Import OpenSSL 1.0.2h.
This commit is contained in:
parent
9aeed18ad7
commit
57f1256b1a
97
CHANGES
97
CHANGES
@ -2,6 +2,103 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.2g and 1.0.2h [3 May 2016]
|
||||
|
||||
*) Prevent padding oracle in AES-NI CBC MAC check
|
||||
|
||||
A MITM attacker can use a padding oracle attack to decrypt traffic
|
||||
when the connection uses an AES CBC cipher and the server support
|
||||
AES-NI.
|
||||
|
||||
This issue was introduced as part of the fix for Lucky 13 padding
|
||||
attack (CVE-2013-0169). The padding check was rewritten to be in
|
||||
constant time by making sure that always the same bytes are read and
|
||||
compared against either the MAC or padding bytes. But it no longer
|
||||
checked that there was enough data to have both the MAC and padding
|
||||
bytes.
|
||||
|
||||
This issue was reported by Juraj Somorovsky using TLS-Attacker.
|
||||
(CVE-2016-2107)
|
||||
[Kurt Roeckx]
|
||||
|
||||
*) Fix EVP_EncodeUpdate overflow
|
||||
|
||||
An overflow can occur in the EVP_EncodeUpdate() function which is used for
|
||||
Base64 encoding of binary data. If an attacker is able to supply very large
|
||||
amounts of input data then a length check can overflow resulting in a heap
|
||||
corruption.
|
||||
|
||||
Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
|
||||
the PEM_write_bio* family of functions. These are mainly used within the
|
||||
OpenSSL command line applications, so any application which processes data
|
||||
from an untrusted source and outputs it as a PEM file should be considered
|
||||
vulnerable to this issue. User applications that call these APIs directly
|
||||
with large amounts of untrusted data may also be vulnerable.
|
||||
|
||||
This issue was reported by Guido Vranken.
|
||||
(CVE-2016-2105)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Fix EVP_EncryptUpdate overflow
|
||||
|
||||
An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
|
||||
is able to supply very large amounts of input data after a previous call to
|
||||
EVP_EncryptUpdate() with a partial block then a length check can overflow
|
||||
resulting in a heap corruption. Following an analysis of all OpenSSL
|
||||
internal usage of the EVP_EncryptUpdate() function all usage is one of two
|
||||
forms. The first form is where the EVP_EncryptUpdate() call is known to be
|
||||
the first called function after an EVP_EncryptInit(), and therefore that
|
||||
specific call must be safe. The second form is where the length passed to
|
||||
EVP_EncryptUpdate() can be seen from the code to be some small value and
|
||||
therefore there is no possibility of an overflow. Since all instances are
|
||||
one of these two forms, it is believed that there can be no overflows in
|
||||
internal code due to this problem. It should be noted that
|
||||
EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
|
||||
Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
|
||||
of these calls have also been analysed too and it is believed there are no
|
||||
instances in internal usage where an overflow could occur.
|
||||
|
||||
This issue was reported by Guido Vranken.
|
||||
(CVE-2016-2106)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Prevent ASN.1 BIO excessive memory allocation
|
||||
|
||||
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
|
||||
a short invalid encoding can casuse allocation of large amounts of memory
|
||||
potentially consuming excessive resources or exhausting memory.
|
||||
|
||||
Any application parsing untrusted data through d2i BIO functions is
|
||||
affected. The memory based functions such as d2i_X509() are *not* affected.
|
||||
Since the memory based functions are used by the TLS library, TLS
|
||||
applications are not affected.
|
||||
|
||||
This issue was reported by Brian Carpenter.
|
||||
(CVE-2016-2109)
|
||||
[Stephen Henson]
|
||||
|
||||
*) EBCDIC overread
|
||||
|
||||
ASN1 Strings that are over 1024 bytes can cause an overread in applications
|
||||
using the X509_NAME_oneline() function on EBCDIC systems. This could result
|
||||
in arbitrary stack data being returned in the buffer.
|
||||
|
||||
This issue was reported by Guido Vranken.
|
||||
(CVE-2016-2176)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Modify behavior of ALPN to invoke callback after SNI/servername
|
||||
callback, such that updates to the SSL_CTX affect ALPN.
|
||||
[Todd Short]
|
||||
|
||||
*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
|
||||
default.
|
||||
[Kurt Roeckx]
|
||||
|
||||
*) Only remove the SSLv2 methods with the no-ssl2-method option. When the
|
||||
methods are enabled and ssl2 is disabled the methods return NULL.
|
||||
[Kurt Roeckx]
|
||||
|
||||
Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
|
||||
|
||||
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||
|
@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
|
||||
# Xlist
|
||||
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
|
||||
setenv FSVN "svn+ssh://repo.freebsd.org/base"
|
||||
setenv OSSLVER 1.0.2f
|
||||
# OSSLTAG format: v1_0_2f
|
||||
setenv OSSLVER 1.0.2h
|
||||
# OSSLTAG format: v1_0_2h
|
||||
|
||||
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
|
||||
|
||||
|
2
Makefile
2
Makefile
@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=1.0.2g
|
||||
VERSION=1.0.2h
|
||||
MAJOR=1
|
||||
MINOR=0.2
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
|
13
NEWS
13
NEWS
@ -5,6 +5,19 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
|
||||
|
||||
o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
|
||||
o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
|
||||
o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
|
||||
o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
|
||||
o EBCDIC overread (CVE-2016-2176)
|
||||
o Modify behavior of ALPN to invoke callback after SNI/servername
|
||||
callback, such that updates to the SSL_CTX affect ALPN.
|
||||
o Remove LOW from the DEFAULT cipher list. This removes singles DES from
|
||||
the default.
|
||||
o Only remove the SSLv2 methods with the no-ssl2-method option.
|
||||
|
||||
Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
|
||||
|
||||
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||
|
2
README
2
README
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.2g 1 Mar 2016
|
||||
OpenSSL 1.0.2h 3 May 2016
|
||||
|
||||
Copyright (c) 1998-2015 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
12
apps/pkcs7.c
12
apps/pkcs7.c
@ -235,12 +235,16 @@ int MAIN(int argc, char **argv)
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
switch (i) {
|
||||
case NID_pkcs7_signed:
|
||||
certs = p7->d.sign->cert;
|
||||
crls = p7->d.sign->crl;
|
||||
if (p7->d.sign != NULL) {
|
||||
certs = p7->d.sign->cert;
|
||||
crls = p7->d.sign->crl;
|
||||
}
|
||||
break;
|
||||
case NID_pkcs7_signedAndEnveloped:
|
||||
certs = p7->d.signed_and_enveloped->cert;
|
||||
crls = p7->d.signed_and_enveloped->crl;
|
||||
if (p7->d.signed_and_enveloped != NULL) {
|
||||
certs = p7->d.signed_and_enveloped->cert;
|
||||
crls = p7->d.signed_and_enveloped->crl;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
@ -590,7 +590,7 @@ Lenc_loop:
|
||||
xor $s2,$t2,$acc14
|
||||
xor $s3,$t3,$acc15
|
||||
addi $key,$key,16
|
||||
bdnz- Lenc_loop
|
||||
bdnz Lenc_loop
|
||||
|
||||
addi $Tbl2,$Tbl0,2048
|
||||
nop
|
||||
@ -1068,7 +1068,7 @@ Ldec_loop:
|
||||
xor $s2,$t2,$acc14
|
||||
xor $s3,$t3,$acc15
|
||||
addi $key,$key,16
|
||||
bdnz- Ldec_loop
|
||||
bdnz Ldec_loop
|
||||
|
||||
addi $Tbl2,$Tbl0,2048
|
||||
nop
|
||||
|
@ -818,13 +818,9 @@ $code.=<<___ if (!$softonly);
|
||||
tmhl %r0,0x4000 # check for message-security assist
|
||||
jz .Lekey_internal
|
||||
|
||||
lghi %r0,0 # query capability vector
|
||||
la %r1,16($sp)
|
||||
.long 0xb92f0042 # kmc %r4,%r2
|
||||
|
||||
llihh %r1,0x8000
|
||||
srlg %r1,%r1,0(%r5)
|
||||
ng %r1,16($sp)
|
||||
llihh %r0,0x8000
|
||||
srlg %r0,%r0,0(%r5)
|
||||
ng %r0,48(%r1) # check kmc capability vector
|
||||
jz .Lekey_internal
|
||||
|
||||
lmg %r0,%r1,0($inp) # just copy 128 bits...
|
||||
@ -1444,13 +1440,10 @@ $code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
|
||||
|
||||
llgfr $s0,%r0
|
||||
lgr $s1,%r1
|
||||
lghi %r0,0
|
||||
la %r1,16($sp)
|
||||
.long 0xb92d2042 # kmctr %r4,%r2,%r2
|
||||
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
llihh %r0,0x8000 # check if kmctr supports the function code
|
||||
srlg %r0,%r0,0($s0)
|
||||
ng %r0,16($sp)
|
||||
ng %r0,64(%r1) # check kmctr capability vector
|
||||
lgr %r0,$s0
|
||||
lgr %r1,$s1
|
||||
jz .Lctr32_km_loop
|
||||
@ -1597,12 +1590,10 @@ $code.=<<___ if(1);
|
||||
llgfr $s0,%r0 # put aside the function code
|
||||
lghi $s1,0x7f
|
||||
nr $s1,%r0
|
||||
lghi %r0,0 # query capability vector
|
||||
la %r1,$tweak-16($sp)
|
||||
.long 0xb92e0042 # km %r4,%r2
|
||||
llihh %r1,0x8000
|
||||
srlg %r1,%r1,32($s1) # check for 32+function code
|
||||
ng %r1,$tweak-16($sp)
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
llihh %r0,0x8000
|
||||
srlg %r0,%r0,32($s1) # check for 32+function code
|
||||
ng %r0,32(%r1) # check km capability vector
|
||||
lgr %r0,$s0 # restore the function code
|
||||
la %r1,0($key1) # restore $key1
|
||||
jz .Lxts_km_vanilla
|
||||
@ -2229,7 +2220,7 @@ ___
|
||||
}
|
||||
$code.=<<___;
|
||||
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
|
||||
.comm OPENSSL_s390xcap_P,16,8
|
||||
.comm OPENSSL_s390xcap_P,80,8
|
||||
___
|
||||
|
||||
$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
|
@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
|
||||
} else {
|
||||
if (len != 0) {
|
||||
if ((ret->length < len) || (ret->data == NULL)) {
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
|
||||
if (s == NULL) {
|
||||
i = ERR_R_MALLOC_FAILURE;
|
||||
goto err;
|
||||
}
|
||||
if (ret->data != NULL)
|
||||
OPENSSL_free(ret->data);
|
||||
} else
|
||||
s = ret->data;
|
||||
memcpy(s, p, (int)len);
|
||||
|
@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
|
||||
#endif
|
||||
|
||||
#define HEADER_SIZE 8
|
||||
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
|
||||
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
BUF_MEM *b;
|
||||
@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
/* suck in c.slen bytes of data */
|
||||
want = c.slen;
|
||||
if (want > (len - off)) {
|
||||
size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
|
||||
|
||||
want -= (len - off);
|
||||
if (want > INT_MAX /* BIO_read takes an int length */ ||
|
||||
len + want < len) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
if (!BUF_MEM_grow_clean(b, len + want)) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
while (want > 0) {
|
||||
i = BIO_read(in, &(b->data[len]), want);
|
||||
if (i <= 0) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
/*
|
||||
* Read content in chunks of increasing size
|
||||
* so we can return an error for EOF without
|
||||
* having to allocate the entire content length
|
||||
* in one go.
|
||||
*/
|
||||
size_t chunk = want > chunk_max ? chunk_max : want;
|
||||
|
||||
if (!BUF_MEM_grow_clean(b, len + chunk)) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
want -= chunk;
|
||||
while (chunk > 0) {
|
||||
i = BIO_read(in, &(b->data[len]), chunk);
|
||||
if (i <= 0) {
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
* This can't overflow because |len+want| didn't
|
||||
* overflow.
