diff options
| author |   djm <djm@openbsd.org> | 2009-01-05 21:36:37 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2009-01-05 21:36:37 +0000 |
| commit | 8214bb003f591cff80401f6649ee13ec96a00866 (patch) | |
| tree | cf9ad15d0f4ad517b261e29d2edfe1bf6cb57361 /lib/libssl/src | |
| parent | - clear some confusion, the chip supports vlan tag insertion/stripping, (diff) | |
| download | wireguard-openbsd-8214bb003f591cff80401f6649ee13ec96a00866.tar.xz wireguard-openbsd-8214bb003f591cff80401f6649ee13ec96a00866.zip | |
update to openssl-0.9.8i; tested by several, especially krw@
Diffstat (limited to 'lib/libssl/src')
99 files changed, 4426 insertions, 2812 deletions
diff --git a/lib/libssl/src/CHANGES b/lib/libssl/src/CHANGES index 217aa70dcbb..72cc168f6a5 100644 --- a/lib/libssl/src/CHANGES +++ b/lib/libssl/src/CHANGES @@ -2,6 +2,60 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8h and 0.9.8i [15 Sep 2008] + + *) Fix a state transitition in s3_srvr.c and d1_srvr.c + (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). + [Nagendra Modadugu] + + *) The fix in 0.9.8c that supposedly got rid of unsafe + double-checked locking was incomplete for RSA blinding, + addressing just one layer of what turns out to have been + doubly unsafe triple-checked locking. + + So now fix this for real by retiring the MONT_HELPER macro + in crypto/rsa/rsa_eay.c. + + [Bodo Moeller; problem pointed out by Marius Schilder] + + *) Various precautionary measures: + + - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h). + + - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c). + (NB: This would require knowledge of the secret session ticket key + to exploit, in which case you'd be SOL either way.) + + - Change bn_nist.c so that it will properly handle input BIGNUMs + outside the expected range. + + - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG + builds. + + [Neel Mehta, Bodo Moeller] + + *) Add support for Local Machine Keyset attribute in PKCS#12 files. + [Steve Henson] + + *) Fix BN_GF2m_mod_arr() top-bit cleanup code. + [Huang Ying] + + *) Expand ENGINE to support engine supplied SSL client certificate functions. + + This work was sponsored by Logica. + [Steve Henson] + + *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows + keystores. Support for SSL/TLS client authentication too. + Not compiled unless enable-capieng specified to Configure. + + This work was sponsored by Logica. + [Steve Henson] + + *) Allow engines to be "soft loaded" - i.e. optionally don't die if + the load fails. Useful for distros. + [Ben Laurie and the FreeBSD team] + Changes between 0.9.8g and 0.9.8h [28 May 2008] *) Fix flaw if 'Server Key exchange message' is omitted from a TLS diff --git a/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head b/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head index 1203a22158a..e69de29bb2d 100644 --- a/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head +++ b/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head @@ -1,163 +0,0 @@ -This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS, -provides a collection of those CVS change log entries for the -0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in -0.9.8-dev (CVS head). - -ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes -ChangeLog.0_9_7-stable_not-in-head - everything else - -Some obvious false positives have been eliminated: e.g., we do not -care about a simple "make update"; and we don't care about changes -identified to the 0.9.7 branch that were explicitly identified as -backports from head. - -Eliminating all other entries (and finally this file and its -compantion), either as false positives or as things that should go -into 0.9.8, remains to be done. Any additional changes to 0.9.7 that -are not immediately put into 0.9.8, but belong there as well, should -be added to the end of this file. - - -2002-11-04 17:33 levitte - - Changed: - Configure (1.314.2.38), "Exp", lines: +4 -2 - - Return my normal debug targets to something not so extreme, and - make the extreme ones special (or 'extreme', if you will :-)). - -2002-12-16 19:17 appro - - Changed: - crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0 - crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445 - - This is rollback to 0.9.6h bn_mul.c to address problem reported in - RT#272. - -2003-07-27 15:46 ben - - Changed: - crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0 - crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0 - - Add untested CFB-r mode. Will be tested soon. - -2003-07-28 17:07 ben - - Changed: - Makefile.org (1.154.2.69), "Exp", lines: +5 -1 - crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0 - crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0 - crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2 - crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16 - crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0 - crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1 - crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2 - crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11 - crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2 - crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5 - crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0 - crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0 - crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0 - fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0 - fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1 - fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1 - test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43 - - Add support for partial CFB modes, make tests work, update - dependencies. - -2003-07-29 12:56 ben - - Changed: - crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6 - crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0 - crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8 - crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1 - - Working CFB1 and test vectors. - -2003-07-29 15:24 ben - - Changed: - crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0 - crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5 - crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0 - crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0 - crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0 - fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1 - fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19 - - The rest of the keysizes for CFB1, working AES AVS test for CFB1. - -2003-07-29 19:05 ben - - Changed: - crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0 - crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0 - crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0 - crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9 - crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0 - crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5 - crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0 - crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0 - crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0 - fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0 - - AES CFB8. - -2003-07-30 20:30 ben - - Changed: - Makefile.org (1.154.2.70), "Exp", lines: +16 -5 - crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1 - crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0 - crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14 - crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1 - crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0 - crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0 - crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23 - crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6 - crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0 - crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6 - fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1 - fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0 - fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1 - fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 - fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0 - fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 - fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0 - fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0 - fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0 - - Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. - -2003-08-01 12:25 ben - - Changed: - crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36 - crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0 - crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3 - crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0 - - Fix DES CFB-r. - -2003-08-01 12:31 ben - - Changed: - crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0 - - DES CFB8 test. - -2005-04-19 16:21 appro - - Changed: - Configure (1.314.2.117), "Exp", lines: +24 -21 - Makefile.org (1.154.2.100), "Exp", lines: +1 -11 - TABLE (1.99.2.52), "Exp", lines: +20 -20 - apps/Makefile (1.1.4.15), "Exp", lines: +1 -1 - test/Makefile (1.1.4.12), "Exp", lines: +1 -1 - - Enable shared link on HP-UX. - diff --git a/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS b/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS index 1e6c88f77ab..e69de29bb2d 100644 --- a/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS +++ b/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS @@ -1,1494 +0,0 @@ -See file ChangeLog.0_9_7-stable_not-in-head for explanations. -This is the "FIPS"-related part. - - - -2003-07-27 19:00 ben - - Changed: - Configure (1.314.2.85), "Exp", lines: +2 -0 - Makefile.org (1.154.2.67), "Exp", lines: +12 -3 - crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0 - crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0 - crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1 - crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0 - crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1 - crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1 - crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2 - crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3 - crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4 - crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0 - crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0 - crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0 - crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0 - crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0 - crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0 - crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0 - crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7 - crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0 - crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4 - crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1 - crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0 - crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1 - crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4 - crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4 - crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15 - crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0 - crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0 - crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1 - crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0 - crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2 - crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6 - fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 - fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0 - fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 - fips/fips.c (1.1.2.1), "Exp", lines: +74 -0 - fips/fips.h (1.1.2.1), "Exp", lines: +85 -0 - fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0 - fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0 - fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0 - fips/lib (1.1.2.1), "Exp", lines: +0 -0 - fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0 - fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 - fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 - fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0 - fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0 - fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0 - fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 - fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 - fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0 - fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0 - fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0 - fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 - fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 - fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 - fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0 - fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0 - fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0 - fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 - fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 - fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 - fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0 - fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0 - fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0 - fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0 - fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0 - fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0 - test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13 - util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1 - - Unfinished FIPS stuff for review/improvement. - -2003-07-27 19:19 ben - - Changed: - fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1 - - Use unified diff. - -2003-07-27 19:23 ben - - Changed: - fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3 - fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1 - fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1 - - Build in non-FIPS mode. - -2003-07-27 23:13 ben - - Changed: - Makefile.org (1.154.2.68), "Exp", lines: +1 -1 - fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1 - fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0 - fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0 - fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1 - fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 - fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1 - fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0 - fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1 - - Build when not FIPS. - -2003-07-28 11:56 ben - - Changed: - fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1 - - New fingerprints. - -2003-07-29 16:06 ben - - Changed: - fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303 - - Reformat. - -2003-07-29 16:34 ben - - Changed: - fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17 - - MMT for CFB1 - -2003-07-29 17:17 ben - - Changed: - fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0 - fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0 - fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0 - - Missing files. - -2003-07-31 23:30 levitte - - Changed: - Makefile.org (1.154.2.71), "Exp", lines: +2 -0 - - If FDIRS is to be treated like SDIRS, let's not forget to - initialize it in Makefile.org. - -2003-07-31 23:41 levitte - - Changed: - fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3 - - No C++ comments in C programs! - -2003-08-01 15:07 steve - - Changed: - fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3 - - Replace C++ style comments. - -2003-08-03 14:22 ben - - Changed: - fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37 - - Make tests work (CFB1 still doesn't produce the right answers, - strangely). - -2003-08-08 12:08 levitte - - Changed: - fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0 - - Avoid clashing with the regular DES functions when not compiling - with -DFIPS. This is basically only visible when building with - shared library supoort... - -2003-08-11 11:36 levitte - - Deleted: - fips/sha1/.cvsignore (1.1.2.2) - fips/sha1/Makefile.ssl (1.1.2.3) - fips/sha1/fingerprint.sha1 (1.1.2.3) - fips/sha1/fips_md32_common.h (1.1.2.2) - fips/sha1/fips_sha1dgst.c (1.1.2.3) - fips/sha1/fips_sha1test.c (1.1.2.3) - fips/sha1/fips_sha_locl.h (1.1.2.2) - fips/sha1/fips_standalone_sha1.c (1.1.2.3) - fips/sha1/sha1hashes.txt (1.1.2.2) - fips/sha1/sha1vectors.txt (1.1.2.2) - fips/sha1/standalone.sha1 (1.1.2.4) - fips/dsa/.cvsignore (1.1.2.2) - fips/dsa/Makefile.ssl (1.1.2.2) - fips/dsa/fingerprint.sha1 (1.1.2.3) - fips/dsa/fips_dsa_ossl.c (1.1.2.3) - fips/dsa/fips_dsatest.c (1.1.2.3) - fips/rand/.cvsignore (1.1.2.2) - fips/rand/Makefile.ssl (1.1.2.2) - fips/rand/fingerprint.sha1 (1.1.2.2) - fips/rand/fips_rand.c (1.1.2.2) - fips/rand/fips_rand.h (1.1.2.2) - fips/rand/fips_randtest.c (1.1.2.2) - fips/des/.cvsignore (1.1.2.2) - fips/des/Makefile.ssl (1.1.2.3) - fips/des/fingerprint.sha1 (1.1.2.2) - fips/des/fips_des_enc.c (1.1.2.3) - fips/des/fips_des_locl.h (1.1.2.2) - fips/des/fips_desmovs.c (1.1.2.3) - fips/aes/.cvsignore (1.1.2.2) - fips/aes/Makefile.ssl (1.1.2.5) - fips/aes/fingerprint.sha1 (1.1.2.2) - fips/aes/fips_aes_core.c (1.1.2.2) - fips/aes/fips_aes_locl.h (1.1.2.2) - fips/aes/fips_aesavs.c (1.1.2.9) - fips/.cvsignore (1.1.2.2) - fips/Makefile.ssl (1.1.2.6) - fips/fingerprint.sha1 (1.1.2.3) - fips/fips.c (1.1.2.2) - fips/fips.h (1.1.2.2) - fips/fips_check_sha1 (1.1.2.4) - fips/fips_err.c (1.1.2.2) - fips/fips_err_wrapper.c (1.1.2.2) - fips/fips_make_sha1 (1.1.2.4) - fips/lib (1.1.2.2) - Changed: - util/libeay.num (1.173.2.16), "Exp", lines: +11 -38 - util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2 - test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180 - crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7 - crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16 - crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17 - crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9 - crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2 - crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3 - crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11 - crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27 - crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32 - crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8 - crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11 - crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7 - crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7 - crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8 - crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4 - crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22 - crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43 - crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3 - crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36 - crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3 - crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24 - crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11 - crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17 - crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106 - crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10 - crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2 - crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12 - crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8 - crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17 - crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2 - crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4 - crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1 - crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1 - crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4 - crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1 - crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2 - crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1 - crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2 - crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9 - crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93 - crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4 - crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5 - crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11 - Configure (1.314.2.86), "Exp", lines: +0 -2 - Makefile.org (1.154.2.72), "Exp", lines: +8 -34 - TABLE (1.99.2.30), "Exp", lines: +0 -50 - - A new branch for FIPS-related changes has been created with the - name OpenSSL-fips-0_9_7-stable. - - Since the 0.9.7-stable branch is supposed to be in freeze - and should only contain bug corrections, this change removes the - FIPS changes from that branch. - -2004-05-11 14:44 ben - - Deleted: - apps/Makefile.ssl (1.100.2.27) - crypto/Makefile.ssl (1.84.2.12) - crypto/aes/Makefile.ssl (1.4.2.9) - crypto/asn1/Makefile.ssl (1.77.2.7) - crypto/bf/Makefile.ssl (1.25.2.6) - crypto/bio/Makefile.ssl (1.52.2.4) - crypto/bn/Makefile.ssl (1.65.2.9) - crypto/buffer/Makefile.ssl (1.32.2.4) - crypto/cast/Makefile.ssl (1.31.2.6) - crypto/comp/Makefile.ssl (1.32.2.4) - crypto/conf/Makefile.ssl (1.38.2.8) - crypto/des/Makefile.ssl (1.61.2.13) - crypto/dh/Makefile.ssl (1.43.2.5) - crypto/dsa/Makefile.ssl (1.49.2.9) - crypto/dso/Makefile.ssl (1.11.2.4) - crypto/ec/Makefile.ssl (1.7.2.4) - crypto/engine/Makefile.ssl (1.30.2.13) - crypto/err/Makefile.ssl (1.48.2.7) - crypto/evp/Makefile.ssl (1.64.2.12) - crypto/hmac/Makefile.ssl (1.33.2.6) - crypto/idea/Makefile.ssl (1.20.2.4) - crypto/krb5/Makefile.ssl (1.5.2.6) - crypto/lhash/Makefile.ssl (1.28.2.4) - crypto/md2/Makefile.ssl (1.29.2.5) - crypto/md4/Makefile.ssl (1.6.2.7) - crypto/md5/Makefile.ssl (1.33.2.10) - crypto/mdc2/Makefile.ssl (1.30.2.4) - crypto/objects/Makefile.ssl (1.46.2.6) - crypto/ocsp/Makefile.ssl (1.19.2.7) - crypto/pem/Makefile.ssl (1.51.2.5) - crypto/pkcs12/Makefile.ssl (1.37.2.5) - crypto/pkcs7/Makefile.ssl (1.47.2.5) - crypto/rand/Makefile.ssl (1.56.2.8) - crypto/rc2/Makefile.ssl (1.20.2.4) - crypto/rc4/Makefile.ssl (1.25.2.6) - crypto/rc5/Makefile.ssl (1.22.2.6) - crypto/ripemd/Makefile.ssl (1.25.2.9) - crypto/rsa/Makefile.ssl (1.53.2.6) - crypto/sha/Makefile.ssl (1.26.2.9) - crypto/stack/Makefile.ssl (1.28.2.4) - crypto/txt_db/Makefile.ssl (1.26.2.4) - crypto/ui/Makefile.ssl (1.10.2.6) - crypto/x509/Makefile.ssl (1.56.2.5) - crypto/x509v3/Makefile.ssl (1.62.2.5) - ssl/Makefile.ssl (1.53.2.11) - test/Makefile.ssl (1.84.2.36) - tools/Makefile.ssl (1.9.2.4) - Changed: - .cvsignore (1.7.6.2), "Exp", lines: +2 -1 - Configure (1.314.2.92), "Exp", lines: +38 -8 - FAQ (1.61.2.31), "Exp", lines: +1 -1 - INSTALL (1.45.2.9), "Exp", lines: +2 -2 - INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4 - Makefile.org (1.154.2.78), "Exp", lines: +51 -19 - PROBLEMS (1.4.2.10), "Exp", lines: +2 -2 - e_os.h (1.56.2.17), "Exp", lines: +20 -1 - apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0 - apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0 - apps/apps.c (1.49.2.27), "Exp", lines: +0 -10 - apps/ca.c (1.102.2.31), "Exp", lines: +0 -10 - apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11 - apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0 - crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0 - crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0 - crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1 - crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0 - crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0 - crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0 - crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0 - crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0 - crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0 - crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0 - crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0 - crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0 - crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0 - crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1 - crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0 - crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0 - crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0 - crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0 - crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0 - crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0 - crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0 - crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1 - crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0 - crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1 - crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2 - crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3 - crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0 - crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0 - crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0 - crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1 - crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0 - crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0 - crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0 - crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0 - crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0 - crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0 - crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0 - crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2 - crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0 - crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0 - crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0 - crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0 - crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0 - crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0 - crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0 - crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4 - crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3 - crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4 - crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11 - crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1 - crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0 - crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2 - crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8 - crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1 - crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0 - crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0 - crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0 - crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0 - crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0 - crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0 - crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0 - crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0 - crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0 - crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3 - crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0 - crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0 - crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0 - crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0 - crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0 - crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0 - crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0 - crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0 - crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0 - crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0 - crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1 - crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0 - crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0 - crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0 - crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0 - crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0 - crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0 - crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1 - crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0 - crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0 - crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0 - crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0 - crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0 - crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0 - crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0 - crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0 - fips/Makefile (1.1.4.1), "Exp", lines: +202 -0 - fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4 - fips/fips.c (1.1.2.3), "Exp", lines: +120 -5 - fips/fips.h (1.1.2.3), "Exp", lines: +42 -2 - fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2 - fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0 - fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2 - fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0 - fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6 - fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0 - fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0 - fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0 - fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2 - fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2 - fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0 - fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0 - fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6 - fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0 - fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2 - fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3 - fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1 - fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0 - fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79 - fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0 - fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0 - fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0 - fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1 - fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0 - fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3 - fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0 - fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6 - fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0 - fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0 - fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2 - fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10 - fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1 - fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10 - fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0 - fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0 - fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0 - fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0 - fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0 - fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2 - fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0 - fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3 - fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0 - fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0 - fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4 - fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0 - fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0 - fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7 - fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0 - fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0 - fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4 - fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0 - ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10 - ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11 - ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11 - ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4 - shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3 - ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0 - ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0 - ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0 - ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0 - ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1 - ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1 - ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1 - test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0 - test/Makefile (1.1.4.1), "Exp", lines: +941 -0 - test/bctest (1.14.2.1), "Exp", lines: +1 -1 - test/testenc (1.3.8.1), "Exp", lines: +1 -1 - test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0 - tools/Makefile (1.1.4.1), "Exp", lines: +61 -0 - util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3 - util/domd (1.6.2.3), "Exp", lines: +5 -5 - util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3 - util/libeay.num (1.173.2.19), "Exp", lines: +55 -11 - util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4 - util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4 - util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1 - util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1 - util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1 - util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2 - util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1 - util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1 - util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1 - util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1 - util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2 - util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2 - util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1 - util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1 - - Pull FIPS back into stable. - -2004-05-12 10:27 levitte - - Changed: - apps/Makefile (1.1.4.2), "Exp", lines: +3 -1 - - Only check for FIPS signatures when FIPS is enabled. - -2004-05-12 10:28 levitte - - Changed: - crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1 - - Makefile.ssl changed name to Makefile. - -2004-05-12 10:28 levitte - - Changed: - fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1 - - Only really build this file when OPENSSL_FIPS is defined. And oh, - let's keep internal variables static. - -2004-05-12 10:42 levitte - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 - - I forgot to modify the signature for fips_rand.c... - -2004-05-12 10:46 levitte - - Changed: - fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0 - fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1 - fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3 - fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2 - fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 - fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 - - Ignore the 'lib' timestamp file. - -2004-05-12 12:07 levitte - - Changed: - fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0 - fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 - - Ignore 'Makefile.save' - -2004-05-12 16:11 ben - - Changed: - crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0 - crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0 - fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.4), "Exp", lines: +5 -1 - fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0 - - Blow up in people's faces if they don't reseed. - -2004-05-15 19:51 ben - - Changed: - crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0 - crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1 - crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0 - fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3 - fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1 - fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 - fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1 - fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0 - fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0 - fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1 - - Fix self-tests, ban some things in FIPS mode, fix copyrights. - -2004-05-17 06:28 levitte - - Changed: - util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2 - util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4 - util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3 - util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2 - util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2 - util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2 - util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2 - util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2 - util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2 - util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2 - util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2 - - Generate SHA1 files on Windows and other platforms supported by - mk1mf.pl, when building in FIPS mode. - - Note: UNTESTED! - -2004-05-17 06:30 levitte - - Changed: - apps/apps.h (1.44.2.14), "Exp", lines: +3 -0 - apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5 - - Make sure the applications know when we are running in FIPS mode. - We can't use the variable in libcrypto, since it's supposedly - unknown. - - Note: currently only supported in MONOLITH mode. - -2004-05-17 06:31 levitte - - Changed: - apps/enc.c (1.35.2.9), "Exp", lines: +10 -1 - - When in FIPS mode, use SHA1 to digest the key, rather than MD5, as - MD5 isn't a FIPS-approved algorithm. - - Note: this means the user needs to keep track of this, and - we need to add support for that... - -2004-05-19 16:16 levitte - - Changed: - fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2 - fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8 - fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1 - fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 - fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2 - fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4 - fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 - fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5 - crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0 - crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0 - crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0 - - Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation - for size_t-ification of those algorithms in future version of - OpenSSL... - -2004-05-27 11:33 levitte - - Changed: - makevms.com (1.35.2.3), "Exp", lines: +27 -0 - - Copy the FIPS files to the temporary openssl include directory. - -2004-05-27 12:04 levitte - - Changed: - fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0 - makevms.com (1.35.2.4), "Exp", lines: +8 -0 - - Compile the FIPS directory on VMS as well. fips-lib.com is - essentially a copy of crypto-lib.com, with just a few edits. - -2004-05-27 12:07 levitte - - Changed: - fips/install.com (1.1.2.1), "Exp", lines: +55 -0 - install.com (1.4.2.2), "Exp", lines: +6 -6 - - Run an installation of FIPS stuff as well. - -2004-05-27 12:19 levitte - - Changed: - test/maketests.com (1.13.2.5), "Exp", lines: +3 -3 - apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3 - - Make sure o_str.h is reachable. - -2004-06-19 15:15 ben - - Changed: - Makefile.org (1.154.2.80), "Exp", lines: +1 -1 - crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1 - crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0 - crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1 - crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9 - crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0 - fips/Makefile (1.1.4.2), "Exp", lines: +13 -14 - fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 - fips/fips.h (1.1.2.4), "Exp", lines: +1 -0 - fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0 - fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0 - fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9 - fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2 - - The version that was actually submitted for FIPS testing. - -2004-06-19 15:16 ben - - Changed: - fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0 - fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 - fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0 - fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0 - fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0 - - Add Diffie-Hellman to FIPS. - -2004-06-19 15:18 ben - - Changed: - fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0 - fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 - - Update ignores. - -2004-06-21 11:07 levitte - - Changed: - fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5 - fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5 - fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6 - fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 - fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 - fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5 - - Make sure we don't try to loop over an empty EXHEADER. In the - Makefiles where this was fixed by commenting away code, change it - to check for an empty EXHEADER instead, so we have less hassle in a - future where EXHEADER changes. - - PR: 900 - -2004-06-21 20:05 levitte - - Changed: - Makefile.org (1.154.2.82), "Exp", lines: +3 -1 - - Standard sh doesn't tolerate ! as part of the conditional command. - - PR: 900 - -2004-06-28 22:33 levitte - - Changed: - fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0 - fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2 - fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0 - - Make sure the FIPS stuff is only really compiled when in FIPS mode. - -2004-07-12 19:59 ben - - Changed: - fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6 - fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3 - - Corrected test program. - -2004-07-17 14:48 appro - - Changed: - fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1 - - Eliminate enforced -g from CFLAGS. It switches off optimization - with some compilers, e.g. DEC C. - -2004-07-21 19:41 steve - - Changed: - crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0 - - When in FIPS mode write private keys in PKCS#8 and PBES2 format to - avoid use of prohibited MD5 algorithm. - -2004-07-23 15:20 ben - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7 - fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2 - - Convert to X9.31. - -2004-07-21 19:35 steve - - Changed: - fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.5), "Exp", lines: +3 -3 - fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8 - - Avoid compiler warnings. - -2004-07-27 02:17 steve - - Changed: - fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8 - - Stop compiler warnings. - -2004-07-27 02:20 steve - - Changed: - crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0 - - Add FIPS name to error library. - -2004-07-27 14:22 steve - - Changed: - Makefile.org (1.154.2.84), "Exp", lines: +3 -3 - fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1 - fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1 - - Rename libcrypto.sha1 to libcrypto.a.sha1 - -2004-07-27 20:28 steve - - Changed: - ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33 - ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0 - ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0 - ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1 - - New cipher "strength" FIPS which specifies that a cipher suite is - FIPS compatible. - - New cipherstring "FIPS" is all FIPS compatible ciphersuites - except eNULL. - - Only allow FIPS ciphersuites in FIPS mode. - -2004-07-28 04:24 levitte - - Changed: - makevms.com (1.35.2.6), "Exp", lines: +2 -2 - - From the FIPS directory, darnit! - -2004-07-28 15:47 levitte - - Changed: - makevms.com (1.35.2.7), "Exp", lines: +5 -1 - - Define OPENSSL_FIPS in opensslconf.h if a logical name with the - same name is defined. - - Go up one directory level before dealing with FIPS stuff. - -2004-07-30 00:26 levitte - - Changed: - fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3 - - We're building crypto stuff, not ssl stuff. Additionally, we're in - the fips subdirectory, not the crypto one... - -2004-07-30 16:37 levitte - - Changed: - fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2 - fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1 - fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2 - fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3 - ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2 - fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2 - fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1 - fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1 - fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1 - fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 - fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3 - fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2 - fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 - fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2 - fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3 - fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2 - fips/fips.c (1.1.2.6), "Exp", lines: +76 -23 - fips/fips.h (1.1.2.5), "Exp", lines: +2 -3 - fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2 - fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 - fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1 - crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1 - crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1 - crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2 - crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1 - crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2 - crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6 - crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1 - crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2 - - To protect FIPS-related global variables, add locking mechanisms - around them. - - NOTE: because two new locks are added, this adds potential - binary incompatibility with earlier versions in the 0.9.7 series. - However, those locks will only ever be touched when FIPS_mode_set() - is called and after, thanks to a variable that's only changed from - 0 to 1 once (when FIPS_mode_set() is called). So basically, as - long as FIPS mode hasn't been engaged explicitely by the calling - application, the new locks are treated as if they didn't exist at - all, thus not becoming a problem. Applications that are built or - rebuilt to use FIPS functionality will need to be recompiled in any - case, thus not being a problem either. - -2004-08-02 16:15 levitte - - Changed: - crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4 - - Let's lock a write lock when changing values, shall we? - - Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk> - for making me aware of this error. - -2004-08-05 20:11 steve - - Changed: - fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.7), "Exp", lines: +1 -1 - - Stop compiler giving bogus shadow warning. - -2004-08-09 14:13 levitte - - Changed: - makevms.com (1.35.2.8), "Exp", lines: +1 -1 - - In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... - -2004-08-09 14:14 levitte - - Changed: - fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4 - - Correct typos and include directory specifications. - -2004-08-10 11:11 levitte - - Changed: - fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1 - - Update the VMS fips library builder with the DH library. - -2004-08-10 12:04 levitte - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1 - - With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED - to get struct timeval and gettimeofday(). - -2004-09-06 16:19 levitte - - Changed: - fips/fips.c (1.1.2.8), "Exp", lines: +5 -4 - - Replace the bogus checks of n with proper uses of feof(), ferror() - and clearerr(). - -2004-09-06 16:21 levitte - - Changed: - fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2 - - num is an unsigned long, but since it was transfered from - crypto/sha/sha_locl.h, where it is in fact an int, we need to check - for less-than-zero as if it was an int... - -2004-10-08 12:03 ben - - Changed: - fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 - fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1 - - Update fingerprints. - -2004-10-14 07:51 levitte - - Changed: - VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0 - - We need to check for OPENSSL_FIPS when building shared libraries, - so we get correct transfer vectors for those functions when - required. - -2004-10-26 13:47 steve - - Changed: - util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0 - - Add fips/dh directory to mkfiles.pl - -2004-10-26 14:17 levitte - - Changed: - fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1 - util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0 - fips/Makefile (1.1.4.5), "Exp", lines: +7 -1 - crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7 - - fips/dh was missing in mkfiles.pl. make update - -2004-10-26 15:01 steve - - Changed: - util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1 - - Only add fips/dh once... - -2004-11-01 09:20 levitte - - Changed: - fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 - fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1 - - Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if - not already defined. - -2004-12-09 19:03 appro - - vChanged: - crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0 - - Postpone linking of shared libcrypto in FIPS build. - -2004-12-09 19:13 appro - - Changed: - fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.9), "Exp", lines: +13 -1 - fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2 - - Cygwin specific FIPS fix-ups. - -2004-12-09 23:43 appro - - Changed: - Configure (1.314.2.100), "Exp", lines: +2 -3 - crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2 - - Eliminate false dependency on 386 config option is FIPS context. - At the same time limit assembler support to ELF platforms [that's - what is there, ELF modules]. - -2004-12-10 12:37 appro - - Changed: - Configure (1.314.2.101), "Exp", lines: +10 -3 - crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2 - - Respect no-asm with fips option and disable FIPS DES assembler in - shared context [because it's not PIC]. - -2004-12-10 14:15 appro - - Changed: - fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1 - fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32 - - Solaris x86 assembler update. - -2004-12-10 17:30 appro - - Changed: - fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1 - fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1 - fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1 - - Adapt FIPS sub-tree for mingw. - -2005-01-03 18:46 steve - - Changed: - fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11 - - RSA KAT. - -2005-01-11 17:54 levitte - - Changed: - fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2 - - Clear signed vs. unsigned conflicts. Change the fingerprint - accordingly. - -2005-01-11 19:25 levitte - - Changed: - ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2 - fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3 - fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4 - fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7 - fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2 - apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1 - fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7 - - Use EXIT() instead of exit(). - -2005-01-26 21:00 steve - - Changed: - apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0 - apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1 - crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0 - crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1 - crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1 - crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1 - crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1 - crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1 - crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7 - crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0 - crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11 - crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3 - crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6 - crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0 - crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1 - crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1 - crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2 - crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1 - crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0 - crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0 - crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0 - crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0 - crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0 - crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1 - crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0 - crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0 - crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0 - crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0 - crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0 - crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0 - crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1 - crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0 - crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1 - crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0 - crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1 - crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1 - crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1 - crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1 - crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0 - crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0 - crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1 - crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1 - crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0 - crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0 - crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1 - crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0 - crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0 - crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1 - crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1 - ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0 - ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0 - ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0 - ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0 - - FIPS algorithm blocking. - - Non FIPS algorithms are not normally allowed in FIPS mode. - - Any attempt to use them via high level functions will - return an error. - - The low level non-FIPS algorithm functions cannot return - errors so they produce assertion failures. HMAC also has to give an - assertion error because it (erroneously) can't return an error - either. - - There are exceptions (such as MD5 in TLS and non - cryptographic use of algorithms) and applications can override the - blocking and use non FIPS algorithms anyway. - - For low level functions the override is perfomed by - prefixing the algorithm initalization function with "private_" for - example private_MD5_Init(). - - For high level functions an override is performed by - setting a flag in the context. - -2005-01-27 02:49 steve - - Changed: - apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5 - crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0 - crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0 - crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0 - - More FIPS algorithm blocking. - - Catch attempted use of non FIPS algorithms with HMAC. - - Give an assertion error for applications that ignore FIPS - digest errors. - - Make -non-fips-allow work with dgst and HMAC. - -2005-01-28 15:03 steve - - Changed: - apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1 - apps/enc.c (1.35.2.13), "Exp", lines: +38 -4 - crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0 - crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0 - crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15 - crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0 - test/testenc (1.3.8.2), "Exp", lines: +8 -8 - - Further FIPS algorithm blocking. - - Fixes to cipher blocking and enabling code. - - Add option -non-fips-allow to 'enc' and update testenc. - -2005-01-31 02:33 steve - - Changed: - ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0 - ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0 - ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8 - ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0 - ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8 - ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0 - ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8 - ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1 - ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9 - ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18 - - Only allow TLS is FIPS mode. - - Remove old FIPS_allow_md5() calls. - -2005-02-05 19:24 steve - - Changed: - apps/req.c (1.88.2.18), "Exp", lines: +8 -1 - apps/x509.c (1.67.2.20), "Exp", lines: +8 -1 - - In FIPS mode use SHA1 as default digest in x509 and req utilities. - -2005-03-15 10:46 appro - - Changed: - Makefile.org (1.154.2.96), "Exp", lines: +1 -1 - crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3 - fips/Makefile (1.1.4.8), "Exp", lines: +4 -1 - - Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this - in crypto/Makefile and make Makefile.org and fips/Makefile more - discreet. - -2005-03-22 18:29 steve - - Changed: - fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1 - fips/fips.c (1.1.2.10), "Exp", lines: +1 -0 - - Fix memory leak. - -2005-03-27 05:36 steve - - Changed: - crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1 - ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3 - - Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS - mode. - -2005-04-14 14:44 steve - - Changed: - fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0 - util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0 - - Perl script that checks or rebuilds FIPS hash files. This works on - both Unix and Windows. - - Merge all FIPS hash files into a single hash file - fips/fips.sha1 - -2005-04-15 05:27 steve - - Changed: - fips/Makefile (1.1.4.9), "Exp", lines: +1 -1 - fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4 - fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4 - fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4 - fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4 - fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4 - fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4 - fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7 - - Update hash checking in makefiles to use new perl script. - -2005-04-17 06:37 steve - - Changed: - util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127 - - Modify checkhash.pl so it can be run standalone or included as a - funtion in another perl script. - -2005-04-17 16:00 appro - - Changed: - fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5 - - Bring back fips_standalone_sha1. - -2005-04-17 16:17 appro - - Deleted: - fips/sha1/asm/sx86-elf.s (1.1.4.4) - Changed: - Configure (1.314.2.114), "Exp", lines: +1 -1 - fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1 - fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1 - fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0 - - Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s. - -2005-04-17 16:21 steve - - Changed: - util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0 - - Return 0 for successful hash check. - -2005-04-17 16:54 appro - - Changed: - Configure (1.314.2.116), "Exp", lines: +8 -1 - Makefile.org (1.154.2.99), "Exp", lines: +3 -2 - crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0 - fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0 - fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2 - fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0 - - Throw in fips/aes/asm/fips-ax86-elf.s. - -2005-04-17 16:35 appro - - Changed: - Configure (1.314.2.115), "Exp", lines: +1 -1 - fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1 - fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98 - - Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag. - -2005-04-17 17:26 appro - - Changed: - crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55 - crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3 - fips/fips.c (1.1.2.11), "Exp", lines: +62 -8 - fips/fips.h (1.1.2.7), "Exp", lines: +2 -3 - fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3 - fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4 - fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1 - fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2 - - Resolve minor binary compatibility issues in fips. - -2005-04-17 18:22 appro - - Changed: - fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12 - fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1 - fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2 - fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1 - fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1 - fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3 - fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2 - fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1 - fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11 - fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1 - fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1 - fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2 - - Minor fips const-ification. - -2005-04-18 07:02 steve - - Changed: - crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0 - crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0 - crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0 - crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0 - crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0 - crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0 - - Pick up definition of FIPS_mode() in fips.h to avoid warnings. - -2005-04-18 10:34 steve - - Deleted: - fips/fingerprint.sha1 (1.1.2.14) - fips/fips_check_sha1 (1.1.2.8) - fips/fips_make_sha1 (1.1.2.7) - fips/aes/fingerprint.sha1 (1.1.2.7) - fips/des/fingerprint.sha1 (1.1.2.6) - fips/dh/fingerprint.sha1 (1.1.2.4) - fips/dsa/fingerprint.sha1 (1.1.2.7) - fips/rand/fingerprint.sha1 (1.1.2.10) - fips/rsa/fingerprint.sha1 (1.1.4.7) - fips/sha1/fingerprint.sha1 (1.1.2.12) - Changed: - fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4 - - Remove obsolete fingerprint.sha1 files and associated scripts. - Delete test in fips/sha1/Makefile: the top level test checks the - same files. - -2005-04-19 09:11 appro - - Deleted: - fips/fipshashes.sha1 (1.1.2.7) - fips/sha1/standalone.sha1 (1.1.2.15) - Changed: - fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0 - util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4 - - Maintain fingerprint hashes as C source. - -2005-04-19 09:17 appro - - Changed: - util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1 - - Complete the transition C-code hashes. - -2005-04-21 19:06 steve - - Changed: - apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2 - fips/fips.c (1.1.2.12), "Exp", lines: +0 -27 - fips/fips.h (1.1.2.8), "Exp", lines: +0 -2 - fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2 - - Remove defunct FIPS_allow_md5() and related functions. - -2005-04-22 06:15 appro - - Changed: - fips/fips.c (1.1.2.13), "Exp", lines: +3 -3 - fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3 - fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2 - - Move some variables to .bss. - diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure index 1a9a59f969f..f24d738febc 100644 --- a/lib/libssl/src/Configure +++ b/lib/libssl/src/Configure @@ -407,12 +407,12 @@ my %table=( #### IBM's AIX. "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", +"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE # at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) @@ -510,8 +510,9 @@ my %table=( ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", "darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:ppccpuid_osx64.o:osx_ppc64.o osx_ppc64-mont.o:::::sha1-ppc_osx64.o sha256-ppc_osx64.o sha512-ppc_osx64.o:::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", @@ -616,6 +617,7 @@ my $perl; my %disabled = ( # "what" => "comment" "camellia" => "default", + "capieng" => "default", "cms" => "default", "gmp" => "default", "mdc2" => "default", @@ -634,7 +636,7 @@ my %disabled = ( # "what" => "comment" # For symmetry, "disable-..." is a synonym for "no-...". # This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; +my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; my $no_sse2=0; diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ index 09f700cc3a1..1b14ffe9a46 100644 --- a/lib/libssl/src/FAQ +++ b/lib/libssl/src/FAQ @@ -32,6 +32,7 @@ OpenSSL - Frequently Asked Questions * How do I install a CA certificate into a browser? * Why is OpenSSL x509 DN output not conformant to RFC2253? * What is a "128 bit certificate"? Can I create one with OpenSSL? +* Why does OpenSSL set the authority key identifier extension incorrectly? * How can I set up a bundle of commercial root CA certificates? [BUILD] Questions about building and testing OpenSSL @@ -68,6 +69,7 @@ OpenSSL - Frequently Asked Questions * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? * I think I've detected a memory leak, is this a bug? * Why does Valgrind complain about the use of uninitialized data? +* Why doesn't a memory BIO work when a file does? =============================================================================== @@ -76,7 +78,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.8h was released on May 28th, 2008. +OpenSSL 0.9.8i was released on Sep 15th, 2008. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -403,10 +405,10 @@ You can't generally create such a certificate using OpenSSL but there is no need to any more. Nowadays web browsers using unrestricted strong encryption are generally available. -When there were tight export restrictions on the export of strong encryption +When there were tight restrictions on the export of strong encryption software from the US only weak encryption algorithms could be freely exported (initially 40 bit and then 56 bit). It was widely recognised that this was -inadequate. A relaxation the rules allowed the use of strong encryption but +inadequate. A relaxation of the rules allowed the use of strong encryption but only to an authorised server. Two slighly different techniques were developed to support this, one used by @@ -427,6 +429,25 @@ The export laws were later changed to allow almost unrestricted use of strong encryption so these certificates are now obsolete. +* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? + +It doesn't: this extension is often the cause of confusion. + +Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose +certificate C contains AKID. + +The purpose of this extension is to identify the authority certificate B. This +can be done either by including the subject key identifier of B or its issuer +name and serial number. + +In this latter case because it is identifying certifcate B it must contain the +issuer name and serial number of B. + +It is often wrongly assumed that it should contain the subject name of B. If it +did this would be redundant information because it would duplicate the issuer +name of C. + + * How can I set up a bundle of commercial root CA certificates? The OpenSSL software is shipped without any root CA certificate as the @@ -920,5 +941,25 @@ OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) to get rid of these warnings. -=============================================================================== +* Why doesn't a memory BIO work when a file does? +This can occur in several cases for example reading an S/MIME email message. +The reason is that a memory BIO can do one of two things when all the data +has been read from it. + +The default behaviour is to indicate that no more data is available and that +the call should be retried, this is to allow the application to fill up the BIO +again if necessary. + +Alternatively it can indicate that no more data is available and that EOF has +been reached. + +If a memory BIO is to behave in the same way as a file this second behaviour +is needed. This must be done by calling: + + BIO_set_mem_eof_return(bio, 0); + +See the manual pages for more details. + + +=============================================================================== diff --git a/lib/libssl/src/Makefile b/lib/libssl/src/Makefile index 5aec3a20990..43b1d9796aa 100644 --- a/lib/libssl/src/Makefile +++ b/lib/libssl/src/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8h +VERSION=0.9.8i MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 @@ -13,7 +13,7 @@ SHLIB_MAJOR=0 SHLIB_MINOR=9.8 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-camellia no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic +OPTIONS= no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT +DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT PEX_LIBS= EX_LIBS= EXE_EXT= diff --git a/lib/libssl/src/Makefile.shared b/lib/libssl/src/Makefile.shared index 97035a3c012..c6006f70bf5 100644 --- a/lib/libssl/src/Makefile.shared +++ b/lib/libssl/src/Makefile.shared @@ -491,23 +491,23 @@ link_app.hpux: link_o.aix: @ $(CALC_VERSIONS); \ - OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || :; \ + OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ $(LINK_SO_O); link_a.aix: @ $(CALC_VERSIONS); \ - OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || : ; \ + OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ $(LINK_SO_A_VIA_O) link_app.aix: LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \ diff --git a/lib/libssl/src/NEWS b/lib/libssl/src/NEWS index 40ded1aebf3..6488ffa122f 100644 --- a/lib/libssl/src/NEWS +++ b/lib/libssl/src/NEWS @@ -5,8 +5,16 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: + + o CryptoAPI ENGINE support. + o Various precautionary measures. + o Fix for bugs affecting certificate request creation. + o Support for local machine keyset attribute in PKCS#12 files. + Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: + o Backport of CMS functionality to 0.9.8. o Fixes for bugs introduced with 0.9.8f. Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: diff --git a/lib/libssl/src/README b/lib/libssl/src/README index df02ae076d7..a2d87d4a497 100644 --- a/lib/libssl/src/README +++ b/lib/libssl/src/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.8h + OpenSSL 0.9.8i Copyright (c) 1998-2008 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/lib/libssl/src/apps/Makefile b/lib/libssl/src/apps/Makefile index 92ae515b44b..7eade4e2741 100644 --- a/lib/libssl/src/apps/Makefile +++ b/lib/libssl/src/apps/Makefile @@ -239,20 +239,21 @@ ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h -ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c +ciphers.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +ciphers.o: ciphers.c cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -419,20 +420,21 @@ engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h engine.o: ../include/openssl/engine.h ../include/openssl/err.h -engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h -engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h -engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -engine.o: ../include/openssl/x509v3.h apps.h engine.c +engine.o: ../include/openssl/evp.h ../include/openssl/hmac.h +engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h +engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h +engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +engine.o: engine.c errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -440,20 +442,21 @@ errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h errstr.o: ../include/openssl/engine.h ../include/openssl/err.h -errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h -errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -errstr.o: ../include/openssl/x509v3.h apps.h errstr.c +errstr.o: ../include/openssl/evp.h ../include/openssl/hmac.h +errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +errstr.o: errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -531,20 +534,20 @@ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h -ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -552,20 +555,21 @@ openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h openssl.o: ../include/openssl/engine.h ../include/openssl/err.h -openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h -openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h +openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h @@ -720,20 +724,21 @@ s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h -s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_cb.o: s_apps.h s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -741,21 +746,21 @@ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_client.o: ../include/openssl/engine.h ../include/openssl/err.h -s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h -s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_client.o: s_apps.h s_client.c timeouts.h +s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -764,22 +769,23 @@ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_server.o: ../include/openssl/engine.h ../include/openssl/err.h -s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_server.o: ../include/openssl/stack.h ../include/openssl/store.h -s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h +s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h +s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_server.o: s_apps.h s_server.c timeouts.h s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -787,20 +793,20 @@ s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h -s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_socket.o: s_apps.h s_socket.c +s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -808,20 +814,21 @@ s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_time.o: ../include/openssl/engine.h ../include/openssl/err.h -s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c +s_time.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_time.o: s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -829,20 +836,21 @@ sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h -sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h -sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c +sess_id.o: ../include/openssl/evp.h ../include/openssl/hmac.h +sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h +sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +sess_id.o: sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/lib/libssl/src/apps/dsa.c b/lib/libssl/src/apps/dsa.c index 9e103037dd7..7518a2fe964 100644 --- a/lib/libssl/src/apps/dsa.c +++ b/lib/libssl/src/apps/dsa.c @@ -240,37 +240,27 @@ bad: goto end; } - in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) + if (out == NULL) { ERR_print_errors(bio_err); goto end; } - if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { - perror(infile); - goto end; - } - } - BIO_printf(bio_err,"read DSA key\n"); - if (informat == FORMAT_ASN1) { - if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL); - else dsa=d2i_DSAPrivateKey_bio(in,NULL); - } else if (informat == FORMAT_PEM) { - if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL); - else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin); - } else - { - BIO_printf(bio_err,"bad input format specified for key\n"); - goto end; - } + { + EVP_PKEY *pkey; + if (pubin) + pkey = load_pubkey(bio_err, infile, informat, 1, + passin, e, "Public Key"); + else + pkey = load_key(bio_err, infile, informat, 1, + passin, e, "Private Key"); + + if (pkey != NULL) + dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_free(pkey); + } if (dsa == NULL) { BIO_printf(bio_err,"unable to load Key\n"); diff --git a/lib/libssl/src/apps/openssl.c b/lib/libssl/src/apps/openssl.c index 47aee5b7126..ec25f990feb 100644 --- a/lib/libssl/src/apps/openssl.c +++ b/lib/libssl/src/apps/openssl.c @@ -273,9 +273,21 @@ int main(int Argc, char *Argv[]) i=NCONF_load(config,p,&errline); if (i == 0) { - NCONF_free(config); - config = NULL; - ERR_clear_error(); + if (ERR_GET_REASON(ERR_peek_last_error()) + == CONF_R_NO_SUCH_FILE) + { + BIO_printf(bio_err, + "WARNING: can't open config file: %s\n",p); + ERR_clear_error(); + NCONF_free(config); + config = NULL; + } + else + { + ERR_print_errors(bio_err); + NCONF_free(config); + exit(1); + } } prog=prog_init(); diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c index 7c71b1a88fb..268390ebe8d 100644 --- a/lib/libssl/src/apps/pkcs12.c +++ b/lib/libssl/src/apps/pkcs12.c @@ -100,6 +100,7 @@ int MAIN(int argc, char **argv) char **args; char *name = NULL; char *csp_name = NULL; + int add_lmk = 0; PKCS12 *p12 = NULL; char pass[50], macpass[50]; int export_cert = 0; @@ -224,7 +225,9 @@ int MAIN(int argc, char **argv) args++; name = *args; } else badarg = 1; - } else if (!strcmp (*args, "-CSP")) { + } else if (!strcmp (*args, "-LMK")) + add_lmk = 1; + else if (!strcmp (*args, "-CSP")) { if (args[1]) { args++; csp_name = *args; @@ -338,6 +341,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); + BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); + BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); goto end; } @@ -562,7 +567,9 @@ int MAIN(int argc, char **argv) if (csp_name && key) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, MBSTRING_ASC, (unsigned char *)csp_name, -1); - + + if (add_lmk && key) + EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index 3a52853c82f..78ac95c5126 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -321,7 +321,8 @@ int MAIN(int argc, char **argv) char *inrand=NULL; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; - ENGINE *e=NULL; + char *ssl_client_engine_id=NULL; + ENGINE *e=NULL, *ssl_client_engine=NULL; #endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; @@ -559,6 +560,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine_id = *(++argv); } + else if (strcmp(*argv,"-ssl_client_engine") == 0) + { + if (--argc < 1) goto bad; + ssl_client_engine_id = *(++argv); + } #endif else if (strcmp(*argv,"-rand") == 0) { @@ -596,6 +602,16 @@ bad: #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); + if (ssl_client_engine_id) + { + ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); + if (!ssl_client_engine) + { + BIO_printf(bio_err, + "Error getting client auth engine\n"); + goto end; + } + } #endif if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { @@ -663,6 +679,20 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE + if (ssl_client_engine) + { + if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) + { + BIO_puts(bio_err, "Error setting client auth engine\n"); + ERR_print_errors(bio_err); + ENGINE_free(ssl_client_engine); + goto end; + } + ENGINE_free(ssl_client_engine); + } +#endif + if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else diff --git a/lib/libssl/src/crypto/asn1/asn_mime.c b/lib/libssl/src/crypto/asn1/asn_mime.c index fe7c4ec7abe..bc80b20d632 100644 --- a/lib/libssl/src/crypto/asn1/asn_mime.c +++ b/lib/libssl/src/crypto/asn1/asn_mime.c @@ -526,6 +526,8 @@ int SMIME_text(BIO *in, BIO *out) sk_MIME_HEADER_pop_free(headers, mime_hdr_free); while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) BIO_write(out, iobuf, len); + if (len < 0) + return 0; return 1; } diff --git a/lib/libssl/src/crypto/asn1/t_x509.c b/lib/libssl/src/crypto/asn1/t_x509.c index 26d33617226..cb76c32c8d0 100644 --- a/lib/libssl/src/crypto/asn1/t_x509.c +++ b/lib/libssl/src/crypto/asn1/t_x509.c @@ -393,8 +393,9 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) d= (v[6]-'0')*10+(v[7]-'0'); h= (v[8]-'0')*10+(v[9]-'0'); m= (v[10]-'0')*10+(v[11]-'0'); - if ( (v[12] >= '0') && (v[12] <= '9') && - (v[13] >= '0') && (v[13] <= '9')) + if (i >= 14 && + (v[12] >= '0') && (v[12] <= '9') && + (v[13] >= '0') && (v[13] <= '9')) s= (v[12]-'0')*10+(v[13]-'0'); if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", @@ -428,8 +429,9 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) d= (v[4]-'0')*10+(v[5]-'0'); h= (v[6]-'0')*10+(v[7]-'0'); m= (v[8]-'0')*10+(v[9]-'0'); - if ( (v[10] >= '0') && (v[10] <= '9') && - (v[11] >= '0') && (v[11] <= '9')) + if (i >=12 && + (v[10] >= '0') && (v[10] <= '9') && + (v[11] >= '0') && (v[11] <= '9')) s= (v[10]-'0')*10+(v[11]-'0'); if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", @@ -501,4 +503,3 @@ err: OPENSSL_free(b); return(ret); } - diff --git a/lib/libssl/src/crypto/bio/bss_dgram.c b/lib/libssl/src/crypto/bio/bss_dgram.c index ea2c3fff63c..c3da6dc82fa 100644 --- a/lib/libssl/src/crypto/bio/bss_dgram.c +++ b/lib/libssl/src/crypto/bio/bss_dgram.c @@ -82,7 +82,7 @@ static int dgram_new(BIO *h); static int dgram_free(BIO *data); static int dgram_clear(BIO *bio); -int BIO_dgram_should_retry(int s); +static int BIO_dgram_should_retry(int s); static BIO_METHOD methods_dgramp= { @@ -345,30 +345,90 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) memcpy(&(data->peer), to, sizeof(struct sockaddr)); break; +#if defined(SO_RCVTIMEO) case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); ret = -1; } + } +#else if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, sizeof(struct timeval)) < 0) { perror("setsockopt"); ret = -1; } +#endif break; case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + int timeout, sz = sizeof(timeout); + struct timeval *tv = (struct timeval *)ptr; + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, &sz) < 0) + { perror("getsockopt"); ret = -1; } + else + { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } + } +#else if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, (void *)&ret) < 0) { perror("getsockopt"); ret = -1; } +#endif break; +#endif +#if defined(SO_SNDTIMEO) case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; + if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); ret = -1; } + } +#else if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, sizeof(struct timeval)) < 0) { perror("setsockopt"); ret = -1; } +#endif break; case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + int timeout, sz = sizeof(timeout); + struct timeval *tv = (struct timeval *)ptr; + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void*)&timeout, &sz) < 0) + { perror("getsockopt"); ret = -1; } + else + { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } + } +#else if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, (void *)&ret) < 0) { perror("getsockopt"); ret = -1; } +#endif break; +#endif case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: /* fall-through */ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: +#ifdef OPENSSL_SYS_WINDOWS + if ( data->_errno == WSAETIMEDOUT) +#else if ( data->_errno == EAGAIN) +#endif { ret = 1; data->_errno = 0; @@ -403,7 +463,7 @@ static int dgram_puts(BIO *bp, const char *str) return(ret); } -int BIO_dgram_should_retry(int i) +static int BIO_dgram_should_retry(int i) { int err; diff --git a/lib/libssl/src/crypto/bn/Makefile b/lib/libssl/src/crypto/bn/Makefile index e97c7513901..0491e3db4c4 100644 --- a/lib/libssl/src/crypto/bn/Makefile +++ b/lib/libssl/src/crypto/bn/Makefile @@ -116,6 +116,7 @@ linux_ppc64.s: asm/ppc.pl; $(PERL) $< $@ aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@ +osx_ppc64.s: asm/ppc.pl; $(PERL) $< $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/lib/libssl/src/crypto/bn/bn_div.c b/lib/libssl/src/crypto/bn/bn_div.c index 8655eb118e6..1e8e57626be 100644 --- a/lib/libssl/src/crypto/bn/bn_div.c +++ b/lib/libssl/src/crypto/bn/bn_div.c @@ -187,6 +187,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG d0,d1; int num_n,div_n; + /* Invalid zero-padding would have particularly bad consequences + * in the case of 'num', so don't just rely on bn_check_top() for this one + * (bn_check_top() works only for BN_DEBUG builds) */ + if (num->top > 0 && num->d[num->top - 1] == 0) + { + BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED); + return 0; + } + + bn_check_top(num); + if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { return BN_div_no_branch(dv, rm, num, divisor, ctx); @@ -194,7 +205,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, bn_check_top(dv); bn_check_top(rm); - bn_check_top(num); + /* bn_check_top(num); */ /* 'num' has been checked already */ bn_check_top(divisor); if (BN_is_zero(divisor)) @@ -419,7 +430,7 @@ static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, bn_check_top(dv); bn_check_top(rm); - bn_check_top(num); + /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */ bn_check_top(divisor); if (BN_is_zero(divisor)) diff --git a/lib/libssl/src/crypto/bn/bn_gf2m.c b/lib/libssl/src/crypto/bn/bn_gf2m.c index 6a793857e13..306f029f278 100644 --- a/lib/libssl/src/crypto/bn/bn_gf2m.c +++ b/lib/libssl/src/crypto/bn/bn_gf2m.c @@ -384,7 +384,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (zz == 0) break; d1 = BN_BITS2 - d0; - if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ + /* clear up the top d1 bits */ + if (d0) + z[dN] = (z[dN] << d1) >> d1; + else + z[dN] = 0; z[0] ^= zz; /* reduction t^0 component */ for (k = 1; p[k] != 0; k++) diff --git a/lib/libssl/src/crypto/bn/bn_nist.c b/lib/libssl/src/crypto/bn/bn_nist.c index e14232fdbb5..1fc94f55c32 100644 --- a/lib/libssl/src/crypto/bn/bn_nist.c +++ b/lib/libssl/src/crypto/bn/bn_nist.c @@ -59,6 +59,7 @@ #include "bn_lcl.h" #include "cryptlib.h" + #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 #define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 @@ -101,60 +102,98 @@ static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0x000001FF}; #endif + +static const BIGNUM _bignum_nist_p_192 = + { + (BN_ULONG *)_nist_p_192, + BN_NIST_192_TOP, + BN_NIST_192_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_224 = + { + (BN_ULONG *)_nist_p_224, + BN_NIST_224_TOP, + BN_NIST_224_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_256 = + { + (BN_ULONG *)_nist_p_256, + BN_NIST_256_TOP, + BN_NIST_256_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_384 = + { + (BN_ULONG *)_nist_p_384, + BN_NIST_384_TOP, + BN_NIST_384_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_521 = + { + (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, + BN_NIST_521_TOP, + 0, + BN_FLG_STATIC_DATA + }; + + const BIGNUM *BN_get0_nist_prime_192(void) { - static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, - BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_192; + return &_bignum_nist_p_192; } const BIGNUM *BN_get0_nist_prime_224(void) { - static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, - BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_224; + return &_bignum_nist_p_224; } const BIGNUM *BN_get0_nist_prime_256(void) { - static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, - BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_256; + return &_bignum_nist_p_256; } const BIGNUM *BN_get0_nist_prime_384(void) { - static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, - BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_384; + return &_bignum_nist_p_384; } const BIGNUM *BN_get0_nist_prime_521(void) { - static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, - BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_521; + return &_bignum_nist_p_521; } -#define BN_NIST_ADD_ONE(a) while (!