Import OpenSSL 1.0.1g.
Approved by: benl (maintainer)
This commit is contained in:
parent
2dc7f78169
commit
06369e3974
29
CHANGES
29
CHANGES
@ -2,6 +2,35 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
|
||||
|
||||
*) A missing bounds check in the handling of the TLS heartbeat extension
|
||||
can be used to reveal up to 64k of memory to a connected client or
|
||||
server.
|
||||
|
||||
Thanks for Neel Mehta of Google Security for discovering this bug and to
|
||||
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
|
||||
preparing the fix (CVE-2014-0160)
|
||||
[Adam Langley, Bodo Moeller]
|
||||
|
||||
*) Fix for the attack described in the paper "Recovering OpenSSL
|
||||
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
|
||||
by Yuval Yarom and Naomi Benger. Details can be obtained from:
|
||||
http://eprint.iacr.org/2014/140
|
||||
|
||||
Thanks to Yuval Yarom and Naomi Benger for discovering this
|
||||
flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
|
||||
[Yuval Yarom and Naomi Benger]
|
||||
|
||||
*) TLS pad extension: draft-agl-tls-padding-03
|
||||
|
||||
Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
|
||||
TLS client Hello record length value would otherwise be > 255 and
|
||||
less that 512 pad with a dummy extension containing zeroes so it
|
||||
is at least 512 bytes long.
|
||||
|
||||
[Adam Langley, Steve Henson]
|
||||
|
||||
Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
|
||||
|
||||
*) Fix for TLS record tampering bug. A carefully crafted invalid
|
||||
|
@ -526,7 +526,7 @@ my %table=(
|
||||
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
|
||||
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
|
||||
# Unified CE target
|
||||
"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
|
||||
"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
|
||||
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
|
||||
|
||||
# Borland C++ 4.5
|
||||
|
3
FAQ
3
FAQ
@ -768,6 +768,9 @@ openssl-security@openssl.org if you don't get a prompt reply at least
|
||||
acknowledging receipt then resend or mail it directly to one of the
|
||||
more active team members (e.g. Steve).
|
||||
|
||||
Note that bugs only present in the openssl utility are not in general
|
||||
considered to be security issues.
|
||||
|
||||
[PROG] ========================================================================
|
||||
|
||||
* Is OpenSSL thread-safe?
|
||||
|
@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
|
||||
# Xlist
|
||||
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
|
||||
setenv FSVN "svn+ssh://svn.freebsd.org/base"
|
||||
setenv OSSLVER 1.0.1f
|
||||
# OSSLTAG format: v1_0_1f
|
||||
setenv OSSLVER 1.0.1g
|
||||
# OSSLTAG format: v1_0_1g
|
||||
|
||||
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
|
||||
|
||||
|
6
Makefile
6
Makefile
@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=1.0.1f
|
||||
VERSION=1.0.1g
|
||||
MAJOR=1
|
||||
MINOR=0.1
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
@ -304,8 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
|
||||
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
|
||||
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
|
||||
fi; \
|
||||
$(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \
|
||||
touch -c fips_premain_dso$(EXE_EXT); \
|
||||
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
|
||||
(touch -c fips_premain_dso$(EXE_EXT) || :); \
|
||||
else \
|
||||
echo "There's no support for shared libraries on this platform" >&2; \
|
||||
exit 1; \
|
||||
|
@ -302,8 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
|
||||
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
|
||||
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
|
||||
fi; \
|
||||
$(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \
|
||||
touch -c fips_premain_dso$(EXE_EXT); \
|
||||
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
|
||||
(touch -c fips_premain_dso$(EXE_EXT) || :); \
|
||||
else \
|
||||
echo "There's no support for shared libraries on this platform" >&2; \
|
||||
exit 1; \
|
||||
|
7
NEWS
7
NEWS
@ -5,8 +5,15 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
|
||||
|
||||
o Fix for CVE-2014-0160
|
||||
o Add TLS padding extension workaround for broken servers.