|
||||
*/
|
||||
len += i;
|
||||
want -= i;
|
||||
len += i;
|
||||
chunk -= i;
|
||||
}
|
||||
if (chunk_max < INT_MAX/2)
|
||||
chunk_max *= 2;
|
||||
}
|
||||
}
|
||||
if (off + c.slen < off) {
|
||||
|
@ -126,9 +126,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
|
||||
result = 0; /* They do not have content. */
|
||||
break;
|
||||
case V_ASN1_INTEGER:
|
||||
case V_ASN1_NEG_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
case V_ASN1_NEG_ENUMERATED:
|
||||
case V_ASN1_BIT_STRING:
|
||||
case V_ASN1_OCTET_STRING:
|
||||
case V_ASN1_SEQUENCE:
|
||||
|
@ -63,7 +63,7 @@
|
||||
#include <openssl/asn1_mac.h>
|
||||
|
||||
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
int max);
|
||||
long max);
|
||||
static void asn1_put_length(unsigned char **pp, int length);
|
||||
const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
|
||||
|
||||
@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
|
||||
}
|
||||
*ptag = tag;
|
||||
*pclass = xclass;
|
||||
if (!asn1_get_length(&p, &inf, plength, (int)max))
|
||||
if (!asn1_get_length(&p, &inf, plength, max))
|
||||
goto err;
|
||||
|
||||
if (inf && !(ret & V_ASN1_CONSTRUCTED))
|
||||
@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
|
||||
}
|
||||
|
||||
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
int max)
|
||||
long max)
|
||||
{
|
||||
const unsigned char *p = *pp;
|
||||
unsigned long ret = 0;
|
||||
unsigned int i;
|
||||
unsigned long i;
|
||||
|
||||
if (max-- < 1)
|
||||
return (0);
|
||||
return 0;
|
||||
if (*p == 0x80) {
|
||||
*inf = 1;
|
||||
ret = 0;
|
||||
@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
*inf = 0;
|
||||
i = *p & 0x7f;
|
||||
if (*(p++) & 0x80) {
|
||||
if (i > sizeof(long))
|
||||
if (i > sizeof(ret) || max < (long)i)
|
||||
return 0;
|
||||
if (max-- == 0)
|
||||
return (0);
|
||||
while (i-- > 0) {
|
||||
ret <<= 8L;
|
||||
ret |= *(p++);
|
||||
if (max-- == 0)
|
||||
return (0);
|
||||
}
|
||||
} else
|
||||
ret = i;
|
||||
@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
return 0;
|
||||
*pp = p;
|
||||
*rl = (long)ret;
|
||||
return (1);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
|
||||
goto end;
|
||||
if (j & V_ASN1_CONSTRUCTED) {
|
||||
const unsigned char *sp;
|
||||
|
||||
ep = p + len;
|
||||
if (BIO_write(bp, "\n", 1) <= 0)
|
||||
goto end;
|
||||
@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
goto end;
|
||||
}
|
||||
if ((j == 0x21) && (len == 0)) {
|
||||
sp = p;
|
||||
for (;;) {
|
||||
r = asn1_parse2(bp, &p, (long)(tot - p),
|
||||
offset + (p - *pp), depth + 1,
|
||||
@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
if ((r == 2) || (p >= tot))
|
||||
if ((r == 2) || (p >= tot)) {
|
||||
len = p - sp;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else
|
||||
} else {
|
||||
long tmp = len;
|
||||
|
||||
while (p < ep) {
|
||||
r = asn1_parse2(bp, &p, (long)len,
|
||||
offset + (p - *pp), depth + 1,
|
||||
sp = p;
|
||||
r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
|
||||
indent, dump);
|
||||
if (r == 0) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
tmp -= p - sp;
|
||||
}
|
||||
}
|
||||
} else if (xclass != 0) {
|
||||
p += len;
|
||||
if (BIO_write(bp, "\n", 1) <= 0)
|
||||
|
@ -140,7 +140,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
|
||||
goto err;
|
||||
|
||||
bs = X509_get_serialNumber(x);
|
||||
if (bs->length <= (int)sizeof(long)) {
|
||||
if (bs->length < (int)sizeof(long)
|
||||
|| (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
|
||||
l = ASN1_INTEGER_get(bs);
|
||||
if (bs->type == V_ASN1_NEG_INTEGER) {
|
||||
l = -l;
|
||||
|
@ -901,9 +901,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
||||
break;
|
||||
|
||||
case V_ASN1_INTEGER:
|
||||
case V_ASN1_NEG_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
case V_ASN1_NEG_ENUMERATED:
|
||||
tint = (ASN1_INTEGER **)pval;
|
||||
if (!c2i_ASN1_INTEGER(tint, &cont, len))
|
||||
goto err;
|
||||
|
@ -611,9 +611,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
|
||||
break;
|
||||
|
||||
case V_ASN1_INTEGER:
|
||||
case V_ASN1_NEG_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
case V_ASN1_NEG_ENUMERATED:
|
||||
/*
|
||||
* These are all have the same content format as ASN1_INTEGER
|
||||
*/
|
||||
|
@ -66,6 +66,13 @@
|
||||
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
|
||||
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
|
||||
|
||||
/*
|
||||
* Maximum length of X509_NAME: much larger than anything we should
|
||||
* ever see in practice.
|
||||
*/
|
||||
|
||||
#define X509_NAME_MAX (1024 * 1024)
|
||||
|
||||
static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_ITEM *it,
|
||||
@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
|
||||
int i, j, ret;
|
||||
STACK_OF(X509_NAME_ENTRY) *entries;
|
||||
X509_NAME_ENTRY *entry;
|
||||
if (len > X509_NAME_MAX) {
|
||||
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
|
||||
return 0;
|
||||
}
|
||||
q = p;
|
||||
|
||||
/* Get internal representation of Name */
|
||||
|
@ -201,10 +201,20 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
|
||||
int i2d_X509_AUX(X509 *a, unsigned char **pp)
|
||||
{
|
||||
int length;
|
||||
int length, tmplen;
|
||||
unsigned char *start = pp != NULL ? *pp : NULL;
|
||||
length = i2d_X509(a, pp);
|
||||
if (a)
|
||||
length += i2d_X509_CERT_AUX(a->aux, pp);
|
||||
if (length < 0 || a == NULL)
|
||||
return length;
|
||||
|
||||
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
|
||||
if (tmplen < 0) {
|
||||
if (start != NULL)
|
||||
*pp = start;
|
||||
return tmplen;
|
||||
}
|
||||
length += tmplen;
|
||||
|
||||
return length;
|
||||
}
|
||||
|
||||
|
@ -191,7 +191,7 @@ L1st:
|
||||
|
||||
addi $j,$j,$BNSZ ; j++
|
||||
addi $tp,$tp,$BNSZ ; tp++
|
||||
bdnz- L1st
|
||||
bdnz L1st
|
||||
;L1st
|
||||
addc $lo0,$alo,$hi0
|
||||
addze $hi0,$ahi
|
||||
@ -253,7 +253,7 @@ Linner:
|
||||
addze $hi1,$hi1
|
||||
$ST $lo1,0($tp) ; tp[j-1]
|
||||
addi $tp,$tp,$BNSZ ; tp++
|
||||
bdnz- Linner
|
||||
bdnz Linner
|
||||
;Linner
|
||||
$LD $tj,$BNSZ($tp) ; tp[j]
|
||||
addc $lo0,$alo,$hi0
|
||||
@ -276,7 +276,7 @@ Linner:
|
||||
slwi $tj,$num,`log($BNSZ)/log(2)`
|
||||
$UCMP $i,$tj
|
||||
addi $i,$i,$BNSZ
|
||||
ble- Louter
|
||||
ble Louter
|
||||
|
||||
addi $num,$num,2 ; restore $num
|
||||
subfc $j,$j,$j ; j=0 and "clear" XER[CA]
|
||||
@ -289,7 +289,7 @@ Lsub: $LDX $tj,$tp,$j
|
||||
subfe $aj,$nj,$tj ; tp[j]-np[j]
|
||||
$STX $aj,$rp,$j
|
||||
addi $j,$j,$BNSZ
|
||||
bdnz- Lsub
|
||||
bdnz Lsub
|
||||
|
||||
li $j,0
|
||||
mtctr $num
|
||||
@ -304,7 +304,7 @@ Lcopy: ; copy or in-place refresh
|
||||
$STX $tj,$rp,$j
|
||||
$STX $j,$tp,$j ; zap at once
|
||||
addi $j,$j,$BNSZ
|
||||
bdnz- Lcopy
|
||||
bdnz Lcopy
|
||||
|
||||
$POP $tj,0($sp)
|
||||
li r3,1
|
||||
|
@ -1556,7 +1556,7 @@ Lppcasm_sub_mainloop:
|
||||
# if carry = 1 this is r7-r8. Else it
|
||||
# is r7-r8 -1 as we need.
|
||||
$STU r6,$BNSZ(r3)
|
||||
bdnz- Lppcasm_sub_mainloop
|
||||
bdnz Lppcasm_sub_mainloop
|
||||
Lppcasm_sub_adios:
|
||||
subfze r3,r0 # if carry bit is set then r3 = 0 else -1
|
||||
andi. r3,r3,1 # keep only last bit.
|
||||
@ -1603,7 +1603,7 @@ Lppcasm_add_mainloop:
|
||||
$LDU r8,$BNSZ(r5)
|
||||
adde r8,r7,r8
|
||||
$STU r8,$BNSZ(r3)
|
||||
bdnz- Lppcasm_add_mainloop
|
||||
bdnz Lppcasm_add_mainloop
|
||||
Lppcasm_add_adios:
|
||||
addze r3,r0 #return carry bit.
|
||||
blr
|
||||
@ -1762,7 +1762,7 @@ Lppcasm_sqr_mainloop:
|
||||
$UMULH r8,r6,r6
|
||||
$STU r7,$BNSZ(r3)
|
||||
$STU r8,$BNSZ(r3)
|
||||
bdnz- Lppcasm_sqr_mainloop
|
||||
bdnz Lppcasm_sqr_mainloop
|
||||
Lppcasm_sqr_adios:
|
||||
blr
|
||||
.long 0
|
||||
@ -1827,7 +1827,7 @@ Lppcasm_mw_LOOP:
|
||||
|
||||
addi r3,r3,`4*$BNSZ`
|
||||
addi r4,r4,`4*$BNSZ`
|
||||
bdnz- Lppcasm_mw_LOOP
|
||||
bdnz Lppcasm_mw_LOOP
|
||||
|
||||
Lppcasm_mw_REM:
|
||||
andi. r5,r5,0x3
|
||||
@ -1951,7 +1951,7 @@ Lppcasm_maw_mainloop:
|
||||
$ST r11,`3*$BNSZ`(r3)
|
||||
addi r3,r3,`4*$BNSZ`
|
||||
addi r4,r4,`4*$BNSZ`
|
||||
bdnz- Lppcasm_maw_mainloop
|
||||
bdnz Lppcasm_maw_mainloop
|
||||
|
||||
Lppcasm_maw_leftover:
|
||||
andi. r5,r5,0x3
|
||||
|
@ -734,7 +734,7 @@ $code.=<<___;
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
bdnz- L1st
|
||||
bdnz L1st
|
||||
|
||||
fctid $dota,$dota
|
||||
fctid $dotb,$dotb
|
||||
@ -1280,7 +1280,7 @@ $code.=<<___;
|
||||
___
|
||||
}
|
||||
$code.=<<___;
|
||||
bdnz- Linner
|
||||
bdnz Linner
|
||||
|
||||
fctid $dota,$dota
|
||||
fctid $dotb,$dotb
|
||||
@ -1490,7 +1490,7 @@ Lsub: ldx $t0,$tp,$i
|
||||
stdx $t0,$rp,$i
|
||||
stdx $t2,$t6,$i
|
||||
addi $i,$i,16
|
||||
bdnz- Lsub
|
||||
bdnz Lsub
|
||||
|
||||
li $i,0
|
||||
subfe $ovf,$i,$ovf ; handle upmost overflow bit
|
||||
@ -1517,7 +1517,7 @@ Lcopy: ; copy or in-place refresh
|
||||
stdx $i,$tp,$i ; zap tp at once
|
||||
stdx $i,$t4,$i
|
||||
addi $i,$i,16
|
||||
bdnz- Lcopy
|
||||
bdnz Lcopy
|
||||
___
|
||||
$code.=<<___ if ($SIZE_T==4);
|
||||
subf $np,$num,$np ; rewind np
|
||||
@ -1550,7 +1550,7 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order
|
||||
stw $t5,8($rp)
|
||||
stw $t6,12($rp)
|
||||
stwu $t7,16($rp)
|
||||
bdnz- Lsub
|
||||
bdnz Lsub
|
||||
|
||||
li $i,0
|
||||
subfe $ovf,$i,$ovf ; handle upmost overflow bit
|
||||
@ -1582,7 +1582,7 @@ Lcopy: ; copy or in-place refresh
|
||||
stwu $t3,16($rp)
|
||||
std $i,8($tp) ; zap tp at once
|
||||
stdu $i,16($tp)
|
||||
bdnz- Lcopy
|
||||
bdnz Lcopy
|
||||
___
|
||||
|
||||
$code.=<<___;
|
||||
|
@ -85,6 +85,21 @@ $frame=32; # size of above frame rounded up to 16n
|
||||
|
||||
&and ("esp",-64); # align to cache line
|
||||
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
&mov ("eax","ebp");
|
||||
&sub ("eax","esp");
|
||||
&and ("eax",-4096);
|
||||
&set_label("page_walk");
|
||||
&mov ("edx",&DWP(0,"esp","eax"));
|
||||
&sub ("eax",4096);
|
||||
&data_byte(0x2e);
|
||||
&jnc (&label("page_walk"));
|
||||
|
||||
################################# load argument block...