(*(a)=(*(a)+1)&BN_MASK2)) ++(a); static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) - { + { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - for (i = (max) - (top); i != 0; i--) - *_tmp1++ = (BN_ULONG) 0; - } + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + + OPENSSL_assert(top <= max); + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + for (i = (max) - (top); i != 0; i--) + *_tmp1++ = (BN_ULONG) 0; + } static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) - { + { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - } + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + } #if BN_BITS2 == 64 #define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; @@ -199,6 +238,11 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, *res; size_t mask; + field = &_bignum_nist_p_192; /* just to make sure */ + + if (BN_is_negative(a) || a->top > 2*BN_NIST_192_TOP) + return BN_nnmod(r, field, a, ctx); + i = BN_ucmp(field, a); if (i == 0) { @@ -208,9 +252,6 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a) ? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_192_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_192_TOP)) @@ -245,6 +286,11 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, r->top = BN_NIST_192_TOP; bn_correct_top(r); + if (BN_ucmp(field, r) <= 0) + { + if (!BN_usub(r, r, field)) return 0; + } + return 1; } @@ -272,6 +318,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, *res; size_t mask; + field = &_bignum_nist_p_224; /* just to make sure */ + + if (BN_is_negative(a) || a->top > 2*BN_NIST_224_TOP) + return BN_nnmod(r, field, a, ctx); + i = BN_ucmp(field, a); if (i == 0) { @@ -281,9 +332,6 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_224_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_224_TOP)) @@ -333,6 +381,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, r->top = BN_NIST_224_TOP; bn_correct_top(r); + if (BN_ucmp(field, r) <= 0) + { + if (!BN_usub(r, r, field)) return 0; + } + return 1; #else /* BN_BITS!=32 */ return 0; @@ -364,6 +417,11 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, *res; size_t mask; + field = &_bignum_nist_p_256; /* just to make sure */ + + if (BN_is_negative(a) || a->top > 2*BN_NIST_256_TOP) + return BN_nnmod(r, field, a, ctx); + i = BN_ucmp(field, a); if (i == 0) { @@ -373,9 +431,6 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_256_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_256_TOP)) @@ -470,6 +525,11 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, r->top = BN_NIST_256_TOP; bn_correct_top(r); + if (BN_ucmp(field, r) <= 0) + { + if (!BN_usub(r, r, field)) return 0; + } + return 1; #else /* BN_BITS!=32 */ return 0; @@ -505,6 +565,11 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, *res; size_t mask; + field = &_bignum_nist_p_384; /* just to make sure */ + + if (BN_is_negative(a) || a->top > 2*BN_NIST_384_TOP) + return BN_nnmod(r, field, a, ctx); + i = BN_ucmp(field, a); if (i == 0) { @@ -514,9 +579,6 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_384_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_384_TOP)) @@ -631,6 +693,11 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, r->top = BN_NIST_384_TOP; bn_correct_top(r); + if (BN_ucmp(field, r) <= 0) + { + if (!BN_usub(r, r, field)) return 0; + } + return 1; #else /* BN_BITS!=32 */ return 0; @@ -646,14 +713,35 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF #endif int top, ret = 0; - BN_ULONG *r_d; BIGNUM *tmp; + field = &_bignum_nist_p_521; /* just to make sure */ + + if (BN_is_negative(a)) + return BN_nnmod(r, field, a, ctx); + /* check whether a reduction is necessary */ top = a->top; if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && - (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) - return (r == a)? 1 : (BN_copy(r ,a) != NULL); + (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) + { + int i = BN_ucmp(field, a); + if (i == 0) + { + BN_zero(r); + return 1; + } + else + { +#ifdef BN_DEBUG + OPENSSL_assert(i > 0); /* because 'field' is 1111...1111 */ +#endif + return (r == a)? 1 : (BN_copy(r ,a) != NULL); + } + } + + if (BN_num_bits(a) > 2*521) + return BN_nnmod(r, field, a, ctx); BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); @@ -673,15 +761,11 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (!BN_uadd(r, tmp, r)) goto err; - top = r->top; - r_d = r->d; - if (top == BN_NIST_521_TOP && - (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))) + + if (BN_ucmp(field, r) <= 0) { - BN_NIST_ADD_ONE(r_d) - r->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + if (!BN_usub(r, r, field)) goto err; } - bn_correct_top(r); ret = 1; err: diff --git a/lib/libssl/src/crypto/cms/cms_smime.c b/lib/libssl/src/crypto/cms/cms_smime.c index f79c504e913..b35d28d411a 100644 --- a/lib/libssl/src/crypto/cms/cms_smime.c +++ b/lib/libssl/src/crypto/cms/cms_smime.c @@ -89,11 +89,13 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) if (!BIO_get_cipher_status(in)) goto err; } + if (i < 0) + goto err; break; } - if (tmpout) - BIO_write(tmpout, buf, i); + if (tmpout && (BIO_write(tmpout, buf, i) != i)) + goto err; } if(flags & CMS_TEXT) diff --git a/lib/libssl/src/crypto/cryptlib.h b/lib/libssl/src/crypto/cryptlib.h index 5ceaa964b53..fc249c57f37 100644 --- a/lib/libssl/src/crypto/cryptlib.h +++ b/lib/libssl/src/crypto/cryptlib.h @@ -103,7 +103,6 @@ extern unsigned long OPENSSL_ia32cap_P; void OPENSSL_showfatal(const char *,...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; -int OPENSSL_isservice(void); #ifdef __cplusplus } diff --git a/lib/libssl/src/crypto/crypto.h b/lib/libssl/src/crypto/crypto.h index d2b5ffe3325..fe2c1d64034 100644 --- a/lib/libssl/src/crypto/crypto.h +++ b/lib/libssl/src/crypto/crypto.h @@ -521,6 +521,7 @@ void OpenSSLDie(const char *file,int line,const char *assertion); unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) +int OPENSSL_isservice(void); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/lib/libssl/src/crypto/dh/Makefile b/lib/libssl/src/crypto/dh/Makefile index d368e33b4ce..950cad9c5ba 100644 --- a/lib/libssl/src/crypto/dh/Makefile +++ b/lib/libssl/src/crypto/dh/Makefile @@ -123,11 +123,17 @@ dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c -dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dh_lib.o: ../cryptlib.h dh_lib.c diff --git a/lib/libssl/src/crypto/dsa/Makefile b/lib/libssl/src/crypto/dsa/Makefile index 676baf7d49c..5493f19e85c 100644 --- a/lib/libssl/src/crypto/dsa/Makefile +++ b/lib/libssl/src/crypto/dsa/Makefile @@ -126,11 +126,16 @@ dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/lib/libssl/src/crypto/ecdh/Makefile b/lib/libssl/src/crypto/ecdh/Makefile index 95aa69fea58..65d8904ee8a 100644 --- a/lib/libssl/src/crypto/ecdh/Makefile +++ b/lib/libssl/src/crypto/ecdh/Makefile @@ -84,20 +84,30 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h +ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ech_lib.o: ech_lib.c ech_locl.h ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/lib/libssl/src/crypto/ecdsa/Makefile b/lib/libssl/src/crypto/ecdsa/Makefile index 16a93cd3ae8..9b48d5641f0 100644 --- a/lib/libssl/src/crypto/ecdsa/Makefile +++ b/lib/libssl/src/crypto/ecdsa/Makefile @@ -92,14 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_err.o: ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecs_lib.o: ecs_lib.c ecs_locl.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -110,16 +114,26 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c diff --git a/lib/libssl/src/crypto/engine/Makefile b/lib/libssl/src/crypto/engine/Makefile index 13f211a0aef..47cc619b8ab 100644 --- a/lib/libssl/src/crypto/engine/Makefile +++ b/lib/libssl/src/crypto/engine/Makefile @@ -82,88 +82,142 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -eng_all.o: ../../e_os.h ../../include/openssl/bio.h -eng_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_all.o: ../cryptlib.h eng_all.c eng_int.h -eng_cnf.o: ../../e_os.h ../../include/openssl/bio.h -eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_all.o: ../../e_os.h ../../include/openssl/asn1.h +eng_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h +eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h +eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_cnf.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_cnf.c eng_int.h +eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cryptodev.o: ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h -eng_cryptodev.o: ../../include/openssl/ossl_typ.h -eng_cryptodev.o: ../../include/openssl/safestack.h +eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_cryptodev.o: eng_cryptodev.c -eng_ctrl.o: ../../e_os.h ../../include/openssl/bio.h -eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_ctrl.o: ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h +eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_ctrl.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_ctrl.c eng_int.h -eng_dyn.o: ../../e_os.h ../../include/openssl/bio.h -eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h +eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h +eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h +eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_dyn.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_dyn.c eng_int.h -eng_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h +eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h +eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_err.o: eng_err.c -eng_fat.o: ../../e_os.h ../../include/openssl/bio.h -eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h +eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_fat.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_fat.c eng_int.h -eng_init.o: ../../e_os.h ../../include/openssl/bio.h -eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_init.o: ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h +eng_init.o: ../../e_os.h ../../include/openssl/asn1.h +eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_init.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_init.c eng_int.h -eng_lib.o: ../../e_os.h ../../include/openssl/bio.h -eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_lib.c -eng_list.o: ../../e_os.h ../../include/openssl/bio.h -eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_list.o: ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h +eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h +eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c +eng_list.o: ../../e_os.h ../../include/openssl/asn1.h +eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_list.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_list.c +eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -183,106 +237,166 @@ eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h +eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_padlock.o: ../../include/openssl/opensslconf.h eng_padlock.o: ../../include/openssl/opensslv.h -eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_padlock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_padlock.o: ../../include/openssl/symhacks.h eng_padlock.c -eng_pkey.o: ../../e_os.h ../../include/openssl/bio.h -eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_pkey.o: ../../include/openssl/opensslconf.h +eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_padlock.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +eng_padlock.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_padlock.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_padlock.o: ../../include/openssl/x509_vfy.h eng_padlock.c +eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h +eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_pkey.c +eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c eng_table.o: ../../e_os.h ../../include/openssl/asn1.h eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_table.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_table.o: eng_table.c -tb_cipher.o: ../../e_os.h ../../include/openssl/bio.h -tb_cipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h +tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_cipher.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_cipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_cipher.o: tb_cipher.c -tb_dh.o: ../../e_os.h ../../include/openssl/bio.h +tb_dh.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_dh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h +tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c -tb_digest.o: ../../e_os.h ../../include/openssl/bio.h -tb_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_digest.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h +tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_digest.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h +tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_digest.o: tb_digest.c -tb_dsa.o: ../../e_os.h ../../include/openssl/bio.h +tb_dsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h +tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c -tb_ecdh.o: ../../e_os.h ../../include/openssl/bio.h -tb_ecdh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c -tb_ecdsa.o: ../../e_os.h ../../include/openssl/bio.h -tb_ecdsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h +tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h +tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_ecdsa.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_ecdsa.c -tb_rand.o: ../../e_os.h ../../include/openssl/bio.h -tb_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c -tb_rsa.o: ../../e_os.h ../../include/openssl/bio.h +tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c +tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h +tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c +tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h +tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c -tb_store.o: ../../e_os.h ../../include/openssl/bio.h -tb_store.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tb_store.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_store.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tb_store.o: ../../include/openssl/opensslconf.h +tb_store.o: ../../e_os.h ../../include/openssl/asn1.h +tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_store.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_store.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_store.c +tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_store.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_store.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_store.c diff --git a/lib/libssl/src/crypto/engine/eng_all.c b/lib/libssl/src/crypto/engine/eng_all.c index 8599046717a..d29cd57dc2f 100644 --- a/lib/libssl/src/crypto/engine/eng_all.c +++ b/lib/libssl/src/crypto/engine/eng_all.c @@ -107,6 +107,9 @@ void ENGINE_load_builtin_engines(void) #if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif +#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) + ENGINE_load_capi(); +#endif #endif } diff --git a/lib/libssl/src/crypto/engine/eng_cnf.c b/lib/libssl/src/crypto/engine/eng_cnf.c index a97e01e619f..8417ddaaef8 100644 --- a/lib/libssl/src/crypto/engine/eng_cnf.c +++ b/lib/libssl/src/crypto/engine/eng_cnf.c @@ -98,6 +98,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) CONF_VALUE *ecmd; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; + int soft = 0; + name = skip_dot(name); #ifdef ENGINE_CONF_DEBUG fprintf(stderr, "Configuring engine %s\n", name); @@ -125,6 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) /* Override engine name to use */ if (!strcmp(ctrlname, "engine_id")) name = ctrlvalue; + else if (!strcmp(ctrlname, "soft_load")) + soft = 1; /* Load a dynamic ENGINE */ else if (!strcmp(ctrlname, "dynamic_path")) { @@ -147,6 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) if (!e) { e = ENGINE_by_id(name); + if (!e && soft) + { + ERR_clear_error(); + return 1; + } if (!e) return 0; } diff --git a/lib/libssl/src/crypto/engine/eng_err.c b/lib/libssl/src/crypto/engine/eng_err.c index 369f2e22d3b..574ffbb5c01 100644 --- a/lib/libssl/src/crypto/engine/eng_err.c +++ b/lib/libssl/src/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -92,6 +92,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, +{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"}, {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, diff --git a/lib/libssl/src/crypto/engine/eng_int.h b/lib/libssl/src/crypto/engine/eng_int.h index a5b1edebf4b..a66f107a44d 100644 --- a/lib/libssl/src/crypto/engine/eng_int.h +++ b/lib/libssl/src/crypto/engine/eng_int.h @@ -170,6 +170,8 @@ struct engine_st ENGINE_LOAD_KEY_PTR load_privkey; ENGINE_LOAD_KEY_PTR load_pubkey; + ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; + const ENGINE_CMD_DEFN *cmd_defns; int flags; /* reference count on the structure itself */ diff --git a/lib/libssl/src/crypto/engine/eng_pkey.c b/lib/libssl/src/crypto/engine/eng_pkey.c index bc8b21abec5..1dfa2e36645 100644 --- a/lib/libssl/src/crypto/engine/eng_pkey.c +++ b/lib/libssl/src/crypto/engine/eng_pkey.c @@ -69,6 +69,13 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) return 1; } +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f) + { + e->load_ssl_client_cert = loadssl_f; + return 1; + } + ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) { return e->load_privkey; @@ -79,6 +86,11 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) return e->load_pubkey; } +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e) + { + return e->load_ssl_client_cert; + } + /* API functions to load public/private keys */ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, @@ -152,3 +164,33 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, } return pkey; } + +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data) + { + + if(e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if(e->funct_ref == 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, + ENGINE_R_NOT_INITIALISED); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if (!e->load_ssl_client_cert) + { + ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, + ENGINE_R_NO_LOAD_FUNCTION); + return 0; + } + return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, + ui_method, callback_data); + } diff --git a/lib/libssl/src/crypto/engine/engine.h b/lib/libssl/src/crypto/engine/engine.h index 3ec59338ffd..f503595eceb 100644 --- a/lib/libssl/src/crypto/engine/engine.h +++ b/lib/libssl/src/crypto/engine/engine.h @@ -93,6 +93,8 @@ #include <openssl/err.h> #endif +#include <openssl/x509.h> + #include <openssl/ossl_typ.h> #include <openssl/symhacks.h> @@ -278,6 +280,9 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void) /* Generic load_key function pointer */ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, UI_METHOD *ui_method, void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); /* These callback types are for an ENGINE's handler for cipher and digest logic. * These handlers have these prototypes; * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); @@ -334,6 +339,9 @@ void ENGINE_load_ubsec(void); void ENGINE_load_cryptodev(void); void ENGINE_load_padlock(void); void ENGINE_load_builtin_engines(void); +#ifndef OPENSSL_NO_CAPIENG +void ENGINE_load_capi(void); +#endif /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ @@ -459,6 +467,8 @@ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); @@ -494,6 +504,7 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); @@ -529,6 +540,10 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data); EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); /* This returns a pointer for the current ENGINE structure that * is (by default) performing any RSA operations. The value returned @@ -723,6 +738,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_LIST_REMOVE 121 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 #define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 diff --git a/lib/libssl/src/crypto/err/err.c b/lib/libssl/src/crypto/err/err.c index b6ff070e8f2..7952e70ab0e 100644 --- a/lib/libssl/src/crypto/err/err.c +++ b/lib/libssl/src/crypto/err/err.c @@ -149,6 +149,7 @@ static ERR_STRING_DATA ERR_str_libraries[]= {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, +{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, {ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, {0,NULL}, }; diff --git a/lib/libssl/src/crypto/err/err.h b/lib/libssl/src/crypto/err/err.h index bf28fce492e..8d9f0da172e 100644 --- a/lib/libssl/src/crypto/err/err.h +++ b/lib/libssl/src/crypto/err/err.h @@ -140,7 +140,8 @@ typedef struct err_state_st #define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDH 43 #define ERR_LIB_STORE 44 -#define ERR_LIB_CMS 45 +#define ERR_LIB_FIPS 45 +#define ERR_LIB_CMS 46 #define ERR_LIB_USER 128 @@ -172,6 +173,7 @@ typedef struct err_state_st #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) +#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in diff --git a/lib/libssl/src/crypto/evp/Makefile b/lib/libssl/src/crypto/evp/Makefile index 8f2555c7e58..9de56dc03d7 100644 --- a/lib/libssl/src/crypto/evp/Makefile +++ b/lib/libssl/src/crypto/evp/Makefile @@ -135,13 +135,17 @@ bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h +c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_all.o: ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -170,13 +174,17 @@ c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h c_alld.o: ../cryptlib.h c_alld.c digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../cryptlib.h digest.c +digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h +digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +digest.o: ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -312,13 +320,17 @@ evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h -evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h +evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h diff --git a/lib/libssl/src/crypto/evp/evp.h b/lib/libssl/src/crypto/evp/evp.h index c19d764c15d..1aa2d6fb35b 100644 --- a/lib/libssl/src/crypto/evp/evp.h +++ b/lib/libssl/src/crypto/evp/evp.h @@ -303,6 +303,8 @@ struct env_md_ctx_st * cleaned */ #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest + * in FIPS mode */ struct evp_cipher_st { diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c index a1904993bf7..6e582c458de 100644 --- a/lib/libssl/src/crypto/evp/evp_enc.c +++ b/lib/libssl/src/crypto/evp/evp_enc.c @@ -279,7 +279,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int i,j,bl; - OPENSSL_assert(inl > 0); + if (inl <= 0) + { + *outl = 0; + return inl == 0; + } + if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) @@ -381,10 +386,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, int fix_len; unsigned int b; - if (inl == 0) + if (inl <= 0) { - *outl=0; - return 1; + *outl = 0; + return inl == 0; } if (ctx->flags & EVP_CIPH_NO_PADDING) diff --git a/lib/libssl/src/crypto/hmac/hmac.c b/lib/libssl/src/crypto/hmac/hmac.c index c45e0014927..1d140f7adb4 100644 --- a/lib/libssl/src/crypto/hmac/hmac.c +++ b/lib/libssl/src/crypto/hmac/hmac.c @@ -171,3 +171,10 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, return(md); } +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { + EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } + diff --git a/lib/libssl/src/crypto/hmac/hmac.h b/lib/libssl/src/crypto/hmac/hmac.h index 719fc408ace..fc38ffb52b3 100644 --- a/lib/libssl/src/crypto/hmac/hmac.h +++ b/lib/libssl/src/crypto/hmac/hmac.h @@ -100,6 +100,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); #ifdef __cplusplus } diff --git a/lib/libssl/src/crypto/md32_common.h b/lib/libssl/src/crypto/md32_common.h index 089c4502905..61bcd9786f8 100644 --- a/lib/libssl/src/crypto/md32_common.h +++ b/lib/libssl/src/crypto/md32_common.h @@ -301,7 +301,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) { p=(unsigned char *)c->data; - if ((n+len) >= HASH_CBLOCK) + if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK) { memcpy (p+n,data,HASH_CBLOCK-n); HASH_BLOCK_DATA_ORDER (c,p,1); diff --git a/lib/libssl/src/crypto/objects/obj_mac.num b/lib/libssl/src/crypto/objects/obj_mac.num index 47815b1e4e8..53c9cb0d6ae 100644 --- a/lib/libssl/src/crypto/objects/obj_mac.num +++ b/lib/libssl/src/crypto/objects/obj_mac.num @@ -788,3 +788,69 @@ id_ct_asciiTextWithCRLF 787 id_aes128_wrap 788 id_aes192_wrap 789 id_aes256_wrap 790 +ecdsa_with_Recommended 791 +ecdsa_with_Specified 792 +ecdsa_with_SHA224 793 +ecdsa_with_SHA256 794 +ecdsa_with_SHA384 795 +ecdsa_with_SHA512 796 +hmacWithMD5 797 +hmacWithSHA224 798 +hmacWithSHA256 799 +hmacWithSHA384 800 +hmacWithSHA512 801 +dsa_with_SHA224 802 +dsa_with_SHA256 803 +whirlpool 804 +cryptopro 805 +cryptocom 806 +id_GostR3411_94_with_GostR3410_2001 807 +id_GostR3411_94_with_GostR3410_94 808 +id_GostR3411_94 809 +id_HMACGostR3411_94 810 +id_GostR3410_2001 811 +id_GostR3410_94 812 +id_Gost28147_89 813 +gost89_cnt 814 +id_Gost28147_89_MAC 815 +id_GostR3411_94_prf 816 +id_GostR3410_2001DH 817 +id_GostR3410_94DH 818 +id_Gost28147_89_CryptoPro_KeyMeshing 819 +id_Gost28147_89_None_KeyMeshing 820 +id_GostR3411_94_TestParamSet 821 +id_GostR3411_94_CryptoProParamSet 822 +id_Gost28147_89_TestParamSet 823 +id_Gost28147_89_CryptoPro_A_ParamSet 824 +id_Gost28147_89_CryptoPro_B_ParamSet 825 +id_Gost28147_89_CryptoPro_C_ParamSet 826 +id_Gost28147_89_CryptoPro_D_ParamSet 827 +id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +id_GostR3410_94_TestParamSet 831 +id_GostR3410_94_CryptoPro_A_ParamSet 832 +id_GostR3410_94_CryptoPro_B_ParamSet 833 +id_GostR3410_94_CryptoPro_C_ParamSet 834 +id_GostR3410_94_CryptoPro_D_ParamSet 835 +id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +id_GostR3410_2001_TestParamSet 839 +id_GostR3410_2001_CryptoPro_A_ParamSet 840 +id_GostR3410_2001_CryptoPro_B_ParamSet 841 +id_GostR3410_2001_CryptoPro_C_ParamSet 842 +id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +id_GostR3410_94_a 845 +id_GostR3410_94_aBis 846 +id_GostR3410_94_b 847 +id_GostR3410_94_bBis 848 +id_Gost28147_89_cc 849 +id_GostR3410_94_cc 850 +id_GostR3410_2001_cc 851 +id_GostR3411_94_with_GostR3410_94_cc 852 +id_GostR3411_94_with_GostR3410_2001_cc 853 +id_GostR3410_2001_ParamSet_cc 854 +hmac 855 +LocalKeySet 856 diff --git a/lib/libssl/src/crypto/objects/objects.txt b/lib/libssl/src/crypto/objects/objects.txt index 34c8d1d6473..e009702e553 100644 --- a/lib/libssl/src/crypto/objects/objects.txt +++ b/lib/libssl/src/crypto/objects/objects.txt @@ -79,6 +79,12 @@ X9-62_primeCurve 7 : prime256v1 !Alias id-ecSigType ansi-X9-62 4 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 +X9-62_id-ecSigType 2 : ecdsa-with-Recommended +X9-62_id-ecSigType 3 : ecdsa-with-Specified +ecdsa-with-Specified 1 : ecdsa-with-SHA224 +ecdsa-with-Specified 2 : ecdsa-with-SHA256 +ecdsa-with-Specified 3 : ecdsa-with-SHA384 +ecdsa-with-Specified 4 : ecdsa-with-SHA512 # SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" # (http://www.secg.org/) @@ -313,6 +319,7 @@ pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID !Cname ms-csp-name 1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name +1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set !Alias certTypes pkcs9 22 certTypes 1 : : x509Certificate certTypes 2 : : sdsiCertificate @@ -348,7 +355,15 @@ rsadsi 2 2 : MD2 : md2 rsadsi 2 4 : MD4 : md4 rsadsi 2 5 : MD5 : md5 : MD5-SHA1 : md5-sha1 +rsadsi 2 6 : : hmacWithMD5 rsadsi 2 7 : : hmacWithSHA1 + +# From RFC4231 +rsadsi 2 8 : : hmacWithSHA224 +rsadsi 2 9 : : hmacWithSHA256 +rsadsi 2 10 : : hmacWithSHA384 +rsadsi 2 11 : : hmacWithSHA512 + rsadsi 3 2 : RC2-CBC : rc2-cbc : RC2-ECB : rc2-ecb !Cname rc2-cfb64 @@ -833,6 +848,11 @@ nist_hashalgs 2 : SHA384 : sha384 nist_hashalgs 3 : SHA512 : sha512 nist_hashalgs 4 : SHA224 : sha224 +# OIDs for dsa-with-sha224 and dsa-with-sha256 +!Alias dsa_with_sha2 nistAlgorithms 3 +dsa_with_sha2 1 : dsa_with_SHA224 +dsa_with_sha2 2 : dsa_with_SHA256 + # Hold instruction CRL entry extension !Cname hold-instruction-code id-ce 23 : holdInstructionCode : Hold Instruction Code @@ -1070,13 +1090,93 @@ rsadsi 1 1 6 : rsaOAEPEncryptionSET : Oakley-EC2N-3 : ipsec3 : Oakley-EC2N-4 : ipsec4 +iso 0 10118 3 0 55 : whirlpool + +# GOST OIDs + +member-body 643 2 2 : cryptopro +member-body 643 2 9 : cryptocom + +cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001 +cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94 +!Cname id-GostR3411-94 +cryptopro 9 : md_gost94 : GOST R 34.11-94 +cryptopro 10 : id-HMACGostR3411-94 : HMAC GOST 34.11-94 +!Cname id-GostR3410-2001 +cryptopro 19 : gost2001 : GOST R 34.10-2001 +!Cname id-GostR3410-94 +cryptopro 20 : gost94 : GOST R 34.10-94 +!Cname id-Gost28147-89 +cryptopro 21 : gost89 : GOST 28147-89 + : gost89-cnt +!Cname id-Gost28147-89-MAC +cryptopro 22 : gost-mac : GOST 28147-89 MAC +!Cname id-GostR3411-94-prf +cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF +cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH +cryptopro 99 : id-GostR3410-94DH : GOST R 34.10-94 DH + +cryptopro 14 1 : id-Gost28147-89-CryptoPro-KeyMeshing +cryptopro 14 0 : id-Gost28147-89-None-KeyMeshing + +# GOST parameter set OIDs + +cryptopro 30 0 : id-GostR3411-94-TestParamSet +cryptopro 30 1 : id-GostR3411-94-CryptoProParamSet + +cryptopro 31 0 : id-Gost28147-89-TestParamSet +cryptopro 31 1 : id-Gost28147-89-CryptoPro-A-ParamSet +cryptopro 31 2 : id-Gost28147-89-CryptoPro-B-ParamSet +cryptopro 31 3 : id-Gost28147-89-CryptoPro-C-ParamSet +cryptopro 31 4 : id-Gost28147-89-CryptoPro-D-ParamSet +cryptopro 31 5 : id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet +cryptopro 31 6 : id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet +cryptopro 31 7 : id-Gost28147-89-CryptoPro-RIC-1-ParamSet + +cryptopro 32 0 : id-GostR3410-94-TestParamSet +cryptopro 32 2 : id-GostR3410-94-CryptoPro-A-ParamSet +cryptopro 32 3 : id-GostR3410-94-CryptoPro-B-ParamSet +cryptopro 32 4 : id-GostR3410-94-CryptoPro-C-ParamSet +cryptopro 32 5 : id-GostR3410-94-CryptoPro-D-ParamSet + +cryptopro 33 1 : id-GostR3410-94-CryptoPro-XchA-ParamSet +cryptopro 33 2 : id-GostR3410-94-CryptoPro-XchB-ParamSet +cryptopro 33 3 : id-GostR3410-94-CryptoPro-XchC-ParamSet + +cryptopro 35 0 : id-GostR3410-2001-TestParamSet +cryptopro 35 1 : id-GostR3410-2001-CryptoPro-A-ParamSet +cryptopro 35 2 : id-GostR3410-2001-CryptoPro-B-ParamSet +cryptopro 35 3 : id-GostR3410-2001-CryptoPro-C-ParamSet + +cryptopro 36 0 : id-GostR3410-2001-CryptoPro-XchA-ParamSet +cryptopro 36 1 : id-GostR3410-2001-CryptoPro-XchB-ParamSet + +id-GostR3410-94 1 : id-GostR3410-94-a +id-GostR3410-94 2 : id-GostR3410-94-aBis +id-GostR3410-94 3 : id-GostR3410-94-b +id-GostR3410-94 4 : id-GostR3410-94-bBis + +# Cryptocom LTD GOST OIDs + +cryptocom 1 6 1 : id-Gost28147-89-cc : GOST 28147-89 Cryptocom ParamSet +!Cname id-GostR3410-94-cc +cryptocom 1 5 3 : gost94cc : GOST 34.10-94 Cryptocom +!Cname id-GostR3410-2001-cc +cryptocom 1 5 4 : gost2001cc : GOST 34.10-2001 Cryptocom + +cryptocom 1 3 3 : id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom +cryptocom 1 3 4 : id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom + +cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom # Definitions for Camellia cipher - CBC MODE + 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc 1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc 1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc # Definitions for Camellia cipher - ECB, CFB, OFB MODE + !Alias ntt-ds 0 3 4401 5 !Alias camellia ntt-ds 3 1 9 @@ -1107,7 +1207,6 @@ camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb : CAMELLIA-192-CFB8 : camellia-192-cfb8 : CAMELLIA-256-CFB8 : camellia-256-cfb8 - # Definitions for SEED cipher - ECB, CBC, OFB mode member-body 410 200004 : KISA : kisa @@ -1117,3 +1216,7 @@ kisa 1 4 : SEED-CBC : seed-cbc kisa 1 5 : SEED-CFB : seed-cfb !Cname seed-ofb128 kisa 1 6 : SEED-OFB : seed-ofb + +# There is no OID that just denotes "HMAC" oddly enough... + + : HMAC : hmac diff --git a/lib/libssl/src/crypto/opensslv.h b/lib/libssl/src/crypto/opensslv.h index b308894f183..5bdd370ac91 100644 --- a/lib/libssl/src/crypto/opensslv.h +++ b/lib/libssl/src/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090808fL +#define OPENSSL_VERSION_NUMBER 0x0090809fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h-fips 28 May 2008" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i-fips 15 Sep 2008" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h 28 May 2008" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i 15 Sep 2008" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libssl/src/crypto/ossl_typ.h b/lib/libssl/src/crypto/ossl_typ.h index 345fb1dc4d6..734200428f6 100644 --- a/lib/libssl/src/crypto/ossl_typ.h +++ b/lib/libssl/src/crypto/ossl_typ.h @@ -140,6 +140,8 @@ typedef struct X509_crl_st X509_CRL; typedef struct X509_name_st X509_NAME; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; typedef struct v3_ext_ctx X509V3_CTX; typedef struct conf_st CONF; diff --git a/lib/libssl/src/crypto/pkcs12/p12_crt.c b/lib/libssl/src/crypto/pkcs12/p12_crt.c index dbafda17b68..9748256b6fe 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_crt.c +++ b/lib/libssl/src/crypto/pkcs12/p12_crt.c @@ -63,6 +63,19 @@ static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); +static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) + { + int idx; + X509_ATTRIBUTE *attr; + idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); + if (idx < 0) + return 1; + attr = EVP_PKEY_get_attr(pkey, idx); + if (!X509at_add1_attr(&bag->attrib, attr)) + return 0; + return 1; + } + PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype) @@ -122,20 +135,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, if (pkey) { - int cspidx; bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); if (!bag) goto err; - cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1); - if (cspidx >= 0) - { - X509_ATTRIBUTE *cspattr; - cspattr = EVP_PKEY_get_attr(pkey, cspidx); - if (!X509at_add1_attr(&bag->attrib, cspattr)) - goto err; - } + if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) + goto err; + if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) + goto err; if(name && !PKCS12_add_friendlyname(bag, name, -1)) goto err; diff --git a/lib/libssl/src/crypto/rand/Makefile b/lib/libssl/src/crypto/rand/Makefile index 3c1ab5bbaef..27694aa6649 100644 --- a/lib/libssl/src/crypto/rand/Makefile +++ b/lib/libssl/src/crypto/rand/Makefile @@ -97,14 +97,19 @@ rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c -rand_lib.o: ../../e_os.h ../../include/openssl/bio.h -rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -rand_lib.o: ../../include/openssl/opensslconf.h +rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h +rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rand_lib.o: ../cryptlib.h rand_lib.c rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h diff --git a/lib/libssl/src/crypto/rsa/Makefile b/lib/libssl/src/crypto/rsa/Makefile index 13900812acd..8f1c611800c 100644 --- a/lib/libssl/src/crypto/rsa/Makefile +++ b/lib/libssl/src/crypto/rsa/Makefile @@ -133,12 +133,17 @@ rsa_gen.o: ../cryptlib.h rsa_gen.c rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/lib/libssl/src/crypto/rsa/rsa.h b/lib/libssl/src/crypto/rsa/rsa.h index 6b5e4f8a9a0..3699afaaaf9 100644 --- a/lib/libssl/src/crypto/rsa/rsa.h +++ b/lib/libssl/src/crypto/rsa/rsa.h @@ -281,6 +281,7 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset); int RSA_print(BIO *bp, const RSA *r,int offset); #endif +#ifndef OPENSSL_NO_RC4 int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); @@ -294,6 +295,7 @@ int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)(char *buf, int len, const char *prompt, int verify)); +#endif /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c index 272c5eed18c..5a6eda79617 100644 --- a/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/lib/libssl/src/crypto/rsa/rsa_eay.c @@ -150,16 +150,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } -/* Usage example; - * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - */ -#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \ - if ((pre_cond) && ((method_mod) == NULL) && \ - !BN_MONT_CTX_set_locked(&(method_mod), \ - CRYPTO_LOCK_RSA, \ - (m), (ctx))) \ - err_instr - static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -233,7 +223,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -460,7 +452,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, else d= rsa->d; - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -581,7 +575,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, else d = rsa->d; - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -691,7 +687,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -769,11 +767,18 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) q = rsa->q; } - MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) + { + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) + goto err; + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) + goto err; + } } - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) diff --git a/lib/libssl/src/crypto/rsa/rsa_ssl.c b/lib/libssl/src/crypto/rsa/rsa_ssl.c index ea72629494c..cfeff15bc9c 100644 --- a/lib/libssl/src/crypto/rsa/rsa_ssl.c +++ b/lib/libssl/src/crypto/rsa/rsa_ssl.c @@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); return(-1); } - for (k= -8; k<0; k++) + for (k = -9; k<-1; k++) { if (p[k] != 0x03) break; } diff --git a/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/lib/libssl/src/crypto/sha/asm/sha1-586.pl index 0b4dab2bd53..a787dd37da4 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-586.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-586.pl @@ -149,7 +149,7 @@ sub BODY_40_59 &add($f,$e); # f+=ROTATE(a,5) } -&function_begin("sha1_block_data_order",16); +&function_begin("sha1_block_data_order"); &mov($tmp1,&wparam(0)); # SHA_CTX *c &mov($T,&wparam(1)); # const void *input &mov($A,&wparam(2)); # size_t num diff --git a/lib/libssl/src/crypto/stack/safestack.h b/lib/libssl/src/crypto/stack/safestack.h index 78cc485e6d1..40b17902e07 100644 --- a/lib/libssl/src/crypto/stack/safestack.h +++ b/lib/libssl/src/crypto/stack/safestack.h @@ -986,6 +986,50 @@ STACK_OF(type) \ #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) +#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) +#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) +#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) +#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) +#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) +#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) +#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) +#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) +#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) +#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) +#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) +#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) +#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) +#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) + +#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) +#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) +#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) +#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) +#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) +#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) +#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) +#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) +#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) +#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) +#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) +#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) +#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) +#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) + #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) diff --git a/lib/libssl/src/crypto/x509/x509_att.c b/lib/libssl/src/crypto/x509/x509_att.c index 511b49d5898..98460e89215 100644 --- a/lib/libssl/src/crypto/x509/x509_att.c +++ b/lib/libssl/src/crypto/x509/x509_att.c @@ -245,7 +245,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, goto err; if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) goto err; - + if ((attr != NULL) && (*attr == NULL)) *attr=ret; return(ret); err: @@ -302,8 +302,15 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat atype = attrtype; } if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; + attr->single = 0; + /* This is a bit naughty because the attribute should really have + * at least one value but some types use and zero length SET and + * require this. + */ + if (attrtype == 0) + return 1; if(!(ttmp = ASN1_TYPE_new())) goto err; - if (len == -1) + if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { if (!ASN1_TYPE_set1(ttmp, attrtype, data)) goto err; @@ -311,7 +318,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat else ASN1_TYPE_set(ttmp, atype, stmp); if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; - attr->single = 0; return 1; err: X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c index 9a62ebcf679..336c40ddd7e 100644 --- a/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/lib/libssl/src/crypto/x509/x509_vfy.c @@ -394,7 +394,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) #ifdef OPENSSL_NO_CHAIN_VERIFY return 1; #else - int i, ok=0, must_be_ca; + int i, ok=0, must_be_ca, plen = 0; X509 *x; int (*cb)(int xok,X509_STORE_CTX *xctx); int proxy_path_length = 0; @@ -495,9 +495,10 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (!ok) goto end; } } - /* Check pathlen */ - if ((i > 1) && (x->ex_pathlen != -1) - && (i > (x->ex_pathlen + proxy_path_length + 1))) + /* Check pathlen if not self issued */ + if ((i > 1) && !(x->ex_flags & EXFLAG_SI) + && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length + 1))) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; @@ -505,6 +506,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ok=cb(0,ctx); if (!ok) goto end; } + /* Increment path length if not self issued */ + if (!(x->ex_flags & EXFLAG_SI)) + plen++; /* If this certificate is a proxy certificate, the next certificate must be another proxy certificate or a EE certificate. If not, the next certificate must be a diff --git a/lib/libssl/src/crypto/x509v3/pcy_data.c b/lib/libssl/src/crypto/x509v3/pcy_data.c index 614d2b49355..4711b1ee927 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_data.c +++ b/lib/libssl/src/crypto/x509v3/pcy_data.c @@ -87,6 +87,12 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) X509_POLICY_DATA *ret; if (!policy && !id) return NULL; + if (id) + { + id = OBJ_dup(id); + if (!id) + return NULL; + } ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); if (!ret) return NULL; @@ -94,6 +100,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) if (!ret->expected_policy_set) { OPENSSL_free(ret); + if (id) + ASN1_OBJECT_free(id); return NULL; } diff --git a/lib/libssl/src/crypto/x509v3/pcy_tree.c b/lib/libssl/src/crypto/x509v3/pcy_tree.c index 4fda1d419af..b1ce77b9afc 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/lib/libssl/src/crypto/x509v3/pcy_tree.c @@ -130,9 +130,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, ret = 2; if (explicit_policy > 0) { - explicit_policy--; - if (!(x->ex_flags & EXFLAG_SS) - && (cache->explicit_skip != -1) + if (!(x->ex_flags & EXFLAG_SI)) + explicit_policy--; + if ((cache->explicit_skip != -1) && (cache->explicit_skip < explicit_policy)) explicit_policy = cache->explicit_skip; } @@ -197,13 +197,14 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* Any matching allowed if certificate is self * issued and not the last in the chain. */ - if (!(x->ex_flags & EXFLAG_SS) || (i == 0)) + if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) level->flags |= X509_V_FLAG_INHIBIT_ANY; } else { - any_skip--; - if ((cache->any_skip > 0) + if (!(x->ex_flags & EXFLAG_SI)) + any_skip--; + if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) any_skip = cache->any_skip; } @@ -213,7 +214,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, else { map_skip--; - if ((cache->map_skip > 0) + if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) map_skip = cache->map_skip; } @@ -310,7 +311,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, if (data == NULL) return 0; - data->qualifier_set = curr->anyPolicy->data->qualifier_set; + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; if (!level_add_node(curr, data, node, tree)) { diff --git a/lib/libssl/src/crypto/x509v3/v3_addr.c b/lib/libssl/src/crypto/x509v3/v3_addr.c index ed9847b3071..c6730ab3fd2 100644 --- a/lib/libssl/src/crypto/x509v3/v3_addr.c +++ b/lib/libssl/src/crypto/x509v3/v3_addr.c @@ -594,10 +594,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, return NULL; switch (afi) { case IANA_AFI_IPV4: - sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); break; case IANA_AFI_IPV6: - sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); break; } f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; @@ -854,7 +854,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, if (!make_addressRange(&merged, a_min, b_max, length)) return 0; sk_IPAddressOrRange_set(aors, i, merged); - sk_IPAddressOrRange_delete(aors, i + 1); + (void)sk_IPAddressOrRange_delete(aors, i + 1); IPAddressOrRange_free(a); IPAddressOrRange_free(b); --i; @@ -1122,7 +1122,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 1; if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) return 0; - sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); int j = sk_IPAddressFamily_find(b, fa); @@ -1183,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } if (!v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); - sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); ret = 0; @@ -1209,7 +1209,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } continue; } - sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); for (j = 0; j < sk_IPAddressFamily_num(child); j++) { IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); diff --git a/lib/libssl/src/crypto/x509v3/v3_asid.c b/lib/libssl/src/crypto/x509v3/v3_asid.c index 271930f9670..abd497ed1fd 100644 --- a/lib/libssl/src/crypto/x509v3/v3_asid.c +++ b/lib/libssl/src/crypto/x509v3/v3_asid.c @@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) break; } ASIdOrRange_free(b); - sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); + (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); i--; continue; } diff --git a/lib/libssl/src/crypto/x509v3/v3_purp.c b/lib/libssl/src/crypto/x509v3/v3_purp.c index b2f5cdfa05f..c54e7887c70 100644 --- a/lib/libssl/src/crypto/x509v3/v3_purp.c +++ b/lib/libssl/src/crypto/x509v3/v3_purp.c @@ -291,7 +291,9 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ #endif - NID_proxyCertInfo /* 661 */ + NID_policy_constraints, /* 401 */ + NID_proxyCertInfo, /* 661 */ + NID_inhibit_any_policy /* 748 */ }; int ex_nid; @@ -325,7 +327,7 @@ static void x509v3_cache_extensions(X509 *x) #endif /* Does subject name match issuer ? */ if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) - x->ex_flags |= EXFLAG_SS; + x->ex_flags |= EXFLAG_SI; /* V1 should mean no extensions ... */ if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; /* Handle basic constraints */ diff --git a/lib/libssl/src/crypto/x509v3/x509v3.h b/lib/libssl/src/crypto/x509v3/x509v3.h index db2b0482c15..5ba59f71c94 100644 --- a/lib/libssl/src/crypto/x509v3/x509v3.h +++ b/lib/libssl/src/crypto/x509v3/x509v3.h @@ -363,6 +363,8 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) #define EXFLAG_NSCERT 0x8 #define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +#define EXFLAG_SI 0x20 #define EXFLAG_SS 0x20 #define EXFLAG_V1 0x40 #define EXFLAG_INVALID 0x80 @@ -370,7 +372,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) #define EXFLAG_CRITICAL 0x200 #define EXFLAG_PROXY 0x400 -#define EXFLAG_INVALID_POLICY 0x400 +#define EXFLAG_INVALID_POLICY 0x800 #define KU_DIGITAL_SIGNATURE 0x0080 #define KU_NON_REPUDIATION 0x0040 diff --git a/lib/libssl/src/doc/ssl/SSL_read.pod b/lib/libssl/src/doc/ssl/SSL_read.pod index f6c37f77e49..7038cd2d752 100644 --- a/lib/libssl/src/doc/ssl/SSL_read.pod +++ b/lib/libssl/src/doc/ssl/SSL_read.pod @@ -64,6 +64,11 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +L<SSL_pending(3)|SSL_pending(3)> can be used to find out whether there +are buffered bytes available for immediate retrieval. In this case +SSL_read() can be called without blocking or actually receiving new +data from the underlying socket. + =head1 WARNING When an SSL_read() operation has to be repeated because of @@ -112,6 +117,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>, L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, +L<SSL_pending(3)|SSL_pending(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> diff --git a/lib/libssl/src/engines/Makefile b/lib/libssl/src/engines/Makefile index 88f8390d0ed..dbf1bd72514 100644 --- a/lib/libssl/src/engines/Makefile +++ b/lib/libssl/src/engines/Makefile @@ -20,7 +20,7 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi LIBSRC= e_4758cca.c \ e_aep.c \ @@ -30,7 +30,8 @@ LIBSRC= e_4758cca.c \ e_chil.c \ e_nuron.c \ e_sureware.c \ - e_ubsec.c + e_ubsec.c \ + e_capi.c LIBOBJ= e_4758cca.o \ e_aep.o \ e_atalla.o \ @@ -39,7 +40,8 @@ LIBOBJ= e_4758cca.o \ e_chil.o \ e_nuron.o \ e_sureware.o \ - e_ubsec.o + e_ubsec.o \ + e_capi.o SRC= $(LIBSRC) @@ -52,7 +54,8 @@ HEADER= e_4758cca_err.c e_4758cca_err.h \ e_chil_err.c e_chil_err.h \ e_nuron_err.c e_nuron_err.h \ e_sureware_err.c e_sureware_err.h \ - e_ubsec_err.c e_ubsec_err.h + e_ubsec_err.c e_ubsec_err.h \ + e_capi_err.c e_capi_err.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -157,24 +160,47 @@ e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_aep.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_aep.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h +e_aep.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_aep.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_aep.o: ../include/openssl/symhacks.h e_aep.c e_aep_err.c e_aep_err.h +e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_aep.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_aep.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_aep.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_aep.o: ../include/openssl/x509_vfy.h e_aep.c e_aep_err.c e_aep_err.h e_aep.o: vendor_defns/aep.h e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_atalla.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h +e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c +e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_atalla.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_atalla.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_atalla.o: ../include/openssl/x509_vfy.h e_atalla.c e_atalla_err.c e_atalla.o: e_atalla_err.h vendor_defns/atalla.h +e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_capi.o: ../include/openssl/x509_vfy.h e_capi.c e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -196,28 +222,46 @@ e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_cswift.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h +e_cswift.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_cswift.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h -e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_cswift.c +e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h +e_cswift.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_cswift.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_cswift.c e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h -e_gmp.o: ../include/openssl/buffer.h ../include/openssl/crypto.h -e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_gmp.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_gmp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c +e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_gmp.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_nuron.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h +e_nuron.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_nuron.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_nuron.o: ../include/openssl/symhacks.h e_nuron.c e_nuron_err.c e_nuron_err.h +e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_nuron.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_nuron.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_nuron.o: ../include/openssl/x509_vfy.h e_nuron.c e_nuron_err.c e_nuron_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -240,10 +284,15 @@ e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_ubsec.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h +e_ubsec.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_ubsec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_ubsec.o: ../include/openssl/symhacks.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h +e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +e_ubsec.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_ubsec.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_ubsec.o: ../include/openssl/x509_vfy.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h e_ubsec.o: vendor_defns/hw_ubsec.h diff --git a/lib/libssl/src/engines/e_capi.c b/lib/libssl/src/engines/e_capi.c new file mode 100644 index 00000000000..e98946c85a0 --- /dev/null +++ b/lib/libssl/src/engines/e_capi.c @@ -0,0 +1,1781 @@ +/* engines/e_capi.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#include <stdio.h> +#include <string.h> +#include <openssl/crypto.h> +#include <openssl/buffer.