOCK | |
83 | #define HASH_UPDATE MD5_Update | 83 | #define HASH_UPDATE MD5_Update | |
84 | #define HASH_TRANSFORM MD5_Transform | 84 | #define HASH_TRANSFORM MD5_Transform | |
85 | #define HASH_FINAL MD5_Final | 85 | #define HASH_FINAL MD5_Final | |
86 | #define HASH_MAKE_STRING(c,s) do { \ | 86 | #define HASH_MAKE_STRING(c,s) do { \ | |
87 | unsigned long ll; \ | 87 | unsigned long ll; \ | |
88 | ll=(c)->A; HOST_l2c(ll,(s)); \ | 88 | ll=(c)->A; (void)HOST_l2c(ll,(s)); \ | |
89 | ll=(c)->B; HOST_l2c(ll,(s)); \ | 89 | ll=(c)->B; (void)HOST_l2c(ll,(s)); \ | |
90 | ll=(c)->C; HOST_l2c(ll,(s)); \ | 90 | ll=(c)->C; (void)HOST_l2c(ll,(s)); \ | |
91 | ll=(c)->D; HOST_l2c(ll,(s)); \ | 91 | ll=(c)->D; (void)HOST_l2c(ll,(s)); \ | |
92 | } while (0) | 92 | } while (0) | |
93 | #define HASH_BLOCK_DATA_ORDER md5_block_data_order | 93 | #define HASH_BLOCK_DATA_ORDER md5_block_data_order | |
94 | 94 | |||
95 | #include "md32_common.h" | 95 | #include "md32_common.h" | |
96 | 96 | |||
97 | /* | 97 | /* | |
98 | #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) | 98 | #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) | |
99 | #define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) | 99 | #define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) | |
100 | */ | 100 | */ | |
101 | 101 | |||
102 | /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be | 102 | /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be | |
103 | * simplified to the code below. Wei attributes these optimizations | 103 | * simplified to the code below. Wei attributes these optimizations | |
104 | * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. | 104 | * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. |
--- src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c 2009/07/19 23:30:40 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c 2013/02/05 21:31:25 1.3
@@ -63,27 +63,27 @@ int OBJ_NAME_new_index(unsigned long (*h | @@ -63,27 +63,27 @@ int OBJ_NAME_new_index(unsigned long (*h | |||
63 | int (*cmp_func)(const char *, const char *), | 63 | int (*cmp_func)(const char *, const char *), | |
64 | void (*free_func)(const char *, int, const char *)) | 64 | void (*free_func)(const char *, int, const char *)) | |
65 | { | 65 | { | |
66 | int ret; | 66 | int ret; | |
67 | int i; | 67 | int i; | |
68 | NAME_FUNCS *name_funcs; | 68 | NAME_FUNCS *name_funcs; | |
69 | 69 | |||
70 | if (name_funcs_stack == NULL) | 70 | if (name_funcs_stack == NULL) | |
71 | { | 71 | { | |
72 | MemCheck_off(); | 72 | MemCheck_off(); | |
73 | name_funcs_stack=sk_NAME_FUNCS_new_null(); | 73 | name_funcs_stack=sk_NAME_FUNCS_new_null(); | |
74 | MemCheck_on(); | 74 | MemCheck_on(); | |
75 | } | 75 | } | |
76 | if ((name_funcs_stack == NULL)) | 76 | if (name_funcs_stack == NULL) | |
77 | { | 77 | { | |
78 | /* ERROR */ | 78 | /* ERROR */ | |
79 | return(0); | 79 | return(0); | |
80 | } | 80 | } | |
81 | ret=names_type_num; | 81 | ret=names_type_num; | |
82 | names_type_num++; | 82 | names_type_num++; | |
83 | for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++) | 83 | for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++) | |
84 | { | 84 | { | |
85 | MemCheck_off(); | 85 | MemCheck_off(); | |
86 | name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); | 86 | name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); | |
87 | MemCheck_on(); | 87 | MemCheck_on(); | |
88 | if (!name_funcs) | 88 | if (!name_funcs) | |
89 | { | 89 | { |
--- src/crypto/external/bsd/openssl/dist/crypto/rand/Attic/md_rand.c 2012/03/07 10:17:47 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/Attic/md_rand.c 2013/02/05 21:31:25 1.4
@@ -113,30 +113,30 @@ | @@ -113,30 +113,30 @@ | |||
113 | 113 | |||
114 | #ifdef MD_RAND_DEBUG | 114 | #ifdef MD_RAND_DEBUG | |
115 | # ifndef NDEBUG | 115 | # ifndef NDEBUG | |
116 | # define NDEBUG | 116 | # define NDEBUG | |
117 | # endif | 117 | # endif | |
118 | #endif | 118 | #endif | |
119 | 119 | |||
120 | #include <assert.h> | 120 | #include <assert.h> | |
121 | #include <stdio.h> | 121 | #include <stdio.h> | |
122 | #include <string.h> | 122 | #include <string.h> | |
123 | 123 | |||
124 | #include "e_os.h" | 124 | #include "e_os.h" | |
125 | 125 | |||
126 | #include <openssl/crypto.h> | |||
126 | #include <openssl/rand.h> | 127 | #include <openssl/rand.h> | |
127 | #include "rand_lcl.h" | 128 | #include "rand_lcl.h" | |
128 | 129 | |||
129 | #include <openssl/crypto.h> | |||
130 | #include <openssl/err.h> | 130 | #include <openssl/err.h> | |
131 | 131 | |||
132 | #ifdef BN_DEBUG | 132 | #ifdef BN_DEBUG | |
133 | # define PREDICT | 133 | # define PREDICT | |
134 | #endif | 134 | #endif | |
135 | 135 | |||
136 | /* #define PREDICT 1 */ | 136 | /* #define PREDICT 1 */ | |
137 | 137 | |||
138 | #define STATE_SIZE 1023 | 138 | #define STATE_SIZE 1023 | |
139 | static int state_num=0,state_index=0; | 139 | static int state_num=0,state_index=0; | |
140 | static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; | 140 | static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; | |
141 | static unsigned char md[MD_DIGEST_LENGTH]; | 141 | static unsigned char md[MD_DIGEST_LENGTH]; | |
142 | static long md_count[2]={0,0}; | 142 | static long md_count[2]={0,0}; |
--- src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c 2012/07/26 19:58:38 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c 2013/02/05 21:31:25 1.5
@@ -47,27 +47,29 @@ | @@ -47,27 +47,29 @@ | |||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. | |
52 | * | 52 | * | |
53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] | |
57 | */ | 57 | */ | |
58 | 58 | |||
59 | /* We need to define this to get macros like S_IFBLK and S_IFCHR */ | 59 | /* We need to define this to get macros like S_IFBLK and S_IFCHR */ | |
60 | #if !defined(OPENSSL_SYS_VXWORKS) | |||
60 | #define _XOPEN_SOURCE 500 | 61 | #define _XOPEN_SOURCE 500 | |
62 | #endif | |||
61 | 63 | |||
62 | #include <errno.h> | 64 | #include <errno.h> | |
63 | #include <stdio.h> | 65 | #include <stdio.h> | |
64 | #include <stdlib.h> | 66 | #include <stdlib.h> | |
65 | #include <string.h> | 67 | #include <string.h> | |
66 | 68 | |||
67 | #include "e_os.h" | 69 | #include "e_os.h" | |
68 | #include <openssl/crypto.h> | 70 | #include <openssl/crypto.h> | |
69 | #include <openssl/rand.h> | 71 | #include <openssl/rand.h> | |
70 | #include <openssl/buffer.h> | 72 | #include <openssl/buffer.h> | |
71 | 73 | |||
72 | #ifdef OPENSSL_SYS_VMS | 74 | #ifdef OPENSSL_SYS_VMS | |
73 | #include <unixio.h> | 75 | #include <unixio.h> |
--- src/crypto/external/bsd/openssl/dist/crypto/ripemd/rmd_dgst.c 2011/06/05 23:09:47 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/ripemd/rmd_dgst.c 2013/02/05 21:31:25 1.4
@@ -95,41 +95,41 @@ void ripemd160_block_data_order (RIPEMD1 | @@ -95,41 +95,41 @@ void ripemd160_block_data_order (RIPEMD1 | |||
95 | MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | 95 | MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | |
96 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; | 96 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; | |
97 | # define X(i) XX##i | 97 | # define X(i) XX##i | |
98 | #else | 98 | #else | |
99 | RIPEMD160_LONG XX[16]; | 99 | RIPEMD160_LONG XX[16]; | |
100 | # define X(i) XX[i] | 100 | # define X(i) XX[i] | |
101 | #endif | 101 | #endif | |
102 | 102 | |||
103 | for (;num--;) | 103 | for (;num--;) | |
104 | { | 104 | { | |
105 | 105 | |||
106 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; | 106 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; | |
107 | 107 | |||
108 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; | 108 | (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l; | |
109 | RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l; | 109 | RIP1(A,B,C,D,E,WL00,SL00); (void)HOST_c2l(data,l); X( 2)=l; | |
110 | RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l; | 110 | RIP1(E,A,B,C,D,WL01,SL01); (void)HOST_c2l(data,l); X( 3)=l; | |
111 | RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l; | 111 | RIP1(D,E,A,B,C,WL02,SL02); (void)HOST_c2l(data,l); X( 4)=l; | |
112 | RIP1(C,D,E,A,B,WL03,SL03); HOST_c2l(data,l); X( 5)=l; | 112 | RIP1(C,D,E,A,B,WL03,SL03); (void)HOST_c2l(data,l); X( 5)=l; | |
113 | RIP1(B,C,D,E,A,WL04,SL04); HOST_c2l(data,l); X( 6)=l; | 113 | RIP1(B,C,D,E,A,WL04,SL04); (void)HOST_c2l(data,l); X( 6)=l; | |
114 | RIP1(A,B,C,D,E,WL05,SL05); HOST_c2l(data,l); X( 7)=l; | 114 | RIP1(A,B,C,D,E,WL05,SL05); (void)HOST_c2l(data,l); X( 7)=l; | |
115 | RIP1(E,A,B,C,D,WL06,SL06); HOST_c2l(data,l); X( 8)=l; | 115 | RIP1(E,A,B,C,D,WL06,SL06); (void)HOST_c2l(data,l); X( 8)=l; | |
116 | RIP1(D,E,A,B,C,WL07,SL07); HOST_c2l(data,l); X( 9)=l; | 116 | RIP1(D,E,A,B,C,WL07,SL07); (void)HOST_c2l(data,l); X( 9)=l; | |
117 | RIP1(C,D,E,A,B,WL08,SL08); HOST_c2l(data,l); X(10)=l; | 117 | RIP1(C,D,E,A,B,WL08,SL08); (void)HOST_c2l(data,l); X(10)=l; | |
118 | RIP1(B,C,D,E,A,WL09,SL09); HOST_c2l(data,l); X(11)=l; | 118 | RIP1(B,C,D,E,A,WL09,SL09); (void)HOST_c2l(data,l); X(11)=l; | |
119 | RIP1(A,B,C,D,E,WL10,SL10); HOST_c2l(data,l); X(12)=l; | 119 | RIP1(A,B,C,D,E,WL10,SL10); (void)HOST_c2l(data,l); X(12)=l; | |
120 | RIP1(E,A,B,C,D,WL11,SL11); HOST_c2l(data,l); X(13)=l; | 120 | RIP1(E,A,B,C,D,WL11,SL11); (void)HOST_c2l(data,l); X(13)=l; | |
121 | RIP1(D,E,A,B,C,WL12,SL12); HOST_c2l(data,l); X(14)=l; | 121 | RIP1(D,E,A,B,C,WL12,SL12); (void)HOST_c2l(data,l); X(14)=l; | |
122 | RIP1(C,D,E,A,B,WL13,SL13); HOST_c2l(data,l); X(15)=l; | 122 | RIP1(C,D,E,A,B,WL13,SL13); (void)HOST_c2l(data,l); X(15)=l; | |
123 | RIP1(B,C,D,E,A,WL14,SL14); | 123 | RIP1(B,C,D,E,A,WL14,SL14); | |
124 | RIP1(A,B,C,D,E,WL15,SL15); | 124 | RIP1(A,B,C,D,E,WL15,SL15); | |
125 | 125 | |||
126 | RIP2(E,A,B,C,D,WL16,SL16,KL1); | 126 | RIP2(E,A,B,C,D,WL16,SL16,KL1); | |
127 | RIP2(D,E,A,B,C,WL17,SL17,KL1); | 127 | RIP2(D,E,A,B,C,WL17,SL17,KL1); | |
128 | RIP2(C,D,E,A,B,WL18,SL18,KL1); | 128 | RIP2(C,D,E,A,B,WL18,SL18,KL1); | |
129 | RIP2(B,C,D,E,A,WL19,SL19,KL1); | 129 | RIP2(B,C,D,E,A,WL19,SL19,KL1); | |
130 | RIP2(A,B,C,D,E,WL20,SL20,KL1); | 130 | RIP2(A,B,C,D,E,WL20,SL20,KL1); | |
131 | RIP2(E,A,B,C,D,WL21,SL21,KL1); | 131 | RIP2(E,A,B,C,D,WL21,SL21,KL1); | |
132 | RIP2(D,E,A,B,C,WL22,SL22,KL1); | 132 | RIP2(D,E,A,B,C,WL22,SL22,KL1); | |
133 | RIP2(C,D,E,A,B,WL23,SL23,KL1); | 133 | RIP2(C,D,E,A,B,WL23,SL23,KL1); | |
134 | RIP2(B,C,D,E,A,WL24,SL24,KL1); | 134 | RIP2(B,C,D,E,A,WL24,SL24,KL1); | |
135 | RIP2(A,B,C,D,E,WL25,SL25,KL1); | 135 | RIP2(A,B,C,D,E,WL25,SL25,KL1); |
--- src/crypto/external/bsd/openssl/dist/crypto/ripemd/Attic/rmd_locl.h 2009/07/19 23:30:41 1.2
+++ src/crypto/external/bsd/openssl/dist/crypto/ripemd/Attic/rmd_locl.h 2013/02/05 21:31:25 1.3
@@ -77,31 +77,31 @@ | @@ -77,31 +77,31 @@ | |||
77 | 77 | |||
78 | void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); | 78 | void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); | |
79 | 79 | |||
80 | #define DATA_ORDER_IS_LITTLE_ENDIAN | 80 | #define DATA_ORDER_IS_LITTLE_ENDIAN | |
81 | 81 | |||
82 | #define HASH_LONG RIPEMD160_LONG | 82 | #define HASH_LONG RIPEMD160_LONG | |
83 | #define HASH_CTX RIPEMD160_CTX | 83 | #define HASH_CTX RIPEMD160_CTX | |
84 | #define HASH_CBLOCK RIPEMD160_CBLOCK | 84 | #define HASH_CBLOCK RIPEMD160_CBLOCK | |
85 | #define HASH_UPDATE RIPEMD160_Update | 85 | #define HASH_UPDATE RIPEMD160_Update | |
86 | #define HASH_TRANSFORM RIPEMD160_Transform | 86 | #define HASH_TRANSFORM RIPEMD160_Transform | |
87 | #define HASH_FINAL RIPEMD160_Final | 87 | #define HASH_FINAL RIPEMD160_Final | |
88 | #define HASH_MAKE_STRING(c,s) do { \ | 88 | #define HASH_MAKE_STRING(c,s) do { \ | |
89 | unsigned long ll; \ | 89 | unsigned long ll; \ | |
90 | ll=(c)->A; HOST_l2c(ll,(s)); \ | 90 | ll=(c)->A; (void)HOST_l2c(ll,(s)); \ | |
91 | ll=(c)->B; HOST_l2c(ll,(s)); \ | 91 | ll=(c)->B; (void)HOST_l2c(ll,(s)); \ | |
92 | ll=(c)->C; HOST_l2c(ll,(s)); \ | 92 | ll=(c)->C; (void)HOST_l2c(ll,(s)); \ | |
93 | ll=(c)->D; HOST_l2c(ll,(s)); \ | 93 | ll=(c)->D; (void)HOST_l2c(ll,(s)); \ | |
94 | ll=(c)->E; HOST_l2c(ll,(s)); \ | 94 | ll=(c)->E; (void)HOST_l2c(ll,(s)); \ | |
95 | } while (0) | 95 | } while (0) | |
96 | #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order | 96 | #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order | |
97 | 97 | |||
98 | #include "md32_common.h" | 98 | #include "md32_common.h" | |
99 | 99 | |||
100 | #if 0 | 100 | #if 0 | |
101 | #define F1(x,y,z) ((x)^(y)^(z)) | 101 | #define F1(x,y,z) ((x)^(y)^(z)) | |
102 | #define F2(x,y,z) (((x)&(y))|((~x)&z)) | 102 | #define F2(x,y,z) (((x)&(y))|((~x)&z)) | |
103 | #define F3(x,y,z) (((x)|(~y))^(z)) | 103 | #define F3(x,y,z) (((x)|(~y))^(z)) | |
104 | #define F4(x,y,z) (((x)&(z))|((y)&(~(z)))) | 104 | #define F4(x,y,z) (((x)&(z))|((y)&(~(z)))) | |
105 | #define F5(x,y,z) ((x)^((y)|(~(z)))) | 105 | #define F5(x,y,z) ((x)^((y)|(~(z)))) | |
106 | #else | 106 | #else | |
107 | /* | 107 | /* |
--- src/crypto/external/bsd/openssl/dist/crypto/rsa/Attic/rsa_eay.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/rsa/Attic/rsa_eay.c 2013/02/05 21:31:26 1.5
@@ -859,32 +859,32 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c | @@ -859,32 +859,32 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c | |||
859 | if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; | 859 | if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; | |
860 | 860 | |||
861 | /* Turn BN_FLG_CONSTTIME flag on before division operation */ | 861 | /* Turn BN_FLG_CONSTTIME flag on before division operation */ | |
862 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | 862 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | |
863 | { | 863 | { | |
864 | pr1 = &local_r1; | 864 | pr1 = &local_r1; | |
865 | BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); | 865 | BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); | |
866 | } | 866 | } | |
867 | else | 867 | else | |
868 | pr1 = r1; | 868 | pr1 = r1; | |
869 | if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; | 869 | if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; | |
870 | 870 | |||
871 | /* If p < q it is occasionally possible for the correction of | 871 | /* If p < q it is occasionally possible for the correction of | |
872 | * adding 'p' if r0 is negative above to leave the result still | 872 | * adding 'p' if r0 is negative above to leave the result still | |
873 | * negative. This can break the private key operations: the following | 873 | * negative. This can break the private key operations: the following | |
874 | * second correction should *always* correct this rare occurrence. | 874 | * second correction should *always* correct this rare occurrence. | |
875 | * This will *never* happen with OpenSSL generated keys because | 875 | * This will *never* happen with OpenSSL generated keys because | |
876 | * they ensure p > q [steve] | 876 | * they ensure p > q [steve] | |
877 | */ | 877 | */ | |
878 | if (BN_is_negative(r0)) | 878 | if (BN_is_negative(r0)) | |
879 | if (!BN_add(r0,r0,rsa->p)) goto err; | 879 | if (!BN_add(r0,r0,rsa->p)) goto err; | |
880 | if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; | 880 | if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; | |
881 | if (!BN_add(r0,r1,m1)) goto err; | 881 | if (!BN_add(r0,r1,m1)) goto err; | |
882 | 882 | |||
883 | if (rsa->e && rsa->n) | 883 | if (rsa->e && rsa->n) | |
884 | { | 884 | { | |
885 | if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; | 885 | if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; | |
886 | /* If 'I' was greater than (or equal to) rsa->n, the operation | 886 | /* If 'I' was greater than (or equal to) rsa->n, the operation | |
887 | * will be equivalent to using 'I mod n'. However, the result of | 887 | * will be equivalent to using 'I mod n'. However, the result of | |
888 | * the verify will *always* be less than 'n' so we don't check | 888 | * the verify will *always* be less than 'n' so we don't check | |
889 | * for absolute equality, just congruency. */ | 889 | * for absolute equality, just congruency. */ | |
890 | if (!BN_sub(vrfy, vrfy, I)) goto err; | 890 | if (!BN_sub(vrfy, vrfy, I)) goto err; |
--- src/crypto/external/bsd/openssl/dist/crypto/sha/sha256.c 2011/06/05 23:09:48 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/sha/sha256.c 2013/02/05 21:31:26 1.4
@@ -78,37 +78,37 @@ int SHA224_Final (unsigned char *md, SHA | @@ -78,37 +78,37 @@ int SHA224_Final (unsigned char *md, SHA | |||
78 | * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." | 78 | * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." | |
79 | * default: case below covers for it. It's not clear however if it's | 79 | * default: case below covers for it. It's not clear however if it's | |
80 | * permitted to truncate to amount of bytes not divisible by 4. I bet not, | 80 | * permitted to truncate to amount of bytes not divisible by 4. I bet not, | |
81 | * but if it is, then default: case shall be extended. For reference. | 81 | * but if it is, then default: case shall be extended. For reference. | |
82 | * Idea behind separate cases for pre-defined lenghts is to let the | 82 | * Idea behind separate cases for pre-defined lenghts is to let the | |
83 | * compiler decide if it's appropriate to unroll small loops. | 83 | * compiler decide if it's appropriate to unroll small loops. | |
84 | */ | 84 | */ | |
85 | #define HASH_MAKE_STRING(c,s) do { \ | 85 | #define HASH_MAKE_STRING(c,s) do { \ | |
86 | unsigned long ll; \ | 86 | unsigned long ll; \ | |
87 | unsigned int nn; \ | 87 | unsigned int nn; \ | |
88 | switch ((c)->md_len) \ | 88 | switch ((c)->md_len) \ | |
89 | { case SHA224_DIGEST_LENGTH: \ | 89 | { case SHA224_DIGEST_LENGTH: \ | |
90 | for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ | 90 | for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ | |
91 | { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ | 91 | { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ | |
92 | break; \ | 92 | break; \ | |
93 | case SHA256_DIGEST_LENGTH: \ | 93 | case SHA256_DIGEST_LENGTH: \ | |
94 | for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ | 94 | for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ | |
95 | { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ | 95 | { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ | |
96 | break; \ | 96 | break; \ | |
97 | default: \ | 97 | default: \ | |
98 | if ((c)->md_len > SHA256_DIGEST_LENGTH) \ | 98 | if ((c)->md_len > SHA256_DIGEST_LENGTH) \ | |
99 | return 0; \ | 99 | return 0; \ | |
100 | for (nn=0;nn<(c)->md_len/4;nn++) \ | 100 | for (nn=0;nn<(c)->md_len/4;nn++) \ | |
101 | { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ | 101 | { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ | |
102 | break; \ | 102 | break; \ | |
103 | } \ | 103 | } \ | |
104 | } while (0) | 104 | } while (0) | |
105 | 105 | |||
106 | #define HASH_UPDATE SHA256_Update | 106 | #define HASH_UPDATE SHA256_Update | |
107 | #define HASH_TRANSFORM SHA256_Transform | 107 | #define HASH_TRANSFORM SHA256_Transform | |
108 | #define HASH_FINAL SHA256_Final | 108 | #define HASH_FINAL SHA256_Final | |
109 | #define HASH_BLOCK_DATA_ORDER sha256_block_data_order | 109 | #define HASH_BLOCK_DATA_ORDER sha256_block_data_order | |
110 | #ifndef SHA256_ASM | 110 | #ifndef SHA256_ASM | |
111 | static | 111 | static | |
112 | #endif | 112 | #endif | |
113 | void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); | 113 | void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); | |
114 | 114 |
--- src/crypto/external/bsd/openssl/dist/crypto/sha/Attic/sha_locl.h 2011/06/05 23:09:48 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/sha/Attic/sha_locl.h 2013/02/05 21:31:26 1.4
@@ -59,31 +59,31 @@ | @@ -59,31 +59,31 @@ | |||
59 | #include <stdlib.h> | 59 | #include <stdlib.h> | |
60 | #include <string.h> | 60 | #include <string.h> | |
61 | 61 | |||
62 | #include <openssl/opensslconf.h> | 62 | #include <openssl/opensslconf.h> | |
63 | #include <openssl/sha.h> | 63 | #include <openssl/sha.h> | |
64 | 64 | |||
65 | #define DATA_ORDER_IS_BIG_ENDIAN | 65 | #define DATA_ORDER_IS_BIG_ENDIAN | |
66 | 66 | |||
67 | #define HASH_LONG SHA_LONG | 67 | #define HASH_LONG SHA_LONG | |
68 | #define HASH_CTX SHA_CTX | 68 | #define HASH_CTX SHA_CTX | |
69 | #define HASH_CBLOCK SHA_CBLOCK | 69 | #define HASH_CBLOCK SHA_CBLOCK | |
70 | #define HASH_MAKE_STRING(c,s) do { \ | 70 | #define HASH_MAKE_STRING(c,s) do { \ | |
71 | SHA_LONG ll; \ | 71 | SHA_LONG ll; \ | |
72 | ll=(c)->h0; HOST_l2c(ll,(s)); \ | 72 | ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ | |
73 | ll=(c)->h1; HOST_l2c(ll,(s)); \ | 73 | ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ | |
74 | ll=(c)->h2; HOST_l2c(ll,(s)); \ | 74 | ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ | |
75 | ll=(c)->h3; HOST_l2c(ll,(s)); \ | 75 | ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ | |
76 | ll=(c)->h4; HOST_l2c(ll,(s)); \ | 76 | ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ | |
77 | } while (0) | 77 | } while (0) | |
78 | 78 | |||
79 | #if defined(SHA_0) | 79 | #if defined(SHA_0) | |
80 | 80 | |||
81 | # define HASH_UPDATE SHA_Update | 81 | # define HASH_UPDATE SHA_Update | |
82 | # define HASH_TRANSFORM SHA_Transform | 82 | # define HASH_TRANSFORM SHA_Transform | |
83 | # define HASH_FINAL SHA_Final | 83 | # define HASH_FINAL SHA_Final | |
84 | # define HASH_INIT SHA_Init | 84 | # define HASH_INIT SHA_Init | |
85 | # define HASH_BLOCK_DATA_ORDER sha_block_data_order | 85 | # define HASH_BLOCK_DATA_ORDER sha_block_data_order | |
86 | # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) | 86 | # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) | |
87 | 87 | |||
88 | static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); | 88 | static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); | |
89 | 89 | |||
@@ -246,41 +246,41 @@ static void HASH_BLOCK_DATA_ORDER (SHA_C | @@ -246,41 +246,41 @@ static void HASH_BLOCK_DATA_ORDER (SHA_C | |||
246 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; | 246 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; | |
247 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; | 247 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; | |
248 | BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; | 248 | BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; | |
249 | BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; | 249 | BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; | |
250 | BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; | 250 | BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; | |
251 | BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; | 251 | BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; | |
252 | BODY_00_15(14,E,T,A,B,C,D,X(14)); | 252 | BODY_00_15(14,E,T,A,B,C,D,X(14)); | |
253 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | 253 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | |
254 | 254 | |||
255 | data += SHA_CBLOCK; | 255 | data += SHA_CBLOCK; | |
256 | } | 256 | } | |
257 | else | 257 | else | |
258 | { | 258 | { | |
259 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; | 259 | (void)HOST_c2l(data,l); X( 0)=l; (void)HOST_c2l(data,l); X( 1)=l; | |
260 | BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; | 260 | BODY_00_15( 0,A,B,C,D,E,T,X( 0)); (void)HOST_c2l(data,l); X( 2)=l; | |
261 | BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; | 261 | BODY_00_15( 1,T,A,B,C,D,E,X( 1)); (void)HOST_c2l(data,l); X( 3)=l; | |
262 | BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; | 262 | BODY_00_15( 2,E,T,A,B,C,D,X( 2)); (void)HOST_c2l(data,l); X( 4)=l; | |
263 | BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; | 263 | BODY_00_15( 3,D,E,T,A,B,C,X( 3)); (void)HOST_c2l(data,l); X( 5)=l; | |
264 | BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; | 264 | BODY_00_15( 4,C,D,E,T,A,B,X( 4)); (void)HOST_c2l(data,l); X( 6)=l; | |
265 | BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; | 265 | BODY_00_15( 5,B,C,D,E,T,A,X( 5)); (void)HOST_c2l(data,l); X( 7)=l; | |
266 | BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; | 266 | BODY_00_15( 6,A,B,C,D,E,T,X( 6)); (void)HOST_c2l(data,l); X( 8)=l; | |
267 | BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; | 267 | BODY_00_15( 7,T,A,B,C,D,E,X( 7)); (void)HOST_c2l(data,l); X( 9)=l; | |
268 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; | 268 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); (void)HOST_c2l(data,l); X(10)=l; | |
269 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; | 269 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); (void)HOST_c2l(data,l); X(11)=l; | |
270 | BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; | 270 | BODY_00_15(10,C,D,E,T,A,B,X(10)); (void)HOST_c2l(data,l); X(12)=l; | |
271 | BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; | 271 | BODY_00_15(11,B,C,D,E,T,A,X(11)); (void)HOST_c2l(data,l); X(13)=l; | |
272 | BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; | 272 | BODY_00_15(12,A,B,C,D,E,T,X(12)); (void)HOST_c2l(data,l); X(14)=l; | |
273 | BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; | 273 | BODY_00_15(13,T,A,B,C,D,E,X(13)); (void)HOST_c2l(data,l); X(15)=l; | |
274 | BODY_00_15(14,E,T,A,B,C,D,X(14)); | 274 | BODY_00_15(14,E,T,A,B,C,D,X(14)); | |
275 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | 275 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | |
276 | } | 276 | } | |
277 | 277 | |||
278 | BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); | 278 | BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); | |
279 | BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); | 279 | BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); | |
280 | BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); | 280 | BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); | |
281 | BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); | 281 | BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); | |
282 | 282 | |||
283 | BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); | 283 | BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); | |
284 | BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); | 284 | BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); | |
285 | BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); | 285 | BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); | |
286 | BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); | 286 | BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); |
--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c 2013/02/05 21:31:26 1.5
@@ -112,29 +112,35 @@ | @@ -112,29 +112,35 @@ | |||
112 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 112 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
113 | * copied and put under another distribution licence | 113 | * copied and put under another distribution licence | |
114 | * [including the GNU Public Licence.] | 114 | * [including the GNU Public Licence.] | |
115 | */ | 115 | */ | |
116 | 116 | |||
117 | 117 | |||
118 | #include <openssl/e_os2.h> | 118 | #include <openssl/e_os2.h> | |
119 | 119 | |||
120 | /* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc | 120 | /* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc | |
121 | * [maybe others?], because it masks interfaces not discussed in standard, | 121 | * [maybe others?], because it masks interfaces not discussed in standard, | |
122 | * sigaction and fileno included. -pedantic would be more appropriate for | 122 | * sigaction and fileno included. -pedantic would be more appropriate for | |
123 | * the intended purposes, but we can't prevent users from adding -ansi. | 123 | * the intended purposes, but we can't prevent users from adding -ansi. | |
124 | */ | 124 | */ | |
125 | #if defined(OPENSSL_SYSNAME_VXWORKS) | |||
126 | #include <sys/types.h> | |||
127 | #endif | |||
128 | ||||
125 | #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) | 129 | #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) | |
130 | #ifndef _POSIX_C_SOURCE | |||
126 | #define _POSIX_C_SOURCE 2 | 131 | #define _POSIX_C_SOURCE 2 | |
127 | #endif | 132 | #endif | |
133 | #endif | |||
128 | #include <signal.h> | 134 | #include <signal.h> | |
129 | #include <stdio.h> | 135 | #include <stdio.h> | |
130 | #include <string.h> | 136 | #include <string.h> | |
131 | #include <errno.h> | 137 | #include <errno.h> | |
132 | 138 | |||
133 | #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) | 139 | #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) | |
134 | # include <unistd.h> | 140 | # include <unistd.h> | |
135 | /* If unistd.h defines _POSIX_VERSION, we conclude that we | 141 | /* If unistd.h defines _POSIX_VERSION, we conclude that we | |
136 | * are on a POSIX system and have sigaction and termios. */ | 142 | * are on a POSIX system and have sigaction and termios. */ | |
137 | # if defined(_POSIX_VERSION) | 143 | # if defined(_POSIX_VERSION) | |
138 | 144 | |||
139 | # define SIGACTION | 145 | # define SIGACTION | |
140 | # if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) | 146 | # if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) |
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c 2013/02/05 21:31:26 1.4
@@ -862,38 +862,38 @@ static int get_crl_sk(X509_STORE_CTX *ct | @@ -862,38 +862,38 @@ static int get_crl_sk(X509_STORE_CTX *ct | |||
862 | return 1; | 862 | return 1; | |
863 | 863 | |||
864 | return 0; | 864 | return 0; | |
865 | } | 865 | } | |
866 | 866 | |||
867 | /* Compare two CRL extensions for delta checking purposes. They should be | 867 | /* Compare two CRL extensions for delta checking purposes. They should be | |
868 | * both present or both absent. If both present all fields must be identical. | 868 | * both present or both absent. If both present all fields must be identical. | |
869 | */ | 869 | */ | |
870 | 870 | |||
871 | static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) | 871 | static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) | |
872 | { | 872 | { | |
873 | ASN1_OCTET_STRING *exta, *extb; | 873 | ASN1_OCTET_STRING *exta, *extb; | |
874 | int i; | 874 | int i; | |
875 | i = X509_CRL_get_ext_by_NID(a, nid, 0); | 875 | i = X509_CRL_get_ext_by_NID(a, nid, -1); | |
876 | if (i >= 0) | 876 | if (i >= 0) | |
877 | { | 877 | { | |
878 | /* Can't have multiple occurrences */ | 878 | /* Can't have multiple occurrences */ | |
879 | if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) | 879 | if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) | |
880 | return 0; | 880 | return 0; | |
881 | exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); | 881 | exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); | |
882 | } | 882 | } | |
883 | else | 883 | else | |
884 | exta = NULL; | 884 | exta = NULL; | |
885 | 885 | |||
886 | i = X509_CRL_get_ext_by_NID(b, nid, 0); | 886 | i = X509_CRL_get_ext_by_NID(b, nid, -1); | |
887 | 887 | |||
888 | if (i >= 0) | 888 | if (i >= 0) | |
889 | { | 889 | { | |
890 | 890 | |||
891 | if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) | 891 | if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) | |
892 | return 0; | 892 | return 0; | |
893 | extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); | 893 | extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); | |
894 | } | 894 | } | |
895 | else | 895 | else | |
896 | extb = NULL; | 896 | extb = NULL; | |
897 | 897 | |||
898 | if (!exta && !extb) | 898 | if (!exta && !extb) | |
899 | return 1; | 899 | return 1; |
--- src/crypto/external/bsd/openssl/dist/engines/ccgost/Attic/gost_eng.c 2013/02/04 01:44:47 1.2
+++ src/crypto/external/bsd/openssl/dist/engines/ccgost/Attic/gost_eng.c 2013/02/05 21:31:26 1.3
@@ -68,26 +68,31 @@ static int gost_engine_destroy(ENGINE *e | @@ -68,26 +68,31 @@ static int gost_engine_destroy(ENGINE *e | |||
68 | pmeth_GostR3410_94 = NULL; | 68 | pmeth_GostR3410_94 = NULL; | |
69 | pmeth_GostR3410_2001 = NULL; | 69 | pmeth_GostR3410_2001 = NULL; | |
70 | pmeth_Gost28147_MAC = NULL; | 70 | pmeth_Gost28147_MAC = NULL; | |
71 | ameth_GostR3410_94 = NULL; | 71 | ameth_GostR3410_94 = NULL; | |
72 | ameth_GostR3410_2001 = NULL; | 72 | ameth_GostR3410_2001 = NULL; | |
73 | ameth_Gost28147_MAC = NULL; | 73 | ameth_Gost28147_MAC = NULL; | |
74 | return 1; | 74 | return 1; | |
75 | } | 75 | } | |
76 | 76 | |||
77 | static int bind_gost (ENGINE *e,const char *id) | 77 | static int bind_gost (ENGINE *e,const char *id) | |
78 | { | 78 | { | |
79 | int ret = 0; | 79 | int ret = 0; | |
80 | if (id && strcmp(id, engine_gost_id)) return 0; | 80 | if (id && strcmp(id, engine_gost_id)) return 0; | |
81 | if (ameth_GostR3410_94) | |||
82 | { | |||
83 | printf("GOST engine already loaded\n"); | |||
84 | goto end; | |||
85 | } | |||
81 | 86 | |||
82 | if (!ENGINE_set_id(e, engine_gost_id)) | 87 | if (!ENGINE_set_id(e, engine_gost_id)) | |
83 | { | 88 | { | |
84 | printf("ENGINE_set_id failed\n"); | 89 | printf("ENGINE_set_id failed\n"); | |
85 | goto end; | 90 | goto end; | |
86 | } | 91 | } | |
87 | if (!ENGINE_set_name(e, engine_gost_name)) | 92 | if (!ENGINE_set_name(e, engine_gost_name)) | |
88 | { | 93 | { | |
89 | printf("ENGINE_set_name failed\n"); | 94 | printf("ENGINE_set_name failed\n"); | |
90 | goto end; | 95 | goto end; | |
91 | } | 96 | } | |
92 | if (!ENGINE_set_digests(e, gost_digests)) | 97 | if (!ENGINE_set_digests(e, gost_digests)) | |
93 | { | 98 | { |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_enc.c 2012/05/11 18:07:33 1.2
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_enc.c 2013/02/05 21:31:26 1.3
@@ -116,67 +116,74 @@ | @@ -116,67 +116,74 @@ | |||
116 | #include <stdio.h> | 116 | #include <stdio.h> | |
117 | #include "ssl_locl.h" | 117 | #include "ssl_locl.h" | |
118 | #ifndef OPENSSL_NO_COMP | 118 | #ifndef OPENSSL_NO_COMP | |
119 | #include <openssl/comp.h> | 119 | #include <openssl/comp.h> | |
120 | #endif | 120 | #endif | |
121 | #include <openssl/evp.h> | 121 | #include <openssl/evp.h> | |
122 | #include <openssl/hmac.h> | 122 | #include <openssl/hmac.h> | |
123 | #include <openssl/md5.h> | 123 | #include <openssl/md5.h> | |
124 | #include <openssl/rand.h> | 124 | #include <openssl/rand.h> | |
125 | #ifdef KSSL_DEBUG | 125 | #ifdef KSSL_DEBUG | |
126 | #include <openssl/des.h> | 126 | #include <openssl/des.h> | |
127 | #endif | 127 | #endif | |
128 | 128 | |||
129 | /* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. | |||
130 | * | |||
131 | * Returns: | |||
132 | * 0: (in non-constant time) if the record is publically invalid (i.e. too | |||
133 | * short etc). | |||
134 | * 1: if the record's padding is valid / the encryption was successful. | |||
135 | * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, | |||
136 | * an internal error occured. */ | |||
129 | int dtls1_enc(SSL *s, int send) | 137 | int dtls1_enc(SSL *s, int send) | |
130 | { | 138 | { | |
131 | SSL3_RECORD *rec; | 139 | SSL3_RECORD *rec; | |
132 | EVP_CIPHER_CTX *ds; | 140 | EVP_CIPHER_CTX *ds; | |
133 | unsigned long l; | 141 | unsigned long l; | |
134 | int bs,i,ii,j,k,n=0; | 142 | int bs,i,j,k,mac_size=0; | |
135 | const EVP_CIPHER *enc; | 143 | const EVP_CIPHER *enc; | |
136 | 144 | |||
137 | if (send) | 145 | if (send) | |
138 | { | 146 | { | |
139 | if (EVP_MD_CTX_md(s->write_hash)) | 147 | if (EVP_MD_CTX_md(s->write_hash)) | |
140 | { | 148 | { | |
141 | n=EVP_MD_CTX_size(s->write_hash); | 149 | mac_size=EVP_MD_CTX_size(s->write_hash); | |
142 | if (n < 0) | 150 | if (mac_size < 0) | |
143 | return -1; | 151 | return -1; | |
144 | } | 152 | } | |
145 | ds=s->enc_write_ctx; | 153 | ds=s->enc_write_ctx; | |
146 | rec= &(s->s3->wrec); | 154 | rec= &(s->s3->wrec); | |
147 | if (s->enc_write_ctx == NULL) | 155 | if (s->enc_write_ctx == NULL) | |
148 | enc=NULL; | 156 | enc=NULL; | |
149 | else | 157 | else | |
150 | { | 158 | { | |
151 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | 159 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | |
152 | if ( rec->data != rec->input) | 160 | if ( rec->data != rec->input) | |
153 | /* we can't write into the input stream */ | 161 | /* we can't write into the input stream */ | |
154 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", | 162 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", | |
155 | __FILE__, __LINE__); | 163 | __FILE__, __LINE__); | |
156 | else if ( EVP_CIPHER_block_size(ds->cipher) > 1) | 164 | else if ( EVP_CIPHER_block_size(ds->cipher) > 1) | |
157 | { | 165 | { | |
158 | if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) | 166 | if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) | |
159 | return -1; | 167 | return -1; | |
160 | } | 168 | } | |
161 | } | 169 | } | |
162 | } | 170 | } | |
163 | else | 171 | else | |
164 | { | 172 | { | |
165 | if (EVP_MD_CTX_md(s->read_hash)) | 173 | if (EVP_MD_CTX_md(s->read_hash)) | |
166 | { | 174 | { | |
167 | n=EVP_MD_CTX_size(s->read_hash); | 175 | mac_size=EVP_MD_CTX_size(s->read_hash); | |
168 | if (n < 0) | 176 | OPENSSL_assert(mac_size >= 0); | |
169 | return -1; | |||
170 | } | 177 | } | |
171 | ds=s->enc_read_ctx; | 178 | ds=s->enc_read_ctx; | |
172 | rec= &(s->s3->rrec); | 179 | rec= &(s->s3->rrec); | |
173 | if (s->enc_read_ctx == NULL) | 180 | if (s->enc_read_ctx == NULL) | |
174 | enc=NULL; | 181 | enc=NULL; | |
175 | else | 182 | else | |
176 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | 183 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | |
177 | } | 184 | } | |
178 | 185 | |||
179 | #ifdef KSSL_DEBUG | 186 | #ifdef KSSL_DEBUG | |
180 | printf("dtls1_enc(%d)\n", send); | 187 | printf("dtls1_enc(%d)\n", send); | |
181 | #endif /* KSSL_DEBUG */ | 188 | #endif /* KSSL_DEBUG */ | |
182 | 189 | |||
@@ -221,69 +228,33 @@ int dtls1_enc(SSL *s, int send) | @@ -221,69 +228,33 @@ int dtls1_enc(SSL *s, int send) | |||
221 | ds->cipher->iv_len); | 228 | ds->cipher->iv_len); | |
222 | printf("\t\tIV: "); | 229 | printf("\t\tIV: "); | |
223 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | 230 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | |
224 | printf("\n"); | 231 | printf("\n"); | |
225 | printf("\trec->input="); | 232 | printf("\trec->input="); | |
226 | for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | 233 | for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | |
227 | printf("\n"); | 234 | printf("\n"); | |
228 | } | 235 | } | |
229 | #endif /* KSSL_DEBUG */ | 236 | #endif /* KSSL_DEBUG */ | |
230 | 237 | |||
231 | if (!send) | 238 | if (!send) | |
232 | { | 239 | { | |
233 | if (l == 0 || l%bs != 0) | 240 | if (l == 0 || l%bs != 0) | |
234 | return -1; | 241 | return 0; | |
235 | } | 242 | } | |
236 | 243 | |||
237 | EVP_Cipher(ds,rec->data,rec->input,l); | 244 | EVP_Cipher(ds,rec->data,rec->input,l); | |
238 | 245 | |||
239 | #ifdef KSSL_DEBUG | 246 | #ifdef KSSL_DEBUG | |
240 | { | 247 | { | |
241 | unsigned long i; | 248 | unsigned long i; | |
242 | printf("\trec->data="); | 249 | printf("\trec->data="); | |
243 | for (i=0; i<l; i++) | 250 | for (i=0; i<l; i++) | |
244 | printf(" %02x", rec->data[i]); printf("\n"); | 251 | printf(" %02x", rec->data[i]); printf("\n"); | |
245 | } | 252 | } | |
246 | #endif /* KSSL_DEBUG */ | 253 | #endif /* KSSL_DEBUG */ | |
247 | 254 | |||
248 | if ((bs != 1) && !send) | 255 | if ((bs != 1) && !send) | |
249 | { | 256 | return tls1_cbc_remove_padding(s, rec, bs, mac_size); | |
250 | ii=i=rec->data[l-1]; /* padding_length */ | |||
251 | i++; | |||
252 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | |||
253 | { | |||
254 | /* First packet is even in size, so check */ | |||
255 | if ((memcmp(s->s3->read_sequence, | |||
256 | "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) | |||
257 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | |||
258 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | |||
259 | i--; | |||
260 | } | |||
261 | /* TLS 1.0 does not bound the number of padding bytes by the block size. | |||
262 | * All of them must have value 'padding_length'. */ | |||
263 | if (i + bs > (int)rec->length) | |||
264 | { | |||
265 | /* Incorrect padding. SSLerr() and ssl3_alert are done | |||
266 | * by caller: we don't want to reveal whether this is | |||
267 | * a decryption error or a MAC verification failure | |||
268 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | |||
269 | */ | |||
270 | return -1; | |||
271 | } | |||
272 | for (j=(int)(l-i); j<(int)l; j++) | |||
273 | { | |||
274 | if (rec->data[j] != ii) | |||
275 | { | |||
276 | /* Incorrect padding */ | |||
277 | return -1; | |||
278 | } | |||
279 | } | |||
280 | rec->length-=i; | |||
281 | ||||
282 | rec->data += bs; /* skip the implicit IV */ | |||
283 | rec->input += bs; | |||
284 | rec->length -= bs; | |||
285 | } | |||
286 | } | 257 | } | |
287 | return(1); | 258 | return(1); | |
288 | } | 259 | } | |
289 | 260 |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_pkt.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/d1_pkt.c 2013/02/05 21:31:26 1.5
@@ -366,35 +366,31 @@ dtls1_get_buffered_record(SSL *s) | @@ -366,35 +366,31 @@ dtls1_get_buffered_record(SSL *s) | |||
366 | /* s->d1->next_expected_seq_num++; */ | 366 | /* s->d1->next_expected_seq_num++; */ | |
367 | return(1); | 367 | return(1); | |
368 | } | 368 | } | |
369 | 369 | |||
370 | return 0; | 370 | return 0; | |
371 | } | 371 | } | |
372 | 372 | |||
373 | #endif | 373 | #endif | |
374 | 374 | |||
375 | static int | 375 | static int | |
376 | dtls1_process_record(SSL *s) | 376 | dtls1_process_record(SSL *s) | |
377 | { | 377 | { | |
378 | int i,al; | 378 | int i,al; | |
379 | int clear=0; | |||
380 | int enc_err; | 379 | int enc_err; | |
381 | SSL_SESSION *sess; | 380 | SSL_SESSION *sess; | |
382 | SSL3_RECORD *rr; | 381 | SSL3_RECORD *rr; | |
383 | unsigned int mac_size; | 382 | unsigned int mac_size, orig_len; | |
384 | unsigned char md[EVP_MAX_MD_SIZE]; | 383 | unsigned char md[EVP_MAX_MD_SIZE]; | |
385 | int decryption_failed_or_bad_record_mac = 0; | |||
386 | unsigned char *mac = NULL; | |||
387 | ||||
388 | 384 | |||
389 | rr= &(s->s3->rrec); | 385 | rr= &(s->s3->rrec); | |
390 | sess = s->session; | 386 | sess = s->session; | |
391 | 387 | |||
392 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | 388 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | |
393 | * and we have that many bytes in s->packet | 389 | * and we have that many bytes in s->packet | |
394 | */ | 390 | */ | |
395 | rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); | 391 | rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); | |
396 | 392 | |||
397 | /* ok, we can now read from 's->packet' data into 'rr' | 393 | /* ok, we can now read from 's->packet' data into 'rr' | |
398 | * rr->input points at rr->length bytes, which | 394 | * rr->input points at rr->length bytes, which | |
399 | * need to be copied into rr->data by either | 395 | * need to be copied into rr->data by either | |
400 | * the decryption or by the decompression | 396 | * the decryption or by the decompression | |
@@ -404,82 +400,101 @@ dtls1_process_record(SSL *s) | @@ -404,82 +400,101 @@ dtls1_process_record(SSL *s) | |||
404 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | 400 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | |
405 | * rr->length bytes of encrypted compressed stuff. */ | 401 | * rr->length bytes of encrypted compressed stuff. */ | |
406 | 402 | |||
407 | /* check is not needed I believe */ | 403 | /* check is not needed I believe */ | |
408 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) | 404 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) | |
409 | { | 405 | { | |
410 | al=SSL_AD_RECORD_OVERFLOW; | 406 | al=SSL_AD_RECORD_OVERFLOW; | |
411 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | 407 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | |
412 | goto f_err; | 408 | goto f_err; | |
413 | } | 409 | } | |
414 | 410 | |||
415 | /* decrypt in place in 'rr->input' */ | 411 | /* decrypt in place in 'rr->input' */ | |
416 | rr->data=rr->input; | 412 | rr->data=rr->input; | |
413 | orig_len=rr->length; | |||
417 | 414 | |||
418 | enc_err = s->method->ssl3_enc->enc(s,0); | 415 | enc_err = s->method->ssl3_enc->enc(s,0); | |
419 | if (enc_err <= 0) | 416 | /* enc_err is: | |
417 | * 0: (in non-constant time) if the record is publically invalid. | |||
418 | * 1: if the padding is valid | |||
419 | * -1: if the padding is invalid */ | |||
420 | if (enc_err == 0) | |||
420 | { | 421 | { | |
421 | /* To minimize information leaked via timing, we will always | 422 | /* For DTLS we simply ignore bad packets. */ | |
422 | * perform all computations before discarding the message. | 423 | rr->length = 0; | |
423 | */ | 424 | s->packet_length = 0; | |
424 | decryption_failed_or_bad_record_mac = 1; | 425 | goto err; | |
425 | } | 426 | } | |
426 | 427 | |||
427 | #ifdef TLS_DEBUG | 428 | #ifdef TLS_DEBUG | |
428 | printf("dec %d\n",rr->length); | 429 | printf("dec %d\n",rr->length); | |
429 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | 430 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | |
430 | printf("\n"); | 431 | printf("\n"); | |
431 | #endif | 432 | #endif | |
432 | 433 | |||
433 | /* r->length is now the compressed data plus mac */ | 434 | /* r->length is now the compressed data plus mac */ | |
434 | if ( (sess == NULL) || | 435 | if ((sess != NULL) && | |
435 | (s->enc_read_ctx == NULL) || | 436 | (s->enc_read_ctx != NULL) && | |
436 | (s->read_hash == NULL)) | 437 | (EVP_MD_CTX_md(s->read_hash) != NULL)) | |
437 | clear=1; | 438 | { | |
438 | 439 | /* s->read_hash != NULL => mac_size != -1 */ | ||
439 | if (!clear) | 440 | unsigned char *mac = NULL; | |
440 | { | 441 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | |
441 | /* !clear => s->read_hash != NULL => mac_size != -1 */ | 442 | mac_size=EVP_MD_CTX_size(s->read_hash); | |
442 | int t; | 443 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | |
443 | t=EVP_MD_CTX_size(s->read_hash); | 444 | ||
444 | OPENSSL_assert(t >= 0); | 445 | /* orig_len is the length of the record before any padding was | |
445 | mac_size=t; | 446 | * removed. This is public information, as is the MAC in use, | |
446 | 447 | * therefore we can safely process the record in a different | ||
447 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) | 448 | * amount of time if it's too short to possibly contain a MAC. | |
449 | */ | |||
450 | if (orig_len < mac_size || | |||
451 | /* CBC records must have a padding length byte too. */ | |||
452 | (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && | |||
453 | orig_len < mac_size+1)) | |||
448 | { | 454 | { | |
449 | #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ | 455 | al=SSL_AD_DECODE_ERROR; | |
450 | al=SSL_AD_RECORD_OVERFLOW; | 456 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); | |
451 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | |||
452 | goto f_err; | 457 | goto f_err; | |
453 | #else | |||
454 | decryption_failed_or_bad_record_mac = 1; | |||
455 | #endif | |||
456 | } | 458 | } | |
457 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ | 459 | ||
458 | if (rr->length >= mac_size) | 460 | if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) | |
459 | { | 461 | { | |
462 | /* We update the length so that the TLS header bytes | |||
463 | * can be constructed correctly but we need to extract | |||
464 | * the MAC in constant time from within the record, | |||
465 | * without leaking the contents of the padding bytes. | |||
466 | * */ | |||
467 | mac = mac_tmp; | |||
468 | ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); | |||
460 | rr->length -= mac_size; | 469 | rr->length -= mac_size; | |
461 | mac = &rr->data[rr->length]; | |||
462 | } | 470 | } | |
463 | else | 471 | else | |
464 | rr->length = 0; | |||
465 | i=s->method->ssl3_enc->mac(s,md,0); | |||
466 | if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) | |||
467 | { | 472 | { | |
468 | decryption_failed_or_bad_record_mac = 1; | 473 | /* In this case there's no padding, so |orig_len| | |
474 | * equals |rec->length| and we checked that there's | |||
475 | * enough bytes for |mac_size| above. */ | |||
476 | rr->length -= mac_size; | |||
477 | mac = &rr->data[rr->length]; | |||
469 | } | 478 | } | |
479 | ||||
480 | i=s->method->ssl3_enc->mac(s,md,0 /* not send */); | |||
481 | if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | |||
482 | enc_err = -1; | |||
483 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) | |||
484 | enc_err = -1; | |||
470 | } | 485 | } | |
471 | 486 | |||
472 | if (decryption_failed_or_bad_record_mac) | 487 | if (enc_err < 0) | |
473 | { | 488 | { | |
474 | /* decryption failed, silently discard message */ | 489 | /* decryption failed, silently discard message */ | |
475 | rr->length = 0; | 490 | rr->length = 0; | |
476 | s->packet_length = 0; | 491 | s->packet_length = 0; | |
477 | goto err; | 492 | goto err; | |
478 | } | 493 | } | |
479 | 494 | |||
480 | /* r->length is now just compressed */ | 495 | /* r->length is now just compressed */ | |
481 | if (s->expand != NULL) | 496 | if (s->expand != NULL) | |
482 | { | 497 | { | |
483 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) | 498 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) | |
484 | { | 499 | { | |
485 | al=SSL_AD_RECORD_OVERFLOW; | 500 | al=SSL_AD_RECORD_OVERFLOW; |
--- src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c 2012/01/05 17:32:02 1.4
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c 2013/02/05 21:31:26 1.5
@@ -456,32 +456,41 @@ err: | @@ -456,32 +456,41 @@ err: | |||
456 | 456 | |||
457 | void ssl3_cleanup_key_block(SSL *s) | 457 | void ssl3_cleanup_key_block(SSL *s) | |
458 | { | 458 | { | |
459 | if (s->s3->tmp.key_block != NULL) | 459 | if (s->s3->tmp.key_block != NULL) | |
460 | { | 460 | { | |
461 | OPENSSL_cleanse(s->s3->tmp.key_block, | 461 | OPENSSL_cleanse(s->s3->tmp.key_block, | |
462 | s->s3->tmp.key_block_length); | 462 | s->s3->tmp.key_block_length); | |
463 | OPENSSL_free(s->s3->tmp.key_block); | 463 | OPENSSL_free(s->s3->tmp.key_block); | |
464 | s->s3->tmp.key_block=NULL; | 464 | s->s3->tmp.key_block=NULL; | |
465 | } | 465 | } | |
466 | s->s3->tmp.key_block_length=0; | 466 | s->s3->tmp.key_block_length=0; | |
467 | } | 467 | } | |
468 | 468 | |||
469 | /* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. | |||
470 | * | |||
471 | * Returns: | |||
472 | * 0: (in non-constant time) if the record is publically invalid (i.e. too | |||
473 | * short etc). | |||
474 | * 1: if the record's padding is valid / the encryption was successful. | |||
475 | * -1: if the record's padding is invalid or, if sending, an internal error | |||
476 | * occured. | |||
477 | */ | |||
469 | int ssl3_enc(SSL *s, int send) | 478 | int ssl3_enc(SSL *s, int send) | |
470 | { | 479 | { | |
471 | SSL3_RECORD *rec; | 480 | SSL3_RECORD *rec; | |
472 | EVP_CIPHER_CTX *ds; | 481 | EVP_CIPHER_CTX *ds; | |
473 | unsigned long l; | 482 | unsigned long l; | |
474 | int bs,i; | 483 | int bs,i,mac_size=0; | |
475 | const EVP_CIPHER *enc; | 484 | const EVP_CIPHER *enc; | |
476 | 485 | |||
477 | if (send) | 486 | if (send) | |
478 | { | 487 | { | |
479 | ds=s->enc_write_ctx; | 488 | ds=s->enc_write_ctx; | |
480 | rec= &(s->s3->wrec); | 489 | rec= &(s->s3->wrec); | |
481 | if (s->enc_write_ctx == NULL) | 490 | if (s->enc_write_ctx == NULL) | |
482 | enc=NULL; | 491 | enc=NULL; | |
483 | else | 492 | else | |
484 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | 493 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | |
485 | } | 494 | } | |
486 | else | 495 | else | |
487 | { | 496 | { | |
@@ -512,52 +521,36 @@ int ssl3_enc(SSL *s, int send) | @@ -512,52 +521,36 @@ int ssl3_enc(SSL *s, int send) | |||
512 | 521 | |||
513 | /* we need to add 'i-1' padding bytes */ | 522 | /* we need to add 'i-1' padding bytes */ | |
514 | l+=i; | 523 | l+=i; | |
515 | /* the last of these zero bytes will be overwritten | 524 | /* the last of these zero bytes will be overwritten | |
516 | * with the padding length. */ | 525 | * with the padding length. */ | |
517 | memset(&rec->input[rec->length], 0, i); | 526 | memset(&rec->input[rec->length], 0, i); | |
518 | rec->length+=i; | 527 | rec->length+=i; | |
519 | rec->input[l-1]=(i-1); | 528 | rec->input[l-1]=(i-1); | |
520 | } | 529 | } | |
521 | 530 | |||
522 | if (!send) | 531 | if (!send) | |
523 | { | 532 | { | |
524 | if (l == 0 || l%bs != 0) | 533 | if (l == 0 || l%bs != 0) | |
525 | { | |||
526 | SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | |||
527 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | |||
528 | return 0; | 534 | return 0; | |
529 | } | |||
530 | /* otherwise, rec->length >= bs */ | 535 | /* otherwise, rec->length >= bs */ | |
531 | } | 536 | } | |
532 | 537 | |||
533 | EVP_Cipher(ds,rec->data,rec->input,l); | 538 | EVP_Cipher(ds,rec->data,rec->input,l); | |
534 | 539 | |||
540 | if (EVP_MD_CTX_md(s->read_hash) != NULL) | |||
541 | mac_size = EVP_MD_CTX_size(s->read_hash); | |||
535 | if ((bs != 1) && !send) | 542 | if ((bs != 1) && !send) | |
536 | { | 543 | return ssl3_cbc_remove_padding(s, rec, bs, mac_size); | |
537 | i=rec->data[l-1]+1; | |||
538 | /* SSL 3.0 bounds the number of padding bytes by the block size; | |||
539 | * padding bytes (except the last one) are arbitrary */ | |||
540 | if (i > bs) | |||
541 | { | |||
542 | /* Incorrect padding. SSLerr() and ssl3_alert are done | |||
543 | * by caller: we don't want to reveal whether this is | |||
544 | * a decryption error or a MAC verification failure | |||
545 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | |||
546 | return -1; | |||
547 | } | |||
548 | /* now i <= bs <= rec->length */ | |||
549 | rec->length-=i; | |||
550 | } | |||
551 | } | 544 | } | |
552 | return(1); | 545 | return(1); | |
553 | } | 546 | } | |
554 | 547 | |||
555 | void ssl3_init_finished_mac(SSL *s) | 548 | void ssl3_init_finished_mac(SSL *s) | |
556 | { | 549 | { | |
557 | if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); | 550 | if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); | |
558 | if (s->s3->handshake_dgst) ssl3_free_digest_list(s); | 551 | if (s->s3->handshake_dgst) ssl3_free_digest_list(s); | |
559 | s->s3->handshake_buffer=BIO_new(BIO_s_mem()); | 552 | s->s3->handshake_buffer=BIO_new(BIO_s_mem()); | |
560 | (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); | 553 | (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); | |
561 | } | 554 | } | |
562 | 555 | |||
563 | void ssl3_free_digest_list(SSL *s) | 556 | void ssl3_free_digest_list(SSL *s) | |
@@ -706,73 +699,117 @@ static int ssl3_handshake_mac(SSL *s, in | @@ -706,73 +699,117 @@ static int ssl3_handshake_mac(SSL *s, in | |||
706 | 699 | |||
707 | EVP_MD_CTX_cleanup(&ctx); | 700 | EVP_MD_CTX_cleanup(&ctx); | |
708 | 701 | |||
709 | return((int)ret); | 702 | return((int)ret); | |
710 | } | 703 | } | |
711 | 704 | |||
712 | int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) | 705 | int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) | |
713 | { | 706 | { | |
714 | SSL3_RECORD *rec; | 707 | SSL3_RECORD *rec; | |
715 | unsigned char *mac_sec,*seq; | 708 | unsigned char *mac_sec,*seq; | |
716 | EVP_MD_CTX md_ctx; | 709 | EVP_MD_CTX md_ctx; | |
717 | const EVP_MD_CTX *hash; | 710 | const EVP_MD_CTX *hash; | |
718 | unsigned char *p,rec_char; | 711 | unsigned char *p,rec_char; | |
719 | unsigned int md_size; | 712 | size_t md_size, orig_len; | |
720 | int npad; | 713 | int npad; | |
721 | int t; | 714 | int t; | |
722 | 715 | |||
723 | if (send) | 716 | if (send) | |
724 | { | 717 | { | |
725 | rec= &(ssl->s3->wrec); | 718 | rec= &(ssl->s3->wrec); | |
726 | mac_sec= &(ssl->s3->write_mac_secret[0]); | 719 | mac_sec= &(ssl->s3->write_mac_secret[0]); | |
727 | seq= &(ssl->s3->write_sequence[0]); | 720 | seq= &(ssl->s3->write_sequence[0]); | |
728 | hash=ssl->write_hash; | 721 | hash=ssl->write_hash; | |
729 | } | 722 | } | |
730 | else | 723 | else | |
731 | { | 724 | { | |
732 | rec= &(ssl->s3->rrec); | 725 | rec= &(ssl->s3->rrec); | |
733 | mac_sec= &(ssl->s3->read_mac_secret[0]); | 726 | mac_sec= &(ssl->s3->read_mac_secret[0]); | |
734 | seq= &(ssl->s3->read_sequence[0]); | 727 | seq= &(ssl->s3->read_sequence[0]); | |
735 | hash=ssl->read_hash; | 728 | hash=ssl->read_hash; | |
736 | } | 729 | } | |
737 | 730 | |||
738 | t=EVP_MD_CTX_size(hash); | 731 | t=EVP_MD_CTX_size(hash); | |
739 | if (t < 0) | 732 | if (t < 0) | |
740 | return -1; | 733 | return -1; | |
741 | md_size=t; | 734 | md_size=t; | |
742 | npad=(48/md_size)*md_size; | 735 | npad=(48/md_size)*md_size; | |
743 | 736 | |||
744 | /* Chop the digest off the end :-) */ | 737 | /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ | |
745 | EVP_MD_CTX_init(&md_ctx); | 738 | orig_len = rec->length+md_size+((unsigned int)rec->type>>8); | |
746 | 739 | rec->type &= 0xff; | ||
747 | EVP_MD_CTX_copy_ex( &md_ctx,hash); | 740 | ||
748 | EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | 741 | if (!send && | |
749 | EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); | 742 | EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | |
750 | EVP_DigestUpdate(&md_ctx,seq,8); | 743 | ssl3_cbc_record_digest_supported(hash)) | |
751 | rec_char=rec->type; | 744 | { | |
752 | EVP_DigestUpdate(&md_ctx,&rec_char,1); | 745 | /* This is a CBC-encrypted record. We must avoid leaking any | |
753 | p=md; | 746 | * timing-side channel information about how many blocks of | |
754 | s2n(rec->length,p); | 747 | * data we are hashing because that gives an attacker a | |
755 | EVP_DigestUpdate(&md_ctx,md,2); | 748 | * timing-oracle. */ | |
756 | EVP_DigestUpdate(&md_ctx,rec->input,rec->length); | 749 | ||
757 | EVP_DigestFinal_ex( &md_ctx,md,NULL); | 750 | /* npad is, at most, 48 bytes and that's with MD5: | |
758 | 751 | * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. | ||
759 | EVP_MD_CTX_copy_ex( &md_ctx,hash); | 752 | * | |
760 | EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | 753 | * With SHA-1 (the largest hash speced for SSLv3) the hash size | |
761 | EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); | 754 | * goes up 4, but npad goes down by 8, resulting in a smaller | |
762 | EVP_DigestUpdate(&md_ctx,md,md_size); | 755 | * total size. */ | |
763 | EVP_DigestFinal_ex( &md_ctx,md,&md_size); | 756 | unsigned char header[75]; | |
757 | unsigned j = 0; | |||
758 | memcpy(header+j, mac_sec, md_size); | |||
759 | j += md_size; | |||
760 | memcpy(header+j, ssl3_pad_1, npad); | |||
761 | j += npad; | |||
762 | memcpy(header+j, seq, 8); | |||
763 | j += 8; | |||
764 | header[j++] = rec->type; | |||
765 | header[j++] = rec->length >> 8; | |||
766 | header[j++] = rec->length & 0xff; | |||
767 | ||||
768 | ssl3_cbc_digest_record( | |||
769 | hash, | |||
770 | md, &md_size, | |||
771 | header, rec->input, | |||
772 | rec->length + md_size, orig_len, | |||
773 | mac_sec, md_size, | |||
774 | 1 /* is SSLv3 */); | |||
775 | } | |||
776 | else | |||
777 | { | |||
778 | unsigned int md_size_u; | |||
779 | /* Chop the digest off the end :-) */ | |||
780 | EVP_MD_CTX_init(&md_ctx); | |||
781 | ||||
782 | EVP_MD_CTX_copy_ex( &md_ctx,hash); | |||
783 | EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | |||
784 | EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); | |||
785 | EVP_DigestUpdate(&md_ctx,seq,8); | |||
786 | rec_char=rec->type; | |||
787 | EVP_DigestUpdate(&md_ctx,&rec_char,1); | |||
788 | p=md; | |||
789 | s2n(rec->length,p); | |||
790 | EVP_DigestUpdate(&md_ctx,md,2); | |||
791 | EVP_DigestUpdate(&md_ctx,rec->input,rec->length); | |||
792 | EVP_DigestFinal_ex( &md_ctx,md,NULL); | |||
793 | ||||
794 | EVP_MD_CTX_copy_ex( &md_ctx,hash); | |||
795 | EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | |||
796 | EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); | |||
797 | EVP_DigestUpdate(&md_ctx,md,md_size); | |||
798 | EVP_DigestFinal_ex( &md_ctx,md,&md_size_u); | |||
799 | md_size = md_size_u; | |||
764 | 800 | |||
765 | EVP_MD_CTX_cleanup(&md_ctx); | 801 | EVP_MD_CTX_cleanup(&md_ctx); | |
802 | } | |||
766 | 803 | |||
767 | ssl3_record_sequence_update(seq); | 804 | ssl3_record_sequence_update(seq); | |
768 | return(md_size); | 805 | return(md_size); | |
769 | } | 806 | } | |
770 | 807 | |||
771 | void ssl3_record_sequence_update(unsigned char *seq) | 808 | void ssl3_record_sequence_update(unsigned char *seq) | |
772 | { | 809 | { | |
773 | int i; | 810 | int i; | |
774 | 811 | |||
775 | for (i=7; i>=0; i--) | 812 | for (i=7; i>=0; i--) | |
776 | { | 813 | { | |
777 | ++seq[i]; | 814 | ++seq[i]; | |
778 | if (seq[i] != 0) break; | 815 | if (seq[i] != 0) break; |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssltest.c 2012/07/26 19:58:39 1.4
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssltest.c 2013/02/05 21:31:27 1.5
@@ -533,28 +533,28 @@ int main(int argc, char *argv[]) | @@ -533,28 +533,28 @@ int main(int argc, char *argv[]) | |||
533 | /* client */ | 533 | /* client */ | |
534 | SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; | 534 | SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; | |
535 | /* server */ | 535 | /* server */ | |
536 | SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; | 536 | SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; | |
537 | #endif | 537 | #endif | |
538 | int no_dhe = 0; | 538 | int no_dhe = 0; | |
539 | int no_ecdhe = 0; | 539 | int no_ecdhe = 0; | |
540 | int no_psk = 0; | 540 | int no_psk = 0; | |
541 | int print_time = 0; | 541 | int print_time = 0; | |
542 | clock_t s_time = 0, c_time = 0; | 542 | clock_t s_time = 0, c_time = 0; | |
543 | int comp = 0; | 543 | int comp = 0; | |
544 | #ifndef OPENSSL_NO_COMP | 544 | #ifndef OPENSSL_NO_COMP | |
545 | COMP_METHOD *cm = NULL; | 545 | COMP_METHOD *cm = NULL; | |
546 | #endif | |||
547 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | 546 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | |
547 | #endif | |||
548 | int test_cipherlist = 0; | 548 | int test_cipherlist = 0; | |
549 | #ifdef OPENSSL_FIPS | 549 | #ifdef OPENSSL_FIPS | |
550 | int fips_mode=0; | 550 | int fips_mode=0; | |
551 | #endif | 551 | #endif | |
552 | 552 | |||
553 | verbose = 0; | 553 | verbose = 0; | |
554 | debug = 0; | 554 | debug = 0; | |
555 | cipher = 0; | 555 | cipher = 0; | |
556 | 556 | |||
557 | bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT); | 557 | bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT); | |
558 | 558 | |||
559 | CRYPTO_set_locking_callback(lock_dbg_cb); | 559 | CRYPTO_set_locking_callback(lock_dbg_cb); | |
560 | 560 |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_clnt.c 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_clnt.c 2013/02/05 21:31:26 1.6
@@ -449,27 +449,26 @@ int ssl3_connect(SSL *s) | @@ -449,27 +449,26 @@ int ssl3_connect(SSL *s) | |||
449 | ret=ssl3_send_client_verify(s); | 449 | ret=ssl3_send_client_verify(s); | |
450 | if (ret <= 0) goto end; | 450 | if (ret <= 0) goto end; | |
451 | s->state=SSL3_ST_CW_CHANGE_A; | 451 | s->state=SSL3_ST_CW_CHANGE_A; | |
452 | s->init_num=0; | 452 | s->init_num=0; | |
453 | s->s3->change_cipher_spec=0; | 453 | s->s3->change_cipher_spec=0; | |
454 | break; | 454 | break; | |
455 | 455 | |||
456 | case SSL3_ST_CW_CHANGE_A: | 456 | case SSL3_ST_CW_CHANGE_A: | |
457 | case SSL3_ST_CW_CHANGE_B: | 457 | case SSL3_ST_CW_CHANGE_B: | |
458 | ret=ssl3_send_change_cipher_spec(s, | 458 | ret=ssl3_send_change_cipher_spec(s, | |
459 | SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | 459 | SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | |
460 | if (ret <= 0) goto end; | 460 | if (ret <= 0) goto end; | |
461 | 461 | |||
462 | ||||
463 | #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | 462 | #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
464 | s->state=SSL3_ST_CW_FINISHED_A; | 463 | s->state=SSL3_ST_CW_FINISHED_A; | |
465 | #else | 464 | #else | |
466 | if (s->s3->next_proto_neg_seen) | 465 | if (s->s3->next_proto_neg_seen) | |
467 | s->state=SSL3_ST_CW_NEXT_PROTO_A; | 466 | s->state=SSL3_ST_CW_NEXT_PROTO_A; | |
468 | else | 467 | else | |
469 | s->state=SSL3_ST_CW_FINISHED_A; | 468 | s->state=SSL3_ST_CW_FINISHED_A; | |
470 | #endif | 469 | #endif | |
471 | s->init_num=0; | 470 | s->init_num=0; | |
472 | 471 | |||
473 | s->session->cipher=s->s3->tmp.new_cipher; | 472 | s->session->cipher=s->s3->tmp.new_cipher; | |
474 | #ifdef OPENSSL_NO_COMP | 473 | #ifdef OPENSSL_NO_COMP | |
475 | s->session->compress_meth=0; | 474 | s->session->compress_meth=0; |
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c 2013/02/05 21:31:27 1.6
@@ -302,26 +302,27 @@ static const SSL_CIPHER cipher_aliases[] | @@ -302,26 +302,27 @@ static const SSL_CIPHER cipher_aliases[] | |||
302 | /* MAC aliases */ | 302 | /* MAC aliases */ | |
303 | {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, | 303 | {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, | |
304 | {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 304 | {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | |
305 | {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 305 | {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | |
306 | {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, | 306 | {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, | |
307 | {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, | 307 | {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, | |
308 | {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, | 308 | {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, | |
309 | {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, | 309 | {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, | |
310 | 310 | |||
311 | /* protocol version aliases */ | 311 | /* protocol version aliases */ | |
312 | {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, | 312 | {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, | |
313 | {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, | 313 | {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, | |
314 | {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, | 314 | {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, | |
315 | {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, | |||
315 | 316 | |||
316 | /* export flag */ | 317 | /* export flag */ | |
317 | {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 318 | {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | |
318 | {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 319 | {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | |
319 | 320 | |||
320 | /* strength classes */ | 321 | /* strength classes */ | |
321 | {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, | 322 | {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, | |
322 | {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, | 323 | {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, | |
323 | {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, | 324 | {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, | |
324 | {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, | 325 | {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, | |
325 | {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, | 326 | {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, | |
326 | /* FIPS 140-2 approved ciphersuite */ | 327 | /* FIPS 140-2 approved ciphersuite */ | |
327 | {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, | 328 | {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, | |
@@ -1140,29 +1141,29 @@ static int ssl_cipher_process_rulestr(co | @@ -1140,29 +1141,29 @@ static int ssl_cipher_process_rulestr(co | |||
1140 | alg_mac = 0; | 1141 | alg_mac = 0; | |
1141 | alg_ssl = 0; | 1142 | alg_ssl = 0; | |
1142 | algo_strength = 0; | 1143 | algo_strength = 0; | |
1143 | 1144 | |||
1144 | for (;;) | 1145 | for (;;) | |
1145 | { | 1146 | { | |
1146 | ch = *l; | 1147 | ch = *l; | |
1147 | buf = l; | 1148 | buf = l; | |
1148 | buflen = 0; | 1149 | buflen = 0; | |
1149 | #ifndef CHARSET_EBCDIC | 1150 | #ifndef CHARSET_EBCDIC | |
1150 | while ( ((ch >= 'A') && (ch <= 'Z')) || | 1151 | while ( ((ch >= 'A') && (ch <= 'Z')) || | |
1151 | ((ch >= '0') && (ch <= '9')) || | 1152 | ((ch >= '0') && (ch <= '9')) || | |
1152 | ((ch >= 'a') && (ch <= 'z')) || | 1153 | ((ch >= 'a') && (ch <= 'z')) || | |
1153 | (ch == '-')) | 1154 | (ch == '-') || (ch == '.')) | |
1154 | #else | 1155 | #else | |
1155 | while ( isalnum(ch) || (ch == '-')) | 1156 | while ( isalnum(ch) || (ch == '-') || (ch == '.')) | |
1156 | #endif | 1157 | #endif | |
1157 | { | 1158 | { | |
1158 | ch = *(++l); | 1159 | ch = *(++l); | |
1159 | buflen++; | 1160 | buflen++; | |
1160 | } | 1161 | } | |
1161 | 1162 | |||
1162 | if (buflen == 0) | 1163 | if (buflen == 0) | |
1163 | { | 1164 | { | |
1164 | /* | 1165 | /* | |
1165 | * We hit something we cannot deal with, | 1166 | * We hit something we cannot deal with, | |
1166 | * it is no command or separator nor | 1167 | * it is no command or separator nor | |
1167 | * alphanumeric, so we call this an error. | 1168 | * alphanumeric, so we call this an error. | |
1168 | */ | 1169 | */ |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl_locl.h 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl_locl.h 2013/02/05 21:31:27 1.6
@@ -205,26 +205,35 @@ | @@ -205,26 +205,35 @@ | |||
205 | 205 | |||
206 | #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ | 206 | #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ | |
207 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | 207 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | |
208 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 208 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | |
209 | *((c)++)=(unsigned char)(((l) )&0xff)) | 209 | *((c)++)=(unsigned char)(((l) )&0xff)) | |
210 | 210 | |||
211 | #define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ | 211 | #define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ | |
212 | *((c)++)=(unsigned char)(((l)>>32)&0xff), \ | 212 | *((c)++)=(unsigned char)(((l)>>32)&0xff), \ | |
213 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | 213 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | |
214 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | 214 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | |
215 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 215 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | |
216 | *((c)++)=(unsigned char)(((l) )&0xff)) | 216 | *((c)++)=(unsigned char)(((l) )&0xff)) | |
217 | 217 | |||
218 | #define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ | |||
219 | *((c)++)=(unsigned char)(((l)>>48)&0xff), \ | |||
220 | *((c)++)=(unsigned char)(((l)>>40)&0xff), \ | |||
221 | *((c)++)=(unsigned char)(((l)>>32)&0xff), \ | |||
222 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | |||
223 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | |||
224 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | |||
225 | *((c)++)=(unsigned char)(((l) )&0xff)) | |||
226 | ||||
218 | #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ | 227 | #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ | |
219 | l|=((BN_ULLONG)(*((c)++)))<<32, \ | 228 | l|=((BN_ULLONG)(*((c)++)))<<32, \ | |
220 | l|=((BN_ULLONG)(*((c)++)))<<24, \ | 229 | l|=((BN_ULLONG)(*((c)++)))<<24, \ | |
221 | l|=((BN_ULLONG)(*((c)++)))<<16, \ | 230 | l|=((BN_ULLONG)(*((c)++)))<<16, \ | |
222 | l|=((BN_ULLONG)(*((c)++)))<< 8, \ | 231 | l|=((BN_ULLONG)(*((c)++)))<< 8, \ | |
223 | l|=((BN_ULLONG)(*((c)++)))) | 232 | l|=((BN_ULLONG)(*((c)++)))) | |
224 | 233 | |||
225 | /* NOTE - c is not incremented as per l2c */ | 234 | /* NOTE - c is not incremented as per l2c */ | |
226 | #define l2cn(l1,l2,c,n) { \ | 235 | #define l2cn(l1,l2,c,n) { \ | |
227 | c+=n; \ | 236 | c+=n; \ | |
228 | switch (n) { \ | 237 | switch (n) { \ | |
229 | case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ | 238 | case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ | |
230 | case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ | 239 | case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ | |
@@ -820,27 +829,28 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC | @@ -820,27 +829,28 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC | |||
820 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)); | 829 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)); | |
821 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | 830 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | |
822 | STACK_OF(SSL_CIPHER) **pref, | 831 | STACK_OF(SSL_CIPHER) **pref, | |
823 | STACK_OF(SSL_CIPHER) **sorted, | 832 | STACK_OF(SSL_CIPHER) **sorted, | |
824 | const char *rule_str); | 833 | const char *rule_str); | |
825 | void ssl_update_cache(SSL *s, int mode); | 834 | void ssl_update_cache(SSL *s, int mode); | |
826 | int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, | 835 | int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, | |
827 | const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp); | 836 | const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp); | |
828 | int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); | 837 | int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); | |
829 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | 838 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | |
830 | int ssl_undefined_function(SSL *s); | 839 | int ssl_undefined_function(SSL *s); | |
831 | int ssl_undefined_void_function(void); | 840 | int ssl_undefined_void_function(void); | |
832 | int ssl_undefined_const_function(const SSL *s); | 841 | int ssl_undefined_const_function(const SSL *s); | |
833 | X509 *ssl_get_server_send_cert(SSL *); | 842 | CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); | |
843 | X509 *ssl_get_server_send_cert(const SSL *); | |||
834 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); | 844 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); | |
835 | int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | 845 | int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | |
836 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); | 846 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); | |
837 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | 847 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | |
838 | int ssl_verify_alarm_type(long type); | 848 | int ssl_verify_alarm_type(long type); | |
839 | void ssl_load_ciphers(void); | 849 | void ssl_load_ciphers(void); | |
840 | 850 | |||
841 | int ssl2_enc_init(SSL *s, int client); | 851 | int ssl2_enc_init(SSL *s, int client); | |
842 | int ssl2_generate_key_material(SSL *s); | 852 | int ssl2_generate_key_material(SSL *s); | |
843 | void ssl2_enc(SSL *s,int send_data); | 853 | void ssl2_enc(SSL *s,int send_data); | |
844 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | 854 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | |
845 | const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | 855 | const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | |
846 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | 856 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | |
@@ -1078,27 +1088,28 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_CO | @@ -1078,27 +1088,28 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_CO | |||
1078 | 1088 | |||
1079 | #ifndef OPENSSL_NO_EC | 1089 | #ifndef OPENSSL_NO_EC | |
1080 | int tls1_ec_curve_id2nid(int curve_id); | 1090 | int tls1_ec_curve_id2nid(int curve_id); | |
1081 | int tls1_ec_nid2curve_id(int nid); | 1091 | int tls1_ec_nid2curve_id(int nid); | |
1082 | #endif /* OPENSSL_NO_EC */ | 1092 | #endif /* OPENSSL_NO_EC */ | |
1083 | 1093 | |||
1084 | #ifndef OPENSSL_NO_TLSEXT | 1094 | #ifndef OPENSSL_NO_TLSEXT | |
1085 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | 1095 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | |
1086 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | 1096 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | |
1087 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | 1097 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | |
1088 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | 1098 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | |
1089 | int ssl_prepare_clienthello_tlsext(SSL *s); | 1099 | int ssl_prepare_clienthello_tlsext(SSL *s); | |
1090 | int ssl_prepare_serverhello_tlsext(SSL *s); | 1100 | int ssl_prepare_serverhello_tlsext(SSL *s); | |
1091 | int ssl_check_clienthello_tlsext(SSL *s); | 1101 | int ssl_check_clienthello_tlsext_early(SSL *s); | |
1102 | int ssl_check_clienthello_tlsext_late(SSL *s); | |||
1092 | int ssl_check_serverhello_tlsext(SSL *s); | 1103 | int ssl_check_serverhello_tlsext(SSL *s); | |
1093 | 1104 | |||
1094 | #ifndef OPENSSL_NO_HEARTBEATS | 1105 | #ifndef OPENSSL_NO_HEARTBEATS | |
1095 | int tls1_heartbeat(SSL *s); | 1106 | int tls1_heartbeat(SSL *s); | |
1096 | int dtls1_heartbeat(SSL *s); | 1107 | int dtls1_heartbeat(SSL *s); | |
1097 | int tls1_process_heartbeat(SSL *s); | 1108 | int tls1_process_heartbeat(SSL *s); | |
1098 | int dtls1_process_heartbeat(SSL *s); | 1109 | int dtls1_process_heartbeat(SSL *s); | |
1099 | #endif | 1110 | #endif | |
1100 | 1111 | |||
1101 | #ifdef OPENSSL_NO_SHA256 | 1112 | #ifdef OPENSSL_NO_SHA256 | |
1102 | #define tlsext_tick_md EVP_sha1 | 1113 | #define tlsext_tick_md EVP_sha1 | |
1103 | #else | 1114 | #else | |
1104 | #define tlsext_tick_md EVP_sha256 | 1115 | #define tlsext_tick_md EVP_sha256 | |
@@ -1121,14 +1132,43 @@ int ssl_parse_serverhello_renegotiate_ex | @@ -1121,14 +1132,43 @@ int ssl_parse_serverhello_renegotiate_ex | |||
1121 | int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | 1132 | int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |
1122 | int maxlen); | 1133 | int maxlen); | |
1123 | int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | 1134 | int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | |
1124 | int *al); | 1135 | int *al); | |
1125 | long ssl_get_algorithm2(SSL *s); | 1136 | long ssl_get_algorithm2(SSL *s); | |
1126 | int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); | 1137 | int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); | |
1127 | int tls12_get_req_sig_algs(SSL *s, unsigned char *p); | 1138 | int tls12_get_req_sig_algs(SSL *s, unsigned char *p); | |
1128 | 1139 | |||
1129 | int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); | 1140 | int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); | |
1130 | int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); | 1141 | int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); | |
1131 | int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); | 1142 | int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); | |
1132 | int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); | 1143 | int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); | |
1133 | 1144 | |||
1145 | /* s3_cbc.c */ | |||
1146 | void ssl3_cbc_copy_mac(unsigned char* out, | |||
1147 | const SSL3_RECORD *rec, | |||
1148 | unsigned md_size,unsigned orig_len); | |||
1149 | int ssl3_cbc_remove_padding(const SSL* s, | |||
1150 | SSL3_RECORD *rec, | |||
1151 | unsigned block_size, | |||
1152 | unsigned mac_size); | |||
1153 | int tls1_cbc_remove_padding(const SSL* s, | |||
1154 | SSL3_RECORD *rec, | |||
1155 | unsigned block_size, | |||
1156 | unsigned mac_size); | |||
1157 | char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); | |||
1158 | void ssl3_cbc_digest_record( | |||
1159 | const EVP_MD_CTX *ctx, | |||
1160 | unsigned char* md_out, | |||
1161 | size_t* md_out_size, | |||
1162 | const unsigned char header[13], | |||
1163 | const unsigned char *data, | |||
1164 | size_t data_plus_mac_size, | |||
1165 | size_t data_plus_mac_plus_padding_size, | |||
1166 | const unsigned char *mac_secret, | |||
1167 | unsigned mac_secret_length, | |||
1168 | char is_sslv3); | |||
1169 | ||||
1170 | void tls_fips_digest_extra( | |||
1171 | const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, | |||
1172 | const unsigned char *data, size_t data_len, size_t orig_len); | |||
1173 | ||||
1134 | #endif | 1174 | #endif |
--- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c 2012/07/26 19:58:39 1.5
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c 2013/02/05 21:31:27 1.6
@@ -351,27 +351,27 @@ int tls1_change_cipher_state(SSL *s, int | @@ -351,27 +351,27 @@ int tls1_change_cipher_state(SSL *s, int | |||
351 | #ifdef KSSL_DEBUG | 351 | #ifdef KSSL_DEBUG | |
352 | printf("tls1_change_cipher_state(which= %d) w/\n", which); | 352 | printf("tls1_change_cipher_state(which= %d) w/\n", which); | |
353 | printf("\talg= %ld/%ld, comp= %p\n", | 353 | printf("\talg= %ld/%ld, comp= %p\n", | |
354 | s->s3->tmp.new_cipher->algorithm_mkey, | 354 | s->s3->tmp.new_cipher->algorithm_mkey, | |
355 | s->s3->tmp.new_cipher->algorithm_auth, | 355 | s->s3->tmp.new_cipher->algorithm_auth, | |
356 | comp); | 356 | comp); | |
357 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); | 357 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); | |
358 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | 358 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | |
359 | c->nid,c->block_size,c->key_len,c->iv_len); | 359 | c->nid,c->block_size,c->key_len,c->iv_len); | |
360 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | 360 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | |
361 | { | 361 | { | |
362 | int i; | 362 | int i; | |
363 | for (i=0; i<s->s3->tmp.key_block_length; i++) | 363 | for (i=0; i<s->s3->tmp.key_block_length; i++) | |
364 | printf("%02x", key_block[i]); printf("\n"); | 364 | printf("%02x", s->s3->tmp.key_block[i]); printf("\n"); | |
365 | } | 365 | } | |
366 | #endif /* KSSL_DEBUG */ | 366 | #endif /* KSSL_DEBUG */ | |
367 | 367 | |||
368 | if (which & SSL3_CC_READ) | 368 | if (which & SSL3_CC_READ) | |
369 | { | 369 | { | |
370 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 370 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | |
371 | s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; | 371 | s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; | |
372 | else | 372 | else | |
373 | s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | 373 | s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | |
374 | 374 | |||
375 | if (s->enc_read_ctx != NULL) | 375 | if (s->enc_read_ctx != NULL) | |
376 | reuse_dd = 1; | 376 | reuse_dd = 1; | |
377 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 377 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | |
@@ -657,32 +657,41 @@ printf("\nkey block\n"); | @@ -657,32 +657,41 @@ printf("\nkey block\n"); | |||
657 | } | 657 | } | |
658 | } | 658 | } | |
659 | 659 | |||
660 | ret = 1; | 660 | ret = 1; | |
661 | err: | 661 | err: | |
662 | if (p2) | 662 | if (p2) | |
663 | { | 663 | { | |
664 | OPENSSL_cleanse(p2,num); | 664 | OPENSSL_cleanse(p2,num); | |
665 | OPENSSL_free(p2); | 665 | OPENSSL_free(p2); | |
666 | } | 666 | } | |
667 | return(ret); | 667 | return(ret); | |
668 | } | 668 | } | |
669 | 669 | |||
670 | /* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. | |||
671 | * | |||
672 | * Returns: | |||
673 | * 0: (in non-constant time) if the record is publically invalid (i.e. too | |||
674 | * short etc). | |||
675 | * 1: if the record's padding is valid / the encryption was successful. | |||
676 | * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, | |||
677 | * an internal error occured. | |||
678 | */ | |||
670 | int tls1_enc(SSL *s, int send) | 679 | int tls1_enc(SSL *s, int send) | |
671 | { | 680 | { | |
672 | SSL3_RECORD *rec; | 681 | SSL3_RECORD *rec; | |
673 | EVP_CIPHER_CTX *ds; | 682 | EVP_CIPHER_CTX *ds; | |
674 | unsigned long l; | 683 | unsigned long l; | |
675 | int bs,i,ii,j,k,pad=0; | 684 | int bs,i,j,k,pad=0,ret,mac_size=0; | |
676 | const EVP_CIPHER *enc; | 685 | const EVP_CIPHER *enc; | |
677 | 686 | |||
678 | if (send) | 687 | if (send) | |
679 | { | 688 | { | |
680 | if (EVP_MD_CTX_md(s->write_hash)) | 689 | if (EVP_MD_CTX_md(s->write_hash)) | |
681 | { | 690 | { | |
682 | int n=EVP_MD_CTX_size(s->write_hash); | 691 | int n=EVP_MD_CTX_size(s->write_hash); | |
683 | OPENSSL_assert(n >= 0); | 692 | OPENSSL_assert(n >= 0); | |
684 | } | 693 | } | |
685 | ds=s->enc_write_ctx; | 694 | ds=s->enc_write_ctx; | |
686 | rec= &(s->s3->wrec); | 695 | rec= &(s->s3->wrec); | |
687 | if (s->enc_write_ctx == NULL) | 696 | if (s->enc_write_ctx == NULL) | |
688 | enc=NULL; | 697 | enc=NULL; | |
@@ -719,31 +728,31 @@ int tls1_enc(SSL *s, int send) | @@ -719,31 +728,31 @@ int tls1_enc(SSL *s, int send) | |||
719 | } | 728 | } | |
720 | ds=s->enc_read_ctx; | 729 | ds=s->enc_read_ctx; | |
721 | rec= &(s->s3->rrec); | 730 | rec= &(s->s3->rrec); | |
722 | if (s->enc_read_ctx == NULL) | 731 | if (s->enc_read_ctx == NULL) | |
723 | enc=NULL; | 732 | enc=NULL; | |
724 | else | 733 | else | |
725 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | 734 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | |
726 | } | 735 | } | |
727 | 736 | |||
728 | #ifdef KSSL_DEBUG | 737 | #ifdef KSSL_DEBUG | |
729 | printf("tls1_enc(%d)\n", send); | 738 | printf("tls1_enc(%d)\n", send); | |
730 | #endif /* KSSL_DEBUG */ | 739 | #endif /* KSSL_DEBUG */ | |
731 | 740 | |||
732 | if ((s->session == NULL) || (ds == NULL) || | 741 | if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) | |
733 | (enc == NULL)) | |||
734 | { | 742 | { | |
735 | memmove(rec->data,rec->input,rec->length); | 743 | memmove(rec->data,rec->input,rec->length); | |
736 | rec->input=rec->data; | 744 | rec->input=rec->data; | |
745 | ret = 1; | |||
737 | } | 746 | } | |
738 | else | 747 | else | |
739 | { | 748 | { | |
740 | l=rec->length; | 749 | l=rec->length; | |
741 | bs=EVP_CIPHER_block_size(ds->cipher); | 750 | bs=EVP_CIPHER_block_size(ds->cipher); | |
742 | 751 | |||
743 | if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) | 752 | if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) | |
744 | { | 753 | { | |
745 | unsigned char buf[13],*seq; | 754 | unsigned char buf[13],*seq; | |
746 | 755 | |||
747 | seq = send?s->s3->write_sequence:s->s3->read_sequence; | 756 | seq = send?s->s3->write_sequence:s->s3->read_sequence; | |
748 | 757 | |||
749 | if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) | 758 | if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) | |
@@ -787,130 +796,80 @@ int tls1_enc(SSL *s, int send) | @@ -787,130 +796,80 @@ int tls1_enc(SSL *s, int send) | |||
787 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) | 796 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) | |
788 | { | 797 | { | |
789 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | 798 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | |
790 | j++; | 799 | j++; | |
791 | } | 800 | } | |
792 | for (k=(int)l; k<(int)(l+i); k++) | 801 | for (k=(int)l; k<(int)(l+i); k++) | |
793 | rec->input[k]=j; | 802 | rec->input[k]=j; | |
794 | l+=i; | 803 | l+=i; | |
795 | rec->length+=i; | 804 | rec->length+=i; | |
796 | } | 805 | } | |
797 | 806 | |||
798 | #ifdef KSSL_DEBUG | 807 | #ifdef KSSL_DEBUG | |
799 | { | 808 | { | |
800 | unsigned long ui; | 809 | unsigned long ui; | |
801 | printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", | 810 | printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", | |
802 | ds,rec->data,rec->input,l); | 811 | ds,rec->data,rec->input,l); | |
803 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | 812 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | |
804 | ds->buf_len, ds->cipher->key_len, | 813 | ds->buf_len, ds->cipher->key_len, | |
805 | DES_KEY_SZ, DES_SCHEDULE_SZ, | 814 | DES_KEY_SZ, DES_SCHEDULE_SZ, | |
806 | ds->cipher->iv_len); | 815 | ds->cipher->iv_len); | |
807 | printf("\t\tIV: "); | 816 | printf("\t\tIV: "); | |
808 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | 817 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | |
809 | printf("\n"); | 818 | printf("\n"); | |
810 | printf("\trec->input="); | 819 | printf("\trec->input="); | |
811 | for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | 820 | for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | |
812 | printf("\n"); | 821 | printf("\n"); | |
813 | } | 822 | } | |
814 | #endif /* KSSL_DEBUG */ | 823 | #endif /* KSSL_DEBUG */ | |
815 | 824 | |||
816 | if (!send) | 825 | if (!send) | |
817 | { | 826 | { | |
818 | if (l == 0 || l%bs != 0) | 827 | if (l == 0 || l%bs != 0) | |
819 | { | |||
820 | if (s->version >= TLS1_1_VERSION) | |||
821 | return -1; | |||
822 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | |||
823 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | |||
824 | return 0; | 828 | return 0; | |
825 | } | |||
826 | } | 829 | } | |
827 | 830 | |||
828 | i = EVP_Cipher(ds,rec->data,rec->input,l); | 831 | i = EVP_Cipher(ds,rec->data,rec->input,l); | |
829 | if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER) | 832 | if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER) | |
830 | ?(i<0) | 833 | ?(i<0) | |
831 | :(i==0)) | 834 | :(i==0)) | |
832 | return -1; /* AEAD can fail to verify MAC */ | 835 | return -1; /* AEAD can fail to verify MAC */ | |
833 | if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) | 836 | if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) | |
834 | { | 837 | { | |
835 | rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; | 838 | rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; | |
836 | rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; | 839 | rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; | |
837 | rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | 840 | rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | |
838 | } | 841 | } | |
839 | 842 | |||
840 | #ifdef KSSL_DEBUG | 843 | #ifdef KSSL_DEBUG | |
841 | { | 844 | { | |
842 | unsigned long i; | 845 | unsigned long i; | |
843 | printf("\trec->data="); | 846 | printf("\trec->data="); | |
844 | for (i=0; i<l; i++) | 847 | for (i=0; i<l; i++) | |
845 | printf(" %02x", rec->data[i]); printf("\n"); | 848 | printf(" %02x", rec->data[i]); printf("\n"); | |
846 | } | 849 | } | |
847 | #endif /* KSSL_DEBUG */ | 850 | #endif /* KSSL_DEBUG */ | |
848 | 851 | |||
852 | ret = 1; | |||
853 | if (EVP_MD_CTX_md(s->read_hash) != NULL) | |||
854 | mac_size = EVP_MD_CTX_size(s->read_hash); | |||
849 | if ((bs != 1) && !send) | 855 | if ((bs != 1) && !send) | |
850 | { | 856 | ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); | |
851 | ii=i=rec->data[l-1]; /* padding_length */ | |||
852 | i++; | |||
853 | /* NB: if compression is in operation the first packet | |||
854 | * may not be of even length so the padding bug check | |||
855 | * cannot be performed. This bug workaround has been | |||
856 | * around since SSLeay so hopefully it is either fixed | |||
857 | * now or no buggy implementation supports compression | |||
858 | * [steve] | |||
859 | */ | |||
860 | if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | |||
861 | && !s->expand) | |||
862 | { | |||
863 | /* First packet is even in size, so check */ | |||
864 | if ((memcmp(s->s3->read_sequence, | |||
865 | "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) | |||
866 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | |||
867 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | |||
868 | i--; | |||
869 | } | |||
870 | /* TLS 1.0 does not bound the number of padding bytes by the block size. | |||
871 | * All of them must have value 'padding_length'. */ | |||
872 | if (i > (int)rec->length) | |||
873 | { | |||
874 | /* Incorrect padding. SSLerr() and ssl3_alert are done | |||
875 | * by caller: we don't want to reveal whether this is | |||
876 | * a decryption error or a MAC verification failure | |||
877 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | |||
878 | return -1; | |||
879 | } | |||
880 | for (j=(int)(l-i); j<(int)l; j++) | |||
881 | { | |||
882 | if (rec->data[j] != ii) | |||
883 | { | |||
884 | /* Incorrect padding */ | |||
885 | return -1; | |||
886 | } | |||
887 | } | |||
888 | rec->length -=i; | |||
889 | if (s->version >= TLS1_1_VERSION | |||
890 | && EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE) | |||
891 | { | |||
892 | if (bs > (int)rec->length) | |||
893 | return -1; | |||
894 | rec->data += bs; /* skip the explicit IV */ | |||
895 | rec->input += bs; | |||
896 | rec->length -= bs; | |||
897 | } | |||
898 | } | |||
899 | if (pad && !send) | 857 | if (pad && !send) | |
900 | rec->length -= pad; | 858 | rec->length -= pad; | |
901 | } | 859 | } | |
902 | return(1); | 860 | return ret; | |
903 | } | 861 | } | |
862 | ||||
904 | int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | 863 | int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | |
905 | { | 864 | { | |
906 | unsigned int ret; | 865 | unsigned int ret; | |
907 | EVP_MD_CTX ctx, *d=NULL; | 866 | EVP_MD_CTX ctx, *d=NULL; | |
908 | int i; | 867 | int i; | |
909 | 868 | |||
910 | if (s->s3->handshake_buffer) | 869 | if (s->s3->handshake_buffer) | |
911 | if (!ssl3_digest_cached_records(s)) | 870 | if (!ssl3_digest_cached_records(s)) | |
912 | return 0; | 871 | return 0; | |
913 | 872 | |||
914 | if (s->s3->handshake_dgst) { | 873 | if (s->s3->handshake_dgst) { | |
915 | for (i=0;i<SSL_MAX_DIGEST;i++) | 874 | for (i=0;i<SSL_MAX_DIGEST;i++) | |
916 | { | 875 | { | |
@@ -982,85 +941,117 @@ int tls1_final_finish_mac(SSL *s, | @@ -982,85 +941,117 @@ int tls1_final_finish_mac(SSL *s, | |||
982 | EVP_MD_CTX_cleanup(&ctx); | 941 | EVP_MD_CTX_cleanup(&ctx); | |
983 | 942 | |||
984 | if (err) | 943 | if (err) | |
985 | return 0; | 944 | return 0; | |
986 | else | 945 | else | |
987 | return sizeof buf2; | 946 | return sizeof buf2; | |
988 | } | 947 | } | |
989 | 948 | |||
990 | int tls1_mac(SSL *ssl, unsigned char *md, int send) | 949 | int tls1_mac(SSL *ssl, unsigned char *md, int send) | |
991 | { | 950 | { | |
992 | SSL3_RECORD *rec; | 951 | SSL3_RECORD *rec; | |
993 | unsigned char *seq; | 952 | unsigned char *seq; | |
994 | EVP_MD_CTX *hash; | 953 | EVP_MD_CTX *hash; | |
995 | size_t md_size; | 954 | size_t md_size, orig_len; | |
996 | int i; | 955 | int i; | |
997 | EVP_MD_CTX hmac, *mac_ctx; | 956 | EVP_MD_CTX hmac, *mac_ctx; | |
998 | unsigned char buf[5]; | 957 | unsigned char header[13]; | |
999 | int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); | 958 | int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); | |
1000 | int t; | 959 | int t; | |
1001 | 960 | |||
1002 | if (send) | 961 | if (send) | |
1003 | { | 962 | { | |
1004 | rec= &(ssl->s3->wrec); | 963 | rec= &(ssl->s3->wrec); | |
1005 | seq= &(ssl->s3->write_sequence[0]); | 964 | seq= &(ssl->s3->write_sequence[0]); | |
1006 | hash=ssl->write_hash; | 965 | hash=ssl->write_hash; | |
1007 | } | 966 | } | |
1008 | else | 967 | else | |
1009 | { | 968 | { | |
1010 | rec= &(ssl->s3->rrec); | 969 | rec= &(ssl->s3->rrec); | |
1011 | seq= &(ssl->s3->read_sequence[0]); | 970 | seq= &(ssl->s3->read_sequence[0]); | |
1012 | hash=ssl->read_hash; | 971 | hash=ssl->read_hash; | |
1013 | } | 972 | } | |
1014 | 973 | |||
1015 | t=EVP_MD_CTX_size(hash); | 974 | t=EVP_MD_CTX_size(hash); | |
1016 | OPENSSL_assert(t >= 0); | 975 | OPENSSL_assert(t >= 0); | |
1017 | md_size=t; | 976 | md_size=t; | |
1018 | 977 | |||
1019 | buf[0]=rec->type; | |||
1020 | buf[1]=(unsigned char)(ssl->version>>8); | |||
1021 | buf[2]=(unsigned char)(ssl->version); | |||
1022 | buf[3]=rec->length>>8; | |||
1023 | buf[4]=rec->length&0xff; | |||
1024 | ||||
1025 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | 978 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | |
1026 | if (stream_mac) | 979 | if (stream_mac) | |
1027 | { | 980 | { | |
1028 | mac_ctx = hash; | 981 | mac_ctx = hash; | |
1029 | } | 982 | } | |
1030 | else | 983 | else | |
1031 | { | 984 | { | |
1032 | EVP_MD_CTX_copy(&hmac,hash); | 985 | EVP_MD_CTX_copy(&hmac,hash); | |
1033 | mac_ctx = &hmac; | 986 | mac_ctx = &hmac; | |
1034 | } | 987 | } | |
1035 | 988 | |||
1036 | if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) | 989 | if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) | |
1037 | { | 990 | { | |
1038 | unsigned char dtlsseq[8],*p=dtlsseq; | 991 | unsigned char dtlsseq[8],*p=dtlsseq; | |
1039 | 992 | |||
1040 | s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); | 993 | s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); | |
1041 | memcpy (p,&seq[2],6); | 994 | memcpy (p,&seq[2],6); | |
1042 | 995 | |||
1043 | EVP_DigestSignUpdate(mac_ctx,dtlsseq,8); | 996 | memcpy(header, dtlsseq, 8); | |
1044 | } | 997 | } | |
1045 | else | 998 | else | |
1046 | EVP_DigestSignUpdate(mac_ctx,seq,8); | 999 | memcpy(header, seq, 8); | |
1047 | 1000 | |||
1048 | EVP_DigestSignUpdate(mac_ctx,buf,5); | 1001 | /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */ | |
1049 | EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length); | 1002 | orig_len = rec->length+md_size+((unsigned int)rec->type>>8); | |
1050 | t=EVP_DigestSignFinal(mac_ctx,md,&md_size); | 1003 | rec->type &= 0xff; | |
1051 | OPENSSL_assert(t > 0); | 1004 | ||
1005 | header[8]=rec->type; | |||
1006 | header[9]=(unsigned char)(ssl->version>>8); | |||
1007 | header[10]=(unsigned char)(ssl->version); | |||
1008 | header[11]=(rec->length)>>8; | |||
1009 | header[12]=(rec->length)&0xff; | |||
1010 | ||||
1011 | if (!send && | |||
1012 | EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | |||
1013 | ssl3_cbc_record_digest_supported(mac_ctx)) | |||
1014 | { | |||
1015 | /* This is a CBC-encrypted record. We must avoid leaking any | |||
1016 | * timing-side channel information about how many blocks of | |||
1017 | * data we are hashing because that gives an attacker a | |||
1018 | * timing-oracle. */ | |||
1019 | ssl3_cbc_digest_record( | |||
1020 | mac_ctx, | |||
1021 | md, &md_size, | |||
1022 | header, rec->input, | |||
1023 | rec->length + md_size, orig_len, | |||
1024 | ssl->s3->read_mac_secret, | |||
1025 | ssl->s3->read_mac_secret_size, | |||
1026 | 0 /* not SSLv3 */); | |||
1027 | } | |||
1028 | else | |||
1029 | { | |||
1030 | EVP_DigestSignUpdate(mac_ctx,header,sizeof(header)); | |||
1031 | EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length); | |||
1032 | t=EVP_DigestSignFinal(mac_ctx,md,&md_size); | |||
1033 | OPENSSL_assert(t > 0); | |||
1034 | #ifdef OPENSSL_FIPS | |||
1035 | if (!send && FIPS_mode()) | |||
1036 | tls_fips_digest_extra( | |||
1037 | ssl->enc_read_ctx, | |||
1038 | mac_ctx, rec->input, | |||
1039 | rec->length, orig_len); | |||
1040 | #endif | |||
1041 | } | |||
1052 | 1042 | |||
1053 | if (!stream_mac) EVP_MD_CTX_cleanup(&hmac); | 1043 | if (!stream_mac) | |
1044 | EVP_MD_CTX_cleanup(&hmac); | |||
1054 | #ifdef TLS_DEBUG | 1045 | #ifdef TLS_DEBUG | |
1055 | printf("sec="); | 1046 | printf("sec="); | |
1056 | {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } | 1047 | {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } | |
1057 | printf("seq="); | 1048 | printf("seq="); | |
1058 | {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } | 1049 | {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } | |
1059 | printf("buf="); | 1050 | printf("buf="); | |
1060 | {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } | 1051 | {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } | |
1061 | printf("rec="); | 1052 | printf("rec="); | |
1062 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | 1053 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | |
1063 | #endif | 1054 | #endif | |
1064 | 1055 | |||
1065 | if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) | 1056 | if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) | |
1066 | { | 1057 | { |
--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c 2012/07/26 19:58:39 1.8
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c 2013/02/05 21:31:26 1.9
@@ -1115,27 +1115,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | @@ -1115,27 +1115,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | |||
1115 | SSL_SHA256, | 1115 | SSL_SHA256, | |
1116 | SSL_TLSV1_2, | 1116 | SSL_TLSV1_2, | |
1117 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1117 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
1118 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 1118 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | |
1119 | 256, | 1119 | 256, | |
1120 | 256, | 1120 | 256, | |
1121 | }, | 1121 | }, | |
1122 | 1122 | |||
1123 | /* Cipher 3E */ | 1123 | /* Cipher 3E */ | |
1124 | { | 1124 | { | |
1125 | 0, /* not implemented (non-ephemeral DH) */ | 1125 | 0, /* not implemented (non-ephemeral DH) */ | |
1126 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, | 1126 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, | |
1127 | TLS1_CK_DH_DSS_WITH_AES_128_SHA256, | 1127 | TLS1_CK_DH_DSS_WITH_AES_128_SHA256, | |
1128 | SSL_kDHr, | 1128 | SSL_kDHd, | |
1129 | SSL_aDH, | 1129 | SSL_aDH, | |
1130 | SSL_AES128, | 1130 | SSL_AES128, | |
1131 | SSL_SHA256, | 1131 | SSL_SHA256, | |
1132 | SSL_TLSV1_2, | 1132 | SSL_TLSV1_2, | |
1133 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1133 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
1134 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 1134 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | |
1135 | 128, | 1135 | 128, | |
1136 | 128, | 1136 | 128, | |
1137 | }, | 1137 | }, | |
1138 | 1138 | |||
1139 | /* Cipher 3F */ | 1139 | /* Cipher 3F */ | |
1140 | { | 1140 | { | |
1141 | 0, /* not implemented (non-ephemeral DH) */ | 1141 | 0, /* not implemented (non-ephemeral DH) */ | |
@@ -1397,27 +1397,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | @@ -1397,27 +1397,27 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | |||
1397 | SSL_SHA256, | 1397 | SSL_SHA256, | |
1398 | SSL_TLSV1_2, | 1398 | SSL_TLSV1_2, | |
1399 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1399 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
1400 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 1400 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | |
1401 | 128, | 1401 | 128, | |
1402 | 128, | 1402 | 128, | |
1403 | }, | 1403 | }, | |
1404 | 1404 | |||
1405 | /* Cipher 68 */ | 1405 | /* Cipher 68 */ | |
1406 | { | 1406 | { | |
1407 | 0, /* not implemented (non-ephemeral DH) */ | 1407 | 0, /* not implemented (non-ephemeral DH) */ | |
1408 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, | 1408 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, | |
1409 | TLS1_CK_DH_DSS_WITH_AES_256_SHA256, | 1409 | TLS1_CK_DH_DSS_WITH_AES_256_SHA256, | |
1410 | SSL_kDHr, | 1410 | SSL_kDHd, | |
1411 | SSL_aDH, | 1411 | SSL_aDH, | |
1412 | SSL_AES256, | 1412 | SSL_AES256, | |
1413 | SSL_SHA256, | 1413 | SSL_SHA256, | |
1414 | SSL_TLSV1_2, | 1414 | SSL_TLSV1_2, | |
1415 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1415 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
1416 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | 1416 | SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | |
1417 | 256, | 1417 | 256, | |
1418 | 256, | 1418 | 256, | |
1419 | }, | 1419 | }, | |
1420 | 1420 | |||
1421 | /* Cipher 69 */ | 1421 | /* Cipher 69 */ | |
1422 | { | 1422 | { | |
1423 | 0, /* not implemented (non-ephemeral DH) */ | 1423 | 0, /* not implemented (non-ephemeral DH) */ | |
@@ -1948,43 +1948,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | @@ -1948,43 +1948,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | |||
1948 | SSL_AEAD, | 1948 | SSL_AEAD, | |
1949 | SSL_TLSV1_2, | 1949 | SSL_TLSV1_2, | |
1950 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1950 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
1951 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | 1951 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | |
1952 | 256, | 1952 | 256, | |
1953 | 256, | 1953 | 256, | |
1954 | }, | 1954 | }, | |
1955 | 1955 | |||
1956 | /* Cipher A4 */ | 1956 | /* Cipher A4 */ | |
1957 | { | 1957 | { | |
1958 | 0, | 1958 | 0, | |
1959 | TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, | 1959 | TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, | |
1960 | TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, | 1960 | TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, | |
1961 | SSL_kDHr, | 1961 | SSL_kDHd, | |
1962 | SSL_aDH, | 1962 | SSL_aDH, | |
1963 | SSL_AES128GCM, | 1963 | SSL_AES128GCM, | |
1964 | SSL_AEAD, | 1964 | SSL_AEAD, | |
1965 | SSL_TLSV1_2, | 1965 | SSL_TLSV1_2, | |
1966 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1966 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
1967 | SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | 1967 | SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | |
1968 | 128, | 1968 | 128, | |
1969 | 128, | 1969 | 128, | |
1970 | }, | 1970 | }, | |
1971 | 1971 | |||
1972 | /* Cipher A5 */ | 1972 | /* Cipher A5 */ | |
1973 | { | 1973 | { | |
1974 | 0, | 1974 | 0, | |
1975 | TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, | 1975 | TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, | |
1976 | TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, | 1976 | TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, | |
1977 | SSL_kDHr, | 1977 | SSL_kDHd, | |
1978 | SSL_aDH, | 1978 | SSL_aDH, | |
1979 | SSL_AES256GCM, | 1979 | SSL_AES256GCM, | |
1980 | SSL_AEAD, | 1980 | SSL_AEAD, | |
1981 | SSL_TLSV1_2, | 1981 | SSL_TLSV1_2, | |
1982 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1982 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
1983 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | 1983 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | |
1984 | 256, | 1984 | 256, | |
1985 | 256, | 1985 | 256, | |
1986 | }, | 1986 | }, | |
1987 | 1987 | |||
1988 | /* Cipher A6 */ | 1988 | /* Cipher A6 */ | |
1989 | { | 1989 | { | |
1990 | 1, | 1990 | 1, | |
@@ -2659,43 +2659,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | @@ -2659,43 +2659,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | |||
2659 | SSL_SHA384, | 2659 | SSL_SHA384, | |
2660 | SSL_TLSV1_2, | 2660 | SSL_TLSV1_2, | |
2661 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 2661 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
2662 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | 2662 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | |
2663 | 256, | 2663 | 256, | |
2664 | 256, | 2664 | 256, | |
2665 | }, | 2665 | }, | |
2666 | 2666 | |||
2667 | /* Cipher C029 */ | 2667 | /* Cipher C029 */ | |
2668 | { | 2668 | { | |
2669 | 1, | 2669 | 1, | |
2670 | TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, | 2670 | TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, | |
2671 | TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, | 2671 | TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, | |
2672 | SSL_kECDHe, | 2672 | SSL_kECDHr, | |
2673 | SSL_aECDH, | 2673 | SSL_aECDH, | |
2674 | SSL_AES128, | 2674 | SSL_AES128, | |
2675 | SSL_SHA256, | 2675 | SSL_SHA256, | |
2676 | SSL_TLSV1_2, | 2676 | SSL_TLSV1_2, | |
2677 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 2677 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
2678 | SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | 2678 | SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | |
2679 | 128, | 2679 | 128, | |
2680 | 128, | 2680 | 128, | |
2681 | }, | 2681 | }, | |
2682 | 2682 | |||
2683 | /* Cipher C02A */ | 2683 | /* Cipher C02A */ | |
2684 | { | 2684 | { | |
2685 | 1, | 2685 | 1, | |
2686 | TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, | 2686 | TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, | |
2687 | TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, | 2687 | TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, | |
2688 | SSL_kECDHe, | 2688 | SSL_kECDHr, | |
2689 | SSL_aECDH, | 2689 | SSL_aECDH, | |
2690 | SSL_AES256, | 2690 | SSL_AES256, | |
2691 | SSL_SHA384, | 2691 | SSL_SHA384, | |
2692 | SSL_TLSV1_2, | 2692 | SSL_TLSV1_2, | |
2693 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 2693 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
2694 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | 2694 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | |
2695 | 256, | 2695 | 256, | |
2696 | 256, | 2696 | 256, | |
2697 | }, | 2697 | }, | |
2698 | 2698 | |||
2699 | /* GCM based TLS v1.2 ciphersuites from RFC5289 */ | 2699 | /* GCM based TLS v1.2 ciphersuites from RFC5289 */ | |
2700 | 2700 | |||
2701 | /* Cipher C02B */ | 2701 | /* Cipher C02B */ | |
@@ -2789,43 +2789,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | @@ -2789,43 +2789,43 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | |||
2789 | SSL_AEAD, | 2789 | SSL_AEAD, | |
2790 | SSL_TLSV1_2, | 2790 | SSL_TLSV1_2, | |
2791 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 2791 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
2792 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | 2792 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | |
2793 | 256, | 2793 | 256, | |
2794 | 256, | 2794 | 256, | |
2795 | }, | 2795 | }, | |
2796 | 2796 | |||
2797 | /* Cipher C031 */ | 2797 | /* Cipher C031 */ | |
2798 | { | 2798 | { | |
2799 | 1, | 2799 | 1, | |
2800 | TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, | 2800 | TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, | |
2801 | TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, | 2801 | TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, | |
2802 | SSL_kECDHe, | 2802 | SSL_kECDHr, | |
2803 | SSL_aECDH, | 2803 | SSL_aECDH, | |
2804 | SSL_AES128GCM, | 2804 | SSL_AES128GCM, | |
2805 | SSL_AEAD, | 2805 | SSL_AEAD, | |
2806 | SSL_TLSV1_2, | 2806 | SSL_TLSV1_2, | |
2807 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 2807 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
2808 | SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | 2808 | SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | |
2809 | 128, | 2809 | 128, | |
2810 | 128, | 2810 | 128, | |
2811 | }, | 2811 | }, | |
2812 | 2812 | |||
2813 | /* Cipher C032 */ | 2813 | /* Cipher C032 */ | |
2814 | { | 2814 | { | |
2815 | 1, | 2815 | 1, | |
2816 | TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, | 2816 | TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, | |
2817 | TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, | 2817 | TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, | |
2818 | SSL_kECDHe, | 2818 | SSL_kECDHr, | |
2819 | SSL_aECDH, | 2819 | SSL_aECDH, | |
2820 | SSL_AES256GCM, | 2820 | SSL_AES256GCM, | |
2821 | SSL_AEAD, | 2821 | SSL_AEAD, | |
2822 | SSL_TLSV1_2, | 2822 | SSL_TLSV1_2, | |
2823 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 2823 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | |
2824 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | 2824 | SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | |
2825 | 256, | 2825 | 256, | |
2826 | 256, | 2826 | 256, | |
2827 | }, | 2827 | }, | |
2828 | 2828 | |||
2829 | #endif /* OPENSSL_NO_ECDH */ | 2829 | #endif /* OPENSSL_NO_ECDH */ | |
2830 | 2830 | |||
2831 | 2831 |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2012/07/26 19:58:39 1.10
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_pkt.c 2013/02/05 21:31:26 1.11
@@ -280,31 +280,28 @@ int ssl3_read_n(SSL *s, int n, int max, | @@ -280,31 +280,28 @@ int ssl3_read_n(SSL *s, int n, int max, | |||
280 | * ssl->s3->rrec.data, - data | 280 | * ssl->s3->rrec.data, - data | |
281 | * ssl->s3->rrec.length, - number of bytes | 281 | * ssl->s3->rrec.length, - number of bytes | |
282 | */ | 282 | */ | |
283 | /* used only by ssl3_read_bytes */ | 283 | /* used only by ssl3_read_bytes */ | |
284 | static int ssl3_get_record(SSL *s) | 284 | static int ssl3_get_record(SSL *s) | |
285 | { | 285 | { | |
286 | int ssl_major,ssl_minor,al; | 286 | int ssl_major,ssl_minor,al; | |
287 | int enc_err,n,i,ret= -1; | 287 | int enc_err,n,i,ret= -1; | |
288 | SSL3_RECORD *rr; | 288 | SSL3_RECORD *rr; | |
289 | SSL_SESSION *sess; | 289 | SSL_SESSION *sess; | |
290 | unsigned char *p; | 290 | unsigned char *p; | |
291 | unsigned char md[EVP_MAX_MD_SIZE]; | 291 | unsigned char md[EVP_MAX_MD_SIZE]; | |
292 | short version; | 292 | short version; | |
293 | int mac_size; | 293 | unsigned mac_size, orig_len; | |
294 | int clear=0; | |||
295 | size_t extra; | 294 | size_t extra; | |
296 | int decryption_failed_or_bad_record_mac = 0; | |||
297 | unsigned char *mac = NULL; | |||
298 | 295 | |||
299 | rr= &(s->s3->rrec); | 296 | rr= &(s->s3->rrec); | |
300 | sess=s->session; | 297 | sess=s->session; | |
301 | 298 | |||
302 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | 299 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | |
303 | extra=SSL3_RT_MAX_EXTRA; | 300 | extra=SSL3_RT_MAX_EXTRA; | |
304 | else | 301 | else | |
305 | extra=0; | 302 | extra=0; | |
306 | if (extra && !s->s3->init_extra) | 303 | if (extra && !s->s3->init_extra) | |
307 | { | 304 | { | |
308 | /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | 305 | /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | |
309 | * set after ssl3_setup_buffers() was done */ | 306 | * set after ssl3_setup_buffers() was done */ | |
310 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | 307 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | |
@@ -391,95 +388,100 @@ fprintf(stderr, "Record type=%d, Length= | @@ -391,95 +388,100 @@ fprintf(stderr, "Record type=%d, Length= | |||
391 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | 388 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | |
392 | * rr->length bytes of encrypted compressed stuff. */ | 389 | * rr->length bytes of encrypted compressed stuff. */ | |
393 | 390 | |||
394 | /* check is not needed I believe */ | 391 | /* check is not needed I believe */ | |
395 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | 392 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | |
396 | { | 393 | { | |
397 | al=SSL_AD_RECORD_OVERFLOW; | 394 | al=SSL_AD_RECORD_OVERFLOW; | |
398 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | 395 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | |
399 | goto f_err; | 396 | goto f_err; | |
400 | } | 397 | } | |
401 | 398 | |||
402 | /* decrypt in place in 'rr->input' */ | 399 | /* decrypt in place in 'rr->input' */ | |
403 | rr->data=rr->input; | 400 | rr->data=rr->input; | |
401 | orig_len=rr->length; | |||
404 | 402 | |||
405 | enc_err = s->method->ssl3_enc->enc(s,0); | 403 | enc_err = s->method->ssl3_enc->enc(s,0); | |
406 | if (enc_err <= 0) | 404 | /* enc_err is: | |
405 | * 0: (in non-constant time) if the record is publically invalid. | |||
406 | * 1: if the padding is valid | |||
407 | * -1: if the padding is invalid */ | |||
408 | if (enc_err == 0) | |||
407 | { | 409 | { | |
408 | if (enc_err == 0) | 410 | al=SSL_AD_DECRYPTION_FAILED; | |
409 | /* SSLerr() and ssl3_send_alert() have been called */ | 411 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | |
410 | goto err; | 412 | goto f_err; | |
411 | ||||
412 | /* Otherwise enc_err == -1, which indicates bad padding | |||
413 | * (rec->length has not been changed in this case). | |||
414 | * To minimize information leaked via timing, we will perform | |||
415 | * the MAC computation anyway. */ | |||
416 | decryption_failed_or_bad_record_mac = 1; | |||
417 | } | 413 | } | |
418 | 414 | |||
419 | #ifdef TLS_DEBUG | 415 | #ifdef TLS_DEBUG | |
420 | printf("dec %d\n",rr->length); | 416 | printf("dec %d\n",rr->length); | |
421 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | 417 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | |
422 | printf("\n"); | 418 | printf("\n"); | |
423 | #endif | 419 | #endif | |
424 | 420 | |||
425 | /* r->length is now the compressed data plus mac */ | 421 | /* r->length is now the compressed data plus mac */ | |
426 | if ( (sess == NULL) || | 422 | if ((sess != NULL) && | |
427 | (s->enc_read_ctx == NULL) || | 423 | (s->enc_read_ctx != NULL) && | |
428 | (EVP_MD_CTX_md(s->read_hash) == NULL)) | 424 | (EVP_MD_CTX_md(s->read_hash) != NULL)) | |
429 | clear=1; | 425 | { | |
430 | 426 | /* s->read_hash != NULL => mac_size != -1 */ | ||
431 | if (!clear) | 427 | unsigned char *mac = NULL; | |
432 | { | 428 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | |
433 | /* !clear => s->read_hash != NULL => mac_size != -1 */ | |||
434 | mac_size=EVP_MD_CTX_size(s->read_hash); | 429 | mac_size=EVP_MD_CTX_size(s->read_hash); | |
435 | OPENSSL_assert(mac_size >= 0); | 430 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | |
436 | 431 | |||
437 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | 432 | /* orig_len is the length of the record before any padding was | |
433 | * removed. This is public information, as is the MAC in use, | |||
434 | * therefore we can safely process the record in a different | |||
435 | * amount of time if it's too short to possibly contain a MAC. | |||
436 | */ | |||
437 | if (orig_len < mac_size || | |||
438 | /* CBC records must have a padding length byte too. */ | |||
439 | (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && | |||
440 | orig_len < mac_size+1)) | |||
438 | { | 441 | { | |
439 | #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ | 442 | al=SSL_AD_DECODE_ERROR; | |
440 | al=SSL_AD_RECORD_OVERFLOW; | 443 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); | |
441 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | |||
442 | goto f_err; | 444 | goto f_err; | |
443 | #else | |||
444 | decryption_failed_or_bad_record_mac = 1; | |||
445 | #endif | |||
446 | } | 445 | } | |
447 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ | 446 | ||
448 | if (rr->length >= (unsigned int)mac_size) | 447 | if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) | |
449 | { | 448 | { | |
449 | /* We update the length so that the TLS header bytes | |||
450 | * can be constructed correctly but we need to extract | |||
451 | * the MAC in constant time from within the record, | |||
452 | * without leaking the contents of the padding bytes. | |||
453 | * */ | |||
454 | mac = mac_tmp; | |||
455 | ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); | |||
450 | rr->length -= mac_size; | 456 | rr->length -= mac_size; | |
451 | mac = &rr->data[rr->length]; | |||
452 | } | 457 | } | |
453 | else | 458 | else | |
454 | { | 459 | { | |
455 | /* record (minus padding) is too short to contain a MAC */ | 460 | /* In this case there's no padding, so |orig_len| | |
456 | #if 0 /* OK only for stream ciphers */ | 461 | * equals |rec->length| and we checked that there's | |
457 | al=SSL_AD_DECODE_ERROR; | 462 | * enough bytes for |mac_size| above. */ | |
458 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); | 463 | rr->length -= mac_size; | |
459 | goto f_err; | 464 | mac = &rr->data[rr->length]; | |
460 | #else | |||
461 | decryption_failed_or_bad_record_mac = 1; | |||
462 | rr->length = 0; | |||
463 | #endif | |||
464 | } | |||
465 | i=s->method->ssl3_enc->mac(s,md,0); | |||
466 | if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0) | |||
467 | { | |||
468 | decryption_failed_or_bad_record_mac = 1; | |||
469 | } | 465 | } | |
466 | ||||
467 | i=s->method->ssl3_enc->mac(s,md,0 /* not send */); | |||
468 | if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | |||
469 | enc_err = -1; | |||
470 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | |||
471 | enc_err = -1; | |||
470 | } | 472 | } | |
471 | 473 | |||
472 | if (decryption_failed_or_bad_record_mac) | 474 | if (enc_err < 0) | |
473 | { | 475 | { | |
474 | /* A separate 'decryption_failed' alert was introduced with TLS 1.0, | 476 | /* A separate 'decryption_failed' alert was introduced with TLS 1.0, | |
475 | * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | 477 | * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | |
476 | * failure is directly visible from the ciphertext anyway, | 478 | * failure is directly visible from the ciphertext anyway, | |
477 | * we should not reveal which kind of error occured -- this | 479 | * we should not reveal which kind of error occured -- this | |
478 | * might become visible to an attacker (e.g. via a logfile) */ | 480 | * might become visible to an attacker (e.g. via a logfile) */ | |
479 | al=SSL_AD_BAD_RECORD_MAC; | 481 | al=SSL_AD_BAD_RECORD_MAC; | |
480 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | 482 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | |
481 | goto f_err; | 483 | goto f_err; | |
482 | } | 484 | } | |
483 | 485 | |||
484 | /* r->length is now just compressed */ | 486 | /* r->length is now just compressed */ | |
485 | if (s->expand != NULL) | 487 | if (s->expand != NULL) | |
@@ -735,26 +737,27 @@ static int do_ssl3_write(SSL *s, int typ | @@ -735,26 +737,27 @@ static int do_ssl3_write(SSL *s, int typ | |||
735 | wb->offset = align; | 737 | wb->offset = align; | |
736 | } | 738 | } | |
737 | 739 | |||
738 | /* write the header */ | 740 | /* write the header */ | |
739 | 741 | |||
740 | *(p++)=type&0xff; | 742 | *(p++)=type&0xff; | |
741 | wr->type=type; | 743 | wr->type=type; | |
742 | 744 | |||
743 | *(p++)=(s->version>>8); | 745 | *(p++)=(s->version>>8); | |
744 | /* Some servers hang if iniatial client hello is larger than 256 | 746 | /* Some servers hang if iniatial client hello is larger than 256 | |
745 | * bytes and record version number > TLS 1.0 | 747 | * bytes and record version number > TLS 1.0 | |
746 | */ | 748 | */ | |
747 | if (s->state == SSL3_ST_CW_CLNT_HELLO_B | 749 | if (s->state == SSL3_ST_CW_CLNT_HELLO_B | |
750 | && !s->renegotiate | |||
748 | && TLS1_get_version(s) > TLS1_VERSION) | 751 | && TLS1_get_version(s) > TLS1_VERSION) | |
749 | *(p++) = 0x1; | 752 | *(p++) = 0x1; | |
750 | else | 753 | else | |
751 | *(p++)=s->version&0xff; | 754 | *(p++)=s->version&0xff; | |
752 | 755 | |||
753 | /* field where we are to write out packet length */ | 756 | /* field where we are to write out packet length */ | |
754 | plen=p; | 757 | plen=p; | |
755 | p+=2; | 758 | p+=2; | |
756 | /* Explicit IV length, block ciphers and TLS version 1.1 or later */ | 759 | /* Explicit IV length, block ciphers and TLS version 1.1 or later */ | |
757 | if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) | 760 | if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) | |
758 | { | 761 | { | |
759 | int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); | 762 | int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); | |
760 | if (mode == EVP_CIPH_CBC_MODE) | 763 | if (mode == EVP_CIPH_CBC_MODE) | |
@@ -1229,27 +1232,27 @@ start: | @@ -1229,27 +1232,27 @@ start: | |||
1229 | * renegotiatie it presumably had a good reason and | 1232 | * renegotiatie it presumably had a good reason and | |
1230 | * expects it to succeed. | 1233 | * expects it to succeed. | |
1231 | * | 1234 | * | |
1232 | * In future we might have a renegotiation where we | 1235 | * In future we might have a renegotiation where we | |
1233 | * don't care if the peer refused it where we carry on. | 1236 | * don't care if the peer refused it where we carry on. | |
1234 | */ | 1237 | */ | |
1235 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) | 1238 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) | |
1236 | { | 1239 | { | |
1237 | al = SSL_AD_HANDSHAKE_FAILURE; | 1240 | al = SSL_AD_HANDSHAKE_FAILURE; | |
1238 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); | 1241 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); | |
1239 | goto f_err; | 1242 | goto f_err; | |
1240 | } | 1243 | } | |
1241 | #ifdef SSL_AD_MISSING_SRP_USERNAME | 1244 | #ifdef SSL_AD_MISSING_SRP_USERNAME | |
1242 | if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) | 1245 | else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) | |
1243 | return(0); | 1246 | return(0); | |
1244 | #endif | 1247 | #endif | |
1245 | } | 1248 | } | |
1246 | else if (alert_level == 2) /* fatal */ | 1249 | else if (alert_level == 2) /* fatal */ | |
1247 | { | 1250 | { | |
1248 | char tmp[16]; | 1251 | char tmp[16]; | |
1249 | 1252 | |||
1250 | s->rwstate=SSL_NOTHING; | 1253 | s->rwstate=SSL_NOTHING; | |
1251 | s->s3->fatal_alert = alert_descr; | 1254 | s->s3->fatal_alert = alert_descr; | |
1252 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | 1255 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | |
1253 | BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); | 1256 | BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); | |
1254 | ERR_add_error_data(2,"SSL alert number ",tmp); | 1257 | ERR_add_error_data(2,"SSL alert number ",tmp); | |
1255 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | 1258 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_srvr.c 2012/07/26 19:58:39 1.11
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_srvr.c 2013/02/05 21:31:27 1.12
@@ -181,27 +181,28 @@ static const SSL_METHOD *ssl3_get_server | @@ -181,27 +181,28 @@ static const SSL_METHOD *ssl3_get_server | |||
181 | 181 | |||
182 | #ifndef OPENSSL_NO_SRP | 182 | #ifndef OPENSSL_NO_SRP | |
183 | static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) | 183 | static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) | |
184 | { | 184 | { | |
185 | int ret = SSL_ERROR_NONE; | 185 | int ret = SSL_ERROR_NONE; | |
186 | 186 | |||
187 | *al = SSL_AD_UNRECOGNIZED_NAME; | 187 | *al = SSL_AD_UNRECOGNIZED_NAME; | |
188 | 188 | |||
189 | if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && | 189 | if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && | |
190 | (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) | 190 | (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) | |
191 | { | 191 | { | |
192 | if(s->srp_ctx.login == NULL) | 192 | if(s->srp_ctx.login == NULL) | |
193 | { | 193 | { | |
194 | /* There isn't any srp login extension !!! */ | 194 | /* RFC 5054 says SHOULD reject, | |
195 | we do so if There is no srp login name */ | |||
195 | ret = SSL3_AL_FATAL; | 196 | ret = SSL3_AL_FATAL; | |
196 | *al = SSL_AD_UNKNOWN_PSK_IDENTITY; | 197 | *al = SSL_AD_UNKNOWN_PSK_IDENTITY; | |
197 | } | 198 | } | |
198 | else | 199 | else | |
199 | { | 200 | { | |
200 | ret = SSL_srp_server_param_with_username(s,al); | 201 | ret = SSL_srp_server_param_with_username(s,al); | |
201 | } | 202 | } | |
202 | } | 203 | } | |
203 | return ret; | 204 | return ret; | |
204 | } | 205 | } | |
205 | #endif | 206 | #endif | |
206 | 207 | |||
207 | IMPLEMENT_ssl3_meth_func(SSLv3_server_method, | 208 | IMPLEMENT_ssl3_meth_func(SSLv3_server_method, | |
@@ -368,26 +369,27 @@ int ssl3_accept(SSL *s) | @@ -368,26 +369,27 @@ int ssl3_accept(SSL *s) | |||
368 | if (ret != SSL_ERROR_NONE) | 369 | if (ret != SSL_ERROR_NONE) | |
369 | { | 370 | { | |
370 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 371 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | |
371 | /* This is not really an error but the only means to | 372 | /* This is not really an error but the only means to | |
372 | for a client to detect whether srp is supported. */ | 373 | for a client to detect whether srp is supported. */ | |
373 | if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) | 374 | if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) | |
374 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); | 375 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); | |
375 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 376 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | |
376 | ret= -1; | 377 | ret= -1; | |
377 | goto end; | 378 | goto end; | |
378 | } | 379 | } | |
379 | } | 380 | } | |
380 | #endif | 381 | #endif | |
382 | ||||
381 | s->renegotiate = 2; | 383 | s->renegotiate = 2; | |
382 | s->state=SSL3_ST_SW_SRVR_HELLO_A; | 384 | s->state=SSL3_ST_SW_SRVR_HELLO_A; | |
383 | s->init_num=0; | 385 | s->init_num=0; | |
384 | break; | 386 | break; | |
385 | 387 | |||
386 | case SSL3_ST_SW_SRVR_HELLO_A: | 388 | case SSL3_ST_SW_SRVR_HELLO_A: | |
387 | case SSL3_ST_SW_SRVR_HELLO_B: | 389 | case SSL3_ST_SW_SRVR_HELLO_B: | |
388 | ret=ssl3_send_server_hello(s); | 390 | ret=ssl3_send_server_hello(s); | |
389 | if (ret <= 0) goto end; | 391 | if (ret <= 0) goto end; | |
390 | #ifndef OPENSSL_NO_TLSEXT | 392 | #ifndef OPENSSL_NO_TLSEXT | |
391 | if (s->hit) | 393 | if (s->hit) | |
392 | { | 394 | { | |
393 | if (s->tlsext_ticket_expected) | 395 | if (s->tlsext_ticket_expected) | |
@@ -1181,27 +1183,27 @@ int ssl3_get_client_hello(SSL *s) | @@ -1181,27 +1183,27 @@ int ssl3_get_client_hello(SSL *s) | |||
1181 | } | 1183 | } | |
1182 | 1184 | |||
1183 | #ifndef OPENSSL_NO_TLSEXT | 1185 | #ifndef OPENSSL_NO_TLSEXT | |
1184 | /* TLS extensions*/ | 1186 | /* TLS extensions*/ | |
1185 | if (s->version >= SSL3_VERSION) | 1187 | if (s->version >= SSL3_VERSION) | |
1186 | { | 1188 | { | |
1187 | if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) | 1189 | if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) | |
1188 | { | 1190 | { | |
1189 | /* 'al' set by ssl_parse_clienthello_tlsext */ | 1191 | /* 'al' set by ssl_parse_clienthello_tlsext */ | |
1190 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); | 1192 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); | |
1191 | goto f_err; | 1193 | goto f_err; | |
1192 | } | 1194 | } | |
1193 | } | 1195 | } | |
1194 | if (ssl_check_clienthello_tlsext(s) <= 0) { | 1196 | if (ssl_check_clienthello_tlsext_early(s) <= 0) { | |
1195 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); | 1197 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); | |
1196 | goto err; | 1198 | goto err; | |
1197 | } | 1199 | } | |
1198 | 1200 | |||
1199 | /* Check if we want to use external pre-shared secret for this | 1201 | /* Check if we want to use external pre-shared secret for this | |
1200 | * handshake for not reused session only. We need to generate | 1202 | * handshake for not reused session only. We need to generate | |
1201 | * server_random before calling tls_session_secret_cb in order to allow | 1203 | * server_random before calling tls_session_secret_cb in order to allow | |
1202 | * SessionTicket processing to use it in key derivation. */ | 1204 | * SessionTicket processing to use it in key derivation. */ | |
1203 | { | 1205 | { | |
1204 | unsigned long Time; | 1206 | unsigned long Time; | |
1205 | unsigned char *pos; | 1207 | unsigned char *pos; | |
1206 | Time=(unsigned long)time(NULL); /* Time */ | 1208 | Time=(unsigned long)time(NULL); /* Time */ | |
1207 | pos=s->s3->server_random; | 1209 | pos=s->s3->server_random; | |
@@ -1403,26 +1405,36 @@ int ssl3_get_client_hello(SSL *s) | @@ -1403,26 +1405,36 @@ int ssl3_get_client_hello(SSL *s) | |||
1403 | } | 1405 | } | |
1404 | 1406 | |||
1405 | /* we now have the following setup. | 1407 | /* we now have the following setup. | |
1406 | * client_random | 1408 | * client_random | |
1407 | * cipher_list - our prefered list of ciphers | 1409 | * cipher_list - our prefered list of ciphers | |
1408 | * ciphers - the clients prefered list of ciphers | 1410 | * ciphers - the clients prefered list of ciphers | |
1409 | * compression - basically ignored right now | 1411 | * compression - basically ignored right now | |
1410 | * ssl version is set - sslv3 | 1412 | * ssl version is set - sslv3 | |
1411 | * s->session - The ssl session has been setup. | 1413 | * s->session - The ssl session has been setup. | |
1412 | * s->hit - session reuse flag | 1414 | * s->hit - session reuse flag | |
1413 | * s->tmp.new_cipher - the new cipher to use. | 1415 | * s->tmp.new_cipher - the new cipher to use. | |
1414 | */ | 1416 | */ | |
1415 | 1417 | |||
1418 | /* Handles TLS extensions that we couldn't check earlier */ | |||
1419 | if (s->version >= SSL3_VERSION) | |||
1420 | { | |||
1421 | if (ssl_check_clienthello_tlsext_late(s) <= 0) | |||
1422 | { | |||
1423 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); | |||
1424 | goto err; | |||
1425 | } | |||
1426 | } | |||
1427 | ||||
1416 | if (ret < 0) ret=1; | 1428 | if (ret < 0) ret=1; | |
1417 | if (0) | 1429 | if (0) | |
1418 | { | 1430 | { | |
1419 | f_err: | 1431 | f_err: | |
1420 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1432 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | |
1421 | } | 1433 | } | |
1422 | err: | 1434 | err: | |
1423 | if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); | 1435 | if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); | |
1424 | return(ret); | 1436 | return(ret); | |
1425 | } | 1437 | } | |
1426 | 1438 | |||
1427 | int ssl3_send_server_hello(SSL *s) | 1439 | int ssl3_send_server_hello(SSL *s) | |
1428 | { | 1440 | { |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl.h 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl.h 2013/02/05 21:31:27 1.4
@@ -483,26 +483,29 @@ struct ssl_session_st | @@ -483,26 +483,29 @@ struct ssl_session_st | |||
483 | * the appropriate context. It is up to the application to set this, | 483 | * the appropriate context. It is up to the application to set this, | |
484 | * via SSL_new */ | 484 | * via SSL_new */ | |
485 | unsigned int sid_ctx_length; | 485 | unsigned int sid_ctx_length; | |
486 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | 486 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | |
487 | 487 | |||
488 | #ifndef OPENSSL_NO_KRB5 | 488 | #ifndef OPENSSL_NO_KRB5 | |
489 | unsigned int krb5_client_princ_len; | 489 | unsigned int krb5_client_princ_len; | |
490 | unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; | 490 | unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; | |
491 | #endif /* OPENSSL_NO_KRB5 */ | 491 | #endif /* OPENSSL_NO_KRB5 */ | |
492 | #ifndef OPENSSL_NO_PSK | 492 | #ifndef OPENSSL_NO_PSK | |
493 | char *psk_identity_hint; | 493 | char *psk_identity_hint; | |
494 | char *psk_identity; | 494 | char *psk_identity; | |
495 | #endif | 495 | #endif | |
496 | /* Used to indicate that session resumption is not allowed. | |||
497 | * Applications can also set this bit for a new session via | |||
498 | * not_resumable_session_cb to disable session caching and tickets. */ | |||
496 | int not_resumable; | 499 | int not_resumable; | |
497 | 500 | |||
498 | /* The cert is the certificate used to establish this connection */ | 501 | /* The cert is the certificate used to establish this connection */ | |
499 | struct sess_cert_st /* SESS_CERT */ *sess_cert; | 502 | struct sess_cert_st /* SESS_CERT */ *sess_cert; | |
500 | 503 | |||
501 | /* This is the cert for the other end. | 504 | /* This is the cert for the other end. | |
502 | * On clients, it will be the same as sess_cert->peer_key->x509 | 505 | * On clients, it will be the same as sess_cert->peer_key->x509 | |
503 | * (the latter is not enough as sess_cert is not retained | 506 | * (the latter is not enough as sess_cert is not retained | |
504 | * in the external representation of sessions, see ssl_asn1.c). */ | 507 | * in the external representation of sessions, see ssl_asn1.c). */ | |
505 | X509 *peer; | 508 | X509 *peer; | |
506 | /* when app_verify_callback accepts a session where the peer's certificate | 509 | /* when app_verify_callback accepts a session where the peer's certificate | |
507 | * is not ok, we must remember the error for session reuse: */ | 510 | * is not ok, we must remember the error for session reuse: */ | |
508 | long verify_result; /* only for servers */ | 511 | long verify_result; /* only for servers */ | |
@@ -525,27 +528,27 @@ struct ssl_session_st | @@ -525,27 +528,27 @@ struct ssl_session_st | |||
525 | /* These are used to make removal of session-ids more | 528 | /* These are used to make removal of session-ids more | |
526 | * efficient and to implement a maximum cache size. */ | 529 | * efficient and to implement a maximum cache size. */ | |
527 | struct ssl_session_st *prev,*next; | 530 | struct ssl_session_st *prev,*next; | |
528 | #ifndef OPENSSL_NO_TLSEXT | 531 | #ifndef OPENSSL_NO_TLSEXT | |
529 | char *tlsext_hostname; | 532 | char *tlsext_hostname; | |
530 | #ifndef OPENSSL_NO_EC | 533 | #ifndef OPENSSL_NO_EC | |
531 | size_t tlsext_ecpointformatlist_length; | 534 | size_t tlsext_ecpointformatlist_length; | |
532 | unsigned char *tlsext_ecpointformatlist; /* peer's list */ | 535 | unsigned char *tlsext_ecpointformatlist; /* peer's list */ | |
533 | size_t tlsext_ellipticcurvelist_length; | 536 | size_t tlsext_ellipticcurvelist_length; | |
534 | unsigned char *tlsext_ellipticcurvelist; /* peer's list */ | 537 | unsigned char *tlsext_ellipticcurvelist; /* peer's list */ | |
535 | #endif /* OPENSSL_NO_EC */ | 538 | #endif /* OPENSSL_NO_EC */ | |
536 | /* RFC4507 info */ | 539 | /* RFC4507 info */ | |
537 | unsigned char *tlsext_tick; /* Session ticket */ | 540 | unsigned char *tlsext_tick; /* Session ticket */ | |
538 | size_t tlsext_ticklen; /* Session ticket length */ | 541 | size_t tlsext_ticklen; /* Session ticket length */ | |
539 | long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ | 542 | long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ | |
540 | #endif | 543 | #endif | |
541 | #ifndef OPENSSL_NO_SRP | 544 | #ifndef OPENSSL_NO_SRP | |
542 | char *srp_username; | 545 | char *srp_username; | |
543 | #endif | 546 | #endif | |
544 | }; | 547 | }; | |
545 | 548 | |||
546 | #endif | 549 | #endif | |
547 | 550 | |||
548 | #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L | 551 | #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L | |
549 | #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L | 552 | #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L | |
550 | /* Allow initial connection to servers that don't support RI */ | 553 | /* Allow initial connection to servers that don't support RI */ | |
551 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | 554 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | |
@@ -917,51 +920,53 @@ struct ssl_ctx_st | @@ -917,51 +920,53 @@ struct ssl_ctx_st | |||
917 | unsigned char tlsext_tick_key_name[16]; | 920 | unsigned char tlsext_tick_key_name[16]; | |
918 | unsigned char tlsext_tick_hmac_key[16]; | 921 | unsigned char tlsext_tick_hmac_key[16]; | |
919 | unsigned char tlsext_tick_aes_key[16]; | 922 | unsigned char tlsext_tick_aes_key[16]; | |
920 | /* Callback to support customisation of ticket key setting */ | 923 | /* Callback to support customisation of ticket key setting */ | |
921 | int (*tlsext_ticket_key_cb)(SSL *ssl, | 924 | int (*tlsext_ticket_key_cb)(SSL *ssl, | |
922 | unsigned char *name, unsigned char *iv, | 925 | unsigned char *name, unsigned char *iv, | |
923 | EVP_CIPHER_CTX *ectx, | 926 | EVP_CIPHER_CTX *ectx, | |
924 | HMAC_CTX *hctx, int enc); | 927 | HMAC_CTX *hctx, int enc); | |
925 | 928 | |||
926 | /* certificate status request info */ | 929 | /* certificate status request info */ | |
927 | /* Callback for status request */ | 930 | /* Callback for status request */ | |
928 | int (*tlsext_status_cb)(SSL *ssl, void *arg); | 931 | int (*tlsext_status_cb)(SSL *ssl, void *arg); | |
929 | void *tlsext_status_arg; | 932 | void *tlsext_status_arg; | |
933 | ||||
930 | /* draft-rescorla-tls-opaque-prf-input-00.txt information */ | 934 | /* draft-rescorla-tls-opaque-prf-input-00.txt information */ | |
931 | int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); | 935 | int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); | |
932 | void *tlsext_opaque_prf_input_callback_arg; | 936 | void *tlsext_opaque_prf_input_callback_arg; | |
933 | #endif | 937 | #endif | |
934 | 938 | |||
935 | #ifndef OPENSSL_NO_PSK | 939 | #ifndef OPENSSL_NO_PSK | |
936 | char *psk_identity_hint; | 940 | char *psk_identity_hint; | |
937 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, | 941 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, | |
938 | unsigned int max_identity_len, unsigned char *psk, | 942 | unsigned int max_identity_len, unsigned char *psk, | |
939 | unsigned int max_psk_len); | 943 | unsigned int max_psk_len); | |
940 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | 944 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | |
941 | unsigned char *psk, unsigned int max_psk_len); | 945 | unsigned char *psk, unsigned int max_psk_len); | |
942 | #endif | 946 | #endif | |
943 | 947 | |||
944 | #ifndef OPENSSL_NO_BUF_FREELISTS | 948 | #ifndef OPENSSL_NO_BUF_FREELISTS | |
945 | #define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 | 949 | #define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 | |
946 | unsigned int freelist_max_len; | 950 | unsigned int freelist_max_len; | |
947 | struct ssl3_buf_freelist_st *wbuf_freelist; | 951 | struct ssl3_buf_freelist_st *wbuf_freelist; | |
948 | struct ssl3_buf_freelist_st *rbuf_freelist; | 952 | struct ssl3_buf_freelist_st *rbuf_freelist; | |
949 | #endif | 953 | #endif | |
950 | #ifndef OPENSSL_NO_SRP | 954 | #ifndef OPENSSL_NO_SRP | |
951 | SRP_CTX srp_ctx; /* ctx for SRP authentication */ | 955 | SRP_CTX srp_ctx; /* ctx for SRP authentication */ | |
952 | #endif | 956 | #endif | |
953 | 957 | |||
954 | #ifndef OPENSSL_NO_TLSEXT | 958 | #ifndef OPENSSL_NO_TLSEXT | |
959 | ||||
955 | # ifndef OPENSSL_NO_NEXTPROTONEG | 960 | # ifndef OPENSSL_NO_NEXTPROTONEG | |
956 | /* Next protocol negotiation information */ | 961 | /* Next protocol negotiation information */ | |
957 | /* (for experimental NPN extension). */ | 962 | /* (for experimental NPN extension). */ | |
958 | 963 | |||
959 | /* For a server, this contains a callback function by which the set of | 964 | /* For a server, this contains a callback function by which the set of | |
960 | * advertised protocols can be provided. */ | 965 | * advertised protocols can be provided. */ | |
961 | int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, | 966 | int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, | |
962 | unsigned int *len, void *arg); | 967 | unsigned int *len, void *arg); | |
963 | void *next_protos_advertised_cb_arg; | 968 | void *next_protos_advertised_cb_arg; | |
964 | /* For a client, this contains a callback function that selects the | 969 | /* For a client, this contains a callback function that selects the | |
965 | * next protocol from the list provided by the server. */ | 970 | * next protocol from the list provided by the server. */ | |
966 | int (*next_proto_select_cb)(SSL *s, unsigned char **out, | 971 | int (*next_proto_select_cb)(SSL *s, unsigned char **out, | |
967 | unsigned char *outlen, | 972 | unsigned char *outlen, | |
@@ -2196,26 +2201,27 @@ void ERR_load_SSL_strings(void); | @@ -2196,26 +2201,27 @@ void ERR_load_SSL_strings(void); | |||
2196 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 | 2201 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 | |
2197 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 | 2202 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 | |
2198 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 | 2203 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 | |
2199 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 | 2204 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 | |
2200 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 | 2205 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 | |
2201 | #define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 | 2206 | #define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 | |
2202 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 | 2207 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 | |
2203 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 | 2208 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 | |
2204 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 | 2209 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 | |
2205 | #define SSL_F_SSL_DO_HANDSHAKE 180 | 2210 | #define SSL_F_SSL_DO_HANDSHAKE 180 | |
2206 | #define SSL_F_SSL_GET_NEW_SESSION 181 | 2211 | #define SSL_F_SSL_GET_NEW_SESSION 181 | |
2207 | #define SSL_F_SSL_GET_PREV_SESSION 217 | 2212 | #define SSL_F_SSL_GET_PREV_SESSION 217 | |
2208 | #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 | 2213 | #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 | |
2214 | #define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 | |||
2209 | #define SSL_F_SSL_GET_SIGN_PKEY 183 | 2215 | #define SSL_F_SSL_GET_SIGN_PKEY 183 | |
2210 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 | 2216 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 | |
2211 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 | 2217 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 | |
2212 | #define SSL_F_SSL_NEW 186 | 2218 | #define SSL_F_SSL_NEW 186 | |
2213 | #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 | 2219 | #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 | |
2214 | #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 | 2220 | #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 | |
2215 | #define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 | 2221 | #define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 | |
2216 | #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 | 2222 | #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 | |
2217 | #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 | 2223 | #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 | |
2218 | #define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 | 2224 | #define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 | |
2219 | #define SSL_F_SSL_PEEK 270 | 2225 | #define SSL_F_SSL_PEEK 270 | |
2220 | #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 | 2226 | #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 | |
2221 | #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 | 2227 | #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 |
--- src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl3.h 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/ssl3.h 2013/02/05 21:31:27 1.4
@@ -568,28 +568,30 @@ typedef struct ssl3_state_st | @@ -568,28 +568,30 @@ typedef struct ssl3_state_st | |||
568 | #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) | 568 | #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) | |
569 | #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) | 569 | #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) | |
570 | /* write to server */ | 570 | /* write to server */ | |
571 | #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) | 571 | #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) | |
572 | #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) | 572 | #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) | |
573 | #define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) | 573 | #define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) | |
574 | #define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) | 574 | #define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) | |
575 | #define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) | 575 | #define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) | |
576 | #define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) | 576 | #define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) | |
577 | #define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) | 577 | #define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) | |
578 | #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) | 578 | #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) | |
579 | #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) | 579 | #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) | |
580 | #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) | 580 | #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) | |
581 | #ifndef OPENSSL_NO_NEXTPROTONEG | |||
581 | #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) | 582 | #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) | |
582 | #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) | 583 | #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) | |
584 | #endif | |||
583 | #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) | 585 | #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) | |
584 | #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) | 586 | #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) | |
585 | /* read from server */ | 587 | /* read from server */ | |
586 | #define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) | 588 | #define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) | |
587 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) | 589 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) | |
588 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) | 590 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) | |
589 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) | 591 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) | |
590 | #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) | 592 | #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) | |
591 | #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) | 593 | #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) | |
592 | #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) | 594 | #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) | |
593 | #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) | 595 | #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) | |
594 | 596 | |||
595 | /* server */ | 597 | /* server */ | |
@@ -619,53 +621,57 @@ typedef struct ssl3_state_st | @@ -619,53 +621,57 @@ typedef struct ssl3_state_st | |||
619 | #define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) | 621 | #define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) | |
620 | #define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) | 622 | #define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) | |
621 | #define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) | 623 | #define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) | |
622 | #define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) | 624 | #define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) | |
623 | /* read from client */ | 625 | /* read from client */ | |
624 | #define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) | 626 | #define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) | |
625 | #define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) | 627 | #define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) | |
626 | #define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) | 628 | #define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) | |
627 | #define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) | 629 | #define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) | |
628 | #define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) | 630 | #define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) | |
629 | #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) | 631 | #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) | |
630 | #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) | 632 | #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) | |
631 | #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) | 633 | #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) | |
634 | #ifndef OPENSSL_NO_NEXTPROTONEG | |||
632 | #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) | 635 | #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) | |
633 | #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) | 636 | #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) | |
637 | #endif | |||
634 | #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) | 638 | #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) | |
635 | #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) | 639 | #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) | |
636 | /* write to client */ | 640 | /* write to client */ | |
637 | #define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) | 641 | #define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) | |
638 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) | 642 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) | |
639 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) | 643 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) | |
640 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) | 644 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) | |
641 | #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) | 645 | #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) | |
642 | #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) | 646 | #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) | |
643 | #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) | 647 | #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) | |
644 | #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) | 648 | #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) | |
645 | 649 | |||
646 | #define SSL3_MT_HELLO_REQUEST 0 | 650 | #define SSL3_MT_HELLO_REQUEST 0 | |
647 | #define SSL3_MT_CLIENT_HELLO 1 | 651 | #define SSL3_MT_CLIENT_HELLO 1 | |
648 | #define SSL3_MT_SERVER_HELLO 2 | 652 | #define SSL3_MT_SERVER_HELLO 2 | |
649 | #define SSL3_MT_NEWSESSION_TICKET 4 | 653 | #define SSL3_MT_NEWSESSION_TICKET 4 | |
650 | #define SSL3_MT_CERTIFICATE 11 | 654 | #define SSL3_MT_CERTIFICATE 11 | |
651 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 | 655 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 | |
652 | #define SSL3_MT_CERTIFICATE_REQUEST 13 | 656 | #define SSL3_MT_CERTIFICATE_REQUEST 13 | |
653 | #define SSL3_MT_SERVER_DONE 14 | 657 | #define SSL3_MT_SERVER_DONE 14 | |
654 | #define SSL3_MT_CERTIFICATE_VERIFY 15 | 658 | #define SSL3_MT_CERTIFICATE_VERIFY 15 | |
655 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | 659 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | |
656 | #define SSL3_MT_FINISHED 20 | 660 | #define SSL3_MT_FINISHED 20 | |
657 | #define SSL3_MT_CERTIFICATE_STATUS 22 | 661 | #define SSL3_MT_CERTIFICATE_STATUS 22 | |
662 | #ifndef OPENSSL_NO_NEXTPROTONEG | |||
658 | #define SSL3_MT_NEXT_PROTO 67 | 663 | #define SSL3_MT_NEXT_PROTO 67 | |
664 | #endif | |||
659 | #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | 665 | #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | |
660 | 666 | |||
661 | 667 | |||
662 | #define SSL3_MT_CCS 1 | 668 | #define SSL3_MT_CCS 1 | |
663 | 669 | |||
664 | /* These are used when changing over to a new cipher */ | 670 | /* These are used when changing over to a new cipher */ | |
665 | #define SSL3_CC_READ 0x01 | 671 | #define SSL3_CC_READ 0x01 | |
666 | #define SSL3_CC_WRITE 0x02 | 672 | #define SSL3_CC_WRITE 0x02 | |
667 | #define SSL3_CC_CLIENT 0x10 | 673 | #define SSL3_CC_CLIENT 0x10 | |
668 | #define SSL3_CC_SERVER 0x20 | 674 | #define SSL3_CC_SERVER 0x20 | |
669 | #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) | 675 | #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) | |
670 | #define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) | 676 | #define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) | |
671 | #define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) | 677 | #define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) |
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c 2012/07/26 19:58:39 1.3
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c 2013/02/05 21:31:27 1.4
@@ -218,26 +218,27 @@ static ERR_STRING_DATA SSL_str_functs[]= | @@ -218,26 +218,27 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | |
219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | |
220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | |
221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | |
222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | |
223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | |
224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | |
225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | |
226 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | 226 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | |
227 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | 227 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | |
228 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | 228 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | |
229 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | 229 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | |
230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | |
231 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, | |||
231 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | 232 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | |
232 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | 233 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | |
233 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | 234 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | |
234 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | 235 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | |
235 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | |
236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | |
237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, | 238 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, | |
238 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | |
239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | |
240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, | 241 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, | |
241 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | 242 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | |
242 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | |
243 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | 244 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, |
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c 2012/07/27 21:22:55 1.7
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c 2013/02/05 21:31:27 1.8
@@ -1067,27 +1067,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, | @@ -1067,27 +1067,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, | |||
1067 | sdata = s->session->tlsext_ecpointformatlist; | 1067 | sdata = s->session->tlsext_ecpointformatlist; | |
1068 | for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) | 1068 | for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) | |
1069 | fprintf(stderr,"%i ",*(sdata++)); | 1069 | fprintf(stderr,"%i ",*(sdata++)); | |
1070 | fprintf(stderr,"\n"); | 1070 | fprintf(stderr,"\n"); | |
1071 | #endif | 1071 | #endif | |
1072 | } | 1072 | } | |
1073 | else if (type == TLSEXT_TYPE_elliptic_curves && | 1073 | else if (type == TLSEXT_TYPE_elliptic_curves && | |
1074 | s->version != DTLS1_VERSION) | 1074 | s->version != DTLS1_VERSION) | |
1075 | { | 1075 | { | |
1076 | unsigned char *sdata = data; | 1076 | unsigned char *sdata = data; | |
1077 | int ellipticcurvelist_length = (*(sdata++) << 8); | 1077 | int ellipticcurvelist_length = (*(sdata++) << 8); | |
1078 | ellipticcurvelist_length += (*(sdata++)); | 1078 | ellipticcurvelist_length += (*(sdata++)); | |
1079 | 1079 | |||
1080 | if (ellipticcurvelist_length != size - 2) | 1080 | if (ellipticcurvelist_length != size - 2 || | |
1081 | ellipticcurvelist_length < 1) | |||
1081 | { | 1082 | { | |
1082 | *al = TLS1_AD_DECODE_ERROR; | 1083 | *al = TLS1_AD_DECODE_ERROR; | |
1083 | return 0; | 1084 | return 0; | |
1084 | } | 1085 | } | |
1085 | if (!s->hit) | 1086 | if (!s->hit) | |
1086 | { | 1087 | { | |
1087 | if(s->session->tlsext_ellipticcurvelist) | 1088 | if(s->session->tlsext_ellipticcurvelist) | |
1088 | { | 1089 | { | |
1089 | *al = TLS1_AD_DECODE_ERROR; | 1090 | *al = TLS1_AD_DECODE_ERROR; | |
1090 | return 0; | 1091 | return 0; | |
1091 | } | 1092 | } | |
1092 | s->session->tlsext_ellipticcurvelist_length = 0; | 1093 | s->session->tlsext_ellipticcurvelist_length = 0; | |
1093 | if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) | 1094 | if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) | |
@@ -1423,27 +1424,28 @@ int ssl_parse_serverhello_tlsext(SSL *s, | @@ -1423,27 +1424,28 @@ int ssl_parse_serverhello_tlsext(SSL *s, | |||
1423 | *al = TLS1_AD_UNRECOGNIZED_NAME; | 1424 | *al = TLS1_AD_UNRECOGNIZED_NAME; | |
1424 | return 0; | 1425 | return 0; | |
1425 | } | 1426 | } | |
1426 | tlsext_servername = 1; | 1427 | tlsext_servername = 1; | |
1427 | } | 1428 | } | |
1428 | 1429 | |||
1429 | #ifndef OPENSSL_NO_EC | 1430 | #ifndef OPENSSL_NO_EC | |
1430 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1431 | else if (type == TLSEXT_TYPE_ec_point_formats && | |
1431 | s->version != DTLS1_VERSION) | 1432 | s->version != DTLS1_VERSION) | |
1432 | { | 1433 | { | |
1433 | unsigned char *sdata = data; | 1434 | unsigned char *sdata = data; | |
1434 | int ecpointformatlist_length = *(sdata++); | 1435 | int ecpointformatlist_length = *(sdata++); | |
1435 | 1436 | |||
1436 | if (ecpointformatlist_length != size - 1) | 1437 | if (ecpointformatlist_length != size - 1 || | |
1438 | ecpointformatlist_length < 1) | |||
1437 | { | 1439 | { | |
1438 | *al = TLS1_AD_DECODE_ERROR; | 1440 | *al = TLS1_AD_DECODE_ERROR; | |
1439 | return 0; | 1441 | return 0; | |
1440 | } | 1442 | } | |
1441 | s->session->tlsext_ecpointformatlist_length = 0; | 1443 | s->session->tlsext_ecpointformatlist_length = 0; | |
1442 | if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); | 1444 | if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); | |
1443 | if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) | 1445 | if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) | |
1444 | { | 1446 | { | |
1445 | *al = TLS1_AD_INTERNAL_ERROR; | 1447 | *al = TLS1_AD_INTERNAL_ERROR; | |
1446 | return 0; | 1448 | return 0; | |
1447 | } | 1449 | } | |
1448 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; | 1450 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; | |
1449 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); | 1451 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); | |
@@ -1753,81 +1755,51 @@ int ssl_prepare_serverhello_tlsext(SSL * | @@ -1753,81 +1755,51 @@ int ssl_prepare_serverhello_tlsext(SSL * | |||
1753 | SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); | 1755 | SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); | |
1754 | return -1; | 1756 | return -1; | |
1755 | } | 1757 | } | |
1756 | s->tlsext_ecpointformatlist_length = 3; | 1758 | s->tlsext_ecpointformatlist_length = 3; | |
1757 | s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; | 1759 | s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; | |
1758 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; | 1760 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; | |
1759 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | 1761 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | |
1760 | } | 1762 | } | |
1761 | #endif /* OPENSSL_NO_EC */ | 1763 | #endif /* OPENSSL_NO_EC */ | |
1762 | 1764 | |||
1763 | return 1; | 1765 | return 1; | |
1764 | } | 1766 | } | |
1765 | 1767 | |||
1766 | int ssl_check_clienthello_tlsext(SSL *s) | 1768 | int ssl_check_clienthello_tlsext_early(SSL *s) | |
1767 | { | 1769 | { | |
1768 | int ret=SSL_TLSEXT_ERR_NOACK; | 1770 | int ret=SSL_TLSEXT_ERR_NOACK; | |
1769 | int al = SSL_AD_UNRECOGNIZED_NAME; | 1771 | int al = SSL_AD_UNRECOGNIZED_NAME; | |
1770 | 1772 | |||
1771 | #ifndef OPENSSL_NO_EC | 1773 | #ifndef OPENSSL_NO_EC | |
1772 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | 1774 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | |
1773 | * ssl3_choose_cipher in s3_lib.c. | 1775 | * ssl3_choose_cipher in s3_lib.c. | |
1774 | */ | 1776 | */ | |
1775 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | 1777 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | |
1776 | * ssl3_choose_cipher in s3_lib.c. | 1778 | * ssl3_choose_cipher in s3_lib.c. | |
1777 | */ | 1779 | */ | |
1778 | #endif | 1780 | #endif | |
1779 | 1781 | |||
1780 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | 1782 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | |
1781 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | 1783 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | |
1782 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | 1784 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | |
1783 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | 1785 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | |
1784 | 1786 | |||
1785 | /* If status request then ask callback what to do. | |||
1786 | * Note: this must be called after servername callbacks in case | |||
1787 | * the certificate has changed. | |||
1788 | */ | |||
1789 | if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) | |||
1790 | { | |||
1791 | int r; | |||
1792 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | |||
1793 | switch (r) | |||
1794 | { | |||
1795 | /* We don't want to send a status request response */ | |||
1796 | case SSL_TLSEXT_ERR_NOACK: | |||
1797 | s->tlsext_status_expected = 0; | |||
1798 | break; | |||
1799 | /* status request response should be sent */ | |||
1800 | case SSL_TLSEXT_ERR_OK: | |||
1801 | if (s->tlsext_ocsp_resp) | |||
1802 | s->tlsext_status_expected = 1; | |||
1803 | else | |||
1804 | s->tlsext_status_expected = 0; | |||
1805 | break; | |||
1806 | /* something bad happened */ | |||
1807 | case SSL_TLSEXT_ERR_ALERT_FATAL: | |||
1808 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | |||
1809 | al = SSL_AD_INTERNAL_ERROR; | |||
1810 | goto err; | |||
1811 | } | |||
1812 | } | |||
1813 | else | |||
1814 | s->tlsext_status_expected = 0; | |||
1815 | ||||
1816 | #ifdef TLSEXT_TYPE_opaque_prf_input | 1787 | #ifdef TLSEXT_TYPE_opaque_prf_input | |
1817 | { | 1788 | { | |
1818 | /* This sort of belongs into ssl_prepare_serverhello_tlsext(), | 1789 | /* This sort of belongs into ssl_prepare_serverhello_tlsext(), | |
1819 | * but we might be sending an alert in response to the client hello, | 1790 | * but we might be sending an alert in response to the client hello, | |
1820 | * so this has to happen here in ssl_check_clienthello_tlsext(). */ | 1791 | * so this has to happen here in | |
1792 | * ssl_check_clienthello_tlsext_early(). */ | |||
1821 | 1793 | |||
1822 | int r = 1; | 1794 | int r = 1; | |
1823 | 1795 | |||
1824 | if (s->ctx->tlsext_opaque_prf_input_callback != 0) | 1796 | if (s->ctx->tlsext_opaque_prf_input_callback != 0) | |
1825 | { | 1797 | { | |
1826 | r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); | 1798 | r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg); | |
1827 | if (!r) | 1799 | if (!r) | |
1828 | { | 1800 | { | |
1829 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 1801 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | |
1830 | al = SSL_AD_INTERNAL_ERROR; | 1802 | al = SSL_AD_INTERNAL_ERROR; | |
1831 | goto err; | 1803 | goto err; | |
1832 | } | 1804 | } | |
1833 | } | 1805 | } | |
@@ -1859,45 +1831,110 @@ int ssl_check_clienthello_tlsext(SSL *s) | @@ -1859,45 +1831,110 @@ int ssl_check_clienthello_tlsext(SSL *s) | |||
1859 | } | 1831 | } | |
1860 | 1832 | |||
1861 | if (r == 2 && s->s3->server_opaque_prf_input == NULL) | 1833 | if (r == 2 && s->s3->server_opaque_prf_input == NULL) | |
1862 | { | 1834 | { | |
1863 | /* The callback wants to enforce use of the extension, | 1835 | /* The callback wants to enforce use of the extension, | |
1864 | * but we can't do that with the client opaque PRF input; | 1836 | * but we can't do that with the client opaque PRF input; | |
1865 | * abort the handshake. | 1837 | * abort the handshake. | |
1866 | */ | 1838 | */ | |
1867 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 1839 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | |
1868 | al = SSL_AD_HANDSHAKE_FAILURE; | 1840 | al = SSL_AD_HANDSHAKE_FAILURE; | |
1869 | } | 1841 | } | |
1870 | } | 1842 | } | |
1871 | 1843 | |||
1872 | #endif | |||
1873 | err: | 1844 | err: | |
1845 | #endif | |||
1874 | switch (ret) | 1846 | switch (ret) | |
1875 | { | 1847 | { | |
1876 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1848 | case SSL_TLSEXT_ERR_ALERT_FATAL: | |
1877 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1849 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | |
1878 | return -1; | 1850 | return -1; | |
1879 | 1851 | |||
1880 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 1852 | case SSL_TLSEXT_ERR_ALERT_WARNING: | |
1881 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | 1853 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | |
1882 | return 1; | 1854 | return 1; | |
1883 | 1855 | |||
1884 | case SSL_TLSEXT_ERR_NOACK: | 1856 | case SSL_TLSEXT_ERR_NOACK: | |
1885 | s->servername_done=0; | 1857 | s->servername_done=0; | |
1886 | default: | 1858 | default: | |
1887 | return 1; | 1859 | return 1; | |
1888 | } | 1860 | } | |
1889 | } | 1861 | } | |
1890 | 1862 | |||
1863 | int ssl_check_clienthello_tlsext_late(SSL *s) | |||
1864 | { | |||
1865 | int ret = SSL_TLSEXT_ERR_OK; | |||
1866 | int al; | |||
1867 | ||||
1868 | /* If status request then ask callback what to do. | |||
1869 | * Note: this must be called after servername callbacks in case | |||
1870 | * the certificate has changed, and must be called after the cipher | |||
1871 | * has been chosen because this may influence which certificate is sent | |||
1872 | */ | |||
1873 | if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) | |||
1874 | { | |||
1875 | int r; | |||
1876 | CERT_PKEY *certpkey; | |||
1877 | certpkey = ssl_get_server_send_pkey(s); | |||
1878 | /* If no certificate can't return certificate status */ | |||
1879 | if (certpkey == NULL) | |||
1880 | { | |||
1881 | s->tlsext_status_expected = 0; | |||
1882 | return 1; | |||
1883 | } | |||
1884 | /* Set current certificate to one we will use so | |||
1885 | * SSL_get_certificate et al can pick it up. | |||
1886 | */ | |||
1887 | s->cert->key = certpkey; | |||
1888 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | |||
1889 | switch (r) | |||
1890 | { | |||
1891 | /* We don't want to send a status request response */ | |||
1892 | case SSL_TLSEXT_ERR_NOACK: | |||
1893 | s->tlsext_status_expected = 0; | |||
1894 | break; | |||
1895 | /* status request response should be sent */ | |||
1896 | case SSL_TLSEXT_ERR_OK: | |||
1897 | if (s->tlsext_ocsp_resp) | |||
1898 | s->tlsext_status_expected = 1; | |||
1899 | else | |||
1900 | s->tlsext_status_expected = 0; | |||
1901 | break; | |||
1902 | /* something bad happened */ | |||
1903 | case SSL_TLSEXT_ERR_ALERT_FATAL: | |||
1904 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | |||
1905 | al = SSL_AD_INTERNAL_ERROR; | |||
1906 | goto err; | |||
1907 | } | |||
1908 | } | |||
1909 | else | |||
1910 | s->tlsext_status_expected = 0; | |||
1911 | ||||
1912 | err: | |||
1913 | switch (ret) | |||
1914 | { | |||
1915 | case SSL_TLSEXT_ERR_ALERT_FATAL: | |||
1916 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | |||
1917 | return -1; | |||
1918 | ||||
1919 | case SSL_TLSEXT_ERR_ALERT_WARNING: | |||
1920 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | |||
1921 | return 1; | |||
1922 | ||||
1923 | default: | |||
1924 | return 1; | |||
1925 | } | |||
1926 | } | |||
1927 | ||||
1891 | int ssl_check_serverhello_tlsext(SSL *s) | 1928 | int ssl_check_serverhello_tlsext(SSL *s) | |
1892 | { | 1929 | { | |
1893 | int ret=SSL_TLSEXT_ERR_NOACK; | 1930 | int ret=SSL_TLSEXT_ERR_NOACK; | |
1894 | int al = SSL_AD_UNRECOGNIZED_NAME; | 1931 | int al = SSL_AD_UNRECOGNIZED_NAME; | |
1895 | 1932 | |||
1896 | #ifndef OPENSSL_NO_EC | 1933 | #ifndef OPENSSL_NO_EC | |
1897 | /* If we are client and using an elliptic curve cryptography cipher | 1934 | /* If we are client and using an elliptic curve cryptography cipher | |
1898 | * suite, then if server returns an EC point formats lists extension | 1935 | * suite, then if server returns an EC point formats lists extension | |
1899 | * it must contain uncompressed. | 1936 | * it must contain uncompressed. | |
1900 | */ | 1937 | */ | |
1901 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1938 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | |
1902 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1939 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | |
1903 | if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && | 1940 | if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && | |
@@ -2179,27 +2216,27 @@ static int tls_decrypt_ticket(SSL *s, co | @@ -2179,27 +2216,27 @@ static int tls_decrypt_ticket(SSL *s, co | |||
2179 | * integrity checks on ticket. | 2216 | * integrity checks on ticket. | |
2180 | */ | 2217 | */ | |
2181 | mlen = HMAC_size(&hctx); | 2218 | mlen = HMAC_size(&hctx); | |
2182 | if (mlen < 0) | 2219 | if (mlen < 0) | |
2183 | { | 2220 | { | |
2184 | EVP_CIPHER_CTX_cleanup(&ctx); | 2221 | EVP_CIPHER_CTX_cleanup(&ctx); | |
2185 | return -1; | 2222 | return -1; | |
2186 | } | 2223 | } | |
2187 | eticklen -= mlen; | 2224 | eticklen -= mlen; | |
2188 | /* Check HMAC of encrypted ticket */ | 2225 | /* Check HMAC of encrypted ticket */ | |
2189 | HMAC_Update(&hctx, etick, eticklen); | 2226 | HMAC_Update(&hctx, etick, eticklen); | |
2190 | HMAC_Final(&hctx, tick_hmac, NULL); | 2227 | HMAC_Final(&hctx, tick_hmac, NULL); | |
2191 | HMAC_CTX_cleanup(&hctx); | 2228 | HMAC_CTX_cleanup(&hctx); | |
2192 | if (memcmp(tick_hmac, etick + eticklen, mlen)) | 2229 | if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) | |
2193 | return 2; | 2230 | return 2; | |
2194 | /* Attempt to decrypt session data */ | 2231 | /* Attempt to decrypt session data */ | |
2195 | /* Move p after IV to start of encrypted ticket, update length */ | 2232 | /* Move p after IV to start of encrypted ticket, update length */ | |
2196 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); | 2233 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); | |
2197 | eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); | 2234 | eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); | |
2198 | sdec = OPENSSL_malloc(eticklen); | 2235 | sdec = OPENSSL_malloc(eticklen); | |
2199 | if (!sdec) | 2236 | if (!sdec) | |
2200 | { | 2237 | { | |
2201 | EVP_CIPHER_CTX_cleanup(&ctx); | 2238 | EVP_CIPHER_CTX_cleanup(&ctx); | |
2202 | return -1; | 2239 | return -1; | |
2203 | } | 2240 | } | |
2204 | EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); | 2241 | EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); | |
2205 | if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) | 2242 | if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) | |
@@ -2404,38 +2441,38 @@ int tls1_process_sigalgs(SSL *s, const u | @@ -2404,38 +2441,38 @@ int tls1_process_sigalgs(SSL *s, const u | |||
2404 | if (idx == SSL_PKEY_RSA_SIGN) | 2441 | if (idx == SSL_PKEY_RSA_SIGN) | |
2405 | c->pkeys[SSL_PKEY_RSA_ENC].digest = md; | 2442 | c->pkeys[SSL_PKEY_RSA_ENC].digest = md; | |
2406 | } | 2443 | } | |
2407 | } | 2444 | } | |
2408 | 2445 | |||
2409 | } | 2446 | } | |
2410 | 2447 | |||
2411 | 2448 | |||
2412 | /* Set any remaining keys to default values. NOTE: if alg is not | 2449 | /* Set any remaining keys to default values. NOTE: if alg is not | |
2413 | * supported it stays as NULL. | 2450 | * supported it stays as NULL. | |
2414 | */ | 2451 | */ | |
2415 | #ifndef OPENSSL_NO_DSA | 2452 | #ifndef OPENSSL_NO_DSA | |
2416 | if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) | 2453 | if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) | |
2417 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); | 2454 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | |
2418 | #endif | 2455 | #endif | |
2419 | #ifndef OPENSSL_NO_RSA | 2456 | #ifndef OPENSSL_NO_RSA | |
2420 | if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) | 2457 | if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) | |
2421 | { | 2458 | { | |
2422 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); | 2459 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); | |
2423 | c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); | 2460 | c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); | |
2424 | } | 2461 | } | |
2425 | #endif | 2462 | #endif | |
2426 | #ifndef OPENSSL_NO_ECDSA | 2463 | #ifndef OPENSSL_NO_ECDSA | |
2427 | if (!c->pkeys[SSL_PKEY_ECC].digest) | 2464 | if (!c->pkeys[SSL_PKEY_ECC].digest) | |
2428 | c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); | 2465 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | |
2429 | #endif | 2466 | #endif | |
2430 | return 1; | 2467 | return 1; | |
2431 | } | 2468 | } | |
2432 | 2469 | |||
2433 | #endif | 2470 | #endif | |
2434 | 2471 | |||
2435 | #ifndef OPENSSL_NO_HEARTBEATS | 2472 | #ifndef OPENSSL_NO_HEARTBEATS | |
2436 | int | 2473 | int | |
2437 | tls1_process_heartbeat(SSL *s) | 2474 | tls1_process_heartbeat(SSL *s) | |
2438 | { | 2475 | { | |
2439 | unsigned char *p = &s->s3->rrec.data[0], *pl; | 2476 | unsigned char *p = &s->s3->rrec.data[0], *pl; | |
2440 | unsigned short hbtype; | 2477 | unsigned short hbtype; | |
2441 | unsigned int payload; | 2478 | unsigned int payload; |