|
||||
&mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
|
||||
&mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
|
||||
|
@ -130,6 +130,20 @@ $code.=<<___;
|
||||
|
||||
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul_body:
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmul_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x66,0x2e # predict non-taken
|
||||
jnc .Lmul_page_walk
|
||||
|
||||
mov $bp,%r12 # reassign $bp
|
||||
___
|
||||
$bp="%r12";
|
||||
@ -342,6 +356,14 @@ $code.=<<___;
|
||||
|
||||
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul4x_body:
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmul4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmul4x_page_walk
|
||||
|
||||
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
|
||||
mov %rdx,%r12 # reassign $bp
|
||||
___
|
||||
@ -795,6 +817,15 @@ bn_sqr8x_mont:
|
||||
sub %r11,%rsp
|
||||
.Lsqr8x_sp_done:
|
||||
and \$-64,%rsp
|
||||
mov %rax,%r11
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lsqr8x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lsqr8x_page_walk
|
||||
|
||||
mov $num,%r10
|
||||
neg $num
|
||||
|
||||
@ -932,8 +963,17 @@ bn_mulx4x_mont:
|
||||
sub $num,%r10 # -$num
|
||||
mov ($n0),$n0 # *n0
|
||||
lea -72(%rsp,%r10),%rsp # alloca(frame+$num+8)
|
||||
lea ($bp,$num),%r10
|
||||
and \$-128,%rsp
|
||||
mov %rax,%r11
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmulx4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x66,0x2e # predict non-taken
|
||||
jnc .Lmulx4x_page_walk
|
||||
|
||||
lea ($bp,$num),%r10
|
||||
##############################################################
|
||||
# Stack layout
|
||||
# +0 num
|
||||
|
@ -115,6 +115,20 @@ $code.=<<___;
|
||||
|
||||
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
|
||||
.Lmul_body:
|
||||
# Some OSes, *cough*-dows, insist on stack being "wired" to
|
||||
# physical memory in strictly sequential manner, i.e. if stack
|
||||
# allocation spans two pages, then reference to farmost one can
|
||||
# be punishable by SEGV. But page walking can do good even on
|
||||
# other OSes, because it guarantees that villain thread hits
|
||||
# the guard page before it can make damage to innocent one...
|
||||
sub %rsp,%rax
|
||||
and \$-4096,%rax
|
||||
.Lmul_page_walk:
|
||||
mov (%rsp,%rax),%r11
|
||||
sub \$4096,%rax
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmul_page_walk
|
||||
|
||||
lea 128($bp),%r12 # reassign $bp (+size optimization)
|
||||
___
|
||||
$bp="%r12";
|
||||
@ -469,6 +483,15 @@ $code.=<<___;
|
||||
sub %r11,%rsp
|
||||
.Lmul4xsp_done:
|
||||
and \$-64,%rsp
|
||||
mov %rax,%r11
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmul4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmul4x_page_walk
|
||||
|
||||
neg $num
|
||||
|
||||
mov %rax,40(%rsp)
|
||||
@ -1058,6 +1081,15 @@ $code.=<<___;
|
||||
sub %r11,%rsp
|
||||
.Lpwr_sp_done:
|
||||
and \$-64,%rsp
|
||||
mov %rax,%r11
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lpwr_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lpwr_page_walk
|
||||
|
||||
mov $num,%r10
|
||||
neg $num
|
||||
|
||||
@ -2028,7 +2060,16 @@ bn_from_mont8x:
|
||||
sub %r11,%rsp
|
||||
.Lfrom_sp_done:
|
||||
and \$-64,%rsp
|
||||
mov $num,%r10
|
||||
mov %rax,%r11
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lfrom_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lfrom_page_walk
|
||||
|
||||
mov $num,%r10
|
||||
neg $num
|
||||
|
||||
##############################################################
|
||||
@ -2173,6 +2214,15 @@ bn_mulx4x_mont_gather5:
|
||||
sub %r11,%rsp
|
||||
.Lmulx4xsp_done:
|
||||
and \$-64,%rsp # ensure alignment
|
||||
mov %rax,%r11
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lmulx4x_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lmulx4x_page_walk
|
||||
|
||||
##############################################################
|
||||
# Stack layout
|
||||
# +0 -num
|
||||
@ -2619,6 +2669,15 @@ bn_powerx5:
|
||||
sub %r11,%rsp
|
||||
.Lpwrx_sp_done:
|
||||
and \$-64,%rsp
|
||||
mov %rax,%r11
|
||||
sub %rsp,%r11
|
||||
and \$-4096,%r11
|
||||
.Lpwrx_page_walk:
|
||||
mov (%rsp,%r11),%r10
|
||||
sub \$4096,%r11
|
||||
.byte 0x2e # predict non-taken
|
||||
jnc .Lpwrx_page_walk
|
||||
|
||||
mov $num,%r10
|
||||
neg $num
|
||||
|
||||
|
@ -4,6 +4,10 @@
|
||||
|
||||
# include <openssl/crypto.h>
|
||||
|
||||
# ifdef OPENSSL_NO_COMP
|
||||
# error COMP is disabled.
|
||||
# endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -199,8 +199,8 @@ e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
|
||||
e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../e_os.h ../../include/openssl/aes.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
|
||||
@ -214,9 +214,9 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/rand.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h
|
||||
e_aes_cbc_hmac_sha1.o: e_aes_cbc_hmac_sha1.c
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/aes.h
|
||||
e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
|
||||
e_aes_cbc_hmac_sha1.o: ../modes/modes_lcl.h e_aes_cbc_hmac_sha1.c
|
||||
e_aes_cbc_hmac_sha256.o: ../../e_os.h ../../include/openssl/aes.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/asn1.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/bio.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/crypto.h
|
||||
@ -232,7 +232,8 @@ e_aes_cbc_hmac_sha256.o: ../../include/openssl/rand.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/safestack.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/sha.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/stack.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h
|
||||
e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h
|
||||
e_aes_cbc_hmac_sha256.o: ../constant_time_locl.h ../modes/modes_lcl.h
|
||||
e_aes_cbc_hmac_sha256.o: e_aes_cbc_hmac_sha256.c
|
||||
e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
|
||||
|
@ -212,8 +212,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|
||||
}
|
||||
#endif
|
||||
if (ctx->digest != type) {
|
||||
if (ctx->digest && ctx->digest->ctx_size)
|
||||
if (ctx->digest && ctx->digest->ctx_size) {
|
||||
OPENSSL_free(ctx->md_data);
|
||||
ctx->md_data = NULL;
|
||||
}
|
||||
ctx->digest = type;
|
||||
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
|
||||
ctx->update = type->update;
|
||||
|
@ -60,6 +60,7 @@
|
||||
# include <openssl/sha.h>
|
||||
# include <openssl/rand.h>
|
||||
# include "modes_lcl.h"
|
||||
# include "constant_time_locl.h"
|
||||
|
||||
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
|
||||
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
|
||||
@ -578,6 +579,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
|
||||
maxpad &= 255;
|
||||
|
||||
ret &= constant_time_ge(maxpad, pad);
|
||||
|
||||
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
|
||||
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
|
||||
inp_len &= mask;
|
||||
|
@ -60,6 +60,7 @@
|
||||
# include <openssl/sha.h>
|
||||
# include <openssl/rand.h>
|
||||
# include "modes_lcl.h"
|
||||
# include "constant_time_locl.h"
|
||||
|
||||
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
|
||||
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
|
||||
@ -589,6 +590,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
|
||||
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
|
||||
maxpad &= 255;
|
||||
|
||||
ret &= constant_time_ge(maxpad, pad);
|
||||
|
||||
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
|
||||
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
|
||||
inp_len &= mask;
|
||||
|
@ -57,6 +57,7 @@
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
int i, j;
|
||||
unsigned int total = 0;
|
||||
size_t total = 0;
|
||||
|
||||
*outl = 0;
|
||||
if (inl <= 0)
|
||||
return;
|
||||
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
|
||||
if ((ctx->num + inl) < ctx->length) {
|
||||
if (ctx->length - ctx->num > inl) {
|
||||
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
|
||||
ctx->num += inl;
|
||||
return;
|
||||
@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
*out = '\0';
|
||||
total = j + 1;
|
||||
}
|
||||
while (inl >= ctx->length) {
|
||||
while (inl >= ctx->length && total <= INT_MAX) {
|
||||
j = EVP_EncodeBlock(out, in, ctx->length);
|
||||
in += ctx->length;
|
||||
inl -= ctx->length;
|
||||
@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
*out = '\0';
|
||||
total += j + 1;
|
||||
}
|
||||
if (total > INT_MAX) {
|
||||
/* Too much output data! */
|
||||
*outl = 0;
|
||||
return;
|
||||
}
|
||||
if (inl != 0)
|
||||
memcpy(&(ctx->enc_data[0]), in, inl);
|
||||
ctx->num = inl;
|
||||
|
@ -347,7 +347,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
bl = ctx->cipher->block_size;
|
||||
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
|
||||
if (i != 0) {
|
||||
if (i + inl < bl) {
|
||||
if (bl - i > inl) {
|
||||
memcpy(&(ctx->buf[i]), in, inl);
|
||||
ctx->buf_len += inl;
|
||||
*outl = 0;
|
||||
|
@ -85,9 +85,7 @@ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block...
|
||||
tmhl %r0,0x4000 # check for message-security-assist
|
||||
jz .Lsoft_gmult
|
||||
lghi %r0,0
|
||||
la %r1,16($sp)
|
||||
.long 0xb93e0004 # kimd %r0,%r4
|
||||
lg %r1,24($sp)
|
||||
lg %r1,24(%r1) # load second word of kimd capabilities vector
|
||||
tmhh %r1,0x4000 # check for function 65
|
||||
jz .Lsoft_gmult
|
||||
stg %r0,16($sp) # arrange 16 bytes of zero input
|
||||
|
@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000207fL
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000208fL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g-fips 1 Mar 2016"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2h-fips 3 May 2016"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g 1 Mar 2016"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2h 3 May 2016"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
@ -348,7 +348,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
|
||||
if (enc != NULL) {
|
||||
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
|
||||
if (objstr == NULL) {
|
||||
if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
|
||||
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
|
||||
goto err;
|
||||
}
|
||||
|
@ -131,6 +131,10 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
|
||||
# define MS_PVKMAGIC 0xb0b5f11eL
|
||||
/* Salt length for PVK files */
|
||||
# define PVK_SALTLEN 0x10
|
||||
/* Maximum length in PVK header */
|
||||
# define PVK_MAX_KEYLEN 102400
|
||||
/* Maximum salt length */
|
||||
# define PVK_MAX_SALTLEN 10240
|
||||
|
||||
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
|
||||
unsigned int bitlen, int ispub);
|
||||
@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
|
||||
*psaltlen = read_ledword(&p);
|
||||
*pkeylen = read_ledword(&p);
|
||||
|
||||
if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
|
||||
return 0;
|
||||
|
||||
if (is_encrypted && !*psaltlen) {
|
||||
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
|
||||
return 0;
|
||||
|
@ -195,6 +195,7 @@ my %globals;
|
||||
sub out {
|
||||
my $self = shift;
|
||||
|
||||
$self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
|
||||
if ($gas) {
|
||||
# Solaris /usr/ccs/bin/as can't handle multiplications
|
||||
# in $self->{value}
|
||||
@ -205,7 +206,6 @@ my %globals;
|
||||
}
|
||||
sprintf "\$%s",$self->{value};
|
||||
} else {
|
||||
$self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
|
||||
$self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
|
||||
sprintf "%s",$self->{value};
|
||||
}
|
||||
|
@ -5,14 +5,46 @@
|
||||
.align 16
|
||||
OPENSSL_s390x_facilities:
|
||||
lghi %r0,0
|
||||
larl %r2,OPENSSL_s390xcap_P
|
||||
stg %r0,8(%r2)
|
||||
.long 0xb2b02000 # stfle 0(%r2)
|
||||
larl %r4,OPENSSL_s390xcap_P
|
||||
stg %r0,8(%r4) # wipe capability vectors
|
||||
stg %r0,16(%r4)
|
||||
stg %r0,24(%r4)
|
||||
stg %r0,32(%r4)
|
||||
stg %r0,40(%r4)
|
||||
stg %r0,48(%r4)
|
||||
stg %r0,56(%r4)
|
||||
stg %r0,64(%r4)
|
||||
stg %r0,72(%r4)
|
||||
|
||||
.long 0xb2b04000 # stfle 0(%r4)
|
||||
brc 8,.Ldone
|
||||
lghi %r0,1
|
||||
.long 0xb2b02000 # stfle 0(%r2)
|
||||
.long 0xb2b04000 # stfle 0(%r4)
|
||||
.Ldone:
|
||||
lg %r2,0(%r2)
|
||||
lmg %r2,%r3,0(%r4)
|
||||
tmhl %r2,0x4000 # check for message-security-assist
|
||||
jz .Lret
|
||||
|
||||
lghi %r0,0 # query kimd capabilities
|
||||
la %r1,16(%r4)
|
||||
.long 0xb93e0002 # kimd %r0,%r2
|
||||
|
||||
lghi %r0,0 # query km capability vector
|
||||
la %r1,32(%r4)
|
||||
.long 0xb92e0042 # km %r4,%r2
|
||||
|
||||
lghi %r0,0 # query kmc capability vector
|
||||
la %r1,48(%r4)
|
||||
.long 0xb92f0042 # kmc %r4,%r2
|
||||
|
||||
tmhh %r3,0x0004 # check for message-security-assist-4
|
||||
jz .Lret
|
||||
|
||||
lghi %r0,0 # query kmctr capability vector
|
||||
la %r1,64(%r4)
|
||||
.long 0xb92d2042 # kmctr %r4,%r2,%r2
|
||||
|
||||
.Lret:
|
||||
br %r14
|
||||
.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
|
||||
|
||||
@ -96,4 +128,4 @@ OPENSSL_cleanse:
|
||||
.section .init
|
||||
brasl %r14,OPENSSL_cpuid_setup
|
||||
|
||||
.comm OPENSSL_s390xcap_P,16,8
|
||||
.comm OPENSSL_s390xcap_P,80,8
|
||||
|
@ -227,7 +227,7 @@ Lunaligned:
|
||||
srwi. $t1,$t1,6 ; t1/=64
|
||||
beq Lcross_page
|
||||
$UCMP $num,$t1
|
||||
ble- Laligned ; didn't cross the page boundary
|
||||
ble Laligned ; didn't cross the page boundary
|
||||
mtctr $t1
|
||||
subfc $num,$t1,$num
|
||||
bl Lsha1_block_private
|
||||
@ -255,7 +255,7 @@ Lmemcpy:
|
||||
bl Lsha1_block_private
|
||||
$POP $inp,`$FRAME-$SIZE_T*18`($sp)
|
||||
addic. $num,$num,-1
|
||||
bne- Lunaligned
|
||||
bne Lunaligned
|
||||
|
||||
Ldone:
|
||||
$POP r0,`$FRAME+$LRSAVE`($sp)
|
||||
@ -329,7 +329,7 @@ $code.=<<___;
|
||||
stw r20,16($ctx)
|
||||
mr $E,r20
|
||||
addi $inp,$inp,`16*4`
|
||||
bdnz- Lsha1_block_private
|
||||
bdnz Lsha1_block_private
|
||||
blr
|
||||
.long 0
|
||||
.byte 0,12,0x14,0,0,0,0,0
|
||||
|
@ -167,10 +167,7 @@ $code.=<<___ if ($kimdfunc);
|
||||
lg %r0,0(%r1)
|
||||
tmhl %r0,0x4000 # check for message-security assist
|
||||
jz .Lsoftware
|
||||
lghi %r0,0
|
||||
la %r1,`2*$SIZE_T`($sp)
|
||||
.long 0xb93e0002 # kimd %r0,%r2
|
||||
lg %r0,`2*$SIZE_T`($sp)
|
||||
lg %r0,16(%r1) # check kimd capabilities
|
||||
tmhh %r0,`0x8000>>$kimdfunc`
|
||||
jz .Lsoftware
|
||||
lghi %r0,$kimdfunc
|
||||
@ -237,7 +234,7 @@ $code.=<<___;
|
||||
br %r14
|
||||
.size sha1_block_data_order,.-sha1_block_data_order
|
||||
.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
|
||||
.comm OPENSSL_s390xcap_P,16,8
|
||||
.comm OPENSSL_s390xcap_P,80,8
|
||||
___
|
||||
|
||||
$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
|
@ -259,7 +259,7 @@ Lunaligned:
|
||||
andi. $t1,$t1,`4096-16*$SZ` ; distance to closest page boundary
|
||||
beq Lcross_page
|
||||
$UCMP $num,$t1
|
||||
ble- Laligned ; didn't cross the page boundary
|
||||
ble Laligned ; didn't cross the page boundary
|
||||
subfc $num,$t1,$num
|
||||
add $t1,$inp,$t1
|
||||
$PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real remaining num
|
||||
@ -317,7 +317,7 @@ $code.=<<___;
|
||||
$POP $inp,`$FRAME-$SIZE_T*26`($sp) ; restore real inp
|
||||
$POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real num
|
||||
addic. $num,$num,`-16*$SZ` ; num--
|
||||
bne- Lunaligned
|
||||
bne Lunaligned
|
||||
|
||||
Ldone:
|
||||
$POP r0,`$FRAME+$LRSAVE`($sp)
|
||||
@ -396,7 +396,7 @@ for(;$i<32;$i++) {
|
||||
unshift(@V,pop(@V));
|
||||
}
|
||||
$code.=<<___;
|
||||
bdnz- Lrounds
|
||||
bdnz Lrounds
|
||||
|
||||
$POP $ctx,`$FRAME-$SIZE_T*22`($sp)
|
||||
$POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer
|
||||
@ -644,7 +644,7 @@ for(;$i<32;$i++) {
|
||||
($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1);
|
||||
}
|
||||
$code.=<<___;
|
||||
bdnz- Lrounds
|
||||
bdnz Lrounds
|
||||
|
||||
$POP $ctx,`$FRAME-$SIZE_T*22`($sp)
|
||||
$POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer
|
||||
|
@ -240,10 +240,7 @@ $code.=<<___ if ($kimdfunc);
|
||||
lg %r0,0(%r1)
|
||||
tmhl %r0,0x4000 # check for message-security assist
|
||||
jz .Lsoftware
|
||||
lghi %r0,0
|
||||
la %r1,`2*$SIZE_T`($sp)
|
||||
.long 0xb93e0002 # kimd %r0,%r2
|
||||
lg %r0,`2*$SIZE_T`($sp)
|
||||
lg %r0,16(%r1) # check kimd capabilities
|
||||
tmhh %r0,`0x8000>>$kimdfunc`
|
||||
jz .Lsoftware
|
||||
lghi %r0,$kimdfunc
|
||||
@ -311,7 +308,7 @@ $code.=<<___;
|
||||
br %r14
|
||||
.size $Func,.-$Func
|
||||
.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
|
||||
.comm OPENSSL_s390xcap_P,16,8
|
||||
.comm OPENSSL_s390xcap_P,80,8
|
||||
___
|
||||
|
||||
$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
|
@ -1305,6 +1305,7 @@ void ERR_load_X509_strings(void);
|
||||
# define X509_R_LOADING_CERT_DIR 103
|
||||
# define X509_R_LOADING_DEFAULTS 104
|
||||
# define X509_R_METHOD_NOT_SUPPORTED 124
|
||||
# define X509_R_NAME_TOO_LONG 134
|
||||
# define X509_R_NEWER_CRL_NOT_NEWER 132
|
||||
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
|
||||
# define X509_R_NO_CRL_NUMBER 130
|
||||
|
@ -151,6 +151,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
|
||||
{ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
|
||||
{ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
|
||||
{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
|
||||
{ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
|
||||
{ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
|
||||
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
|
||||
"no cert set for us to verify"},
|
||||
|
@ -63,6 +63,13 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
/*
|
||||
* Limit to ensure we don't overflow: much greater than
|
||||
* anything enountered in practice.
|
||||
*/
|
||||
|
||||
#define NAME_ONELINE_MAX (1024 * 1024)
|
||||
|
||||
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
|
||||
{
|
||||
X509_NAME_ENTRY *ne;
|
||||
@ -86,6 +93,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
|
||||
goto err;
|
||||
b->data[0] = '\0';
|
||||
len = 200;
|
||||
} else if (len == 0) {
|
||||
return NULL;
|
||||
}
|
||||
if (a == NULL) {
|
||||
if (b) {
|
||||
@ -110,6 +119,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
|
||||
|
||||
type = ne->value->type;
|
||||
num = ne->value->length;
|
||||
if (num > NAME_ONELINE_MAX) {
|
||||
X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
|
||||
goto end;
|
||||
}
|
||||
q = ne->value->data;
|
||||
#ifdef CHARSET_EBCDIC
|
||||
if (type == V_ASN1_GENERALSTRING ||
|
||||
@ -117,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
|
||||
type == V_ASN1_PRINTABLESTRING ||
|
||||
type == V_ASN1_TELETEXSTRING ||
|
||||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
|
||||
ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
|
||||
? sizeof ebcdic_buf : num);
|
||||
if (num > (int)sizeof(ebcdic_buf))
|
||||
num = sizeof(ebcdic_buf);
|
||||
ascii2ebcdic(ebcdic_buf, q, num);
|
||||
q = ebcdic_buf;
|
||||
}
|
||||
#endif
|
||||
@ -154,6 +168,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
|
||||
|
||||
lold = l;
|
||||
l += 1 + l1 + 1 + l2;
|
||||
if (l > NAME_ONELINE_MAX) {
|
||||
X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
|
||||
goto end;
|
||||
}
|
||||
if (b != NULL) {
|
||||
if (!BUF_MEM_grow(b, l + 1))
|
||||
goto err;
|
||||
@ -206,7 +224,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
|
||||
return (p);
|
||||
err:
|
||||
X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
|
||||
if (b != NULL)
|
||||
BUF_MEM_free(b);
|
||||
end:
|
||||
BUF_MEM_free(b);
|
||||
return (NULL);
|
||||
}
|
||||
|
@ -107,7 +107,7 @@ The following is a list of all permitted cipher strings and their meanings.
|
||||
|
||||
The default cipher list.
|
||||
This is determined at compile time and is normally
|
||||
B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>.
|
||||
B<ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2>.
|
||||
When used, this must be the first cipherstring specified.
|
||||
|
||||
=item B<COMPLEMENTOFDEFAULT>
|
||||
|
@ -29,7 +29,7 @@ B<openssl> B<ocsp>
|
||||
[B<-path>]
|
||||
[B<-CApath dir>]
|
||||
[B<-CAfile file>]
|
||||
[B<-no_alt_chains>]]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-VAfile file>]
|
||||
[B<-validity_period n>]
|
||||
[B<-status_age n>]
|
||||
|
127
doc/crypto/EVP_EncodeInit.pod
Normal file
127
doc/crypto/EVP_EncodeInit.pod
Normal file
@ -0,0 +1,127 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
|
||||
EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64
|
||||
encode/decode routines
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
|
||||
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl);
|
||||
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
|
||||
int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
|
||||
|
||||
void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
|
||||
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl);
|
||||
int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
|
||||
char *out, int *outl);
|
||||
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The EVP encode routines provide a high level interface to base 64 encoding and
|
||||
decoding. Base 64 encoding converts binary data into a printable form that uses
|
||||
the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
|
||||
bytes of binary data provided 4 bytes of base 64 encoded data will be produced
|
||||
plus some occasional newlines (see below). If the input data length is not a
|
||||
multiple of 3 then the output data will be padded at the end using the "="
|
||||
character.
|
||||
|
||||
Encoding of binary data is performed in blocks of 48 input bytes (or less for
|
||||
the final block). For each 48 byte input block encoded 64 bytes of base 64 data
|
||||
is output plus an additional newline character (i.e. 65 bytes in total). The
|
||||
final block (which may be less than 48 bytes) will output 4 bytes for every 3
|
||||
bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
|
||||
still output for the final 1 or 2 bytes of input. Similarly a newline character
|
||||
will also be output.
|
||||
|
||||
EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
|
||||
|
||||
EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
|
||||
B<in>. The output is stored in the buffer B<out> and the number of bytes output
|
||||
is stored in B<*outl>. It is the caller's responsibility to ensure that the
|
||||
buffer at B<out> is sufficiently large to accommodate the output data. Only full
|
||||
blocks of data (48 bytes) will be immediately processed and output by this
|
||||
function. Any remainder is held in the B<ctx> object and will be processed by a
|
||||
subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
|
||||
required size of the output buffer add together the value of B<inl> with the
|
||||
amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
|
||||
any remainder). This gives the number of blocks of data that will be processed.
|
||||
Ensure the output buffer contains 65 bytes of storage for each block, plus an
|
||||
additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
|
||||
repeatedly to process large amounts of input data. In the event of an error
|
||||
EVP_EncodeUpdate() will set B<*outl> to 0.
|
||||
|
||||
EVP_EncodeFinal() must be called at the end of an encoding operation. It will
|
||||
process any partial block of data remaining in the B<ctx> object. The output
|
||||
data will be stored in B<out> and the length of the data written will be stored
|
||||
in B<*outl>. It is the caller's responsibility to ensure that B<out> is
|
||||
sufficiently large to accommodate the output data which will never be more than
|
||||
65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
|
||||
|
||||
EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
|
||||
B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
|
||||
output data will be produced. If B<dlen> is not divisible by 3 then the block is
|
||||
encoded as a final block of data and the output is padded such that it is always
|
||||
divisible by 4. Additionally a NUL terminator character will be added. For
|
||||
example if 16 bytes of input data is provided then 24 bytes of encoded data is
|
||||
created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
|
||||
the data generated I<without> the NUL terminator is returned from the function.
|
||||
|
||||
EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
|
||||
|
||||
EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
|
||||
to by B<in>. The output is stored in the buffer B<out> and the number of bytes
|
||||
output is stored in B<*outl>. It is the caller's responsibility to ensure that
|
||||
the buffer at B<out> is sufficiently large to accommodate the output data. This
|
||||
function will attempt to decode as much data as possible in 4 byte chunks. Any
|
||||
whitespace, newline or carriage return characters are ignored. Any partial chunk
|
||||
of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
|
||||
the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
|
||||
any illegal base 64 characters are encountered or if the base 64 padding
|
||||
character "=" is encountered in the middle of the data then the function returns
|
||||
-1 to indicate an error. A return value of 0 or 1 indicates successful
|
||||
processing of the data. A return value of 0 additionally indicates that the last
|
||||
input data characters processed included the base 64 padding character "=" and
|
||||
therefore no more non-padding character data is expected to be processed. For
|
||||
every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
|
||||
line feeds), 3 bytes of binary output data will be produced (or less at the end
|
||||
of the data where the padding character "=" has been used).
|
||||
|
||||
EVP_DecodeFinal() must be called at the end of a decoding operation. If there
|
||||
is any unprocessed data still in B<ctx> then the input data must not have been
|
||||
a multiple of 4 and therefore an error has occurred. The function will return -1
|
||||
in this case. Otherwise the function returns 1 on success.
|
||||
|
||||
EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
|
||||
contained in B<f> and store the result in B<t>. Any leading whitespace will be
|
||||
trimmed as will any trailing whitespace, newlines, carriage returns or EOF
|
||||
characters. After such trimming the length of the data in B<f> must be divisbile
|
||||
by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
|
||||
output will be padded with 0 bits if necessary to ensure that the output is
|
||||
always 3 bytes for every 4 input bytes. This function will return the length of
|
||||
the data decoded or -1 on error.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
|
||||
terminator.
|
||||
|
||||
EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned
|
||||
then no more non-padding base 64 characters are expected.
|
||||
|
||||
EVP_DecodeFinal() returns -1 on error or 1 on success.
|
||||
|
||||
EVP_DecodeBlock() returns the length of the data decoded or -1 on error.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<evp(3)>
|
||||
|
||||
=cut
|
@ -61,6 +61,10 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD
|
||||
implementation. However, new applications should not typically use this (preferring, for example,
|
||||
PBKDF2 from PCKS#5).
|
||||
|
||||
The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
|
||||
L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
|
||||
and decoding.
|
||||
|
||||
Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>.
|
||||
|
||||
All the symmetric algorithms (ciphers), digests and asymmetric algorithms
|
||||
@ -86,6 +90,7 @@ L<EVP_SealInit(3)|EVP_SealInit(3)>,
|
||||
L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
|
||||
L<EVP_SignInit(3)|EVP_SignInit(3)>,
|
||||
L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
|
||||
L<EVP_EncodeInit(3)>,
|
||||
L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>,
|
||||
L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>,
|
||||
L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>,
|
||||
|
126
doc/ssl/SSL_CTX_set_alpn_select_cb.pod
Normal file
126
doc/ssl/SSL_CTX_set_alpn_select_cb.pod
Normal file
@ -0,0 +1,126 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb,
|
||||
SSL_select_next_proto, SSL_get0_alpn_selected - handle application layer
|
||||
protocol negotiation (ALPN)
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
|
||||
unsigned protos_len);
|
||||
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
|
||||
unsigned protos_len);
|
||||
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
|
||||
int (*cb) (SSL *ssl,
|
||||
const unsigned char **out,
|
||||
unsigned char *outlen,
|
||||
const unsigned char *in,
|
||||
unsigned int inlen,
|
||||
void *arg), void *arg);
|
||||
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
|
||||
const unsigned char *server,
|
||||
unsigned int server_len,
|
||||
const unsigned char *client,
|
||||
unsigned int client_len)
|
||||
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
|
||||
unsigned int *len);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
|
||||
set the list of protocols available to be negotiated. The B<protos> must be in
|
||||
protocol-list format, described below. The length of B<protos> is specified in
|
||||
B<protos_len>.
|
||||
|
||||
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
|
||||
server to select which protocol to use for the incoming connection. When B<cb>
|
||||
is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to
|
||||
the application callback.
|
||||
|
||||
B<cb> is the application defined callback. The B<in>, B<inlen> parameters are a
|
||||
vector in protocol-list format. The value of the B<out>, B<outlen> vector
|
||||
should be set to the value of a single protocol selected from the B<in>,
|
||||
B<inlen> vector. The B<arg> parameter is the pointer set via
|
||||
SSL_CTX_set_alpn_select_cb().
|
||||
|
||||
SSL_select_next_proto() is a helper function used to select protocols. It
|
||||
implements the standard protocol selection. It is expected that this function
|
||||
is called from the application callback B<cb>. The protocol data in B<server>,
|
||||
B<server_len> and B<client>, B<client_len> must be in the protocol-list format
|
||||
described below. The first item in the B<server>, B<server_len> list that
|
||||
matches an item in the B<client>, B<client_len> list is selected, and returned
|
||||
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
|
||||
B<client>, so it should be copied immediately. If no match is found, the first
|
||||
item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
|
||||
function can also be used in the NPN callback.
|
||||
|
||||
SSL_get0_alpn_selected() returns a pointer to the selected protocol in B<data>
|
||||
with length B<len>. It is not NUL-terminated. B<data> is set to NULL and B<len>
|
||||
is set to 0 if no protocol has been selected. B<data> must not be freed.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
The protocol-lists must be in wire-format, which is defined as a vector of
|
||||
non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
|
||||
included in the length. Each string is limited to 255 bytes. A byte-string
|
||||
length of 0 is invalid. A truncated byte-string is invalid. The length of the
|
||||
vector is not in the vector itself, but in a separate variable.
|
||||
|
||||
Example:
|
||||
|
||||
unsigned char vector[] = {
|
||||
6, 's', 'p', 'd', 'y', '/', '1',
|
||||
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
|
||||
};
|
||||
unsigned int length = sizeof(vector);
|
||||
|
||||
The ALPN callback is executed after the servername callback; as that servername
|
||||
callback may update the SSL_CTX, and subsequently, the ALPN callback.
|
||||
|
||||
If there is no ALPN proposed in the ClientHello, the ALPN callback is not
|
||||
invoked.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and
|
||||
non-0 on failure. WARNING: these functions reverse the return value convention.
|
||||
|
||||
SSL_select_next_proto() returns one of the following:
|
||||
|
||||
=over 4
|
||||
|
||||
=item OPENSSL_NPN_NEGOTIATED
|
||||
|
||||
A match was found and is returned in B<out>, B<outlen>.
|
||||
|
||||
=item OPENSSL_NPN_NO_OVERLAP
|
||||
|
||||
No match was found. The first item in B<client>, B<client_len> is returned in
|
||||
B<out>, B<outlen>.
|
||||
|
||||
=back
|
||||
|
||||
The ALPN select callback B<cb>, must return one of the following:
|
||||
|
||||
=over 4
|
||||
|
||||
=item SSL_TLSEXT_ERR_OK
|
||||
|
||||
ALPN protocol selected.
|
||||
|
||||
=item SSL_TLSEXT_ERR_NOACK
|
||||
|
||||
ALPN protocol not selected.
|
||||
|
||||
=back
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(3)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
|
||||
L<SSL_CTX_set_tlsext_servername_arg(3)>
|
||||
|
||||
=cut
|
@ -30,6 +30,14 @@ must consist of a 2-byte Extension Type, a 2-byte length, and then length
|
||||
bytes of extension_data. Each PEM extension name must begin with the phrase
|
||||
"BEGIN SERVERINFO FOR ".
|
||||
|
||||
If more than one certificate (RSA/DSA) is installed using
|
||||
SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the
|
||||
last certificate installed. If e.g. the last item was a RSA certificate, the
|
||||
loaded serverinfo extension data will be loaded for that certificate. To
|
||||
use the serverinfo extension for multiple certificates,
|
||||
SSL_CTX_use_serverinfo() needs to be called multiple times, once B<after>
|
||||
each time a certificate is loaded.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
@ -1459,6 +1459,8 @@ int dtls1_process_heartbeat(SSL *s)
|
||||
* plus 2 bytes payload length, plus payload, plus padding
|
||||
*/
|
||||
buffer = OPENSSL_malloc(write_length);
|
||||
if (buffer == NULL)
|
||||
return -1;
|
||||
bp = buffer;
|
||||
|
||||
/* Enter response type, length and copy payload */
|
||||
|
16
ssl/s2_lib.c
16
ssl/s2_lib.c
@ -150,7 +150,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
@ -167,7 +167,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL2_CF_5_BYTE_ENC,
|
||||
40,
|
||||
128,
|
||||
@ -184,7 +184,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_RC2,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
@ -201,7 +201,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_RC2,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL2_CF_5_BYTE_ENC,
|
||||
40,
|
||||
128,
|
||||
@ -219,7 +219,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_IDEA,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
@ -237,7 +237,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -254,7 +254,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_3DES,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||
0,
|
||||
112,
|
||||
168,
|
||||
@ -271,7 +271,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL2_CF_8_BYTE_ENC,
|
||||
64,
|
||||
64,
|
||||
|
@ -57,7 +57,8 @@
|
||||
*/
|
||||
|
||||
#include "ssl_locl.h"
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
#ifndef OPENSSL_NO_SSL2_METHOD
|
||||
# ifndef OPENSSL_NO_SSL2
|
||||
# include <stdio.h>
|
||||
# include <openssl/objects.h>
|
||||
|
||||
@ -72,7 +73,16 @@ static const SSL_METHOD *ssl2_get_method(int ver)
|
||||
|
||||
IMPLEMENT_ssl2_meth_func(SSLv2_method,
|
||||
ssl2_accept, ssl2_connect, ssl2_get_method)
|
||||
#else /* !OPENSSL_NO_SSL2 */
|
||||
|
||||
# else /* !OPENSSL_NO_SSL2 */
|
||||
|
||||
const SSL_METHOD *SSLv2_method(void) { return NULL; }
|
||||
const SSL_METHOD *SSLv2_client_method(void) { return NULL; }
|
||||
const SSL_METHOD *SSLv2_server_method(void) { return NULL; }
|
||||
|
||||
# endif
|
||||
|
||||
#else /* !OPENSSL_NO_SSL2_METHOD */
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy = &dummy;
|
||||
|
@ -2199,6 +2199,7 @@ int ssl3_get_certificate_request(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
xn = NULL;
|
||||
|
||||
p += l;
|
||||
nc += l + 2;
|
||||
@ -2222,6 +2223,7 @@ int ssl3_get_certificate_request(SSL *s)
|
||||
err:
|
||||
s->state = SSL_ST_ERR;
|
||||
done:
|
||||
X509_NAME_free(xn);
|
||||
if (ca_sk != NULL)
|
||||
sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
|
||||
return (ret);
|
||||
|
88
ssl/s3_lib.c
88
ssl/s3_lib.c
@ -208,7 +208,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -258,7 +258,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC2,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -294,7 +294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
56,
|
||||
@ -312,7 +312,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -347,7 +347,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
56,
|
||||
@ -365,7 +365,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -399,7 +399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
56,
|
||||
@ -417,7 +417,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -452,7 +452,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
56,
|
||||
@ -470,7 +470,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
56,
|
||||
@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -556,7 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -573,7 +573,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -608,7 +608,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -625,7 +625,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
@ -695,7 +695,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -761,7 +761,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -827,7 +827,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
56,
|
||||
@ -845,7 +845,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC2,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -863,7 +863,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -881,7 +881,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
56,
|
||||
@ -899,7 +899,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC2,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -917,7 +917,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_EXPORT | SSL_EXP40,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
40,
|
||||
128,
|
||||
@ -1011,7 +1011,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@ -1106,7 +1106,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@ -1302,7 +1302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_CAMELLIA128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@ -1322,7 +1322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_MD5,
|
||||
SSL_TLSV1,
|
||||
SSL_EXPORT | SSL_EXP56,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
128,
|
||||
@ -1338,7 +1338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC2,
|
||||
SSL_MD5,
|
||||
SSL_TLSV1,
|
||||
SSL_EXPORT | SSL_EXP56,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
128,
|
||||
@ -1356,7 +1356,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_EXPORT | SSL_EXP56,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -1374,7 +1374,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_EXPORT | SSL_EXP56,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
56,
|
||||
@ -1392,7 +1392,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_EXPORT | SSL_EXP56,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
128,
|
||||
@ -1410,7 +1410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_EXPORT | SSL_EXP56,
|
||||
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
56,
|
||||
128,
|
||||
@ -1525,7 +1525,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@ -1541,7 +1541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES256,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_CAMELLIA256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@ -1860,7 +1860,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_SEED,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@ -2040,7 +2040,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES128GCM,
|
||||
SSL_AEAD,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||
128,
|
||||
128,
|
||||
@ -2056,7 +2056,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES256GCM,
|
||||
SSL_AEAD,
|
||||
SSL_TLSV1_2,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||
256,
|
||||
256,
|
||||
@ -2424,7 +2424,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_RC4,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@ -2440,7 +2440,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
@ -2456,7 +2456,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@ -2472,7 +2472,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
|
@ -338,7 +338,7 @@ extern "C" {
|
||||
* The following cipher list is used by default. It also is substituted when
|
||||
* an application-defined cipher list string starts with 'DEFAULT'.
|
||||
*/
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
|
||||
/*
|
||||
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
||||
* starts with a reasonable order, and all we have to do for DEFAULT is
|
||||
@ -2345,7 +2345,7 @@ const char *SSL_get_version(const SSL *s);
|
||||
/* This sets the 'default' SSL version that SSL_new() will create */
|
||||
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
||||
|
||||
# ifndef OPENSSL_NO_SSL2
|
||||
# ifndef OPENSSL_NO_SSL2_METHOD
|
||||
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
|
||||
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
|
||||
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
|
||||
|
@ -504,6 +504,8 @@ void ssl_cert_free(CERT *c)
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
custom_exts_free(&c->cli_ext);
|
||||
custom_exts_free(&c->srv_ext);
|
||||
if (c->alpn_proposed)
|
||||
OPENSSL_free(c->alpn_proposed);
|
||||
#endif
|
||||
OPENSSL_free(c);
|
||||
}
|
||||
@ -1057,13 +1059,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
|
||||
unsigned char *p;
|
||||
|
||||
n = i2d_X509(x, NULL);
|
||||
if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
|
||||
if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
|
||||
SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
|
||||
return 0;
|
||||
}
|
||||
p = (unsigned char *)&(buf->data[*l]);
|
||||
l2n3(n, p);
|
||||
i2d_X509(x, &p);
|
||||
n = i2d_X509(x, &p);
|
||||
if (n < 0) {
|
||||
/* Shouldn't happen */
|
||||
SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
|
||||
return 0;
|
||||
}
|
||||
*l += n + 3;
|
||||
|
||||
return 1;
|
||||
|
@ -235,8 +235,7 @@ static const SSL_CIPHER cipher_aliases[] = {
|
||||
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
|
||||
* ALL!)
|
||||
*/
|
||||
{0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
|
||||
SSL_EXP_MASK, 0, 0, 0},
|
||||
{0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
|
||||
|
||||
/*
|
||||
* key exchange aliases (some of those using only a single bit here
|
||||
@ -1030,10 +1029,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
if (cipher_id && cipher_id != cp->id)
|
||||
continue;
|
||||
#endif
|
||||
if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
|
||||
goto ok;
|
||||
if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
|
||||
goto ok;
|
||||
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
|
||||
continue;
|
||||
if (alg_auth && !(alg_auth & cp->algorithm_auth))
|
||||
@ -1050,10 +1045,11 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
if ((algo_strength & SSL_STRONG_MASK)
|
||||
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
|
||||
continue;
|
||||
if ((algo_strength & SSL_NOT_DEFAULT)
|
||||
&& !(cp->algo_strength & SSL_NOT_DEFAULT))
|
||||
continue;
|
||||
}
|
||||
|
||||
ok:
|
||||
|
||||
#ifdef CIPHER_DEBUG
|
||||
fprintf(stderr, "Action = %d\n", rule);
|
||||
#endif
|
||||
@ -1337,6 +1333,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
ca_list[j]->algo_strength & SSL_STRONG_MASK;
|
||||
}
|
||||
|
||||
if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
|
||||
algo_strength |= SSL_NOT_DEFAULT;
|
||||
}
|
||||
|
||||
if (ca_list[j]->valid) {
|
||||
/*
|
||||
* explicit ciphersuite found; its protocol version does not
|
||||
|
@ -244,7 +244,16 @@ int SSL_clear(SSL *s)
|
||||
ssl_clear_hash_ctx(&s->write_hash);
|
||||
|
||||
s->first_packet = 0;
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (s->cert != NULL) {
|
||||
if (s->cert->alpn_proposed) {
|
||||
OPENSSL_free(s->cert->alpn_proposed);
|
||||
s->cert->alpn_proposed = NULL;
|
||||
}
|
||||
s->cert->alpn_proposed_len = 0;
|
||||
s->cert->alpn_sent = 0;
|
||||
}
|
||||
#endif
|
||||
#if 1
|
||||
/*
|
||||
* Check to see if we were changed into a different method, if so, revert
|
||||
@ -3174,6 +3183,12 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
|
||||
ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
|
||||
ocert->ciphers_raw = NULL;
|
||||
}
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
ssl->cert->alpn_proposed = ocert->alpn_proposed;
|
||||
ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len;
|
||||
ocert->alpn_proposed = NULL;
|
||||
ssl->cert->alpn_sent = ocert->alpn_sent;
|
||||
#endif
|
||||
ssl_cert_free(ocert);
|
||||
}
|
||||
|
||||
|
@ -436,8 +436,9 @@
|
||||
# define SSL_MEDIUM 0x00000040L
|
||||
# define SSL_HIGH 0x00000080L
|
||||
# define SSL_FIPS 0x00000100L
|
||||
# define SSL_NOT_DEFAULT 0x00000200L
|
||||
|
||||
/* we have used 000001ff - 23 bits left to go */
|
||||
/* we have used 000003ff - 22 bits left to go */
|
||||
|
||||
/*-
|
||||
* Macros to check the export status and cipher strength for export ciphers.
|
||||
@ -687,6 +688,10 @@ typedef struct cert_st {
|
||||
custom_ext_methods cli_ext;
|
||||
custom_ext_methods srv_ext;
|
||||
int references; /* >1 only if SSL_copy_session_id is used */
|
||||
/* non-optimal, but here due to compatibility */
|
||||
unsigned char *alpn_proposed; /* server */
|
||||
unsigned int alpn_proposed_len;
|
||||
int alpn_sent; /* client */
|
||||
} CERT;
|
||||
|
||||
typedef struct sess_cert_st {
|
||||
|
@ -841,7 +841,7 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
|
||||
return 0; /* No extension found, don't send extension */
|
||||
return 1; /* Send extension */
|
||||
}
|
||||
return -1; /* No serverinfo data found, don't send
|
||||
return 0; /* No serverinfo data found, don't send
|
||||
* extension */
|
||||
}
|
||||
|
||||
@ -870,12 +870,26 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo,
|
||||
|
||||
/* Register callbacks for extensions */
|
||||
ext_type = (serverinfo[0] << 8) + serverinfo[1];
|
||||
if (ctx && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
|
||||
serverinfo_srv_add_cb,
|
||||
NULL, NULL,
|
||||
serverinfo_srv_parse_cb,
|
||||
NULL))
|
||||
return 0;
|
||||
if (ctx) {
|
||||
int have_ext_cbs = 0;
|
||||
size_t i;
|
||||
custom_ext_methods *exts = &ctx->cert->srv_ext;
|
||||
custom_ext_method *meth = exts->meths;
|
||||
|
||||
for (i = 0; i < exts->meths_count; i++, meth++) {
|
||||
if (ext_type == meth->ext_type) {
|
||||
have_ext_cbs = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!have_ext_cbs && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
|
||||
serverinfo_srv_add_cb,
|
||||
NULL, NULL,
|
||||
serverinfo_srv_parse_cb,
|
||||
NULL))
|
||||
return 0;
|
||||
}
|
||||
|
||||
serverinfo += 2;
|
||||
serverinfo_length -= 2;
|
||||
|
181
ssl/ssltest.c
181
ssl/ssltest.c
@ -217,6 +217,9 @@
|
||||
# define TEST_CLIENT_CERT "../apps/client.pem"
|
||||
#endif
|
||||
|
||||
static SSL_CTX *s_ctx = NULL;
|
||||
static SSL_CTX *s_ctx2 = NULL;
|
||||
|
||||
/*
|
||||
* There is really no standard for this, so let's assign some tentative
|
||||
* numbers. In any case, these numbers are only for this test
|
||||
@ -300,9 +303,51 @@ static BIO *bio_err = NULL;
|
||||
static BIO *bio_stdout = NULL;
|
||||
|
||||
static const char *alpn_client;
|
||||
static const char *alpn_server;
|
||||
static char *alpn_server;
|
||||
static char *alpn_server2;
|
||||
static const char *alpn_expected;
|
||||
static unsigned char *alpn_selected;
|
||||
static const char *sn_client;
|
||||
static const char *sn_server1;
|
||||
static const char *sn_server2;
|
||||
static int sn_expect = 0;
|
||||
|
||||
static int servername_cb(SSL *s, int *ad, void *arg)
|
||||
{
|
||||
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
|
||||
if (sn_server2 == NULL) {
|
||||
BIO_printf(bio_stdout, "Servername 2 is NULL\n");
|
||||
return SSL_TLSEXT_ERR_NOACK;
|
||||
}
|
||||
|
||||
if (servername != NULL) {
|
||||
if (s_ctx2 != NULL && sn_server2 != NULL &&
|
||||
!strcasecmp(servername, sn_server2)) {
|
||||
BIO_printf(bio_stdout, "Switching server context.\n");
|
||||
SSL_set_SSL_CTX(s, s_ctx2);
|
||||
}
|
||||
}
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
static int verify_servername(SSL *client, SSL *server)
|
||||
{
|
||||
/* just need to see if sn_context is what we expect */
|
||||
SSL_CTX* ctx = SSL_get_SSL_CTX(server);
|
||||
if (sn_expect == 0)
|
||||
return 0;
|
||||
if (sn_expect == 1 && ctx == s_ctx)
|
||||
return 0;
|
||||
if (sn_expect == 2 && ctx == s_ctx2)
|
||||
return 0;
|
||||
BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
|
||||
if (ctx == s_ctx2)
|
||||
BIO_printf(bio_stdout, "Servername: context is 2\n");
|
||||
else if (ctx == s_ctx)
|
||||
BIO_printf(bio_stdout, "Servername: context is 1\n");
|
||||
else
|
||||
BIO_printf(bio_stdout, "Servername: context is unknown\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*-
|
||||
* next_protos_parse parses a comma separated list of strings into a string
|
||||
@ -350,11 +395,12 @@ static int cb_server_alpn(SSL *s, const unsigned char **out,
|
||||
{
|
||||
unsigned char *protos;
|
||||
unsigned short protos_len;
|
||||
char* alpn_str = arg;
|
||||
|
||||
protos = next_protos_parse(&protos_len, alpn_server);
|
||||
protos = next_protos_parse(&protos_len, alpn_str);
|
||||
if (protos == NULL) {
|
||||
fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
|
||||
alpn_server);
|
||||
alpn_str);
|
||||
abort();
|
||||
}
|
||||
|
||||
@ -417,8 +463,17 @@ static int verify_alpn(SSL *client, SSL *server)
|
||||
BIO_printf(bio_stdout, "', server: '");
|
||||
BIO_write(bio_stdout, server_proto, server_proto_len);
|
||||
BIO_printf(bio_stdout, "'\n");
|
||||
BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
|
||||
alpn_client, alpn_server);
|
||||
BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: ",
|
||||
alpn_client);
|
||||
if (SSL_get_SSL_CTX(server) == s_ctx2) {
|
||||
BIO_printf(bio_stdout, "'%s'\n",
|
||||
alpn_server2);
|
||||
} else if (SSL_get_SSL_CTX(server) == s_ctx){
|
||||
BIO_printf(bio_stdout, "'%s'\n",
|
||||
alpn_server);
|
||||
} else {
|
||||
BIO_printf(bio_stdout, "unknown\n");
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -756,8 +811,15 @@ static void sv_usage(void)
|
||||
" -custom_ext - try various custom extension callbacks\n");
|
||||
fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
|
||||
fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
|
||||
fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
|
||||
fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
|
||||
fprintf(stderr,
|
||||
" -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
|
||||
fprintf(stderr, " -sn_client <string> - have client request this servername\n");
|
||||
fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
|
||||
fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
|
||||
fprintf(stderr, " -sn_expect1 - expected server 1\n");
|
||||
fprintf(stderr, " -sn_expect2 - expected server 2\n");
|
||||
}
|
||||
|
||||
static void print_details(SSL *c_ssl, const char *prefix)
|
||||
@ -896,7 +958,6 @@ int main(int argc, char *argv[])
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
char *named_curve = NULL;
|
||||
#endif
|
||||
SSL_CTX *s_ctx = NULL;
|
||||
SSL_CTX *c_ctx = NULL;
|
||||
const SSL_METHOD *meth = NULL;
|
||||
SSL *c_ssl, *s_ssl;
|
||||
@ -1151,14 +1212,35 @@ int main(int argc, char *argv[])
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
alpn_client = *(++argv);
|
||||
} else if (strcmp(*argv, "-alpn_server") == 0) {
|
||||
} else if (strcmp(*argv, "-alpn_server") == 0 ||
|
||||
strcmp(*argv, "-alpn_server1") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
alpn_server = *(++argv);
|
||||
} else if (strcmp(*argv, "-alpn_server2") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
alpn_server2 = *(++argv);
|
||||
} else if (strcmp(*argv, "-alpn_expected") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
alpn_expected = *(++argv);
|
||||
} else if (strcmp(*argv, "-sn_client") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
sn_client = *(++argv);
|
||||
} else if (strcmp(*argv, "-sn_server1") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
sn_server1 = *(++argv);
|
||||
} else if (strcmp(*argv, "-sn_server2") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
sn_server2 = *(++argv);
|
||||
} else if (strcmp(*argv, "-sn_expect1") == 0) {
|
||||
sn_expect = 1;
|
||||
} else if (strcmp(*argv, "-sn_expect2") == 0) {
|
||||
sn_expect = 2;
|
||||
} else {
|
||||
fprintf(stderr, "unknown option %s\n", *argv);
|
||||
badop = 1;
|
||||
@ -1304,7 +1386,8 @@ int main(int argc, char *argv[])
|
||||
|
||||
c_ctx = SSL_CTX_new(meth);
|
||||
s_ctx = SSL_CTX_new(meth);
|
||||
if ((c_ctx == NULL) || (s_ctx == NULL)) {
|
||||
s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
|
||||
if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -1312,7 +1395,9 @@ int main(int argc, char *argv[])
|
||||
if (cipher != NULL) {
|
||||
SSL_CTX_set_cipher_list(c_ctx, cipher);
|
||||
SSL_CTX_set_cipher_list(s_ctx, cipher);
|
||||
SSL_CTX_set_cipher_list(s_ctx2, cipher);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
if (!no_dhe) {
|
||||
if (dhe1024dsa) {
|
||||
@ -1320,12 +1405,14 @@ int main(int argc, char *argv[])
|
||||
* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
|
||||
*/
|
||||
SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
|
||||
SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_DH_USE);
|
||||
dh = get_dh1024dsa();
|
||||
} else if (dhe512)
|
||||
dh = get_dh512();
|
||||
else
|
||||
dh = get_dh1024();
|
||||
SSL_CTX_set_tmp_dh(s_ctx, dh);
|
||||
SSL_CTX_set_tmp_dh(s_ctx2, dh);
|
||||
DH_free(dh);
|
||||
}
|
||||
#else
|
||||
@ -1353,7 +1440,9 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
|
||||
SSL_CTX_set_tmp_ecdh(s_ctx2, ecdh);
|
||||
SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
|
||||
SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_ECDH_USE);
|
||||
EC_KEY_free(ecdh);
|
||||
}
|
||||
#else
|
||||
@ -1362,15 +1451,18 @@ int main(int argc, char *argv[])
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
|
||||
SSL_CTX_set_tmp_rsa_callback(s_ctx2, tmp_rsa_cb);
|
||||
#endif
|
||||
|
||||
#ifdef TLSEXT_TYPE_opaque_prf_input
|
||||
SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
|
||||
SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
|
||||
SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx2, opaque_prf_input_cb);
|
||||
/* or &co2 or NULL */
|
||||
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
|
||||
/* or &so2 or NULL */
|
||||
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
|
||||
SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx2, &so1);
|
||||
#endif
|
||||
|
||||
if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
|
||||
@ -1383,6 +1475,16 @@ int main(int argc, char *argv[])
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!SSL_CTX_use_certificate_file(s_ctx2, server_cert, SSL_FILETYPE_PEM)) {
|
||||
ERR_print_errors(bio_err);
|
||||
} else if (!SSL_CTX_use_PrivateKey_file(s_ctx2,
|
||||
(server_key ? server_key :
|
||||
server_cert),
|
||||
SSL_FILETYPE_PEM)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (client_auth) {
|
||||
SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
|
||||
SSL_CTX_use_PrivateKey_file(c_ctx,
|
||||
@ -1392,6 +1494,8 @@ int main(int argc, char *argv[])
|
||||
|
||||
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
|
||||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
|
||||
(!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
|
||||
(!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
|
||||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
|
||||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
|
||||
/* fprintf(stderr,"SSL_load_verify_locations\n"); */
|
||||
@ -1406,6 +1510,11 @@ int main(int argc, char *argv[])
|
||||
verify_callback);
|
||||
SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
|
||||
&app_verify_arg);
|
||||
SSL_CTX_set_verify(s_ctx2,
|
||||
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
verify_callback);
|
||||
SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
|
||||
&app_verify_arg);
|
||||
}
|
||||
if (server_auth) {
|
||||
BIO_printf(bio_err, "server authentication\n");
|
||||
@ -1418,6 +1527,8 @@ int main(int argc, char *argv[])
|
||||
int session_id_context = 0;
|
||||
SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
|
||||
sizeof session_id_context);
|
||||
SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
|
||||
sizeof session_id_context);
|
||||
}
|
||||
|
||||
/* Use PSK only if PSK key is given */
|
||||
@ -1436,6 +1547,7 @@ int main(int argc, char *argv[])
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
|
||||
SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
|
||||
SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
|
||||
if (debug)
|
||||
BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
|
||||
if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
|
||||
@ -1443,6 +1555,11 @@ int main(int argc, char *argv[])
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (!SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
|
||||
BIO_printf(bio_err, "error setting PSK identity hint to s_ctx2\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
@ -1461,8 +1578,11 @@ int main(int argc, char *argv[])
|
||||
|
||||
if (srp_server_arg.expected_user != NULL) {
|
||||
SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
|
||||
SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
|
||||
SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
|
||||
SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
|
||||
SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
|
||||
SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1475,11 +1595,16 @@ int main(int argc, char *argv[])
|
||||
NULL, NULL, NULL,
|
||||
serverinfo_cli_parse_cb, NULL);
|
||||
|
||||
if (serverinfo_file)
|
||||
if (serverinfo_file) {
|
||||
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
|
||||
BIO_printf(bio_err, "missing serverinfo file\n");
|
||||
goto end;
|
||||
}
|
||||
if (!SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
|
||||
BIO_printf(bio_err, "missing serverinfo file\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (custom_ext) {
|
||||
SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
|
||||
@ -1515,10 +1640,29 @@ int main(int argc, char *argv[])
|
||||
custom_ext_3_srv_add_cb,
|
||||
NULL, NULL,
|
||||
custom_ext_3_srv_parse_cb, NULL);
|
||||
|
||||
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
|
||||
custom_ext_0_srv_add_cb,
|
||||
NULL, NULL,
|
||||
custom_ext_0_srv_parse_cb, NULL);
|
||||
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
|
||||
custom_ext_1_srv_add_cb,
|
||||
NULL, NULL,
|
||||
custom_ext_1_srv_parse_cb, NULL);
|
||||
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
|
||||
custom_ext_2_srv_add_cb,
|
||||
NULL, NULL,
|
||||
custom_ext_2_srv_parse_cb, NULL);
|
||||
SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
|
||||
custom_ext_3_srv_add_cb,
|
||||
NULL, NULL,
|
||||
custom_ext_3_srv_parse_cb, NULL);
|
||||
}
|
||||
|
||||
if (alpn_server)
|
||||
SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
|
||||
SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
|
||||
if (alpn_server2)
|
||||
SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
|
||||
|
||||
if (alpn_client) {
|
||||
unsigned short alpn_len;
|
||||
@ -1532,9 +1676,15 @@ int main(int argc, char *argv[])
|
||||
OPENSSL_free(alpn);
|
||||
}
|
||||
|
||||
if (sn_server1 || sn_server2)
|
||||
SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
|
||||
|
||||
c_ssl = SSL_new(c_ctx);
|
||||
s_ssl = SSL_new(s_ctx);
|
||||
|
||||
if (sn_client)
|
||||
SSL_set_tlsext_host_name(c_ssl, sn_client);
|
||||
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (c_ssl && c_ssl->kssl_ctx) {
|
||||
char localhost[MAXHOSTNAMELEN + 2];
|
||||
@ -1588,12 +1738,19 @@ int main(int argc, char *argv[])
|
||||
#endif
|
||||
}
|
||||
|
||||
if (verify_alpn(c_ssl, s_ssl) < 0)
|
||||
ret = 1;
|
||||
if (verify_servername(c_ssl, s_ssl) < 0)
|
||||
ret = 1;
|
||||
|
||||
SSL_free(s_ssl);
|
||||
SSL_free(c_ssl);
|
||||
|
||||
end:
|
||||
if (s_ctx != NULL)
|
||||
SSL_CTX_free(s_ctx);
|
||||
if (s_ctx2 != NULL)
|
||||
SSL_CTX_free(s_ctx2);
|
||||
if (c_ctx != NULL)
|
||||
SSL_CTX_free(c_ctx);
|
||||
|
||||
@ -1961,10 +2118,6 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
|
||||
ret = 1;
|
||||
goto err;
|
||||
}
|
||||
if (verify_alpn(c_ssl, s_ssl) < 0) {
|
||||
ret = 1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (custom_ext_error) {
|
||||
ret = 1;
|
||||
|
94
ssl/t1_lib.c
94
ssl/t1_lib.c
@ -1539,6 +1539,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
s2n(s->alpn_client_proto_list_len, ret);
|
||||
memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len);
|
||||
ret += s->alpn_client_proto_list_len;
|
||||
s->cert->alpn_sent = 1;
|
||||
}
|
||||
# ifndef OPENSSL_NO_SRTP
|
||||
if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
|
||||
@ -1906,7 +1907,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
|
||||
# endif /* !OPENSSL_NO_EC */
|
||||
|
||||
/*
|
||||
* tls1_alpn_handle_client_hello is called to process the ALPN extension in a
|
||||
* tls1_alpn_handle_client_hello is called to save the ALPN extension in a
|
||||
* ClientHello. data: the contents of the extension, not including the type
|
||||
* and length. data_len: the number of bytes in |data| al: a pointer to the
|
||||
* alert value to send in the event of a non-zero return. returns: 0 on
|
||||
@ -1917,12 +1918,6 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
|
||||
{
|
||||
unsigned i;
|
||||
unsigned proto_len;
|
||||
const unsigned char *selected;
|
||||
unsigned char selected_len;
|
||||
int r;
|
||||
|
||||
if (s->ctx->alpn_select_cb == NULL)
|
||||
return 0;
|
||||
|
||||
if (data_len < 2)
|
||||
goto parse_error;
|
||||
@ -1953,19 +1948,15 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
|
||||
i += proto_len;
|
||||
}
|
||||
|
||||
r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len,
|
||||
s->ctx->alpn_select_cb_arg);
|
||||
if (r == SSL_TLSEXT_ERR_OK) {
|
||||
if (s->s3->alpn_selected)
|
||||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
|
||||
if (!s->s3->alpn_selected) {
|
||||
*al = SSL_AD_INTERNAL_ERROR;
|
||||
return -1;
|
||||
}
|
||||
memcpy(s->s3->alpn_selected, selected, selected_len);
|
||||
s->s3->alpn_selected_len = selected_len;
|
||||
if (s->cert->alpn_proposed != NULL)
|
||||
OPENSSL_free(s->cert->alpn_proposed);
|
||||
s->cert->alpn_proposed = OPENSSL_malloc(data_len);
|
||||
if (s->cert->alpn_proposed == NULL) {
|
||||
*al = SSL_AD_INTERNAL_ERROR;
|
||||
return -1;
|
||||
}
|
||||
memcpy(s->cert->alpn_proposed, data, data_len);
|
||||
s->cert->alpn_proposed_len = data_len;
|
||||
return 0;
|
||||
|
||||
parse_error:
|
||||
@ -1973,6 +1964,43 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Process the ALPN extension in a ClientHello.