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> + +#ifdef OPENSSL_SYS_WIN32 +#ifndef OPENSSL_NO_CAPIENG + + +#include <windows.h> + +#ifndef _WIN32_WINNT +#define _WIN32_WINNT 0x0400 +#endif + +#include <wincrypt.h> + +#undef X509_EXTENSIONS +#undef X509_CERT_PAIR + +/* Definitions which may be missing from earlier version of headers */ +#ifndef CERT_STORE_OPEN_EXISTING_FLAG +#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 +#endif + +#ifndef CERT_STORE_CREATE_NEW_FLAG +#define CERT_STORE_CREATE_NEW_FLAG 0x00002000 +#endif + +#include <openssl/engine.h> +#include <openssl/pem.h> +#include <openssl/x509v3.h> + +#include "e_capi_err.h" +#include "e_capi_err.c" + + +static const char *engine_capi_id = "capi"; +static const char *engine_capi_name = "CryptoAPI ENGINE"; + +typedef struct CAPI_CTX_st CAPI_CTX; +typedef struct CAPI_KEY_st CAPI_KEY; + +static void capi_addlasterror(void); +static void capi_adderror(DWORD err); + +static void CAPI_trace(CAPI_CTX *ctx, char *format, ...); + +static int capi_list_providers(CAPI_CTX *ctx, BIO *out); +static int capi_list_containers(CAPI_CTX *ctx, BIO *out); +int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename); +void capi_free_key(CAPI_KEY *key); + +static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore); + +CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id); + +static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +static int capi_rsa_priv_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int capi_rsa_priv_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int capi_rsa_free(RSA *rsa); + +static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, + DSA *dsa); +static int capi_dsa_free(DSA *dsa); + +static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); + +static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); +#ifdef OPENSSL_CAPIENG_DIALOG +static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); +#endif + +typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR, + LPCWSTR, DWORD, DWORD, + void *); +typedef HWND (WINAPI *GETCONSWIN)(void); + +/* This structure contains CAPI ENGINE specific data: + * it contains various global options and affects how + * other functions behave. + */ + +#define CAPI_DBG_TRACE 2 +#define CAPI_DBG_ERROR 1 + +struct CAPI_CTX_st { + int debug_level; + char *debug_file; + /* Parameters to use for container lookup */ + DWORD keytype; + LPTSTR cspname; + DWORD csptype; + /* Certificate store name to use */ + LPTSTR storename; + LPTSTR ssl_client_store; + /* System store flags */ + DWORD store_flags; + +/* Lookup string meanings in load_private_key */ +/* Substring of subject: uses "storename" */ +#define CAPI_LU_SUBSTR 0 +/* Friendly name: uses storename */ +#define CAPI_LU_FNAME 1 +/* Container name: uses cspname, keytype */ +#define CAPI_LU_CONTNAME 2 + int lookup_method; +/* Info to dump with dumpcerts option */ +/* Issuer and serial name strings */ +#define CAPI_DMP_SUMMARY 0x1 +/* Friendly name */ +#define CAPI_DMP_FNAME 0x2 +/* Full X509_print dump */ +#define CAPI_DMP_FULL 0x4 +/* Dump PEM format certificate */ +#define CAPI_DMP_PEM 0x8 +/* Dump pseudo key (if possible) */ +#define CAPI_DMP_PSKEY 0x10 +/* Dump key info (if possible) */ +#define CAPI_DMP_PKEYINFO 0x20 + + DWORD dump_flags; + int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); + + CERTDLG certselectdlg; + GETCONSWIN getconswindow; +}; + + +static CAPI_CTX *capi_ctx_new(); +static void capi_ctx_free(CAPI_CTX *ctx); +static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check); +static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx); + +#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE +#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1) +#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2) +#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3) +#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4) +#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5) +#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6) +#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7) +#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8) +#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9) +#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10) +#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11) +#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12) +#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13) + +static const ENGINE_CMD_DEFN capi_cmd_defns[] = { + {CAPI_CMD_LIST_CERTS, + "list_certs", + "List all certificates in store", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_LOOKUP_CERT, + "lookup_cert", + "Lookup and output certificates", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_DEBUG_LEVEL, + "debug_level", + "debug level (1=errors, 2=trace)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_DEBUG_FILE, + "debug_file", + "debugging filename)", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_KEYTYPE, + "key_type", + "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LIST_CSPS, + "list_csps", + "List all CSPs", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_SET_CSP_IDX, + "csp_idx", + "Set CSP by index", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_SET_CSP_NAME, + "csp_name", + "Set CSP name, (default CSP used if not specified)", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_SET_CSP_TYPE, + "csp_type", + "Set CSP type, (default RSA_PROV_FULL)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LIST_CONTAINERS, + "list_containers", + "list container names", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_LIST_OPTIONS, + "list_options", + "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, " + "32=private key info)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LOOKUP_METHOD, + "lookup_method", + "Set key lookup method (1=substring, 2=friendlyname, 3=container name)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_STORE_NAME, + "store_name", + "certificate store name, default \"MY\"", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_STORE_FLAGS, + "store_flags", + "Certificate store flags: 1 = system store", + ENGINE_CMD_FLAG_NUMERIC}, + + {0, NULL, NULL, 0} + }; + +static int capi_idx = -1; +static int rsa_capi_idx = -1; +static int dsa_capi_idx = -1; +static int cert_capi_idx = -1; + +static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) + { + int ret = 1; + CAPI_CTX *ctx; + BIO *out; + if (capi_idx == -1) + { + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED); + return 0; + } + ctx = ENGINE_get_ex_data(e, capi_idx); + out = BIO_new_fp(stdout, BIO_NOCLOSE); + switch (cmd) + { + case CAPI_CMD_LIST_CSPS: + ret = capi_list_providers(ctx, out); + break; + + case CAPI_CMD_LIST_CERTS: + ret = capi_list_certs(ctx, out, NULL); + break; + + case CAPI_CMD_LOOKUP_CERT: + ret = capi_list_certs(ctx, out, p); + break; + + case CAPI_CMD_LIST_CONTAINERS: + ret = capi_list_containers(ctx, out); + break; + + case CAPI_CMD_STORE_NAME: + if (ctx->storename) + OPENSSL_free(ctx->storename); + ctx->storename = BUF_strdup(p); + CAPI_trace(ctx, "Setting store name to %s\n", p); + break; + + case CAPI_CMD_STORE_FLAGS: + if (i & 1) + { + ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE; + ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER; + } + else + { + ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER; + ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE; + } + CAPI_trace(ctx, "Setting flags to %d\n", i); + break; + + case CAPI_CMD_DEBUG_LEVEL: + ctx->debug_level = (int)i; + CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level); + break; + + case CAPI_CMD_DEBUG_FILE: + ctx->debug_file = BUF_strdup(p); + CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file); + break; + + case CAPI_CMD_KEYTYPE: + ctx->keytype = i; + CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype); + break; + + case CAPI_CMD_SET_CSP_IDX: + ret = capi_ctx_set_provname_idx(ctx, i); + break; + + case CAPI_CMD_LIST_OPTIONS: + ctx->dump_flags = i; + break; + + case CAPI_CMD_LOOKUP_METHOD: + if (i < 1 || i > 3) + { + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD); + return 0; + } + ctx->lookup_method = i; + break; + + case CAPI_CMD_SET_CSP_NAME: + ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1); + break; + + case CAPI_CMD_SET_CSP_TYPE: + ctx->csptype = i; + break; + + default: + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND); + ret = 0; + } + + BIO_free(out); + return ret; + + } + +static RSA_METHOD capi_rsa_method = + { + "CryptoAPI RSA method", + 0, /* pub_enc */ + 0, /* pub_dec */ + capi_rsa_priv_enc, /* priv_enc */ + capi_rsa_priv_dec, /* priv_dec */ + 0, /* rsa_mod_exp */ + 0, /* bn_mod_exp */ + 0, /* init */ + capi_rsa_free, /* finish */ + RSA_FLAG_SIGN_VER, /* flags */ + NULL, /* app_data */ + capi_rsa_sign, /* rsa_sign */ + 0 /* rsa_verify */ + }; + +static DSA_METHOD capi_dsa_method = + { + "CryptoAPI DSA method", + capi_dsa_do_sign, /* dsa_do_sign */ + 0, /* dsa_sign_setup */ + 0, /* dsa_do_verify */ + 0, /* dsa_mod_exp */ + 0, /* bn_mod_exp */ + 0, /* init */ + capi_dsa_free, /* finish */ + 0, /* flags */ + NULL, /* app_data */ + 0, /* dsa_paramgen */ + 0 /* dsa_keygen */ + }; + +static int capi_init(ENGINE *e) + { + CAPI_CTX *ctx; + const RSA_METHOD *ossl_rsa_meth; + const DSA_METHOD *ossl_dsa_meth; + capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); + cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0); + + ctx = capi_ctx_new(); + if (!ctx || (capi_idx < 0)) + goto memerr; + + ENGINE_set_ex_data(e, capi_idx, ctx); + /* Setup RSA_METHOD */ + rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); + ossl_rsa_meth = RSA_PKCS1_SSLeay(); + capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc; + capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec; + capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp; + capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp; + + /* Setup DSA Method */ + dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0); + ossl_dsa_meth = DSA_OpenSSL(); + capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify; + capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp; + capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp; + +#ifdef OPENSSL_CAPIENG_DIALOG + { + HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL")); + HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + if (cryptui) + ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore"); + if (kernel) + ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow"); + if (cryptui && !OPENSSL_isservice()) + ctx->client_cert_select = cert_select_dialog; + } +#endif + + + return 1; + + memerr: + CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE); + return 0; + + return 1; + } + +static int capi_destroy(ENGINE *e) + { + ERR_unload_CAPI_strings(); + return 1; + } + +static int capi_finish(ENGINE *e) + { + CAPI_CTX *ctx; + ctx = ENGINE_get_ex_data(e, capi_idx); + capi_ctx_free(ctx); + ENGINE_set_ex_data(e, capi_idx, NULL); + return 1; + } + + +/* CryptoAPI key application data. This contains + * a handle to the private key container (for sign operations) + * and a handle to the key (for decrypt operations). + */ + +struct CAPI_KEY_st + { + /* Associated certificate context (if any) */ + PCCERT_CONTEXT pcert; + HCRYPTPROV hprov; + HCRYPTKEY key; + DWORD keyspec; + }; + +static int bind_capi(ENGINE *e) + { + if (!ENGINE_set_id(e, engine_capi_id) + || !ENGINE_set_name(e, engine_capi_name) + || !ENGINE_set_init_function(e, capi_init) + || !ENGINE_set_finish_function(e, capi_finish) + || !ENGINE_set_destroy_function(e, capi_destroy) + || !ENGINE_set_RSA(e, &capi_rsa_method) + || !ENGINE_set_DSA(e, &capi_dsa_method) + || !ENGINE_set_load_privkey_function(e, capi_load_privkey) + || !ENGINE_set_load_ssl_client_cert_function(e, + capi_load_ssl_client_cert) + || !ENGINE_set_cmd_defns(e, capi_cmd_defns) + || !ENGINE_set_ctrl_function(e, capi_ctrl)) + return 0; + ERR_load_CAPI_strings(); + + return 1; + + } + +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +static int bind_helper(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_capi_id) != 0)) + return 0; + if(!bind_capi(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +#else +static ENGINE *engine_capi(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_capi(ret)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +void ENGINE_load_capi(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_capi(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } +#endif + + +static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen) + { + int i; + /* Reverse buffer in place: since this is a keyblob structure + * that will be freed up after conversion anyway it doesn't + * matter if we change it. + */ + for(i = 0; i < binlen / 2; i++) + { + unsigned char c; + c = bin[i]; + bin[i] = bin[binlen - i - 1]; + bin[binlen - i - 1] = c; + } + + if (!BN_bin2bn(bin, binlen, bn)) + return 0; + return 1; + } + +/* Given a CAPI_KEY get an EVP_PKEY structure */ + +static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key) + { + unsigned char *pubkey = NULL; + DWORD len; + BLOBHEADER *bh; + RSA *rkey = NULL; + DSA *dkey = NULL; + EVP_PKEY *ret = NULL; + if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) + { + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR); + capi_addlasterror(); + return NULL; + } + + pubkey = OPENSSL_malloc(len); + + if (!pubkey) + goto memerr; + + if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) + { + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR); + capi_addlasterror(); + goto err; + } + + bh = (BLOBHEADER *)pubkey; + if (bh->bType != PUBLICKEYBLOB) + { + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB); + goto err; + } + if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) + { + RSAPUBKEY *rp; + DWORD rsa_modlen; + unsigned char *rsa_modulus; + rp = (RSAPUBKEY *)(bh + 1); + if (rp->magic != 0x31415352) + { + char magstr[10]; + BIO_snprintf(magstr, 10, "%lx", rp->magic); + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); + ERR_add_error_data(2, "magic=0x", magstr); + goto err; + } + rsa_modulus = (unsigned char *)(rp + 1); + rkey = RSA_new_method(eng); + if (!rkey) + goto memerr; + + rkey->e = BN_new(); + rkey->n = BN_new(); + + if (!rkey->e || !rkey->n) + goto memerr; + + if (!BN_set_word(rkey->e, rp->pubexp)) + goto memerr; + + rsa_modlen = rp->bitlen / 8; + if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen)) + goto memerr; + + RSA_set_ex_data(rkey, rsa_capi_idx, key); + + if (!(ret = EVP_PKEY_new())) + goto memerr; + + EVP_PKEY_assign_RSA(ret, rkey); + rkey = NULL; + + } + else if (bh->aiKeyAlg == CALG_DSS_SIGN) + { + DSSPUBKEY *dp; + DWORD dsa_plen; + unsigned char *btmp; + dp = (DSSPUBKEY *)(bh + 1); + if (dp->magic != 0x31535344) + { + char magstr[10]; + BIO_snprintf(magstr, 10, "%lx", dp->magic); + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); + ERR_add_error_data(2, "magic=0x", magstr); + goto err; + } + dsa_plen = dp->bitlen / 8; + btmp = (unsigned char *)(dp + 1); + dkey = DSA_new_method(eng); + if (!dkey) + goto memerr; + dkey->p = BN_new(); + dkey->q = BN_new(); + dkey->g = BN_new(); + dkey->pub_key = BN_new(); + if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key) + goto memerr; + if (!lend_tobn(dkey->p, btmp, dsa_plen)) + goto memerr; + btmp += dsa_plen; + if (!lend_tobn(dkey->q, btmp, 20)) + goto memerr; + btmp += 20; + if (!lend_tobn(dkey->g, btmp, dsa_plen)) + goto memerr; + btmp += dsa_plen; + if (!lend_tobn(dkey->pub_key, btmp, dsa_plen)) + goto memerr; + btmp += dsa_plen; + + DSA_set_ex_data(dkey, dsa_capi_idx, key); + + if (!(ret = EVP_PKEY_new())) + goto memerr; + + EVP_PKEY_assign_DSA(ret, dkey); + dkey = NULL; + } + else + { + char algstr[10]; + BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg); + CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM); + ERR_add_error_data(2, "aiKeyAlg=0x", algstr); + goto err; + } + + + err: + if (pubkey) + OPENSSL_free(pubkey); + if (!ret) + { + if (rkey) + RSA_free(rkey); + if (dkey) + DSA_free(dkey); + } + + return ret; + +memerr: + CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE); + goto err; + + } + +static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id, + UI_METHOD *ui_method, void *callback_data) + { + CAPI_CTX *ctx; + CAPI_KEY *key; + EVP_PKEY *ret; + ctx = ENGINE_get_ex_data(eng, capi_idx); + + if (!ctx) + { + CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT); + return NULL; + } + + key = capi_find_key(ctx, key_id); + + if (!key) + return NULL; + + ret = capi_get_pkey(eng, key); + + if (!ret) + capi_free_key(key); + return ret; + + } + +/* CryptoAPI RSA operations */ + +int capi_rsa_priv_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED); + return -1; + } + +int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + { + ALG_ID alg; + HCRYPTHASH hash; + DWORD slen; + unsigned int i; + int ret = -1; + CAPI_KEY *capi_key; + CAPI_CTX *ctx; + + ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); + + CAPI_trace(ctx, "Called CAPI_rsa_sign()\n"); + + capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); + if (!capi_key) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY); + return -1; + } +/* Convert the signature type to a CryptoAPI algorithm ID */ + switch(dtype) + { + case NID_sha1: + alg = CALG_SHA1; + break; + + case NID_md5: + alg = CALG_MD5; + break; + + case NID_md5_sha1: + alg = CALG_SSL3_SHAMD5; + break; + default: + { + char algstr[10]; + BIO_snprintf(algstr, 10, "%lx", dtype); + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID); + ERR_add_error_data(2, "NID=0x", algstr); + return -1; + } + } + + + +/* Create the hash object */ + if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); + capi_addlasterror(); + return -1; + } +/* Set the hash value to the value passed */ + + if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE); + capi_addlasterror(); + goto err; + } + + +/* Finally sign it */ + slen = RSA_size(rsa); + if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) + { + CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH); + capi_addlasterror(); + goto err; + } + else + { + ret = 1; + /* Inplace byte reversal of signature */ + for(i = 0; i < slen / 2; i++) + { + unsigned char c; + c = sigret[i]; + sigret[i] = sigret[slen - i - 1]; + sigret[slen - i - 1] = c; + } + *siglen = slen; + } + + /* Now cleanup */ + +err: + CryptDestroyHash(hash); + + return ret; + } + +int capi_rsa_priv_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + int i; + unsigned char *tmpbuf; + CAPI_KEY *capi_key; + CAPI_CTX *ctx; + ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); + + CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n"); + + + capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); + if (!capi_key) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY); + return -1; + } + + if(padding != RSA_PKCS1_PADDING) + { + char errstr[10]; + BIO_snprintf(errstr, 10, "%d", padding); + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); + ERR_add_error_data(2, "padding=", errstr); + return -1; + } + + /* Create temp reverse order version of input */ + if(!(tmpbuf = OPENSSL_malloc(flen)) ) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE); + return -1; + } + for(i = 0; i < flen; i++) + tmpbuf[flen - i - 1] = from[i]; + + /* Finally decrypt it */ + if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) + { + CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR); + capi_addlasterror(); + OPENSSL_free(tmpbuf); + return -1; + } + else memcpy(to, tmpbuf, flen); + + OPENSSL_free(tmpbuf); + + return flen; + } + +static int capi_rsa_free(RSA *rsa) + { + CAPI_KEY *capi_key; + capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); + capi_free_key(capi_key); + RSA_set_ex_data(rsa, rsa_capi_idx, 0); + return 1; + } + +/* CryptoAPI DSA operations */ + +static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, + DSA *dsa) + { + HCRYPTHASH hash; + DWORD slen; + DSA_SIG *ret = NULL; + CAPI_KEY *capi_key; + CAPI_CTX *ctx; + unsigned char csigbuf[40]; + + ctx = ENGINE_get_ex_data(dsa->engine, capi_idx); + + CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n"); + + capi_key = DSA_get_ex_data(dsa, dsa_capi_idx); + + if (!capi_key) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY); + return NULL; + } + + if (dlen != 20) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH); + return NULL; + } + + /* Create the hash object */ + if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash)) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); + capi_addlasterror(); + return NULL; + } + + /* Set the hash value to the value passed */ + if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0)) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE); + capi_addlasterror(); + goto err; + } + + + /* Finally sign it */ + slen = sizeof(csigbuf); + if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) + { + CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH); + capi_addlasterror(); + goto err; + } + else + { + ret = DSA_SIG_new(); + if (!ret) + goto err; + ret->r = BN_new(); + ret->s = BN_new(); + if (!ret->r || !ret->s) + goto err; + if (!lend_tobn(ret->r, csigbuf, 20) + || !lend_tobn(ret->s, csigbuf + 20, 20)) + { + DSA_SIG_free(ret); + ret = NULL; + goto err; + } + } + + /* Now cleanup */ + +err: + OPENSSL_cleanse(csigbuf, 40); + CryptDestroyHash(hash); + return ret; + } + +static int capi_dsa_free(DSA *dsa) + { + CAPI_KEY *capi_key; + capi_key = DSA_get_ex_data(dsa, dsa_capi_idx); + capi_free_key(capi_key); + DSA_set_ex_data(dsa, dsa_capi_idx, 0); + return 1; + } + +static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr) + { + BIO *out; + + if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file)) + return; + out = BIO_new_file(ctx->debug_file, "a+"); + BIO_vprintf(out, format, argptr); + BIO_free(out); + } + +static void CAPI_trace(CAPI_CTX *ctx, char *format, ...) + { + va_list args; + va_start(args, format); + capi_vtrace(ctx, CAPI_DBG_TRACE, format, args); + va_end(args); + } + +static void capi_addlasterror(void) + { + capi_adderror(GetLastError()); + } + +static void capi_adderror(DWORD err) + { + char errstr[10]; + BIO_snprintf(errstr, 10, "%lX", err); + ERR_add_error_data(2, "Error code= 0x", errstr); + } + +static char *wide_to_asc(LPWSTR wstr) + { + char *str; + if (!wstr) + return NULL; + str = OPENSSL_malloc(wcslen(wstr) + 1); + if (!str) + { + CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE); + return NULL; + } + sprintf(str, "%S", wstr); + return str; + } + +static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx) + { + LPSTR name; + DWORD len, err; + CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx); + if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len)) + { + err = GetLastError(); + if (err == ERROR_NO_MORE_ITEMS) + return 2; + CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR); + capi_adderror(err); + return 0; + } + name = OPENSSL_malloc(len); + if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) + { + err = GetLastError(); + if (err == ERROR_NO_MORE_ITEMS) + return 2; + CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR); + capi_adderror(err); + return 0; + } + *pname = name; + CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype); + + return 1; + } + +static int capi_list_providers(CAPI_CTX *ctx, BIO *out) + { + DWORD idx, ptype; + int ret; + LPTSTR provname = NULL; + CAPI_trace(ctx, "capi_list_providers\n"); + BIO_printf(out, "Available CSPs:\n"); + for(idx = 0; ; idx++) + { + ret = capi_get_provname(ctx, &provname, &ptype, idx); + if (ret == 2) + break; + if (ret == 0) + break; + BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype); + OPENSSL_free(provname); + } + return 1; + } + +static int capi_list_containers(CAPI_CTX *ctx, BIO *out) + { + int ret = 1; + HCRYPTPROV hprov; + DWORD err, idx, flags, buflen = 0, clen; + LPSTR cname; + CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype); + if (!CryptAcquireContext(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) + { + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + capi_addlasterror(); + return 0; + } + if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST)) + { + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR); + capi_addlasterror(); + return 0; + } + CAPI_trace(ctx, "Got max container len %d\n", buflen); + if (buflen == 0) + buflen = 1024; + cname = OPENSSL_malloc(buflen); + if (!cname) + { + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE); + goto err; + } + + for (idx = 0;;idx++) + { + clen = buflen; + cname[0] = 0; + + if (idx == 0) + flags = CRYPT_FIRST; + else + flags = 0; + if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags)) + { + err = GetLastError(); + if (err == ERROR_NO_MORE_ITEMS) + goto done; + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR); + capi_adderror(err); + goto err; + } + CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags); + if (!cname[0] && (clen == buflen)) + { + CAPI_trace(ctx, "Enumerate bug: using workaround\n"); + goto done; + } + BIO_printf(out, "%d. %s\n", idx, cname); + } + err: + + ret = 0; + + done: + if (cname) + OPENSSL_free(cname); + CryptReleaseContext(hprov, 0); + + return ret; + } + +CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert) + { + DWORD len; + CRYPT_KEY_PROV_INFO *pinfo; + + if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len)) + return NULL; + pinfo = OPENSSL_malloc(len); + if (!pinfo) + { + CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE); + return NULL; + } + if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) + { + CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO); + capi_addlasterror(); + OPENSSL_free(pinfo); + return NULL; + } + return pinfo; + } + +static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo) + { + char *provname = NULL, *contname = NULL; + if (!pinfo) + { + BIO_printf(out, " No Private Key\n"); + return; + } + provname = wide_to_asc(pinfo->pwszProvName); + contname = wide_to_asc(pinfo->pwszContainerName); + if (!provname || !contname) + goto err; + + BIO_printf(out, " Private Key Info:\n"); + BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname, pinfo->dwProvType); + BIO_printf(out, " Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec); + err: + if (provname) + OPENSSL_free(provname); + if (contname) + OPENSSL_free(contname); + } + +char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert) + { + LPWSTR wfname; + DWORD dlen; + + CAPI_trace(ctx, "capi_cert_get_fname\n"); + if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen)) + return NULL; + wfname = OPENSSL_malloc(dlen); + if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen)) + { + char *fname = wide_to_asc(wfname); + OPENSSL_free(wfname); + return fname; + } + CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME); + capi_addlasterror(); + + OPENSSL_free(wfname); + return NULL; + } + + +void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert) + { + X509 *x; + unsigned char *p; + unsigned long flags = ctx->dump_flags; + if (flags & CAPI_DMP_FNAME) + { + char *fname; + fname = capi_cert_get_fname(ctx, cert); + if (fname) + { + BIO_printf(out, " Friendly Name \"%s\"\n", fname); + OPENSSL_free(fname); + } + else + BIO_printf(out, " <No Friendly Name>\n"); + } + + p = cert->pbCertEncoded; + x = d2i_X509(NULL, &p, cert->cbCertEncoded); + if (!x) + BIO_printf(out, " <Can't parse certificate>\n"); + if (flags & CAPI_DMP_SUMMARY) + { + BIO_printf(out, " Subject: "); + X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); + BIO_printf(out, "\n Issuer: "); + X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE); + BIO_printf(out, "\n"); + } + if (flags & CAPI_DMP_FULL) + X509_print_ex(out, x, XN_FLAG_ONELINE,0); + + if (flags & CAPI_DMP_PKEYINFO) + { + CRYPT_KEY_PROV_INFO *pinfo; + pinfo = capi_get_prov_info(ctx, cert); + capi_dump_prov_info(ctx, out, pinfo); + if (pinfo) + OPENSSL_free(pinfo); + } + + if (flags & CAPI_DMP_PEM) + PEM_write_bio_X509(out, x); + X509_free(x); + } + +HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename) + { + HCERTSTORE hstore; + + if (!storename) + storename = ctx->storename; + if (!storename) + storename = "MY"; + CAPI_trace(ctx, "Opening certificate store %s\n", storename); + + hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0, + ctx->store_flags, storename); + if (!hstore) + { + CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE); + capi_addlasterror(); + } + return hstore; + } + +int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id) + { + char *storename; + int idx; + int ret = 1; + HCERTSTORE hstore; + PCCERT_CONTEXT cert = NULL; + + storename = ctx->storename; + if (!storename) + storename = "MY"; + CAPI_trace(ctx, "Listing certs for store %s\n", storename); + + hstore = capi_open_store(ctx, storename); + if (!hstore) + return 0; + if (id) + { + cert = capi_find_cert(ctx, id, hstore); + if (!cert) + { + ret = 0; + goto err; + } + capi_dump_cert(ctx, out, cert); + CertFreeCertificateContext(cert); + } + else + { + for(idx = 0;;idx++) + { + LPWSTR fname = NULL; + cert = CertEnumCertificatesInStore(hstore, cert); + if (!cert) + break; + BIO_printf(out, "Certificate %d\n", idx); + capi_dump_cert(ctx, out, cert); + } + } + err: + CertCloseStore(hstore, 0); + return ret; + } + +static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore) + { + PCCERT_CONTEXT cert = NULL; + char *fname = NULL; + int match; + switch(ctx->lookup_method) + { + case CAPI_LU_SUBSTR: + return CertFindCertificateInStore(hstore, + X509_ASN_ENCODING, 0, + CERT_FIND_SUBJECT_STR_A, id, NULL); + case CAPI_LU_FNAME: + for(;;) + { + cert = CertEnumCertificatesInStore(hstore, cert); + if (!cert) + return NULL; + fname = capi_cert_get_fname(ctx, cert); + if (fname) + { + if (strcmp(fname, id)) + match = 0; + else + match = 1; + OPENSSL_free(fname); + if (match) + return cert; + } + } + default: + return NULL; + } + } + +static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec) + { + CAPI_KEY *key; + key = OPENSSL_malloc(sizeof(CAPI_KEY)); + CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", + contname, provname, ptype); + if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0)) + { + CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + capi_addlasterror(); + goto err; + } + if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) + { + CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR); + capi_addlasterror(); + CryptReleaseContext(key->hprov, 0); + goto err; + } + key->keyspec = keyspec; + key->pcert = NULL; + return key; + + err: + OPENSSL_free(key); + return NULL; + } + +static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert) + { + CAPI_KEY *key = NULL; + CRYPT_KEY_PROV_INFO *pinfo = NULL; + char *provname = NULL, *contname = NULL; + pinfo = capi_get_prov_info(ctx, cert); + if (!pinfo) + goto err; + provname = wide_to_asc(pinfo->pwszProvName); + contname = wide_to_asc(pinfo->pwszContainerName); + if (!provname || !contname) + goto err; + key = capi_get_key(ctx, contname, provname, + pinfo->dwProvType, pinfo->dwKeySpec); + + err: + if (pinfo) + OPENSSL_free(pinfo); + if (provname) + OPENSSL_free(provname); + if (contname) + OPENSSL_free(contname); + return key; + } + +CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id) + { + PCCERT_CONTEXT cert; + HCERTSTORE hstore; + CAPI_KEY *key = NULL; + switch (ctx->lookup_method) + { + case CAPI_LU_SUBSTR: + case CAPI_LU_FNAME: + hstore = capi_open_store(ctx, NULL); + if (!hstore) + return NULL; + cert = capi_find_cert(ctx, id, hstore); + if (cert) + { + key = capi_get_cert_key(ctx, cert); + CertFreeCertificateContext(cert); + } + CertCloseStore(hstore, 0); + break; + + case CAPI_LU_CONTNAME: + key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype, + ctx->keytype); + break; + } + + return key; + } + +void capi_free_key(CAPI_KEY *key) + { + if (!key) + return; + CryptDestroyKey(key->key); + CryptReleaseContext(key->hprov, 0); + if (key->pcert) + CertFreeCertificateContext(key->pcert); + OPENSSL_free(key); + } + + +/* Initialize a CAPI_CTX structure */ + +static CAPI_CTX *capi_ctx_new() + { + CAPI_CTX *ctx; + ctx = OPENSSL_malloc(sizeof(CAPI_CTX)); + if (!ctx) + { + CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + ctx->cspname = NULL; + ctx->csptype = PROV_RSA_FULL; + ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME; + ctx->keytype = AT_KEYEXCHANGE; + ctx->storename = NULL; + ctx->ssl_client_store = NULL; + ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG | + CERT_STORE_READONLY_FLAG | + CERT_SYSTEM_STORE_CURRENT_USER; + ctx->lookup_method = CAPI_LU_SUBSTR; + ctx->debug_level = 0; + ctx->debug_file = NULL; + ctx->client_cert_select = cert_select_simple; + return ctx; + } + +static void capi_ctx_free(CAPI_CTX *ctx) + { + CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx); + if (!ctx) + return; + if (ctx->cspname) + OPENSSL_free(ctx->cspname); + if (ctx->debug_file) + OPENSSL_free(ctx->debug_file); + if (ctx->storename) + OPENSSL_free(ctx->storename); + if (ctx->ssl_client_store) + OPENSSL_free(ctx->ssl_client_store); + OPENSSL_free(ctx); + } + +static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check) + { + CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type); + if (check) + { + HCRYPTPROV hprov; + if (!CryptAcquireContext(&hprov, NULL, pname, type, + CRYPT_VERIFYCONTEXT)) + { + CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); + capi_addlasterror(); + return 0; + } + CryptReleaseContext(hprov, 0); + } + ctx->cspname = BUF_strdup(pname); + ctx->csptype = type; + return 1; + } + +static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx) + { + LPSTR pname; + DWORD type; + if (capi_get_provname(ctx, &pname, &type, idx) != 1) + return 0; + return capi_ctx_set_provname(ctx, pname, type, 0); + } + +static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x) + { + int i; + X509_NAME *nm; + /* Special case: empty list: match anything */ + if (sk_X509_NAME_num(ca_dn) <= 0) + return 1; + for (i = 0; i < sk_X509_NAME_num(ca_dn); i++) + { + nm = sk_X509_NAME_value(ca_dn, i); + if (!X509_NAME_cmp(nm, X509_get_issuer_name(x))) + return 1; + } + return 0; + } + + + +static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data) + { + STACK_OF(X509) *certs = NULL; + X509 *x; + char *storename; + const char *p; + int i, client_cert_idx; + HCERTSTORE hstore; + PCCERT_CONTEXT cert = NULL, excert = NULL; + CAPI_CTX *ctx; + CAPI_KEY *key; + ctx = ENGINE_get_ex_data(e, capi_idx); + + *pcert = NULL; + *pkey = NULL; + + storename = ctx->ssl_client_store; + if (!storename) + storename = "MY"; + + hstore = capi_open_store(ctx, storename); + if (!hstore) + return 0; + /* Enumerate all certificates collect any matches */ + for(i = 0;;i++) + { + cert = CertEnumCertificatesInStore(hstore, cert); + if (!cert) + break; + p = cert->pbCertEncoded; + x = d2i_X509(NULL, &p, cert->cbCertEncoded); + if (!x) + { + CAPI_trace(ctx, "Can't Parse Certificate %d\n", i); + continue; + } + if (cert_issuer_match(ca_dn, x) + && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0)) + { + key = capi_get_cert_key(ctx, cert); + if (!key) + { + X509_free(x); + continue; + } + /* Match found: attach extra data to it so + * we can retrieve the key later. + */ + excert = CertDuplicateCertificateContext(cert); + key->pcert = excert; + X509_set_ex_data(x, cert_capi_idx, key); + + if (!certs) + certs = sk_X509_new_null(); + + sk_X509_push(certs, x); + } + else + X509_free(x); + + } + + if (cert) + CertFreeCertificateContext(cert); + if (hstore) + CertCloseStore(hstore, 0); + + if (!certs) + return 0; + + + /* Select the appropriate certificate */ + + client_cert_idx = ctx->client_cert_select(e, ssl, certs); + + /* Set the selected certificate and free the rest */ + + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + if (i == client_cert_idx) + *pcert = x; + else + { + key = X509_get_ex_data(x, cert_capi_idx); + capi_free_key(key); + X509_free(x); + } + } + + sk_X509_free(certs); + + if (!*pcert) + return 0; + + /* Setup key for selected certificate */ + + key = X509_get_ex_data(*pcert, cert_capi_idx); + *pkey = capi_get_pkey(e, key); + X509_set_ex_data(*pcert, cert_capi_idx, NULL); + + return 1; + + } + + +/* Simple client cert selection function: always select first */ + +static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) + { + return 0; + } + +#ifdef OPENSSL_CAPIENG_DIALOG + +/* More complex cert selection function, using standard function + * CryptUIDlgSelectCertificateFromStore() to produce a dialog box. + */ + +/* Definitions which are in cryptuiapi.h but this is not present in older + * versions of headers. + */ + +#ifndef CRYPTUI_SELECT_LOCATION_COLUMN +#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010 +#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004 +#endif + +#define dlg_title L"OpenSSL Application SSL Client Certificate Selection" +#define dlg_prompt L"Select a certificate to use for authentication" +#define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \ + |CRYPTUI_SELECT_INTENDEDUSE_COLUMN + +static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) + { + X509 *x; + HCERTSTORE dstore; + PCCERT_CONTEXT cert; + CAPI_CTX *ctx; + CAPI_KEY *key; + HWND hwnd; + int i, idx = -1; + if (sk_X509_num(certs) == 1) + return 0; + ctx = ENGINE_get_ex_data(e, capi_idx); + /* Create an in memory store of certificates */ + dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, + CERT_STORE_CREATE_NEW_FLAG, NULL); + if (!dstore) + { + CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE); + capi_addlasterror(); + goto err; + } + /* Add all certificates to store */ + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + key = X509_get_ex_data(x, cert_capi_idx); + + if (!CertAddCertificateContextToStore(dstore, key->pcert, + CERT_STORE_ADD_NEW, NULL)) + { + CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT); + capi_addlasterror(); + goto err; + } + + } + hwnd = GetForegroundWindow(); + if (!hwnd) + hwnd = GetActiveWindow(); + if (!hwnd && ctx->getconswindow) + hwnd = ctx->getconswindow(); + /* Call dialog to select one */ + cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt, + dlg_columns, 0, NULL); + + /* Find matching cert from list */ + if (cert) + { + for(i = 0; i < sk_X509_num(certs); i++) + { + x = sk_X509_value(certs, i); + key = X509_get_ex_data(x, cert_capi_idx); + if (CertCompareCertificate( + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + cert->pCertInfo, + key->pcert->pCertInfo)) + { + idx = i; + break; + } + } + } + + err: + if (dstore) + CertCloseStore(dstore, 0); + return idx; + + } +#endif + +#endif +#else /* !WIN32 */ +#include <openssl/engine.h> +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } +IMPLEMENT_DYNAMIC_CHECK_FN() +#endif +#endif diff --git a/lib/libssl/src/engines/e_capi.ec b/lib/libssl/src/engines/e_capi.ec new file mode 100644 index 00000000000..d2ad668a987 --- /dev/null +++ b/lib/libssl/src/engines/e_capi.ec @@ -0,0 +1 @@ +L CAPI e_capi_err.h e_capi_err.c diff --git a/lib/libssl/src/engines/e_capi_err.c b/lib/libssl/src/engines/e_capi_err.c new file mode 100644 index 00000000000..73bbaaa718b --- /dev/null +++ b/lib/libssl/src/engines/e_capi_err.c @@ -0,0 +1,183 @@ +/* e_capi_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include "e_capi_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(0,func,0) +#define ERR_REASON(reason) ERR_PACK(0,0,reason) + +static ERR_STRING_DATA CAPI_str_functs[]= + { +{ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"}, +{ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"}, +{ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"}, +{ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"}, +{ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"}, +{ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"}, +{ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"}, +{ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"}, +{ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"}, +{ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"}, +{ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"}, +{ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"}, +{ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"}, +{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"}, +{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"}, +{ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"}, +{ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"}, +{ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"}, +{ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"}, +{0,NULL} + }; + +static ERR_STRING_DATA CAPI_str_reasons[]= + { +{ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT),"cant create hash object"}, +{ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT),"cant find capi context"}, +{ERR_REASON(CAPI_R_CANT_GET_KEY) ,"cant get key"}, +{ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE) ,"cant set hash value"}, +{ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),"cryptacquirecontext error"}, +{ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR),"cryptenumproviders error"}, +{ERR_REASON(CAPI_R_DECRYPT_ERROR) ,"decrypt error"}, +{ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED),"engine not initialized"}, +{ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR) ,"enumcontainers error"}, +{ERR_REASON(CAPI_R_ERROR_ADDING_CERT) ,"error adding cert"}, +{ERR_REASON(CAPI_R_ERROR_CREATING_STORE) ,"error creating store"}, +{ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),"error getting friendly name"}, +{ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),"error getting key provider info"}, +{ERR_REASON(CAPI_R_ERROR_OPENING_STORE) ,"error opening store"}, +{ERR_REASON(CAPI_R_ERROR_SIGNING_HASH) ,"error signing hash"}, +{ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED),"function not supported"}, +{ERR_REASON(CAPI_R_GETUSERKEY_ERROR) ,"getuserkey error"}, +{ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH),"invalid digest length"}, +{ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid dsa public key blob magic number"}, +{ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD),"invalid lookup method"}, +{ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB),"invalid public key blob"}, +{ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid rsa public key blob magic number"}, +{ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR) ,"pubkey export error"}, +{ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),"pubkey export length error"}, +{ERR_REASON(CAPI_R_UNKNOWN_COMMAND) ,"unknown command"}, +{ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),"unsupported algorithm nid"}, +{ERR_REASON(CAPI_R_UNSUPPORTED_PADDING) ,"unsupported padding"}, +{ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),"unsupported public key algorithm"}, +{0,NULL} + }; + +#endif + +#ifdef CAPI_LIB_NAME +static ERR_STRING_DATA CAPI_lib_name[]= + { +{0 ,CAPI_LIB_NAME}, +{0,NULL} + }; +#endif + + +static int CAPI_lib_error_code=0; +static int CAPI_error_init=1; + +static void ERR_load_CAPI_strings(void) + { + if (CAPI_lib_error_code == 0) + CAPI_lib_error_code=ERR_get_next_error_library(); + + if (CAPI_error_init) + { + CAPI_error_init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(CAPI_lib_error_code,CAPI_str_functs); + ERR_load_strings(CAPI_lib_error_code,CAPI_str_reasons); +#endif + +#ifdef CAPI_LIB_NAME + CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code,0,0); + ERR_load_strings(0,CAPI_lib_name); +#endif + } + } + +static void ERR_unload_CAPI_strings(void) + { + if (CAPI_error_init == 0) + { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(CAPI_lib_error_code,CAPI_str_functs); + ERR_unload_strings(CAPI_lib_error_code,CAPI_str_reasons); +#endif + +#ifdef CAPI_LIB_NAME + ERR_unload_strings(0,CAPI_lib_name); +#endif + CAPI_error_init=1; + } + } + +static void ERR_CAPI_error(int function, int reason, char *file, int line) + { + if (CAPI_lib_error_code == 0) + CAPI_lib_error_code=ERR_get_next_error_library(); + ERR_PUT_error(CAPI_lib_error_code,function,reason,file,line); + } diff --git a/lib/libssl/src/engines/e_capi_err.h b/lib/libssl/src/engines/e_capi_err.h new file mode 100644 index 00000000000..efdb7512518 --- /dev/null +++ b/lib/libssl/src/engines/e_capi_err.h @@ -0,0 +1,123 @@ +/* ==================================================================== + * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_CAPI_ERR_H +#define HEADER_CAPI_ERR_H + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +static void ERR_load_CAPI_strings(void); +static void ERR_unload_CAPI_strings(void); +static void ERR_CAPI_error(int function, int reason, char *file, int line); +#define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__) + +/* Error codes for the CAPI functions. */ + +/* Function codes. */ +#define CAPI_F_CAPI_CERT_GET_FNAME 99 +#define CAPI_F_CAPI_CTRL 100 +#define CAPI_F_CAPI_CTX_NEW 101 +#define CAPI_F_CAPI_CTX_SET_PROVNAME 102 +#define CAPI_F_CAPI_DSA_DO_SIGN 114 +#define CAPI_F_CAPI_GET_KEY 103 +#define CAPI_F_CAPI_GET_PKEY 115 +#define CAPI_F_CAPI_GET_PROVNAME 104 +#define CAPI_F_CAPI_GET_PROV_INFO 105 +#define CAPI_F_CAPI_INIT 106 +#define CAPI_F_CAPI_LIST_CONTAINERS 107 +#define CAPI_F_CAPI_LOAD_PRIVKEY 108 +#define CAPI_F_CAPI_OPEN_STORE 109 +#define CAPI_F_CAPI_RSA_PRIV_DEC 110 +#define CAPI_F_CAPI_RSA_PRIV_ENC 111 +#define CAPI_F_CAPI_RSA_SIGN 112 +#define CAPI_F_CERT_SELECT_DIALOG 117 +#define CAPI_F_CLIENT_CERT_SELECT 116 +#define CAPI_F_WIDE_TO_ASC 113 + +/* Reason codes. */ +#define CAPI_R_CANT_CREATE_HASH_OBJECT 99 +#define CAPI_R_CANT_FIND_CAPI_CONTEXT 100 +#define CAPI_R_CANT_GET_KEY 101 +#define CAPI_R_CANT_SET_HASH_VALUE 102 +#define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103 +#define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104 +#define CAPI_R_DECRYPT_ERROR 105 +#define CAPI_R_ENGINE_NOT_INITIALIZED 106 +#define CAPI_R_ENUMCONTAINERS_ERROR 107 +#define CAPI_R_ERROR_ADDING_CERT 125 +#define CAPI_R_ERROR_CREATING_STORE 126 +#define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108 +#define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109 +#define CAPI_R_ERROR_OPENING_STORE 110 +#define CAPI_R_ERROR_SIGNING_HASH 111 +#define CAPI_R_FUNCTION_NOT_SUPPORTED 112 +#define CAPI_R_GETUSERKEY_ERROR 113 +#define CAPI_R_INVALID_DIGEST_LENGTH 124 +#define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 +#define CAPI_R_INVALID_LOOKUP_METHOD 114 +#define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115 +#define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123 +#define CAPI_R_PUBKEY_EXPORT_ERROR 116 +#define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117 +#define CAPI_R_UNKNOWN_COMMAND 118 +#define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119 +#define CAPI_R_UNSUPPORTED_PADDING 120 +#define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/lib/libssl/src/engines/e_gmp.c b/lib/libssl/src/engines/e_gmp.c index e62e6fcd072..a1a2d2bda61 100644 --- a/lib/libssl/src/engines/e_gmp.c +++ b/lib/libssl/src/engines/e_gmp.c @@ -451,9 +451,13 @@ static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) } #endif +#endif /* !OPENSSL_NO_GMP */ + /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ -#ifndef ENGINE_NO_DYNAMIC_SUPPORT +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +IMPLEMENT_DYNAMIC_CHECK_FN() +#ifndef OPENSSL_NO_GMP static int bind_fn(ENGINE *e, const char *id) { if(id && (strcmp(id, engine_e_gmp_id) != 0)) @@ -462,10 +466,11 @@ static int bind_fn(ENGINE *e, const char *id) return 0; return 1; } -IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ +#else +OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } +#endif +#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -#endif /* !OPENSSL_NO_GMP */ #endif /* !OPENSSL_NO_HW */ - diff --git a/lib/libssl/src/openssl.spec b/lib/libssl/src/openssl.spec index 4acba76aa26..a1fa1984237 100644 --- a/lib/libssl/src/openssl.spec +++ b/lib/libssl/src/openssl.spec @@ -1,7 +1,7 @@ %define libmaj 0 %define libmin 9 %define librel 8 -%define librev h +%define librev i Release: 1 %define openssldir /var/ssl diff --git a/lib/libssl/src/ssl/Makefile b/lib/libssl/src/ssl/Makefile index 2754632849c..cb4267f5de6 100644 --- a/lib/libssl/src/ssl/Makefile +++ b/lib/libssl/src/ssl/Makefile @@ -111,18 +111,19 @@ bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -bio_ssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h -bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h -bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c +bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h +bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +bio_ssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -130,19 +131,20 @@ d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h +d1_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c +d1_both.o: ssl_locl.h d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -150,20 +152,21 @@ d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h -d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h -d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c kssl_lcl.h ssl_locl.h +d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h +d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c +d1_clnt.o: kssl_lcl.h ssl_locl.h d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -192,19 +195,19 @@ d1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c -d1_lib.o: ssl_locl.h +d1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c ssl_locl.h d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -212,19 +215,19 @@ d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c -d1_meth.o: ssl_locl.h +d1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c ssl_locl.h d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -232,19 +235,20 @@ d1_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_pkt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_pkt.o: ../include/openssl/x509_vfy.h d1_pkt.c ssl_locl.h +d1_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c +d1_pkt.o: ssl_locl.h d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -252,38 +256,40 @@ d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_srvr.o: ../include/openssl/evp.h ../include/openssl/kssl.h -d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c ssl_locl.h +d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h +d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c +d1_srvr.o: ssl_locl.h kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h -kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -kssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -kssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h -kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c +kssl.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h +kssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +kssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +kssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +kssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +kssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +kssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +kssl.o: ../include/openssl/x509_vfy.h kssl.c s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -291,19 +297,20 @@ s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h +s23_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c +s23_clnt.o: ssl_locl.h s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -311,19 +318,19 @@ s23_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c -s23_lib.o: ssl_locl.h +s23_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -331,19 +338,19 @@ s23_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c -s23_meth.o: ssl_locl.h +s23_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -351,19 +358,19 @@ s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c -s23_pkt.o: ssl_locl.h +s23_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -371,19 +378,20 @@ s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h +s23_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c +s23_srvr.o: ssl_locl.h s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -391,19 +399,20 @@ s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h +s2_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c +s2_clnt.o: ssl_locl.h s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -411,19 +420,19 @@ s2_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c -s2_enc.o: ssl_locl.h +s2_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -431,19 +440,20 @@ s2_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h +s2_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c +s2_lib.o: ssl_locl.h s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -451,19 +461,19 @@ s2_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c -s2_meth.o: ssl_locl.h +s2_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -471,19 +481,19 @@ s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c -s2_pkt.o: ssl_locl.h +s2_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -491,19 +501,20 @@ s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h +s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c +s2_srvr.o: ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -511,27 +522,29 @@ s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h +s3_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c +s3_both.o: ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h +s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h +s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h @@ -552,19 +565,20 @@ s3_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h +s3_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_enc.c +s3_enc.o: ssl_locl.h s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -572,20 +586,20 @@ s3_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_lib.o: ../include/openssl/evp.h ../include/openssl/kssl.h -s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h -s3_lib.o: s3_lib.c ssl_locl.h +s3_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s3_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -593,19 +607,19 @@ s3_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c -s3_meth.o: ssl_locl.h +s3_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -613,19 +627,19 @@ s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c -s3_pkt.o: ssl_locl.h +s3_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -655,19 +669,19 @@ ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_algs.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c -ssl_algs.o: ssl_locl.h +ssl_algs.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -675,19 +689,20 @@ ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h +ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_asn1.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c +ssl_asn1.o: ssl_locl.h ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -696,20 +711,20 @@ ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_cert.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -ssl_cert.o: ssl_cert.c ssl_locl.h +ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_cert.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -717,55 +732,57 @@ ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_ciph.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c -ssl_ciph.o: ssl_locl.h +ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_err.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_err.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c +ssl_err.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_err.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err2.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_err2.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_err2.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c +ssl_err2.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssl_err2.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err2.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -773,7 +790,8 @@ ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h +ssl_lib.o: ../include/openssl/engine.h ../include/openssl/err.h +ssl_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h @@ -795,26 +813,27 @@ ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_rsa.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -ssl_rsa.o: ssl_rsa.c +ssl_rsa.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h +ssl_sess.o: ../include/openssl/engine.h ../include/openssl/err.h +ssl_sess.o: ../include/openssl/evp.h ../include/openssl/hmac.h ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h @@ -835,19 +854,19 @@ ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_stat.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -ssl_stat.o: ssl_stat.c +ssl_stat.