|
||||
o Fix for CVE-2014-0076
|
||||
|
||||
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
|
||||
|
||||
o Don't include gmt_unix_time in TLS server and client random values
|
||||
o Fix for TLS record tampering bug CVE-2013-4353
|
||||
o Fix for TLS version checking bug CVE-2013-6449
|
||||
o Fix for DTLS retransmission bug CVE-2013-6450
|
||||
|
2
README
2
README
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.1f 6 Jan 2014
|
||||
OpenSSL 1.0.1g 7 Apr 2014
|
||||
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
@ -586,12 +586,12 @@ int password_callback(char *buf, int bufsiz, int verify,
|
||||
|
||||
if (ok >= 0)
|
||||
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
|
||||
PW_MIN_LENGTH,BUFSIZ-1);
|
||||
PW_MIN_LENGTH,bufsiz-1);
|
||||
if (ok >= 0 && verify)
|
||||
{
|
||||
buff = (char *)OPENSSL_malloc(bufsiz);
|
||||
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
|
||||
PW_MIN_LENGTH,BUFSIZ-1, buf);
|
||||
PW_MIN_LENGTH,bufsiz-1, buf);
|
||||
}
|
||||
if (ok >= 0)
|
||||
do
|
||||
@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usertime)
|
||||
|
||||
if (proc==NULL)
|
||||
{
|
||||
if (GetVersion() < 0x80000000)
|
||||
if (check_winnt())
|
||||
proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
|
||||
GetCurrentProcessId());
|
||||
if (proc==NULL) proc = (HANDLE)-1;
|
||||
|
18
apps/crl.c
18
apps/crl.c
@ -81,6 +81,9 @@ static const char *crl_usage[]={
|
||||
" -in arg - input file - default stdin\n",
|
||||
" -out arg - output file - default stdout\n",
|
||||
" -hash - print hash value\n",
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
" -hash_old - print old-style (MD5) hash value\n",
|
||||
#endif
|
||||
" -fingerprint - print the crl fingerprint\n",
|
||||
" -issuer - print issuer DN\n",
|
||||
" -lastupdate - lastUpdate field\n",
|
||||
@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
|
||||
int informat,outformat;
|
||||
char *infile=NULL,*outfile=NULL;
|
||||
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
int hash_old=0;
|
||||
#endif
|
||||
int fingerprint = 0, crlnumber = 0;
|
||||
const char **pp;
|
||||
X509_STORE *store = NULL;
|
||||
@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
|
||||
text = 1;
|
||||
else if (strcmp(*argv,"-hash") == 0)
|
||||
hash= ++num;
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
else if (strcmp(*argv,"-hash_old") == 0)
|
||||
hash_old= ++num;
|
||||
#endif
|
||||
else if (strcmp(*argv,"-nameopt") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -304,6 +314,14 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_out,"%08lx\n",
|
||||
X509_NAME_hash(X509_CRL_get_issuer(x)));
|
||||
}
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
if (hash_old == i)
|
||||
{
|
||||
BIO_printf(bio_out,"%08lx\n",
|
||||
X509_NAME_hash_old(
|
||||
X509_CRL_get_issuer(x)));
|
||||
}
|
||||
#endif
|
||||
if (lastupdate == i)
|
||||
{
|
||||
BIO_printf(bio_out,"lastUpdate=");
|
||||
|
@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
if (do_verify)
|
||||
r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
|
||||
r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
|
||||
else
|
||||
r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
|
||||
r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
|
||||
if (!r)
|
||||
{
|
||||
BIO_printf(bio_err, "Error setting context\n");
|
||||
|
@ -105,7 +105,7 @@
|
||||
* in the asn1 der encoding
|
||||
* possible values: named_curve (default)
|
||||
* explicit
|
||||
* -no_seed - if 'explicit' parameters are choosen do not use the seed
|
||||
* -no_seed - if 'explicit' parameters are chosen do not use the seed
|
||||
* -genkey - generate ec key
|
||||
* -rand file - files to use for random number input
|
||||
* -engine e - use engine e, possibly a hardware device
|
||||
@ -286,7 +286,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, " "
|
||||
" explicit\n");
|
||||
BIO_printf(bio_err, " -no_seed if 'explicit'"
|
||||
" parameters are choosen do not"
|
||||
" parameters are chosen do not"
|
||||
" use the seed\n");
|
||||
BIO_printf(bio_err, " -genkey generate ec"
|
||||
" key\n");
|
||||
|
13
apps/req.c
13
apps/req.c
@ -644,6 +644,11 @@ int MAIN(int argc, char **argv)
|
||||
if (inrand)
|
||||
app_RAND_load_files(inrand);
|
||||
|
||||
if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
|
||||
{
|
||||
newkey=DEFAULT_KEY_LENGTH;
|
||||
}
|
||||
|
||||
if (keyalg)
|
||||
{
|
||||
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
|
||||
@ -652,12 +657,6 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (newkey <= 0)
|
||||
{
|
||||
if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
|
||||
newkey=DEFAULT_KEY_LENGTH;
|
||||
}
|
||||
|
||||
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
|
||||
{
|
||||
BIO_printf(bio_err,"private key length is too short,\n");
|
||||
@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
|
||||
keylen = atol(p + 1);
|
||||
*pkeylen = keylen;
|
||||
}
|
||||
else
|
||||
keylen = *pkeylen;
|
||||
}
|
||||
else if (p)
|
||||
paramfile = p + 1;
|
||||
|
@ -1060,7 +1060,7 @@ _vpaes_consts:
|
||||
.Lk_dsbo: # decryption sbox final output
|
||||
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
|
||||
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
|
||||
.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
|
||||
.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
|
||||
.align 64
|
||||
.size _vpaes_consts,.-_vpaes_consts
|
||||
___
|
||||
|
@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
|
||||
{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
|
||||
{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
|
||||
{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"},
|
||||
{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"},
|
||||
{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"},
|
||||
{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
|
||||
{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
|
||||
{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
|
||||
|
@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
|
||||
|
||||
static void xopenlog(BIO* bp, char* name, int level)
|
||||
{
|
||||
if (GetVersion() < 0x80000000)
|
||||
if (check_winnt())
|
||||
bp->ptr = RegisterEventSourceA(NULL,name);
|
||||
else
|
||||
bp->ptr = NULL;
|
||||
|
@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
|
||||
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
|
||||
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
|
||||
|
||||
void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
|
||||
|
||||
/* Deprecated versions */
|
||||
#ifndef OPENSSL_NO_DEPRECATED
|
||||
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
|
||||
@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
|
||||
|
||||
#define bn_fix_top(a) bn_check_top(a)
|
||||
|
||||
#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
|
||||
#define bn_wcheck_size(bn, words) \
|
||||
do { \
|
||||
const BIGNUM *_bnum2 = (bn); \
|
||||
assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
|
||||
} while(0)
|
||||
|
||||
#else /* !BN_DEBUG */
|
||||
|
||||
#define bn_pollute(a)
|
||||
#define bn_check_top(a)
|
||||
#define bn_fix_top(a) bn_correct_top(a)
|
||||
#define bn_check_size(bn, bits)
|
||||
#define bn_wcheck_size(bn, words)
|
||||
|
||||
#endif
|
||||
|
||||
|
@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
|
||||
}
|
||||
return bn_cmp_words(a,b,cl);
|
||||
}
|
||||
|
||||
/*
|
||||
* Constant-time conditional swap of a and b.
|
||||
* a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
|
||||
* nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
|
||||
* and that no more than nwords are used by either a or b.
|
||||
* a and b cannot be the same number
|
||||
*/
|
||||
void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
|
||||
{
|
||||
BN_ULONG t;
|
||||
int i;
|
||||
|
||||
bn_wcheck_size(a, nwords);
|
||||
bn_wcheck_size(b, nwords);
|
||||
|
||||
assert(a != b);
|
||||
assert((condition & (condition - 1)) == 0);
|
||||
assert(sizeof(BN_ULONG) >= sizeof(int));
|
||||
|
||||
condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
|
||||
|
||||
t = (a->top^b->top) & condition;
|
||||
a->top ^= t;
|
||||
b->top ^= t;
|
||||
|
||||
#define BN_CONSTTIME_SWAP(ind) \
|
||||
do { \
|
||||
t = (a->d[ind] ^ b->d[ind]) & condition; \
|
||||
a->d[ind] ^= t; \
|
||||
b->d[ind] ^= t; \
|
||||
} while (0)
|
||||
|
||||
|
||||
switch (nwords) {
|
||||
default:
|
||||
for (i = 10; i < nwords; i++)
|
||||
BN_CONSTTIME_SWAP(i);
|
||||
/* Fallthrough */
|
||||
case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
|
||||
case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
|
||||
case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
|
||||
case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
|
||||
case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
|
||||
case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
|
||||
case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
|
||||
case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
|
||||
case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
|
||||
case 1: BN_CONSTTIME_SWAP(0);
|
||||
}
|
||||
#undef BN_CONSTTIME_SWAP
|
||||
}
|
||||
|
@ -463,8 +463,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
|
||||
STACK_OF(CMS_CertificateChoices) **pcerts;
|
||||
int i;
|
||||
pcerts = cms_get0_certificate_choices(cms);
|
||||
if (!pcerts)
|
||||
return 0;
|
||||
if (!pcerts)
|
||||
return 0;
|
||||
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
|
||||
|
@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta,...)
|
||||
|
||||
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
|
||||
/* this -------------v--- guards NT-specific calls */
|
||||
if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
|
||||
if (check_winnt() && OPENSSL_isservice() > 0)
|
||||
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
|
||||
const TCHAR *pmsg=buf;
|
||||
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
|
||||
|
@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* Computes scalar*point and stores the result in r.
|
||||
* point can not equal r.
|
||||
* Uses algorithm 2P of
|
||||
* Uses a modified algorithm 2P of
|
||||
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
|
||||
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
|
||||
*
|
||||
* To protect against side-channel attack the function uses constant time swap,
|
||||
* avoiding conditional branches.
|
||||
*/
|
||||
static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
const EC_POINT *point, BN_CTX *ctx)
|
||||
@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
|
||||
x2 = &r->X;
|
||||
z2 = &r->Y;
|
||||
|
||||
bn_wexpand(x1, group->field.top);
|
||||
bn_wexpand(z1, group->field.top);
|
||||
bn_wexpand(x2, group->field.top);
|
||||
bn_wexpand(z2, group->field.top);
|
||||
|
||||
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
|
||||
if (!BN_one(z1)) goto err; /* z1 = 1 */
|
||||
if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
|
||||
@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
|
||||
word = scalar->d[i];
|
||||
while (mask)
|
||||
{
|
||||
if (word & mask)
|
||||
{
|
||||
if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
|
||||
if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
|
||||
if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
|
||||
}
|
||||
BN_consttime_swap(word & mask, x1, x2, group->field.top);
|
||||
BN_consttime_swap(word & mask, z1, z2, group->field.top);
|
||||
if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
|
||||
if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
|
||||
BN_consttime_swap(word & mask, x1, x2, group->field.top);
|
||||
BN_consttime_swap(word & mask, z1, z2, group->field.top);
|
||||
mask >>= 1;
|
||||
}
|
||||
mask = BN_TBIT;
|
||||
|
@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
|
||||
!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
|
||||
!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
|
||||
load_dir, 0) ||
|
||||
!ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
|
||||
!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
|
||||
goto notfound;
|
||||
return iterator;
|
||||
|
@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
}
|
||||
|
||||
/* we fell off the end without starting */
|
||||
if (j == i)
|
||||
if ((j == i) && (num == 0))
|
||||
{
|
||||
/* Is this is one long chunk?, if so, keep on
|
||||
* reading until a new line. */
|
||||
|
@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
|
||||
GCM_MUL(ctx,Yi);
|
||||
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctr = BSWAP4(ctx->Yi.d[3]);
|
||||
#else
|
||||
ctr = GETU32(ctx->Yi.c+12);
|
||||
#endif
|
||||
else
|
||||
ctr = ctx->Yi.d[3];
|
||||
}
|
||||
@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
|
||||
(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
}
|
||||
@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
|
||||
}
|
||||
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctr = BSWAP4(ctx->Yi.d[3]);
|
||||
#else
|
||||
ctr = GETU32(ctx->Yi.c+12);
|
||||
#endif
|
||||
else
|
||||
ctr = ctx->Yi.d[3];
|
||||
|
||||
@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
for (i=0; i<16/sizeof(size_t); ++i)
|
||||
@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
for (i=0; i<16/sizeof(size_t); ++i)
|
||||
@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
for (i=0; i<16/sizeof(size_t); ++i)
|
||||
@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
while (len--) {
|
||||
@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
}
|
||||
@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
|
||||
}
|
||||
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctr = BSWAP4(ctx->Yi.d[3]);
|
||||
#else
|
||||
ctr = GETU32(ctx->Yi.c+12);
|
||||
#endif
|
||||
else
|
||||
ctr = ctx->Yi.d[3];
|
||||
|
||||
@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
for (i=0; i<16/sizeof(size_t); ++i)
|
||||
@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
for (i=0; i<16/sizeof(size_t); ++i)
|
||||
@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
for (i=0; i<16/sizeof(size_t); ++i) {
|
||||
@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
while (len--) {
|
||||
@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
|
||||
(*block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
}
|
||||
@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
}
|
||||
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctr = BSWAP4(ctx->Yi.d[3]);
|
||||
#else
|
||||
ctr = GETU32(ctx->Yi.c+12);
|
||||
#endif
|
||||
else
|
||||
ctr = ctx->Yi.d[3];
|
||||
|
||||
@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
|
||||
ctr += GHASH_CHUNK/16;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
GHASH(ctx,out,GHASH_CHUNK);
|
||||
@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
(*stream)(in,out,j,key,ctx->Yi.c);
|
||||
ctr += (unsigned int)j;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
in += i;
|
||||
@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
while (len--) {
|
||||
@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
}
|
||||
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctr = BSWAP4(ctx->Yi.d[3]);
|
||||
#else
|
||||
ctr = GETU32(ctx->Yi.c+12);
|
||||
#endif
|
||||
else
|
||||
ctr = ctx->Yi.d[3];
|
||||
|
||||
@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
|
||||
ctr += GHASH_CHUNK/16;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
out += GHASH_CHUNK;
|
||||
@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
(*stream)(in,out,j,key,ctx->Yi.c);
|
||||
ctr += (unsigned int)j;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
out += i;
|
||||
@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
|
||||
++ctr;
|
||||
if (is_endian.little)
|
||||
#ifdef BSWAP4
|
||||
ctx->Yi.d[3] = BSWAP4(ctr);
|
||||
#else
|
||||
PUTU32(ctx->Yi.c+12,ctr);
|
||||
#endif
|
||||
else
|
||||
ctx->Yi.d[3] = ctr;
|
||||
while (len--) {
|
||||
|
@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x1000106fL
|
||||
#define OPENSSL_VERSION_NUMBER 0x1000107fL
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
|
||||
EVP_MD_CTX m;
|
||||
int do_not_lock;
|
||||
|
||||
if (!num)
|
||||
return;
|
||||
|
||||
/*
|
||||
* (Based on the rand(3) manpage)
|
||||
*
|
||||
|
@ -204,6 +204,12 @@
|
||||
#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
|
||||
#undef SSL_CTX_set_next_proto_select_cb
|
||||
#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
|
||||
#undef ssl3_cbc_record_digest_supported
|
||||
#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
|
||||
#undef ssl_check_clienthello_tlsext_late
|
||||
#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
|
||||
#undef ssl_check_clienthello_tlsext_early
|
||||
#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
|
||||
|
||||
/* Hack some long ENGINE names */
|
||||
#undef ENGINE_get_default_BN_mod_exp_crt
|
||||
|
@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
|
||||
|
||||
s=dir;
|
||||
p=s;
|
||||
for (;;p++)
|
||||
do
|
||||
{
|
||||
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
|
||||
{
|
||||
@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (*p == '\0')
|
||||
break;
|
||||
}
|
||||
} while (*p++ != '\0');
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
|
||||
* a certificate was revoked. This has since been changed since
|
||||
* critical extension can change the meaning of CRL entries.
|
||||
*/
|
||||
if (crl->flags & EXFLAG_CRITICAL)
|
||||
if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
|
||||
&& (crl->flags & EXFLAG_CRITICAL))
|
||||
{
|
||||
if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
|
||||
return 1;
|
||||
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
|
||||
ok = ctx->verify_cb(0, ctx);
|
||||
if(!ok)
|
||||
|
@ -119,7 +119,7 @@ variable points to a section containing further ENGINE configuration
|
||||
information.
|
||||
|
||||
The section pointed to by B<engines> is a table of engine names (though see
|
||||
B<engine_id> below) and further sections containing configuration informations
|
||||
B<engine_id> below) and further sections containing configuration information
|
||||
specific to each ENGINE.
|
||||
|
||||
Each ENGINE specific section is used to set default algorithms, load
|
||||
|
@ -62,6 +62,11 @@ don't output the encoded version of the CRL.
|
||||
output a hash of the issuer name. This can be use to lookup CRLs in
|
||||
a directory by issuer name.
|
||||
|
||||
=item B<-hash_old>
|
||||
|
||||
outputs the "hash" of the CRL issuer name using the older algorithm
|
||||
as used by OpenSSL versions before 1.0.0.