|
||||
* ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
|
||||
* al: a pointer to the alert value to send in the event of a failure.
|
||||
* returns 1 on success, 0 on failure: al/ret set only on failure
|
||||
*/
|
||||
static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
|
||||
{
|
||||
const unsigned char *selected = NULL;
|
||||
unsigned char selected_len = 0;
|
||||
|
||||
if (s->ctx->alpn_select_cb != NULL && s->cert->alpn_proposed != NULL) {
|
||||
int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
|
||||
s->cert->alpn_proposed,
|
||||
s->cert->alpn_proposed_len,
|
||||
s->ctx->alpn_select_cb_arg);
|
||||
|
||||
if (r == SSL_TLSEXT_ERR_OK) {
|
||||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
|
||||
if (s->s3->alpn_selected == NULL) {
|
||||
*al = SSL_AD_INTERNAL_ERROR;
|
||||
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
|
||||
return 0;
|
||||
}
|
||||
memcpy(s->s3->alpn_selected, selected, selected_len);
|
||||
s->s3->alpn_selected_len = selected_len;
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* ALPN takes precedence over NPN. */
|
||||
s->s3->next_proto_neg_seen = 0;
|
||||
# endif
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
|
||||
unsigned char *limit, int *al)
|
||||
{
|
||||
@ -1992,6 +2020,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
|
||||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = NULL;
|
||||
}
|
||||
s->s3->alpn_selected_len = 0;
|
||||
if (s->cert->alpn_proposed) {
|
||||
OPENSSL_free(s->cert->alpn_proposed);
|
||||
s->cert->alpn_proposed = NULL;
|
||||
}
|
||||
s->cert->alpn_proposed_len = 0;
|
||||
# ifndef OPENSSL_NO_HEARTBEATS
|
||||
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
|
||||
SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
|
||||
@ -2359,8 +2393,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
else if (type == TLSEXT_TYPE_next_proto_neg &&
|
||||
s->s3->tmp.finish_md_len == 0 &&
|
||||
s->s3->alpn_selected == NULL) {
|
||||
s->s3->tmp.finish_md_len == 0) {
|
||||
/*-
|
||||
* We shouldn't accept this extension on a
|
||||
* renegotiation.
|
||||
@ -2383,13 +2416,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
|
||||
# endif
|
||||
|
||||
else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
|
||||
s->ctx->alpn_select_cb && s->s3->tmp.finish_md_len == 0) {
|
||||
s->s3->tmp.finish_md_len == 0) {
|
||||
if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
|
||||
return 0;
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/* ALPN takes precedence over NPN. */
|
||||
s->s3->next_proto_neg_seen = 0;
|
||||
# endif
|
||||
}
|
||||
|
||||
/* session ticket processed earlier */
|
||||
@ -2698,7 +2727,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
|
||||
unsigned len;
|
||||
|
||||
/* We must have requested it. */
|
||||
if (s->alpn_client_proto_list == NULL) {
|
||||
if (!s->cert->alpn_sent) {
|
||||
*al = TLS1_AD_UNSUPPORTED_EXTENSION;
|
||||
return 0;
|
||||
}
|
||||
@ -2863,6 +2892,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
|
||||
}
|
||||
# endif
|
||||
|
||||
s->cert->alpn_sent = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -3066,6 +3096,10 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
|
||||
} else
|
||||
s->tlsext_status_expected = 0;
|
||||
|
||||
if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
err:
|
||||
switch (ret) {
|
||||
case SSL_TLSEXT_ERR_ALERT_FATAL:
|
||||
@ -3415,8 +3449,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
||||
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
|
||||
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
|
||||
sdec = OPENSSL_malloc(eticklen);
|
||||
if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
|
||||
if (sdec == NULL
|
||||
|| EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
OPENSSL_free(sdec);
|
||||
return -1;
|
||||
}
|
||||
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
|
||||
@ -3856,6 +3892,8 @@ int tls1_process_heartbeat(SSL *s)
|
||||
* plus 2 bytes payload length, plus payload, plus padding
|
||||
*/
|
||||
buffer = OPENSSL_malloc(1 + 2 + payload + padding);
|
||||
if (buffer == NULL)
|
||||
return -1;
|
||||
bp = buffer;
|
||||
|
||||
/* Enter response type, length and copy payload */
|
||||
|
@ -1065,8 +1065,8 @@ d2i_ASN1_BMPSTRING 1092 EXIST::FUNCTION:
|
||||
i2d_ASN1_BMPSTRING 1093 EXIST::FUNCTION:
|
||||
BIO_f_ber 1094 NOEXIST::FUNCTION:
|
||||
BN_init 1095 EXIST::FUNCTION:
|
||||
COMP_CTX_new 1096 EXIST::FUNCTION:
|
||||
COMP_CTX_free 1097 EXIST::FUNCTION:
|
||||
COMP_CTX_new 1096 EXIST::FUNCTION:COMP
|
||||
COMP_CTX_free 1097 EXIST::FUNCTION:COMP
|
||||
COMP_CTX_compress_block 1098 NOEXIST::FUNCTION:
|
||||
COMP_CTX_expand_block 1099 NOEXIST::FUNCTION:
|
||||
X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION:
|
||||
@ -1113,10 +1113,10 @@ PKCS7_digest_from_attributes 1140 EXIST::FUNCTION:
|
||||
PKCS7_get_attribute 1141 EXIST::FUNCTION:
|
||||
PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION:
|
||||
PKCS7_get_signed_attribute 1143 EXIST::FUNCTION:
|
||||
COMP_compress_block 1144 EXIST::FUNCTION:
|
||||
COMP_expand_block 1145 EXIST::FUNCTION:
|
||||
COMP_rle 1146 EXIST::FUNCTION:
|
||||
COMP_zlib 1147 EXIST::FUNCTION:
|
||||
COMP_compress_block 1144 EXIST::FUNCTION:COMP
|
||||
COMP_expand_block 1145 EXIST::FUNCTION:COMP
|
||||
COMP_rle 1146 EXIST::FUNCTION:COMP
|
||||
COMP_zlib 1147 EXIST::FUNCTION:COMP
|
||||
ms_time_diff 1148 NOEXIST::FUNCTION:
|
||||
ms_time_new 1149 NOEXIST::FUNCTION:
|
||||
ms_time_free 1150 NOEXIST::FUNCTION:
|
||||
@ -1945,7 +1945,7 @@ ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE
|
||||
ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE
|
||||
BN_pseudo_rand_range 2523 EXIST::FUNCTION:
|
||||
X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
|
||||
ERR_load_COMP_strings 2525 EXIST::FUNCTION:
|
||||
ERR_load_COMP_strings 2525 EXIST::FUNCTION:COMP
|
||||
PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION:
|
||||
ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
|
||||
ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
|
||||
@ -3545,8 +3545,8 @@ X509at_get0_data_by_OBJ 3931 EXIST::FUNCTION:
|
||||
ASN1_TYPE_set1 3932 EXIST::FUNCTION:
|
||||
ASN1_STRING_set0 3933 EXIST::FUNCTION:
|
||||
i2d_X509_ALGORS 3934 EXIST::FUNCTION:
|
||||
BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:
|
||||
COMP_zlib_cleanup 3936 EXIST::FUNCTION:
|
||||
BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:COMP
|
||||
COMP_zlib_cleanup 3936 EXIST::FUNCTION:COMP
|
||||
d2i_X509_ALGORS 3937 EXIST::FUNCTION:
|
||||
CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS
|
||||
PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS
|
||||
|
@ -291,8 +291,9 @@ $cflags.=" -DOPENSSL_FIPS" if $fips;
|
||||
$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
|
||||
$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
|
||||
$cflags.=" -DOPENSSL_NO_WEAK_SSL_CIPHERS" if $no_weak_ssl;
|
||||
$cflags.= " -DZLIB" if $zlib_opt;
|
||||
$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
|
||||
$cflags.=" -DZLIB" if $zlib_opt;
|
||||
$cflags.=" -DZLIB_SHARED" if $zlib_opt == 2;
|
||||
$cflags.=" -DOPENSSL_NO_COMP" if $no_comp;
|
||||
|
||||
if ($no_static_engine)
|
||||
{
|
||||
@ -850,6 +851,7 @@ sub var_add
|
||||
return("") if $no_gost && $dir =~ /\/ccgost/;
|
||||
return("") if $no_cms && $dir =~ /\/cms/;
|
||||
return("") if $no_jpake && $dir =~ /\/jpake/;
|
||||
return("") if $no_comp && $dir =~ /\/comp/;
|
||||
if ($no_des && $dir =~ /\/des/)
|
||||
{
|
||||
if ($val =~ /read_pwd/)
|
||||
@ -1198,6 +1200,7 @@ sub read_options
|
||||
"nw-mwasm" => \$nw_mwasm,
|
||||
"gaswin" => \$gaswin,
|
||||
"no-ssl2" => \$no_ssl2,
|
||||
"no-ssl2-method" => 0,
|
||||
"no-ssl3" => \$no_ssl3,
|
||||
"no-ssl3-method" => 0,
|
||||
"no-tlsext" => \$no_tlsext,
|
||||
@ -1242,6 +1245,7 @@ sub read_options
|
||||
"no-unit-test" => 0,
|
||||
"no-libunbound" => 0,
|
||||
"no-multiblock" => 0,
|
||||
"no-comp" => \$no_comp,
|
||||
"fips" => \$fips
|
||||
);
|
||||
|
||||
@ -1259,7 +1263,6 @@ sub read_options
|
||||
}
|
||||
}
|
||||
}
|
||||
elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; }
|
||||
elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
|
||||
elsif (/^enable-zlib-dynamic$/)
|
||||
{
|
||||
|
@ -107,6 +107,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
|
||||
"CAPIENG",
|
||||
# SSL v2
|
||||
"SSL2",
|
||||
# SSL v2 method
|
||||
"SSL2_METHOD",
|
||||
# SSL v3 method
|
||||
"SSL3_METHOD",
|
||||
# JPAKE
|
||||
@ -145,7 +147,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
|
||||
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
|
||||
my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
|
||||
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
|
||||
my $no_unit_test; my $no_ssl3_method;
|
||||
my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method;
|
||||
|
||||
my $fips;
|
||||
|
||||
@ -240,6 +242,7 @@ foreach (@ARGV, split(/ /, $options))
|
||||
elsif (/^no-ec_nistp_64_gcc_128$/) { $no_nistp_gcc=1; }
|
||||
elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; }
|
||||
elsif (/^no-ssl2$/) { $no_ssl2=1; }
|
||||
elsif (/^no-ssl2-method$/) { $no_ssl2_method=1; }
|
||||
elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
|
||||
elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; }
|
||||
elsif (/^no-capieng$/) { $no_capieng=1; }
|
||||
@ -1215,6 +1218,7 @@ sub is_valid
|
||||
if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
|
||||
{ return 0; }
|
||||
if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
|
||||
if ($keyword eq "SSL2_METHOD" && $no_ssl2_method) { return 0; }
|
||||
if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
|
||||
if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; }
|
||||
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
|
||||
|
@ -27,6 +27,15 @@ SunOS|IRIX*)
|
||||
LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64
|
||||
preload_var=LD_PRELOAD_64
|
||||
;;
|
||||
*ELF\ 32*SPARC*|*ELF\ 32*80386*)
|
||||
# We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32
|
||||
# on a multi-arch system. Otherwise, trust the fallbacks.
|
||||
if [ -f /lib/64/ld.so.1 ]; then
|
||||
[ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32
|
||||
LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32
|
||||
preload_var=LD_PRELOAD_32
|
||||
fi
|
||||
;;
|
||||
# Why are newly built .so's preloaded anyway? Because run-time
|
||||
# .so lookup path embedded into application takes precedence
|
||||
# over LD_LIBRARY_PATH and as result application ends up linking
|
||||
|
@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms 109 NOEXIST::FUNCTION:
|
||||
SSLv23_client_method 110 EXIST::FUNCTION:RSA
|
||||
SSLv23_method 111 EXIST::FUNCTION:RSA
|
||||
SSLv23_server_method 112 EXIST::FUNCTION:RSA
|
||||
SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2
|
||||
SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2
|
||||
SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2
|
||||
SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2_METHOD
|
||||
SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2_METHOD
|
||||
SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2_METHOD
|
||||
SSLv3_client_method 116 EXIST::FUNCTION:SSL3_METHOD
|
||||
SSLv3_method 117 EXIST::FUNCTION:SSL3_METHOD
|
||||
SSLv3_server_method 118 EXIST::FUNCTION:SSL3_METHOD
|
||||
|
Loading…
Reference in New Issue
Block a user