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -855,19 +874,19 @@ ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_txt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -ssl_txt.o: ssl_txt.c +ssl_txt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -875,19 +894,20 @@ t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c +t1_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_clnt.o: t1_clnt.c t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -938,19 +958,19 @@ t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -t1_meth.o: t1_meth.c +t1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +t1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -958,16 +978,17 @@ t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c +t1_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_srvr.o: t1_srvr.c diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index 5e59dc845ac..49c6760d19a 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -1095,8 +1095,7 @@ int dtls1_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; - if (s->ctx->client_cert_cb != NULL) - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c index 377696deac0..b2765ba8019 100644 --- a/lib/libssl/src/ssl/d1_pkt.c +++ b/lib/libssl/src/ssl/d1_pkt.c @@ -811,6 +811,14 @@ start: * may be fragmented--don't always expect dest_maxlen bytes */ if ( rr->length < dest_maxlen) { +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE + /* + * for normal alerts rr->length is 2, while + * dest_maxlen is 7 if we were to handle this + * non-existing alert... + */ + FIX ME +#endif s->rstate=SSL_ST_READ_HEADER; rr->length = 0; goto start; @@ -1251,7 +1259,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len) else s->s3->wnum += i; - return tot + i; + return i; } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) @@ -1576,7 +1584,7 @@ int dtls1_dispatch_alert(SSL *s) { int i,j; void (*cb)(const SSL *ssl,int type,int val)=NULL; - unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */ + unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; s->s3->alert_dispatch=0; @@ -1585,6 +1593,7 @@ int dtls1_dispatch_alert(SSL *s) *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { s2n(s->d1->handshake_read_seq, ptr); @@ -1600,6 +1609,7 @@ int dtls1_dispatch_alert(SSL *s) #endif l2n3(s->d1->r_msg_hdr.frag_off, ptr); } +#endif i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); if (i <= 0) @@ -1609,8 +1619,11 @@ int dtls1_dispatch_alert(SSL *s) } else { - if ( s->s3->send_alert[0] == SSL3_AL_FATAL || - s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) + if (s->s3->send_alert[0] == SSL3_AL_FATAL +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE + || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE +#endif + ) (void)BIO_flush(s->wbio); if (s->msg_callback) diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index 927b01f3c47..0bbf8ae7f31 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -732,7 +732,7 @@ int dtls1_send_server_hello(SSL *s) d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); - s->state=SSL3_ST_CW_CLNT_HELLO_B; + s->state=SSL3_ST_SW_SRVR_HELLO_B; /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; @@ -741,7 +741,7 @@ int dtls1_send_server_hello(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_HELLO_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -765,7 +765,7 @@ int dtls1_send_server_done(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_DONE_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } diff --git a/lib/libssl/src/ssl/dtls1.h b/lib/libssl/src/ssl/dtls1.h index a663cf85f28..f159d371102 100644 --- a/lib/libssl/src/ssl/dtls1.h +++ b/lib/libssl/src/ssl/dtls1.h @@ -70,7 +70,10 @@ extern "C" { #define DTLS1_VERSION 0xFEFF #define DTLS1_BAD_VER 0x0100 +#if 0 +/* this alert description is not specified anywhere... */ #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 +#endif /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 32 @@ -84,7 +87,11 @@ extern "C" { #define DTLS1_CCS_HEADER_LENGTH 1 +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE #define DTLS1_AL_HEADER_LENGTH 7 +#else +#define DTLS1_AL_HEADER_LENGTH 2 +#endif typedef struct dtls1_bitmap_st diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c index c45a8e0a04c..bc918170e10 100644 --- a/lib/libssl/src/ssl/s23_clnt.c +++ b/lib/libssl/src/ssl/s23_clnt.c @@ -257,6 +257,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } +#ifdef OPENSSL_FIPS + else if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return -1; + } +#endif else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; @@ -536,6 +544,14 @@ static int ssl23_get_server_hello(SSL *s) if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { +#ifdef OPENSSL_FIPS + if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c index 6637bb95490..ba06e7ae2eb 100644 --- a/lib/libssl/src/ssl/s23_srvr.c +++ b/lib/libssl/src/ssl/s23_srvr.c @@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s) } } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (s->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 9a87c1cfb36..9b823fddbd3 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -130,10 +130,17 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif #include <openssl/bn.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif static SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); @@ -1415,6 +1422,8 @@ int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); @@ -2061,12 +2070,12 @@ int ssl3_send_client_key_exchange(SSL *s) { DH *dh_srvr,*dh_clnt; - if (s->session->sess_cert == NULL) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); - goto err; - } + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr=s->session->sess_cert->peer_dh_tmp; @@ -2448,8 +2457,7 @@ int ssl3_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; - if (s->ctx->client_cert_cb != NULL) - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; @@ -2716,3 +2724,21 @@ static int ssl3_check_finished(SSL *s) return 1; } #endif + +int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) + { + int i = 0; +#ifndef OPENSSL_NO_ENGINE + if (s->ctx->client_cert_engine) + { + i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, + SSL_get_client_CA_list(s), + px509, ppkey, NULL, NULL, NULL); + if (i != 0) + return i; + } +#endif + if (s->ctx->client_cert_cb) + i = s->ctx->client_cert_cb(s,px509,ppkey); + return i; + } diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index 2859351b001..06e54666b27 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -146,6 +146,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) #endif k=0; EVP_MD_CTX_init(&m5); + EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&s1); for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) { @@ -518,6 +519,8 @@ int ssl3_enc(SSL *s, int send) void ssl3_init_finished_mac(SSL *s) { + EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1), + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); } @@ -554,6 +557,7 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_copy_ex(&ctx,in_ctx); n=EVP_MD_CTX_size(&ctx); diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index bdbcd44f271..8916a0b1b3c 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -158,7 +158,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 0, 0, 0, @@ -264,7 +264,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -304,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, SSL3_CK_DH_DSS_DES_192_CBC3_SHA, SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -343,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, SSL3_CK_DH_RSA_DES_192_CBC3_SHA, SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -384,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -423,7 +423,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -488,7 +488,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -563,7 +563,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_KRB5_DES_192_CBC3_SHA, SSL3_CK_KRB5_DES_192_CBC3_SHA, SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 168, 168, @@ -747,7 +747,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -760,7 +760,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_DSS_WITH_AES_128_SHA, TLS1_CK_DH_DSS_WITH_AES_128_SHA, SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -773,7 +773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_RSA_WITH_AES_128_SHA, TLS1_CK_DH_RSA_WITH_AES_128_SHA, SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -786,7 +786,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, TLS1_CK_DHE_DSS_WITH_AES_128_SHA, SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -799,7 +799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -812,7 +812,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 128, 128, @@ -826,7 +826,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -839,7 +839,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_DSS_WITH_AES_256_SHA, TLS1_CK_DH_DSS_WITH_AES_256_SHA, SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -852,7 +852,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DH_RSA_WITH_AES_256_SHA, TLS1_CK_DH_RSA_WITH_AES_256_SHA, SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -865,7 +865,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, TLS1_CK_DHE_DSS_WITH_AES_256_SHA, SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -878,7 +878,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, @@ -891,7 +891,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 0, 256, 256, diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 44c7c143fe7..72853a2e728 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -1225,6 +1225,13 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { + if (s->session == NULL) + { + /* might happen if dtls1_read_bytes() calls this */ + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); + return (0); + } + s->session->cipher=s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) return(0); } diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 903522ab599..398ce469d68 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1172,13 +1172,13 @@ int ssl3_send_server_hello(SSL *s) *(d++)=SSL3_MT_SERVER_HELLO; l2n3(l,d); - s->state=SSL3_ST_CW_CLNT_HELLO_B; + s->state=SSL3_ST_SW_SRVR_HELLO_B; /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_HELLO_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -1202,7 +1202,7 @@ int ssl3_send_server_done(SSL *s) s->init_off=0; } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_DONE_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -1540,6 +1540,8 @@ int ssl3_send_server_key_exchange(SSL *s) j=0; for (num=2; num > 0; num--) { + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h index 6df921f3c18..ff8a128d3c2 100644 --- a/lib/libssl/src/ssl/ssl.h +++ b/lib/libssl/src/ssl/ssl.h @@ -252,6 +252,7 @@ extern "C" { #define SSL_TXT_LOW "LOW" #define SSL_TXT_MEDIUM "MEDIUM" #define SSL_TXT_HIGH "HIGH" +#define SSL_TXT_FIPS "FIPS" #define SSL_TXT_kFZA "kFZA" #define SSL_TXT_aFZA "aFZA" #define SSL_TXT_eFZA "eFZA" @@ -361,9 +362,6 @@ typedef struct ssl_cipher_st DECLARE_STACK_OF(SSL_CIPHER) -typedef struct ssl_st SSL; -typedef struct ssl_ctx_st SSL_CTX; - /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ typedef struct ssl_method_st { @@ -760,6 +758,12 @@ struct ssl_ctx_st int quiet_shutdown; +#ifndef OPENSSL_ENGINE + /* Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +#endif + #ifndef OPENSSL_NO_TLSEXT /* TLS extensions servername callback */ int (*tlsext_servername_callback)(SSL*, int *, void *); @@ -829,6 +833,9 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type, void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +#ifndef OPENSSL_NO_ENGINE +int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +#endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); @@ -1702,6 +1709,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_CONNECT 132 #define SSL_F_SSL3_CTRL 213 #define SSL_F_SSL3_CTX_CTRL 133 +#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 #define SSL_F_SSL3_ENC 134 #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 @@ -1755,6 +1763,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 #define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 #define SSL_F_SSL_CTX_SET_PURPOSE 226 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 @@ -1935,6 +1944,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NO_CIPHERS_SPECIFIED 183 #define SSL_R_NO_CIPHER_LIST 184 #define SSL_R_NO_CIPHER_MATCH 185 +#define SSL_R_NO_CLIENT_CERT_METHOD 317 #define SSL_R_NO_CLIENT_CERT_RECEIVED 186 #define SSL_R_NO_COMPRESSION_SPECIFIED 187 #define SSL_R_NO_METHOD_SPECIFIED 188 diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c index 6e14f4d834d..0f9a3489dd0 100644 --- a/lib/libssl/src/ssl/ssl_asn1.c +++ b/lib/libssl/src/ssl/ssl_asn1.c @@ -353,7 +353,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) + if (os.length > SSL_MAX_MASTER_KEY_LENGTH) ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; else ret->master_key_length=os.length; diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index 71b645da14d..514292a03ed 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -222,6 +222,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, + {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, }; void ssl_load_ciphers(void) @@ -515,7 +516,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, c = ssl_method->get_cipher(i); #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) /* drop those that use any of that is not available */ +#ifdef OPENSSL_FIPS + if ((c != NULL) && c->valid && !IS_MASKED(c) + && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) +#else if ((c != NULL) && c->valid && !IS_MASKED(c)) +#endif { co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL; @@ -1054,7 +1060,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ for (curr = head; curr != NULL; curr = curr->next) { +#ifdef OPENSSL_FIPS + if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) +#else if (curr->active) +#endif { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG diff --git a/lib/libssl/src/ssl/ssl_err.c b/lib/libssl/src/ssl/ssl_err.c index 50779c16325..24a994fe01b 100644 --- a/lib/libssl/src/ssl/ssl_err.c +++ b/lib/libssl/src/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, +{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, @@ -191,6 +192,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, +{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, @@ -374,6 +376,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, +{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index 31f63183575..1ac7d6f951c 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -130,6 +130,9 @@ #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -1390,6 +1393,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) return(NULL); } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (meth->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return NULL; + } +#endif + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); @@ -1510,6 +1521,27 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) #endif +#ifndef OPENSSL_NO_ENGINE + ret->client_cert_engine = NULL; +#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO +#define eng_strx(x) #x +#define eng_str(x) eng_strx(x) + /* Use specific client engine automatically... ignore errors */ + { + ENGINE *eng; + eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + if (!eng) + { + ERR_clear_error(); + ENGINE_load_builtin_engines(); + eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); + } + if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) + ERR_clear_error(); + } +#endif +#endif + return(ret); err: SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); @@ -1580,6 +1612,10 @@ void SSL_CTX_free(SSL_CTX *a) #else a->comp_methods = NULL; #endif +#ifndef OPENSSL_NO_ENGINE + if (a->client_cert_engine) + ENGINE_finish(a->client_cert_engine); +#endif OPENSSL_free(a); } diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index de94c0d0c74..735db397132 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -330,8 +330,9 @@ #define SSL_LOW 0x00000020L #define SSL_MEDIUM 0x00000040L #define SSL_HIGH 0x00000080L +#define SSL_FIPS 0x00000100L -/* we have used 000000ff - 24 bits left to go */ +/* we have used 000001ff - 23 bits left to go */ /* * Macros to check the export status and cipher strength for export ciphers. @@ -874,6 +875,7 @@ int ssl3_get_new_session_ticket(SSL *s); int ssl3_get_cert_status(SSL *s); int ssl3_get_server_done(SSL *s); int ssl3_send_client_verify(SSL *s); +int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); int ssl3_send_client_certificate(SSL *s); int ssl3_send_client_key_exchange(SSL *s); int ssl3_get_key_exchange(SSL *s); diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c index ee88be2b88a..8391d62212a 100644 --- a/lib/libssl/src/ssl/ssl_sess.c +++ b/lib/libssl/src/ssl/ssl_sess.c @@ -59,6 +59,9 @@ #include <stdio.h> #include <openssl/lhash.h> #include <openssl/rand.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif #include "ssl_locl.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); @@ -870,6 +873,25 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PK return ctx->client_cert_cb; } +#ifndef OPENSSL_NO_ENGINE +int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) + { + if (!ENGINE_init(e)) + { + SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); + return 0; + } + if(!ENGINE_get_ssl_client_cert_function(e)) + { + SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); + ENGINE_finish(e); + return 0; + } + ctx->client_cert_engine = e; + return 1; + } +#endif + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) { diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c index e786b428cd7..f409f3dc76b 100644 --- a/lib/libssl/src/ssl/ssltest.c +++ b/lib/libssl/src/ssl/ssltest.c @@ -231,6 +231,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"\n"); +#ifdef OPENSSL_FIPS + fprintf(stderr,"-F - run test in FIPS mode\n"); +#endif fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -proxy - allow proxy certificates\n"); @@ -412,7 +415,7 @@ int main(int argc, char *argv[]) long bytes=256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe1024 = 1, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; @@ -427,6 +430,9 @@ int main(int argc, char *argv[]) #endif STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; int test_cipherlist = 0; +#ifdef OPENSSL_FIPS + int fips_mode=0; +#endif verbose = 0; debug = 0; @@ -458,7 +464,16 @@ int main(int argc, char *argv[]) while (argc >= 1) { - if (strcmp(*argv,"-server_auth") == 0) + if(!strcmp(*argv,"-F")) + { +#ifdef OPENSSL_FIPS + fips_mode=1; +#else + fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); + EXIT(0); +#endif + } + else if (strcmp(*argv,"-server_auth") == 0) server_auth=1; else if (strcmp(*argv,"-client_auth") == 0) client_auth=1; @@ -640,6 +655,20 @@ bad: EXIT(1); } +#ifdef OPENSSL_FIPS + if(fips_mode) + { + if(!FIPS_mode_set(1)) + { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } + else + fprintf(stderr,"*** IN FIPS MODE ***\n"); + } +#endif + if (print_time) { if (!bio_pair) @@ -2061,15 +2090,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) } #ifndef OPENSSL_NO_X509_VERIFY -# ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION) - FIPS_allow_md5(1); -# endif ok = X509_verify_cert(ctx); -# ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION) - FIPS_allow_md5(0); -# endif #endif if (cb_arg->proxy_auth) diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index ed5a4a72554..3c4dec76d75 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -131,6 +131,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); + HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); HMAC_Update(&ctx,seed,seed_len); @@ -852,8 +854,10 @@ int tls1_alert_code(int code) case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); +#endif default: return(-1); } } diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c index 35f04afa4a7..9ce726996d9 100644 --- a/lib/libssl/src/ssl/t1_lib.c +++ b/lib/libssl/src/ssl/t1_lib.c @@ -734,6 +734,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, /* Point after session ID in client hello */ const unsigned char *p = session_id + len; unsigned short i; + + /* If tickets disabled behave as if no ticket present + * to permit stateful resumption. + */ + if (SSL_get_options(s) & SSL_OP_NO_TICKET) + return 1; + if ((s->version <= SSL3_VERSION) || !limit) return 1; if (p >= limit) @@ -761,12 +768,7 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, return 1; if (type == TLSEXT_TYPE_session_ticket) { - /* If tickets disabled indicate cache miss which will - * trigger a full handshake - */ - if (SSL_get_options(s) & SSL_OP_NO_TICKET) - return 0; - /* If zero length not client will accept a ticket + /* If zero length note client will accept a ticket * and indicate cache miss to trigger full handshake */ if (size == 0) diff --git a/lib/libssl/src/test/Makefile b/lib/libssl/src/test/Makefile index 62f9b86052f..3e58351cb9b 100644 --- a/lib/libssl/src/test/Makefile +++ b/lib/libssl/src/test/Makefile @@ -185,7 +185,7 @@ test_rand: ../util/shlib_wrap.sh ./$(RANDTEST) test_enc: - @sh ./testenc + sh ./testenc test_x509: echo test normal x509v1 certificate @@ -476,41 +476,58 @@ ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ecdsatest.o: ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ectest.o: ../include/openssl/engine.h ../include/openssl/err.h +ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ectest.o: ../include/openssl/err.h ../include/openssl/evp.h ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ectest.c -enginetest.o: ../include/openssl/bio.h ../include/openssl/buffer.h -enginetest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c +enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h -enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -enginetest.o: ../include/openssl/symhacks.h enginetest.c +enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h +enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +enginetest.o: enginetest.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h -evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h +evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h evp_test.c +evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h +evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +evp_test.o: ../include/openssl/x509_vfy.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -607,17 +624,17 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h -ssltest.o: ../include/openssl/evp.h ../include/openssl/kssl.h -ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssltest.o: ../include/openssl/x509v3.h ssltest.c +ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssltest.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c diff --git a/lib/libssl/src/util/libeay.num b/lib/libssl/src/util/libeay.num index 2989500c4ba..62664f3c374 100644 --- a/lib/libssl/src/util/libeay.num +++ b/lib/libssl/src/util/libeay.num @@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA d2i_DSAparams 732 EXIST::FUNCTION:DSA d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION: -d2i_Netscape_RSA 735 EXIST::FUNCTION:RSA +d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA d2i_PKCS7 736 EXIST::FUNCTION: d2i_PKCS7_DIGEST 737 EXIST::FUNCTION: d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION: @@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA i2d_DSAparams 835 EXIST::FUNCTION:DSA i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION: -i2d_Netscape_RSA 838 EXIST::FUNCTION:RSA +i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA i2d_PKCS7 839 EXIST::FUNCTION: i2d_PKCS7_DIGEST 840 EXIST::FUNCTION: i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION: @@ -1814,9 +1814,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION: X509_REQ_get1_email 2403 EXIST::FUNCTION: X509_get1_email 2404 EXIST::FUNCTION: X509_email_free 2405 EXIST::FUNCTION: -i2d_RSA_NET 2406 EXIST::FUNCTION:RSA +i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA d2i_RSA_NET_2 2407 NOEXIST::FUNCTION: -d2i_RSA_NET 2408 EXIST::FUNCTION:RSA +d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA DSO_bind_func 2409 EXIST::FUNCTION: CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION: sk_new_null 2411 EXIST::FUNCTION: @@ -2843,7 +2843,7 @@ FIPS_selftest_failed 3284 NOEXIST::FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: -HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION: +HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC private_SHA_Init 3289 NOEXIST::FUNCTION: private_CAST_set_key 3290 NOEXIST::FUNCTION: private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: @@ -3652,3 +3652,51 @@ CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS CMS_add1_signer 4042 EXIST::FUNCTION:CMS CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS +ENGINE_set_load_ssl_client_cert_function 4044 EXIST::FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_function 4045 EXIST::FUNCTION:ENGINE +ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE +ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE +OPENSSL_isservice 4048 EXIST::FUNCTION: +FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION: +EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION: +FIPS_rand_status 4051 NOEXIST::FUNCTION: +FIPS_rand_set_key 4052 NOEXIST::FUNCTION: +CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: +RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION: +int_ERR_set_state_func 4055 NOEXIST::FUNCTION: +int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: +int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: +FIPS_rng_stick 4058 NOEXIST::FUNCTION: +EVP_CIPHER_CTX_set_flags 4059 NOEXIST::FUNCTION: +BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION: +FIPS_selftest_check 4061 NOEXIST::FUNCTION: +FIPS_rand_set_dt 4062 NOEXIST::FUNCTION: +CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: +FIPS_dsa_free 4064 NOEXIST::FUNCTION: +RSA_X931_derive_ex 4065 NOEXIST::FUNCTION: +FIPS_rsa_new 4066 NOEXIST::FUNCTION: +FIPS_rand_bytes 4067 NOEXIST::FUNCTION: +fips_cipher_test 4068 NOEXIST::FUNCTION: +EVP_CIPHER_CTX_test_flags 4069 NOEXIST::FUNCTION: +CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION: +CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION: +FIPS_dh_new 4073 NOEXIST::FUNCTION: +FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: +FIPS_dh_free 4075 NOEXIST::FUNCTION: +fips_pkey_signature_test 4076 NOEXIST::FUNCTION: +EVP_add_alg_module 4077 NOEXIST::FUNCTION: +int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: +int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: +int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: +FIPS_rand_test_mode 4081 NOEXIST::FUNCTION: +FIPS_rand_reset 4082 NOEXIST::FUNCTION: +FIPS_dsa_new 4083 NOEXIST::FUNCTION: +int_RAND_set_callbacks 4084 NOEXIST::FUNCTION: +BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION: +int_ERR_lib_init 4086 NOEXIST::FUNCTION: +int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION: +FIPS_rsa_free 4088 NOEXIST::FUNCTION: +FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION: +CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION: +OPENSSL_init 4091 NOEXIST::FUNCTION: diff --git a/lib/libssl/src/util/mk1mf.pl b/lib/libssl/src/util/mk1mf.pl index 1ac5fd3a507..7ba804ce33a 100644 --- a/lib/libssl/src/util/mk1mf.pl +++ b/lib/libssl/src/util/mk1mf.pl @@ -221,6 +221,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; +$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; @@ -1017,6 +1018,7 @@ sub read_options "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, "no-cms" => \$no_cms, + "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, @@ -1100,7 +1102,7 @@ sub read_options } } } - elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } + elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) { $c_flags.="$_ "; } diff --git a/lib/libssl/src/util/mkdef.pl b/lib/libssl/src/util/mkdef.pl index ef1cc6e5134..8ecfde1848a 100644 --- a/lib/libssl/src/util/mkdef.pl +++ b/lib/libssl/src/util/mkdef.pl @@ -100,6 +100,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "TLSEXT", # CMS "CMS", + # CryptoAPI Engine + "CAPIENG", # Deprecated functions "DEPRECATED" ); @@ -120,7 +122,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; my $no_seed; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_tlsext; my $no_cms; +my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; foreach (@ARGV, split(/ /, $options)) @@ -206,6 +208,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } + elsif (/^no-capieng$/) { $no_capieng=1; } } @@ -1131,6 +1134,7 @@ sub is_valid if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } + if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true diff --git a/lib/libssl/src/util/pl/VC-32.pl b/lib/libssl/src/util/pl/VC-32.pl index 9cb2ab7e991..1e254119e6a 100644 --- a/lib/libssl/src/util/pl/VC-32.pl +++ b/lib/libssl/src/util/pl/VC-32.pl @@ -138,7 +138,7 @@ if ($FLAVOR =~ /CE/) } else { - $ex_libs.=' gdi32.lib advapi32.lib user32.lib'; + $ex_libs.=' gdi32.lib crypt32.lib advapi32.lib user32.lib'; $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } @@ -259,7 +259,6 @@ sub do_lib_rule $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; } - # $target="\$(LIB_D)$o$target"; $ret.="$target: $objs\n"; if (!$shlib) @@ -274,6 +273,10 @@ sub do_lib_rule if ($name eq "") { $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); + if ($target =~ /capi/) + { + $ex.=' crypt32.lib advapi32.lib'; + } } elsif ($FLAVOR =~ /CE/) { @@ -283,6 +286,7 @@ sub do_lib_rule { $ex.=' unicows.lib' if ($FLAVOR =~ /NT/); $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; + $ex.=' crypt32.lib'; $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; diff --git a/lib/libssl/src/util/ssleay.num b/lib/libssl/src/util/ssleay.num index b3ac136a565..2055cc15975 100644 --- a/lib/libssl/src/util/ssleay.num +++ b/lib/libssl/src/util/ssleay.num @@ -241,3 +241,4 @@ SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION: SSL_set_SSL_CTX 290 EXIST::FUNCTION: SSL_get_servername 291 EXIST::FUNCTION:TLSEXT SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT +SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE |