[openssl-commits] [web] master update

[Richard Levitte]

The branch master has been updated
via 10c638d6934c96d52236740fb4f0be12f9a68482 (commit)
from 0aa090920e4b36e3225c7f4d95be499c166d9785 (commit)


- Log -----------------------------------------------------------------
commit 10c638d6934c96d52236740fb4f0be12f9a68482
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Jul 14 21:07:47 2015 +0200

Don't allow anyone to access any .git folder through the web

-----------------------------------------------------------------------

Summary of changes:
.htaccess | 1 +
1 file changed, 1 insertion(+)

diff --git a/.htaccess b/.htaccess
index 5d5d473..92b86ae 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,3 +1,4 @@
+RedirectMatch 404 .*/\.git/.*

RewriteEngine on

_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[Viktor Dukhovni]

The branch master has been updated

via 0dc41520f2af4bf5493879864303c858feac4573 (commit)
from 5b89036c41a009a76cd0e1595dde5001ae157972 (commit)


- Log -----------------------------------------------------------------
commit 0dc41520f2af4bf5493879864303c858feac4573
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Tue Jul 14 21:26:31 2015 -0400

Maintain backwards-compatible SSLv23_method macros

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
include/openssl/ssl.h | 2 --
1 file changed, 2 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 3027617..c394191 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1546,11 +1546,9 @@ __owur const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
__owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
# endif

-#ifdef OPENSSL_USE_DEPRECATED
#define SSLv23_method TLS_method
#define SSLv23_server_method TLS_server_method
#define SSLv23_client_method TLS_client_method
-#endif

/* Negotiate highest available SSL/TLS version */
__owur const SSL_METHOD *TLS_method(void);

[Rich Salz]

The branch master has been updated

via ad282e638b6824325fb83ecf7cde2e7996f52b79 (commit)
from 0dc41520f2af4bf5493879864303c858feac4573 (commit)


- Log -----------------------------------------------------------------
commit ad282e638b6824325fb83ecf7cde2e7996f52b79
Author: Ernie Hershey <git...@ernie.org>
Date: Tue Jul 14 23:08:44 2015 -0400

GH322: Fix typo in generated comment.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
util/mk1mf.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 5161c17..6091a69 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -612,7 +612,7 @@ $defs= <<"EOF";
# N.B. You MUST use -j on FreeBSD.
# This makefile has been automatically generated from the OpenSSL distribution.
# This single makefile will build the complete OpenSSL distribution and
-# by default leave the 'intertesting' output files in .${o}out and the stuff
+# by default leave the 'interesting' output files in .${o}out and the stuff
# that needs deleting in .${o}tmp.
# The file was generated by running 'make makefile.one', which
# does a 'make files', which writes all the environment variables from all

[Rich Salz]

The branch master has been updated

via 31d6c0b2b043bad5c63b797a327109eb26ff8d2a (commit)
via 9e2e7b34eb5db71247403ecd641f580d83da944a (commit)
from ad282e638b6824325fb83ecf7cde2e7996f52b79 (commit)


- Log -----------------------------------------------------------------
commit 31d6c0b2b043bad5c63b797a327109eb26ff8d2a
Author: mancha <man...@zoho.com>
Date: Wed Jul 15 04:54:28 2015 -0400

Fix author credit for e5c0bc6

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 9e2e7b34eb5db71247403ecd641f580d83da944a
Author: Rich Salz <rs...@akamai.com>
Date: Wed Jul 15 04:52:51 2015 -0400

Revert "Missing perldoc markup around < literal"

This reverts commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4.
Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

[Rich Salz]

The branch master has been updated

via 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a (commit)
from 31d6c0b2b043bad5c63b797a327109eb26ff8d2a (commit)


- Log -----------------------------------------------------------------
commit 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a
Author: Rich Salz <rs...@akamai.com>
Date: Thu Jul 2 08:49:54 2015 -0400

Remove obsolete key formats.

Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/apps.c | 72 +-------------
apps/apps.h | 1 -
apps/opt.c | 14 +--
apps/rsa.c | 13 ---
apps/x509.c | 10 --
crypto/asn1/Makefile | 16 +---
crypto/asn1/asn1_err.c | 3 -
crypto/asn1/n_pkey.c | 231 ---------------------------------------------
crypto/asn1/x_nx509.c | 72 --------------
crypto/crypto-lib.com | 2 +-
doc/apps/x509v3_config.pod | 4 +-
include/openssl/asn1.h | 10 --
include/openssl/rsa.h | 16 ----
test/tx509 | 18 ----
util/libeay.num | 20 ++--
15 files changed, 20 insertions(+), 482 deletions(-)
delete mode 100644 crypto/asn1/x_nx509.c

diff --git a/apps/apps.c b/apps/apps.c
index 3f2c049..80e7777 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -163,12 +163,6 @@ static int set_table_opts(unsigned long *flags, const char *arg,
static int set_multi_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);

-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
- const char *key_descrip, int format);
-#endif
-
int app_init(long mesgwin);

int chopup_args(ARGS *arg, char *buf)
@@ -695,22 +689,7 @@ X509 *load_cert(const char *file, int format,

if (format == FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
- else if (format == FORMAT_NETSCAPE) {
- NETSCAPE_X509 *nx;
- nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
- if (nx == NULL)
- goto end;
-
- if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
- nx->header->length) != 0)) {
- NETSCAPE_X509_free(nx);
- BIO_printf(bio_err, "Error reading header on certificate\n");
- goto end;
- }
- x = nx->cert;
- nx->cert = NULL;
- NETSCAPE_X509_free(nx);
- } else if (format == FORMAT_PEM)
+ else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert, NULL,
(pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12) {
@@ -803,10 +782,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
(pem_password_cb *)password_callback,
&cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE)
- pkey = load_netscape_key(key, file, key_descrip, format);
-#endif
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(key, key_descrip,
(pem_password_cb *)password_callback, &cb_data,
@@ -903,10 +878,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
(pem_password_cb *)password_callback,
&cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE)
- pkey = load_netscape_key(key, file, key_descrip, format);
-#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
@@ -918,47 +889,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
return (pkey);
}

-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
- const char *key_descrip, int format)
-{
- EVP_PKEY *pkey;
- BUF_MEM *buf;
- RSA *rsa;
- const unsigned char *p;
- int size, i;
-
- buf = BUF_MEM_new();
- pkey = EVP_PKEY_new();
- size = 0;
- if (buf == NULL || pkey == NULL)
- goto error;
- for (;;) {
- if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
- goto error;
- i = BIO_read(key, &(buf->data[size]), 1024 * 10);
- size += i;
- if (i == 0)
- break;
- if (i < 0) {
- BIO_printf(bio_err, "Error reading %s %s", key_descrip, file);
- goto error;
- }
- }
- p = (unsigned char *)buf->data;
- rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0);
- if (rsa == NULL)
- goto error;
- BUF_MEM_free(buf);
- EVP_PKEY_set1_RSA(pkey, rsa);
- return pkey;
- error:
- BUF_MEM_free(buf);
- EVP_PKEY_free(pkey);
- return NULL;
-}
-#endif /* ndef OPENSSL_NO_RC4 */
-
static int load_certs_crls(const char *file, int format,
const char *pass, ENGINE *e, const char *desc,
STACK_OF(X509) **pcerts,
diff --git a/apps/apps.h b/apps/apps.h
index b83d4b2..2823cbc 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -532,7 +532,6 @@ void store_setup_crl_download(X509_STORE *st);
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
# define FORMAT_PEM 3
-# define FORMAT_NETSCAPE 4
# define FORMAT_PKCS12 5
# define FORMAT_SMIME 6
# define FORMAT_ENGINE 7
diff --git a/apps/opt.c b/apps/opt.c
index b81cec4..bfb039e 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -256,15 +256,11 @@ int opt_format(const char *s, unsigned long flags, int *result)
break;
case 'N':
case 'n':
- if (strcmp(s, "NSS") == 0 || strcmp(s, "nss") == 0) {
- if ((flags & OPT_FMT_NSS) == 0)
- return opt_format_error(s, flags);
- *result = FORMAT_NSS;
- } else {
- if ((flags & OPT_FMT_NETSCAPE) == 0)
- return opt_format_error(s, flags);
- *result = FORMAT_NETSCAPE;
- }
+ if ((flags & OPT_FMT_NSS) == 0)
+ return opt_format_error(s, flags);
+ if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
+ return opt_format_error(s, flags);
+ *result = FORMAT_NSS;
break;
case 'S':
case 's':
diff --git a/apps/rsa.c b/apps/rsa.c
index f6961d9..c7ad44b 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -352,19 +352,6 @@ int rsa_main(int argc, char **argv)
i = i2d_RSAPrivateKey_bio(out, rsa);
}
}
-# ifndef OPENSSL_NO_RC4
- else if (outformat == FORMAT_NETSCAPE) {
- unsigned char *p, *save;
- int size = i2d_RSA_NET(rsa, NULL, NULL, 0);
-
- save = p = app_malloc(size, "RSA i2d buffer");
- assert(private);
- i2d_RSA_NET(rsa, &p, NULL, 0);
- BIO_write(out, (char *)save, size);
- OPENSSL_free(save);
- i = 1;
- }
-# endif
else if (outformat == FORMAT_PEM) {
if (pubout || pubin) {
if (pubout == 2)
diff --git a/apps/x509.c b/apps/x509.c
index 18e13e7..2fd92f4 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -913,16 +913,6 @@ int x509_main(int argc, char **argv)
i = PEM_write_bio_X509_AUX(out, x);
else
i = PEM_write_bio_X509(out, x);
- } else if (outformat == FORMAT_NETSCAPE) {
- NETSCAPE_X509 nx;
- ASN1_OCTET_STRING hdr;
-
- hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
- hdr.length = strlen(NETSCAPE_CERT_HDR);
- nx.header = &hdr;
- nx.cert = x;
-
- i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index 66b0ef2..a566dfa 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -20,7 +20,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
- x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+ d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
tasn_prn.c tasn_scn.c ameth_lib.c \
@@ -34,7 +34,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
- x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+ d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
tasn_prn.o tasn_scn.o ameth_lib.o \
@@ -793,18 +793,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_long.o: ../include/internal/cryptlib.h x_long.c
-x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c
x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index b7fbd9d..5dfd21b 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -169,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
- {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
- {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
@@ -182,7 +180,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
- {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 1b8c4c0..0c9c4c4 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -102,237 +102,6 @@ DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)

-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify))
-{
- return i2d_RSA_NET(a, pp, cb, 0);
-}
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey)
-{
- int i, j, ret = 0;
- int rsalen, pkeylen, olen;
- NETSCAPE_PKEY *pkey = NULL;
- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
- unsigned char buf[256], *zz;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- if (a == NULL)
- return (0);
-
- if ((pkey = NETSCAPE_PKEY_new()) == NULL)
- goto err;
- if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
- goto err;
- pkey->version = 0;
-
- pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
- if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
- goto err;
- pkey->algor->parameter->type = V_ASN1_NULL;
-
- rsalen = i2d_RSAPrivateKey(a, NULL);
-
- /*
- * Fake some octet strings just for the initial length calculation.
- */
-
- pkey->private_key->length = rsalen;
-
- pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-
- enckey->enckey->digest->length = pkeylen;
-
- enckey->os->length = 11; /* "private-key" */
-
- enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
- if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
- goto err;
- enckey->enckey->algor->parameter->type = V_ASN1_NULL;
-
- if (pp == NULL) {
- olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
- NETSCAPE_PKEY_free(pkey);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return olen;
- }
-
- /* Since its RC4 encrypted length is actual length */
- if ((zz = OPENSSL_malloc(rsalen)) == NULL) {
- ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- pkey->private_key->data = zz;
- /* Write out private key encoding */
- i2d_RSAPrivateKey(a, &zz);
-
- if ((zz = OPENSSL_malloc(pkeylen)) == NULL) {
- ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
- ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- enckey->enckey->digest->data = zz;
- i2d_NETSCAPE_PKEY(pkey, &zz);
-
- /* Wipe the private key encoding */
- OPENSSL_cleanse(pkey->private_key->data, rsalen);
-
- if (cb == NULL)
- cb = EVP_read_pw_string;
- i = cb((char *)buf, 256, "Enter Private Key password:", 1);
- if (i != 0) {
- ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
- goto err;
- }
- i = strlen((char *)buf);
- /* If the key is used for SGC the algorithm is modified a little. */
- if (sgckey) {
- if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
- goto err;
- memcpy(buf + 16, "SGCKEYSALT", 10);
- i = 26;
- }
-
- if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
- goto err;
- OPENSSL_cleanse(buf, 256);
-
- /* Encrypt private key in place */
- zz = enckey->enckey->digest->data;
- if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
- goto err;
- if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
- goto err;
- if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
- goto err;
-
- ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- NETSCAPE_PKEY_free(pkey);
- return (ret);
-}
-
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify))
-{
- return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey)
-{
- RSA *ret = NULL;
- const unsigned char *p;
- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
- p = *pp;
-
- enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
- if (!enckey) {
- ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
- return NULL;
- }
-
- if ((enckey->os->length != 11) || (strncmp("private-key",
- (char *)enckey->os->data,
- 11) != 0)) {
- ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return NULL;
- }
- if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
- ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
- goto err;
- }
- if (cb == NULL)
- cb = EVP_read_pw_string;
- if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
- goto err;
-
- *pp = p;
-
- err:
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return ret;
-
-}
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey)
-{
- NETSCAPE_PKEY *pkey = NULL;
- RSA *ret = NULL;
- int i, j;
- unsigned char buf[256];
- const unsigned char *zz;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- i = cb((char *)buf, 256, "Enter Private Key password:", 0);
- if (i != 0) {
- ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
- goto err;
- }
-
- i = strlen((char *)buf);
- if (sgckey) {
- if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
- goto err;
- memcpy(buf + 16, "SGCKEYSALT", 10);
- i = 26;
- }
-
- if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
- goto err;
- OPENSSL_cleanse(buf, 256);
-
- if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
- goto err;
- if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
- goto err;
- if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
- goto err;
- os->length = i + j;
-
- zz = os->data;
-
- if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
- ASN1err(ASN1_F_D2I_RSA_NET_2,
- ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
- goto err;
- }
-
- zz = pkey->private_key->data;
- if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) {
- ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
- goto err;
- }
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- NETSCAPE_PKEY_free(pkey);
- return (ret);
-}
-
# endif /* OPENSSL_NO_RC4 */

#else /* !OPENSSL_NO_RSA */
diff --git a/crypto/asn1/x_nx509.c b/crypto/asn1/x_nx509.c
deleted file mode 100644
index 5aa0ed5..0000000
--- a/crypto/asn1/x_nx509.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* x_nx509.c */
-/*
- * Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * lice...@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com). This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Old netscape certificate wrapper format */
-
-ASN1_SEQUENCE(NETSCAPE_X509) = {
- ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
- ASN1_OPT(NETSCAPE_X509, cert, X509)
-} ASN1_SEQUENCE_END(NETSCAPE_X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index 5a2694d..f668c1c 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -308,7 +308,7 @@ $ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
"x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
- "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+ "d2i_pu,d2i_pr,i2d_pu,i2d_pr"
$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
"tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
"tasn_prn,tasn_scn,ameth_lib,"+ -
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index 26b327c..d1e6788 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -118,14 +118,12 @@ following PKIX, NS and MS values are meaningful:
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
- msSGC Microsoft Server Gated Crypto
msEFS Microsoft Encrypted File System
- nsSGC Netscape Server Gated Crypto

Examples:

extendedKeyUsage=critical,codeSigning,1.2.3.4
- extendedKeyUsage=nsSGC,msSGC
+ extendedKeyUsage=serverAuth,clientAuth


=head2 Subject Key Identifier.
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 06ee036..5b3b7d3 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -509,11 +509,6 @@ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)

-typedef struct NETSCAPE_X509_st {
- ASN1_OCTET_STRING *header;
- X509 *cert;
-} NETSCAPE_X509;
-
/* This is used to contain a list of bit names */
typedef struct BIT_STRING_BITNAME_st {
int bitnum;
@@ -797,8 +792,6 @@ const char *ASN1_tag2str(int tag);

/* Used to load and write netscape format cert */

-DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);

int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
@@ -1014,8 +1007,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_NETSCAPE_RSA_2 153
# define ASN1_F_D2I_PRIVATEKEY 154
# define ASN1_F_D2I_PUBLICKEY 155
-# define ASN1_F_D2I_RSA_NET 200
-# define ASN1_F_D2I_RSA_NET_2 201
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
@@ -1027,7 +1018,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_I2D_EC_PUBKEY 181
# define ASN1_F_I2D_PRIVATEKEY 163
# define ASN1_F_I2D_PUBLICKEY 164
-# define ASN1_F_I2D_RSA_NET 162
# define ASN1_F_I2D_RSA_PUBKEY 165
# define ASN1_F_LONG_C2I 166
# define ASN1_F_OID_MODULE_INIT 174
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 727b9df..9abb2a1 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -396,22 +396,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset);

int RSA_print(BIO *bp, const RSA *r, int offset);

-# ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify));
-# endif
-
/*
* The following 2 functions sign and verify a X509_SIG ASN1 object inside
* PKCS#1 padded RSA encryption
diff --git a/test/tx509 b/test/tx509
index 3185ce1..dc9abc6 100644
--- a/test/tx509
+++ b/test/tx509
@@ -13,42 +13,24 @@ cp $t x509-fff.p

echo "p -> d"
$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1
-echo "p -> n"
-$cmd -in x509-fff.p -inform p -outform n >x509-f.n || exit 1
echo "p -> p"
$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1

echo "d -> d"
$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1
-echo "n -> d"
-$cmd -in x509-f.n -inform n -outform d >x509-ff.d2 || exit 1
echo "p -> d"
$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1

-echo "d -> n"
-$cmd -in x509-f.d -inform d -outform n >x509-ff.n1 || exit 1
-echo "n -> n"
-$cmd -in x509-f.n -inform n -outform n >x509-ff.n2 || exit 1
-echo "p -> n"
-$cmd -in x509-f.p -inform p -outform n >x509-ff.n3 || exit 1
-
echo "d -> p"
$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1
-echo "n -> p"
-$cmd -in x509-f.n -inform n -outform p >x509-ff.p2 || exit 1
echo "p -> p"
$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1

cmp x509-fff.p x509-f.p || exit 1
cmp x509-fff.p x509-ff.p1 || exit 1
-cmp x509-fff.p x509-ff.p2 || exit 1
cmp x509-fff.p x509-ff.p3 || exit 1

-cmp x509-f.n x509-ff.n1 || exit 1
-cmp x509-f.n x509-ff.n2 || exit 1
-cmp x509-f.n x509-ff.n3 || exit 1
cmp x509-f.p x509-ff.p1 || exit 1
-cmp x509-f.p x509-ff.p2 || exit 1
cmp x509-f.p x509-ff.p3 || exit 1

/bin/rm -f x509-f.* x509-ff.* x509-fff.*
diff --git a/util/libeay.num b/util/libeay.num
index 4d3642f..731db22 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
d2i_DSAparams 732 EXIST::FUNCTION:DSA
d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION:
-d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA
+d2i_Netscape_RSA 735 NOEXIST::FUNCTION:
d2i_PKCS7 736 EXIST::FUNCTION:
d2i_PKCS7_DIGEST 737 EXIST::FUNCTION:
d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION:
@@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
i2d_DSAparams 835 EXIST::FUNCTION:DSA
i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION:
-i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA
+i2d_Netscape_RSA 838 NOEXIST::FUNCTION:
i2d_PKCS7 839 EXIST::FUNCTION:
i2d_PKCS7_DIGEST 840 EXIST::FUNCTION:
i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION:
@@ -1816,9 +1816,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION:
X509_REQ_get1_email 2403 EXIST::FUNCTION:
X509_get1_email 2404 EXIST::FUNCTION:
X509_email_free 2405 EXIST::FUNCTION:
-i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA
+i2d_RSA_NET 2406 NOEXIST::FUNCTION:
d2i_RSA_NET_2 2407 NOEXIST::FUNCTION:
-d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA
+d2i_RSA_NET 2408 NOEXIST::FUNCTION:
DSO_bind_func 2409 EXIST::FUNCTION:
CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION:
sk_new_null 2411 EXIST::FUNCTION:
@@ -3796,7 +3796,7 @@ CRYPTO_THREADID_cmp 4176 EXIST::FUNCTION:
TS_REQ_ext_free 4177 EXIST::FUNCTION:
EVP_PKEY_asn1_set_free 4178 EXIST::FUNCTION:
EVP_PKEY_get0_asn1 4179 EXIST::FUNCTION:
-d2i_NETSCAPE_X509 4180 EXIST::FUNCTION:
+d2i_NETSCAPE_X509 4180 NOEXIST::FUNCTION:
EVP_PKEY_verify_recover_init 4181 EXIST::FUNCTION:
EVP_PKEY_CTX_set_data 4182 EXIST::FUNCTION:
EVP_PKEY_keygen_init 4183 EXIST::FUNCTION:
@@ -3864,7 +3864,7 @@ ASN1_PCTX_get_nm_flags 4242 EXIST::FUNCTION:
EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION:
CRYPTO_THREADID_current 4244 EXIST::FUNCTION:
EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION:
-NETSCAPE_X509_free 4246 EXIST::FUNCTION:
+NETSCAPE_X509_free 4246 NOEXIST::FUNCTION:
i2b_PVK_bio 4247 EXIST::FUNCTION:RC4
EVP_PKEY_print_private 4248 EXIST::FUNCTION:
GENERAL_NAME_get0_value 4249 EXIST::FUNCTION:
@@ -3994,8 +3994,8 @@ WHIRLPOOL_Final 4370 EXIST::FUNCTION:WHIRLPOOL
X509_CRL_METHOD_new 4371 EXIST::FUNCTION:
EVP_DigestSignFinal 4372 EXIST::FUNCTION:
TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION:
-NETSCAPE_X509_it 4374 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_X509_it 4374 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_X509_it 4374 NOEXIST::FUNCTION:
+NETSCAPE_X509_it 4374 NOEXIST::FUNCTION:
TS_RESP_create_response 4375 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_get0_algs 4376 EXIST::FUNCTION:
TS_TST_INFO_get_nonce 4377 EXIST::FUNCTION:
@@ -4046,7 +4046,7 @@ TS_REQ_get_ext_d2i 4420 EXIST::FUNCTION:
GENERAL_NAME_set0_othername 4421 EXIST::FUNCTION:
TS_TST_INFO_get_ext_count 4422 EXIST::FUNCTION:
TS_RESP_CTX_get_request 4423 EXIST::FUNCTION:
-i2d_NETSCAPE_X509 4424 EXIST::FUNCTION:
+i2d_NETSCAPE_X509 4424 NOEXIST::FUNCTION:
ENGINE_get_pkey_meth_engine 4425 EXIST::FUNCTION:ENGINE
EVP_PKEY_meth_set_signctx 4426 EXIST::FUNCTION:
EVP_PKEY_asn1_copy 4427 EXIST::FUNCTION:
@@ -4109,7 +4109,7 @@ PKCS7_stream 4481 EXIST::FUNCTION:
TS_RESP_CTX_set_certs 4482 EXIST::FUNCTION:
TS_CONF_set_def_policy 4483 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_adj 4484 EXIST::FUNCTION:
-NETSCAPE_X509_new 4485 EXIST::FUNCTION:
+NETSCAPE_X509_new 4485 NOEXIST::FUNCTION:
TS_ACCURACY_free 4486 EXIST::FUNCTION:
TS_RESP_get_tst_info 4487 EXIST::FUNCTION:
EVP_PKEY_derive_set_peer 4488 EXIST::FUNCTION:

[Dr. Stephen Henson]

The branch master has been updated

via f7d5348710ad4f26a97458b102f0c2854e4a0520 (commit)
from 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a (commit)


- Log -----------------------------------------------------------------
commit f7d5348710ad4f26a97458b102f0c2854e4a0520
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue Jul 14 23:19:11 2015 +0100

Use uint32_t consistently for flags.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_conf.c | 4 ++--
ssl/ssl_lib.c | 2 +-
ssl/ssl_locl.h | 26 +++++++++++++-------------
ssl/t1_lib.c | 4 ++--
4 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 65ff021..819e730 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -124,11 +124,11 @@ struct ssl_conf_ctx_st {
SSL_CTX *ctx;
SSL *ssl;
/* Pointer to SSL or SSL_CTX options field or NULL if none */
- unsigned long *poptions;
+ uint32_t *poptions;
/* Certificate filenames for each type */
char *cert_filename[SSL_PKEY_NUM];
/* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
- unsigned int *pcert_flags;
+ uint32_t *pcert_flags;
/* Current flag table being worked on */
const ssl_flag_tbl *tbl;
/* Size of table */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ceba30f..d20d95b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1937,7 +1937,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
{
CERT_PKEY *cpk;
CERT *c = s->cert;
- int *pvalid = s->s3->tmp.valid_flags;
+ uint32_t *pvalid = s->s3->tmp.valid_flags;
int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
int rsa_enc_export, dh_rsa_export, dh_dsa_export;
int rsa_tmp_export, dh_tmp_export, kl;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 3507d9a..2672918 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -662,7 +662,7 @@ struct ssl_session_st {
# ifndef OPENSSL_NO_SRP
char *srp_username;
# endif
- long flags;
+ uint32_t flags;
};

/* Extended master secret support */
@@ -720,7 +720,7 @@ struct ssl_ctx_st {
* SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
* means only SSL_accept which cache SSL_SESSIONS.
*/
- int session_cache_mode;
+ uint32_t session_cache_mode;
/*
* If timeout is not 0, it is the default timeout value set when
* SSL_new() is called. This has been put in to make life easier to set
@@ -806,8 +806,8 @@ struct ssl_ctx_st {
* SSL_new)
*/

- unsigned long options;
- unsigned long mode;
+ uint32_t options;
+ uint32_t mode;
long max_cert_list;

struct cert_st /* CERT */ *cert;
@@ -818,7 +818,7 @@ struct ssl_ctx_st {
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;

- int verify_mode;
+ uint32_t verify_mode;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* called 'verify_callback' in the SSL */
@@ -1019,7 +1019,7 @@ struct ssl_st {
* These are the ones being used, the ones in SSL_SESSION are the ones to
* be 'copied' into these ones
*/
- int mac_flags;
+ uint32_t mac_flags;
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD_CTX *read_hash; /* used for mac generation */
COMP_CTX *compress; /* compression */
@@ -1045,7 +1045,7 @@ struct ssl_st {
* 0 don't care about verify failure.
* 1 fail if verify fails
*/
- int verify_mode;
+ uint32_t verify_mode;
/* fail if callback returns 0 */
int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
/* optional informational callback */
@@ -1077,9 +1077,9 @@ struct ssl_st {
STACK_OF(X509_NAME) *client_CA;
int references;
/* protocol behaviour */
- unsigned long options;
+ uint32_t options;
/* API behaviour */
- unsigned long mode;
+ uint32_t mode;
long max_cert_list;
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
@@ -1287,7 +1287,7 @@ typedef struct ssl3_state_st {
* SSL session: e.g. appropriate curve, signature algorithms etc.
* If zero it can't be used at all.
*/
- int valid_flags[SSL_PKEY_NUM];
+ uint32_t valid_flags[SSL_PKEY_NUM];
/*
* For servers the following masks are for the key and auth algorithms
* that are supported by the certs below. For clients they are masks of
@@ -1475,7 +1475,7 @@ typedef struct {
* Per-connection flags relating to this extension type: not used if
* part of an SSL_CTX structure.
*/
- unsigned short ext_flags;
+ uint32_t ext_flags;
custom_ext_add_cb add_cb;
custom_ext_free_cb free_cb;
void *add_arg;
@@ -1526,7 +1526,7 @@ typedef struct cert_st {
int ecdh_tmp_auto;
# endif
/* Flags related to certificates */
- unsigned int cert_flags;
+ uint32_t cert_flags;
CERT_PKEY pkeys[SSL_PKEY_NUM];
/*
* Certificate types (received or sent) in certificate request message.
@@ -1656,7 +1656,7 @@ typedef struct ssl3_enc_method {
const unsigned char *, size_t,
int use_context);
/* Various flags indicating protocol version requirements */
- unsigned int enc_flags;
+ uint32_t enc_flags;
/* Handshake header length */
unsigned int hhlen;
/* Set the handshake header */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 402047a..f08eb84 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3459,7 +3459,7 @@ int tls1_process_sigalgs(SSL *s)
size_t i;
const EVP_MD *md;
const EVP_MD **pmd = s->s3->tmp.md;
- int *pvalid = s->s3->tmp.valid_flags;
+ uint32_t *pvalid = s->s3->tmp.valid_flags;
CERT *c = s->cert;
TLS_SIGALGS *sigptr;
if (!tls1_set_shared_sigalgs(s))
@@ -3890,7 +3890,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int check_flags = 0, strict_mode;
CERT_PKEY *cpk = NULL;
CERT *c = s->cert;
- int *pvalid;
+ uint32_t *pvalid;
unsigned int suiteb_flags = tls1_suiteb(s);
/* idx == -1 means checking server chains */
if (idx != -1) {

[Rich Salz]

The branch master has been updated

via 7e5363abe3c00d9db037f464f3c121e194bb5bb6 (commit)
from f7d5348710ad4f26a97458b102f0c2854e4a0520 (commit)


- Log -----------------------------------------------------------------
commit 7e5363abe3c00d9db037f464f3c121e194bb5bb6
Author: Rich Salz <rs...@akamai.com>
Date: Fri Apr 24 16:33:34 2015 -0400

Rewrite crypto/ex_data

Removed ability to set ex_data impl at runtime. This removed these
three functions:
const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
int CRYPTO_ex_data_new_class(void);
It is no longer possible to change the ex_data implementation at
runtime. (Luckily those functions were never documented :)

Also removed the ability to add new exdata "classes." We don't believe
this received much (if any) use, since you can't add it to OpenSSL objects,
and there are probably better (native) methods for developers to add
their own extensible data, if they really need that.

Replaced the internal hash table (of per-"class" stacks) with a simple
indexed array. Reserved an index for "app" application.

Each API used to take the lock twice; now it only locks once.

Use local stack storage for function pointers, rather than malloc,
if possible (i.e., number of ex_data items is under a dozen).

Make CRYPTO_EX_DATA_FUNCS opaque/internal.

Also fixes RT3710; index zero is reserved.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/cpt_err.c | 5 +-
crypto/engine/eng_dyn.c | 1 -
crypto/ex_data.c | 541 +++++++++++++-------------------------------
include/openssl/crypto.h | 45 +---
include/openssl/engine.h | 3 -
include/openssl/safestack.h | 18 --
include/openssl/symhacks.h | 6 -
util/libeay.num | 10 +-
8 files changed, 172 insertions(+), 457 deletions(-)

diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index a513838..1f9a824 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -1,6 +1,6 @@
/* crypto/cpt_err.c */
/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -70,9 +70,12 @@
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)

static ERR_STRING_DATA CRYPTO_str_functs[] = {
+ {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"},
+ {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"},
{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
+ {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"},
{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 06a7018..ae7d1d0 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -512,7 +512,6 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
* would also increase opaqueness.
*/
fns.static_state = ENGINE_get_static_state();
- fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
&fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb);
fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index bf5cf29..62d03bb 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -1,33 +1,3 @@
-/* crypto/ex_data.c */
-
-/*
- * Overhaul notes;
- *
- * This code is now *mostly* thread-safe. It is now easier to understand in what
- * ways it is safe and in what ways it is not, which is an improvement. Firstly,
- * all per-class stacks and index-counters for ex_data are stored in the same
- * global LHASH table (keyed by class). This hash table uses locking for all
- * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
- * called when no other threads can possibly race against it (even if it was
- * locked, the race would mean it's possible the hash table might have been
- * recreated after the cleanup). As classes can only be added to the hash table,
- * and within each class, the stack of methods can only be incremented, the
- * locking mechanics are simpler than they would otherwise be. For example, the
- * new/dup/free ex_data functions will lock the hash table, copy the method
- * pointers it needs from the relevant class, then unlock the hash table before
- * actually applying those method pointers to the task of the new/dup/free
- * operations. As they can't be removed from the method-stack, only
- * supplemented, there's no race conditions associated with using them outside
- * the lock. The get/set_ex_data functions are not locked because they do not
- * involve this global state at all - they operate directly with a previously
- * obtained per-class method index and a particular "ex_data" variable. These
- * variables are usually instantiated per-context (eg. each RSA structure has
- * one) so locking on read/write access to that variable can be locked locally
- * if required (eg. using the "RSA" lock to synchronise access to a
- * per-RSA-structure ex_data variable if required).
- * [Geoff]
- */
-
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -141,300 +111,150 @@
#include "internal/cryptlib.h"
#include <openssl/lhash.h>

-/* What an "implementation of ex_data functionality" looks like */
-struct st_CRYPTO_EX_DATA_IMPL {
- /*********************/
- /* GLOBAL OPERATIONS */
- /* Return a new class index */
- int (*cb_new_class) (void);
- /* Cleanup all state used by the implementation */
- void (*cb_cleanup) (void);
- /************************/
- /* PER-CLASS OPERATIONS */
- /* Get a new method index within a class */
- int (*cb_get_new_index) (int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
- /* Initialise a new CRYPTO_EX_DATA of a given class */
- int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
- /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
- int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from);
- /* Cleanup a CRYPTO_EX_DATA of a given class */
- void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
-};
-
-/* The implementation we use at run-time */
-static const CRYPTO_EX_DATA_IMPL *impl = NULL;

-/*
- * To call "impl" functions, use this macro rather than referring to 'impl'
- * directly, eg. EX_IMPL(get_new_index)(...);
- */
-#define EX_IMPL(a) impl->cb_##a
-
-/* Predeclare the "default" ex_data implementation */
-static int int_new_class(void);
-static void int_cleanup(void);
-static int int_get_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from);
-static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-static CRYPTO_EX_DATA_IMPL impl_default = {
- int_new_class,
- int_cleanup,
- int_get_new_index,
- int_new_ex_data,
- int_dup_ex_data,
- int_free_ex_data
-};
+typedef struct {
+ long argl; /* Arbitary long */
+ void *argp; /* Arbitary void * */
+ CRYPTO_EX_new *new_func;
+ CRYPTO_EX_free *free_func;
+ CRYPTO_EX_dup *dup_func;
+} CRYPTO_EX_DATA_FUNCS;

-/*
- * Internal function that checks whether "impl" is set and if not, sets it to
- * the default.
- */
-static void impl_check(void)
-{
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- if (!impl)
- impl = &impl_default;
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-}
+DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)

/*
- * A macro wrapper for impl_check that first uses a non-locked test before
- * invoking the function (which checks again inside a lock).
+ * State for each class; could just be a typedef, but this allows future
+ * changes.
*/
-#define IMPL_CHECK if(!impl) impl_check();
-
-/* API functions to get/set the "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
-{
- IMPL_CHECK return impl;
-}
-
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
-{
- int toret = 0;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- if (!impl) {
- impl = i;
- toret = 1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- return toret;
-}
-
-/****************************************************************************/
-/*
- * Interal (default) implementation of "ex_data" support. API functions are
- * further down.
- */
-
-/*
- * The type that represents what each "class" used to implement locally. A
- * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is
- * the global value representing the class that is used to distinguish these
- * items.
- */
-typedef struct st_ex_class_item {
- int class_index;
+typedef struct {
STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
- int meth_num;
} EX_CLASS_ITEM;

-/* When assigning new class indexes, this is our counter */
-static int ex_class = CRYPTO_EX_INDEX_USER;
-
-/* The global hash table of EX_CLASS_ITEM items */
-DECLARE_LHASH_OF(EX_CLASS_ITEM);
-static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL;
-
-/* The callbacks required in the "ex_data" hash table */
-static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a)
-{
- return a->class_index;
-}
-
-static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM)
-
-static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b)
-{
- return a->class_index - b->class_index;
-}
-
-static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM)
+static EX_CLASS_ITEM ex_data[CRYPTO_EX_INDEX__COUNT];

/*
- * Internal functions used by the "impl_default" implementation to access the
- * state
+ * Return the EX_CLASS_ITEM from the "ex_data" array that corresponds to
+ * a given class. On success, *holds the lock.*
*/
-static int ex_data_check(void)
+static EX_CLASS_ITEM *def_get_class(int class_index)
{
- int toret = 1;
+ EX_CLASS_ITEM *ip;
+
+ if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) {
+ CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ ip = &ex_data[class_index];
CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- if (!ex_data && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL)
- toret = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- return toret;
+ if (ip->meth == NULL) {
+ ip->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
+ /* We push an initial value on the stack because the SSL
+ * "app_data" routines use ex_data index zero. See RT 3710. */
+ if (ip->meth == NULL
+ || !sk_CRYPTO_EX_DATA_FUNCS_push(ip->meth, NULL)) {
+ CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ return NULL;
+ }
+ }
+ return ip;
}

-/*
- * This macros helps reduce the locking from repeated checks because the
- * ex_data_check() function checks ex_data again inside a lock.
- */
-#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
-
-/* This "inner" callback is used by the callback function that follows it */
-static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
+static void cleanup_cb(CRYPTO_EX_DATA_FUNCS *funcs)
{
OPENSSL_free(funcs);
}

/*
- * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't
- * do any locking.
+ * Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all).
*/
-static void def_cleanup_cb(void *a_void)
+void CRYPTO_cleanup_all_ex_data(void)
{
- EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
- sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
- OPENSSL_free(item);
-}
+ int i;

-/*
- * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to
- * a given class. Handles locking.
- */
-static EX_CLASS_ITEM *def_get_class(int class_index)
-{
- EX_CLASS_ITEM d, *p, *gen;
- EX_DATA_CHECK(return NULL;)
- d.class_index = class_index;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d);
- if (!p) {
- gen = OPENSSL_malloc(sizeof(*gen));
- if (gen) {
- gen->class_index = class_index;
- gen->meth_num = 0;
- gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
- if (!gen->meth)
- OPENSSL_free(gen);
- else {
- /*
- * Because we're inside the ex_data lock, the return value
- * from the insert will be NULL
- */
- (void)lh_EX_CLASS_ITEM_insert(ex_data, gen);
- p = gen;
- }
- }
+ for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) {
+ EX_CLASS_ITEM *ip = &ex_data[i];
+
+ sk_CRYPTO_EX_DATA_FUNCS_pop_free(ip->meth, cleanup_cb);
+ ip->meth = NULL;
}
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- if (!p)
- CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
- return p;
}

/*
- * Add a new method to the given EX_CLASS_ITEM and return the corresponding
- * index (or -1 for error). Handles locking.
+ * Inside an existing class, get/register a new index.
*/
-static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func)
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
{
int toret = -1;
- CRYPTO_EX_DATA_FUNCS *a = OPENSSL_malloc(sizeof(*a));
- if (!a) {
- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+ CRYPTO_EX_DATA_FUNCS *a;
+ EX_CLASS_ITEM *ip = def_get_class(class_index);
+
+ if (!ip)
return -1;
+ a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(*a));
+ if (!a) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+ goto err;
}
a->argl = argl;
a->argp = argp;
a->new_func = new_func;
a->dup_func = dup_func;
a->free_func = free_func;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) {
- if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) {
- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(a);

- goto err;
- }
- }

- toret = item->meth_num++;
- (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
- err:
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- return toret;
-}

-/**************************************************************/
-/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
+ if (!sk_CRYPTO_EX_DATA_FUNCS_push(ip->meth, NULL)) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(a);
+ goto err;
+ }
+ toret = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth) - 1;
+ (void)sk_CRYPTO_EX_DATA_FUNCS_set(ip->meth, toret, a);

-static int int_new_class(void)
-{
- int toret;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- toret = ex_class++;
+ err:
CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
return toret;
}

-static void int_cleanup(void)
-{
- EX_DATA_CHECK(return;)
- lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb);
- lh_EX_CLASS_ITEM_free(ex_data);
- ex_data = NULL;
- impl = NULL;
-}
-
-static int int_get_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func)
-{
- EX_CLASS_ITEM *item = def_get_class(class_index);
- if (!item)
- return -1;
- return def_add_index(item, argl, argp, new_func, dup_func, free_func);
-}
-
/*
+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable
* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries
- * in the lock, then using them outside the lock. NB: Thread-safety only
- * applies to the global "ex_data" state (ie. class definitions), not
- * thread-safe on 'ad' itself.
+ * in the lock, then using them outside the lock. Note this only applies
+ * to the global "ex_data" state (ie. class definitions), not 'ad' itself.
*/
-static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
{
int mx, i;
void *ptr;
CRYPTO_EX_DATA_FUNCS **storage = NULL;
- EX_CLASS_ITEM *item = def_get_class(class_index);
- if (!item)
- /* error is already set */
+ CRYPTO_EX_DATA_FUNCS *stack[10];
+ EX_CLASS_ITEM *ip = def_get_class(class_index);
+
+ if (!ip)
return 0;
+
ad->sk = NULL;
- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+
+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth);
if (mx > 0) {
- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
- if (!storage)
- goto skip;
- for (i = 0; i < mx; i++)
- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+ if (mx < (int)OSSL_NELEM(stack))
+ storage = stack;
+ else
+ storage = OPENSSL_malloc(sizeof(*storage) * mx);
+ if (storage)
+ for (i = 0; i < mx; i++)
+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i);
}
- skip:
- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
- if ((mx > 0) && !storage) {
- CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+
+ if (mx > 0 && storage == NULL) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < mx; i++) {
@@ -444,41 +264,50 @@ static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
storage[i]->argl, storage[i]->argp);
}
}
- OPENSSL_free(storage);
+ if (storage != stack)
+ OPENSSL_free(storage);
return 1;
}

-/* Same thread-safety notes as for "int_new_ex_data" */
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from)
+/*
+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
+ * for each index in the class used by this variable
+ */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+ CRYPTO_EX_DATA *from)
{
int mx, j, i;
char *ptr;
+ CRYPTO_EX_DATA_FUNCS *stack[10];
CRYPTO_EX_DATA_FUNCS **storage = NULL;
- EX_CLASS_ITEM *item;
- if (!from->sk)
- /* 'to' should be "blank" which *is* just like 'from' */
+ EX_CLASS_ITEM *ip;
+
+ if (from->sk == NULL)
+ /* Nothing to copy over */
return 1;
- if ((item = def_get_class(class_index)) == NULL)
+ if ((ip = def_get_class(class_index)) == NULL)
return 0;
- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+
+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth);
j = sk_void_num(from->sk);
if (j < mx)
mx = j;
if (mx > 0) {
- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
- if (!storage)
- goto skip;
- for (i = 0; i < mx; i++)
- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+ if (mx < (int)OSSL_NELEM(stack))
+ storage = stack;
+ else
+ storage = OPENSSL_malloc(sizeof(*storage) * mx);
+ if (storage)
+ for (i = 0; i < mx; i++)
+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i);
}
- skip:
- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
- if ((mx > 0) && !storage) {
- CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+
+ if (mx > 0 && storage == NULL) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
return 0;
}
+
for (i = 0; i < mx; i++) {
ptr = CRYPTO_get_ex_data(from, i);
if (storage[i] && storage[i]->dup_func)
@@ -486,34 +315,41 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
storage[i]->argl, storage[i]->argp);
CRYPTO_set_ex_data(to, i, ptr);
}
- OPENSSL_free(storage);
+ if (storage != stack)
+ OPENSSL_free(storage);
return 1;
}

-/* Same thread-safety notes as for "int_new_ex_data" */
-static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+
+/*
+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable
+ */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
{
int mx, i;
- EX_CLASS_ITEM *item;
+ EX_CLASS_ITEM *ip;
void *ptr;
+ CRYPTO_EX_DATA_FUNCS *stack[10];
CRYPTO_EX_DATA_FUNCS **storage = NULL;
- if (ex_data == NULL)
- return;
- if ((item = def_get_class(class_index)) == NULL)
+
+ if ((ip = def_get_class(class_index)) == NULL)
return;
- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+
+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth);
if (mx > 0) {
- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
- if (!storage)
- goto skip;
- for (i = 0; i < mx; i++)
- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+ if (mx < (int)OSSL_NELEM(stack))
+ storage = stack;
+ else
+ storage = OPENSSL_malloc(sizeof(*storage) * mx);
+ if (storage)
+ for (i = 0; i < mx; i++)
+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i);
}
- skip:
- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
- if ((mx > 0) && !storage) {
- CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE);
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+
+ if (mx > 0 && storage == NULL) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_FREE_EX_DATA, ERR_R_MALLOC_FAILURE);
return;
}
for (i = 0; i < mx; i++) {
@@ -523,79 +359,13 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
storage[i]->argl, storage[i]->argp);
}
}
- OPENSSL_free(storage);
+
+ if (storage != stack)
+ OPENSSL_free(storage);
sk_void_free(ad->sk);
ad->sk = NULL;
}

-/********************************************************************/
-/*
- * API functions that defer all "state" operations to the "ex_data"
- * implementation we have set.
- */
-
-/*
- * Obtain an index for a new class (not the same as getting a new index
- * within an existing class - this is actually getting a new *class*)
- */
-int CRYPTO_ex_data_new_class(void)
-{
- IMPL_CHECK return EX_IMPL(new_class) ();
-}
-
-/*
- * Release all "ex_data" state to prevent memory leaks. This can't be made
- * thread-safe without overhauling a lot of stuff, and shouldn't really be
- * called under potential race-conditions anyway (it's for program shutdown
- * after all).
- */
-void CRYPTO_cleanup_all_ex_data(void)
-{
- IMPL_CHECK EX_IMPL(cleanup) ();
-}
-
-/* Inside an existing class, get/register a new index. */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func)
-{
- int ret = -1;
-
- IMPL_CHECK
- ret = EX_IMPL(get_new_index) (class_index,
- argl, argp, new_func, dup_func,
- free_func);

- return ret;
-}
-

-/*
- * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
- * calling new() callbacks for each index in the class used by this variable
- */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-{
- IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad);
-}
-
-/*
- * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
- * for each index in the class used by this variable
- */
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from)
-{
- IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from);
-}
-
-/*
- * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
- * each index in the class used by this variable
- */
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-{
- IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad);
-}
-
/*
* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
* particular index in the class used by this variable
@@ -607,20 +377,18 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
if (ad->sk == NULL) {
if ((ad->sk = sk_void_new_null()) == NULL) {
CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
- return (0);
+ return 0;
}
}
- i = sk_void_num(ad->sk);

- while (i <= idx) {
+ for (i = sk_void_num(ad->sk); i <= idx; ++i) {
if (!sk_void_push(ad->sk, NULL)) {
CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
- return (0);
+ return 0;
}
- i++;
}
sk_void_set(ad->sk, idx, val);
- return (1);
+ return 1;
}

/*
@@ -629,10 +397,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
*/
void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
{
- if (ad->sk == NULL)
- return (0);
- else if (idx >= sk_void_num(ad->sk))
- return (0);
- else
- return (sk_void_value(ad->sk, idx));
+ if (ad->sk == NULL || idx >= sk_void_num(ad->sk))
+ return NULL;
+ return sk_void_value(ad->sk, idx);
}
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 1bda645..faaf1d5 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -284,25 +284,9 @@ struct crypto_ex_data_st {
DECLARE_STACK_OF(void)

/*
- * This stuff is basically class callback functions The current classes are
- * SSL_CTX, SSL, SSL_SESSION, and a few more
- */
-
-typedef struct crypto_ex_data_func_st {
- long argl; /* Arbitary long */
- void *argp; /* Arbitary void * */
- CRYPTO_EX_new *new_func;
- CRYPTO_EX_free *free_func;
- CRYPTO_EX_dup *dup_func;
-} CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
-/*
* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
* entry.
*/
-
# define CRYPTO_EX_INDEX_BIO 0
# define CRYPTO_EX_INDEX_SSL 1
# define CRYPTO_EX_INDEX_SSL_CTX 2
@@ -319,12 +303,8 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
# define CRYPTO_EX_INDEX_ECDH 13
# define CRYPTO_EX_INDEX_COMP 14
# define CRYPTO_EX_INDEX_STORE 15
-
-/*
- * Dynamically assigned indexes start from this value (don't use directly,
- * use via CRYPTO_ex_data_new_class).
- */
-# define CRYPTO_EX_INDEX_USER 100
+# define CRYPTO_EX_INDEX_APP 16
+# define CRYPTO_EX_INDEX__COUNT 17

/*
* This is the default callbacks, but we can have others as well: this is
@@ -386,14 +366,6 @@ unsigned long SSLeay(void);

int OPENSSL_issetugid(void);

-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
/* Within a given class, get/register a new index */
int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
@@ -611,6 +583,11 @@ int FIPS_mode_set(int r);

void OPENSSL_init(void);

+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+ const struct tm *from, const struct tm *to);
+
/*
* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
* It takes an amount of time dependent on |len|, but independent of the
@@ -627,17 +604,15 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len);
*/
void ERR_load_CRYPTO_strings(void);

-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
-int OPENSSL_gmtime_diff(int *pday, int *psec,
- const struct tm *from, const struct tm *to);
-
/* Error codes for the CRYPTO functions. */

/* Function codes. */
+# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110
+# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111
# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100
# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103
# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101
+# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112
# define CRYPTO_F_CRYPTO_SET_EX_DATA 102
# define CRYPTO_F_DEF_ADD_INDEX 104
# define CRYPTO_F_DEF_GET_CLASS 105
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index fa1d694..c228487 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -776,7 +776,6 @@ typedef struct st_dynamic_LOCK_fns {
/* The top-level structure */
typedef struct st_dynamic_fns {
void *static_state;
- const CRYPTO_EX_DATA_IMPL *ex_data_fns;
dynamic_MEM_fns mem_fns;
dynamic_LOCK_fns lock_fns;
} dynamic_fns;
@@ -834,8 +833,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
- if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
- return 0; \
skip_cbs: \
if(!fn(e,id)) return 0; \
return 1; }
diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h
index e138bfc..785bec6 100644
--- a/include/openssl/safestack.h
+++ b/include/openssl/safestack.h
@@ -2251,24 +2251,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
LHM_lh_stats_bio(ERR_STRING_DATA,lh,out)
# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh)

-# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item)
-# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst)
-# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn)
-# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \
- LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg)
-# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh)
-# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \
- LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \
- LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \
- LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out)
-# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh)
-
# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function)
# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst)
# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst)
diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h
index 9785685..3253df8 100644
--- a/include/openssl/symhacks.h
+++ b/include/openssl/symhacks.h
@@ -71,12 +71,6 @@
*/
# ifdef OPENSSL_SYS_VMS

-/* Hack a long name in crypto/ex_data.c */
-# undef CRYPTO_get_ex_data_implementation
-# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl
-# undef CRYPTO_set_ex_data_implementation
-# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl
-
/* Hack a long name in crypto/asn1/a_mbstr.c */
# undef ASN1_STRING_set_default_mask_asc
# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc
diff --git a/util/libeay.num b/util/libeay.num
index 731db22..a82db68 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -2328,8 +2328,8 @@ X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION:
OCSP_BASICRESP_free 2838 EXIST::FUNCTION:
OCSP_BASICRESP_add1_ext_i2d 2839 EXIST::FUNCTION:
d2i_KRB5_AUTHENTBODY 2840 NOEXIST::FUNCTION:
-CRYPTO_set_ex_data_implementation 2841 EXIST:!VMS:FUNCTION:
-CRYPTO_set_ex_data_impl 2841 EXIST:VMS:FUNCTION:
+CRYPTO_set_ex_data_impl 2841 NOEXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation 2841 NOEXIST::FUNCTION:
KRB5_ENCDATA_new 2842 NOEXIST::FUNCTION:
DSO_up_ref 2843 EXIST::FUNCTION:
OCSP_crl_reason_str 2844 EXIST::FUNCTION:
@@ -2559,7 +2559,7 @@ AES_encrypt 3033 EXIST::FUNCTION:AES
OCSP_REQUEST_new 3034 EXIST::FUNCTION:
ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION:
+CRYPTO_ex_data_new_class 3036 NOEXIST::FUNCTION:
_ossl_old_des_ncbc_encrypt 3037 NOEXIST::FUNCTION:
i2d_KRB5_TKTBODY 3038 NOEXIST::FUNCTION:
EC_POINT_clear_free 3039 EXIST::FUNCTION:EC
@@ -2676,8 +2676,8 @@ USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
USERNOTICE_it 3132 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_REQINFO_new 3133 EXIST::FUNCTION:
OCSP_BASICRESP_get_ext 3134 EXIST::FUNCTION:
-CRYPTO_get_ex_data_implementation 3135 EXIST:!VMS:FUNCTION:
-CRYPTO_get_ex_data_impl 3135 EXIST:VMS:FUNCTION:
+CRYPTO_get_ex_data_impl 3135 NOEXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation 3135 NOEXIST::FUNCTION:
ASN1_item_pack 3136 EXIST::FUNCTION:
i2d_KRB5_ENCDATA 3137 NOEXIST::FUNCTION:
X509_PURPOSE_set 3138 EXIST::FUNCTION:

[Dr. Stephen Henson]

The branch master has been updated

via 3d9ebc373f6c95df1d4b079d73f3ab0194c57621 (commit)
via 429261d0d836fa44213eae99abbf19dbb6194daf (commit)
from 7e5363abe3c00d9db037f464f3c121e194bb5bb6 (commit)


- Log -----------------------------------------------------------------
commit 3d9ebc373f6c95df1d4b079d73f3ab0194c57621

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jul 14 14:19:38 2015 +0100

Update demo.

Use new SSL_CONF options in demo. Add intermediate and root CAs and
update all to use SHA256.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

commit 429261d0d836fa44213eae99abbf19dbb6194daf

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jul 14 14:18:37 2015 +0100

SSL_CONF additions.

Add support for loading verify and chain stores in SSL_CONF.

Commands to set verify mode and client CA names.

Add documentation.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

demos/bio/accept.cnf | 6 ++
demos/bio/intca.pem | 23 +++++++
demos/bio/root.pem | 22 +++++++
demos/bio/server.pem | 21 +++----
doc/ssl/SSL_CONF_cmd.pod | 27 ++++++++
ssl/ssl_conf.c | 156 +++++++++++++++++++++++++++++++++++++++++++----
6 files changed, 232 insertions(+), 23 deletions(-)
create mode 100644 demos/bio/intca.pem
create mode 100644 demos/bio/root.pem

diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf
index e4acea7..5a2ef45 100644
--- a/demos/bio/accept.cnf
+++ b/demos/bio/accept.cnf
@@ -11,3 +11,9 @@ ECDHParameters = Automatic
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Certificate=server.pem
PrivateKey=server.pem
+ChainCAFile=root.pem
+VerifyCAFile=root.pem
+
+# Request certificate
+VerifyMode=Request
+ClientCAFile=root.pem
diff --git a/demos/bio/intca.pem b/demos/bio/intca.pem
new file mode 100644
index 0000000..3551ea9
--- /dev/null
+++ b/demos/bio/intca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
+W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
+IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
+GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
+ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
+ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
+VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
+VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
+audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
+j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
+CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
+gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
+RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
+thI=
+-----END CERTIFICATE-----
diff --git a/demos/bio/root.pem b/demos/bio/root.pem
new file mode 100644
index 0000000..3bd0e9b
--- /dev/null
+++ b/demos/bio/root.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs
+vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H
+q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG
+juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu
+R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r
+77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA
+AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA
+FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn
+wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI
+/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G
+Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN
+T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz
+9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y
+-----END CERTIFICATE-----
diff --git a/demos/bio/server.pem b/demos/bio/server.pem
index d0fc265..ef0d22a 100644
--- a/demos/bio/server.pem
+++ b/demos/bio/server.pem
@@ -1,10 +1,10 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+MIIDpTCCAo2gAwIBAgIJAK8ArbvjIOQlMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+ZWRpYXRlIENBMB4XDTE1MDcxNDEzMjIwNVoXDTI1MDUyMjEzMjIwNVowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
@@ -13,15 +13,14 @@ R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
-WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
-yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
-vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
-xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
-JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
+AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
+AQsFAAOCAQEAq8v8dvU3Xskb7q5LKbLXxTIF6owFs5uLk2k2msEAQzX7SrYFZwdE
+5e33S71rpDbXiJjyD4Yj0Av5yeRlW0YVFlBZAwgPn29CDCD6+DeQ7AwtXvJhcq9e
+llTLpB1EuXC5UCerQmq99wmfTrK0q4hgK7/5c7mcoD7V1iOEvxI2kmG6ukIupbKi
+P1TNVVET1kPhRG1dFP9rge7j2ssY3/H+j3jlAJnwQQoYg+YCZ6g0atjOrqvywAy3
+5E2d9LPF3TKw2mf4mAxjU6hPDOk0tiMS6g1xdHyeTftPXfN8Gli0T0LpNpy5a24B
+dLPqZEpj0kXT8gTYEROX7tq9gYwpe6FVKw==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index dbdacd1..16b368a 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -195,6 +195,12 @@ context. This option is only supported if certificate operations
are permitted. Note: if no B<PrivateKey> option is set then a private key is
not loaded unless the B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set.

+=item B<ChainCAFile>, B<ChainCAPath>, B<VerifyCAFile>, B<VerifyCAPath>
+
+These options indicate a file or directory used for building certificate
+chains or verifying certificate chains. These options are only supported
+if certificate operations are permitted.
+
=item B<ServerInfoFile>

Attempts to use the file B<value> in the "serverinfo" extension using the
@@ -306,6 +312,27 @@ B<UnsafeLegacyServerConnect> permits the use of unsafe legacy renegotiation
for OpenSSL clients only. Equivalent to B<SSL_OP_LEGACY_SERVER_CONNECT>.
Set by default.

+=item B<VerifyMode>
+
+The B<value> argument is a comma separated list of flags to set.
+
+B<Peer> enables peer verification: for clients only.
+
+B<Request> requests but does not require a certificate from the client.
+Servers only.
+
+B<Require> requests and requires a certificate from the client: an error
+occurs if the client does not present a certificate. Servers only.
+
+B<Once> requests a certificate from a client only on the initial connection:
+not when renegotiating. Servers only.
+
+=item B<ClientCAFile>, B<ClientCAPath>
+
+A file or directory of certificates in PEM format whose names are used as the
+set of acceptable names for client CAs. Servers only. This option is only
+supported if certificate operations are permitted.
+
=back

=head1 SUPPORTED COMMAND TYPES
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 819e730..4160566 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -86,8 +86,14 @@ typedef struct {

/* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */
#define SSL_TFLAG_INV 0x1
-/* Flags refers to cert_flags not options */
-#define SSL_TFLAG_CERT 0x2
+/* Mask for type of flag referred to */
+#define SSL_TFLAG_TYPE_MASK 0xf00
+/* Flag is for options */
+#define SSL_TFLAG_OPTION 0x000
+/* Flag is for cert_flags */
+#define SSL_TFLAG_CERT 0x100
+/* Flag is for verify mode */
+#define SSL_TFLAG_VFY 0x200
/* Option can only be used for clients */
#define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT
/* Option can only be used for servers */
@@ -107,6 +113,11 @@ typedef struct {
#define SSL_FLAG_TBL_CERT(str, flag) \
{str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag}

+#define SSL_FLAG_VFY_CLI(str, flag) \
+ {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_VFY_SRV(str, flag) \
+ {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag}
+
/*
* Opaque structure containing SSL configuration context.
*/
@@ -129,30 +140,46 @@ struct ssl_conf_ctx_st {

char *cert_filename[SSL_PKEY_NUM];
/* Pointer to SSL or SSL_CTX cert_flags or NULL if none */

uint32_t *pcert_flags;
+ /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */
+ uint32_t *pvfy_flags;

/* Current flag table being worked on */
const ssl_flag_tbl *tbl;
/* Size of table */

size_t ntbl;
+ /* Client CA names */
+ STACK_OF(X509_NAME) *canames;
};

static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
unsigned long option_value, int onoff)
{
+ unint32_t *pflags;
if (cctx->poptions == NULL)
return;
if (name_flags & SSL_TFLAG_INV)
onoff ^= 1;
- if (name_flags & SSL_TFLAG_CERT) {
- if (onoff)
- *cctx->pcert_flags |= option_value;
- else
- *cctx->pcert_flags &= ~option_value;
- } else {
- if (onoff)
- *cctx->poptions |= option_value;
- else
- *cctx->poptions &= ~option_value;
+ switch (name_flags & SSL_TFLAG_TYPE_MASK) {
+
+ case SSL_TFLAG_CERT:
+ pflags = cctx->pcert_flags;
+ break;
+
+ case SSL_TFLAG_VFY:
+ pflags = cctx->pvfy_flags;
+ break;
+
+ case SSL_TFLAG_OPTION:
+ pflags = cctx->poptions;
+ break;
+
+ default:
+ return;
+
}
+ if (onoff)
+ *pflags |= option_value;
+ else
+ *pflags &= ~option_value;
}

static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
@@ -335,6 +362,22 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
}

+static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value)
+{
+ static const ssl_flag_tbl ssl_vfy_list[] = {
+ SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER),
+ SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER),
+ SSL_FLAG_VFY_SRV("Require",
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+ SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE)
+ };
+ if (value == NULL)
+ return -3;
+ cctx->tbl = ssl_vfy_list;
+ cctx->ntbl = OSSL_NELEM(ssl_vfy_list);
+ return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
{
int rv = 1;
@@ -378,6 +421,64 @@ static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
return rv > 0;
}

+static int do_store(SSL_CONF_CTX *cctx,
+ const char *CAfile, const char *CApath, int verify_store)
+{
+ CERT *cert;
+ X509_STORE **st;
+ if (cctx->ctx)
+ cert = cctx->ctx->cert;
+ else if (cctx->ssl)
+ cert = cctx->ssl->cert;
+ else
+ return 1;
+ st = verify_store ? &cert->verify_store : &cert->chain_store;
+ if (*st == NULL) {
+ *st = X509_STORE_new();
+ if (*st == NULL)
+ return 0;
+ }
+ return X509_STORE_load_locations(*st, CAfile, CApath) > 0;
+}
+
+static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, NULL, value, 0);
+}
+
+static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, value, NULL, 0);
+}
+
+static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, NULL, value, 1);
+}
+
+static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+ return do_store(cctx, value, NULL, 1);
+}
+
+static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+ if (cctx->canames == NULL)
+ cctx->canames = sk_X509_NAME_new_null();
+ if (cctx->canames == NULL)
+ return 0;
+ return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+ if (cctx->canames == NULL)
+ cctx->canames = sk_X509_NAME_new_null();
+ if (cctx->canames == NULL)
+ return 0;
+ return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
+}
+
#ifndef OPENSSL_NO_DH
static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
{
@@ -452,6 +553,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
SSL_CONF_CMD_STRING(Protocol, NULL, 0),
SSL_CONF_CMD_STRING(Options, NULL, 0),
+ SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
@@ -459,6 +561,20 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD(ServerInfoFile, NULL,
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+ SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
+ SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ClientCAFile, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_FILE),
+ SSL_CONF_CMD(ClientCAPath, NULL,
+ SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+ SSL_CONF_TYPE_DIR),
#ifndef OPENSSL_NO_DH
SSL_CONF_CMD(DHParameters, "dhparam",
SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
@@ -666,10 +782,12 @@ SSL_CONF_CTX *SSL_CONF_CTX_new(void)
ret->ctx = NULL;
ret->poptions = NULL;
ret->pcert_flags = NULL;
+ ret->pvfy_flags = NULL;
ret->tbl = NULL;
ret->ntbl = 0;
for (i = 0; i < SSL_PKEY_NUM; i++)
ret->cert_filename[i] = NULL;
+ ret->canames = NULL;
}
return ret;
}
@@ -695,6 +813,15 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
}
}
}
+ if (cctx->canames) {
+ if (cctx->ssl)
+ SSL_set_client_CA_list(cctx->ssl, cctx->canames);
+ else if (cctx->ctx)
+ SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames);
+ else
+ sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+ cctx->canames = NULL;
+ }
return 1;
}

@@ -706,6 +833,7 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)
OPENSSL_free(cctx->cert_filename[i]);
OPENSSL_free(cctx->prefix);
OPENSSL_free(cctx);
+ sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
}
}

@@ -745,9 +873,11 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
if (ssl) {
cctx->poptions = &ssl->options;
cctx->pcert_flags = &ssl->cert->cert_flags;
+ cctx->pvfy_flags = &ssl->verify_mode;
} else {
cctx->poptions = NULL;
cctx->pcert_flags = NULL;
+ cctx->pvfy_flags = NULL;
}
}

@@ -758,8 +888,10 @@ void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx)
if (ctx) {
cctx->poptions = &ctx->options;
cctx->pcert_flags = &ctx->cert->cert_flags;
+ cctx->pvfy_flags = &ctx->verify_mode;
} else {
cctx->poptions = NULL;
cctx->pcert_flags = NULL;
+ cctx->pvfy_flags = NULL;

[Dr. Stephen Henson]

The branch master has been updated

via 4445704f912495227e9e99835e94219d7e79684c (commit)
via 4fdf17a0ec8abe758723b9ff4dac85b8134e9ebf (commit)
from 3d9ebc373f6c95df1d4b079d73f3ab0194c57621 (commit)


- Log -----------------------------------------------------------------
commit 4445704f912495227e9e99835e94219d7e79684c

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jul 21 14:27:10 2015 +0100

free names before context

Reviewed-by: Kurt Roeckx <ku...@openssl.org>

commit 4fdf17a0ec8abe758723b9ff4dac85b8134e9ebf

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jul 21 14:16:09 2015 +0100

typo

Reviewed-by: Kurt Roeckx <ku...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_conf.c | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 4160566..5c320cb 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -153,7 +153,7 @@ struct ssl_conf_ctx_st {

static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
unsigned long option_value, int onoff)
{

- unint32_t *pflags;
+ uint32_t *pflags;

if (cctx->poptions == NULL)
return;
if (name_flags & SSL_TFLAG_INV)

@@ -832,8 +832,8 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)

for (i = 0; i < SSL_PKEY_NUM; i++)

OPENSSL_free(cctx->cert_filename[i]);
OPENSSL_free(cctx->prefix);

- OPENSSL_free(cctx);
sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+ OPENSSL_free(cctx);

[Steve Marquess]

The branch master has been updated

via ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6 (commit)
from 10c638d6934c96d52236740fb4f0be12f9a68482 (commit)


- Log -----------------------------------------------------------------
commit ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6
Author: Steve Marquess <marq...@openssl.com>
Date: Wed Jul 22 08:55:17 2015 -0400

Update references to private label validations

-----------------------------------------------------------------------

Summary of changes:
docs/fips/fipsnotes.wml | 26 +++++++++-----------------
docs/fips/privatelabel.wml | 13 ++++++++-----
2 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/docs/fips/fipsnotes.wml b/docs/fips/fipsnotes.wml
index 21df9c8..5ce62c8 100644
--- a/docs/fips/fipsnotes.wml
+++ b/docs/fips/fipsnotes.wml
@@ -53,22 +53,16 @@ The OSF would really prefer to work on open source based validations of benefit
to the OpenSSL user community at large, but financial support for that objective
is intermittent at best. On the other hand many vendors are interested in private label
validations and the OSF will assist in such efforts on a paid basis. We've done enough
-of these to be very cost competitive, and for uncomplicated validations we will work
-on a fixed price basis. A routine private label validation on a single commodity
-platform can cost as little as
-<a href="privatelabel.html">US$35,000</a>.
-Contact the <a href="../../support/funding/support-contact.html">OSF</a> for more information.
+of these to be very cost competitive, and for uncomplicated validations we typically work
+on a fixed price basis.
+
<p>
-<font color="#cc3333">Update:</font> In collaboration with an accredited CMVP testing laboratory we were through
-December 2012 offering a
-cost effective turnkey <a href="privatelabel.html">validation package</a> for routine private label validations.
-However, due to some changes in
-<a href="http://www.opensslfoundation.com/fips/ig95.html">CMVP requirements</a>
-introduced in 2013 the current OpenSSL FIPS Object Module
-code base can no longer be readily be validated. We are still adding new
+<font color="#cc3333">Update:</font> As of 2015 we are no longer performing
+<a href="privatelabel.html">private label</a> validations.
+We are still adding new
platforms to the
<a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>
-validation.
+or related validations.

<h2>Current Validations</h2>

@@ -84,10 +78,8 @@ And did we mention the <a href="UserGuide.pdf">User Guide</a>?
<a name="transition">
<font color="#cc3333">Important Note:</font>
</a>
-Due to changes in the FIPS 140-2 validation requirements the current v1.2 Module is
-no longer be a suitable model for private label validations in its current form past the year 2010. See the NIST <a href="http://csrc.nist.gov/groups/STM/cmvp/notices.html">Notices</a>,
-<a href="http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf">discussion paper</a> and
-<a href="http://csrc.nist.gov/publications/drafts/800-131/draft-sp800-131_spd-june2010.pdf">SP 800-131</a>.
+Due to changes in the FIPS 140-2 validation requirements the current v2.0 Module is
+no longer a suitable model for private label validations in its current form past the year 2014.
<p>

<h2>Upcoming Validations</h2>
diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml
index 9d8a9b9..fa32d81 100644
--- a/docs/fips/privatelabel.wml
+++ b/docs/fips/privatelabel.wml
@@ -8,11 +8,14 @@
If you haven't already, please read our <a href="fipsnotes.html">FIPS 140-2 Notes</a> page.

<p>
-<font color="#cc3333">IMPORTANT NOTE:&nbsp;</font>The recent addition of
-<a href="http://opensslfoundation.com/fips/ig95.html">new formal requirements</a> has potentially
-complicated new private label validations, but as of August 2013 it appears such validations
-are again feasible. We'll be more certain of this once we've actually obtained a validation under
-the new rules.
+<font color="#cc3333">IMPORTANT NOTE:&nbsp;</font>The addition of
+multiple new formal requirements since the #1747 validation was first approved in 2012, and
+recent unfavorable experiences with increasingly unpredictable outcomes from the validation process, have increased
+to the point where private label validations are no longer economically feasible for a small
+organization of limited means; the risk doesn't justify the substantial investment of time and money required
+to pursue new validations. As of 2015 we are no longer performing any private label validations.
+<p>
+The rest of this page is of historical interest only.

<h2>What It Is</h2>

[Steve Marquess]

The branch master has been updated

via 4d8018b9656624bd4afdb7afa0db6ff1ed62fcca (commit)
from ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6 (commit)


- Log -----------------------------------------------------------------
commit 4d8018b9656624bd4afdb7afa0db6ff1ed62fcca
Author: Steve Marquess <marq...@openssl.com>
Date: Wed Jul 22 10:56:14 2015 -0400

Note change letter updates are still possible.

-----------------------------------------------------------------------

Summary of changes:
docs/fips/privatelabel.wml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml
index fa32d81..81d2e0c 100644
--- a/docs/fips/privatelabel.wml
+++ b/docs/fips/privatelabel.wml
@@ -13,7 +13,9 @@ multiple new formal requirements since the #1747 validation was first approved i

recent unfavorable experiences with increasingly unpredictable outcomes from the validation process, have increased

to the point where private label validations are no longer economically feasible for a small

organization of limited means; the risk doesn't justify the substantial investment of time and money required

-to pursue new validations. As of 2015 we are no longer performing any private label validations.
+to pursue new validations. As of 2015 we are no longer performing any private label validations. The addition of
+new platforms to the existing #1747 or <a href="http://openssl.com/fips/ransom.html">comparable</a> validations
+is still possible and those validation actions are still being performed.
<p>

The rest of this page is of historical interest only.

[Rich Salz]

The branch master has been updated

via 9f040d6decca7930e978784c917f731e5c45e8f0 (commit)
from 4445704f912495227e9e99835e94219d7e79684c (commit)


- Log -----------------------------------------------------------------
commit 9f040d6decca7930e978784c917f731e5c45e8f0
Author: Rich Salz <rs...@akamai.com>
Date: Wed Jul 22 06:44:50 2015 -0400

Some cleanups for crypto/bn

Create bn_free_d utility routine and use it.
Fix RT3950
Also a missing cleanse, from Loganaden Velvindron (loga...@gmail.com),
who noticed it in a Cloudflare patch.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/bn/bn_add.c | 3 ++-
crypto/bn/bn_lib.c | 32 +++++++++++++++-----------------
crypto/bn/bn_mont.c | 4 +++-
3 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index a446686..0bfc3cc 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -222,7 +222,8 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
break;
}
}
- memcpy(rp, ap, sizeof(*rp) * dif);
+ if (dif)
+ memcpy(rp, ap, sizeof(*rp) * dif);

r->top = max;
r->neg = 0;
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index b5f827a..f10f44a 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -223,6 +223,15 @@ int BN_num_bits(const BIGNUM *a)
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
}

+static void bn_free_d(BIGNUM *a)
+{
+ if (BN_get_flags(a,BN_FLG_SECURE))
+ OPENSSL_secure_free(a->d);
+ else
+ OPENSSL_free(a->d);
+}
+
+
void BN_clear_free(BIGNUM *a)
{
int i;
@@ -232,15 +241,11 @@ void BN_clear_free(BIGNUM *a)
bn_check_top(a);
if (a->d != NULL) {
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
- if (BN_get_flags(a,BN_FLG_SECURE))
- OPENSSL_secure_free(a->d);
- else
- OPENSSL_free(a->d);
- }
+ if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+ bn_free_d(a);
}
i = BN_get_flags(a, BN_FLG_MALLOCED);
- OPENSSL_cleanse(a, sizeof(BIGNUM));
+ OPENSSL_cleanse(a, sizeof(*a));
if (i)
OPENSSL_free(a);
}
@@ -251,12 +256,7 @@ void BN_free(BIGNUM *a)
return;
bn_check_top(a);
if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
- if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
- if (BN_get_flags(a, BN_FLG_SECURE))
- OPENSSL_secure_free(a->d);
- else
- OPENSSL_free(a->d);
- }
+ bn_free_d(a);
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
else {
@@ -399,10 +399,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
if (!a)
return NULL;
if (b->d) {
- if (BN_get_flags(b,BN_FLG_SECURE))
- OPENSSL_secure_free(b->d);
- else
- OPENSSL_free(b->d);
+ OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+ bn_free_d(b);
}
b->d = a;
b->dmax = words;
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index c869101..e3955fe 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -196,7 +196,9 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
rp = r->d;

/* clear the top words of T */
- memset(&rp[r->top], 0, sizeof(*rp) * (max - r->top));
+ i = max - r->top;
+ if (i)
+ memset(&rp[r->top], 0, sizeof(*rp) * i);

r->top = max;
n0 = mont->n0[0];

[Dr. Stephen Henson]

The branch master has been updated

via 8a00dbd83e24b00f24429ae57f56102916c8704f (commit)
from 9f040d6decca7930e978784c917f731e5c45e8f0 (commit)


- Log -----------------------------------------------------------------
commit 8a00dbd83e24b00f24429ae57f56102916c8704f

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Jul 22 16:11:55 2015 +0100

Document shared sigalgs functions.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/ssl/SSL_get_shared_sigalgs.pod | 77 ++++++++++++++++++++++++++++++++++++++
1 file changed, 77 insertions(+)
create mode 100644 doc/ssl/SSL_get_shared_sigalgs.pod

diff --git a/doc/ssl/SSL_get_shared_sigalgs.pod b/doc/ssl/SSL_get_shared_sigalgs.pod
new file mode 100644
index 0000000..16f7d48
--- /dev/null
+++ b/doc/ssl/SSL_get_shared_sigalgs.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_shared_sigalgs(SSL *s, int idx,
+ int *psign, int *phash, int *psignhash,
+ unsigned char *rsig, unsigned char *rhash);
+
+ int SSL_get_sigalgs(SSL *s, int idx,
+ int *psign, int *phash, int *psignhash,
+ unsigned char *rsig, unsigned char *rhash);
+
+=head1 DESCRIPTION
+
+SSL_get_shared_sigalgs() returns information about the shared signature
+algorithms supported by peer B<s>. The parameter B<idx> indicates the index
+of the shared signature algorithm to return starting from zero. The signature
+algorithm NID is written to B<*psign>, the hash NID to B<*phash> and the
+sign and hash NID to B<*psignhash>. The raw signature and hash values
+are written to B<*rsig> and B<*rhash>.
+
+SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns
+information about all signature algorithms supported by B<s> in the order
+they were sent by the peer.
+
+=head1 RETURN VALUES
+
+SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of
+signature algorithms or B<0> if the B<idx> parameter is out of range.
+
+=head1 NOTES
+
+These functions are typically called for debugging purposes (to report
+the peer's preferences) or where an application wants finer control over
+certificate selection. Most applications will rely on internal handling
+and will not need to call them.
+
+If an application is only interested in the highest preference shared
+signature algorithm it can just set B<idx> to zero.
+
+Any or all of the parameters B<psign>, B<phash>, B<psignhash>, B<rsig> or
+B<rhash> can be set to B<NULL> if the value is not required. By setting
+them all to B<NULL> and setting B<idx> to zero the total number of
+signature algorithms can be determined: which can be zero.
+
+These functions must be called after the peer has sent a list of supported
+signature algorithms: after a client hello (for servers) or a certificate
+request (for clients). They can (for example) be called in the certificate
+callback.
+
+Only TLS 1.2 and DTLS 1.2 currently support signature algorithms. If these
+functions are called on an earlier version of TLS or DTLS zero is returned.
+
+The shared signature algorithms returned by SSL_get_shared_sigalgs() are
+ordered according to configuration and peer preferences.
+
+The raw values correspond to the on the wire form as defined by RFC5246 et al.
+The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and
+rsa(1) then B<*rhash> would be 4, B<*rsign> 1, B<*phash> NID_sha256, B<*psig>
+NID_rsaEncryption and B<*psighash> NID_sha256WithRSAEncryption.
+
+If a signature algorithm is not recognised the corresponsing NIDs
+will be set to B<NID_undef>. This may be because the value is not supported
+or is not an appropriate combination (for example MD5 and DSA).
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_cert_cb(3)|SSL_CTX_set_cert_cb(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut

[Emilia Kasper]

The branch master has been updated

via f4ee22be03bb8318b1e0f00e116be231ba12fdef (commit)
from 8a00dbd83e24b00f24429ae57f56102916c8704f (commit)


- Log -----------------------------------------------------------------
commit f4ee22be03bb8318b1e0f00e116be231ba12fdef
Author: Emilia Kasper <emi...@openssl.org>
Date: Thu Jul 23 13:20:21 2015 +0200

rsaz_exp.h: align license with the rest of the contribution

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/bn/rsaz_exp.h | 68 ++++++++++++++++++++++++++++++----------------------
1 file changed, 40 insertions(+), 28 deletions(-)

diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
index 33361de..229e181 100644
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -1,32 +1,44 @@
-/******************************************************************************
-* Copyright(c) 2012, Intel Corp.
-* Developers and authors:
-* Shay Gueron (1, 2), and Vlad Krasnov (1)
-* (1) Intel Corporation, Israel Development Center, Haifa, Israel
-* (2) University of Haifa, Israel
+/*****************************************************************************
+* *
+* Copyright (c) 2012, Intel Corporation *
+* *
+* All rights reserved. *
+* *
+* Redistribution and use in source and binary forms, with or without *
+* modification, are permitted provided that the following conditions are *
+* met: *
+* *
+* * Redistributions of source code must retain the above copyright *
+* notice, this list of conditions and the following disclaimer. *
+* *
+* * Redistributions in binary form must reproduce the above copyright *
+* notice, this list of conditions and the following disclaimer in the *
+* documentation and/or other materials provided with the *
+* distribution. *
+* *
+* * Neither the name of the Intel Corporation nor the names of its *
+* contributors may be used to endorse or promote products derived from *
+* this software without specific prior written permission. *
+* *
+* *
+* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY *
+* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR *
+* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR *
+* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, *
+* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, *
+* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR *
+* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF *
+* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
+* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS *
+* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
+* *
******************************************************************************
-* LICENSE:
-* This submission to OpenSSL is to be made available under the OpenSSL
-* license, and only to the OpenSSL project, in order to allow integration
-* into the publicly distributed code.
-* The use of this code, or portions of this code, or concepts embedded in
-* this code, or modification of this code and/or algorithm(s) in it, or the
-* use of this code for any other purpose than stated above, requires special
-* licensing.
-******************************************************************************
-* DISCLAIMER:
-* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AND THE COPYRIGHT OWNERS
-* ``AS IS''. ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS OR THE COPYRIGHT
-* OWNERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-* POSSIBILITY OF SUCH DAMAGE.
-******************************************************************************/
+* Developers and authors: *
+* Shay Gueron (1, 2), and Vlad Krasnov (1) *
+* (1) Intel Corporation, Israel Development Center, Haifa, Israel *
+* (2) University of Haifa, Israel *
+*****************************************************************************/

#ifndef RSAZ_EXP_H
# define RSAZ_EXP_H

[Steve Marquess]

The branch master has been updated

via 67bec773be58e202d6e725174526cb7aa03f5e01 (commit)
from 4d8018b9656624bd4afdb7afa0db6ff1ed62fcca (commit)


- Log -----------------------------------------------------------------
commit 67bec773be58e202d6e725174526cb7aa03f5e01
Author: Steve Marquess <marq...@openssl.com>
Date: Fri Jul 24 12:24:49 2015 -0400

Fix typos

-----------------------------------------------------------------------

Summary of changes:
about/binaries.wml | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/about/binaries.wml b/about/binaries.wml
index 0f55b0f..21b745f 100644
--- a/about/binaries.wml
+++ b/about/binaries.wml
@@ -7,7 +7,7 @@

<p>Some people have offered to provide OpenSSL binary distributions for
selected operating systems. The condition to get a link here is that the
-link is stable and can provide continues support for OpenSSL for a while.</p>
+link is stable and can provide continued support for OpenSSL for a while.</p>

<p>Note: many Linux distributions come with pre-compiled OpenSSL packages.
Those are already well-known among the users of said distributions, and
@@ -25,7 +25,7 @@ packages.</p>
<ul>
<item name="OpenSSL for Windows"
info="Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio
-Runtime DLLs, expect for the system provided msvcrt.dll"
+Runtime DLLs, except for the system provided msvcrt.dll"
url="http://indy.fulgan.com/SSL/">
</ul>

[Kurt Roeckx]

The branch master has been updated

via c21a779e67328ae7b1e5037631f82bb91a532887 (commit)
from 67bec773be58e202d6e725174526cb7aa03f5e01 (commit)


- Log -----------------------------------------------------------------
commit c21a779e67328ae7b1e5037631f82bb91a532887
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Fri Jul 24 19:56:34 2015 +0200

Fix CVE-2014-3569 affected versions (again)

-----------------------------------------------------------------------

Summary of changes:
news/vulnerabilities.xml | 52 ------------------------------------------------
1 file changed, 52 deletions(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 49d0038..9a41b1e 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -1163,60 +1163,8 @@ the certificate key is invalid. This function is rarely used in practice.

<issue public="20141021">
<cve name="2014-3569"/>
- <affects base="0.9.8" version="0.9.8"/>
- <affects base="0.9.8" version="0.9.8a"/>
- <affects base="0.9.8" version="0.9.8b"/>
- <affects base="0.9.8" version="0.9.8c"/>
- <affects base="0.9.8" version="0.9.8d"/>
- <affects base="0.9.8" version="0.9.8e"/>
- <affects base="0.9.8" version="0.9.8f"/>
- <affects base="0.9.8" version="0.9.8g"/>
- <affects base="0.9.8" version="0.9.8h"/>
- <affects base="0.9.8" version="0.9.8i"/>
- <affects base="0.9.8" version="0.9.8j"/>
- <affects base="0.9.8" version="0.9.8k"/>
- <affects base="0.9.8" version="0.9.8l"/>
- <affects base="0.9.8" version="0.9.8m"/>
- <affects base="0.9.8" version="0.9.8n"/>
- <affects base="0.9.8" version="0.9.8o"/>
- <affects base="0.9.8" version="0.9.8p"/>
- <affects base="0.9.8" version="0.9.8q"/>
- <affects base="0.9.8" version="0.9.8r"/>
- <affects base="0.9.8" version="0.9.8s"/>
- <affects base="0.9.8" version="0.9.8t"/>
- <affects base="0.9.8" version="0.9.8u"/>
- <affects base="0.9.8" version="0.9.8v"/>
- <affects base="0.9.8" version="0.9.8w"/>
- <affects base="0.9.8" version="0.9.8x"/>
- <affects base="0.9.8" version="0.9.8y"/>
- <affects base="0.9.8" version="0.9.8za"/>
- <affects base="0.9.8" version="0.9.8zb"/>
<affects base="0.9.8" version="0.9.8zc"/>
- <affects base="1.0.0" version="1.0.0"/>
- <affects base="1.0.0" version="1.0.0a"/>
- <affects base="1.0.0" version="1.0.0b"/>
- <affects base="1.0.0" version="1.0.0c"/>
- <affects base="1.0.0" version="1.0.0d"/>
- <affects base="1.0.0" version="1.0.0e"/>
- <affects base="1.0.0" version="1.0.0f"/>
- <affects base="1.0.0" version="1.0.0g"/>
- <affects base="1.0.0" version="1.0.0i"/>
- <affects base="1.0.0" version="1.0.0j"/>
- <affects base="1.0.0" version="1.0.0k"/>
- <affects base="1.0.0" version="1.0.0l"/>
- <affects base="1.0.0" version="1.0.0m"/>
- <affects base="1.0.0" version="1.0.0n"/>
<affects base="1.0.0" version="1.0.0o"/>
- <affects base="1.0.1" version="1.0.1"/>
- <affects base="1.0.1" version="1.0.1a"/>
- <affects base="1.0.1" version="1.0.1b"/>
- <affects base="1.0.1" version="1.0.1c"/>
- <affects base="1.0.1" version="1.0.1d"/>
- <affects base="1.0.1" version="1.0.1e"/>
- <affects base="1.0.1" version="1.0.1f"/>
- <affects base="1.0.1" version="1.0.1g"/>
- <affects base="1.0.1" version="1.0.1h"/>
- <affects base="1.0.1" version="1.0.1i"/>
<affects base="1.0.1" version="1.0.1j"/>
<fixed base="1.0.1" version="1.0.1k" date="20150108"/>
<fixed base="1.0.0" version="1.0.0p" date="20150108"/>

[Matt Caswell]

The branch master has been updated

via 57787ac81444938a876f185cdd73875c8f53e208 (commit)
from f4ee22be03bb8318b1e0f00e116be231ba12fdef (commit)


- Log -----------------------------------------------------------------
commit 57787ac81444938a876f185cdd73875c8f53e208
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jul 21 00:02:39 2015 +0100

Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED

This flag was not set anywhere within the codebase (only read). It could
only be set by an app reaching directly into s->s3->flags and setting it
directly. However that method became impossible when libssl was opaquified.

Even in 1.0.2/1.0.1 if an app set the flag directly it is only relevant to
ssl3_connect(), which calls SSL_clear() during initialisation that clears
any flag settings. Therefore it could take effect if the app set the flag
after the handshake has started but before it completed. It seems quite
unlikely that any apps really do this (especially as it is completely
undocumented).

The purpose of the flag is suppress flushing of the write bio on the client
side at the end of the handshake after the client has written the Finished
message whilst resuming a session. This enables the client to send
application data as part of the same flight as the Finished message.

This flag also controls the setting of a second flag SSL3_FLAGS_POP_BUFFER.
There is an interesting comment in the code about this second flag in the
implementation of ssl3_write:

/* This is an experimental flag that sends the
* last handshake message in the same packet as the first
* use data - used to see if it helps the TCP protocol during
* session-id reuse */

It seems the experiment did not work because as far as I can tell nothing
is using this code. The above comment has been in the code since SSLeay.

This commit removes support for SSL3_FLAGS_DELAY_CLIENT_FINISHED, as well
as the associated SSL3_FLAGS_POP_BUFFER.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 6 ++++++
include/openssl/ssl3.h | 4 ++--
ssl/d1_clnt.c | 22 ++--------------------
ssl/s3_clnt.c | 16 ++--------------
ssl/s3_lib.c | 44 +-------------------------------------------
ssl/ssl_locl.h | 1 -
6 files changed, 13 insertions(+), 80 deletions(-)

diff --git a/CHANGES b/CHANGES
index a06b1e4..1526aec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,12 @@
_______________

Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay
+ era flag was never set throughout the codebase (only read). Also removed
+ SSL3_FLAGS_POP_BUFFER which was only used if
+ SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set.
+ [Matt Caswell]
+
*) Changed the default name options in the "ca", "crl", "req" and "x509"
to be "oneline" instead of "compat".
[Richard Levitte]
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index d56105e..43df925 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -360,10 +360,10 @@ extern "C" {
# define SSL3_CT_NUMBER 9

# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
-# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
-# define SSL3_FLAGS_POP_BUFFER 0x0004
+
/* Removed from OpenSSL 1.1.0 */
# define TLS1_FLAGS_TLS_PADDING_BUG 0x0
+
# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
/*
* Set when the handshake is ready to process peer's ChangeCipherSpec message.
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 8940abc..fde0def 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -604,8 +604,6 @@ int dtls1_connect(SSL *s)
goto end;
s->state = SSL3_ST_CW_FLUSH;

- /* clear flags */
- s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
if (s->hit) {
s->s3->tmp.next_state = SSL_ST_OK;
#ifndef OPENSSL_NO_SCTP
@@ -614,17 +612,6 @@ int dtls1_connect(SSL *s)
s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
}
#endif
- if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
- s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- s->d1->next_state = SSL_ST_OK;
- s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
- }
-#endif
- s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
- s->s3->delay_buf_pop_ret = 0;
- }
} else {
#ifndef OPENSSL_NO_SCTP
/*
@@ -711,13 +698,8 @@ int dtls1_connect(SSL *s)
/* clean a few things up */
ssl3_cleanup_key_block(s);

- /*
- * If we are not 'joining' the last two packets, remove the
- * buffering now
- */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
+ /* Remove the buffering */
+ ssl_free_wbio_buffer(s);

s->init_num = 0;
s->renegotiate = 0;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1a925a7..04af851 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -518,15 +518,8 @@ int ssl3_connect(SSL *s)
goto end;
s->state = SSL3_ST_CW_FLUSH;

- /* clear flags */
- s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
if (s->hit) {
s->s3->tmp.next_state = SSL_ST_OK;
- if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
- s->state = SSL_ST_OK;
- s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
- s->s3->delay_buf_pop_ret = 0;
- }
} else {
/*
* Allow NewSessionTicket if ticket expected
@@ -589,13 +582,8 @@ int ssl3_connect(SSL *s)
BUF_MEM_free(s->init_buf);
s->init_buf = NULL;

- /*
- * If we are not 'joining' the last two packets, remove the
- * buffering now
- */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
+ /* remove the buffering */
+ ssl_free_wbio_buffer(s);

s->init_num = 0;
s->renegotiate = 0;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 54c902d..8b7c52a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4131,54 +4131,12 @@ int ssl3_shutdown(SSL *s)

int ssl3_write(SSL *s, const void *buf, int len)
{
- int ret, n;
-
-#if 0
- if (s->shutdown & SSL_SEND_SHUTDOWN) {
- s->rwstate = SSL_NOTHING;
- return (0);
- }
-#endif
clear_sys_error();
if (s->s3->renegotiate)
ssl3_renegotiate_check(s);

- /*
- * This is an experimental flag that sends the last handshake message in
- * the same packet as the first use data - used to see if it helps the
- * TCP protocol during session-id reuse
- */
- /* The second test is because the buffer may have been removed */
- if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
- /* First time through, we write into the buffer */
- if (s->s3->delay_buf_pop_ret == 0) {
- ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
- if (ret <= 0)
- return (ret);
-
- s->s3->delay_buf_pop_ret = ret;
- }
-
- s->rwstate = SSL_WRITING;
- n = BIO_flush(s->wbio);
- if (n <= 0)
- return (n);
- s->rwstate = SSL_NOTHING;
-
- /* We have flushed the buffer, so remove it */
- ssl_free_wbio_buffer(s);
- s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-
- ret = s->s3->delay_buf_pop_ret;
- s->s3->delay_buf_pop_ret = 0;
- } else {
- ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
+ return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
buf, len);
- if (ret <= 0)

- return (ret);
- }
-

- return (ret);
}

static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 2672918..1cdcb8b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1184,7 +1184,6 @@ struct ssl_st {

typedef struct ssl3_state_st {
long flags;
- int delay_buf_pop_ret;
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
int write_mac_secret_size;

[Matt Caswell]

The branch master has been updated

via 3b848c642cdbca17c686c95b8fd655e5b1f5df2a (commit)
from 57787ac81444938a876f185cdd73875c8f53e208 (commit)


- Log -----------------------------------------------------------------
commit 3b848c642cdbca17c686c95b8fd655e5b1f5df2a
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jul 27 12:04:47 2015 +0100

Add test for SSL_set_session_ticket_ext

The function SSL_set_session_ticket_ext sets the ticket data to be sent in
the ClientHello. This is useful for EAP-FAST. This commit adds a test to
ensure that when this function is called the expected ticket data actually
appears in the ClientHello.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

test/Makefile | 35 +++++++-
test/clienthellotest.c | 218 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 249 insertions(+), 4 deletions(-)
create mode 100644 test/clienthellotest.c

diff --git a/test/Makefile b/test/Makefile
index d9aa750..2e699dc 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -69,6 +69,7 @@ V3NAMETEST= v3nametest
HEARTBEATTEST= heartbeat_test
CONSTTIMETEST= constant_time_test
VERIFYEXTRATEST= verify_extra_test
+CLIENTHELLOTEST= clienthellotest

TESTS= alltests

@@ -85,7 +86,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
$(JPAKETEST)$(EXE_EXT) $(SECMEMTEST)$(EXE_EXT) \
$(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \
$(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \
- $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT)
+ $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
+ $(CLIENTHELLOTEST)$(EXE_EXT)

# $(METHTEST)$(EXE_EXT)

@@ -99,7 +101,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \
$(GOST2814789TEST).o $(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \
- $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o testutil.o
+ $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o testutil.o

SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -110,7 +112,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \
$(GOST2814789TEST).c $(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \
- $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c testutil.c
+ $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c $(CLIENTHELLOTEST).c testutil.c

HEADER= testutil.h

@@ -151,7 +153,7 @@ alltests: \
test_ige test_jpake test_secmem \
test_srp test_cms test_v3name test_ocsp \
test_gost2814789 test_heartbeat test_p5_crpt2 \
- test_constant_time test_verify_extra
+ test_constant_time test_verify_extra test_clienthello

test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
@echo $(START) $@
@@ -404,6 +406,10 @@ test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)

+test_clienthello: $(CLIENTHELLOTEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(CLIENTHELLOTEST)
+
update: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

@@ -594,6 +600,9 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
@target=$(VERIFYEXTRATEST) $(BUILD_CMD)

+$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+ @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c

@@ -627,6 +636,24 @@ bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
bntest.o: ../include/openssl/x509_vfy.h bntest.c
casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
casttest.o: ../include/openssl/opensslconf.h casttest.c
+clienthellotest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+clienthellotest.o: ../include/openssl/err.h ../include/openssl/evp.h
+clienthellotest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+clienthellotest.o: ../include/openssl/opensslconf.h
+clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+clienthellotest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+clienthellotest.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+clienthellotest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+clienthellotest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+clienthellotest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+clienthellotest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+clienthellotest.o: clienthellotest.c
constant_time_test.o: ../e_os.h ../include/internal/constant_time_locl.h
constant_time_test.o: ../include/openssl/e_os2.h
constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c
diff --git a/test/clienthellotest.c b/test/clienthellotest.c
new file mode 100644
index 0000000..acc56f8
--- /dev/null
+++ b/test/clienthellotest.c
@@ -0,0 +1,218 @@
+/* Written by Matt Caswell for the OpenSSL Project */
+/* ====================================================================
+ * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openss...@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (e...@cryptsoft.com). This product includes software written by Tim
+ * Hudson (t...@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+#define CLIENT_VERSION_LEN 2
+#define SESSION_ID_LEN_LEN 1
+#define CIPHERS_LEN_LEN 2
+#define COMPRESSION_LEN_LEN 1
+#define EXTENSIONS_LEN_LEN 2
+#define EXTENSION_TYPE_LEN 2
+#define EXTENSION_SIZE_LEN 2
+
+
+#define TOTAL_NUM_TESTS 2
+
+/*
+ * Test that explicitly setting ticket data results in it appearing in the
+ * ClientHello for TLS1.2
+ */
+#define TEST_SET_SESSION_TICK_DATA_TLS_1_2 0
+
+/*
+ * Test that explicitly setting ticket data results in it appearing in the
+ * ClientHello for a negotiated SSL/TLS version
+ */
+#define TEST_SET_SESSION_TICK_DATA_VER_NEG 1
+
+int main(int argc, char *argv[])
+{
+ SSL_CTX *ctx;
+ SSL *con;
+ BIO *rbio;
+ BIO *wbio;
+ BIO *err;
+ long len;
+ unsigned char *data;
+ unsigned char *dataend;
+ char *dummytick = "Hello World!";
+ unsigned int tmplen;
+ unsigned int type;
+ unsigned int size;
+ int testresult = 0;
+ int currtest = 0;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ /*
+ * For each test set up an SSL_CTX and SSL and see what ClientHello gets
+ * produced when we try to connect
+ */
+ for (; currtest < TOTAL_NUM_TESTS; currtest++) {
+ testresult = 0;
+ if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) {
+ ctx = SSL_CTX_new(TLSv1_2_method());
+ } else {
+ ctx = SSL_CTX_new(TLS_method());
+ }
+ con = SSL_new(ctx);
+
+ rbio = BIO_new(BIO_s_mem());
+ wbio = BIO_new(BIO_s_mem());
+ SSL_set_bio(con, rbio, wbio);
+ SSL_set_connect_state(con);
+
+ if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2
+ || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+ if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick)))
+ goto end;
+ }
+
+ if (SSL_connect(con) > 0) {
+ /* This shouldn't succeed because we don't have a server! */
+ goto end;
+ }
+
+ len = BIO_get_mem_data(wbio, (char **)&data);
+ dataend = data + len;
+
+ /* Skip the record header */
+ data += SSL3_RT_HEADER_LENGTH;
+ /* Skip the handshake message header */
+ data += SSL3_HM_HEADER_LENGTH;
+ /* Skip client version and random */
+ data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE;
+ if (data + SESSION_ID_LEN_LEN > dataend)
+ goto end;
+ /* Skip session id */
+ tmplen = *data;
+ data += SESSION_ID_LEN_LEN + tmplen;
+ if (data + CIPHERS_LEN_LEN > dataend)
+ goto end;
+ /* Skip ciphers */
+ tmplen = ((*data) << 8) | *(data + 1);
+ data += CIPHERS_LEN_LEN + tmplen;
+ if (data + COMPRESSION_LEN_LEN > dataend)
+ goto end;
+ /* Skip compression */
+ tmplen = *data;
+ data += COMPRESSION_LEN_LEN + tmplen;
+ if (data + EXTENSIONS_LEN_LEN > dataend)
+ goto end;
+ /* Extensions len */
+ tmplen = ((*data) << 8) | *(data + 1);
+ data += EXTENSIONS_LEN_LEN;
+ if (data + tmplen > dataend)
+ goto end;
+
+ /* Loop through all extensions */
+ while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) {
+ type = ((*data) << 8) | *(data + 1);
+ data += EXTENSION_TYPE_LEN;
+ size = ((*data) << 8) | *(data + 1);
+ data += EXTENSION_SIZE_LEN;
+ if (data + size > dataend)
+ goto end;
+
+ if (type == TLSEXT_TYPE_session_ticket) {
+ if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2
+ || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+ if (size == strlen(dummytick)
+ && memcmp(data, dummytick, size) == 0) {
+ /* Ticket data is as we expected */
+ testresult = 1;
+ } else {
+ printf("Received session ticket is not as expected\n");
+ }
+ break;
+ }
+ }
+
+ tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size;
+ data += size;
+ }
+
+ end:
+ SSL_free(con);
+ SSL_CTX_free(ctx);
+ if (!testresult) {
+ printf("ClientHello test: FAILED (Test %d)\n", currtest);
+ break;
+ }
+ }
+
+ ERR_free_strings();
+ ERR_remove_thread_state(NULL);
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ CRYPTO_mem_leaks(err);
+
+ return testresult?0:1;
+}

[Dr. Stephen Henson]

The branch master has been updated

via 14815a99d5fc625a5b8d730b05528f1f7b5d9ef7 (commit)
via 797a89a15aff6af1a3bb458987cce7fbddef1ff0 (commit)
via 431f458dfc41874b64ebe6145c9ed5358c9f505c (commit)
from 3b848c642cdbca17c686c95b8fd655e5b1f5df2a (commit)


- Log -----------------------------------------------------------------
commit 14815a99d5fc625a5b8d730b05528f1f7b5d9ef7

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Thu Jul 23 13:30:32 2015 +0100

Document signature algorithm setting functions.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 797a89a15aff6af1a3bb458987cce7fbddef1ff0

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Jun 21 20:13:37 2014 +0100

Add some OCSP documentation.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 431f458dfc41874b64ebe6145c9ed5358c9f505c

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Thu Jul 23 14:57:42 2015 +0100

Allow any order for signature algorithm string.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
doc/crypto/OCSP_REQUEST_new.pod | 107 +++++++++++++++++++++++++++++
doc/crypto/OCSP_cert_to_id.pod | 78 +++++++++++++++++++++
doc/crypto/OCSP_request_add1_nonce.pod | 73 ++++++++++++++++++++
doc/crypto/OCSP_response_find_status.pod | 104 ++++++++++++++++++++++++++++
doc/crypto/OCSP_response_status.pod | 57 ++++++++++++++++
doc/crypto/OCSP_sendreq_new.pod | 113 +++++++++++++++++++++++++++++++
doc/ssl/SSL_CTX_set1_sigalgs.pod | 104 ++++++++++++++++++++++++++++
ssl/t1_lib.c | 32 +++++----
8 files changed, 655 insertions(+), 13 deletions(-)
create mode 100644 doc/crypto/OCSP_REQUEST_new.pod
create mode 100644 doc/crypto/OCSP_cert_to_id.pod
create mode 100644 doc/crypto/OCSP_request_add1_nonce.pod
create mode 100644 doc/crypto/OCSP_response_find_status.pod
create mode 100644 doc/crypto/OCSP_response_status.pod
create mode 100644 doc/crypto/OCSP_sendreq_new.pod
create mode 100644 doc/ssl/SSL_CTX_set1_sigalgs.pod

diff --git a/doc/crypto/OCSP_REQUEST_new.pod b/doc/crypto/OCSP_REQUEST_new.pod
new file mode 100644
index 0000000..563fed3
--- /dev/null
+++ b/doc/crypto/OCSP_REQUEST_new.pod
@@ -0,0 +1,107 @@
+=pod
+
+OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign,
+OCSP_request_add1_cert, OCSP_request_onereq_count,
+OCSP_request_onereq_get0 - OCSP request functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ OCSP_REQUEST *OCSP_REQUEST_new(void);
+ void OCSP_REQUEST_free(OCSP_REQUEST *req);
+
+ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+ int OCSP_request_sign(OCSP_REQUEST *req,
+ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+ STACK_OF(X509) *certs, unsigned long flags);
+
+ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+ int OCSP_request_onereq_count(OCSP_REQUEST *req);
+ OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+
+=head1 DESCRIPTION
+
+OCSP_REQUEST_new() allocates and returns an empty B<OCSP_REQUEST> structure.
+
+OCSP_REQUEST_free() frees up the request structure B<req>.
+
+OCSP_request_add0_id() adds certificate ID B<cid> to B<req>. It returns
+the B<OCSP_ONEREQ> structure added so an application can add additional
+extensions to the request. The B<id> parameter B<MUST NOT> be freed up after
+the operation.
+
+OCSP_request_sign() signs OCSP request B<req> using certificate
+B<signer>, private key B<key>, digest B<dgst> and additional certificates
+B<certs>. If the B<flags> option B<OCSP_NOCERTS> is set then no certificates
+will be included in the request.
+
+OCSP_request_add1_cert() adds certificate B<cert> to request B<req>. The
+application is responsible for freeing up B<cert> after use.
+
+OCSP_request_onereq_count() returns the total number of B<OCSP_ONEREQ>
+structures in B<req>.
+
+OCSP_request_onereq_get0() returns an internal pointer to the B<OCSP_ONEREQ>
+contained in B<req> of index B<i>. The index value B<i> runs from 0 to
+OCSP_request_onereq_count(req) - 1.

+
+=head1 RETURN VALUES
+

+OCSP_REQUEST_new() returns an empty B<OCSP_REQUEST> structure or B<NULL> if
+an error occurred.
+
+OCSP_request_add0_id() returns the B<OCSP_ONEREQ> structure containing B<cid>
+or B<NULL> if an error occurred.
+
+OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0
+for failure.
+
+OCSP_request_onereq_count() returns the total number of B<OCSP_ONEREQ>
+structures in B<req>.
+
+OCSP_request_onereq_get0() returns a pointer to an B<OCSP_ONEREQ> structure
+or B<NULL> if the index value is out or range.
+
+=head1 NOTES
+
+An OCSP request structure contains one or more B<OCSP_ONEREQ> structures
+corresponding to each certificate.
+
+OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by
+OCSP responders.
+
+=head1 EXAMPLE
+
+Create an B<OCSP_REQUEST> structure for certificate B<cert> with issuer
+B<issuer>:
+
+ OCSP_REQUEST *req;
+ OCSP_ID *cid;
+
+ req = OCSP_REQUEST_new();
+ if (req == NULL)
+ /* error */
+ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
+ if (cid == NULL)
+ /* error */
+
+ if (OCSP_REQUEST_add0_id(req, cid) == NULL)
+ /* error */
+
+ /* Do something with req, e.g. query responder */
+
+ OCSP_REQUEST_free(req);

+
+=head1 SEE ALSO
+

+L<crypto(3)|crypto(3)>,
+L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>,
+L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>,
+L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)|OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)>
+
+=cut
diff --git a/doc/crypto/OCSP_cert_to_id.pod b/doc/crypto/OCSP_cert_to_id.pod
new file mode 100644
index 0000000..2eab1d3
--- /dev/null
+++ b/doc/crypto/OCSP_cert_to_id.pod
@@ -0,0 +1,78 @@
+=pod
+
+OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp,
+OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
+ X509 *subject, X509 *issuer);
+
+ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+ X509_NAME *issuerName,
+ ASN1_BIT_STRING *issuerKey,
+ ASN1_INTEGER *serialNumber);
+
+ void OCSP_CERTID_free(OCSP_CERTID *id);
+
+ int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+ ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+
+
+=head1 DESCRIPTION
+
+OCSP_cert_to_id() creates and returns a new B<OCSP_CERTID> structure using
+message digest B<dgst> for certificate B<subject> with issuer B<issuer>. If
+B<dgst> is B<NULL> then SHA1 is used.
+
+OCSP_cert_id_new() creates and returns a new B<OCSP_CERTID> using B<dgst> and
+issuer name B<issuerName>, issuer key hash B<issuerKey> and serial number
+B<serialNumber>.
+
+OCSP_CERTID_free() frees up B<id>.
+
+OCSP_id_cmp() compares B<OCSP_CERTID> B<a> and B<b>.
+
+OCSP_id_issuer_cmp() compares only the issuer name of B<OCSP_CERTID> B<a> and B<b>.
+
+OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and
+serial number contained in B<cid>. If any of the values are not required the
+corresponding parameter can be set to B<NULL>.

+
+=head1 RETURN VALUES
+

+OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid
+B<OCSP_CERTID> structure or B<NULL> if an error occurred.
+
+OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero
+otherwise.
+
+OCSP_CERTID_free() does not return a value.
+
+OCSP_id_get0_info() returns 1 for sucess and 0 for failure.
+
+=head1 NOTES
+
+OCSP clients will typically only use OCSP_cert_to_id() or OCSP_cert_id_new():
+the other functions are used by responder applications.
+
+The values returned by OCSP_id_get0_info() are internal pointers and B<MUST
+NOT> be freed up by an application: they will be freed when the corresponding
+B<OCSP_CERTID> structure is freed.

+
+=head1 SEE ALSO
+

+L<crypto(3)|crypto(3)>,
+L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>,
+L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>,
+L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)|OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)>
+
+=cut
diff --git a/doc/crypto/OCSP_request_add1_nonce.pod b/doc/crypto/OCSP_request_add1_nonce.pod
new file mode 100644
index 0000000..8fe3197
--- /dev/null
+++ b/doc/crypto/OCSP_request_add1_nonce.pod
@@ -0,0 +1,73 @@
+=pod
+
+OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);
+
+=head1 DESCRIPTION
+
+OCSP_request_add1_nonce() adds a nonce of value B<val> and length B<len> to
+OCSP request B<req>. If B<val> is B<NULL> a random nonce is used. If B<len>
+is zero or negative a default length will be used (currently 16 bytes).
+
+OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except
+it adds a nonce to OCSP basic response B<resp>.
+
+OCSP_check_nonce() compares the nonce value in B<req> and B<resp>.
+
+OCSP_copy_nonce() copys any nonce value present in B<req> to B<resp>.

+
+=head1 RETURN VALUES
+

+OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success
+and 0 for failure.
+
+OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce
+was present in B<req> and 0 if an error occurred.
+
+OCSP_check_nonce() returns the result of the nonce comparison between B<req>
+and B<resp>. The return value indicates the result of the comparison. If
+nonces are present and equal 1 is returned. If the nonces are absent 2 is
+returned. If a nonce is present in the response only 3 is returned. If nonces
+are present and unequal 0 is returned. If the nonce is present in the request
+only then -1 is returned.
+
+=head1 NOTES
+
+For most purposes the nonce value in a request is set to a random value so
+the B<val> parameter in OCSP_request_add1_nonce() is usually NULL.
+
+An OCSP nonce is typically added to an OCSP request to thwart replay attacks
+by checking the same nonce value appears in the response.
+
+Some responders may include a nonce in all responses even if one is not
+supplied.
+
+Some responders cache OCSP responses and do not sign each response for
+performance reasons. As a result they do not support nonces.
+
+The return values of OCSP_check_nonce() can be checked to cover each case. A
+positive return value effectively indicates success: nonces are both present
+and match, both absent or present in the response only. A non-zero return
+additionally covers the case where the nonce is present in the request only:
+this will happen if the responder doesn't support nonces. A zero return value
+indicates present and mismatched nonces: this should be treated as an error
+condition.

+
+=head1 SEE ALSO
+

+L<crypto(3)|crypto(3)>,
+L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>,
+L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>,
+L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)|OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)>
+
+=cut
diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_response_find_status.pod
new file mode 100644
index 0000000..1f4666a
--- /dev/null
+++ b/doc/crypto/OCSP_response_find_status.pod
@@ -0,0 +1,104 @@
+=pod
+
+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP reponse utility functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+ int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd);
+
+ int OCSP_resp_count(OCSP_BASICRESP *bs);
+ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd);
+
+ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+ ASN1_GENERALIZEDTIME *nextupd,
+ long sec, long maxsec);
+
+=head1 DESCRIPTION
+
+OCSP_resp_find_status() searches B<bs> for an OCSP response for B<id>. If it is
+successful the fields of the response are returned in B<*status>, B<*reason>,
+B<*revtime>, B<*thisupd> and B<*nextupd>. The B<*status> value will be one of
+B<V_OCSP_CERTSTATUS_GOOD>, B<V_OCSP_CERTSTATUS_REVOKED> or
+B<V_OCSP_CERTSTATUS_UNKNOWN>. The B<*reason> and B<*revtime> fields are only
+set if the status is B<V_OCSP_CERTSTATUS_REVOKED>. If set the B<*reason> field
+will be set to the revocation reason which will be one of
+B<OCSP_REVOKED_STATUS_NOSTATUS>, B<OCSP_REVOKED_STATUS_UNSPECIFIED>,
+B<OCSP_REVOKED_STATUS_KEYCOMPROMISE>, B<OCSP_REVOKED_STATUS_CACOMPROMISE>,
+B<OCSP_REVOKED_STATUS_AFFILIATIONCHANGED>, B<OCSP_REVOKED_STATUS_SUPERSEDED>,
+B<OCSP_REVOKED_STATUS_CESSATIONOFOPERATION>,
+B<OCSP_REVOKED_STATUS_CERTIFICATEHOLD> or B<OCSP_REVOKED_STATUS_REMOVEFROMCRL>.
+
+OCSP_resp_count() returns the number of B<OCSP_SINGLERESP> structures in B<bs>.
+
+OCSP_resp_get0() returns the B<OCSP_SINGLERESP> structure in B<bs>
+corresponding to index B<idx>. Where B<idx> runs from 0 to
+OCSP_resp_count(bs) - 1.
+
+OCSP_resp_find() searches B<bs> for B<id> and returns the index of the first
+matching entry after B<last> or starting from the beginning if B<last> is -1.
+
+OCSP_single_get0_status() extracts the fields of B<single> in B<*reason>,
+B<*revtime>, B<*thisupd> and B<*nextupd>.
+
+OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
+which will be typically obtained from OCSP_resp_find_status() or
+OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
+leeway should be allowed in the check. If B<maxsec> is positive it indicates
+the maximum age of B<thisupd> in seconds.

+
+=head1 RETURN VALUES
+

+OCSP_resp_find_status() returns 1 if B<id> is found in B<bs> and 0 otherwise.
+
+OCSP_resp_count() returns the total number of B<OCSP_SINGLERESP> fields in
+B<bs>.
+
+OCSP_resp_get0() returns a pointer to an B<OCSP_SINGLERESP> structure or
+B<NULL> if B<idx> is out of range.
+
+OCSP_resp_find() returns the index of B<id> in B<bs> (which may be 0) or -1 if
+B<id> was not found.
+
+OCSP_single_get0_status() returns the status of B<single> or -1 if an error
+occurred.
+
+=head1 NOTES
+
+Applications will typically call OCSP_resp_find_status() using the certificate
+ID of interest and then check its validity using OCSP_check_validity(). They
+can then take appropriate action based on the status of the certificate.
+
+An OCSP response for a certificate contains B<thisUpdate> and B<nextUpdate>
+fields. Normally the current time should be between these two values. To
+account for clock skew the B<maxsec> field can be set to non-zero in
+OCSP_check_validity(). Some responders do not set the B<nextUpdate> field, this
+would otherwise mean an ancient response would be considered valid: the
+B<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted
+age of responses.
+
+The values written to B<*revtime>, B<*thisupd> and B<*nextupd> by
+OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers
+which B<MUST NOT> be freed up by the calling application. Any or all of these
+parameters can be set to NULL if their value is not required.

+
+=head1 SEE ALSO
+

+L<crypto(3)|crypto(3)>,
+L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>,
+L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>,
+L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>,
+L<OCSP_response_status(3)|OCSP_response_status(3)>,
+L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)>
+
+=cut
diff --git a/doc/crypto/OCSP_response_status.pod b/doc/crypto/OCSP_response_status.pod
new file mode 100644
index 0000000..7121872
--- /dev/null
+++ b/doc/crypto/OCSP_response_status.pod
@@ -0,0 +1,57 @@
+=pod
+
+OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
+OCSP_RESPONSE_free - OCSP response functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ int OCSP_response_status(OCSP_RESPONSE *resp);
+ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+ void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
+
+=head1 DESCRIPTION
+
+OCSP_response_status() returns the OCSP response status of B<resp>. It returns
+one of the values: B<OCSP_RESPONSE_STATUS_SUCCESSFUL>,
+B<OCSP_RESPONSE_STATUS_MALFORMEDREQUEST>,
+B<OCSP_RESPONSE_STATUS_INTERNALERROR>, B<OCSP_RESPONSE_STATUS_TRYLATER>
+B<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or B<OCSP_RESPONSE_STATUS_UNAUTHORIZED>.
+
+OCSP_response_get1_basic() decodes and returns the B<OCSP_BASICRESP> structure
+contained in B<resp>.
+
+OCSP_response_create() creates and returns an B<OCSP_RESPONSE> structure for
+B<status> and optionally including basic response B<bs>.
+
+OCSP_RESPONSE_free() frees up OCSP reponse B<resp>.

+
+=head1 RETURN VALUES
+

+OCSP_RESPONSE_status() returns a status value.
+
+OCSP_response_get1_basic() returns an B<OCSP_BASICRESP> structure pointer or
+B<NULL> if an error occurred.
+
+OCSP_response_create() returns an B<OCSP_RESPONSE> structure pointer or B<NULL>
+if an error occurred.
+
+OCSP_RESPONSE_free() does not return a value.
+
+=head1 NOTES
+
+OCSP_response_get1_basic() is only called if the status of a response is
+B<OCSP_RESPONSE_STATUS_SUCCESSFUL>.

+
+=head1 SEE ALSO
+

+L<crypto(3)|crypto(3)>
+L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>
+L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>
+L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>
+L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>
+L<OCSP_sendreq_new(3)|OCSP_sendreq_new(3)>
+
+=cut
diff --git a/doc/crypto/OCSP_sendreq_new.pod b/doc/crypto/OCSP_sendreq_new.pod
new file mode 100644
index 0000000..cab11f7
--- /dev/null
+++ b/doc/crypto/OCSP_sendreq_new.pod
@@ -0,0 +1,113 @@

+=pod
+
+=head1 NAME
+

+OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
+OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
+OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ocsp.h>
+
+ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+ int maxline);
+
+ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+
+ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+
+ void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+
+ int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+ const char *name, const char *value);
+
+ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+
+ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req,
+ int maxline);
+
+=head1 DESCRIPTION
+
+The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
+responder B<io>, the URL path B<path>, the OCSP request B<req> and with a
+response header maximum line length of B<maxline>. If B<maxline> is zero a
+default value of 4k is used. The OCSP request B<req> may be set to B<NULL>
+and provided later if required.
+
+OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context
+B<rctx>. When the operation is complete it returns the response in B<*presp>.
+
+OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
+
+OCSP_set_max_response_length() sets the maximum reponse length for B<rctx>
+to B<len>. If the response exceeds this length an error occurs. If not
+set a default value of 100k is used.
+
+OCSP_REQ_CTX_add1_header() adds header B<name> with value B<value> to the
+context B<rctx>. It can be called more than once to add multiple headers.
+It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
+parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
+additional headers are set.
+
+OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
+function should be called after any calls to OCSP_REQ_CTX_add1_header().
+
+OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
+path B<path>, the OCSP request B<req> and with a response header maximum line
+length of B<maxline>. If B<maxline> is zero a default value of 4k is used.

+
+=head1 RETURN VALUES
+

+OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL> if
+an error occurred.
+
+OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully,
+B<-1> if the operation should be retried and B<0> if an error occurred.
+
+OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success
+and B<0> for failure.
+
+OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
+responder or B<NULL> if an error occurred.
+
+OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.
+
+=head1 NOTES
+
+These functions only perform a minimal HTTP query to a responder. If an
+application wishes to support more advanced features it should use an
+alternative more complete HTTP library.
+
+Currently only HTTP POST queries to responders are supported.
+
+The arguments to OCSP_sendreq_new() correspond to the components of the URL.
+For example if the responder URL is B<http://ocsp.com/ocspreq> the BIO
+B<io> should be connected to host B<ocsp.com> on port 80 and B<path>
+should be set to B<"/ocspreq">
+
+The headers added with OCSP_REQ_CTX_add1_header() are of the form
+"B<name>: B<value>" or just "B<name>" if B<value> is B<NULL>. So to add
+a Host header for B<ocsp.com> you would call:
+
+ OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
+
+If OCSP_sendreq_nbio() indicates an operation should be retried the
+corresponding BIO can be examined to determine which operation (read or
+write) should be retried and appropriate action taken (for example a select()
+call on the underlying socket).
+
+OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking
+I/O efficiently. It is retained for compatibility and its use in new
+applications is not recommended.

+
+=head1 SEE ALSO
+

+L<crypto(3)|crypto(3)>,
+L<OCSP_cert_to_id(3)|OCSP_cert_to_id(3)>,
+L<OCSP_request_add1_nonce(3)|OCSP_request_add1_nonce(3)>,
+L<OCSP_REQUEST_new(3)|OCSP_REQUEST_new(3)>,
+L<OCSP_response_find_status(3)|OCSP_response_find_status(3)>,
+L<OCSP_response_status(3)|OCSP_response_status(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set1_sigalgs.pod b/doc/ssl/SSL_CTX_set1_sigalgs.pod
new file mode 100644
index 0000000..b263160
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set1_sigalgs.pod
@@ -0,0 +1,104 @@

+=pod
+
+=head1 NAME
+

+SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list,
+SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs,
+SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list,
+SSL_set1_client_sigalgs_list - set supported signature algorithms

+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+

+ long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_sigalgs_list(SSL *ssl, const char *str);
+
+ long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set1_sigalgs() and SSL_set1_sigalgs() set the supported signature
+algorithms for B<ctx> or B<ssl>. The array B<slist> of length B<slistlen>
+must consist of pairs of NIDs corresponding to digest and public key
+algorithms.
+
+SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported
+signature algorithms for B<ctx> or B<ssl>. The B<str> parameter
+must be a null terminated string consisting or a colon separated list of
+public key algorithms and digests separated by B<+>.
+
+SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(),
+SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set
+signature algorithms related to client authentication, otherwise they are
+identical to SSL_CTX_set1_sigalgs(), SSL_set1_sigalgs(),
+SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list().
+
+All these functions are implemented as macros. The signature algorithm
+parameter (integer array or string) is not freed: the application should
+free it, if necessary.
+
+=head1 NOTES
+
+If an application wishes to allow the setting of signature algorithms
+as one of many user configurable options it should consider using the more
+flexible SSL_CONF API instead.
+
+The signature algorithms set by a client are used directly in the supported
+signature algorithm in the client hello message.
+
+The supported signature algorithms set by a server are not sent to the
+client but are used to determine the set of shared signature algorithms
+and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE)
+their order.
+
+The client authentication signature algorithms set by a server are sent
+in a certificate request message if client authentication is enabled,
+otherwise they are unused.
+
+Similarly client authentication signature algorithms set by a client are
+used to determined the set of client authentication shared signature
+algorithms.
+
+Signature algorithms will neither be advertised nor used if the security level
+prohibits them (for example SHA1 if the security level is 4 or more).
+
+Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and
+NID_sha512 digest NIDs are supported and the public key algorithm NIDs
+EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC.
+
+The short or long name values for digests can be used in a string (for
+example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and
+the public key algorithm strings "RSA", "DSA" or "ECDSA".
+
+The use of MD5 as a digest is strongly discouraged due to security weaknesses.
+
+=head1 EXAMPLES
+
+Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA
+using an array:
+
+ const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
+
+ SSL_CTX_set1_sigalgs(ctx, slist, 4);
+
+Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA
+using a string:
+
+ SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");

+
+=head1 RETURN VALUES
+

+All these functions return 1 for success and 0 for failure.

+
+=head1 SEE ALSO
+

+L<ssl(3)|ssl(3)>, L<SSL_get_shared_sigalgs(3)|SSL_get_shared_sigalgs(3)>,
+L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>
+
+=cut
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f08eb84..e593654 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3739,12 +3739,27 @@ typedef struct {
int sigalgs[MAX_SIGALGLEN];
} sig_cb_st;

+static void get_sigorhash(int *psig, int *phash, const char *str)
+{
+ if (strcmp(str, "RSA") == 0) {
+ *psig = EVP_PKEY_RSA;
+ } else if (strcmp(str, "DSA") == 0) {
+ *psig = EVP_PKEY_DSA;
+ } else if (strcmp(str, "ECDSA") == 0) {
+ *psig = EVP_PKEY_EC;
+ } else {
+ *phash = OBJ_sn2nid(str);
+ if (*phash == NID_undef)
+ *phash = OBJ_ln2nid(str);
+ }
+}
+
static int sig_cb(const char *elem, int len, void *arg)
{
sig_cb_st *sarg = arg;
size_t i;
char etmp[20], *p;
- int sig_alg, hash_alg;
+ int sig_alg = NID_undef, hash_alg = NID_undef;
if (elem == NULL)
return 0;
if (sarg->sigalgcnt == MAX_SIGALGLEN)
@@ -3761,19 +3776,10 @@ static int sig_cb(const char *elem, int len, void *arg)
if (!*p)
return 0;

- if (strcmp(etmp, "RSA") == 0)
- sig_alg = EVP_PKEY_RSA;
- else if (strcmp(etmp, "DSA") == 0)
- sig_alg = EVP_PKEY_DSA;
- else if (strcmp(etmp, "ECDSA") == 0)
- sig_alg = EVP_PKEY_EC;
- else
- return 0;
+ get_sigorhash(&sig_alg, &hash_alg, etmp);
+ get_sigorhash(&sig_alg, &hash_alg, p);

- hash_alg = OBJ_sn2nid(p);
- if (hash_alg == NID_undef)
- hash_alg = OBJ_ln2nid(p);
- if (hash_alg == NID_undef)
+ if (sig_alg == NID_undef || hash_alg == NID_undef)
return 0;

for (i = 0; i < sarg->sigalgcnt; i += 2) {

[Rich Salz]

The branch master has been updated

via 932af1617e277904bcca6e47729a420bba39785b (commit)
from 14815a99d5fc625a5b8d730b05528f1f7b5d9ef7 (commit)


- Log -----------------------------------------------------------------
commit 932af1617e277904bcca6e47729a420bba39785b
Author: Rich Salz <rs...@akamai.com>
Date: Tue Jul 28 12:41:36 2015 -0400

Tweak README about rt and bug reporting.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

README | 33 +++++++++++++++++++--------------
1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/README b/README
index 6e7bc73..40c2e83 100644
--- a/README
+++ b/README
@@ -137,17 +137,23 @@

Email the report to:

- openss...@openssl.org
+ r...@openssl.org

- Note that the request tracker should NOT be used for general assistance
- or support queries. Just because something doesn't work the way you expect
- does not mean it is necessarily a bug in OpenSSL.
+ In order to avoid spam, this is a moderated mailing list, and it might
+ take a day for the ticket to show up. (We also scan posts to make sure
+ that security disclosures aren't publically posted by mistake.) Mail to
+ this address is recorded in the public RT (request tracker) database (see
+ https://www.openssl.org/support/rt.html for details) and also forwarded
+ the public openssl-dev mailing list. Confidential mail may be sent to
+ openssl-...@openssl.org (PGP key available from the key servers).

- Note that mail to openss...@openssl.org is recorded in the public
- request tracker database (see https://www.openssl.org/support/rt.html
- for details) and also forwarded to a public mailing list. Confidential
- mail may be sent to openssl-...@openssl.org (PGP key available from
- the key servers).
+ Please do NOT use this for general assistance or support queries.
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL.
+
+ You can also make GitHub pull requests. If you do this, please also send
+ mail to r...@openssl.org with a link to the PR so that we can more easily
+ keep track of it.

HOW TO CONTRIBUTE TO OpenSSL
----------------------------
@@ -164,11 +170,10 @@
reason as to why that feature isn't implemented.

Patches should be as up to date as possible, preferably relative to the
- current Git or the last snapshot. They should follow the coding style of
- OpenSSL and compile without warnings. Some of the core team developer targets
- can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
- compiles on many varied platforms: try to ensure you only use portable
- features.
+ current Git or the last snapshot. They should follow our coding style
+ (see http://openssl.org/about/codingstyle.txt) and compile without
+ warnings using the --strict-warnings flag. OpenSSL compiles on many
+ varied platforms: try to ensure you only use portable features.

Note: For legal reasons, contributions from the US can be accepted only
if a TSU notification and a copy of the patch are sent to cr...@bis.doc.gov

[Rich Salz]

The branch master has been updated

via 7396e9b0e72bece0d79baa53e1459e8bdeb5cb76 (commit)
from c21a779e67328ae7b1e5037631f82bb91a532887 (commit)


- Log -----------------------------------------------------------------
commit 7396e9b0e72bece0d79baa53e1459e8bdeb5cb76
Author: Rich Salz <rs...@akamai.com>
Date: Wed Jul 29 16:13:35 2015 -0400

update RT/bug email stuff

-----------------------------------------------------------------------

Summary of changes:
support/rt.wml | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/support/rt.wml b/support/rt.wml
index a10d09d..c3a705c 100644
--- a/support/rt.wml
+++ b/support/rt.wml
@@ -5,15 +5,13 @@

<h1>OpenSSL Request Tracker</h1>

-The OpenSSL project has set up a request tracker at
+We have set up a request tracker at
<a href="http://rt.openssl.org/">http://rt.openssl.org/</a>
offering read-only access using the account <tt>guest</tt> with the
password <tt>guest</tt>.

-The username and password can also be specified in the URL for example:
-<a href="http://rt.openssl.org/?user=guest&pass=guest&">http://rt.openssl.org/?user=guest&amp;pass=guest</a>.
-
-A link to a specific bug can be created using for example:
+The username and password can also be specified in the URL, as can a link
+to a specific bug. For example:
<a href="http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1">
http://rt.openssl.org/Ticket/Display.html?user=guest&amp;pass=guest&amp;id=1</a>

@@ -25,17 +23,20 @@ of new or open bugs and requests.

<h2>Sending a Request</h2>

-New requests must be sent by email to
+To create a new bug or enhancement request, send email to
<a href="mailto:r...@openssl.org">r...@openssl.org</a>, clearly indicating
the type of request (bug report, patch, contribution, enhancement request,
...) the operating system and version of OpenSSL affected.
+If you have a patch or diff, please send it as an attachment, and not
+inline in the message body.

The easiest way to respond to an existing request is to reply to the relevant
-message in <tt>opens...@openssl.org</tt> and making sure you include
-<tt>r...@openssl.org</tt> in the list of recipients.
-
-If you do not have a copy of the existing request then you can create a new
-email including the ID in the subject line. For example to reply to ID #9999
+message in <tt>opens...@openssl.org</tt>. To help avoid duplicate copies,
+edit the recipient list so that only
+<tt>r...@openssl.org</tt> is listed and remove any quoted material.
+You can also create a new email by having the subject line start with a
+special prefix.
+For example to reply to ID #9999
you'd send a message to <tt>r...@openssl.org</tt> including <tt>[openssl.org #9999]</tt> in the subject.

<h2>Gateways</h2>
@@ -44,10 +45,11 @@ Incoming requests are added to the request tracker. The request tracker
automatically forwards incoming requests to the
<tt>opens...@openssl.org</tt>
mailing list for information of the community and public discussion.
-Replys sent to <tt>r...@openssl.org</tt> keeping the ticket in the
+Replies sent to <tt>r...@openssl.org</tt> keeping the ticket in the
subject line unchanged will be recorded and added to the ticket by the
request tracker, then forwarded to <tt>opens...@openssl.org</tt>.

<h2>Request Tracker Software</h2>
+
The request tracker is using the RT software, available from
-<a href="http://www.fsck.com/projects/rt/">http://www.fsck.com/projects/rt/</a>.
+<a href="http://www.bestpractical.com/rt/">http://www.bestpractical.com/rt/</a>.

[Rich Salz]

The branch master has been updated

via 5bb17d1b3cb1a02d1e48ad0810105f1b501b0532 (commit)
from 932af1617e277904bcca6e47729a420bba39785b (commit)


- Log -----------------------------------------------------------------
commit 5bb17d1b3cb1a02d1e48ad0810105f1b501b0532
Author: Rich Salz <rs...@akamai.com>
Date: Wed Jul 29 16:55:08 2015 -0400

RT3639: Add -no_comp description to online help

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/apps.h | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/apps.h b/apps/apps.h
index 2823cbc..f2dc812 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -287,7 +287,7 @@ void unbuffer(FILE *fp);
{"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
{"bugs", OPT_S_BUGS, '-' }, \
- {"no_comp", OPT_S_NOCOMP, '-' }, \
+ {"no_comp", OPT_S_NOCOMP, '-', "Don't use SSL/TLS-level compression" }, \
{"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
{"no_ticket", OPT_S_NOTICKET, '-' }, \
{"serverpref", OPT_S_SERVERPREF, '-' }, \

[Rich Salz]

The branch master has been updated

via fa4629b6a2518d202fd051f228c3d8770682b3be (commit)
from 5bb17d1b3cb1a02d1e48ad0810105f1b501b0532 (commit)


- Log -----------------------------------------------------------------
commit fa4629b6a2518d202fd051f228c3d8770682b3be
Author: Martin Vejnar <Martin...@avg.com>
Date: Wed Jul 29 17:28:19 2015 -0400

RT3774: double-free in DSA

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/dsa/dsa_ameth.c | 1 +

1 file changed, 1 insertion(+)

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 73dd158..0002e08 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -321,6 +321,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
dplen = i2d_ASN1_INTEGER(prkey, &dp);

ASN1_STRING_clear_free(prkey);
+ prkey = NULL;

if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
V_ASN1_SEQUENCE, params, dp, dplen))

[Matt Caswell]

The branch master has been updated

via 5e8b24dbfb98ed7c5b355cb6a959906a418e264b (commit)
from fa4629b6a2518d202fd051f228c3d8770682b3be (commit)


- Log -----------------------------------------------------------------
commit 5e8b24dbfb98ed7c5b355cb6a959906a418e264b
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jul 29 23:20:56 2015 +0100

Fix write failure handling in DTLS1.2

The DTLS code is supposed to drop packets if we try to write them out but
the underlying BIO write buffers are full. ssl3_write_pending() contains
an incorrect test for DTLS that controls this. The test only checks for
DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which
can later cause an assert to be hit. This commit changes the test to cover
all DTLS versions.

RT#3967

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/record/rec_layer_s3.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 79d3c21..d6e922c 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -929,7 +929,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
s->rwstate = SSL_NOTHING;
return (s->rlayer.wpend_ret);
} else if (i <= 0) {
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
/*
* For DTLS, just drop it. That's kind of the whole point in
* using a datagram service

[Dr. Stephen Henson]

The branch master has been updated

via 3df16cc2e27f75eac2c0991248b0c294e2c847b5 (commit)
via a784665e52735f77a64d01216d7535834278c27c (commit)
via a3f7ff2b2d1b1267cdf0bbce2374ebe149ed264a (commit)
via 69a3a9f5d9c018eee97b4127c40bc9903c03cce4 (commit)
via b2f8ab8681d4c9bba3b516672689e86e83b41e53 (commit)
via 23237159f76933a898d4da1ee67de704350e1ca9 (commit)
via 5516fcc0c9dad543aee4c9bf849d759bb58a0644 (commit)
via ea6114c6d0e31e3d6d8897d753afeadec33ddeee (commit)
via f40ecbc37c4be64eb4203792a55b2ecaebe83cf7 (commit)
via 2a1a04e131749a6aec280d53dfda86b595de55b3 (commit)
via 8a0a12e5bf78e6f2e501d3af86c675498e6c7552 (commit)
via 85269210ff39eabd1f898716f1e9bbcd2d0b8be2 (commit)
via 7689082b7199b91aa2df5d3e481abcca480e9d7e (commit)
via 12053a81c875473355e441d00ac81ed3c501dc9b (commit)
via adc5506adf4f4cb2719026354a8512e3a7807f8a (commit)
via 13be69f3e67f8b974183e6fff6d12d9a841ee97f (commit)
via 526f94ad68345a18559ee334e03d7f31c96f47d6 (commit)
via fe5eef3a3b3e6844394d976a182d88225c59ddb5 (commit)
via 332a251fd7cca28b1cc34d5ddf26272a352f5299 (commit)
via 8baac6a224ec194036b43e47b36b642248257b56 (commit)
via dcbd50608a44277f84f2a9323726a84f6f9d68ca (commit)
via 0096d8f7e01d2c0616f9a916145b62a2d8d7acdf (commit)
via 64651d3984ca24c48538a2a109c446fd684aa248 (commit)
from 5e8b24dbfb98ed7c5b355cb6a959906a418e264b (commit)


- Log -----------------------------------------------------------------
commit 3df16cc2e27f75eac2c0991248b0c294e2c847b5

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jul 28 16:13:29 2015 +0100

cleanse psk_identity on error

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit a784665e52735f77a64d01216d7535834278c27c

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jul 28 16:04:53 2015 +0100

Free and cleanse pms on error

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit a3f7ff2b2d1b1267cdf0bbce2374ebe149ed264a

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Jul 11 01:17:36 2015 +0100

Don't request certificates for any PSK ciphersuite

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 69a3a9f5d9c018eee97b4127c40bc9903c03cce4

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jun 30 19:14:58 2015 +0100

CAMELLIA PSK ciphersuites from RFC6367

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit b2f8ab8681d4c9bba3b516672689e86e83b41e53

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Jun 29 14:20:01 2015 +0100

Add PSK ciphersuites to docs

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 23237159f76933a898d4da1ee67de704350e1ca9

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Jun 29 12:17:21 2015 +0100

Update CHANGES

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 5516fcc0c9dad543aee4c9bf849d759bb58a0644

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Jun 29 00:44:39 2015 +0100

Add RFC4785 ciphersuites

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit ea6114c6d0e31e3d6d8897d753afeadec33ddeee

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:05:47 2015 +0100

Add RFC4279, RFC5487 and RFC5489 ciphersuites.

Note: some of the RFC4279 ciphersuites were originally part of PR#2464.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit f40ecbc37c4be64eb4203792a55b2ecaebe83cf7

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 16:55:00 2015 +0100

Initial new PSK ciphersuite defines

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 2a1a04e131749a6aec280d53dfda86b595de55b3

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 16:50:53 2015 +0100

Add full PSK trace support

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 8a0a12e5bf78e6f2e501d3af86c675498e6c7552

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 16:58:00 2015 +0100

PSK premaster secret derivation.

Move PSK premaster secret algorithm to ssl_generate_master secret so
existing key exchange code can be used and modified slightly to add
the PSK wrapping structure.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 85269210ff39eabd1f898716f1e9bbcd2d0b8be2

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:23:13 2015 +0100

Extended PSK server support.

Add support for RSAPSK, DHEPSK and ECDHEPSK server side.

Update various checks to ensure certificate and server key exchange messages
are only sent when required.

Update message handling. PSK server key exchange parsing now include an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message expects PSK identity and requests key for
all PSK key exchange ciphersuites.

Update flags for RSA, DH and ECDH so they are also used in PSK.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 7689082b7199b91aa2df5d3e481abcca480e9d7e

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:15:10 2015 +0100

Extended PSK client support.

Add support for RSAPSK, DHEPSK and ECDHEPSK client side.

Update various checks to ensure certificate and server key exchange messages
are only expected when required.

Update message handling. PSK server key exchange parsing now expects an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message requests PSK identity and key for all PSK
key exchange ciphersuites and includes identity in message.

Update flags for RSA, DH and ECDH so they are also used in PSK.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 12053a81c875473355e441d00ac81ed3c501dc9b

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 23:18:59 2015 +0100

PSK PRF correction.

For SHA384 PRF PSK ciphersuites we have to switch to default PRF for
TLS < 1.2

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit adc5506adf4f4cb2719026354a8512e3a7807f8a

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:01:52 2015 +0100

Make auto DH work with DHEPSK

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 13be69f3e67f8b974183e6fff6d12d9a841ee97f

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jun 30 16:39:41 2015 +0100

Check for kECDH with extensions.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 526f94ad68345a18559ee334e03d7f31c96f47d6

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:02:56 2015 +0100

Enable PSK if corresponding mask set.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit fe5eef3a3b3e6844394d976a182d88225c59ddb5

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:01:07 2015 +0100

Disable all PSK if no callback.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 332a251fd7cca28b1cc34d5ddf26272a352f5299

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:09:54 2015 +0100

Disable unsupported PSK algorithms

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 8baac6a224ec194036b43e47b36b642248257b56

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:07:41 2015 +0100

new PSK text constants

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit dcbd50608a44277f84f2a9323726a84f6f9d68ca

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 17:10:27 2015 +0100

New PSK aliases.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 0096d8f7e01d2c0616f9a916145b62a2d8d7acdf

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 16:54:06 2015 +0100

New PSK keyex text constants

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 64651d3984ca24c48538a2a109c446fd684aa248

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Jun 28 16:52:40 2015 +0100

fields for PSK key, new constants

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 8 +
doc/apps/ciphers.pod | 77 ++++-
include/openssl/ssl.h | 3 +
include/openssl/tls1.h | 125 +++++++-
ssl/s3_clnt.c | 222 ++++++-------
ssl/s3_lib.c | 831 ++++++++++++++++++++++++++++++++++++++++++++++---
ssl/s3_srvr.c | 256 ++++++++-------
ssl/ssl_ciph.c | 22 +-
ssl/ssl_lib.c | 6 +
ssl/ssl_locl.h | 13 +
ssl/t1_lib.c | 6 +-
ssl/t1_trce.c | 49 ++-
12 files changed, 1316 insertions(+), 302 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1526aec..c5be241 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,14 @@

_______________

Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+

+ *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
+ from RFC4279, RFC4785, RFC5487, RFC5489.
+
+ Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the
+ original RSA_PSK patch.
+ [Steve Henson]

+
*) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay

era flag was never set throughout the codebase (only read). Also removed

SSL3_FLAGS_POP_BUFFER which was only used if

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index c2d40ac..d7b7bea 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -329,7 +329,16 @@ cipher suites using GOST 28147-89 MAC B<instead of> HMAC.

=item B<PSK>

-cipher suites using pre-shared keys (PSK).
+all cipher suites using pre-shared keys (PSK).
+
+=item B<kPSK>, B<kECDHEPSK>, B<kDHEPSK>, B<kRSAPSK>
+
+cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.
+
+=item B<aPSK>
+
+cipher suites using PSK authentication (currently all PSK modes apart from
+RSA_PSK).

=item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>

@@ -585,10 +594,68 @@ Note: these ciphers can also be used in SSL v3.

=head2 Pre shared keying (PSK) ciphersuites

- TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA
- TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
- TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
- TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
+ PSK_WITH_NULL_SHA PSK-NULL-SHA
+ DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA
+ RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA
+
+ PSK_WITH_RC4_128_SHA PSK-RC4-SHA
+ PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
+ PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
+ PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
+
+ DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA
+ DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA
+ DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA
+ DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA
+
+ RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
+ RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
+ RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
+ RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
+
+ PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
+ DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256
+ DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384
+ RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
+ RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
+
+ PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
+ PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
+ PSK_WITH_NULL_SHA256 PSK-NULL-SHA256
+ PSK_WITH_NULL_SHA384 PSK-NULL-SHA384
+ DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256
+ DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384
+ DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256
+ DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384
+ RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
+ RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
+ RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256
+ RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384
+ PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
+
+ ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA
+ ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA
+ ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256
+ ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384
+ ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA
+ ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256
+ ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384
+
+ PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256
+ PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384
+
+ DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256
+ DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384
+
+ RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256
+ RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384
+
+ ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
+ ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384

=head1 NOTES

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c394191..6b6560d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -204,6 +204,9 @@ extern "C" {
# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */
# define SSL_TXT_kECDHE "kECDHE"
# define SSL_TXT_kPSK "kPSK"
+# define SSL_TXT_kRSAPSK "kRSAPSK"
+# define SSL_TXT_kECDHEPSK "kECDHEPSK"
+# define SSL_TXT_kDHEPSK "kDHEPSK"
# define SSL_TXT_kGOST "kGOST"
# define SSL_TXT_kSRP "kSRP"

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index a172af3..1eef9cc 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -409,6 +409,45 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D

+# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E
+# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091
+
+# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092
+# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095
+
+/* PSK ciphersuites from 5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB
+# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC
+# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD
+
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF
+# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0
+# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1
+
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5
+
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9
+
+/* NULL PSK ciphersuites from RFC4785 */
+
+# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E
+
/* AES ciphersuites from RFC3268 */

# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
@@ -480,10 +519,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7

-/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */
-# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8
-# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9
-
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB
@@ -565,6 +600,21 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032

+/* ECDHE PSK ciphersuites from RFC5489 */
+# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033
+# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
+
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038
+
+/* NULL PSK ciphersuites from RFC4785 */
+
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B
+
/* Camellia-CBC ciphersuites from RFC6367 */
# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
@@ -575,6 +625,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078
# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079

+# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094
+# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B
+
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
* ciphers names with "EDH" instead of "DHE". Going forward, we should be
@@ -589,6 +648,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"

+# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA"
+
/* AES ciphersuites from RFC3268 */
# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
@@ -641,6 +704,38 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"

+# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA"
+
+/* PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256"
+# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384"
+
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384"
+
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384"
+
/* SRP ciphersuite from RFC 5054 */
# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
@@ -682,6 +777,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256"
# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256"

+# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384"
+
/* SEED ciphersuites from RFC4162 */
# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
@@ -744,6 +848,19 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256"
# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384"

+/* ECDHE PSK ciphersuites from RFC 5489 */
+# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384"
+
/* Camellia-CBC ciphersuites from RFC6367 */
# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 04af851..080dbf0 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -331,10 +331,8 @@ int ssl3_connect(SSL *s)

/* Check if it is anon DH/ECDH, SRP auth */
/* or PSK */
- if (!
- (s->s3->tmp.
- new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
- && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ if (!(s->s3->tmp.new_cipher->algorithm_auth &
+ (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
ret = ssl3_get_server_certificate(s);
if (ret <= 0)
goto end;
@@ -1414,7 +1412,7 @@ int ssl3_get_key_exchange(SSL *s)
* Can't skip server key exchange if this is an ephemeral
* ciphersuite.
*/
- if (alg_k & (SSL_kDHE | SSL_kECDHE)) {
+ if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK)) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto f_err;
@@ -1447,8 +1445,8 @@ int ssl3_get_key_exchange(SSL *s)
al = SSL_AD_DECODE_ERROR;

#ifndef OPENSSL_NO_PSK
- if (alg_k & SSL_kPSK) {
- char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
+ /* PSK ciphersuites are preceded by an identity hint */
+ if (alg_k & SSL_PSK) {

param_len = 2;
if (param_len > n) {
@@ -1475,23 +1473,24 @@ int ssl3_get_key_exchange(SSL *s)
}
param_len += i;

- /*
- * If received PSK identity hint contains NULL characters, the hint
- * is truncated from the first NULL. p may not be ending with NULL,
- * so create a NULL-terminated string.
- */
- memcpy(tmp_id_hint, p, i);
- memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
OPENSSL_free(s->session->psk_identity_hint);
- s->session->psk_identity_hint = BUF_strdup(tmp_id_hint);
- if (s->session->psk_identity_hint == NULL) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- goto f_err;
+ if (i != 0) {
+ s->session->psk_identity_hint = BUF_strndup((char *)p, i);
+ if (s->session->psk_identity_hint == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ } else {
+ s->session->psk_identity_hint = NULL;
}

p += i;
n -= param_len;
+ }
+
+ /* Nothing else to do for plain PSK or RSAPSK */
+ if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
} else
#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
@@ -1661,7 +1660,7 @@ int ssl3_get_key_exchange(SSL *s)
if (0) ;
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & SSL_kDHE) {
+ else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
if ((dh = DH_new()) == NULL) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
goto err;
@@ -1742,7 +1741,7 @@ int ssl3_get_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_DH */

#ifndef OPENSSL_NO_EC
- else if (alg_k & SSL_kECDHE) {
+ else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
EC_GROUP *ngroup;
const EC_GROUP *group;

@@ -1945,8 +1944,8 @@ int ssl3_get_key_exchange(SSL *s)
}
}
} else {
- /* aNULL, aSRP or kPSK do not need public keys */
- if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK)) {
+ /* aNULL, aSRP or PSK do not need public keys */
+ if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_PSK)) {
/* Might be wrong key type, check it */
if (ssl3_check_cert_and_algorithm(s))
/* Otherwise this shouldn't happen */
@@ -2329,6 +2328,9 @@ int ssl3_send_client_key_exchange(SSL *s)
{
unsigned char *p;
int n;
+#ifndef OPENSSL_NO_PSK
+ size_t pskhdrlen = 0;
+#endif
unsigned long alg_k;
#ifndef OPENSSL_NO_RSA
unsigned char *q;
@@ -2344,17 +2346,93 @@ int ssl3_send_client_key_exchange(SSL *s)
#endif
unsigned char *pms = NULL;
size_t pmslen = 0;
+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
p = ssl_handshake_start(s);

- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+#ifndef OPENSSL_NO_PSK
+ if (alg_k & SSL_PSK) {
+ int psk_err = 1;
+ /*
+ * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
+ * \0-terminated identity. The last byte is for us for simulating
+ * strnlen.
+ */
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
+ size_t identitylen;
+ unsigned char psk[PSK_MAX_PSK_LEN];
+ size_t psklen;
+
+ if (s->psk_client_callback == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_PSK_NO_CLIENT_CB);

+ goto err;
+ }
+

+ memset(identity, 0, sizeof(identity));
+
+ psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
+ identity, sizeof(identity) - 1,
+ psk, sizeof(psk));
+
+ if (psklen > PSK_MAX_PSK_LEN) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto psk_err;
+ } else if (psklen == 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_PSK_IDENTITY_NOT_FOUND);
+ goto psk_err;
+ }
+
+ OPENSSL_free(s->s3->tmp.psk);
+ s->s3->tmp.psk = BUF_memdup(psk, psklen);
+ OPENSSL_cleanse(psk, psklen);
+
+ if (s->s3->tmp.psk == NULL) {
+ OPENSSL_cleanse(identity, sizeof(identity));
+ goto memerr;
+ }
+
+ s->s3->tmp.psklen = psklen;
+
+ identitylen = strlen(identity);
+ if (identitylen > PSK_MAX_IDENTITY_LEN) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto psk_err;
+ }
+ OPENSSL_free(s->session->psk_identity);
+ s->session->psk_identity = BUF_strdup(identity);
+ if (s->session->psk_identity == NULL) {
+ OPENSSL_cleanse(identity, sizeof(identity));
+ goto memerr;
+ }
+
+ s2n(identitylen, p);
+ memcpy(p, identity, identitylen);
+ pskhdrlen = 2 + identitylen;
+ p += identitylen;
+ psk_err = 0;
+ psk_err:
+ OPENSSL_cleanse(identity, sizeof(identity));
+ if (psk_err != 0) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

+ goto err;
+ }
+ }

+ if (alg_k & SSL_kPSK) {
+ n = 0;
+ } else
+#endif

/* Fool emacs indentation */
if (0) {
}
#ifndef OPENSSL_NO_RSA
- else if (alg_k & SSL_kRSA) {
+ else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
RSA *rsa;
pmslen = SSL_MAX_MASTER_KEY_LENGTH;
pms = OPENSSL_malloc(pmslen);
@@ -2414,7 +2492,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
+ else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
DH *dh_srvr, *dh_clnt;
if (s->s3->peer_dh_tmp != NULL)
dh_srvr = s->s3->peer_dh_tmp;
@@ -2493,7 +2571,7 @@ int ssl3_send_client_key_exchange(SSL *s)
#endif

#ifndef OPENSSL_NO_EC
- else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) {
+ else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
@@ -2781,88 +2859,16 @@ int ssl3_send_client_key_exchange(SSL *s)
}
}
#endif
-#ifndef OPENSSL_NO_PSK
- else if (alg_k & SSL_kPSK) {
- /*
- * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
- * \0-terminated identity. The last byte is for us for simulating
- * strnlen.
- */
- char identity[PSK_MAX_IDENTITY_LEN + 2];
- size_t identity_len;
- unsigned char *t = NULL;
- unsigned int psk_len = 0;
- int psk_err = 1;
-
- n = 0;
- if (s->psk_client_callback == NULL) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- SSL_R_PSK_NO_CLIENT_CB);

- goto err;
- }
-

- memset(identity, 0, sizeof(identity));
- /* Allocate maximum size buffer */
- pmslen = PSK_MAX_PSK_LEN * 2 + 4;
- pms = OPENSSL_malloc(pmslen);
- if (!pms)
- goto memerr;
-
- psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
- identity, sizeof(identity) - 1,
- pms, pmslen);
- if (psk_len > PSK_MAX_PSK_LEN) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto psk_err;
- } else if (psk_len == 0) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- SSL_R_PSK_IDENTITY_NOT_FOUND);
- goto psk_err;
- }
- /* Change pmslen to real length */
- pmslen = 2 + psk_len + 2 + psk_len;
- identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
- identity_len = strlen(identity);
- if (identity_len > PSK_MAX_IDENTITY_LEN) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto psk_err;
- }
- /* create PSK pre_master_secret */
- t = pms;
- memmove(pms + psk_len + 4, pms, psk_len);
- s2n(psk_len, t);
- memset(t, 0, psk_len);
- t += psk_len;
- s2n(psk_len, t);
-
- OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = BUF_strdup(identity);
- if (s->session->psk_identity == NULL) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto psk_err;
- }
-
- s2n(identity_len, p);
- memcpy(p, identity, identity_len);
- n = 2 + identity_len;
- psk_err = 0;
- psk_err:
- OPENSSL_cleanse(identity, sizeof(identity));
- if (psk_err != 0) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);

- goto err;
- }
- }

-#endif
else {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}

+#ifndef OPENSSL_NO_PSK
+ n += pskhdrlen;
+#endif
+
if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
@@ -2876,7 +2882,7 @@ int ssl3_send_client_key_exchange(SSL *s)
n = ssl_do_write(s);
#ifndef OPENSSL_NO_SRP
/* Check for SRP */
- if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+ if (alg_k & SSL_kSRP) {
/*
* If everything written generate master key: no need to save PMS as
* srp_generate_client_master_secret generates it internally.
@@ -2900,7 +2906,7 @@ int ssl3_send_client_key_exchange(SSL *s)
pms = s->s3->tmp.pms;
pmslen = s->s3->tmp.pmslen;
}
- if (pms == NULL) {
+ if (pms == NULL && !(alg_k & SSL_kPSK)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto err;
@@ -2924,6 +2930,10 @@ int ssl3_send_client_key_exchange(SSL *s)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
#endif
+#ifndef OPENSSL_NO_PSK
+ OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+ s->s3->tmp.psk = NULL;
+#endif
s->state = SSL_ST_ERR;
return (-1);
}
@@ -3261,7 +3271,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
+ if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 8b7c52a..0fc0881 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -600,6 +600,53 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
+#ifndef OPENSSL_NO_PSK
+ /* Cipher 2C */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_NULL_SHA,
+ TLS1_CK_PSK_WITH_NULL_SHA,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ /* Cipher 2D */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+ TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+ /* Cipher 2E */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+ TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+#endif

/* New AES ciphersuites */
/* Cipher 2F */
@@ -1253,6 +1300,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
#endif /* OPENSSL_NO_CAMELLIA */

#ifndef OPENSSL_NO_PSK
+ /* PSK ciphersuites from RFC 4279 */
/* Cipher 8A */
{
1,
@@ -1316,6 +1364,134 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
+
+ /* Cipher 8E */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 8F */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 112,
+ 168,
+ },
+
+ /* Cipher 90 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 91 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 256,
+ 256,
+ },
+
+ /* Cipher 92 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 93 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 112,
+ 168,
+ },
+
+ /* Cipher 94 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 95 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 256,
+ 256,
+ },
#endif /* OPENSSL_NO_PSK */

#ifndef OPENSSL_NO_SEED
@@ -1597,55 +1773,312 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
128,
},

- /* Cipher A7 */
+ /* Cipher A7 */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+ SSL_kDHE,
+ SSL_aNULL,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+#ifndef OPENSSL_NO_PSK
+ /* PSK ciphersuites from RFC5487 */
+
+ /* Cipher A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ /* Cipher AA */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher AB */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ /* Cipher AC */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher AD */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ /* Cipher AE */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher AF */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ /* Cipher B0 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_NULL_SHA256,
+ TLS1_CK_PSK_WITH_NULL_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+
+ /* Cipher B1 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_NULL_SHA384,
+ TLS1_CK_PSK_WITH_NULL_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 0,
+ 0,
+ },
+
+ /* Cipher B2 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher B3 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ /* Cipher B4 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+ TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+
+ /* Cipher B5 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+ TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 0,
+ 0,
+ },
+
+ /* Cipher B6 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher B7 */
{
1,
- TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
- SSL_kDHE,
- SSL_aNULL,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
-#ifndef OPENSSL_NO_PSK
- /* Cipher A8 */
+
+ /* Cipher B8 */
{
1,
- TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
- TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
+ TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+ TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_eNULL,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
},

- /* Cipher A9 */
+ /* Cipher B9 */
{
1,
- TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
- TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
- SSL_kPSK,
- SSL_aPSK,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+ TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_eNULL,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
+ 0,
+ 0,
},
-
-#endif
+#endif /* OPENSSL_NO_PSK */

#ifndef OPENSSL_NO_CAMELLIA
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
@@ -2669,6 +3102,151 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},

+ /* PSK ciphersuites from RFC 5489 */
+ /* Cipher C033 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher C034 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 112,
+ 168,
+ },
+
+ /* Cipher C035 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher C036 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 256,
+ 256,
+ },
+
+ /* Cipher C037 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher C038 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ /* Cipher C039 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+
+ /* Cipher C03A */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+ TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 0,
+ 0,
+ },
+
+ /* Cipher C03B */
+ {
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+ TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_eNULL,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 0,
+ 0,
+ },
+
# ifndef OPENSSL_NO_CAMELLIA
{ /* Cipher C072 */
1,
@@ -2784,6 +3362,120 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
# endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_EC */

+#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK)
+ { /* Cipher C094 */
+ 1,
+ TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C095 */
+ 1,
+ TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256},
+
+ { /* Cipher C096 */
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C097 */
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256},
+
+ { /* Cipher C098 */
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C099 */
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256},
+
+ { /* Cipher C09A */
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+ 128,
+ 128},
+
+ { /* Cipher C09B */
+ 1,
+ TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ SSL_kECDHEPSK,
+ SSL_aPSK,
+ SSL_CAMELLIA256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256},
+#endif
+
#ifdef TEMP_GOST_TLS
/* Cipher FF00 */
{
@@ -3933,7 +4625,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
- if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
+ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
continue;
#endif /* OPENSSL_NO_PSK */

@@ -4217,13 +4909,19 @@ int ssl3_renegotiate_check(SSL *s)
/*
* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
* handshake macs if required.
+ *
+ * If PSK and using SHA384 for TLS < 1.2 switch to default.
*/
long ssl_get_algorithm2(SSL *s)
{
long alg2 = s->s3->tmp.new_cipher->algorithm2;
- if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
- && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
- return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
+ if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
+ if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
+ return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
+ }
return alg2;
}

@@ -4253,13 +4951,56 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms)
{
- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,
- pms, pmslen);
- if (free_pms)
- OPENSSL_clear_free(pms, pmslen);
- else
- OPENSSL_cleanse(pms, pmslen);
+#ifndef OPENSSL_NO_PSK
+ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+ if (alg_k & SSL_PSK) {
+ unsigned char *pskpms, *t;
+ size_t psklen = s->s3->tmp.psklen;
+ size_t pskpmslen;
+
+ /* create PSK premaster_secret */
+
+ /* For plain PSK "other_secret" is psklen zeroes */
+ if (alg_k & SSL_kPSK)
+ pmslen = psklen;
+
+ pskpmslen = 4 + pmslen + psklen;
+ pskpms = OPENSSL_malloc(pskpmslen);
+ if (pskpms == NULL) {
+ s->session->master_key_length = 0;
+ goto err;
+ }
+ t = pskpms;
+ s2n(pmslen, t);
+ if (alg_k & SSL_kPSK)
+ memset(t, 0, pmslen);
+ else
+ memcpy(t, pms, pmslen);
+ t += pmslen;
+ s2n(psklen, t);
+ memcpy(t, s->s3->tmp.psk, psklen);
+
+ OPENSSL_clear_free(s->s3->tmp.psk, psklen);
+ s->s3->tmp.psk = NULL;
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key,
+ pskpms, pskpmslen);
+ OPENSSL_clear_free(pskpms, pskpmslen);
+ } else
+#endif
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key,
+ pms, pmslen);
+
+ err:
+ if (pms) {
+ if (free_pms)
+ OPENSSL_clear_free(pms, pmslen);
+ else
+ OPENSSL_cleanse(pms, pmslen);
+ }
if (s->server == 0)
s->s3->tmp.pms = NULL;
return s->session->master_key_length >= 0;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index cbe80eb..72deedc 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -403,10 +403,8 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or anon ECDH, */
/* normal PSK or SRP */
- if (!
- (s->s3->tmp.
- new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ if (!(s->s3->tmp.new_cipher->algorithm_auth &
+ (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
ret = ssl3_send_server_certificate(s);
if (ret <= 0)
goto end;
@@ -446,7 +444,10 @@ int ssl3_accept(SSL *s)
* provided
*/
#ifndef OPENSSL_NO_PSK
- || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+ /* Only send SKE if we have identity hint for plain PSK */
+ || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->ctx->psk_identity_hint)
+ /* For other PSK always send SKE */
+ || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
#endif
#ifndef OPENSSL_NO_SRP
/* SRP: send ServerKeyExchange */
@@ -502,7 +503,7 @@ int ssl3_accept(SSL *s)
* With normal PSK Certificates and Certificate Requests
* are omitted
*/
- || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) {
/* no cert request */
skip = 1;
s->s3->tmp.cert_request = 0;
@@ -1722,6 +1723,19 @@ int ssl3_send_server_key_exchange(SSL *s)

r[0] = r[1] = r[2] = r[3] = NULL;
n = 0;
+#ifndef OPENSSL_NO_PSK
+ if (type & SSL_PSK) {
+ /*
+ * reserve size for record length and PSK identity hint
+ */
+ n += 2;
+ if (s->ctx->psk_identity_hint)
+ n += strlen(s->ctx->psk_identity_hint);
+ }
+ /* Plain PSK or RSAPSK nothing to do */
+ if (type & (SSL_kPSK | SSL_kRSAPSK)) {
+ } else
+#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_RSA
if (type & SSL_kRSA) {
rsa = cert->rsa_tmp;
@@ -1752,7 +1766,7 @@ int ssl3_send_server_key_exchange(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_DH
- if (type & SSL_kDHE) {
+ if (type & (SSL_kDHE | SSL_kDHEPSK)) {
if (s->cert->dh_tmp_auto) {
dhp = ssl_get_auto_dh(s);
if (dhp == NULL) {
@@ -1817,7 +1831,7 @@ int ssl3_send_server_key_exchange(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_EC
- if (type & SSL_kECDHE) {
+ if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
const EC_GROUP *group;

ecdhp = cert->ecdh_tmp;
@@ -1933,7 +1947,7 @@ int ssl3_send_server_key_exchange(SSL *s)
* additional bytes to encode the entire ServerECDHParams
* structure.
*/
- n = 4 + encodedlen;
+ n += 4 + encodedlen;

/*
* We'll generate the serverKeyExchange message explicitly so we
@@ -1945,14 +1959,6 @@ int ssl3_send_server_key_exchange(SSL *s)
r[3] = NULL;
} else
#endif /* !OPENSSL_NO_EC */
-#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK) {
- /*
- * reserve size for record length and PSK identity hint
- */
- n += 2 + strlen(s->ctx->psk_identity_hint);
- } else
-#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
if (type & SSL_kSRP) {
if ((s->srp_ctx.N == NULL) ||
@@ -1984,8 +1990,8 @@ int ssl3_send_server_key_exchange(SSL *s)
n += 2 + nr[i];
}

- if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
- && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP))
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) {
if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
== NULL) {
al = SSL_AD_DECODE_ERROR;
@@ -2003,6 +2009,20 @@ int ssl3_send_server_key_exchange(SSL *s)
}
d = p = ssl_handshake_start(s);

+#ifndef OPENSSL_NO_PSK
+ if (type & SSL_PSK) {
+ /* copy PSK identity hint */
+ if (s->ctx->psk_identity_hint) {
+ s2n(strlen(s->ctx->psk_identity_hint), p);
+ strncpy((char *)p, s->ctx->psk_identity_hint,
+ strlen(s->ctx->psk_identity_hint));
+ p += strlen(s->ctx->psk_identity_hint);
+ } else {
+ s2n(0, p);
+ }
+ }
+#endif
+
for (i = 0; i < 4 && r[i] != NULL; i++) {
#ifndef OPENSSL_NO_SRP
if ((i == 2) && (type & SSL_kSRP)) {
@@ -2016,7 +2036,7 @@ int ssl3_send_server_key_exchange(SSL *s)
}

#ifndef OPENSSL_NO_EC
- if (type & SSL_kECDHE) {
+ if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
/*
* XXX: For now, we only support named (not generic) curves. In
* this situation, the serverKeyExchange message has: [1 byte
@@ -2038,16 +2058,6 @@ int ssl3_send_server_key_exchange(SSL *s)
}
#endif

-#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK) {
- /* copy PSK identity hint */
- s2n(strlen(s->ctx->psk_identity_hint), p);
- strncpy((char *)p, s->ctx->psk_identity_hint,
- strlen(s->ctx->psk_identity_hint));
- p += strlen(s->ctx->psk_identity_hint);
- }
-#endif
-
/* not anonymous */
if (pkey != NULL) {
/*
@@ -2249,8 +2259,94 @@ int ssl3_get_client_key_exchange(SSL *s)

alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

+#ifndef OPENSSL_NO_PSK
+ /* For PSK parse and retrieve identity, obtain PSK key */
+ if (alg_k & SSL_PSK) {
+ unsigned char psk[PSK_MAX_PSK_LEN];
+ size_t psklen;
+ if (n < 2) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ n2s(p, i);
+ if (i + 2 > n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (i > PSK_MAX_IDENTITY_LEN) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+ if (s->psk_server_callback == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_PSK_NO_SERVER_CB);
+ goto f_err;
+ }
+
+ OPENSSL_free(s->session->psk_identity);
+ s->session->psk_identity = BUF_strndup((char *)p, i);
+
+ if (s->session->psk_identity == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
+ psklen = s->psk_server_callback(s, s->session->psk_identity,
+ psk, sizeof(psk));
+
+ if (psklen > PSK_MAX_PSK_LEN) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ } else if (psklen == 0) {
+ /*
+ * PSK related to the given identity not found
+ */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_PSK_IDENTITY_NOT_FOUND);
+ al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+ goto f_err;
+ }
+
+ OPENSSL_free(s->s3->tmp.psk);
+ s->s3->tmp.psk = BUF_memdup(psk, psklen);
+ OPENSSL_cleanse(psk, psklen);
+
+ if (s->s3->tmp.psk == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
+ s->s3->tmp.psklen = psklen;
+
+ n -= i + 2;
+ p += i;
+ }
+ if (alg_k & SSL_kPSK) {
+ /* Identity extracted earlier: should be nothing left */
+ if (n != 0) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ /* PSK handled by ssl_generate_master_secret */
+ if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ } else
+#endif
#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
+ if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
int decrypt_len;
unsigned char decrypt_good, version_good;
@@ -2389,13 +2485,13 @@ int ssl3_get_client_key_exchange(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
+ if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
int idx = -1;
EVP_PKEY *skey = NULL;
if (n > 1) {
n2s(p, i);
} else {
- if (alg_k & SSL_kDHE) {
+ if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
@@ -2483,7 +2579,7 @@ int ssl3_get_client_key_exchange(SSL *s)
#endif

#ifndef OPENSSL_NO_EC
- if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) {
+ if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
int ret = 1;
int field_size = 0;
const EC_KEY *tkey;
@@ -2526,7 +2622,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (n == 0L) {
/* Client Publickey was in Client Certificate */

- if (alg_k & SSL_kECDHE) {
+ if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_ECDH_KEY);
@@ -2612,92 +2708,6 @@ int ssl3_get_client_key_exchange(SSL *s)
return (ret);
} else
#endif
-#ifndef OPENSSL_NO_PSK
- if (alg_k & SSL_kPSK) {
- unsigned char *t = NULL;
- unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
- unsigned int pre_ms_len = 0, psk_len = 0;
- int psk_err = 1;
- char tmp_id[PSK_MAX_IDENTITY_LEN + 1];
-
- al = SSL_AD_HANDSHAKE_FAILURE;
-
- n2s(p, i);
- if (n != i + 2) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
- goto psk_err;
- }
- if (i > PSK_MAX_IDENTITY_LEN) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto psk_err;
- }
- if (s->psk_server_callback == NULL) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_PSK_NO_SERVER_CB);
- goto psk_err;
- }
-
- /*
- * Create guaranteed NULL-terminated identity string for the callback
- */
- memcpy(tmp_id, p, i);
- memset(tmp_id + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
- psk_len = s->psk_server_callback(s, tmp_id,
- psk_or_pre_ms,
- sizeof(psk_or_pre_ms));
- OPENSSL_cleanse(tmp_id, sizeof(tmp_id));
-
- if (psk_len > PSK_MAX_PSK_LEN) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto psk_err;
- } else if (psk_len == 0) {
- /*
- * PSK related to the given identity not found
- */
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_PSK_IDENTITY_NOT_FOUND);
- al = SSL_AD_UNKNOWN_PSK_IDENTITY;
- goto psk_err;
- }
-
- /* create PSK pre_master_secret */
- pre_ms_len = 2 + psk_len + 2 + psk_len;
- t = psk_or_pre_ms;
- memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
- s2n(psk_len, t);
- memset(t, 0, psk_len);
- t += psk_len;
- s2n(psk_len, t);
-
- OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = BUF_strdup((char *)p);
- if (s->session->psk_identity == NULL) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- goto psk_err;
- }
-
- OPENSSL_free(s->session->psk_identity_hint);
- s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
- if (s->ctx->psk_identity_hint != NULL &&
- s->session->psk_identity_hint == NULL) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- goto psk_err;
- }
-
- if (!ssl_generate_master_secret(s, psk_or_pre_ms, pre_ms_len, 0)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
- psk_err = 0;
- psk_err:
- if (psk_err != 0) {
- OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
- goto f_err;
- }
- } else
-#endif
#ifndef OPENSSL_NO_SRP
if (alg_k & SSL_kSRP) {
int param_len;
@@ -2820,6 +2830,10 @@ int ssl3_get_client_key_exchange(SSL *s)
EC_KEY_free(srvr_ecdh);
BN_CTX_free(bn_ctx);
#endif
+#ifndef OPENSSL_NO_PSK
+ OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+ s->s3->tmp.psk = NULL;
+#endif
s->state = SSL_ST_ERR;
return (-1);
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 7f932b0..da64301 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -314,6 +314,9 @@ static const SSL_CIPHER cipher_aliases[] = {
0, 0, 0},

{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},

@@ -342,7 +345,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_PSK, 0, SSL_PSK, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},

/* symmetric encryption aliases */
@@ -492,22 +495,22 @@ void ssl_load_ciphers(void)
disabled_auth_mask = 0;

#ifdef OPENSSL_NO_RSA
- disabled_mkey_mask |= SSL_kRSA;
+ disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
disabled_auth_mask |= SSL_aRSA;
#endif
#ifdef OPENSSL_NO_DSA
disabled_auth_mask |= SSL_aDSS;
#endif
#ifdef OPENSSL_NO_DH
- disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE;
+ disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE | SSL_kDHEPSK;
disabled_auth_mask |= SSL_aDH;
#endif
#ifdef OPENSSL_NO_EC
- disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr;
+ disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK;
disabled_auth_mask |= SSL_aECDSA | SSL_aECDH;
#endif
#ifdef OPENSSL_NO_PSK
- disabled_mkey_mask |= SSL_kPSK;
+ disabled_mkey_mask |= SSL_PSK;
disabled_auth_mask |= SSL_aPSK;
#endif
#ifdef OPENSSL_NO_SRP
@@ -1626,6 +1629,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kPSK:
kx = "PSK";
break;
+ case SSL_kRSAPSK:
+ kx = "RSAPSK";
+ break;
+ case SSL_kECDHEPSK:
+ kx = "ECDHEPSK";
+ break;
+ case SSL_kDHEPSK:
+ kx = "DHEPSK";
+ break;
case SSL_kSRP:
kx = "SRP";
break;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d20d95b..5a0ec8a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2112,6 +2112,12 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
mask_a |= SSL_aPSK;
emask_k |= SSL_kPSK;
emask_a |= SSL_aPSK;
+ if (mask_k & SSL_kRSA)
+ mask_k |= SSL_kRSAPSK;
+ if (mask_k & SSL_kDHE)
+ mask_k |= SSL_kDHEPSK;
+ if (mask_k & SSL_kECDHE)
+ mask_k |= SSL_kECDHEPSK;
#endif

s->s3->tmp.mask_k = mask_k;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1cdcb8b..c75219b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -315,6 +315,14 @@
/* SRP */
# define SSL_kSRP 0x00000400L

+# define SSL_kRSAPSK 0x00000800L
+# define SSL_kECDHEPSK 0x00001000L
+# define SSL_kDHEPSK 0x00002000L
+
+/* all PSK */
+
+#define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
+
/* Bits for algorithm_auth (server authentication) */
/* RSA auth */
# define SSL_aRSA 0x00000001L
@@ -1269,6 +1277,11 @@ typedef struct ssl3_state_st {
/* Temporary storage for premaster secret */
unsigned char *pms;
size_t pmslen;
+#ifndef OPENSSL_NO_PSK
+ /* Temporary storage for PSK key */
+ unsigned char *psk;
+ size_t psklen;
+#endif
/*
* signature algorithms peer reports: e.g. supported signature
* algorithms extension for server or as part of a certificate
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e593654..47abf2b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1111,7 +1111,7 @@ void ssl_set_client_disabled(SSL *s)
/* with PSK there must be client callback set */
if (!s->psk_client_callback) {
s->s3->tmp.mask_a |= SSL_aPSK;
- s->s3->tmp.mask_k |= SSL_kPSK;
+ s->s3->tmp.mask_k |= SSL_PSK;
}
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
@@ -1157,7 +1157,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,

alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)
+ if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)
|| (alg_a & SSL_aECDSA))) {
using_ecc = 1;
break;
@@ -4165,7 +4165,7 @@ DH *ssl_get_auto_dh(SSL *s)
int dh_secbits = 80;
if (s->cert->dh_tmp_auto == 2)
return DH_get_1024_160();
- if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
+ if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
if (s->s3->tmp.new_cipher->strength_bits == 256)
dh_secbits = 128;
else
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 40c5beb..74d157d 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -928,6 +928,18 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
*pname = "PSK";
return SSL_kPSK;
}
+ if (alg_k & SSL_kRSAPSK) {
+ *pname = "RSAPSK";
+ return SSL_kRSAPSK;
+ }
+ if (alg_k & SSL_kDHEPSK) {
+ *pname = "DHEPSK";
+ return SSL_kDHEPSK;
+ }
+ if (alg_k & SSL_kECDHEPSK) {
+ *pname = "ECDHEPSK";
+ return SSL_kECDHEPSK;
+ }
if (alg_k & SSL_kSRP) {
*pname = "SRP";
return SSL_kSRP;
@@ -948,9 +960,15 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
id = ssl_get_keyex(&algname, ssl);
BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+ if (id & SSL_PSK) {
+ if (!ssl_print_hexbuf(bio, indent + 2,
+ "psk_identity", 2, &msg, &msglen))
+ return 0;
+ }
switch (id) {

case SSL_kRSA:
+ case SSL_kRSAPSK:
if (TLS1_get_version(ssl) == SSL3_VERSION) {
ssl_print_hex(bio, indent + 2,
"EncyptedPreMasterSecret", msg, msglen);
@@ -971,6 +989,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
break;
}
case SSL_kDHE:
+ case SSL_kDHEPSK:
if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen))
return 0;
break;
@@ -983,19 +1002,14 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
break;
}
case SSL_kECDHE:
+ case SSL_kECDHEPSK:
if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen))
return 0;
break;

- case SSL_kPSK:
- if (!ssl_print_hexbuf(bio, indent + 2,
- "psk_identity", 2, &msg, &msglen))
- return 0;
- break;
-
}

- return 1;
+ return !msglen;
}

static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
@@ -1006,6 +1020,11 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
id = ssl_get_keyex(&algname, ssl);
BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+ if (id & SSL_PSK) {
+ if (!ssl_print_hexbuf(bio, indent + 2,
+ "psk_identity_hint", 2, &msg, &msglen))
+ return 0;
+ }
switch (id) {
/* Should never happen */
case SSL_kDHd:
@@ -1027,6 +1046,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
break;

case SSL_kDHE:
+ case SSL_kDHEPSK:
if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen))
return 0;
if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen))
@@ -1036,6 +1056,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
break;

case SSL_kECDHE:
+ case SSL_kECDHEPSK:
if (msglen < 1)
return 0;
BIO_indent(bio, indent + 2, 80);
@@ -1054,17 +1075,19 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
msglen -= 3;
if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))
return 0;
+ } else {
+ BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]);
+ return 0;
}
break;

case SSL_kPSK:
- if (!ssl_print_hexbuf(bio, indent + 2,
- "psk_identity_hint", 2, &msg, &msglen))
- return 0;
- /* No signature */
- return 1;
+ case SSL_kRSAPSK:
+ break;
}
- return ssl_print_signature(bio, indent, ssl, &msg, &msglen);
+ if (!(id & SSL_PSK))
+ ssl_print_signature(bio, indent, ssl, &msg, &msglen);
+ return !msglen;
}

static int ssl_print_certificate(BIO *bio, int indent,

[Rich Salz]

The branch master has been updated

via 119ab03aea4850297b2a886f067ae74ab3fba86e (commit)
from 3df16cc2e27f75eac2c0991248b0c294e2c847b5 (commit)


- Log -----------------------------------------------------------------
commit 119ab03aea4850297b2a886f067ae74ab3fba86e
Author: Nicholas Cooper <qza2...@gmail.com>
Date: Wed Jul 29 21:44:59 2015 -0400

RT3959: Fix misleading comment

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

include/openssl/dh.h | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index e0f4b57..f1de53d 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -142,7 +142,7 @@ struct dh_st {
BIGNUM *p;
BIGNUM *g;
long length; /* optional */
- BIGNUM *pub_key; /* g^x */
+ BIGNUM *pub_key; /* g^x % p */
BIGNUM *priv_key; /* x */
int flags;
BN_MONT_CTX *method_mont_p;

[Rich Salz]

The branch master has been updated

via 902c6b95a3a3dbf7e5e3dd4b11ec58300ccb8a97 (commit)
from 119ab03aea4850297b2a886f067ae74ab3fba86e (commit)


- Log -----------------------------------------------------------------
commit 902c6b95a3a3dbf7e5e3dd4b11ec58300ccb8a97
Author: Adam Eijdenberg <eijde...@google.com>
Date: Wed Jul 29 21:42:14 2015 -0400

RT3961: Fix switch/case errors in flag parsing

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/genrsa.c | 1 +
apps/pkeyutl.c | 1 +
apps/req.c | 1 -
3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/genrsa.c b/apps/genrsa.c
index bb8437f..1fea351 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -141,6 +141,7 @@ int genrsa_main(int argc, char **argv)
break;
case OPT_OUT:
outfile = opt_arg();
+ break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 4c267c1..741dd64 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -200,6 +200,7 @@ int pkeyutl_main(int argc, char **argv)
break;
case OPT_REV:
rev = 1;
+ break;
case OPT_ENCRYPT:
pkey_op = EVP_PKEY_OP_ENCRYPT;
break;
diff --git a/apps/req.c b/apps/req.c
index b3220ba..a16febd 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -344,7 +344,6 @@ int req_main(int argc, char **argv)
case OPT_NO_ASN1_KLUDGE:
kludge = 0;
break;
- multirdn = 1;
case OPT_DAYS:
days = atoi(opt_arg());
break;

[Rich Salz]

The branch master has been updated

via e46bcca25e85a361d3ce8431ec5ccc2382ee5569 (commit)
from 902c6b95a3a3dbf7e5e3dd4b11ec58300ccb8a97 (commit)


- Log -----------------------------------------------------------------
commit e46bcca25e85a361d3ce8431ec5ccc2382ee5569
Author: Adam Eijdenberg <eijde...@google.com>
Date: Wed Jul 29 21:38:22 2015 -0400

RT3962: Check accept_count only if not unlimited

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/ocsp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index b6397b8..44f5841 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -666,7 +666,8 @@ int ocsp_main(int argc, char **argv)

/* If running as responder don't verify our own response */
if (cbio) {
- if (--accept_count <= 0) {
+ /* If not unlimited, see if we took all we should. */
+ if (accept_count != -1 && --accept_count <= 0) {
ret = 0;
goto end;

[Rich Salz]

The branch master has been updated

via be0c03618a53fc539761eb5f0e300d68554f85c9 (commit)
from e46bcca25e85a361d3ce8431ec5ccc2382ee5569 (commit)


- Log -----------------------------------------------------------------
commit be0c03618a53fc539761eb5f0e300d68554f85c9
Author: Adam Eijdenberg <eijde...@google.com>
Date: Wed Jul 29 21:34:35 2015 -0400

RT3963: Allow OCSP stapling with -rev and -www

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/s_server.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 3143078..a1fcb6e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1871,6 +1871,14 @@ int s_server_main(int argc, char *argv[])
if (ctx2)
SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
}
+ if (s_tlsextstatus) {
+ SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+ SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+ if (ctx2) {
+ SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb);
+ SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp);
+ }
+ }

BIO_printf(bio_s_out, "ACCEPT\n");
(void)BIO_flush(bio_s_out);
@@ -1989,10 +1997,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_callback(con, tlsext_cb);
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
- if (s_tlsextstatus) {
- SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
- SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
- }

if (context
&& !SSL_set_session_id_context(con,

[Rich Salz]

The branch master has been updated

via 898ea7b855541b5809e25944c8dada7b50775fd3 (commit)
from be0c03618a53fc539761eb5f0e300d68554f85c9 (commit)


- Log -----------------------------------------------------------------
commit 898ea7b855541b5809e25944c8dada7b50775fd3
Author: Kai Engert <ka...@kuix.de>
Date: Wed Jul 29 17:41:00 2015 -0400

RT3742: Add xmpp_server to s_client.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/s_client.c | 9 +++++++--
doc/apps/s_client.pod | 7 ++++---
2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 559cf70..a5fddca 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -513,7 +513,8 @@ OPTIONS s_client_options[] = {
{"tls1", OPT_TLS1, '-', "Just use TLSv1"},
{"starttls", OPT_STARTTLS, 's',
"Use the STARTTLS command before starting TLS"},
- {"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""},
+ {"xmpphost", OPT_XMPPHOST, 's',
+ "Host to use with \"-starttls xmpp[-server]\""},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
@@ -608,6 +609,7 @@ typedef enum PROTOCOL_choice {
PROTO_FTP,
PROTO_TELNET,
PROTO_XMPP,
+ PROTO_XMPP_SERVER,
PROTO_CONNECT
} PROTOCOL_CHOICE;

@@ -617,6 +619,7 @@ static OPT_PAIR services[] = {
{"imap", PROTO_IMAP},
{"ftp", PROTO_FTP},
{"xmpp", PROTO_XMPP},
+ {"xmpp-server", PROTO_XMPP_SERVER},
{"telnet", PROTO_TELNET},
{NULL}
};
@@ -1548,11 +1551,13 @@ int s_client_main(int argc, char **argv)
}
break;
case PROTO_XMPP:
+ case PROTO_XMPP_SERVER:
{
int seen = 0;
BIO_printf(sbio, "<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
- "xmlns='jabber:client' to='%s' version='1.0'>",
+ "xmlns='jabber:%s' to='%s' version='1.0'>",
+ starttls_proto == PROTO_XMPP ? "client" : "server",
xmpphost ? xmpphost : host);
seen = BIO_read(sbio, mbuf, BUFSIZZ);
mbuf[seen] = 0;
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 12a6ef7..e91b9f1 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -288,12 +288,13 @@ command for more information.

send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
+supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp",
+and "xmpp-server".

=item B<-xmpphost hostname>

-This option, when used with "-starttls xmpp", specifies the host for the
-"to" attribute of the stream element.
+This option, when used with "-starttls xmpp" or "-starttls xmpp-server",
+specifies the host for the "to" attribute of the stream element.
If this option is not specified, then the host specified with "-connect"
will be used.

[Rich Salz]

The branch master has been updated

via 740ceb5b0c844f1fe9b96983cc175d19795e7aa0 (commit)
from 898ea7b855541b5809e25944c8dada7b50775fd3 (commit)


- Log -----------------------------------------------------------------
commit 740ceb5b0c844f1fe9b96983cc175d19795e7aa0
Author: Rich Salz <rs...@akamai.com>
Date: Fri Jul 31 11:52:57 2015 -0400

Various doc fixes from GH pull requests

Thanks folks:
348 Benjamin Kaduk
317 Christian Brueffer
254 Erik Tews
253 Erik Tews
219 Carl Mehner
155 (ghost)
95 mancha
51 DominikNeubauer

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 2 +-
README | 2 +-
apps/s_client.c | 2 +-
doc/HOWTO/keys.txt | 5 ++---
doc/apps/pkcs12.pod | 2 +-
doc/apps/req.pod | 11 +++++------
doc/crypto/EVP_EncryptInit.pod | 2 +-
doc/crypto/EVP_SealInit.pod | 2 +-
doc/crypto/engine.pod | 10 +++++-----
9 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/CHANGES b/CHANGES
index c5be241..cd75e0b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -162,7 +162,7 @@
[mancha <man...@zoho.com>]

*) Fix eckey_priv_encode so it immediately returns an error upon a failure
- in i2d_ECPrivateKey.
+ in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue.
[mancha <man...@zoho.com>]

*) Fix some double frees. These are not thought to be exploitable.
diff --git a/README b/README
index 40c2e83..13464f2 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@

OpenSSL 1.1.0-dev

- Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

diff --git a/apps/s_client.c b/apps/s_client.c
index a5fddca..f4132c8 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -588,7 +588,7 @@ OPTIONS s_client_options[] = {
"SRP username into second ClientHello message"},
{"srp_moregroups", OPT_SRP_MOREGROUPS, '-',
"Tolerate other than the known g N values."},
- {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"},
+ {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal length in bits for N"},
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
diff --git a/doc/HOWTO/keys.txt b/doc/HOWTO/keys.txt
index 7ae2a3a..ba0314f 100644
--- a/doc/HOWTO/keys.txt
+++ b/doc/HOWTO/keys.txt
@@ -40,9 +40,8 @@ consider insecure or to be insecure pretty soon.

3. To generate a DSA key

-A DSA key can be used for signing only. This is important to keep
-in mind to know what kind of purposes a certificate request with a
-DSA key can really be used for.
+A DSA key can be used for signing only. It is important to
+know what a certificate request with a DSA key can really be used for.

Generating a key for the DSA algorithm is a two-step process. First,
you have to generate parameters from which to generate the key:
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 8e0d917..7449848 100644
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -216,7 +216,7 @@ key is encrypted using triple DES and the certificate using 40 bit RC2.

these options allow the algorithm used to encrypt the private key and
certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name
-can be used (see B<NOTES> section for more information). If a a cipher name
+can be used (see B<NOTES> section for more information). If a cipher name
(as output by the B<list-cipher-algorithms> command is specified then it
is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
use PKCS#12 algorithms.
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 9e8e1ab..2ce2bca 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -30,7 +30,6 @@ B<openssl> B<req>
[B<-keygen_engine id>]
[B<-[digest]>]
[B<-config filename>]
-[B<-subj arg>]
[B<-multivalue-rdn>]
[B<-x509>]
[B<-days n>]
@@ -506,16 +505,16 @@ Examine and verify certificate request:

Create a private key and then generate a certificate request from it:

- openssl genrsa -out key.pem 1024
+ openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out req.pem

The same but just using req:

- openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
+ openssl req -newkey rsa:2048 -keyout key.pem -out req.pem

Generate a self signed root certificate:

- openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
+ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem

Example of a file pointed to by the B<oid_file> option:

@@ -531,7 +530,7 @@ expansion:
Sample configuration file prompting for field values:

[ req ]
- default_bits = 1024
+ default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -572,7 +571,7 @@ Sample configuration containing all field values:
RANDFILE = $ENV::HOME/.rnd

[ req ]
- default_bits = 1024
+ default_bits = 2048
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
index 6d897da..3dfc55d 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -114,7 +114,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
before calling this function. B<type> is normally supplied
-by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the
default implementation is used. B<key> is the symmetric key to use
and B<iv> is the IV to use (if necessary), the actual number of bytes
used for the key and IV depends on the cipher. It is possible to set
diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod
index 7d793e1..19112a5 100644
--- a/doc/crypto/EVP_SealInit.pod
+++ b/doc/crypto/EVP_SealInit.pod
@@ -25,7 +25,7 @@ encrypted using this key.

EVP_SealInit() initializes a cipher context B<ctx> for encryption
with cipher B<type> using a random secret key and IV. B<type> is normally
-supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted
using one or more public keys, this allows the same encrypted data to be
decrypted using any of the corresponding private keys. B<ek> is an array of
buffers where the public key encrypted secret key will be written, each buffer
diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod
index 5eb065c..7f6cd43 100644
--- a/doc/crypto/engine.pod
+++ b/doc/crypto/engine.pod
@@ -192,7 +192,7 @@ to use the pointer value at all, as this kind of reference is a guarantee
that the structure can not be deallocated until the reference is released.

However, a structural reference provides no guarantee that the ENGINE is
-initiliased and able to use any of its cryptographic
+initialised and able to use any of its cryptographic
implementations. Indeed it's quite possible that most ENGINEs will not
initialise at all in typical environments, as ENGINEs are typically used to
support specialised hardware. To use an ENGINE's functionality, you need a
@@ -201,8 +201,8 @@ specialised form of structural reference, because each functional reference
implicitly contains a structural reference as well - however to avoid
difficult-to-find programming bugs, it is recommended to treat the two
kinds of reference independently. If you have a functional reference to an
-ENGINE, you have a guarantee that the ENGINE has been initialised ready to
-perform cryptographic operations and will remain uninitialised
+ENGINE, you have a guarantee that the ENGINE has been initialised and
+is ready to perform cryptographic operations, and will remain initialised
until after you have released your reference.

I<Structural references>
@@ -370,7 +370,7 @@ I<Using a specific ENGINE implementation>
Here we'll assume an application has been configured by its user or admin
to want to use the "ACME" ENGINE if it is available in the version of
OpenSSL the application was compiled with. If it is available, it should be
-used by default for all RSA, DSA, and symmetric cipher operation, otherwise
+used by default for all RSA, DSA, and symmetric cipher operations, otherwise
OpenSSL should use its builtin software as per usual. The following code
illustrates how to approach this;

@@ -401,7 +401,7 @@ I<Automatically using builtin ENGINE implementations>

Here we'll assume we want to load and register all ENGINE implementations
bundled with OpenSSL, such that for any cryptographic algorithm required by
-OpenSSL - if there is an ENGINE that implements it and can be initialise,
+OpenSSL - if there is an ENGINE that implements it and can be initialised,
it should be used. The following code illustrates how this can work;

/* Load all bundled ENGINEs into memory and make them visible */

[Rich Salz]

The branch master has been updated

via 1a586b3942de1c0bd64203d09385d5e74f499d8d (commit)
from 740ceb5b0c844f1fe9b96983cc175d19795e7aa0 (commit)


- Log -----------------------------------------------------------------
commit 1a586b3942de1c0bd64203d09385d5e74f499d8d
Author: Loganaden Velvindron <loga...@gmail.com>
Date: Fri Jul 31 13:20:16 2015 -0400

Clear BN-mont values when free'ing it.

From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/bn/bn_mont.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index e3955fe..1580e97 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -339,9 +339,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
if (mont == NULL)
return;

- BN_free(&(mont->RR));
- BN_free(&(mont->N));
- BN_free(&(mont->Ni));
+ BN_clear_free(&(mont->RR));
+ BN_clear_free(&(mont->N));
+ BN_clear_free(&(mont->Ni));
if (mont->flags & BN_FLG_MALLOCED)
OPENSSL_free(mont);

[Matt Caswell]

The branch master has been updated

via e1e088ec7f2f33c4c4ad31312d62c536441d4358 (commit)
from 1a586b3942de1c0bd64203d09385d5e74f499d8d (commit)


- Log -----------------------------------------------------------------
commit e1e088ec7f2f33c4c4ad31312d62c536441d4358
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 25 14:12:25 2015 +0100

Remove erroneous server_random filling

Commit e481f9b90b164 removed OPENSSL_NO_TLSEXT from the code.

Previously if OPENSSL_NO_TLSEXT *was not* defined then the server random was
filled during getting of the ClientHello. If it *was* defined then the
server random would be filled in ssl3_send_server_hello(). Unfortunately in
commit e481f9b90b164 the OPENSSL_NO_TLSEXT guards were removed but *both*
server random fillings were left in. This could cause problems for session
ticket callbacks.

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_srvr.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 72deedc..718ca2c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1580,19 +1580,16 @@ int ssl3_send_server_hello(SSL *s)
if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
buf = (unsigned char *)s->init_buf->data;

- p = s->s3->server_random;
- if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
- s->state = SSL_ST_ERR;
- return -1;
- }
-
/* Do the message type and length last */

d = p = ssl_handshake_start(s);

*(p++) = s->version >> 8;
*(p++) = s->version & 0xff;

- /* Random stuff */
+ /*
+ * Random stuff. Filling of the server_random takes place in
+ * ssl3_get_client_hello()
+ */
memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
p += SSL3_RANDOM_SIZE;

[Ben Laurie]

The branch master has been updated

via 34750dc25d74e3db4c1ba43cd219d3f4825e4c65 (commit)
from e1e088ec7f2f33c4c4ad31312d62c536441d4358 (commit)


- Log -----------------------------------------------------------------
commit 34750dc25d74e3db4c1ba43cd219d3f4825e4c65
Author: Ben Laurie <b...@links.org>
Date: Fri Jul 31 09:49:20 2015 +0100

Only define PAGE_SIZE if not already defined.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/sec_mem.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/sec_mem.c b/crypto/sec_mem.c
index 5bf8baa..a630cbc 100644
--- a/crypto/sec_mem.c
+++ b/crypto/sec_mem.c
@@ -26,7 +26,9 @@
#define LOCK() CRYPTO_w_lock(CRYPTO_LOCK_MALLOC)
#define UNLOCK() CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC)
#define CLEAR(p, s) OPENSSL_cleanse(p, s)
-#define PAGE_SIZE 4096
+#ifndef PAGE_SIZE
+# define PAGE_SIZE 4096
+#endif

#ifdef IMPLEMENTED
size_t secure_mem_used;

[Rich Salz]

The branch master has been updated

via e36ce2d986a5edbd33d6d176fb95c8046fae9725 (commit)
from 34750dc25d74e3db4c1ba43cd219d3f4825e4c65 (commit)


- Log -----------------------------------------------------------------
commit e36ce2d986a5edbd33d6d176fb95c8046fae9725
Author: Dirk Wetter <di...@testssl.sh>
Date: Fri Jul 31 13:02:51 2015 -0400

GH336: Return an exit code if report fails

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

util/selftest.pl | 1 +

1 file changed, 1 insertion(+)

diff --git a/util/selftest.pl b/util/selftest.pl
index 7b32e9f..59842ef 100644
--- a/util/selftest.pl
+++ b/util/selftest.pl
@@ -199,3 +199,4 @@ while (<IN>) {
}
print "\nTest report in file $report\n";

+die if $ok != 2;

[Ben Laurie]

The branch master has been updated

via 9e83e6cda97ae9cb3167e5d8548a7ca0b54cc4e6 (commit)
from e36ce2d986a5edbd33d6d176fb95c8046fae9725 (commit)


- Log -----------------------------------------------------------------
commit 9e83e6cda97ae9cb3167e5d8548a7ca0b54cc4e6
Author: Ben Laurie <b...@links.org>
Date: Sat Aug 1 15:55:19 2015 +0100

Make BSD make happy with subdirectories.

Reviewed-by: Richard Levitte

-----------------------------------------------------------------------

Summary of changes:
ssl/Makefile | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/ssl/Makefile b/ssl/Makefile
index d1fc049..973276a 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -45,6 +45,10 @@ HEADER= ssl_locl.h record/record_locl.h record/record.h

ALL= $(GENERAL) $(SRC) $(HEADER)

+# BSD make and GNU make disagree on where output goes
+.c.o:
+ $(CC) $(CFLAGS) -c $< -o $@
+
top:
(cd ..; $(MAKE) DIRS=$(DIR) all)

[Ben Laurie]

The branch master has been updated

via 480405e4a9a8f791324850c4f6b3d36d4e4de4f9 (commit)
via d237a2739c91eb97a7be57989de0a18051f98963 (commit)
from 9e83e6cda97ae9cb3167e5d8548a7ca0b54cc4e6 (commit)


- Log -----------------------------------------------------------------
commit 480405e4a9a8f791324850c4f6b3d36d4e4de4f9
Author: Ben Laurie <b...@links.org>
Date: Sun Aug 2 02:45:44 2015 +0100

Add -Wconditional-uninitialized to clang strict warnings.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit d237a2739c91eb97a7be57989de0a18051f98963
Author: Ben Laurie <b...@links.org>
Date: Sun Aug 2 02:21:46 2015 +0100

Build with --strict-warnings on FreeBSD.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

Configurations/10-main.conf | 2 +-
Configure | 4 ++--
apps/s_client.c | 2 +-
apps/verify.c | 46 ++++++++++++++++++++++-----------------------
4 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index b5d32b6..15af87e 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -830,7 +830,7 @@
# expands it as -lc_r, which has to be accompanied by explicit
# -D_THREAD_SAFE and sometimes -D_REENTRANT. FreeBSD 5.x
# expands it as -lc_r, which seems to be sufficient?
- cc => "gcc",
+ cc => "cc",
cflags => "-Wall",
debug_cflags => "-O0 -g",
release_cflags => "-O3",
diff --git a/Configure b/Configure
index 6cc05bd..fb20e85 100755
--- a/Configure
+++ b/Configure
@@ -101,13 +101,13 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare

# These are used in addition to $gcc_devteam_warn when the compiler is clang.
# TODO(openssl-team): fix problems and investigate if (at least) the
-# following warnings can also be enabled: -Wconditional-uninitialized,
+# following warnings can also be enabled:
# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
# -Wmissing-variable-declarations,
# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
# -Wextended-offsetof
-my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments";

my $strict_warnings = 0;

diff --git a/apps/s_client.c b/apps/s_client.c
index f4132c8..5971f8a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -656,7 +656,7 @@ int s_client_main(int argc, char **argv)
int prexit = 0;
int enable_timeouts = 0, sdebug = 0, peerlen = sizeof peer;
int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
- int ret = 1, in_init = 1, i, nbio_test = 0, s, k, width, state = 0;
+ int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0;
int sbuf_len, sbuf_off, socket_type = SOCK_STREAM, cmdletters = 1;
int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
diff --git a/apps/verify.c b/apps/verify.c
index 7fcd32a..8abc708 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -272,37 +272,35 @@ static int check(X509_STORE *ctx, char *file,
if (crls)
X509_STORE_CTX_set0_crls(csc, crls);
i = X509_verify_cert(csc);
- if (i > 0 && show_chain) {
- chain = X509_STORE_CTX_get1_chain(csc);
- num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+ if (i > 0) {
+ printf("OK\n");
+ ret = 1;
+ if (show_chain) {
+ chain = X509_STORE_CTX_get1_chain(csc);
+ num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+ printf("Chain:\n");
+ for (i = 0; i < sk_X509_num(chain); i++) {
+ X509 *cert = sk_X509_value(chain, i);
+ printf("depth=%d: ", i);
+ X509_NAME_print_ex_fp(stdout,
+ X509_get_subject_name(cert),
+ 0, XN_FLAG_ONELINE);
+ if (i < num_untrusted)
+ printf(" (untrusted)");
+ printf("\n");
+ }
+ sk_X509_pop_free(chain, X509_free);
+ }
}
X509_STORE_CTX_free(csc);

ret = 0;
end:
- if (i > 0) {
- printf("OK\n");
- ret = 1;
- } else
- ERR_print_errors(bio_err);
- if (chain) {
- printf("Chain:\n");
- for (i = 0; i < sk_X509_num(chain); i++) {
- X509 *cert = sk_X509_value(chain, i);
- printf("depth=%d: ", i);
- X509_NAME_print_ex_fp(stdout,
- X509_get_subject_name(cert),
- 0, XN_FLAG_ONELINE);
- if (i < num_untrusted) {
- printf(" (untrusted)");
- }
- printf("\n");
- }
- sk_X509_pop_free(chain, X509_free);
- }
+ if (i <= 0)
+ ERR_print_errors(bio_err);
X509_free(x);

- return (ret);
+ return ret;
}

static int cb(int ok, X509_STORE_CTX *ctx)

[Dr. Stephen Henson]

The branch master has been updated

via 5a168057bc1cdf4151226545c4f2ed4d4ad9622b (commit)
from 480405e4a9a8f791324850c4f6b3d36d4e4de4f9 (commit)


- Log -----------------------------------------------------------------
commit 5a168057bc1cdf4151226545c4f2ed4d4ad9622b

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Aug 2 14:28:50 2015 +0100

don't reset return value to 0

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/verify.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/apps/verify.c b/apps/verify.c
index 8abc708..740dae2 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -294,7 +294,6 @@ static int check(X509_STORE *ctx, char *file,
}
X509_STORE_CTX_free(csc);

- ret = 0;
end:
if (i <= 0)
ERR_print_errors(bio_err);

[Ben Laurie]

The branch master has been updated

via bb484020c3f22bcb76cc3d18b5965c8b132770dc (commit)
from 5a168057bc1cdf4151226545c4f2ed4d4ad9622b (commit)


- Log -----------------------------------------------------------------
commit bb484020c3f22bcb76cc3d18b5965c8b132770dc
Author: Ben Laurie <b...@links.org>
Date: Sun Aug 2 16:04:27 2015 +0100

Fix refactoring breakage.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
apps/verify.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/apps/verify.c b/apps/verify.c
index 740dae2..ce0ad24 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -276,16 +276,18 @@ static int check(X509_STORE *ctx, char *file,
printf("OK\n");
ret = 1;
if (show_chain) {
+ int j;
+
chain = X509_STORE_CTX_get1_chain(csc);
num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);

printf("Chain:\n");
- for (i = 0; i < sk_X509_num(chain); i++) {
- X509 *cert = sk_X509_value(chain, i);
- printf("depth=%d: ", i);

+ for (j = 0; j < sk_X509_num(chain); j++) {
+ X509 *cert = sk_X509_value(chain, j);
+ printf("depth=%d: ", j);
X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(cert),

0, XN_FLAG_ONELINE);
- if (i < num_untrusted)

+ if (j < num_untrusted)
printf(" (untrusted)");
printf("\n");

[Matt Caswell]

The branch master has been updated

via 9ceb2426b0a7972434a49a34e78bdcc6437e04ad (commit)
via 6fc2ef20a92a318aa5aacf9c907fa70df98f6a41 (commit)
via 7e729bb5a3ff1b940061045d1f83b7fc01d32b4b (commit)
from bb484020c3f22bcb76cc3d18b5965c8b132770dc (commit)


- Log -----------------------------------------------------------------
commit 9ceb2426b0a7972434a49a34e78bdcc6437e04ad
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 16 10:06:25 2015 +0100

PACKETise ClientHello processing

Uses the new PACKET code to process the incoming ClientHello including all
extensions etc.

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 6fc2ef20a92a318aa5aacf9c907fa70df98f6a41
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Apr 17 16:10:23 2015 +0100

PACKET unit tests

Add some unit tests for the new PACKET API

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 7e729bb5a3ff1b940061045d1f83b7fc01d32b4b
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Apr 14 17:01:29 2015 +0100

Add initial packet parsing code

Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/Makefile | 1246 +++++++++++++++++++++++++++--------------------------
ssl/d1_srtp.c | 57 +--
ssl/packet_locl.h | 394 +++++++++++++++++
ssl/s3_srvr.c | 169 ++++----
ssl/ssl_locl.h | 18 +-
ssl/ssl_sess.c | 11 +-
ssl/t1_lib.c | 407 +++++++++--------
ssl/t1_reneg.c | 19 +-
test/Makefile | 49 ++-
test/packettest.c | 317 ++++++++++++++
10 files changed, 1730 insertions(+), 957 deletions(-)
create mode 100644 ssl/packet_locl.h
create mode 100644 test/packettest.c

diff --git a/ssl/Makefile b/ssl/Makefile
index 973276a..b8ae9c3 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -95,43 +95,45 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.

bio_ssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-bio_ssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
+bio_ssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+bio_ssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+bio_ssl.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+bio_ssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c packet_locl.h
bio_ssl.o: record/record.h ssl_locl.h
d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-d1_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_both.o: ../include/openssl/x509_vfy.h d1_both.c record/record.h ssl_locl.h
+d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_both.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c
+d1_both.o: packet_locl.h record/record.h ssl_locl.h
d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -152,82 +154,86 @@ d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c
-d1_clnt.o: record/record.h ssl_locl.h
+d1_clnt.o: packet_locl.h record/record.h ssl_locl.h
d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-d1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c
-d1_lib.o: record/record.h ssl_locl.h
+d1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c packet_locl.h record/record.h
+d1_lib.o: ssl_locl.h
d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-d1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c
+d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_meth.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c packet_locl.h
d1_meth.o: record/record.h ssl_locl.h
d1_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_msg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_msg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_msg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_msg.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_msg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-d1_msg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_msg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_msg.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_msg.c
-d1_msg.o: record/record.h ssl_locl.h
+d1_msg.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_msg.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_msg.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_msg.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_msg.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_msg.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_msg.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+d1_msg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_msg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_msg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_msg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_msg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_msg.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_msg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+d1_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_msg.o: ../include/openssl/x509_vfy.h d1_msg.c packet_locl.h record/record.h
+d1_msg.o: ssl_locl.h
d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_srtp.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_srtp.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_srtp.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_srtp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_srtp.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_srtp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_srtp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-d1_srtp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_srtp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_srtp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_srtp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_srtp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_srtp.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_srtp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_srtp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_srtp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_srtp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srtp.c
+d1_srtp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_srtp.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_srtp.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+d1_srtp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+d1_srtp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+d1_srtp.o: ../include/openssl/err.h ../include/openssl/evp.h
+d1_srtp.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+d1_srtp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_srtp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_srtp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_srtp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_srtp.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_srtp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_srtp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+d1_srtp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_srtp.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_srtp.o: ../include/openssl/x509_vfy.h d1_srtp.c packet_locl.h
d1_srtp.o: record/record.h ssl_locl.h
d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -249,108 +255,113 @@ d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
-d1_srvr.o: record/record.h ssl_locl.h
+d1_srvr.o: packet_locl.h record/record.h ssl_locl.h
dtls1_bitmap.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dtls1_bitmap.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-dtls1_bitmap.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-dtls1_bitmap.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-dtls1_bitmap.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-dtls1_bitmap.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-dtls1_bitmap.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-dtls1_bitmap.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dtls1_bitmap.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dtls1_bitmap.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dtls1_bitmap.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dtls1_bitmap.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-dtls1_bitmap.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dtls1_bitmap.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-dtls1_bitmap.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-dtls1_bitmap.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-dtls1_bitmap.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-dtls1_bitmap.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-dtls1_bitmap.o: dtls1_bitmap.c record/../record/record.h record/../ssl_locl.h
-dtls1_bitmap.o: record/dtls1_bitmap.c record/record_locl.h
+dtls1_bitmap.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dtls1_bitmap.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+dtls1_bitmap.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+dtls1_bitmap.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+dtls1_bitmap.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+dtls1_bitmap.o: ../include/openssl/err.h ../include/openssl/evp.h
+dtls1_bitmap.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+dtls1_bitmap.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dtls1_bitmap.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dtls1_bitmap.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dtls1_bitmap.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dtls1_bitmap.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+dtls1_bitmap.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dtls1_bitmap.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+dtls1_bitmap.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+dtls1_bitmap.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dtls1_bitmap.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+dtls1_bitmap.o: ../include/openssl/x509_vfy.h dtls1_bitmap.c
+dtls1_bitmap.o: record/../packet_locl.h record/../record/record.h
+dtls1_bitmap.o: record/../ssl_locl.h record/dtls1_bitmap.c record/record_locl.h
rec_layer_d1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rec_layer_d1.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-rec_layer_d1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-rec_layer_d1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-rec_layer_d1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-rec_layer_d1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-rec_layer_d1.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-rec_layer_d1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rec_layer_d1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rec_layer_d1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rec_layer_d1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rec_layer_d1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-rec_layer_d1.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-rec_layer_d1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rec_layer_d1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-rec_layer_d1.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-rec_layer_d1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rec_layer_d1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-rec_layer_d1.o: ../include/openssl/x509_vfy.h rec_layer_d1.c
+rec_layer_d1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rec_layer_d1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+rec_layer_d1.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+rec_layer_d1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+rec_layer_d1.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+rec_layer_d1.o: ../include/openssl/err.h ../include/openssl/evp.h
+rec_layer_d1.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+rec_layer_d1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rec_layer_d1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rec_layer_d1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rec_layer_d1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rec_layer_d1.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+rec_layer_d1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rec_layer_d1.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+rec_layer_d1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+rec_layer_d1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+rec_layer_d1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+rec_layer_d1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rec_layer_d1.o: rec_layer_d1.c record/../packet_locl.h
rec_layer_d1.o: record/../record/record.h record/../ssl_locl.h
rec_layer_d1.o: record/rec_layer_d1.c record/record_locl.h
rec_layer_s3.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rec_layer_s3.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-rec_layer_s3.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-rec_layer_s3.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-rec_layer_s3.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-rec_layer_s3.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-rec_layer_s3.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-rec_layer_s3.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rec_layer_s3.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rec_layer_s3.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rec_layer_s3.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rec_layer_s3.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-rec_layer_s3.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-rec_layer_s3.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rec_layer_s3.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-rec_layer_s3.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-rec_layer_s3.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rec_layer_s3.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-rec_layer_s3.o: ../include/openssl/x509_vfy.h rec_layer_s3.c
+rec_layer_s3.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rec_layer_s3.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+rec_layer_s3.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+rec_layer_s3.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+rec_layer_s3.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+rec_layer_s3.o: ../include/openssl/err.h ../include/openssl/evp.h
+rec_layer_s3.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+rec_layer_s3.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rec_layer_s3.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rec_layer_s3.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rec_layer_s3.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rec_layer_s3.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+rec_layer_s3.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rec_layer_s3.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+rec_layer_s3.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+rec_layer_s3.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+rec_layer_s3.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+rec_layer_s3.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rec_layer_s3.o: rec_layer_s3.c record/../packet_locl.h
rec_layer_s3.o: record/../record/record.h record/../ssl_locl.h
rec_layer_s3.o: record/rec_layer_s3.c record/record_locl.h
s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_both.o: ../include/openssl/x509_vfy.h record/record.h s3_both.c ssl_locl.h
+s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_both.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s3_both.o: packet_locl.h record/record.h s3_both.c ssl_locl.h
s3_cbc.o: ../e_os.h ../include/internal/constant_time_locl.h
s3_cbc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_cbc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_cbc.o: ../include/openssl/x509_vfy.h record/record.h s3_cbc.c ssl_locl.h
+s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h
+s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h
s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -371,65 +382,69 @@ s3_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h record/record.h s3_clnt.c ssl_locl.h
+s3_clnt.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+s3_clnt.o: s3_clnt.c ssl_locl.h
s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_enc.o: ../include/openssl/x509_vfy.h record/record.h s3_enc.c ssl_locl.h
+s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_enc.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h
+s3_enc.o: record/record.h s3_enc.c ssl_locl.h
s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s3_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-s3_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_lib.o: ../include/openssl/x509_vfy.h record/record.h s3_lib.c ssl_locl.h
+s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h packet_locl.h
+s3_lib.o: record/record.h s3_lib.c ssl_locl.h
s3_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_msg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_msg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_msg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_msg.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_msg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s3_msg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_msg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_msg.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s3_msg.o: record/record.h s3_msg.c ssl_locl.h
+s3_msg.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_msg.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_msg.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_msg.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_msg.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_msg.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_msg.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+s3_msg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_msg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_msg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_msg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_msg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s3_msg.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_msg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s3_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+s3_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_msg.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h s3_msg.c
+s3_msg.o: ssl_locl.h
s3_srvr.o: ../e_os.h ../include/internal/constant_time_locl.h
s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -451,87 +466,91 @@ s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s3_srvr.o: record/record.h s3_srvr.c ssl_locl.h
+s3_srvr.o: packet_locl.h record/record.h s3_srvr.c ssl_locl.h
ssl3_buffer.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl3_buffer.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl3_buffer.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl3_buffer.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl3_buffer.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl3_buffer.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl3_buffer.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl3_buffer.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl3_buffer.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl3_buffer.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl3_buffer.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl3_buffer.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl3_buffer.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl3_buffer.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl3_buffer.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl3_buffer.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl3_buffer.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl3_buffer.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl3_buffer.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl3_buffer.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl3_buffer.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl3_buffer.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl3_buffer.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl3_buffer.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl3_buffer.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl3_buffer.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl3_buffer.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl3_buffer.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl3_buffer.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl3_buffer.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl3_buffer.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl3_buffer.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl3_buffer.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl3_buffer.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl3_buffer.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl3_buffer.o: ../include/openssl/x509_vfy.h record/../packet_locl.h
ssl3_buffer.o: record/../record/record.h record/../ssl_locl.h
ssl3_buffer.o: record/record_locl.h record/ssl3_buffer.c ssl3_buffer.c
ssl3_record.o: ../e_os.h ../include/internal/constant_time_locl.h
ssl3_record.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl3_record.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl3_record.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl3_record.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl3_record.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl3_record.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl3_record.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl3_record.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl3_record.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl3_record.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl3_record.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl3_record.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl3_record.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ssl3_record.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl3_record.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl3_record.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-ssl3_record.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl3_record.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl3_record.o: ../include/openssl/x509_vfy.h record/../record/record.h
+ssl3_record.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl3_record.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl3_record.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl3_record.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl3_record.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl3_record.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl3_record.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl3_record.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl3_record.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl3_record.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl3_record.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl3_record.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+ssl3_record.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl3_record.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl3_record.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl3_record.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl3_record.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl3_record.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl3_record.o: record/../packet_locl.h record/../record/record.h
ssl3_record.o: record/../ssl_locl.h record/record_locl.h record/ssl3_record.c
ssl3_record.o: ssl3_record.c
ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_algs.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_algs.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_algs.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_algs.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_algs.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_algs.o: record/record.h ssl_algs.c ssl_locl.h
+ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_algs.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_algs.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_algs.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+ssl_algs.o: ssl_algs.c ssl_locl.h
ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h
-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_asn1.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_asn1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h record/record.h ssl_asn1.c ssl_locl.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_asn1.o: packet_locl.h record/record.h ssl_asn1.c ssl_locl.h
ssl_cert.o: ../e_os.h ../include/internal/o_dir.h ../include/openssl/asn1.h
ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -552,46 +571,49 @@ ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_cert.o: ../include/openssl/x509v3.h record/record.h ssl_cert.c ssl_locl.h
+ssl_cert.o: ../include/openssl/x509v3.h packet_locl.h record/record.h
+ssl_cert.o: ssl_cert.c ssl_locl.h
ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_ciph.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_ciph.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_ciph.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_ciph.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_ciph.o: ../include/openssl/x509_vfy.h record/record.h ssl_ciph.c ssl_locl.h
+ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_ciph.o: ../include/openssl/engine.h ../include/openssl/err.h
+ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_ciph.o: packet_locl.h record/record.h ssl_ciph.c ssl_locl.h
ssl_conf.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_conf.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_conf.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ssl_conf.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_conf.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_conf.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_conf.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_conf.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_conf.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_conf.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_conf.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_conf.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_conf.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_conf.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_conf.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_conf.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_conf.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_conf.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_conf.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_conf.o: record/record.h ssl_conf.c ssl_locl.h
+ssl_conf.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_conf.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ssl_conf.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ssl_conf.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_conf.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_conf.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_conf.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_conf.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl_conf.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_conf.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_conf.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_conf.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_conf.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_conf.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_conf.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_conf.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl_conf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_conf.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_conf.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+ssl_conf.o: ssl_conf.c ssl_locl.h
ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h
ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
@@ -627,181 +649,190 @@ ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-ssl_lib.o: record/record.h ssl_lib.c ssl_locl.h
+ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_lib.o: ../include/openssl/engine.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_lib.o: ../include/openssl/x509v3.h packet_locl.h record/record.h ssl_lib.c
+ssl_lib.o: ssl_locl.h
ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_rsa.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_rsa.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_rsa.o: record/record.h ssl_locl.h ssl_rsa.c
+ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_rsa.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_rsa.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_rsa.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+ssl_rsa.o: ssl_locl.h ssl_rsa.c
ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_sess.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_sess.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_sess.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_sess.o: record/record.h ssl_locl.h ssl_sess.c
+ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_sess.o: ../include/openssl/engine.h ../include/openssl/err.h
+ssl_sess.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_sess.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_sess.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+ssl_sess.o: ssl_locl.h ssl_sess.c
ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_stat.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_stat.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_stat.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_stat.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_stat.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_stat.o: record/record.h ssl_locl.h ssl_stat.c
+ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_stat.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_stat.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_stat.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+ssl_stat.o: ssl_locl.h ssl_stat.c
ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_txt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_txt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_txt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_txt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_txt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_txt.o: record/record.h ssl_locl.h ssl_txt.c
+ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_txt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_txt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_txt.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+ssl_txt.o: ssl_locl.h ssl_txt.c
ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_utst.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_utst.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_utst.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_utst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_utst.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_utst.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_utst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_utst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_utst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_utst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_utst.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_utst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_utst.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_utst.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_utst.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_utst.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_utst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_utst.o: record/record.h ssl_locl.h ssl_utst.c
+ssl_utst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_utst.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_utst.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_utst.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_utst.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_utst.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_utst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+ssl_utst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_utst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_utst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_utst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_utst.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_utst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_utst.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_utst.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+ssl_utst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_utst.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_utst.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+ssl_utst.o: ssl_locl.h ssl_utst.c
t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_clnt.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_clnt.c
+t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_clnt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+t1_clnt.o: packet_locl.h record/record.h ssl_locl.h t1_clnt.c
t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-t1_enc.o: record/record.h ssl_locl.h t1_enc.c
+t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_enc.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+t1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+t1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_enc.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+t1_enc.o: ssl_locl.h t1_enc.c
t1_ext.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_ext.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_ext.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_ext.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_ext.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_ext.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_ext.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_ext.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-t1_ext.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_ext.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-t1_ext.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_ext.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_ext.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_ext.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_ext.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_ext.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_ext.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_ext.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-t1_ext.o: record/record.h ssl_locl.h t1_ext.c
+t1_ext.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_ext.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_ext.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_ext.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_ext.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_ext.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_ext.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+t1_ext.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_ext.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_ext.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_ext.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_ext.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_ext.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_ext.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_ext.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+t1_ext.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_ext.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_ext.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+t1_ext.o: ssl_locl.h t1_ext.c
t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -823,83 +854,87 @@ t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-t1_lib.o: record/record.h ssl_locl.h t1_lib.c
+t1_lib.o: packet_locl.h record/record.h ssl_locl.h t1_lib.c
t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-t1_meth.o: record/record.h ssl_locl.h t1_meth.c
+t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_meth.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_meth.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+t1_meth.o: ssl_locl.h t1_meth.c
t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_reneg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_reneg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_reneg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_reneg.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_reneg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-t1_reneg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_reneg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-t1_reneg.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_reneg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_reneg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_reneg.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_reneg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-t1_reneg.o: record/record.h ssl_locl.h t1_reneg.c
+t1_reneg.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_reneg.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_reneg.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_reneg.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_reneg.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_reneg.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_reneg.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+t1_reneg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_reneg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_reneg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_reneg.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_reneg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_reneg.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+t1_reneg.o: ssl_locl.h t1_reneg.c
t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_srvr.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_srvr.c
+t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_srvr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+t1_srvr.o: packet_locl.h record/record.h ssl_locl.h t1_srvr.c
t1_trce.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_trce.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_trce.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_trce.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_trce.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_trce.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_trce.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_trce.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-t1_trce.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_trce.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-t1_trce.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_trce.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_trce.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_trce.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_trce.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_trce.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_trce.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_trce.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-t1_trce.o: record/record.h ssl_locl.h t1_trce.c
+t1_trce.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_trce.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_trce.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_trce.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_trce.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_trce.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_trce.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+t1_trce.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_trce.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_trce.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_trce.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_trce.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_trce.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_trce.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_trce.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
+t1_trce.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_trce.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_trce.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+t1_trce.o: ssl_locl.h t1_trce.c
tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -919,4 +954,5 @@ tls_srp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
tls_srp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h
tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-tls_srp.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h tls_srp.c
+tls_srp.o: ../include/openssl/x509_vfy.h packet_locl.h record/record.h
+tls_srp.o: ssl_locl.h tls_srp.c
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 19cf6ff..4384eda 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -266,38 +266,18 @@ int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
return 0;
}

-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
- int *al)
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
{
SRTP_PROTECTION_PROFILE *sprof;
STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
- int ct;
- int mki_len;
+ unsigned int ct, mki_len, id;
int i, srtp_pref;
- unsigned int id;
-
- /* Length value + the MKI length */
- if (len < 3) {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
- SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
- *al = SSL_AD_DECODE_ERROR;
- return 1;
- }
-
- /* Pull off the length of the cipher suite list */
- n2s(d, ct);
- len -= 2;
+ PACKET subpkt;

- /* Check that it is even */
- if (ct % 2) {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
- SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
- *al = SSL_AD_DECODE_ERROR;
- return 1;
- }
-
- /* Check that lengths are consistent */
- if (len < (ct + 1)) {
+ /* Pull off the length of the cipher suite list and check it is even */
+ if (!PACKET_get_net_2(pkt, &ct)
+ || (ct & 1) != 0
+ || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
@@ -309,10 +289,13 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
/* Search all profiles for a match initially */
srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);

- while (ct) {
- n2s(d, id);
- ct -= 2;
- len -= 2;
+ while (PACKET_remaining(&subpkt)) {
+ if (!PACKET_get_net_2(&subpkt, &id)) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+ SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+ *al = SSL_AD_DECODE_ERROR;
+ return 1;
+ }

/*
* Only look for match in profiles of higher preference than
@@ -333,11 +316,15 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
/*
* Now extract the MKI value as a sanity check, but discard it for now
*/
- mki_len = *d;
- d++;
- len--;
+ if (!PACKET_get_1(pkt, &mki_len)) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+ SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+ *al = SSL_AD_DECODE_ERROR;
+ return 1;
+ }

- if (mki_len != len) {
+ if (!PACKET_forward(pkt, mki_len)
+ || PACKET_remaining(pkt)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_DECODE_ERROR;
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
new file mode 100644
index 0000000..4aab5cb
--- /dev/null
+++ b/ssl/packet_locl.h
@@ -0,0 +1,394 @@
+/* ssl/packet_locl.h */
+/*
+ * Written by Matt Caswell for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.

+#ifndef HEADER_PACKET_LOCL_H
+# define HEADER_PACKET_LOCL_H
+
+# include <string.h>
+# include <openssl/bn.h>
+# include <openssl/buffer.h>
+# include "e_os.h"
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+typedef struct {
+ /* Pointer to the start of the buffer data */
+ unsigned char *start;
+
+ /* Pointer to the first byte after the end of the buffer data */
+ unsigned char *end;
+
+ /* Pointer to where we are currently reading from */
+ unsigned char *curr;
+} PACKET;
+
+/*
+ * Returns 1 if there are exactly |len| bytes left to be read from |pkt|
+ * and 0 otherwise
+ */
+__owur static inline size_t PACKET_remaining(PACKET *pkt)
+{
+ return (size_t)(pkt->end - pkt->curr);
+}
+
+/*
+ * Initialise a PACKET with |len| bytes held in |buf|. This does not make a
+ * copy of the data so |buf| must be present for the whole time that the PACKET
+ * is being used.
+ */
+static inline int PACKET_buf_init(PACKET *pkt, unsigned char *buf, size_t len)
+{
+ pkt->start = pkt->curr = buf;
+ pkt->end = pkt->start + len;
+
+ /* Sanity checks */
+ if (pkt->start > pkt->end
+ || pkt->curr < pkt->start
+ || pkt->curr > pkt->end
+ || len != (size_t)(pkt->end - pkt->start)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+/*
+ * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static inline int PACKET_peek_sub_packet(PACKET *pkt, PACKET *subpkt,
+ size_t len)
+{
+ if (PACKET_remaining(pkt) < len)
+ return 0;
+
+ PACKET_buf_init(subpkt, pkt->curr, len);
+
+ return 1;
+}
+
+/*
+ * Initialize |subpkt| with the next |len| bytes read from |pkt|. Data is not
+ * copied: the |subpkt| packet will share its underlying buffer with the
+ * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static inline int PACKET_get_sub_packet(PACKET *pkt, PACKET *subpkt,
+ size_t len)
+{
+ if (!PACKET_peek_sub_packet(pkt, subpkt, len))
+ return 0;
+
+ pkt->curr += len;
+
+ return 1;
+}
+
+/* Peek ahead at 2 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static inline int PACKET_peek_net_2(PACKET *pkt, unsigned int *data)
+{
+ if (PACKET_remaining(pkt) < 2)
+ return 0;
+
+ *data = ((unsigned int)(*pkt->curr)) << 8;
+ *data |= *(pkt->curr + 1);
+
+ return 1;
+}
+
+/* Equivalent of n2s */
+/* Get 2 bytes in network order from |pkt| and store the value in |*data| */
+__owur static inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data)
+{
+ if (!PACKET_peek_net_2(pkt, data))
+ return 0;
+
+ pkt->curr += 2;
+
+ return 1;
+}
+
+/* Peek ahead at 3 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static inline int PACKET_peek_net_3(PACKET *pkt, unsigned long *data)
+{
+ if (PACKET_remaining(pkt) < 3)
+ return 0;
+
+ *data = ((unsigned long)(*pkt->curr)) << 16;
+ *data |= ((unsigned long)(*pkt->curr + 1)) << 8;
+ *data |= *pkt->curr + 2;
+
+ return 1;
+}
+
+/* Equivalent of n2l3 */
+/* Get 3 bytes in network order from |pkt| and store the value in |*data| */
+__owur static inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data)
+{
+ if (!PACKET_peek_net_3(pkt, data))
+ return 0;
+
+ pkt->curr += 3;
+
+ return 1;
+}
+
+/* Peek ahead at 4 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static inline int PACKET_peek_net_4(PACKET *pkt, unsigned long *data)
+{
+ if (PACKET_remaining(pkt) < 4)
+ return 0;
+
+ *data = ((unsigned long)(*pkt->curr)) << 24;
+ *data |= ((unsigned long)(*pkt->curr + 1)) << 16;
+ *data |= ((unsigned long)(*pkt->curr + 2)) << 8;
+ *data |= *pkt->curr+3;
+
+ return 1;
+}
+
+/* Equivalent of n2l */
+/* Get 4 bytes in network order from |pkt| and store the value in |*data| */
+__owur static inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data)
+{
+ if (!PACKET_peek_net_4(pkt, data))
+ return 0;
+
+ pkt->curr += 4;
+
+ return 1;
+}
+
+/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */
+__owur static inline int PACKET_peek_1(PACKET *pkt, unsigned int *data)
+{
+ if (!PACKET_remaining(pkt))
+ return 0;
+
+ *data = *pkt->curr;
+
+ return 1;
+}
+
+/* Get 1 byte from |pkt| and store the value in |*data| */
+__owur static inline int PACKET_get_1(PACKET *pkt, unsigned int *data)
+{
+ if (!PACKET_peek_1(pkt, data))
+ return 0;
+
+ pkt->curr++;
+
+ return 1;
+}
+
+/*
+ * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value
+ * in |*data|
+ */
+__owur static inline int PACKET_peek_4(PACKET *pkt, unsigned long *data)
+{
+ if (PACKET_remaining(pkt) < 4)
+ return 0;
+
+ *data = *pkt->curr;
+ *data |= ((unsigned long)(*pkt->curr + 1)) << 8;
+ *data |= ((unsigned long)(*pkt->curr + 2)) << 16;
+ *data |= ((unsigned long)(*pkt->curr + 3)) << 24;
+
+ return 1;
+}
+
+/* Equivalent of c2l */
+/*
+ * Get 4 bytes in reverse network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static inline int PACKET_get_4(PACKET *pkt, unsigned long *data)
+{
+ if (!PACKET_peek_4(pkt, data))
+ return 0;
+
+ pkt->curr += 4;
+
+ return 1;
+}
+
+/*
+ * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in
+ * |*data|. This just points at the underlying buffer that |pkt| is using. The
+ * caller should not free this data directly (it will be freed when the
+ * underlying buffer gets freed
+ */
+__owur static inline int PACKET_peek_bytes(PACKET *pkt, unsigned char **data,
+ size_t len)
+{
+ if (PACKET_remaining(pkt) < len)
+ return 0;
+
+ *data = pkt->curr;
+
+ return 1;
+}
+
+/*
+ * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This
+ * just points at the underlying buffer that |pkt| is using. The caller should
+ * not free this data directly (it will be freed when the underlying buffer gets
+ * freed
+ */
+__owur static inline int PACKET_get_bytes(PACKET *pkt, unsigned char **data,
+ size_t len)
+{
+ if (!PACKET_peek_bytes(pkt, data, len))
+ return 0;
+
+ pkt->curr += len;
+
+ return 1;
+}
+
+/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */
+__owur static inline int PACKET_peek_copy_bytes(PACKET *pkt,
+ unsigned char *data, size_t len)
+{
+ if (PACKET_remaining(pkt) < len)
+ return 0;
+
+ memcpy(data, pkt->curr, len);
+
+ return 1;
+}
+
+/* Read |len| bytes from |pkt| and copy them to |data| */
+__owur static inline int PACKET_copy_bytes(PACKET *pkt, unsigned char *data,
+ size_t len)
+{
+ if (!PACKET_peek_copy_bytes(pkt, data, len))
+ return 0;
+
+ pkt->curr += len;
+
+ return 1;
+}
+
+/* Move the current reading position back |len| bytes */
+__owur static inline int PACKET_back(PACKET *pkt, size_t len)
+{
+ if (len > (size_t)(pkt->curr - pkt->start))
+ return 0;
+
+ pkt->curr -= len;
+
+ return 1;
+}
+
+/* Move the current reading position forward |len| bytes */
+__owur static inline int PACKET_forward(PACKET *pkt, size_t len)
+{
+ if (PACKET_remaining(pkt) < len)
+ return 0;
+
+ pkt->curr += len;
+
+ return 1;
+}
+
+/* Store a bookmark for the current reading position in |*bm| */
+__owur static inline int PACKET_get_bookmark(PACKET *pkt, size_t *bm)
+{
+ *bm = pkt->curr - pkt->start;
+
+ return 1;
+}
+
+/* Set the current reading position to the bookmark |bm| */
+__owur static inline int PACKET_goto_bookmark(PACKET *pkt, size_t bm)
+{
+ if (bm > (size_t)(pkt->end - pkt->start))
+ return 0;
+
+ pkt->curr = pkt->start + bm;
+
+ return 1;
+}
+
+/*
+ * Stores the total length of the packet we have in the underlying buffer in
+ * |*len|
+ */
+__owur static inline int PACKET_length(PACKET *pkt, size_t *len)
+{
+ *len = pkt->end - pkt->start;
+
+ return 1;
+}
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif /* HEADER_PACKET_LOCL_H */
+
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 718ca2c..bc7f84f 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -862,11 +862,11 @@ int ssl3_send_hello_request(SSL *s)

int ssl3_get_client_hello(SSL *s)
{
- int i, complen, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;
- unsigned int cookie_len;
+ int i, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1;
+ unsigned int j, cipherlen, complen;
+ unsigned int cookie_len = 0;
long n;
unsigned long id;
- unsigned char *p, *d;
SSL_CIPHER *c;
#ifndef OPENSSL_NO_COMP
unsigned char *q = NULL;
@@ -874,6 +874,8 @@ int ssl3_get_client_hello(SSL *s)
#endif
STACK_OF(SSL_CIPHER) *ciphers = NULL;
int protverr = 1;
+ PACKET pkt;
+ unsigned char *sess, *cdata;

if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet)
goto retry_cert;
@@ -897,10 +899,12 @@ int ssl3_get_client_hello(SSL *s)
if (!ok)
return ((int)n);
s->first_packet = 0;
- d = p = (unsigned char *)s->init_msg;
+ PACKET_buf_init(&pkt, s->init_msg, n);

/* First lets get s->client_version set correctly */
if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+ unsigned int version;
+ unsigned int mt;
/*-
* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
* header is sent directly on the wire, not wrapped as a TLS
@@ -916,7 +920,8 @@ int ssl3_get_client_hello(SSL *s)
* ... ...
*/

- if (p[0] != SSL2_MT_CLIENT_HELLO) {
+ if (!PACKET_get_1(&pkt, &mt)
+ || mt != SSL2_MT_CLIENT_HELLO) {
/*
* Should never happen. We should have tested this in the record
* layer in order to have determined that this is a SSLv2 record
@@ -926,13 +931,18 @@ int ssl3_get_client_hello(SSL *s)
goto err;
}

- if ((p[1] == 0x00) && (p[2] == 0x02)) {
+ if (!PACKET_get_net_2(&pkt, &version)) {
+ /* No protocol version supplied! */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+ goto err;
+ }
+ if (version == 0x0002) {
/* This is real SSLv2. We don't support it. */
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
goto err;
- } else if (p[1] == SSL3_VERSION_MAJOR) {
+ } else if ((version & 0xff00) == (SSL3_VERSION_MAJOR << 8)) {
/* SSLv3/TLS */
- s->client_version = (((int)p[1]) << 8) | (int)p[2];
+ s->client_version = version;
} else {
/* No idea what protocol this is */
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
@@ -940,20 +950,14 @@ int ssl3_get_client_hello(SSL *s)
}
} else {
/*
- * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
- * for session id length
+ * use version from inside client hello, not from record header (may
+ * differ: see RFC 2246, Appendix E, second paragraph)
*/
- if (n < 2 + SSL3_RANDOM_SIZE + 1) {
+ if(!PACKET_get_net_2(&pkt, (unsigned int *)&s->client_version)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
-
- /*
- * use version from inside client hello, not from record header (may
- * differ: see RFC 2246, Appendix E, second paragraph)
- */
- s->client_version = (((int)p[0]) << 8) | (int)p[1];
}

/* Do SSL/TLS version negotiation if applicable */
@@ -1032,15 +1036,9 @@ int ssl3_get_client_hello(SSL *s)
*/
unsigned int csl, sil, cl;

- p += 3;
- n2s(p, csl);
- n2s(p, sil);
- n2s(p, cl);
-
- if (csl + sil + cl + MIN_SSL2_RECORD_LEN != (unsigned int) n) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ if (!PACKET_get_net_2(&pkt, &csl)
+ || !PACKET_get_net_2(&pkt, &sil)
+ || !PACKET_get_net_2(&pkt, &cl)) {
}

if (csl == 0) {
@@ -1050,7 +1048,13 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}

- if (ssl_bytes_to_cipher_list(s, p, csl, &(ciphers), 1) == NULL) {
+ if (!PACKET_get_bytes(&pkt, &cdata, csl)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;

+ goto f_err;
+ }
+

+ if (ssl_bytes_to_cipher_list(s, cdata, csl, &(ciphers), 1) == NULL) {
goto err;
}

@@ -1058,6 +1062,11 @@ int ssl3_get_client_hello(SSL *s)
* Ignore any session id. We don't allow resumption in a backwards
* compatible ClientHello
*/
+ if (!PACKET_forward(&pkt, sil)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
s->hit = 0;

if (!ssl_get_new_session(s, 1))
@@ -1066,17 +1075,27 @@ int ssl3_get_client_hello(SSL *s)
/* Load the client random */
i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
- memcpy(s->s3->client_random, &(p[csl + sil]), i);
-
- /* Set p to end of packet to ensure we don't look for extensions */
- p = d + n;
+ if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i)
+ || !PACKET_forward(&pkt, cl)
+ || !PACKET_remaining(&pkt) == 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }

/* No compression, so set complen to 0 */
complen = 0;
} else {
/* If we get here we've got SSLv3+ in an SSLv3+ record */

- p += 2;
+ /* load the client random and get the session-id */
+ if (!PACKET_copy_bytes(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)
+ || !PACKET_get_1(&pkt, &j)
+ || !PACKET_get_bytes(&pkt, &sess, j)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }

/*
* If we require cookies and this ClientHello doesn't contain one, just
@@ -1084,34 +1103,17 @@ int ssl3_get_client_hello(SSL *s)
* cookie length...
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
- unsigned int session_length, cookie_length;

- session_length = *(p + SSL3_RANDOM_SIZE);
-
- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
+ if (!PACKET_peek_1(&pkt, &cookie_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
- cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);

- if (cookie_length == 0)
+ if (cookie_len == 0)
return 1;
}

- /* load the client random */
- memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
- p += SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j = *(p++);
-
- if (p + j > d + n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);

- goto f_err;
- }
-

s->hit = 0;
/*
* Versions before 0.9.7 always allow clients to resume sessions in
@@ -1131,7 +1133,7 @@ int ssl3_get_client_hello(SSL *s)
if (!ssl_get_new_session(s, 1))
goto err;
} else {
- i = ssl_get_prev_session(s, p, j, d + n);
+ i = ssl_get_prev_session(s, &pkt, sess, j);
/*
* Only resume if the session's version matches the negotiated
* version.
@@ -1153,23 +1155,12 @@ int ssl3_get_client_hello(SSL *s)
}
}

- p += j;
-
if (SSL_IS_DTLS(s)) {
- /* cookie stuff */
- if (p + 1 > d + n) {
+ if (!PACKET_get_1(&pkt, &cookie_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
- cookie_len = *(p++);
-
- if (p + cookie_len > d + n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);

- goto f_err;
- }
-

/*
* The ClientHello may contain a cookie even if the
* HelloVerify message has not been sent--make sure that it
@@ -1185,7 +1176,13 @@ int ssl3_get_client_hello(SSL *s)
/* verify the cookie if appropriate option is set. */
if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
&& cookie_len > 0) {
- memcpy(s->d1->rcvd_cookie, p, cookie_len);
+ /* Get cookie */
+ if (!PACKET_copy_bytes(&pkt, s->d1->rcvd_cookie,
+ cookie_len)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }

if (s->ctx->app_verify_cookie_cb != NULL) {
if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
@@ -1206,9 +1203,15 @@ int ssl3_get_client_hello(SSL *s)
}
/* Set to -2 so if successful we return 2 */
ret = -2;
+ } else {
+ /* Skip over cookie */
+ if (!PACKET_forward(&pkt, cookie_len)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
}

- p += cookie_len;
if (s->method->version == DTLS_ANY_VERSION) {
/* Select version to use */
if (s->client_version <= DTLS1_2_VERSION &&
@@ -1236,30 +1239,28 @@ int ssl3_get_client_hello(SSL *s)
}
}

- if (p + 2 > d + n) {
+ if (!PACKET_get_net_2(&pkt, &cipherlen)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
- n2s(p, i);

- if (i == 0) {
+ if (cipherlen == 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}

- /* i bytes of cipher data + 1 byte for compression length later */
- if ((p + i + 1) > (d + n)) {
+ if (!PACKET_get_bytes(&pkt, &cdata, cipherlen)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
- if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers), 0) == NULL) {
+
+ if (ssl_bytes_to_cipher_list(s, cdata, cipherlen, &(ciphers), 0) == NULL) {
goto err;
}
- p += i;

/* If it is a hit, check that the cipher is in the list */
if (s->hit) {
@@ -1316,22 +1317,22 @@ int ssl3_get_client_hello(SSL *s)
}

/* compression */
- complen = *(p++);
- if ((p + complen) > (d + n)) {
+ if (!PACKET_get_1(&pkt, &complen)
+ || !PACKET_get_bytes(&pkt, &cdata, complen)) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
+
#ifndef OPENSSL_NO_COMP
- q = p;
+ q = cdata;
#endif
for (j = 0; j < complen; j++) {
- if (p[j] == 0)
+ if (cdata[j] == 0)
break;
}

- p += complen;
if (j >= complen) {
/* no compress */
al = SSL_AD_DECODE_ERROR;
@@ -1342,7 +1343,7 @@ int ssl3_get_client_hello(SSL *s)

/* TLS extensions */
if (s->version >= SSL3_VERSION) {
- if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) {
+ if (!ssl_parse_clienthello_tlsext(s, &pkt)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
goto err;
}
@@ -1407,6 +1408,7 @@ int ssl3_get_client_hello(SSL *s)
/* This only happens if we have a cache hit */
if (s->session->compress_meth != 0) {
int m, comp_id = s->session->compress_meth;
+ unsigned int k;
/* Perform sanity checks on resumed compression algorithm */
/* Can't disable compression */
if (!ssl_allow_compression(s)) {
@@ -1428,11 +1430,11 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}
/* Look for resumed method in compression list */
- for (m = 0; m < complen; m++) {
- if (q[m] == comp_id)
+ for (k = 0; k < complen; k++) {
+ if (q[k] == comp_id)
break;
}
- if (m >= complen) {
+ if (k >= complen) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
@@ -1442,7 +1444,8 @@ int ssl3_get_client_hello(SSL *s)
comp = NULL;
else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
/* See if we have a match */
- int m, nn, o, v, done = 0;
+ int m, nn, v, done = 0;
+ unsigned int o;

nn = sk_SSL_COMP_num(s->ctx->comp_methods);
for (m = 0; m < nn; m++) {
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c75219b..0997566 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -166,6 +166,7 @@
# include <openssl/symhacks.h>

#include "record/record.h"
+#include "packet_locl.h"

# ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN
@@ -1853,8 +1854,8 @@ __owur CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c);
__owur int ssl_get_new_session(SSL *s, int session);
-__owur int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
- const unsigned char *limit);
+__owur int ssl_get_prev_session(SSL *s, PACKET *pkt, unsigned char *session,
+ int len);
__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
@@ -2087,8 +2088,7 @@ __owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al);
__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al);
-__owur int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
- unsigned char *d, int n);
+__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
__owur int tls1_set_server_sigalgs(SSL *s);
__owur int ssl_check_clienthello_tlsext_late(SSL *s);
__owur int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
@@ -2103,8 +2103,8 @@ __owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length);
# endif

-__owur int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- const unsigned char *limit, SSL_SESSION **ret);
+__owur int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id,
+ int len, SSL_SESSION **ret);

__owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md);
@@ -2133,8 +2133,7 @@ __owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int l
int *al);
__owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
-__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
- int *al);
+__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
__owur long ssl_get_algorithm2(SSL *s);
__owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
const unsigned char *psig, size_t psiglen);
@@ -2148,8 +2147,7 @@ __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);

__owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
-__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
- int *al);
+__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 9063bca..26a3c43 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -547,8 +547,8 @@ int ssl_get_new_session(SSL *s, int session)
* - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
* if the server should issue a new session ticket (to 0 otherwise).
*/
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
- const unsigned char *limit)
+int ssl_get_prev_session(SSL *s, PACKET *pkt, unsigned char *session_id,
+ int len)
{
/* This is used only by servers. */

@@ -560,16 +560,11 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err;

- if (session_id + len > limit) {
- fatal = 1;

- goto err;
- }
-

if (len == 0)
try_session_cache = 0;

/* sets s->tlsext_ticket_expected */
- r = tls1_process_ticket(s, session_id, len, limit, &ret);
+ r = tls1_process_ticket(s, pkt, session_id, len, &ret);
switch (r) {
case -1: /* Error during processing */
fatal = 1;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 47abf2b..c0dd35f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1756,46 +1756,33 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
* alert value to send in the event of a non-zero return. returns: 0 on
* success.
*/
-static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
- unsigned data_len, int *al)
+static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al)
{
- unsigned i;
- unsigned proto_len;
+ unsigned int data_len;
+ unsigned int proto_len;
const unsigned char *selected;
+ unsigned char *data;
unsigned char selected_len;
int r;

if (s->ctx->alpn_select_cb == NULL)
return 0;

- if (data_len < 2)
- goto parse_error;
-
/*
* data should contain a uint16 length followed by a series of 8-bit,
* length-prefixed strings.
*/
- i = ((unsigned)data[0]) << 8 | ((unsigned)data[1]);
- data_len -= 2;
- data += 2;
- if (data_len != i)
- goto parse_error;
-
- if (data_len < 2)
+ if (!PACKET_get_net_2(pkt, &data_len)
+ || PACKET_remaining(pkt) != data_len
+ || !PACKET_peek_bytes(pkt, &data, data_len))
goto parse_error;

- for (i = 0; i < data_len;) {
- proto_len = data[i];
- i++;
-
- if (proto_len == 0)
- goto parse_error;
-
- if (i + proto_len < i || i + proto_len > data_len)
+ do {
+ if (!PACKET_get_1(pkt, &proto_len)
+ || proto_len == 0
+ || !PACKET_forward(pkt, proto_len))
goto parse_error;
-
- i += proto_len;
- }
+ } while (PACKET_remaining(pkt));

r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len,
s->ctx->alpn_select_cb_arg);
@@ -1830,10 +1817,11 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
* Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
* 10.8..10.8.3 (which don't work).
*/
-static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const unsigned char *d, int n)
+static void ssl_check_for_safari(SSL *s, PACKET *pkt)
{
- unsigned short type, size;
+ unsigned int type, size;
+ unsigned char *eblock1, *eblock2;
+
static const unsigned char kSafariExtensionsBlock[] = {
0x00, 0x0a, /* elliptic_curves extension */
0x00, 0x08, /* 8 bytes */
@@ -1860,38 +1848,34 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
0x02, 0x03, /* SHA-1/ECDSA */
};

- if (data >= (d + n - 2))
+ if (!PACKET_forward(pkt, 2)
+ || !PACKET_get_net_2(pkt, &type)
+ || !PACKET_get_net_2(pkt, &size)
+ || !PACKET_forward(pkt, size))
return;
- data += 2;
-
- if (data > (d + n - 4))
- return;
- n2s(data, type);
- n2s(data, size);

if (type != TLSEXT_TYPE_server_name)
return;

- if (data + size > d + n)
- return;
- data += size;
-
if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
const size_t len1 = sizeof(kSafariExtensionsBlock);
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);

- if (data + len1 + len2 != d + n)
+ if (!PACKET_get_bytes(pkt, &eblock1, len1)
+ || !PACKET_get_bytes(pkt, &eblock2, len2)
+ || PACKET_remaining(pkt))
return;
- if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+ if (memcmp(eblock1, kSafariExtensionsBlock, len1) != 0)
return;
- if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
+ if (memcmp(eblock2, kSafariTLS12ExtensionsBlock, len2) != 0)
return;
} else {
const size_t len = sizeof(kSafariExtensionsBlock);

- if (data + len != d + n)
+ if (!PACKET_get_bytes(pkt, &eblock1, len)
+ || PACKET_remaining(pkt))
return;
- if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+ if (memcmp(eblock1, kSafariExtensionsBlock, len) != 0)
return;
}

@@ -1899,13 +1883,12 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
}
#endif /* !OPENSSL_NO_EC */

-static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- unsigned char *d, int n, int *al)
+static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
{
- unsigned short type;
- unsigned short size;
- unsigned short len;
- unsigned char *data = *p;

+ unsigned int type;
+ unsigned int size;

+ unsigned int len;
+ unsigned char *data;
int renegotiate_seen = 0;

s->servername_done = 0;
@@ -1923,8 +1906,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

#ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
- ssl_check_for_safari(s, data, d, n);
-#endif /* !OPENSSL_NO_EC */
+ ssl_check_for_safari(s, pkt);
+# endif /* !OPENSSL_NO_EC */

/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
@@ -1940,27 +1923,26 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

s->srtp_profile = NULL;

- if (data == d + n)
+ if (PACKET_remaining(pkt) == 0)
goto ri_check;

- if (data > (d + n - 2))
- goto err;
-
- n2s(data, len);
-
- if (data > (d + n - len))
+ if (!PACKET_get_net_2(pkt, &len))
goto err;

- while (data <= (d + n - 4)) {
- n2s(data, type);
- n2s(data, size);
+ while (PACKET_get_net_2(pkt, &type) && PACKET_get_net_2(pkt, &size)) {
+ PACKET subpkt;

- if (data + size > (d + n))
+ if (!PACKET_peek_bytes(pkt, &data, size))
goto err;
+
if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg);
+
+ if (!PACKET_get_sub_packet(pkt, &subpkt, size))
+ goto err;
+
if (type == TLSEXT_TYPE_renegotiate) {
- if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
+ if (!ssl_parse_clienthello_renegotiate_ext(s, &subpkt, al))
return 0;
renegotiate_seen = 1;
} else if (s->version == SSL3_VERSION) {
@@ -1992,23 +1974,18 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

else if (type == TLSEXT_TYPE_server_name) {
unsigned char *sdata;
- int servname_type;
- int dsize;
+ unsigned int servname_type;
+ unsigned int dsize;
+ PACKET ssubpkt;

- if (size < 2)
+ if (!PACKET_get_net_2(&subpkt, &dsize)
+ || !PACKET_get_sub_packet(&subpkt, &ssubpkt, dsize))
goto err;
- n2s(data, dsize);
- size -= 2;
- if (dsize > size)
- goto err;
-
- sdata = data;
- while (dsize > 3) {
- servname_type = *(sdata++);
- n2s(sdata, len);
- dsize -= 3;

- if (len > dsize)
+ while (PACKET_remaining(&ssubpkt) > 3) {
+ if (!PACKET_get_1(&ssubpkt, &servname_type)
+ || !PACKET_get_net_2(&ssubpkt, &len)
+ || PACKET_remaining(&ssubpkt) < len)
goto err;

if (s->servername_done == 0)
@@ -2027,7 +2004,13 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
- memcpy(s->session->tlsext_hostname, sdata, len);
+ if (!PACKET_copy_bytes(&ssubpkt,
+ (unsigned char *)s->session
+ ->tlsext_hostname,
+ len)) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
s->session->tlsext_hostname[len] = '\0';
if (strlen(s->session->tlsext_hostname) != len) {
OPENSSL_free(s->session->tlsext_hostname);
@@ -2037,48 +2020,55 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
s->servername_done = 1;

- } else
+ } else {
+ if (!PACKET_get_bytes(&ssubpkt, &sdata, len)) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
s->servername_done = s->session->tlsext_hostname
&& strlen(s->session->tlsext_hostname) == len
&& strncmp(s->session->tlsext_hostname,
(char *)sdata, len) == 0;
+ }

break;

default:
break;
}
-
- dsize -= len;
}
- if (dsize != 0)
+ /* We shouldn't have any bytes left */
+ if (PACKET_remaining(&ssubpkt))
goto err;

}
#ifndef OPENSSL_NO_SRP
else if (type == TLSEXT_TYPE_srp) {
- if (size == 0 || ((len = data[0])) != (size - 1))
- goto err;
- if (s->srp_ctx.login != NULL)
+ if (!PACKET_get_1(&subpkt, &len)
+ || s->srp_ctx.login != NULL)
goto err;
+
if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
return -1;
- memcpy(s->srp_ctx.login, &data[1], len);
+ if (!PACKET_copy_bytes(&subpkt, (unsigned char *)s->srp_ctx.login,
+ len))
+ goto err;
s->srp_ctx.login[len] = '\0';

- if (strlen(s->srp_ctx.login) != len)
+ if (strlen(s->srp_ctx.login) != len
+ || PACKET_remaining(&subpkt))
goto err;
}
#endif

#ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats) {
- unsigned char *sdata = data;
- int ecpointformatlist_length = *(sdata++);
+ unsigned int ecpointformatlist_length;

- if (ecpointformatlist_length != size - 1 ||
- ecpointformatlist_length < 1)
+ if (!PACKET_get_1(&subpkt, &ecpointformatlist_length)
+ || ecpointformatlist_length == 0)
goto err;
+
if (!s->hit) {
OPENSSL_free(s->session->tlsext_ecpointformatlist);
s->session->tlsext_ecpointformatlist = NULL;
@@ -2090,19 +2080,26 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
s->session->tlsext_ecpointformatlist_length =
ecpointformatlist_length;
- memcpy(s->session->tlsext_ecpointformatlist, sdata,
- ecpointformatlist_length);
+ if (!PACKET_copy_bytes(&subpkt,
+ s->session->tlsext_ecpointformatlist,
+ ecpointformatlist_length))
+ goto err;
+ } else if (!PACKET_forward(&subpkt, ecpointformatlist_length)) {
+ goto err;
+ }
+ /* We should have consumed all the bytes by now */
+ if (PACKET_remaining(&subpkt)) {
+ *al = TLS1_AD_DECODE_ERROR;
+ return 0;
}
} else if (type == TLSEXT_TYPE_elliptic_curves) {
- unsigned char *sdata = data;
- int ellipticcurvelist_length = (*(sdata++) << 8);
- ellipticcurvelist_length += (*(sdata++));
+ unsigned int ellipticcurvelist_length;

- if (ellipticcurvelist_length != size - 2 ||
- ellipticcurvelist_length < 1 ||
- /* Each NamedCurve is 2 bytes. */
- ellipticcurvelist_length & 1)
- goto err;
+ /* Each NamedCurve is 2 bytes and we must have at least 1 */
+ if (!PACKET_get_net_2(&subpkt, &ellipticcurvelist_length)
+ || ellipticcurvelist_length == 0
+ || (ellipticcurvelist_length & 1) != 0)
+ goto err;

if (!s->hit) {
if (s->session->tlsext_ellipticcurvelist)
@@ -2116,54 +2113,63 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
s->session->tlsext_ellipticcurvelist_length =
ellipticcurvelist_length;
- memcpy(s->session->tlsext_ellipticcurvelist, sdata,
- ellipticcurvelist_length);
+ if (!PACKET_copy_bytes(&subpkt,
+ s->session->tlsext_ellipticcurvelist,
+ ellipticcurvelist_length))
+ goto err;
+ } else if (!PACKET_forward(&subpkt, ellipticcurvelist_length)) {
+ goto err;
+ }
+ /* We should have consumed all the bytes by now */
+ if (PACKET_remaining(&subpkt)) {
+ goto err;
}
}
#endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) {
- if (s->tls_session_ticket_ext_cb &&
- !s->tls_session_ticket_ext_cb(s, data, size,
- s->tls_session_ticket_ext_cb_arg))
- {
+ if (!PACKET_forward(&subpkt, size)
+ || (s->tls_session_ticket_ext_cb &&
+ !s->tls_session_ticket_ext_cb(s, data, size,
+ s->tls_session_ticket_ext_cb_arg))) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
} else if (type == TLSEXT_TYPE_signature_algorithms) {
- int dsize;
- if (s->s3->tmp.peer_sigalgs || size < 2)
- goto err;
- n2s(data, dsize);
- size -= 2;
- if (dsize != size || dsize & 1 || !dsize)
- goto err;
- if (!tls1_save_sigalgs(s, data, dsize))
+ unsigned int dsize;
+
+ if (s->s3->tmp.peer_sigalgs
+ || !PACKET_get_net_2(&subpkt, &dsize)
+ || (dsize & 1) != 0
+ || (dsize == 0)
+ || !PACKET_get_bytes(&subpkt, &data, dsize)
+ || PACKET_remaining(&subpkt)
+ || !tls1_save_sigalgs(s, data, dsize)) {
goto err;
+ }
} else if (type == TLSEXT_TYPE_status_request) {
+ PACKET ssubpkt;

- if (size < 5)
+ if (!PACKET_get_1(&subpkt,
+ (unsigned int *)&s->tlsext_status_type))
goto err;

- s->tlsext_status_type = *data++;
- size--;
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
const unsigned char *sdata;
- int dsize;
+ unsigned int dsize;
/* Read in responder_id_list */
- n2s(data, dsize);
- size -= 2;
- if (dsize > size)
+ if (!PACKET_get_net_2(&subpkt, &dsize)
+ || !PACKET_get_sub_packet(&subpkt, &ssubpkt, dsize))
goto err;
- while (dsize > 0) {
+
+ while (PACKET_remaining(&ssubpkt)) {
OCSP_RESPID *id;
- int idsize;
- if (dsize < 4)
- goto err;
- n2s(data, idsize);
- dsize -= 2 + idsize;
- size -= 2 + idsize;
- if (dsize < 0)
+ unsigned int idsize;
+
+ if (PACKET_remaining(&ssubpkt) < 4
+ || !PACKET_get_net_2(&ssubpkt, &idsize)
+ || !PACKET_get_bytes(&ssubpkt, &data, idsize)) {
goto err;
+ }
sdata = data;
data += idsize;
id = d2i_OCSP_RESPID(NULL, &sdata, idsize);
@@ -2188,12 +2194,11 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}

/* Read in request_extensions */
- if (size < 2)
- goto err;
- n2s(data, dsize);
- size -= 2;
- if (dsize != size)
+ if (!PACKET_get_net_2(&subpkt, &dsize)
+ || !PACKET_get_bytes(&subpkt, &data, dsize)
+ || PACKET_remaining(&subpkt)) {
goto err;
+ }
sdata = data;
if (dsize > 0) {
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
@@ -2212,7 +2217,14 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
#ifndef OPENSSL_NO_HEARTBEATS
else if (type == TLSEXT_TYPE_heartbeat) {
- switch (data[0]) {
+ unsigned int hbtype;
+
+ if (!PACKET_get_1(&subpkt, &hbtype)
+ || PACKET_remaining(&subpkt)) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ switch (hbtype) {
case 0x01: /* Client allows us to send HB requests */
s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
break;
@@ -2253,7 +2265,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->alpn_select_cb && s->s3->tmp.finish_md_len == 0) {
- if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
+ if (tls1_alpn_handle_client_hello(s, &subpkt, al) != 0)
return 0;
#ifndef OPENSSL_NO_NEXTPROTONEG
/* ALPN takes precedence over NPN. */
@@ -2265,7 +2277,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
&& type == TLSEXT_TYPE_use_srtp) {
- if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
+ if (ssl_parse_clienthello_use_srtp_ext(s, &subpkt, al))
return 0;
}
#endif
@@ -2288,16 +2300,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
if (custom_ext_parse(s, 1, type, data, size, al) <= 0)
return 0;
}
-
- data += size;
}

/* Spurious data on the end */
- if (data != d + n)
+ if (PACKET_remaining(pkt) != 0)
goto err;

- *p = data;
-
ri_check:

/* Need RI if renegotiating */
@@ -2316,12 +2324,11 @@ err:
return 0;
}

-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
- int n)
+int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt)
{
int al = -1;
custom_ext_init(&s->cert->srv_ext);
- if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) {
+ if (ssl_scan_clienthello_tlsext(s, pkt, &al) <= 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return 0;
}
@@ -2934,12 +2941,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
* s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
* Otherwise, s->tlsext_ticket_expected is set to 0.
*/
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- const unsigned char *limit, SSL_SESSION **ret)
+int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id,
+ int len, SSL_SESSION **ret)
{
- /* Point after session ID in client hello */
- const unsigned char *p = session_id + len;
- unsigned short i;
+ unsigned int i;
+ size_t bookmark = 0;
+ int retv = -1;

*ret = NULL;
s->tlsext_ticket_expected = 0;
@@ -2950,46 +2957,60 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
*/
if (!tls_use_ticket(s))
return 0;
- if ((s->version <= SSL3_VERSION) || !limit)
+ if ((s->version <= SSL3_VERSION))
return 0;
- if (p >= limit)
+
+ if (!PACKET_get_bookmark(pkt, &bookmark)) {
return -1;
+ }
+
/* Skip past DTLS cookie */
if (SSL_IS_DTLS(s)) {
- i = *(p++);
- p += i;
- if (p >= limit)
- return -1;
+ if (!PACKET_get_1(pkt, &i)
+ || !PACKET_forward(pkt, i)) {
+ retv = -1;
+ goto end;
+ }
}
- /* Skip past cipher list */
- n2s(p, i);
- p += i;
- if (p >= limit)
- return -1;
- /* Skip past compression algorithm list */
- i = *(p++);
- p += i;
- if (p > limit)
- return -1;
+ /* Skip past cipher list and compression algorithm list */
+ if (!PACKET_get_net_2(pkt, &i)
+ || !PACKET_forward(pkt, i)
+ || !PACKET_get_1(pkt, &i)
+ || !PACKET_forward(pkt, i)) {
+ retv = -1;

+ goto end;
+ }
+

/* Now at start of extensions */
- if ((p + 2) >= limit)
- return 0;
- n2s(p, i);
- while ((p + 4) <= limit) {
- unsigned short type, size;
- n2s(p, type);
- n2s(p, size);
- if (p + size > limit)
- return 0;
+ if (!PACKET_get_net_2(pkt, &i)) {
+ retv = 0;
+ goto end;
+ }
+ while (PACKET_remaining (pkt) >= 4) {
+ unsigned int type, size;
+
+ if (!PACKET_get_net_2(pkt, &type)
+ || !PACKET_get_net_2(pkt, &size)) {
+ /* Shouldn't ever happen */
+ retv = -1;
+ goto end;
+ }
+ if (PACKET_remaining(pkt) < size) {
+ retv = 0;
+ goto end;

+ }
if (type == TLSEXT_TYPE_session_ticket) {

int r;
+ unsigned char *etick;
+
if (size == 0) {
/*
* The client will accept a ticket but doesn't currently have
* one.
*/
s->tlsext_ticket_expected = 1;
- return 1;
+ retv = 1;
+ goto end;
}
if (s->tls_session_secret_cb) {
/*
@@ -2998,25 +3019,39 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
* abbreviated handshake based on external mechanism to
* calculate the master secret later.
*/
- return 2;
+ retv = 2;
+ goto end;
}
- r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
+ if (!PACKET_get_bytes(pkt, &etick, size)) {
+ /* Shouldn't ever happen */
+ retv = -1;
+ goto end;
+ }
+ r = tls_decrypt_ticket(s, etick, size, session_id, len, ret);
switch (r) {
case 2: /* ticket couldn't be decrypted */
s->tlsext_ticket_expected = 1;
- return 2;
+ retv = 2;
+ break;
case 3: /* ticket was decrypted */
- return r;
+ retv = r;
+ break;
case 4: /* ticket decrypted but need to renew */
s->tlsext_ticket_expected = 1;
- return 3;
+ retv = 3;
+ break;
default: /* fatal error */
- return -1;
+ retv = -1;
+ break;
}
+ goto end;
}
- p += size;
}
- return 0;
+ retv = 0;
+end:
+ if (!PACKET_goto_bookmark(pkt, bookmark))
+ return -1;
+ return retv;
}

/*-
diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c
index b9a35c7..22a71fe 100644
--- a/ssl/t1_reneg.c
+++ b/ssl/t1_reneg.c
@@ -143,23 +143,14 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
/*
* Parse the client's renegotiation binding and abort if it's not right
*/
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
- int *al)
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
{
- int ilen;
+ unsigned int ilen;
+ unsigned char *d;

/* Parse the length byte */
- if (len < 1) {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
- SSL_R_RENEGOTIATION_ENCODING_ERR);
- *al = SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
- ilen = *d;
- d++;
-
- /* Consistency check */
- if ((ilen + 1) != len) {
+ if (!PACKET_get_1(pkt, &ilen)
+ || !PACKET_get_bytes(pkt, &d, ilen)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/test/Makefile b/test/Makefile
index 2e699dc..f49dc76 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -70,6 +70,7 @@ HEARTBEATTEST= heartbeat_test
CONSTTIMETEST= constant_time_test
VERIFYEXTRATEST= verify_extra_test
CLIENTHELLOTEST= clienthellotest
+PACKETTEST= packettest

TESTS= alltests

@@ -87,7 +88,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
$(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \
$(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \
$(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
- $(CLIENTHELLOTEST)$(EXE_EXT)
+ $(CLIENTHELLOTEST)$(EXE_EXT) $(PACKETTEST)$(EXE_EXT)

# $(METHTEST)$(EXE_EXT)

@@ -101,7 +102,8 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \

$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \
$(GOST2814789TEST).o $(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \

- $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o testutil.o
+ $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o \
+ $(PACKETTEST).o testutil.o

SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \

@@ -112,7 +114,8 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \

$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \
$(GOST2814789TEST).c $(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \

- $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c $(CLIENTHELLOTEST).c testutil.c
+ $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c $(CLIENTHELLOTEST).c \
+ $(PACKETTEST).c testutil.c

HEADER= testutil.h

@@ -153,7 +156,7 @@ alltests: \

test_ige test_jpake test_secmem \
test_srp test_cms test_v3name test_ocsp \
test_gost2814789 test_heartbeat test_p5_crpt2 \

- test_constant_time test_verify_extra test_clienthello
+ test_constant_time test_verify_extra test_clienthello test_packet

test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
@echo $(START) $@

@@ -410,6 +413,10 @@ test_clienthello: $(CLIENTHELLOTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(CLIENTHELLOTEST)

+test_packet: $(PACKETTEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(PACKETTEST)

+
update: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

@@ -603,6 +610,9 @@ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
@target=$(CLIENTHELLOTEST) $(BUILD_CMD)

+$(PACKETTEST)$(EXE_EXT): $(PACKETTEST).o
+ @target=$(PACKETTEST) $(BUILD_CMD)

+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c

@@ -774,14 +784,15 @@ gost2814789test.o: ../include/openssl/sha.h ../include/openssl/stack.h
gost2814789test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
gost2814789test.o: ../include/openssl/x509_vfy.h gost2814789test.c
heartbeat_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-heartbeat_test.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-heartbeat_test.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-heartbeat_test.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-heartbeat_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-heartbeat_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-heartbeat_test.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-heartbeat_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-heartbeat_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+heartbeat_test.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+heartbeat_test.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+heartbeat_test.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+heartbeat_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+heartbeat_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+heartbeat_test.o: ../include/openssl/err.h ../include/openssl/evp.h
+heartbeat_test.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+heartbeat_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+heartbeat_test.o: ../include/openssl/opensslconf.h
heartbeat_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
heartbeat_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h
heartbeat_test.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
@@ -791,8 +802,8 @@ heartbeat_test.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
heartbeat_test.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
heartbeat_test.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
heartbeat_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-heartbeat_test.o: ../ssl/record/record.h ../ssl/ssl_locl.h heartbeat_test.c
-heartbeat_test.o: testutil.h
+heartbeat_test.o: ../ssl/packet_locl.h ../ssl/record/record.h ../ssl/ssl_locl.h
+heartbeat_test.o: heartbeat_test.c testutil.h
hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
@@ -846,6 +857,12 @@ p5_crpt2_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
p5_crpt2_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
p5_crpt2_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
p5_crpt2_test.o: ../include/openssl/x509_vfy.h p5_crpt2_test.c
+packettest.o: ../e_os.h ../include/openssl/bn.h ../include/openssl/buffer.h
+packettest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+packettest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+packettest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+packettest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+packettest.o: ../ssl/packet_locl.h packettest.c
randtest.o: ../e_os.h ../include/openssl/e_os2.h
randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
randtest.o: ../include/openssl/rand.h randtest.c
@@ -899,8 +916,8 @@ ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssltest.o: ../include/openssl/x509v3.h ../ssl/record/record.h ../ssl/ssl_locl.h
-ssltest.o: ssltest.c
+ssltest.o: ../include/openssl/x509v3.h ../ssl/packet_locl.h
+ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.c
testutil.o: ../e_os.h ../include/openssl/e_os2.h
testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h
v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
diff --git a/test/packettest.c b/test/packettest.c
new file mode 100644
index 0000000..92181e6
--- /dev/null
+++ b/test/packettest.c
@@ -0,0 +1,317 @@
+/* test/packettest.c */
+/*
+ * Written by Matt Caswell for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.

+#include "../ssl/packet_locl.h"
+
+#define BUF_LEN 255
+
+static int test_PACKET_remaining(PACKET *pkt)
+{
+ if ( PACKET_remaining(pkt) != BUF_LEN
+ || !PACKET_forward(pkt, BUF_LEN - 1)
+ || PACKET_remaining(pkt) != 1
+ || !PACKET_forward(pkt, 1)
+ || PACKET_remaining(pkt)) {
+ fprintf(stderr, "test_PACKET_remaining() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_get_1(PACKET *pkt, size_t start)
+{
+ unsigned int i;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_get_1(pkt, &i)
+ || i != 0x01
+ || !PACKET_forward(pkt, BUF_LEN - 2)
+ || !PACKET_get_1(pkt, &i)
+ || i != 0xff
+ || PACKET_get_1(pkt, &i)) {
+ fprintf(stderr, "test_PACKET_get_1() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_get_4(PACKET *pkt, size_t start)
+{
+ unsigned long i;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_get_4(pkt, &i)
+ || i != 0x04030201UL
+ || !PACKET_forward(pkt, BUF_LEN - 8)
+ || !PACKET_get_4(pkt, &i)
+ || i != 0xfffefdfcUL
+ || PACKET_get_4(pkt, &i)) {
+ fprintf(stderr, "test_PACKET_get_4() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_get_net_2(PACKET *pkt, size_t start)
+{
+ unsigned int i;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_get_net_2(pkt, &i)
+ || i != 0x0102
+ || !PACKET_forward(pkt, BUF_LEN - 4)
+ || !PACKET_get_net_2(pkt, &i)
+ || i != 0xfeff
+ || PACKET_get_net_2(pkt, &i)) {
+ fprintf(stderr, "test_PACKET_get_net_2() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_get_net_3(PACKET *pkt, size_t start)
+{
+ unsigned long i;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_get_net_3(pkt, &i)
+ || i != 0x010203UL
+ || !PACKET_forward(pkt, BUF_LEN - 6)
+ || !PACKET_get_net_3(pkt, &i)
+ || i != 0xfdfeffUL
+ || PACKET_get_net_3(pkt, &i)) {
+ fprintf(stderr, "test_PACKET_get_net_3() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_get_net_4(PACKET *pkt, size_t start)
+{
+ unsigned long i;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_get_net_4(pkt, &i)
+ || i != 0x01020304UL
+ || !PACKET_forward(pkt, BUF_LEN - 8)
+ || !PACKET_get_net_4(pkt, &i)
+ || i != 0xfcfdfeffUL
+ || PACKET_get_net_4(pkt, &i)) {
+ fprintf(stderr, "test_PACKET_get_net_4() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_get_sub_packet(PACKET *pkt, size_t start)
+{
+ PACKET subpkt;
+ unsigned long i;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_get_sub_packet(pkt, &subpkt, 4)
+ || !PACKET_get_net_4(&subpkt, &i)
+ || i != 0x01020304UL
+ || PACKET_remaining(&subpkt)
+ || !PACKET_forward(pkt, BUF_LEN - 8)
+ || !PACKET_get_sub_packet(pkt, &subpkt, 4)
+ || !PACKET_get_net_4(&subpkt, &i)
+ || i != 0xfcfdfeffUL
+ || PACKET_remaining(&subpkt)
+ || PACKET_get_sub_packet(pkt, &subpkt, 4)) {
+ fprintf(stderr, "test_PACKET_get_sub_packet() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_get_bytes(PACKET *pkt, size_t start)
+{
+ unsigned char *bytes;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_get_bytes(pkt, &bytes, 4)
+ || bytes[0] != 1 || bytes[1] != 2
+ || bytes[2] != 3 || bytes[3] != 4
+ || PACKET_remaining(pkt) != BUF_LEN -4
+ || !PACKET_forward(pkt, BUF_LEN - 8)
+ || !PACKET_get_bytes(pkt, &bytes, 4)
+ || bytes[0] != 0xfc || bytes[1] != 0xfd
+ || bytes[2] != 0xfe || bytes[3] != 0xff
+ || PACKET_remaining(pkt)) {
+ fprintf(stderr, "test_PACKET_get_bytes() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_copy_bytes(PACKET *pkt, size_t start)
+{
+ unsigned char bytes[4];
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || !PACKET_copy_bytes(pkt, bytes, 4)
+ || bytes[0] != 1 || bytes[1] != 2
+ || bytes[2] != 3 || bytes[3] != 4
+ || PACKET_remaining(pkt) != BUF_LEN - 4
+ || !PACKET_forward(pkt, BUF_LEN - 8)
+ || !PACKET_copy_bytes(pkt, bytes, 4)
+ || bytes[0] != 0xfc || bytes[1] != 0xfd
+ || bytes[2] != 0xfe || bytes[3] != 0xff
+ || PACKET_remaining(pkt)) {
+ fprintf(stderr, "test_PACKET_copy_bytes() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_move_funcs(PACKET *pkt, size_t start)
+{
+ unsigned char *byte;
+ size_t bm;
+
+ if ( !PACKET_goto_bookmark(pkt, start)
+ || PACKET_back(pkt, 1)
+ || !PACKET_forward(pkt, 1)
+ || !PACKET_get_bytes(pkt, &byte, 1)
+ || byte[0] != 2
+ || !PACKET_get_bookmark(pkt, &bm)
+ || !PACKET_forward(pkt, BUF_LEN - 2)
+ || PACKET_forward(pkt, 1)
+ || !PACKET_back(pkt, 1)
+ || !PACKET_get_bytes(pkt, &byte, 1)
+ || byte[0] != 0xff
+ || !PACKET_goto_bookmark(pkt, bm)
+ || !PACKET_get_bytes(pkt, &byte, 1)
+ || byte[0] != 3) {
+ fprintf(stderr, "test_PACKET_move_funcs() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int test_PACKET_buf_init()
+{
+ unsigned char buf[BUF_LEN];
+ size_t len;
+ PACKET pkt;
+
+ /* Also tests PACKET_get_len() */
+ if ( !PACKET_buf_init(&pkt, buf, 4)
+ || !PACKET_length(&pkt, &len)
+ || len != 4
+ || !PACKET_buf_init(&pkt, buf, BUF_LEN)
+ || !PACKET_length(&pkt, &len)
+ || len != BUF_LEN
+ || pkt.end - pkt.start != BUF_LEN
+ || pkt.end < pkt.start
+ || pkt.curr < pkt.start
+ || pkt.curr > pkt.end
+ || PACKET_buf_init(&pkt, buf, -1)) {
+ fprintf(stderr, "test_PACKET_buf_init() failed\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+int main(int argc, char **argv)
+{
+ unsigned char buf[BUF_LEN];
+ unsigned int i;
+ size_t start = 0;
+ PACKET pkt;
+
+ for (i=1; i<=BUF_LEN; i++) {
+ buf[i-1] = i;
+ }
+ i = 0;
+
+ if ( !PACKET_buf_init(&pkt, buf, BUF_LEN)
+ || !PACKET_get_bookmark(&pkt, &start)) {
+ fprintf(stderr, "setup failed\n");
+ return 0;
+ }
+
+ if ( !test_PACKET_buf_init()
+ || !test_PACKET_remaining(&pkt)
+ || !test_PACKET_get_1(&pkt, start)
+ || !test_PACKET_get_4(&pkt, start)
+ || !test_PACKET_get_net_2(&pkt, start)
+ || !test_PACKET_get_net_3(&pkt, start)
+ || !test_PACKET_get_net_4(&pkt, start)
+ || !test_PACKET_get_sub_packet(&pkt, start)
+ || !test_PACKET_get_bytes(&pkt, start)
+ || !test_PACKET_copy_bytes(&pkt, start)
+ || !test_PACKET_move_funcs(&pkt, start)) {
+ return 1;
+ }
+ printf("PASS\n");
+ return 0;
+}

[Matt Caswell]

The branch master has been updated

via 496dbe1855b486c39f42d673d56924d5f9ae3c78 (commit)
via e9f6b9a1a5ba9feaeeef88d9f45508996ce43468 (commit)
via c69f2adf71d888ba1a2090ec0be3319eb024efe3 (commit)
via 657da85eea3a5825b2dd25ff25b99ec206c48136 (commit)
from 9ceb2426b0a7972434a49a34e78bdcc6437e04ad (commit)


- Log -----------------------------------------------------------------
commit 496dbe1855b486c39f42d673d56924d5f9ae3c78
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 30 11:14:44 2015 +0100

Fix make errors for the CCS changes

The move of CCS into the state machine was causing make errors to fail. This
fixes it.

Reviewed-by: Tim Hudson <t...@openssl.org>

commit e9f6b9a1a5ba9feaeeef88d9f45508996ce43468
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 30 11:30:44 2015 +0100

Fix ssl3_read_bytes handshake fragment bug

The move of CCS into the state machine introduced a bug in ssl3_read_bytes.
The value of |recvd_type| was not being set if we are satisfying the request
from handshake fragment storage. This can occur, for example, with
renegotiation and causes the handshake to fail.

Reviewed-by: Tim Hudson <t...@openssl.org>

commit c69f2adf71d888ba1a2090ec0be3319eb024efe3
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 2 11:33:07 2015 +0100

Move DTLS CCS processing into the state machine

Continuing on from the previous commit this moves the processing of DTLS
CCS messages out of the record layer and into the state machine.

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 657da85eea3a5825b2dd25ff25b99ec206c48136
Author: Matt Caswell <ma...@openssl.org>
Date: Mon May 11 09:35:41 2015 +0100

Move TLS CCS processing into the state machine

The handling of incoming CCS records is a little strange. Since CCS is not
a handshake message it is handled differently to normal handshake messages.
Unfortunately whilst technically it is not a handhshake message the reality
is that it must be processed in accordance with the state of the handshake.
Currently CCS records are processed entirely within the record layer. In
order to ensure that it is handled in accordance with the handshake state
a flag is used to indicate that it is an acceptable time to receive a CCS.

Previously this flag did not exist (see CVE-2014-0224), but the flag should
only really be considered a workaround for the problem that CCS is not
visible to the state machine.

Outgoing CCS messages are already handled within the state machine.

This patch makes CCS visible to the TLS state machine. A separate commit
will handle DTLS.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

include/openssl/ssl.h | 1 +
include/openssl/ssl3.h | 8 ++--
ssl/d1_both.c | 69 ++++++++++++++++++++++++++-----
ssl/d1_clnt.c | 19 ++++++---
ssl/d1_srvr.c | 31 +++++++-------
ssl/record/rec_layer_d1.c | 73 ++++++++-------------------------
ssl/record/rec_layer_s3.c | 86 ++++++++++++++++++---------------------
ssl/record/record.h | 6 ++-
ssl/s3_both.c | 101 ++++++++++++++++++++++++++++++++++++++++++++--
ssl/s3_clnt.c | 46 ++++++++++-----------
ssl/s3_lib.c | 8 ++--
ssl/s3_srvr.c | 69 ++++++++++---------------------
ssl/ssl_err.c | 2 +
ssl/ssl_locl.h | 10 ++---
14 files changed, 301 insertions(+), 228 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 6b6560d..06ac5c1 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1943,6 +1943,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
# define SSL_F_SSL3_GET_CERT_STATUS 289
# define SSL_F_SSL3_GET_CERT_VERIFY 136
+# define SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC 349
# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
# define SSL_F_SSL3_GET_CLIENT_HELLO 138
# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 43df925..ec339de 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -365,11 +365,6 @@ extern "C" {
# define TLS1_FLAGS_TLS_PADDING_BUG 0x0

# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
-/*
- * Set when the handshake is ready to process peer's ChangeCipherSpec message.
- * Cleared after the message has been processed.
- */
-# define SSL3_FLAGS_CCS_OK 0x0080

/* Set if we encrypt then mac instead of usual mac then encrypt */
# define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100
@@ -499,6 +494,9 @@ extern "C" {
# endif
# define DTLS1_MT_HELLO_VERIFY_REQUEST 3

+/* Dummy message type for handling CCS like a normal handshake message */
+# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101
+
# define SSL3_MT_CCS 1

/* These are used when changing over to a new cipher */
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 155b8bf..ec47b94 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -160,8 +160,8 @@ static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
unsigned short seq_num,
unsigned long frag_off,
unsigned long frag_len);
-static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
- int *ok);
+static long dtls1_get_message_fragment(SSL *s, int st1, int stn, int mt,
+ long max, int *ok);

static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
int reassembly)
@@ -470,7 +470,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
memset(msg_hdr, 0, sizeof(*msg_hdr));

again:
- i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+ i = dtls1_get_message_fragment(s, st1, stn, mt, max, ok);
if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) {
/* bad fragment received */
goto again;
@@ -485,6 +485,20 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
}

p = (unsigned char *)s->init_buf->data;
+
+ if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+ if (s->msg_callback) {
+ s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+ p, 1, s, s->msg_callback_arg);
+ }
+ /*
+ * This isn't a real handshake message so skip the processing below.
+ * dtls1_get_message_fragment() will never return a CCS if mt == -1,
+ * so we are ok to continue in that case.
+ */
+ return i;
+ }
+
msg_len = msg_hdr->msg_len;

/* reconstruct message header */
@@ -679,7 +693,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
unsigned char devnull[256];

while (frag_len) {
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
@@ -692,7 +706,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
}

/* read the body of the fragment (header has already been read */
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
frag->fragment + msg_hdr->frag_off,
frag_len, 0);
if ((unsigned long)i != frag_len)
@@ -775,7 +789,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
unsigned char devnull[256];

while (frag_len) {
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
@@ -801,7 +815,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
/*
* read the body of the fragment (header has already been read
*/
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
frag->fragment, frag_len, 0);
if ((unsigned long)i != frag_len)
i = -1;
@@ -835,11 +849,11 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
}

static long
-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+dtls1_get_message_fragment(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
unsigned char wire[DTLS1_HM_HEADER_LENGTH];
unsigned long len, frag_off, frag_len;
- int i, al;
+ int i, al, recvd_type;
struct hm_header_st msg_hdr;

redo:
@@ -851,13 +865,46 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
}

/* read handshake message header */
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
DTLS1_HM_HEADER_LENGTH, 0);
if (i <= 0) { /* nbio, or an error */
s->rwstate = SSL_READING;
*ok = 0;
return i;
}
+ if(recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ /* This isn't a real handshake message - its a CCS.
+ * There is no message sequence number in a CCS to give us confidence
+ * that this was really intended to be at this point in the handshake
+ * sequence. Therefore we only allow this if we were explicitly looking
+ * for it (i.e. if |mt| is -1 we still don't allow it).
+ */
+ if(mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+ if (wire[0] != SSL3_MT_CCS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_CHANGE_CIPHER_SPEC);

+ goto f_err;
+ }
+

+ memcpy(s->init_buf->data, wire, i);
+ s->init_num = i - 1;
+ s->init_msg = s->init_buf->data + 1;
+ s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
+ s->s3->tmp.message_size = i - 1;
+ s->state = stn;
+ *ok = 1;
+ return i-1;
+ } else {
+ /*
+ * We weren't expecting a CCS yet. Probably something got
+ * re-ordered or this is a retransmit. We should drop this and try
+ * again.
+ */
+ s->init_num = 0;
+ goto redo;
+ }
+ }
+
/* Handshake fails if message header is incomplete */
if (i != DTLS1_HM_HEADER_LENGTH) {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -926,7 +973,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
unsigned char *p =
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;

- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
&p[frag_off], frag_len, 0);

/*
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index fde0def..566c154 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -271,7 +271,6 @@ int dtls1_connect(SSL *s)
memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
s->d1->send_cookie = 0;
s->hit = 0;
- s->d1->change_cipher_spec_ok = 0;
/*
* Should have been reset by ssl3_get_finished, too.
*/
@@ -376,7 +375,7 @@ int dtls1_connect(SSL *s)
sizeof(sctpauthkey), sctpauthkey);
#endif

- s->state = SSL3_ST_CR_FINISHED_A;
+ s->state = SSL3_ST_CR_CHANGE_A;
} else
s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
}
@@ -628,7 +627,7 @@ int dtls1_connect(SSL *s)
if (s->tlsext_ticket_expected)
s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
else
- s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
+ s->s3->tmp.next_state = SSL3_ST_CR_CHANGE_A;
}
s->init_num = 0;
break;
@@ -638,7 +637,7 @@ int dtls1_connect(SSL *s)
ret = ssl3_get_new_session_ticket(s);

if (ret <= 0)
goto end;

- s->state = SSL3_ST_CR_FINISHED_A;
+ s->state = SSL3_ST_CR_CHANGE_A;
s->init_num = 0;
break;

@@ -651,9 +650,19 @@ int dtls1_connect(SSL *s)
s->init_num = 0;
break;

+ case SSL3_ST_CR_CHANGE_A:
+ case SSL3_ST_CR_CHANGE_B:
+ ret = ssl3_get_change_cipher_spec(s, SSL3_ST_CR_CHANGE_A,
+ SSL3_ST_CR_CHANGE_B);
+ if (ret <= 0)
+ goto end;
+
+ s->state = SSL3_ST_CR_FINISHED_A;
+ s->init_num = 0;
+ break;
+
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
- s->d1->change_cipher_spec_ok = 1;
ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0)
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 7a40d66..19562e1 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -257,7 +257,6 @@ int dtls1_accept(SSL *s)
}

s->init_num = 0;
- s->d1->change_cipher_spec_ok = 0;
/*
* Should have been reset by ssl3_get_finished, too.
*/
@@ -378,7 +377,7 @@ int dtls1_accept(SSL *s)
goto end;
}

- s->state = SSL3_ST_SR_FINISHED_A;
+ s->state = SSL3_ST_SR_CHANGE_A;
break;

case DTLS1_SCTP_ST_SW_WRITE_SOCK:
@@ -624,7 +623,7 @@ int dtls1_accept(SSL *s)
* pub key in a certificate, the CertificateVerify message is
* not sent.
*/
- s->state = SSL3_ST_SR_FINISHED_A;
+ s->state = SSL3_ST_SR_CHANGE_A;
s->init_num = 0;
} else if (SSL_USE_SIGALGS(s)) {
s->state = SSL3_ST_SR_CERT_VRFY_A;
@@ -675,23 +674,23 @@ int dtls1_accept(SSL *s)
s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
else
#endif
- s->state = SSL3_ST_SR_FINISHED_A;
+ s->state = SSL3_ST_SR_CHANGE_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SR_CHANGE_A:
+ case SSL3_ST_SR_CHANGE_B:
+ ret = ssl3_get_change_cipher_spec(s, SSL3_ST_SR_CHANGE_A,
+ SSL3_ST_SR_CHANGE_B);
+ if (ret <= 0)
+ goto end;
+
+ s->state = SSL3_ST_SR_FINISHED_A;
s->init_num = 0;
break;

case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- /*
- * Enable CCS. Receiving a CCS clears the flag, so make
- * sure not to re-enable it to ban duplicates. This *should* be the
- * first time we have received one - but we check anyway to be
- * cautious.
- * s->s3->change_cipher_spec is set when a CCS is
- * processed in d1_pkt.c, and remains set until
- * the client's Finished message is read.
- */
- if (!s->s3->change_cipher_spec)
- s->d1->change_cipher_spec_ok = 1;
ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0)
@@ -779,7 +778,7 @@ int dtls1_accept(SSL *s)
goto end;
s->state = SSL3_ST_SW_FLUSH;
if (s->hit) {
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
+ s->s3->tmp.next_state = SSL3_ST_SR_CHANGE_A;

#ifndef OPENSSL_NO_SCTP
/*
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 52ef8f0..3da4f11 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -379,8 +379,9 @@ int dtls1_process_buffered_records(SSL *s)
* (possibly multiple records if we still don't have anything to return).
*
* This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
* Also if record payloads contain fragments too small to process, we store
* them until there is enough for the respective protocol (the record protocol
* may use arbitrary fragmentation and even interleaving):
@@ -395,7 +396,8 @@ int dtls1_process_buffered_records(SSL *s)
* Application data protocol
* none of our business
*/
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ int len, int peek)
{
int al, i, j, ret;
unsigned int n;
@@ -537,9 +539,14 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
return (0);
}

- if (type == SSL3_RECORD_get_type(rr)) {
- /* SSL3_RT_APPLICATION_DATA or
- * SSL3_RT_HANDSHAKE */
+ if (type == SSL3_RECORD_get_type(rr)
+ || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+ && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+ /*
+ * SSL3_RT_APPLICATION_DATA or
+ * SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC
+ */
/*
* make sure that we are not getting application data when we are
* doing a handshake for the first time
@@ -551,6 +558,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
goto f_err;
}

+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RECORD_get_type(rr);
+
if (len <= 0)
return (len);

@@ -857,59 +867,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}

if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
- unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
-
- if (s->version == DTLS1_BAD_VER)
- ccs_hdr_len = 3;
-
- /*
- * 'Change Cipher Spec' is just a single byte, so we know exactly
- * what the record payload has to look like
- */
- /* XDTLS: check that epoch is consistent */
- if ((SSL3_RECORD_get_length(rr) != ccs_hdr_len)
- || (SSL3_RECORD_get_off(rr) != 0)
- || (SSL3_RECORD_get_data(rr)[0] != SSL3_MT_CCS)) {
- i = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);

- goto err;
- }
-

- SSL3_RECORD_set_length(rr, 0);
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
- SSL3_RECORD_get_data(rr), 1, s, s->msg_callback_arg);
-
/*
* We can't process a CCS now, because previous handshake messages
* are still missing, so just drop it.
*/
- if (!s->d1->change_cipher_spec_ok) {
- goto start;
- }
-
- s->d1->change_cipher_spec_ok = 0;
-
- s->s3->change_cipher_spec = 1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
-
- /* do this whenever CCS is processed */
- dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
- if (s->version == DTLS1_BAD_VER)
- s->d1->handshake_read_seq++;
-
-#ifndef OPENSSL_NO_SCTP
- /*
- * Remember that a CCS has been received, so that an old key of
- * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
- * SCTP is used
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
-#endif
-
+ SSL3_RECORD_set_length(rr, 0);
goto start;
}

@@ -1025,7 +987,6 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)

f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
return (-1);
}

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index d6e922c..8a9e303 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -955,8 +955,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
* (possibly multiple records if we still don't have anything to return).
*
* This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
* Also if record payloads contain fragments too small to process, we store
* them until there is enough for the respective protocol (the record protocol
* may use arbitrary fragmentation and even interleaving):
@@ -971,7 +972,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
* Application data protocol
* none of our business
*/
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ int len, int peek)
{
int al, i, j, ret;
unsigned int n;
@@ -1010,6 +1012,10 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
/* move any remaining fragment bytes: */
for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
s->rlayer.handshake_fragment[k] = *src++;
+
+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RT_HANDSHAKE;
+
return n;
}

@@ -1066,9 +1072,14 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
return (0);
}

- if (type == SSL3_RECORD_get_type(rr)) {
- /* SSL3_RT_APPLICATION_DATA or
- * SSL3_RT_HANDSHAKE */
+ if (type == SSL3_RECORD_get_type(rr)
+ || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+ && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+ /*
+ * SSL3_RT_APPLICATION_DATA or
+ * SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC
+ */
/*
* make sure that we are not getting application data when we are
* doing a handshake for the first time
@@ -1080,6 +1091,17 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
goto f_err;
}

+ if (type == SSL3_RT_HANDSHAKE
+ && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+ && s->rlayer.handshake_fragment_len > 0) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);

+ goto f_err;
+ }
+

+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RECORD_get_type(rr);
+
if (len <= 0)
return (len);

@@ -1105,9 +1127,16 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)

/*
* If we get here, then type != rr->type; if we have a handshake message,
- * then it was unexpected (Hello Request or Client Hello).
+ * then it was unexpected (Hello Request or Client Hello) or invalid (we
+ * were actually expecting a CCS).
*/

+ if (rr->type == SSL3_RT_HANDSHAKE && type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE);

+ goto f_err;
+ }
+

/*
* Lets just double check that we've not got an SSLv2 record
*/
@@ -1344,45 +1373,9 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}

if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
- /*
- * 'Change Cipher Spec' is just a single byte, so we know exactly
- * what the record payload has to look like
- */
- if ((SSL3_RECORD_get_length(rr) != 1)
- || (SSL3_RECORD_get_off(rr) != 0)
- || (SSL3_RECORD_get_data(rr)[0] != SSL3_MT_CCS)) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);

- goto f_err;
- }
-

- /* Check we have a cipher to change to */
- if (s->s3->tmp.new_cipher == NULL) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);

- goto f_err;
- }
-

- if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);

- goto f_err;
- }
-

- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
- SSL3_RECORD_set_length(rr, 0);
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
- SSL3_RECORD_get_data(rr), 1, s,
- s->msg_callback_arg);
-
- s->s3->change_cipher_spec = 1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
- else
- goto start;
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
}

/*
@@ -1477,7 +1470,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)

f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
return (-1);
}

diff --git a/ssl/record/record.h b/ssl/record/record.h
index 6931bb4..5c8fead 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -331,7 +331,8 @@ __owur int ssl3_pending(const SSL *s);
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragment);
-__owur int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
+ unsigned char *buf, int len, int peek);
__owur int ssl3_setup_buffers(SSL *s);
__owur int ssl3_enc(SSL *s, int send_data);
__owur int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
@@ -345,7 +346,8 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e);
void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl);
-__owur int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
+ unsigned char *buf, int len, int peek);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragement);
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 17a8054..943cf73 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -228,6 +228,74 @@ static void ssl3_take_mac(SSL *s)
}
#endif

+int ssl3_get_change_cipher_spec(SSL *s, int a, int b)
+{
+ int ok, al;
+ long n;
+
+ n = s->method->ssl_get_message(s, a, b, SSL3_MT_CHANGE_CIPHER_SPEC, 1, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ /*
+ * 'Change Cipher Spec' is just a single byte, which should already have
+ * been consumed by ssl_get_message() so there should be no bytes left,
+ * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
+ */
+ if (SSL_IS_DTLS(s)) {
+ if ((s->version == DTLS1_BAD_VER && n != DTLS1_CCS_HEADER_LENGTH + 1)
+ || (s->version != DTLS1_BAD_VER
+ && n != DTLS1_CCS_HEADER_LENGTH - 1)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC, SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ goto f_err;
+ }
+ } else {

+ if (n != 0) {

+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC, SSL_R_BAD_CHANGE_CIPHER_SPEC);

+ goto f_err;
+ }
+ }
+

+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);

+ goto f_err;
+ }
+

+ s->s3->change_cipher_spec = 1;
+ if (!ssl3_do_change_cipher_spec(s)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);

+ goto f_err;
+ }
+

+ if (SSL_IS_DTLS(s)) {
+ dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+ if (s->version == DTLS1_BAD_VER)
+ s->d1->handshake_read_seq++;
+
+#ifndef OPENSSL_NO_SCTP
+ /*
+ * Remember that a CCS has been received, so that an old key of
+ * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
+ * SCTP is used
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+#endif

+ }
+
+ return 1;

+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);

+ return 0;
+}
+
+

int ssl3_get_finished(SSL *s, int a, int b)
{
int al, i, ok;
@@ -345,7 +413,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
unsigned char *p;
unsigned long l;
long n;
- int i, al;
+ int i, al, recvd_type;

if (s->s3->tmp.reuse_message) {
s->s3->tmp.reuse_message = 0;
@@ -369,13 +437,38 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)

do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) {
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
*ok = 0;
return i;
}
+ if (s->init_num == 0
+ && recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC
+ && (mt < 0 || mt == SSL3_MT_CHANGE_CIPHER_SPEC)) {
+ if (*p != SSL3_MT_CCS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_MESSAGE,
+ SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+ s->init_num = i - 1;
+ s->init_msg = p + 1;
+ s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
+ s->s3->tmp.message_size = i - 1;
+ s->state = stn;
+ *ok = 1;
+ if (s->msg_callback)
+ s->msg_callback(0, s->version,
+ SSL3_RT_CHANGE_CIPHER_SPEC, p, 1, s,
+ s->msg_callback_arg);
+ return i - 1;
+ } else if (recvd_type != SSL3_RT_HANDSHAKE) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
s->init_num += i;
}

@@ -458,8 +551,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
p = s->init_msg;
n = s->s3->tmp.message_size - s->init_num;
while (n > 0) {
- i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num],
- n, 0);
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+ &p[s->init_num], n, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
*ok = 0;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 080dbf0..cd6918a 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -165,7 +165,7 @@

static int ssl_set_version(SSL *s);
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
-static int ssl3_check_finished(SSL *s);
+static int ssl3_check_change(SSL *s);
static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
unsigned char *p,
int (*put_cb) (const SSL_CIPHER *,
@@ -276,7 +276,6 @@ int ssl3_connect(SSL *s)
s->state = SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num = 0;
- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
/*
* Should have been reset by ssl3_get_finished, too.
*/
@@ -306,7 +305,7 @@ int ssl3_connect(SSL *s)
goto end;

if (s->hit) {
- s->state = SSL3_ST_CR_FINISHED_A;
+ s->state = SSL3_ST_CR_CHANGE_A;
if (s->tlsext_ticket_expected) {
/* receive renewed session ticket */
s->state = SSL3_ST_CR_SESSION_TICKET_A;
@@ -319,12 +318,12 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
/* Noop (ret = 0) for everything but EAP-FAST. */
- ret = ssl3_check_finished(s);
+ ret = ssl3_check_change(s);
if (ret < 0)
goto end;
if (ret == 1) {
s->hit = 1;
- s->state = SSL3_ST_CR_FINISHED_A;
+ s->state = SSL3_ST_CR_CHANGE_A;
s->init_num = 0;
break;
}
@@ -525,7 +524,7 @@ int ssl3_connect(SSL *s)
if (s->tlsext_ticket_expected)
s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
else
- s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
+ s->s3->tmp.next_state = SSL3_ST_CR_CHANGE_A;
}
s->init_num = 0;
break;
@@ -535,7 +534,7 @@ int ssl3_connect(SSL *s)
ret = ssl3_get_new_session_ticket(s);

if (ret <= 0)
goto end;

- s->state = SSL3_ST_CR_FINISHED_A;
+ s->state = SSL3_ST_CR_CHANGE_A;
s->init_num = 0;
break;

@@ -548,10 +547,19 @@ int ssl3_connect(SSL *s)
s->init_num = 0;
break;

+ case SSL3_ST_CR_CHANGE_A:
+ case SSL3_ST_CR_CHANGE_B:
+ ret = ssl3_get_change_cipher_spec(s, SSL3_ST_CR_CHANGE_A,
+ SSL3_ST_CR_CHANGE_B);
+ if (ret <= 0)
+ goto end;
+
+ s->state = SSL3_ST_CR_FINISHED_A;
+ s->init_num = 0;
+ break;
+
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
- if (!s->s3->change_cipher_spec)
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0)
@@ -3368,11 +3376,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
* the session ID. EAP-FAST (RFC 4851), however, relies on the next server
* message after the ServerHello to determine if the server is resuming.
* Therefore, we allow EAP-FAST to peek ahead.
- * ssl3_check_finished returns 1 if we are resuming from an external
- * pre-shared secret, we have a "ticket" and the next server handshake message
- * is Finished; and 0 otherwise. It returns -1 upon an error.
+ * ssl3_check_change returns 1 if we are resuming from an external
+ * pre-shared secret, we have a "ticket" and the next server message
+ * is CCS; and 0 otherwise. It returns -1 upon an error.
*/
-static int ssl3_check_finished(SSL *s)
+static int ssl3_check_change(SSL *s)
{
int ok = 0;

@@ -3380,8 +3388,6 @@ static int ssl3_check_finished(SSL *s)
!s->session->tlsext_tick)
return 0;

- /* Need to permit this temporarily, in case the next message is Finished. */
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
/*
* This function is called when we might get a Certificate message instead,
* so permit appropriate message length.
@@ -3392,23 +3398,15 @@ static int ssl3_check_finished(SSL *s)
SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B,
-1, s->max_cert_list, &ok);
- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;

if (!ok)
return -1;

s->s3->tmp.reuse_message = 1;

- if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
+ if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC)
return 1;

- /* If we're not done, then the CCS arrived early and we should bail. */
- if (s->s3->change_cipher_spec) {
- SSLerr(SSL_F_SSL3_CHECK_FINISHED, SSL_R_CCS_RECEIVED_EARLY);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);

- return -1;
- }
-

return 0;
}

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0fc0881..d39346a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4808,7 +4808,7 @@ int ssl3_shutdown(SSL *s)
/*
* If we are waiting for a close from our peer, we are closed
*/
- s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
+ s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0);
if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
return (-1); /* return WANT_READ */
}
@@ -4840,7 +4840,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
ssl3_renegotiate_check(s);
s->s3->in_read_app_data = 1;
ret =
- s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+ s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
peek);
if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
/*
@@ -4852,8 +4852,8 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
*/
s->in_handshake++;
ret =
- s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
- peek);
+ s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
+ len, peek);
s->in_handshake--;
} else
s->s3->in_read_app_data = 0;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bc7f84f..fd4c87e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -281,7 +281,6 @@ int ssl3_accept(SSL *s)

s->init_num = 0;
s->s3->flags &= ~TLS1_FLAGS_SKIP_CERT_VERIFY;
- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
/*
* Should have been reset by ssl3_get_finished, too.
*/
@@ -576,14 +575,7 @@ int ssl3_accept(SSL *s)
* not sent. Also for GOST ciphersuites when the client uses
* its key from the certificate for key exchange.
*/
-#if defined(OPENSSL_NO_NEXTPROTONEG)
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->state = SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->state = SSL3_ST_SR_FINISHED_A;
-#endif
+ s->state = SSL3_ST_SR_CHANGE_A;
s->init_num = 0;
} else if (SSL_USE_SIGALGS(s)) {
s->state = SSL3_ST_SR_CERT_VRFY_A;
@@ -650,32 +642,13 @@ int ssl3_accept(SSL *s)

if (ret <= 0)
goto end;

-#if defined(OPENSSL_NO_NEXTPROTONEG)
- s->state = SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->state = SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->state = SSL3_ST_SR_FINISHED_A;
-#endif
+ s->state = SSL3_ST_SR_CHANGE_A;
s->init_num = 0;
break;

#if !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
- /*
- * Enable CCS for NPN. Receiving a CCS clears the flag, so make
- * sure not to re-enable it to ban duplicates. This *should* be the
- * first time we have received one - but we check anyway to be
- * cautious.
- * s->s3->change_cipher_spec is set when a CCS is
- * processed in s3_pkt.c, and remains set until
- * the client's Finished message is read.
- */
- if (!s->s3->change_cipher_spec)
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
-
ret = ssl3_get_next_proto(s);

if (ret <= 0)
goto end;

@@ -684,18 +657,27 @@ int ssl3_accept(SSL *s)
break;
#endif

+
+ case SSL3_ST_SR_CHANGE_A:
+ case SSL3_ST_SR_CHANGE_B:
+ ret = ssl3_get_change_cipher_spec(s, SSL3_ST_SR_CHANGE_A,
+ SSL3_ST_SR_CHANGE_B);
+ if (ret <= 0)
+ goto end;
+
+#if defined(OPENSSL_NO_NEXTPROTONEG)
+ s->state = SSL3_ST_SR_FINISHED_A;
+#else
+ if (s->s3->next_proto_neg_seen)
+ s->state = SSL3_ST_SR_NEXT_PROTO_A;
+ else
+ s->state = SSL3_ST_SR_FINISHED_A;
+#endif
+ s->init_num = 0;
+ break;
+
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- /*
- * Enable CCS for handshakes without NPN. In NPN the CCS flag has
- * already been set. Receiving a CCS clears the flag, so make
- * sure not to re-enable it to ban duplicates.
- * s->s3->change_cipher_spec is set when a CCS is
- * processed in s3_pkt.c, and remains set until
- * the client's Finished message is read.
- */
- if (!s->s3->change_cipher_spec)
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0)
@@ -769,14 +751,7 @@ int ssl3_accept(SSL *s)
goto end;
s->state = SSL3_ST_SW_FLUSH;
if (s->hit) {
-#if defined(OPENSSL_NO_NEXTPROTONEG)
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen) {
- s->s3->tmp.next_state = SSL3_ST_SR_NEXT_PROTO_A;
- } else
- s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#endif
+ s->s3->tmp.next_state = SSL3_ST_SR_CHANGE_A;
} else

s->s3->tmp.next_state = SSL_ST_OK;

s->init_num = 0;
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 4b4d89c..539146f 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -131,6 +131,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"ssl3_get_certificate_request"},
{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "ssl3_get_cert_status"},
{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "ssl3_get_cert_verify"},
+ {ERR_FUNC(SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC),
+ "ssl3_get_change_cipher_spec"},
{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),
"ssl3_get_client_certificate"},
{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "ssl3_get_client_hello"},
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0997566..bc8388a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -563,8 +563,8 @@ struct ssl_method_st {
int (*ssl_renegotiate_check) (SSL *s);
long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
max, int *ok);
- int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len,
- int peek);
+ int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
+ unsigned char *buf, int len, int peek);
int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
int (*ssl_dispatch_alert) (SSL *s);
long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
@@ -1437,11 +1437,6 @@ typedef struct dtls1_state_st {
unsigned short timeout_duration;

unsigned int retransmitting;
- /*
- * Set when the handshake is ready to process peer's ChangeCipherSpec message.
- * Cleared after the message has been processed.
- */
- unsigned int change_cipher_spec_ok;
# ifndef OPENSSL_NO_SCTP
/* used when SSL_ST_XX_FLUSH is entered */
int next_state;
@@ -1912,6 +1907,7 @@ void ssl3_init_finished_mac(SSL *s);
__owur int ssl3_send_server_certificate(SSL *s);
__owur int ssl3_send_newsession_ticket(SSL *s);
__owur int ssl3_send_cert_status(SSL *s);
+__owur int ssl3_get_change_cipher_spec(SSL *s, int a, int b);
__owur int ssl3_get_finished(SSL *s, int state_a, int state_b);
__owur int ssl3_setup_key_block(SSL *s);
__owur int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);

[Matt Caswell]

The branch master has been updated

via 8d11b7c7ee84ad0aa243476088285d15b22c5470 (commit)
from 496dbe1855b486c39f42d673d56924d5f9ae3c78 (commit)


- Log -----------------------------------------------------------------
commit 8d11b7c7ee84ad0aa243476088285d15b22c5470
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 9 16:37:54 2015 +0100

Fix warning when compiling with no-ec2m

EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/ec/ec_key.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 620860c..a954c8e 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -346,7 +346,10 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
- int ok = 0, tmp_nid, is_char_two = 0;
+ int ok = 0;
+#ifndef OPENSSL_NO_EC2M
+ int tmp_nid, is_char_two = 0;
+#endif

if (!key || !key->group || !x || !y) {
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
@@ -362,14 +365,15 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
if (!point)
goto err;

+ tx = BN_CTX_get(ctx);
+ ty = BN_CTX_get(ctx);
+
+#ifndef OPENSSL_NO_EC2M
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));

if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;

- tx = BN_CTX_get(ctx);
- ty = BN_CTX_get(ctx);
-#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
x, y, ctx))

[Matt Caswell]

The branch master has been updated

via 0bc09ecd263acb25f04f373f31a50f50af8541bb (commit)
via 44128847e8965ec64384ac48c65f5d28126b3666 (commit)
from 8d11b7c7ee84ad0aa243476088285d15b22c5470 (commit)


- Log -----------------------------------------------------------------
commit 0bc09ecd263acb25f04f373f31a50f50af8541bb
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 4 11:44:52 2015 +0100

PACKETise ClientCertificate processing

Use the PACKET API for processing ClientCertificate messages

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 44128847e8965ec64384ac48c65f5d28126b3666
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 4 13:03:20 2015 +0100

Fix a bug in the new PACKET implementation

Some of the PACKET functions were returning incorrect data. An unfortunate
choice of test data in the unit test was masking the failure.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/packet_locl.h | 16 ++++++++--------
ssl/s3_srvr.c | 33 ++++++++++++++++++++-------------
test/packettest.c | 49 +++++++++++++++++++++++++------------------------
3 files changed, 53 insertions(+), 45 deletions(-)

diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 4aab5cb..80d0b93 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -176,8 +176,8 @@ __owur static inline int PACKET_peek_net_3(PACKET *pkt, unsigned long *data)
return 0;

*data = ((unsigned long)(*pkt->curr)) << 16;

- *data |= ((unsigned long)(*pkt->curr + 1)) << 8;
- *data |= *pkt->curr + 2;
+ *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+ *data |= *(pkt->curr + 2);

return 1;
}
@@ -203,9 +203,9 @@ __owur static inline int PACKET_peek_net_4(PACKET *pkt, unsigned long *data)
return 0;

*data = ((unsigned long)(*pkt->curr)) << 24;

- *data |= ((unsigned long)(*pkt->curr + 1)) << 16;
- *data |= ((unsigned long)(*pkt->curr + 2)) << 8;
- *data |= *pkt->curr+3;
+ *data |= ((unsigned long)(*(pkt->curr + 1))) << 16;
+ *data |= ((unsigned long)(*(pkt->curr + 2))) << 8;
+ *data |= *(pkt->curr+3);

return 1;
}
@@ -254,9 +254,9 @@ __owur static inline int PACKET_peek_4(PACKET *pkt, unsigned long *data)
return 0;

*data = *pkt->curr;
- *data |= ((unsigned long)(*pkt->curr + 1)) << 8;
- *data |= ((unsigned long)(*pkt->curr + 2)) << 16;
- *data |= ((unsigned long)(*pkt->curr + 3)) << 24;
+ *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+ *data |= ((unsigned long)(*(pkt->curr + 2))) << 16;
+ *data |= ((unsigned long)(*(pkt->curr + 3))) << 24;

return 1;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index fd4c87e..079d9be 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3012,10 +3012,11 @@ int ssl3_get_client_certificate(SSL *s)
{
int i, ok, al, ret = -1;
X509 *x = NULL;
- unsigned long l, nc, llen, n;
- const unsigned char *p, *q;
- unsigned char *d;
+ unsigned long l, llen, n;
+ const unsigned char *certstart;
+ unsigned char *certbytes;
STACK_OF(X509) *sk = NULL;
+ PACKET pkt, spkt;

n = s->method->ssl_get_message(s,

SSL3_ST_SR_CERT_A,
@@ -3051,35 +3052,42 @@ int ssl3_get_client_certificate(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
goto f_err;
}
- p = d = (unsigned char *)s->init_msg;
+
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }

if ((sk = sk_X509_new_null()) == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
goto done;
}