|
||||
|
||||
=item B<-issuer>
|
||||
|
||||
output the issuer name.
|
||||
|
@ -41,7 +41,7 @@ PKCS#8 private key format use the B<pkcs8> command.
|
||||
|
||||
This specifies the input format. The B<DER> option with a private key uses
|
||||
an ASN.1 DER encoded SEC1 private key. When used with a public key it
|
||||
uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
|
||||
uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
|
||||
The B<PEM> form is the default format: it consists of the B<DER> format base64
|
||||
encoded with additional header and footer lines. In the case of a private key
|
||||
PKCS#8 format is also accepted.
|
||||
|
@ -67,7 +67,7 @@ by default.
|
||||
The filename to write certificates and private keys to, standard output by
|
||||
default. They are all written in PEM format.
|
||||
|
||||
=item B<-pass arg>, B<-passin arg>
|
||||
=item B<-passin arg>
|
||||
|
||||
the PKCS#12 file (i.e. input file) password source. For more information about
|
||||
the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
|
||||
@ -75,10 +75,15 @@ L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-passout arg>
|
||||
|
||||
pass phrase source to encrypt any outputed private keys with. For more
|
||||
pass phrase source to encrypt any outputted private keys with. For more
|
||||
information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
|
||||
in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-password arg>
|
||||
|
||||
With -export, -password is equivalent to -passout.
|
||||
Otherwise, -password is equivalent to -passin.
|
||||
|
||||
=item B<-noout>
|
||||
|
||||
this option inhibits output of the keys and certificates to the output file
|
||||
|
@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge>
|
||||
|
||||
=item B<-newhdr>
|
||||
|
||||
Adds the word B<NEW> to the PEM file header and footer lines on the outputed
|
||||
Adds the word B<NEW> to the PEM file header and footer lines on the outputted
|
||||
request. Some software (Netscape certificate server) and some CAs need this.
|
||||
|
||||
=item B<-batch>
|
||||
|
@ -10,6 +10,7 @@ s_client - SSL/TLS client program
|
||||
B<openssl> B<s_client>
|
||||
[B<-connect host:port>]
|
||||
[B<-verify depth>]
|
||||
[B<-verify_return_error>]
|
||||
[B<-cert filename>]
|
||||
[B<-certform DER|PEM>]
|
||||
[B<-key filename>]
|
||||
@ -90,6 +91,11 @@ Currently the verify operation continues after errors so all the problems
|
||||
with a certificate chain can be seen. As a side effect the connection
|
||||
will never fail due to a server certificate verify failure.
|
||||
|
||||
=item B<-verify_return_error>
|
||||
|
||||
Return verification errors instead of continuing. This will typically
|
||||
abort the handshake with a fatal error.
|
||||
|
||||
=item B<-CApath directory>
|
||||
|
||||
The directory to use for server certificate verification. This directory
|
||||
@ -286,6 +292,13 @@ Since the SSLv23 client hello cannot include compression methods or extensions
|
||||
these will only be supported if its use is disabled, for example by using the
|
||||
B<-no_sslv2> option.
|
||||
|
||||
The B<s_client> utility is a test tool and is designed to continue the
|
||||
handshake after any certificate verification errors. As a result it will
|
||||
accept any certificate chain (trusted or not) sent by the peer. None test
|
||||
applications should B<not> do this as it makes them vulnerable to a MITM
|
||||
attack. This behaviour can be changed by with the B<-verify_return_error>
|
||||
option: any verify errors are then returned aborting the handshake.
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
Because this program has a lot of options and also because some of
|
||||
@ -293,9 +306,6 @@ the techniques used are rather old, the C source of s_client is rather
|
||||
hard to read and not a model of how things should be done. A typical
|
||||
SSL client program would be much simpler.
|
||||
|
||||
The B<-verify> option should really exit if the server verification
|
||||
fails.
|
||||
|
||||
The B<-prexit> option is a bit of a hack. We should really report
|
||||
information whenever a session is renegotiated.
|
||||
|
||||
|
@ -111,7 +111,7 @@ by using an appropriate certificate.
|
||||
|
||||
=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
|
||||
|
||||
addtional certificate and private key format and passphrase respectively.
|
||||
additional certificate and private key format and passphrase respectively.
|
||||
|
||||
=item B<-nocert>
|
||||
|
||||
|
@ -352,7 +352,7 @@ switch always overrides the settings in the config file.
|
||||
|
||||
This is the main section and it specifies the name of another section
|
||||
that contains all the options for the B<-reply> command. This default
|
||||
section can be overriden with the B<-section> command line switch. (Optional)
|
||||
section can be overridden with the B<-section> command line switch. (Optional)
|
||||
|
||||
=item B<oid_file>
|
||||
|
||||
@ -453,7 +453,7 @@ included. Default is no. (Optional)
|
||||
=head1 ENVIRONMENT VARIABLES
|
||||
|
||||
B<OPENSSL_CONF> contains the path of the configuration file and can be
|
||||
overriden by the B<-config> command line option.
|
||||
overridden by the B<-config> command line option.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
|
@ -124,7 +124,7 @@ The name of an EGD socket to get random data from. (Optional)
|
||||
=item [request]...
|
||||
|
||||
List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
|
||||
requests are specifed only one request will be sent to the server and it will be
|
||||
requests are specified only one request will be sent to the server and it will be
|
||||
read from the standard input. (Optional)
|
||||
|
||||
=back
|
||||
|
@ -48,7 +48,7 @@ necessary parameters are set, by re-creating the blinding parameters.
|
||||
|
||||
BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
|
||||
If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
|
||||
returned in B<r> (this is useful if a B<RSA> object is shared amoung
|
||||
returned in B<r> (this is useful if a B<RSA> object is shared among
|
||||
several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
|
||||
inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
|
||||
the inverse blinding.
|
||||
|
@ -52,8 +52,11 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and
|
||||
ERR_get_last_error_line_data() store additional data and flags
|
||||
associated with the error code in *B<data>
|
||||
and *B<flags>, unless these are B<NULL>. *B<data> contains a string
|
||||
if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
|
||||
*B<flags>&B<ERR_TXT_MALLOCED> is true.
|
||||
if *B<flags>&B<ERR_TXT_STRING> is true.
|
||||
|
||||
An application B<MUST NOT> free the *B<data> pointer (or any other pointers
|
||||
returned by these functions) with OPENSSL_free() as freeing is handled
|
||||
automatically by the error library.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
|
@ -17,7 +17,7 @@ EVP_BytesToKey - password based encryption routine
|
||||
|
||||
EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
|
||||
the cipher to derive the key and IV for. B<md> is the message digest to use.
|
||||
The B<salt> paramter is used as a salt in the derivation: it should point to
|
||||
The B<salt> parameter is used as a salt in the derivation: it should point to
|
||||
an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
|
||||
B<datal> bytes which is used to derive the keying data. B<count> is the
|
||||
iteration count to use. The derived key and IV will be written to B<key>
|
||||
|
@ -152,7 +152,7 @@ does not remain in memory.
|
||||
|
||||
EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
|
||||
similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
|
||||
EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
|
||||
EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
|
||||
initialized and they always use the default cipher implementation.
|
||||
|
||||
EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
|
||||
|
@ -113,7 +113,7 @@ a special status code is set to the verification callback. This permits it
|
||||
to examine the valid policy tree and perform additional checks or simply
|
||||
log it for debugging purposes.
|
||||
|
||||
By default some addtional features such as indirect CRLs and CRLs signed by
|
||||
By default some additional features such as indirect CRLs and CRLs signed by
|
||||
different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
|
||||
they are enabled.
|
||||
|
||||
|
@ -201,7 +201,7 @@ handle PKCS#8 format encrypted and unencrypted keys too.
|
||||
PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
|
||||
write a private key in an EVP_PKEY structure in PKCS#8
|
||||
EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
|
||||
algorithms. The B<cipher> argument specifies the encryption algoritm to
|
||||
algorithms. The B<cipher> argument specifies the encryption algorithm to
|
||||
use: unlike all other PEM routines the encryption is applied at the
|
||||
PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
|
||||
encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
|
||||
|
@ -169,8 +169,8 @@ that will always continue the TLS/SSL handshake regardless of verification
|
||||
failure, if wished. The callback realizes a verification depth limit with
|
||||
more informational output.
|
||||
|
||||
All verification errors are printed, informations about the certificate chain
|
||||
are printed on request.
|
||||
All verification errors are printed; information about the certificate chain
|
||||
is printed on request.
|
||||
The example is realized for a server that does allow but not require client
|
||||
certificates.
|
||||
|
||||
|
@ -24,7 +24,7 @@ The shutdown state of an ssl connection is a bitmask of:
|
||||
|
||||
=over 4
|
||||
|
||||
=item 0
|
||||
=item Z<>0
|
||||
|
||||
No shutdown setting, yet.
|
||||
|
||||
|
7
e_os.h
7
e_os.h
@ -368,6 +368,13 @@ static unsigned int _strlen31(const char *str)
|
||||
# define DEFAULT_HOME "C:"
|
||||
# endif
|
||||
|
||||
/* Avoid Windows 8 SDK GetVersion deprecated problems */
|
||||
#if defined(_MSC_VER) && _MSC_VER>=1800
|
||||
# define check_winnt() (1)
|
||||
#else
|
||||
# define check_winnt() (GetVersion() < 0x80000000)
|
||||
#endif
|
||||
|
||||
#else /* The non-microsoft world */
|
||||
|
||||
# ifdef OPENSSL_SYS_VMS
|
||||
|
@ -180,8 +180,6 @@ int start_hash(gost_hash_ctx *ctx)
|
||||
*/
|
||||
int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
|
||||
{
|
||||
const byte *curptr=block;
|
||||
const byte *barrier=block+(length-32);/* Last byte we can safely hash*/
|
||||
if (ctx->left)
|
||||
{
|
||||
/*There are some bytes from previous step*/
|
||||
@ -196,24 +194,25 @@ int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
curptr=block+add_bytes;
|
||||
block+=add_bytes;
|
||||
length-=add_bytes;
|
||||
hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
|
||||
add_blocks(32,ctx->S,ctx->remainder);
|
||||
ctx->len+=32;
|
||||
ctx->left=0;
|
||||
}
|
||||
while (curptr<=barrier)
|
||||
while (length>=32)
|
||||
{
|
||||
hash_step(ctx->cipher_ctx,ctx->H,curptr);
|
||||
hash_step(ctx->cipher_ctx,ctx->H,block);
|
||||
|
||||
add_blocks(32,ctx->S,curptr);
|
||||
add_blocks(32,ctx->S,block);
|
||||
ctx->len+=32;
|
||||
curptr+=32;
|
||||
block+=32;
|
||||
length-=32;
|
||||
}
|
||||
if (curptr!=block+length)
|
||||
if (length)
|
||||
{
|
||||
ctx->left=block+length-curptr;
|
||||
memcpy(ctx->remainder,curptr,ctx->left);
|
||||
memcpy(ctx->remainder,block,ctx->left=length);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
|
||||
unsigned int payload;
|
||||
unsigned int padding = 16; /* Use minimum padding */
|
||||
|
||||
/* Read type and payload length first */
|
||||
hbtype = *p++;
|
||||
n2s(p, payload);
|
||||
pl = p;
|
||||
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
|
||||
&s->s3->rrec.data[0], s->s3->rrec.length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
/* Read type and payload length first */
|
||||
if (1 + 2 + 16 > s->s3->rrec.length)
|
||||
return 0; /* silently discard */
|
||||
hbtype = *p++;
|
||||
n2s(p, payload);
|
||||
if (1 + 2 + payload + 16 > s->s3->rrec.length)
|
||||
return 0; /* silently discard per RFC 6520 sec. 4 */
|
||||
pl = p;
|
||||
|
||||
if (hbtype == TLS1_HB_REQUEST)
|
||||
{
|
||||
unsigned char *buffer, *bp;
|
||||
unsigned int write_length = 1 /* heartbeat type */ +
|
||||
2 /* heartbeat length */ +
|
||||
payload + padding;
|
||||
int r;
|
||||
|
||||
if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
|
||||
return 0;
|
||||
|
||||
/* Allocate memory for the response, size is 1 byte
|
||||
* message type, plus 2 bytes payload length, plus
|
||||
* payload, plus padding
|
||||
*/
|
||||
buffer = OPENSSL_malloc(1 + 2 + payload + padding);
|
||||
buffer = OPENSSL_malloc(write_length);
|
||||
bp = buffer;
|
||||
|
||||
/* Enter response type, length and copy payload */
|
||||
@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
|
||||
/* Random padding */
|
||||
RAND_pseudo_bytes(bp, padding);
|
||||
|
||||
r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
|
||||
r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
|
||||
|
||||
if (r >= 0 && s->msg_callback)
|
||||
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
|
||||
buffer, 3 + payload + padding,
|
||||
buffer, write_length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
OPENSSL_free(buffer);
|
||||
|
@ -70,6 +70,15 @@
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <krb5.h>
|
||||
#ifdef OPENSSL_SYS_WIN32
|
||||
/* These can sometimes get redefined indirectly by krb5 header files
|
||||
* after they get undefed in ossl_typ.h
|
||||
*/
|
||||
#undef X509_NAME
|
||||
#undef X509_EXTENSIONS
|
||||
#undef OCSP_REQUEST
|
||||
#undef OCSP_RESPONSE
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -283,7 +283,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
|
||||
send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
|
||||
if (send_time)
|
||||
{
|
||||
unsigned long Time = time(NULL);
|
||||
unsigned long Time = (unsigned long)time(NULL);
|
||||
unsigned char *p = result;
|
||||
l2n(Time, p);
|
||||
return RAND_pseudo_bytes(p, len-4);
|
||||
|
@ -1830,7 +1830,7 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
|
||||
goto f_err;
|
||||
}
|
||||
for (i=0; r[i] != NULL && i<4; i++)
|
||||
for (i=0; i < 4 && r[i] != NULL; i++)
|
||||
{
|
||||
nr[i]=BN_num_bytes(r[i]);
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
@ -1866,7 +1866,7 @@ int ssl3_send_server_key_exchange(SSL *s)
|
||||
d=(unsigned char *)s->init_buf->data;
|
||||
p= &(d[4]);
|
||||
|
||||
for (i=0; r[i] != NULL && i<4; i++)
|
||||
for (i=0; i < 4 && r[i] != NULL; i++)
|
||||
{
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
if ((i == 2) && (type & SSL_kSRP))
|
||||
|
@ -915,7 +915,7 @@ struct ssl_ctx_st
|
||||
*/
|
||||
unsigned int max_send_fragment;
|
||||
|
||||
#ifndef OPENSSL_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
/* Engine to pass requests for client certs to
|
||||
*/
|
||||
ENGINE *client_cert_engine;
|
||||
|
@ -986,7 +986,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
|
||||
}
|
||||
else
|
||||
{
|
||||
EVP_MD_CTX_copy(&hmac,hash);
|
||||
if (!EVP_MD_CTX_copy(&hmac,hash))
|
||||
return -1;
|
||||
mac_ctx = &hmac;
|
||||
}
|
||||
|
||||
|
46
ssl/t1_lib.c
46
ssl/t1_lib.c
@ -662,6 +662,36 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef TLSEXT_TYPE_padding
|
||||
/* Add padding to workaround bugs in F5 terminators.
|
||||
* See https://tools.ietf.org/html/draft-agl-tls-padding-03
|
||||
*
|
||||
* NB: because this code works out the length of all existing
|
||||
* extensions it MUST always appear last.
|
||||
*/
|
||||
{
|
||||
int hlen = ret - (unsigned char *)s->init_buf->data;
|
||||
/* The code in s23_clnt.c to build ClientHello messages includes the
|
||||
* 5-byte record header in the buffer, while the code in s3_clnt.c does
|
||||
* not. */
|
||||
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
|
||||
hlen -= 5;
|
||||
if (hlen > 0xff && hlen < 0x200)
|
||||
{
|
||||
hlen = 0x200 - hlen;
|
||||
if (hlen >= 4)
|
||||
hlen -= 4;
|
||||
else
|
||||
hlen = 0;
|
||||
|
||||
s2n(TLSEXT_TYPE_padding, ret);
|
||||
s2n(hlen, ret);
|
||||
memset(ret, 0, hlen);
|
||||
ret += hlen;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((extdatalen = ret-p-2)== 0)
|
||||
return p;
|
||||
|
||||
@ -1261,7 +1291,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
||||
}
|
||||
}
|
||||
else if (type == TLSEXT_TYPE_status_request &&
|
||||
s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
|
||||
s->version != DTLS1_VERSION)
|
||||
{
|
||||
|
||||
if (size < 5)
|
||||
@ -2558,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
|
||||
unsigned int payload;
|
||||
unsigned int padding = 16; /* Use minimum padding */
|
||||
|
||||
/* Read type and payload length first */
|
||||
hbtype = *p++;
|
||||
n2s(p, payload);
|
||||
pl = p;
|
||||
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
|
||||
&s->s3->rrec.data[0], s->s3->rrec.length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
/* Read type and payload length first */
|
||||
if (1 + 2 + 16 > s->s3->rrec.length)
|
||||
return 0; /* silently discard */
|
||||
hbtype = *p++;
|
||||
n2s(p, payload);
|
||||
if (1 + 2 + payload + 16 > s->s3->rrec.length)
|
||||
return 0; /* silently discard per RFC 6520 sec. 4 */
|
||||
pl = p;
|
||||
|
||||
if (hbtype == TLS1_HB_REQUEST)
|
||||
{
|
||||
unsigned char *buffer, *bp;
|
||||
|
@ -230,6 +230,12 @@ extern "C" {
|
||||
/* ExtensionType value from RFC5620 */
|
||||
#define TLSEXT_TYPE_heartbeat 15
|
||||
|
||||
/* ExtensionType value for TLS padding extension.
|
||||
* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
|
||||
* http://tools.ietf.org/html/draft-agl-tls-padding-03
|
||||
*/
|
||||
#define TLSEXT_TYPE_padding 21
|
||||
|
||||
/* ExtensionType value from RFC4507 */
|
||||
#define TLSEXT_TYPE_session_ticket 35
|
||||
|
||||
|
@ -3511,6 +3511,7 @@ BIO_set_callback 3903 EXIST::FUNCTION:
|
||||
d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
|
||||
i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
|
||||
CRYPTO_memcmp 3906 EXIST::FUNCTION:
|
||||
BN_consttime_swap 3907 EXIST::FUNCTION:
|
||||
SEED_decrypt 3908 EXIST::FUNCTION:SEED
|
||||
SEED_encrypt 3909 EXIST::FUNCTION:SEED
|
||||
SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
|
||||
|
@ -18,7 +18,7 @@ $out_def="out32";
|
||||
$tmp_def="tmp32";
|
||||
$inc_def="inc32";
|
||||
#enable max error messages, disable most common warnings
|
||||
$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
|
||||
$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime ";
|
||||
if ($debug)
|
||||
{
|
||||
$cflags.="-Od -y -v -vi- -D_DEBUG";
|
||||
@ -38,7 +38,7 @@ $efile="";
|
||||
$exep='.exe';
|
||||
if ($no_sock)
|
||||
{ $ex_libs=""; }
|
||||
else { $ex_libs="cw32mt.lib import32.lib"; }
|
||||
else { $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; }
|
||||
|
||||
# static library stuff
|
||||
$mklib='tlib /P64';
|
||||
@ -51,8 +51,8 @@ $lfile='';
|
||||
$shlib_ex_obj="";
|
||||
$app_ex_obj="c0x32.obj";
|
||||
|
||||
$asm='nasmw -f obj -d__omf__';
|
||||
$asm.=" /Zi" if $debug;
|
||||
$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__";
|
||||
$asm.=" -g" if $debug;
|
||||
$afile='-o';
|
||||
|
||||
$bn_mulw_obj='';
|
||||
|
@ -27,6 +27,8 @@ $zlib_lib="zlib1.lib";
|
||||
$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
|
||||
$l_flags =~ s/-L(\S+)/\/libpath:$1/g;
|
||||
|
||||
my $ff = "";
|
||||
|
||||
# C compiler stuff
|
||||
$cc='cl';
|
||||
if ($FLAVOR =~ /WIN64/)
|
||||
@ -126,6 +128,7 @@ else # Win32
|
||||
$base_cflags= " $mf_cflag";
|
||||
my $f = $shlib || $fips ?' /MD':' /MT';
|
||||
$lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
|
||||
$ff = "/fixed";
|
||||
$opt_cflags=$f.' /Ox /O2 /Ob2';
|
||||
$dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
|
||||
$lflags="/nologo /subsystem:console /opt:ref";
|
||||
@ -318,7 +321,7 @@ sub do_lib_rule
|
||||
$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
|
||||
$ret.="\tSET FIPS_TARGET=$target\n";
|
||||
$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
|
||||
$ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
|
||||
$ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target ";
|
||||
$ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
|
||||
$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
|
||||
}
|
||||
@ -355,7 +358,7 @@ sub do_link_rule
|
||||
$ret.="\tSET FIPS_TARGET=$target\n";
|
||||
$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
|
||||
$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
|
||||
$ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
|
||||
$ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n";
|
||||
$ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
|
||||
}
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user