- n2l3(p, llen);
- if (llen + 3 != n) {
+ if (!PACKET_get_net_3(&pkt, &llen)
+ || !PACKET_get_sub_packet(&pkt, &spkt, llen)
+ || PACKET_remaining(&pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
- for (nc = 0; nc < llen;) {
- n2l3(p, l);
- if ((l + nc + 3) > llen) {
+
+ while (PACKET_remaining(&spkt) > 0) {
+ if (!PACKET_get_net_3(&spkt, &l)
+ || !PACKET_get_bytes(&spkt, &certbytes, l)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
goto f_err;
}

- q = p;
- x = d2i_X509(NULL, &p, l);
+ certstart = certbytes;
+ x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
if (x == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
goto done;
}
- if (p != (q + l)) {
+ if (certbytes != (certstart + l)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
@@ -3090,7 +3098,6 @@ int ssl3_get_client_certificate(SSL *s)
goto done;
}
x = NULL;
- nc += l + 3;
}

if (sk_X509_num(sk) <= 0) {
diff --git a/test/packettest.c b/test/packettest.c
index 92181e6..1ddb837 100644
--- a/test/packettest.c
+++ b/test/packettest.c
@@ -81,10 +81,10 @@ static int test_PACKET_get_1(PACKET *pkt, size_t start)

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_1(pkt, &i)
- || i != 0x01
+ || i != 0x02
|| !PACKET_forward(pkt, BUF_LEN - 2)
|| !PACKET_get_1(pkt, &i)
- || i != 0xff
+ || i != 0xfe
|| PACKET_get_1(pkt, &i)) {

fprintf(stderr, "test_PACKET_get_1() failed\n");

return 0;
@@ -99,10 +99,10 @@ static int test_PACKET_get_4(PACKET *pkt, size_t start)

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_4(pkt, &i)
- || i != 0x04030201UL
+ || i != 0x08060402UL
|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_get_4(pkt, &i)
- || i != 0xfffefdfcUL
+ || i != 0xfefcfaf8UL
|| PACKET_get_4(pkt, &i)) {

fprintf(stderr, "test_PACKET_get_4() failed\n");

return 0;
@@ -117,10 +117,10 @@ static int test_PACKET_get_net_2(PACKET *pkt, size_t start)

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_net_2(pkt, &i)
- || i != 0x0102
+ || i != 0x0204
|| !PACKET_forward(pkt, BUF_LEN - 4)
|| !PACKET_get_net_2(pkt, &i)
- || i != 0xfeff
+ || i != 0xfcfe
|| PACKET_get_net_2(pkt, &i)) {

fprintf(stderr, "test_PACKET_get_net_2() failed\n");

return 0;
@@ -135,11 +135,12 @@ static int test_PACKET_get_net_3(PACKET *pkt, size_t start)

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_net_3(pkt, &i)
- || i != 0x010203UL
+ || i != 0x020406UL
|| !PACKET_forward(pkt, BUF_LEN - 6)
|| !PACKET_get_net_3(pkt, &i)
- || i != 0xfdfeffUL
+ || i != 0xfafcfeUL
|| PACKET_get_net_3(pkt, &i)) {
+ fprintf(stderr, "i is %ld\n", i);

fprintf(stderr, "test_PACKET_get_net_3() failed\n");

return 0;
}
@@ -153,10 +154,10 @@ static int test_PACKET_get_net_4(PACKET *pkt, size_t start)

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_net_4(pkt, &i)
- || i != 0x01020304UL
+ || i != 0x02040608UL
|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_get_net_4(pkt, &i)
- || i != 0xfcfdfeffUL
+ || i != 0xf8fafcfeUL
|| PACKET_get_net_4(pkt, &i)) {

fprintf(stderr, "test_PACKET_get_net_4() failed\n");

return 0;
@@ -173,12 +174,12 @@ static int test_PACKET_get_sub_packet(PACKET *pkt, size_t start)
if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_sub_packet(pkt, &subpkt, 4)
|| !PACKET_get_net_4(&subpkt, &i)
- || i != 0x01020304UL
+ || i != 0x02040608UL
|| PACKET_remaining(&subpkt)
|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_get_sub_packet(pkt, &subpkt, 4)
|| !PACKET_get_net_4(&subpkt, &i)
- || i != 0xfcfdfeffUL
+ || i != 0xf8fafcfeUL
|| PACKET_remaining(&subpkt)
|| PACKET_get_sub_packet(pkt, &subpkt, 4)) {

fprintf(stderr, "test_PACKET_get_sub_packet() failed\n");

@@ -194,13 +195,13 @@ static int test_PACKET_get_bytes(PACKET *pkt, size_t start)

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_bytes(pkt, &bytes, 4)
- || bytes[0] != 1 || bytes[1] != 2
- || bytes[2] != 3 || bytes[3] != 4
+ || bytes[0] != 2 || bytes[1] != 4
+ || bytes[2] != 6 || bytes[3] != 8
|| PACKET_remaining(pkt) != BUF_LEN -4
|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_get_bytes(pkt, &bytes, 4)
- || bytes[0] != 0xfc || bytes[1] != 0xfd
- || bytes[2] != 0xfe || bytes[3] != 0xff
+ || bytes[0] != 0xf8 || bytes[1] != 0xfa
+ || bytes[2] != 0xfc || bytes[3] != 0xfe
|| PACKET_remaining(pkt)) {

fprintf(stderr, "test_PACKET_get_bytes() failed\n");

return 0;
@@ -215,13 +216,13 @@ static int test_PACKET_copy_bytes(PACKET *pkt, size_t start)

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_copy_bytes(pkt, bytes, 4)
- || bytes[0] != 1 || bytes[1] != 2
- || bytes[2] != 3 || bytes[3] != 4
+ || bytes[0] != 2 || bytes[1] != 4
+ || bytes[2] != 6 || bytes[3] != 8

|| PACKET_remaining(pkt) != BUF_LEN - 4

|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_copy_bytes(pkt, bytes, 4)
- || bytes[0] != 0xfc || bytes[1] != 0xfd
- || bytes[2] != 0xfe || bytes[3] != 0xff
+ || bytes[0] != 0xf8 || bytes[1] != 0xfa
+ || bytes[2] != 0xfc || bytes[3] != 0xfe
|| PACKET_remaining(pkt)) {

fprintf(stderr, "test_PACKET_copy_bytes() failed\n");

return 0;
@@ -239,16 +240,16 @@ static int test_PACKET_move_funcs(PACKET *pkt, size_t start)
|| PACKET_back(pkt, 1)
|| !PACKET_forward(pkt, 1)
|| !PACKET_get_bytes(pkt, &byte, 1)
- || byte[0] != 2
+ || byte[0] != 4
|| !PACKET_get_bookmark(pkt, &bm)
|| !PACKET_forward(pkt, BUF_LEN - 2)
|| PACKET_forward(pkt, 1)
|| !PACKET_back(pkt, 1)
|| !PACKET_get_bytes(pkt, &byte, 1)
- || byte[0] != 0xff
+ || byte[0] != 0xfe
|| !PACKET_goto_bookmark(pkt, bm)
|| !PACKET_get_bytes(pkt, &byte, 1)
- || byte[0] != 3) {
+ || byte[0] != 6) {

fprintf(stderr, "test_PACKET_move_funcs() failed\n");

return 0;
}
@@ -289,7 +290,7 @@ int main(int argc, char **argv)
PACKET pkt;

for (i=1; i<=BUF_LEN; i++) {

- buf[i-1] = i;
+ buf[i-1] = (i * 2) & 0xff;
}
i = 0;

[Matt Caswell]

The branch master has been updated

via f532a35d2ac4364c4ce0f0a68170b2a2228469cc (commit)
from 0bc09ecd263acb25f04f373f31a50f50af8541bb (commit)


- Log -----------------------------------------------------------------
commit f532a35d2ac4364c4ce0f0a68170b2a2228469cc
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Aug 3 16:56:41 2015 +0100

PACKETise CertificateVerify processing

Modify CertificateVerify processing to use the new PACKET API.

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/s3_srvr.c | 47 ++++++++++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 17 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 079d9be..3072270 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2816,13 +2816,15 @@ int ssl3_get_client_key_exchange(SSL *s)
int ssl3_get_cert_verify(SSL *s)
{
EVP_PKEY *pkey = NULL;
- unsigned char *p;
+ unsigned char *sig, *data;
int al, ok, ret = 0;
long n;
int type = 0, i, j;
+ unsigned int len;
X509 *peer;
const EVP_MD *md = NULL;
EVP_MD_CTX mctx;
+ PACKET pkt;
EVP_MD_CTX_init(&mctx);

/*
@@ -2859,7 +2861,11 @@ int ssl3_get_cert_verify(SSL *s)
}

/* we now have a signature that we need to verify */
- p = (unsigned char *)s->init_msg;

+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {

+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
/* Check for broken implementations of GOST ciphersuites */
/*
* If key is GOST and n is exactly 64, it is bare signature without
@@ -2867,10 +2873,16 @@ int ssl3_get_cert_verify(SSL *s)
*/
if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
pkey->type == NID_id_GostR3410_2001)) {
- i = 64;
+ len = 64;
} else {
if (SSL_USE_SIGALGS(s)) {
- int rv = tls12_check_peer_sigalg(&md, s, p, pkey);
+ int rv;
+
+ if (!PACKET_get_bytes(&pkt, &sig, 2)) {
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+ rv = tls12_check_peer_sigalg(&md, s, sig, pkey);
if (rv == -1) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
@@ -2881,23 +2893,24 @@ int ssl3_get_cert_verify(SSL *s)
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
- p += 2;
- n -= 2;
}
- n2s(p, i);
- n -= 2;
- if (i > n) {
+ if (!PACKET_get_net_2(&pkt, &len)) {
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
}
j = EVP_PKEY_size(pkey);
- if ((i > j) || (n > j) || (n <= 0)) {
+ if (((int)len > j) || ((int)PACKET_remaining(&pkt) > j) || (n <= 0)) {
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
+ if (!PACKET_get_bytes(&pkt, &data, len)) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }

if (SSL_USE_SIGALGS(s)) {
long hdatalen = 0;
@@ -2919,7 +2932,7 @@ int ssl3_get_cert_verify(SSL *s)
goto f_err;
}

- if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
+ if (EVP_VerifyFinal(&mctx, data, len, pkey) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
goto f_err;
@@ -2928,7 +2941,7 @@ int ssl3_get_cert_verify(SSL *s)
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, data, len,
pkey->pkey.rsa);
if (i < 0) {
al = SSL_AD_DECRYPT_ERROR;
@@ -2946,7 +2959,7 @@ int ssl3_get_cert_verify(SSL *s)
if (pkey->type == EVP_PKEY_DSA) {
j = DSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
+ SHA_DIGEST_LENGTH, data, len, pkey->pkey.dsa);
if (j <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR;
@@ -2959,7 +2972,7 @@ int ssl3_get_cert_verify(SSL *s)
if (pkey->type == EVP_PKEY_EC) {
j = ECDSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
+ SHA_DIGEST_LENGTH, data, len, pkey->pkey.ec);
if (j <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR;
@@ -2974,11 +2987,11 @@ int ssl3_get_cert_verify(SSL *s)
int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_verify_init(pctx);
- if (i != 64) {
- fprintf(stderr, "GOST signature length is %d", i);
+ if (len != 64) {
+ fprintf(stderr, "GOST signature length is %d", len);
}
for (idx = 0; idx < 64; idx++) {
- signature[63 - idx] = p[idx];
+ signature[63 - idx] = data[idx];
}
j = EVP_PKEY_verify(pctx, signature, 64, s->s3->tmp.cert_verify_md,
32);

[Matt Caswell]

The branch master has been updated

via c3fc7eeab884b6876a1b4006163f190d325aa047 (commit)
from f532a35d2ac4364c4ce0f0a68170b2a2228469cc (commit)


- Log -----------------------------------------------------------------
commit c3fc7eeab884b6876a1b4006163f190d325aa047
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 4 13:52:03 2015 +0100

PACKETise NextProto

Change NextProto message processing to use the PACKET API.

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/s3_srvr.c | 43 ++++++++++++++++++++++++-------------------
1 file changed, 24 insertions(+), 19 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 3072270..b60c962 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3400,9 +3400,9 @@ int ssl3_send_cert_status(SSL *s)
int ssl3_get_next_proto(SSL *s)
{
int ok;
- int proto_len, padding_len;
+ unsigned int proto_len, padding_len;
long n;
- const unsigned char *p;
+ PACKET pkt;

/*
* Clients cannot send a NextProtocol message if we didn't see the
@@ -3436,11 +3436,13 @@ int ssl3_get_next_proto(SSL *s)
}

if (n < 2) {

- s->state = SSL_ST_ERR;

- return 0; /* The body must be > 1 bytes long */
+ goto err; /* The body must be > 1 bytes long */

}

- p = (unsigned char *)s->init_msg;
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {

+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }

/*-
* The payload looks like:
@@ -3449,27 +3451,30 @@ int ssl3_get_next_proto(SSL *s)
* uint8 padding_len;
* uint8 padding[padding_len];
*/
- proto_len = p[0];
- if (proto_len + 2 > s->init_num) {

- s->state = SSL_ST_ERR;

- return 0;
- }
- padding_len = p[proto_len + 1];
- if (proto_len + padding_len + 2 != s->init_num) {

- s->state = SSL_ST_ERR;

- return 0;
+ if (!PACKET_get_1(&pkt, &proto_len)){
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}

s->next_proto_negotiated = OPENSSL_malloc(proto_len);
- if (!s->next_proto_negotiated) {
+ if (s->next_proto_negotiated == NULL) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);

- s->state = SSL_ST_ERR;

- return 0;

+ goto err;
+ }
+

+ if (!PACKET_copy_bytes(&pkt, s->next_proto_negotiated, proto_len)
+ || !PACKET_get_1(&pkt, &padding_len)
+ || PACKET_remaining(&pkt) != padding_len) {
+ OPENSSL_free(s->next_proto_negotiated);
+ s->next_proto_negotiated = NULL;
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}
- memcpy(s->next_proto_negotiated, p + 1, proto_len);
- s->next_proto_negotiated_len = proto_len;

return 1;
+err:
+ s->state = SSL_ST_ERR;
+ return 0;
}
#endif

[Matt Caswell]

The branch master has been updated

via e77bdc7310fc8fb9e22fd481a991b3576d128b9f (commit)
from c3fc7eeab884b6876a1b4006163f190d325aa047 (commit)


- Log -----------------------------------------------------------------
commit e77bdc7310fc8fb9e22fd481a991b3576d128b9f
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 4 19:18:02 2015 +0100

Fix SRTP s_client/s_server options

The -use_srtp s_client/s_server option is supposed to take a colon
separated string as an argument. In master this was incorrectly set to
expect a filename.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/s_client.c | 2 +-
apps/s_server.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 5971f8a..2b69355 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -519,7 +519,7 @@ OPTIONS s_client_options[] = {

"Load the file(s) into the random number generator"},
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},

{"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
- {"use_srtp", OPT_USE_SRTP, '<',
+ {"use_srtp", OPT_USE_SRTP, 's',
"Offer SRTP key management with a colon-separated profile list"},
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
diff --git a/apps/s_server.c b/apps/s_server.c
index a1fcb6e..e7c794c 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -949,7 +949,7 @@ OPTIONS s_server_options[] = {
"Set the advertised protocols for the NPN extension (comma-separated list)"},
#endif
#ifndef OPENSSL_NO_SRTP
- {"use_srtp", OPT_SRTP_PROFILES, '<',
+ {"use_srtp", OPT_SRTP_PROFILES, 's',
"Offer SRTP key management with a colon-separated profile list"},
{"alpn", OPT_ALPN, 's',
"Set the advertised protocols for the ALPN extension (comma-separated list)"},

[Rich Salz]

The branch master has been updated

via 596c3f5934df1cbc1fc8fe61d0f690b48af753f5 (commit)
from 7396e9b0e72bece0d79baa53e1459e8bdeb5cb76 (commit)


- Log -----------------------------------------------------------------
commit 596c3f5934df1cbc1fc8fe61d0f690b48af753f5
Author: Rich Salz <rs...@akamai.com>
Date: Tue Aug 4 16:31:10 2015 -0400

Update non-profit org status

-----------------------------------------------------------------------

Summary of changes:
support/donations.wml | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/support/donations.wml b/support/donations.wml
index 04ad7fc..88c48e8 100644
--- a/support/donations.wml
+++ b/support/donations.wml
@@ -8,12 +8,15 @@
<p>Your donation to the OpenSSL team will support the ongoing development activities of the team members.
</p>

-<p>Please note that the <a href="funding/support-contact.html">OpenSSL Software Foundation</a> (OSF) is incorporated in the United States as a regular for-profit corporation.
-It does not qualify as a non-profit, charitable organisation under Section 501(c)(3)
-of the U.S. Internal Revenue Code. We looked into it and concluded that 501(c)(3) status would require more of an
-investment in time and money than we can justify at present. This means that, for individuals within the U.S., donations
-to the OSF are not tax-deductible. Corporate donations can of course be written off as a business expense.
-</p>
+<p>Please note that the <a href="funding/support-contact.html">OpenSSL
+Software Foundation</a> (OSF) is incorporated in the the state of Delware,
+United States, as a non-profit corporation. It does not qualify as
+a charitable organisation under Section 501(c)(3) of the U.S. Internal
+Revenue Code. We looked into it and concluded that 501(c)(3) status
+would require more of an investment in time and money than we can justify
+at present. This means that, for individuals within the U.S., donations
+to the OSF are not tax-deductible. Corporate donations can of course be
+written off as a business expense. </p>

<p>In addition to direct financial contributions in the form of donations or sponsorship you may also
support the OpenSSL project financially with the purchase of a <a href="funding/contract.html"> support contract</a>,

[Matt Caswell]

The branch master has been updated

via 6f136aa6fc834fd841aee6c5267288ed13aae19d (commit)
via 6c3cca5793b1ac57daceb8111d842f954a5ecf6a (commit)
from e77bdc7310fc8fb9e22fd481a991b3576d128b9f (commit)


- Log -----------------------------------------------------------------
commit 6f136aa6fc834fd841aee6c5267288ed13aae19d
Author: Adam Eijdenberg <eijde...@google.com>
Date: Tue Aug 4 15:15:38 2015 -0700

Change error reason to match previous behaviour.

Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 6c3cca5793b1ac57daceb8111d842f954a5ecf6a
Author: Adam Eijdenberg <eijde...@google.com>
Date: Tue Aug 4 14:59:47 2015 -0700

Fix unhandled error condition in sslv2 client hello parsing.

--strict-warnings started showing warnings for this today...

Surely an error should be raised if these reads fail?

Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_srvr.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b60c962..76f49bd 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1014,6 +1014,9 @@ int ssl3_get_client_hello(SSL *s)
if (!PACKET_get_net_2(&pkt, &csl)
|| !PACKET_get_net_2(&pkt, &sil)
|| !PACKET_get_net_2(&pkt, &cl)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);

+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
}

if (csl == 0) {

[Steve Marquess]

The branch master has been updated

via e31df12862d63ba8ad09ec18461fb37c1698cd4b (commit)
from 596c3f5934df1cbc1fc8fe61d0f690b48af753f5 (commit)


- Log -----------------------------------------------------------------
commit e31df12862d63ba8ad09ec18461fb37c1698cd4b
Author: Steve Marquess <marq...@openssl.com>
Date: Wed Aug 5 10:11:32 2015 -0400

Restore Nokia logo

-----------------------------------------------------------------------

Summary of changes:
support/acknowledgments.wml | 3 +++

1 file changed, 3 insertions(+)

diff --git a/support/acknowledgments.wml b/support/acknowledgments.wml
index 5c583ac..ca8345e 100644
--- a/support/acknowledgments.wml
+++ b/support/acknowledgments.wml
@@ -60,6 +60,9 @@ Platinum sponsors (listed chronologically, left to right). The sustainable fund
<tr>

<td>
+ <a href="http://company.nokia.com/en">
+ <img src="$(IMG)/nokia-logo-med.jpg" align=center border=0>
+ </a>
<a href="http://www.huawei.com/">
<img src="$(IMG)/huawei-logo-med.jpg" align=center border=0>
</a>

[Rich Salz]

The branch master has been updated

via 1125245997dac232a0c0867b6c858cda4e549c6d (commit)
from 6f136aa6fc834fd841aee6c5267288ed13aae19d (commit)


- Log -----------------------------------------------------------------
commit 1125245997dac232a0c0867b6c858cda4e549c6d
Author: Anton Blanchard <an...@samba.org>
Date: Wed Aug 5 21:48:35 2015 -0400

RT3990: Fix #include path.

Signed-off-by: Rich Salz <rs...@openssl.org>

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/ppccap.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index 2b7f704..74af473 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -7,7 +7,7 @@
#if defined(__linux) || defined(_AIX)
# include <sys/utsname.h>
#endif
-#include <crypto.h>
+#include <openssl/crypto.h>
#include <openssl/bn.h>

#include "ppc_arch.h"

[Steve Marquess]

The branch master has been updated

via 3028310b6b3d3eb66b052f2fb5d065e783cafe76 (commit)
from e31df12862d63ba8ad09ec18461fb37c1698cd4b (commit)

- Log -----------------------------------------------------------------
commit 3028310b6b3d3eb66b052f2fb5d065e783cafe76
Author: Steve Marquess <marq...@openssl.com>
Date: Wed Aug 5 11:45:11 2015 -0400

Sort out legal entity references (long overdue!)

-----------------------------------------------------------------------

Summary of changes:
about/contacts.wml | 69 +++++++++++++++++++++++++++++++------
about/openssl-contact.wml | 22 ++++++++++++
docs/fips/fipsnotes.wml | 2 +-
docs/fips/fipsvalidation.wml | 6 ++--
docs/fips/privatelabel.wml | 6 ++--
docs/index.wml | 2 +-
support/acknowledgments.wml | 2 +-
support/consulting.wml | 2 +-
support/donations-cn.wml | 2 +-
support/donations.wml | 8 ++---
support/funding/contract.wml | 2 +-
support/funding/support-contact.wml | 12 +++----
12 files changed, 102 insertions(+), 33 deletions(-)
create mode 100644 about/openssl-contact.wml

diff --git a/about/contacts.wml b/about/contacts.wml
index e8d72db..658aa8d 100644
--- a/about/contacts.wml
+++ b/about/contacts.wml
@@ -20,36 +20,83 @@ to dispose of. You may <i>request</i> support, but it's the contact's
responsability and freedom alone to decide if he wants to give any support
or not, regardless of who makes the request.</p>

+<p>The <i>OpenSSL Software Foundation</i> represents the OpenSSL project in most capacities including contributor license
+agreements, managing donations, etc.</p>
+</p>
+
<table>
<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
<tr><td>
-OpenSSL SE<br>
-c/o Richard Levitte<br>
-Nordingrågatan 20<br>
-S-162 53 Vällingby<br>
-Sweden<br>
-<i>E-mail:</i> <a href="mailto:openssl-c...@openssl.org">openssl-c...@openssl.org</a>
+OpenSSL Software Foundation<br>
+20-22 Wenlock Road<br>
+London<br>
+N1 7GU<br>
+United Kingdom<br>
++44 1785508015 (UK)<br>
++1 877-OPENSSL(6775) (US toll free)<br>
++1 301-956-2281 (US)<br>
+<i>E-mail:</i> <a href="mailto:in...@opensslfoundation.org">in...@opensslfoundation.org</a>
</td><td valign=top>
-Sweden only
+Worldwide
</td></tr>
</table>

-<p>The <i>OpenSSL Software Foundation</i> represents the OpenSSL project in some capacities, such as providing formal support contracts, brokering consulting contracts for OpenSSL team members, and disbursing dontations.</p>
+<p><i>OpenSSL Software Services</i> represents the OpenSSL project for selected commercial or quasi-commercial contexts, such
+as providing formal support contracts and brokering consulting contracts for OpenSSL team members</p>
</p>

<table>
<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
<tr><td>
-OpenSSL Software Foundation<br>
+OpenSSL Software Services Inc.<br>
+40 E Main St, Suite 744<br>
+Newark DE 19711<br>
+USA<br>
++1 240-215-3103<br>
+<i>E-mail:</i> <a href="mailto:in...@opensslservices.com">in...@opensslservices.com</a>
+</td><td valign=top>
+Worldwide
+</td></tr>
+</table>
+
+<p>
+Commercial activities specific to FIPS 140-2 validations and the OpenSSL FIPS Object Module are handled by <i>OpenSSL Validation Services</i>:
+</p>
+
+<table>
+<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
+<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
+<tr><td>
+OpenSSL Validation Services Inc.<br>
1829 Mount Ephraim Road<br>
Adamstown, MD 21710<br>
USA<br>
-+1 877 673 6775
-<i>E-mail:</i> <a href="mailto:in...@opensslfoundation.com">in...@opensslfoundation.com</a>
++1 301-874-2571<br>
+<i>E-mail:</i> <a href="mailto:in...@openssl.com">in...@openssl.com</a>
</td><td valign=top>
Worldwide
</td></tr>
</table>

+<p>
+<p>
+Some OpenSSL team members are available for selected consulting engagements:
+<p>
+
+<table>
+<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
+<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
+<tr><td>
+OpenSSL SE<br>
+c/o Richard Levitte<br>
+Nordingrågatan 20<br>
+S-162 53 Vällingby<br>
+Sweden<br>
+<i>E-mail:</i> <a href="mailto:openssl-c...@openssl.org">openssl-c...@openssl.org</a>
+</td><td valign=top>
+Sweden only
+</td></tr>
+</table>
+
diff --git a/about/openssl-contact.wml b/about/openssl-contact.wml
new file mode 100644
index 0000000..8b9c590
--- /dev/null
+++ b/about/openssl-contact.wml
@@ -0,0 +1,22 @@
+
+#use wml::openssl area=funding page=index
+
+<title>OpenSSL Software Foundation Contact Info</title>
+
+<h1>OpenSSL Software Foundation Queries</h1>
+
+Direct queries concerning any non-commercial activites or issues to:<br>
+<br>
+OpenSSL Software Foundation<br>
+20-22 Wenlock Road<br>
+London<br>
+N1 7GU<br>
+United Kingdom<br>
++44 1785508015 (UK)<br>
++1 877-OPENSSL(6775) (US toll free)<br>
++1 301-956-2281 (US)<br>
+<a href="mailto:in...@opensslfoundation.org">in...@opensslfoundation.org</a>
+<p>
+You will probably wind up talking to Steve Marquess who currently handles OpenSSL commercial contracting, he is
+reachable directly at <a href="mailto:marq...@opensslfoundation.org">marq...@opensslfoundation.org</a> or
+the telephone numbers above.
diff --git a/docs/fips/fipsnotes.wml b/docs/fips/fipsnotes.wml
index 5ce62c8..ef2b234 100644
--- a/docs/fips/fipsnotes.wml
+++ b/docs/fips/fipsnotes.wml
@@ -84,7 +84,7 @@ no longer a suitable model for private label validations in its current form pas

<h2>Upcoming Validations</h2>
<p>
-No new validations are currently planned. The <a href="http://www.opensslfoundation.com/fips/ig95.html">I.G. 9.5</a>
+No new validations are currently planned. The <a href="http://www.openssl.com/fips/ig95.html">I.G. 9.5</a>
issue has effectively precluded consideration of new validations for much of 2013, but with the July 25 2013 update of the
<a href="http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf">Implementation Guidance</a>
(I.G.) document such validations appear to be feasible again. We will be happy to discuss our current understanding of
diff --git a/docs/fips/fipsvalidation.wml b/docs/fips/fipsvalidation.wml
index f910477..b75ffb7 100644
--- a/docs/fips/fipsvalidation.wml
+++ b/docs/fips/fipsvalidation.wml
@@ -15,7 +15,7 @@ is documented in the <a href="UserGuide-1.2.pdf">1.2 User Guide</a>.
<p>
<font color="#cc3333">Important Note:</font>
Due to new requirements introduced in 2013 the current v2.0 Module is no longer suitable as a
-reference for private label validations; see the <a href="http://www.opensslfoundation.com/fips/ig95.html">I.G. 9.5 FAQ</a>.
+reference for private label validations; see the <a href="http://www.openssl.com/fips/ig95.html">I.G. 9.5 FAQ</a>.
Due to earlier changes in the FIPS 140-2 validation
requirements the v1.2 Module is no longer be a suitable model for private label validations
in its current form past the year 2010; see the NIST
@@ -83,7 +83,7 @@ remain valid for the platforms tested at the time those revisions were approved.
<a name="sponsors">
<h2>Sponsors</h2>
</a>
-The OpenSSL Software Foundation receives support from multiple sources for each
+The OpenSSL FIPS Object Module validations receive support from multiple sources for each
validation effort; however only those sponsors who have elected to be recognised
for their contribution to OpenSSL are listed below.
<ul>
@@ -151,7 +151,7 @@ Directorate-sponsored Homeland Open Security Technology (HOST) program</a>, algo
</ul>
<p>
If you have an interest in sponsoring any changes or additions to this validation
-please contact the <a href="http://openssl.org/support/funding/support-contact.html">OSF</a>.
+please contact <a href="http://openssl.com/fips">OpenSSL Validation Services</a>.
<p>
Some commercial software vendors ask us "what do we gain from sponsoring a validation
that our competition can also use?". Our answer is "nothing, if you think in terms of
diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml
index 81d2e0c..19a4f6e 100644
--- a/docs/fips/privatelabel.wml
+++ b/docs/fips/privatelabel.wml
@@ -21,8 +21,8 @@ The rest of this page is of historical interest only.

<h2>What It Is</h2>

-We have found that one of the most popular commercial services offered by the
-OpenSSL Software Foundation is the <a href="fipsnotes.html#privatelabel">private label validation</a>. It's not a
+We have found that one of the most popular commercial services offered by the OpenSSL team
+is the <a href="fipsnotes.html#privatelabel">private label validation</a>. It's not a
business we ever planned to be in, but as the originators of the source code based
OpenSSL FIPS Object Module validations, and with lots of practice, we've gotten pretty good at it.
The revenue we earn from these validations supports the OpenSSL project, and for some
@@ -95,4 +95,4 @@ Note minor software modifications can often be accommodated in a change letter m
<p>
<hr>

-Interested? Contact the <a href="/support/funding/support-contact.html">OSF</a>.
+Interested? Contact <a href="http://openssl.com/fips">OpenSSL Software Services</a>.
diff --git a/docs/index.wml b/docs/index.wml
index bda3dc9..3ad49e6 100644
--- a/docs/index.wml
+++ b/docs/index.wml
@@ -31,7 +31,7 @@ features which are not present in other releases.
HOWTO documents to introduce concepts or explain them in a way that is not possible in the manuals.
<p>
<li><a href="http://wiki.openssl.org/"><font id=sfl>WIKI</font></a><br>
- A wiki providing information and guidance about openssl. Operated by the OpenSSL foundation.
+ A wiki providing information and guidance about openssl. Operated by the OpenSSL Software Foundation.
<p>
<li><a href="fips/"><font id=sfl>FIPS140</font></a>:<br>
Data and documentation related to the FIPS140 validation support in OpenSSL
diff --git a/support/acknowledgments.wml b/support/acknowledgments.wml
index ca8345e..151c2fe 100644
--- a/support/acknowledgments.wml
+++ b/support/acknowledgments.wml
@@ -189,4 +189,4 @@ Please note that we ask permission to identify sponsors and that some sponsors w
inclusion here have requested to remain anonymous.
<p>
Additional sponsorship or financial support of any kind is always welcome; for more information please
-contact the <a href="funding/support-contact.html">OpenSSL Software Foundation</a>
+contact the <a href="../about/openssl-contact.html">OpenSSL Software Foundation</a>
diff --git a/support/consulting.wml b/support/consulting.wml
index c0fb199..12e773d 100644
--- a/support/consulting.wml
+++ b/support/consulting.wml
@@ -64,5 +64,5 @@ several formats such as our
in mailing list announcements.

<p>
-For further information please contact the <a href="funding/support-contact.html">OpenSSL Software Foundation</a>.
+For further information please contact our consulting organization, <a href="funding/support-contact.html">OpenSSL Software Services</a>.

diff --git a/support/donations-cn.wml b/support/donations-cn.wml
index 5cad838..eef9802 100644
--- a/support/donations-cn.wml
+++ b/support/donations-cn.wml
@@ -116,4 +116,4 @@ We really appreciate your support of the OpenSSL project!
<br>
<br>
As noted above these donations are currently <em>not</em> tax-deductible!<br>
-For further information please contact the <a href="funding/support-contact.html">OpenSSL Software Foundation</a>.
+For further information please contact the <a href="about/openssl-contact.html">OpenSSL Software Foundation</a>.
diff --git a/support/donations.wml b/support/donations.wml
index 88c48e8..33f0662 100644
--- a/support/donations.wml
+++ b/support/donations.wml
@@ -8,10 +8,10 @@

<p>Your donation to the OpenSSL team will support the ongoing development activities of the team members.
</p>

-<p>Please note that the <a href="funding/support-contact.html">OpenSSL

-Software Foundation</a> (OSF) is incorporated in the the state of Delware,
+<p>Please note that the <a href="../about/openssl-contact.html">OpenSSL
+Software Foundation</a> (OSF) is incorporated in the the state of Delaware,

United States, as a non-profit corporation. It does not qualify as

-a charitable organisation under Section 501(c)(3) of the U.S. Internal
+a tax-exempt charitable organisation under Section 501(c)(3) of the U.S. Internal

Revenue Code. We looked into it and concluded that 501(c)(3) status

would require more of an investment in time and money than we can justify

at present. This means that, for individuals within the U.S., donations

@@ -103,4 +103,4 @@ We also accept donations in any amount via credit card or PayPal:
<br>
<br>
As noted above these donations are currently <em>not</em> tax-deductible!<br>
-For further information please contact the <a href="funding/support-contact.html">OpenSSL Software Foundation</a>.
+For further information please contact the <a href="../about/openssl-contact.html">OpenSSL Software Foundation</a>.
diff --git a/support/funding/contract.wml b/support/funding/contract.wml
index cd5c214..d45b6b1 100644
--- a/support/funding/contract.wml
+++ b/support/funding/contract.wml
@@ -33,5 +33,5 @@ custom arrangements.
Per-incident support.
<p>
</ul>
-For further information please contact the <a href="support-contact.html">OSF</a>.
+For further information please contact <a href="support-contact.html">OpenSSL Software Services</a>.

diff --git a/support/funding/support-contact.wml b/support/funding/support-contact.wml
index b6fbd07..b66b75a 100644
--- a/support/funding/support-contact.wml
+++ b/support/funding/support-contact.wml
@@ -7,13 +7,13 @@

Direct queries concerning support contracts, donations or consulting services to:<br>
<br>
-The OpenSSL Software Foundation<br>
-1829 Mount Ephraim Road<br>
-Adamstown, MD 21710<br>
+OpenSSL Software Services, Inc.<br>
+40 E Main St, Suite 744<br>
+Newark DE 19711<br>
USA<br>
-+1 877-OPENSSL (+1 877 673 6775)<br>
-<a href="mailto:in...@opensslfoundation.com">in...@opensslfoundation.com</a>
++1 240-215-3103<br>
+<a href="mailto:in...@opensslservices.com">in...@opensslservices.com</a>
<p>
You will probably wind up talking to Steve Marquess who currently handles OpenSSL commercial contracting, he is
-reachable directly at <a href="mailto:marq...@opensslfoundation.com">marq...@opensslfoundation.com</a> or
+reachable directly at <a href="mailto:marq...@openssl.com">marq...@openssl.com</a> or
the telephone number above.

[Ben Laurie]

The branch master has been updated

via 704563f04a8401781b359906c1f88a30e12af69c (commit)
from 1125245997dac232a0c0867b6c858cda4e549c6d (commit)


- Log -----------------------------------------------------------------
commit 704563f04a8401781b359906c1f88a30e12af69c
Author: Ben Laurie <b...@links.org>
Date: Thu Aug 6 21:32:58 2015 +0100

Fix uninitalised warning.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

test/packettest.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/packettest.c b/test/packettest.c
index 1ddb837..f7f9ec8 100644
--- a/test/packettest.c
+++ b/test/packettest.c
@@ -131,7 +131,7 @@ static int test_PACKET_get_net_2(PACKET *pkt, size_t start)

static int test_PACKET_get_net_3(PACKET *pkt, size_t start)

{
- unsigned long i;
+ unsigned long i = 0;

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_net_3(pkt, &i)

[Matt Caswell]

The branch master has been updated

via e23a3fc8e38a889035bf0964c70c7699f4a38e5c (commit)
via 04fe876b5616793b32e92e965a662bbbed7f71d1 (commit)
from 704563f04a8401781b359906c1f88a30e12af69c (commit)


- Log -----------------------------------------------------------------
commit e23a3fc8e38a889035bf0964c70c7699f4a38e5c
Author: Adam Eijdenberg <adam.ei...@gmail.com>
Date: Tue Aug 4 16:29:07 2015 -0700

Fix clang uninitialized variable warning.

We could just initialize it, but to be consistent with the rest of the file
it seemed to make more sense to just drop.

Reviewed-by: Ben Laurie <b...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 04fe876b5616793b32e92e965a662bbbed7f71d1
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Aug 6 22:44:29 2015 +0100

Revert "Fix uninitalised warning."

This reverts commit 704563f04a8401781b359906c1f88a30e12af69c.

Reverting in favour of the next commit which removes the underlying cause
of the warning.

Reviewed-by: Ben Laurie <b...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
test/packettest.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/packettest.c b/test/packettest.c
index f7f9ec8..d6d0c08 100644

--- a/test/packettest.c
+++ b/test/packettest.c
@@ -131,7 +131,7 @@ static int test_PACKET_get_net_2(PACKET *pkt, size_t start)

static int test_PACKET_get_net_3(PACKET *pkt, size_t start)
{

- unsigned long i = 0;
+ unsigned long i;

if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_net_3(pkt, &i)

@@ -140,7 +140,6 @@ static int test_PACKET_get_net_3(PACKET *pkt, size_t start)
|| !PACKET_get_net_3(pkt, &i)

|| i != 0xfafcfeUL
|| PACKET_get_net_3(pkt, &i)) {

- fprintf(stderr, "i is %ld\n", i);

fprintf(stderr, "test_PACKET_get_net_3() failed\n");
return 0;
}

[Kurt Roeckx]

The branch master has been updated

via ae7d72147f98d0d1f6d20ca51a97b713446a67fc (commit)
from 3028310b6b3d3eb66b052f2fb5d065e783cafe76 (commit)


- Log -----------------------------------------------------------------
commit ae7d72147f98d0d1f6d20ca51a97b713446a67fc
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Fri Aug 7 22:33:56 2015 +0200

1.0.2 is an LTS release

-----------------------------------------------------------------------

Summary of changes:
about/releasestrat.wml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/about/releasestrat.wml b/about/releasestrat.wml
index a25b04b..fdd9163 100644
--- a/about/releasestrat.wml
+++ b/about/releasestrat.wml
@@ -55,7 +55,7 @@ fixes will be applied as appropriate.</p>
<ul>
<li><p>Version 1.0.1 will be supported until 2016-12-31.</p></li>

-<li><p>Version 1.0.2 will be supported until at least 2016-12-31.</p></li>
+<li><p>Version 1.0.2 will be supported until 2019-12-31.</p></li>
</ul>

<p>At this time, we are not planning a 1.0.3 release.</p>

[Rich Salz]

The branch master has been updated

via 2bfbeb264573342bea475f6dbb5b4c7fec8fdb0a (commit)
from e23a3fc8e38a889035bf0964c70c7699f4a38e5c (commit)


- Log -----------------------------------------------------------------
commit 2bfbeb264573342bea475f6dbb5b4c7fec8fdb0a
Author: David Woodhouse <dw...@infradead.org>
Date: Fri Aug 7 22:18:26 2015 -0400

RT3998: fix X509_check_host.pod release to 1.0.2

Signed-off-by: Rich Salz <rs...@akamai.com>

Reviewed-by: Ben Laurie <b...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/crypto/X509_check_host.pod | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod
index eab2586..5804115 100644
--- a/doc/crypto/X509_check_host.pod
+++ b/doc/crypto/X509_check_host.pod
@@ -135,6 +135,6 @@ L<X509_VERIFY_PARAM_set1_ipasc(3)|X509_VERIFY_PARAM_set1_ipasc(3)>

=head1 HISTORY

-These functions were added in OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.0.2.

=cut

[Rich Salz]

The branch master has been updated

via ff4a9394a2380140209a9ce2849f011063af1ecc (commit)
from 2bfbeb264573342bea475f6dbb5b4c7fec8fdb0a (commit)


- Log -----------------------------------------------------------------
commit ff4a9394a2380140209a9ce2849f011063af1ecc
Author: bluelineXY <m.sc...@web.de>
Date: Tue Aug 4 13:23:00 2015 +0200

GH357: Update ocsp.c

Add Host Header in OCSP query if no host header is set via -header

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Ben Laurie <b...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/ocsp.c | 13 +++++++++++++
1 file changed, 13 insertions(+)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 44f5841..5b3092a 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1262,6 +1262,8 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
BIO *cbio = NULL;
SSL_CTX *ctx = NULL;
OCSP_RESPONSE *resp = NULL;
+ int found, i;
+
cbio = BIO_new_connect(host);
if (!cbio) {
BIO_printf(bio_err, "Error creating connect BIO\n");
@@ -1280,6 +1282,17 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
}
+ for (found = i = 0; i < sk_CONF_VALUE_num(headers); i++) {
+ CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+ if (strcasecmp("host", hdr->name) == 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found && !X509V3_add_value("Host", host, &headers))
+ BIO_printf(bio_err, "Error setting HTTP Host header\n");
+
resp = query_responder(cbio, path, headers, req, req_timeout);
if (!resp)
BIO_printf(bio_err, "Error querying OCSP responder\n");

[Ben Laurie]

The branch master has been updated

via 4b9cb35d85c32a8ebc973355bdb4833e719af108 (commit)
from ff4a9394a2380140209a9ce2849f011063af1ecc (commit)


- Log -----------------------------------------------------------------
commit 4b9cb35d85c32a8ebc973355bdb4833e719af108
Author: Ben Laurie <b...@links.org>
Date: Sun Aug 9 10:47:03 2015 +0100

Find the right indent on *BSD.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

util/openssl-format-source | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/util/openssl-format-source b/util/openssl-format-source
index 4ea2f1b..7258836 100755
--- a/util/openssl-format-source
+++ b/util/openssl-format-source
@@ -21,6 +21,9 @@ HERE="`dirname $0`"

set -e

+INDENT=indent
+uname -s | grep BSD > /dev/null && type gindent > /dev/null 2>&1 && INDENT=gindent
+
if [ $# -eq 0 ]; then
echo "usage: $0 [-v] [-n] [-c] [sourcefile|sourcedir] ..." >&2
exit 1
@@ -120,11 +123,11 @@ do
-e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \
-e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \
| \
- $DEBUG indent $INDENT_ARGS | \
+ $DEBUG $INDENT $INDENT_ARGS | \
perl -np \
-e 's/^([ \t]*)\/\*-(.*)\*\/[ \t]*$/$1\/*$2*\//;' \
-e 's/^\/\*-((Copyright|=|----).*)$/\/* $1/;' \
- | indent | \
+ | $INDENT | \
perl -0 -np \
-e 's/\/\*\*INDENT-(ON|OFF)\*\*\/\n//g;' \
| perl -np \
@@ -133,7 +136,7 @@ do
| perl "$HERE"/su-filter.pl \
> "$tmp"
else
- expand "$j" | indent $INDENT_ARGS > "$tmp"
+ expand "$j" | $INDENT $INDENT_ARGS > "$tmp"
fi;
if cmp -s "$tmp" "$j"; then
if [ "$VERBOSE" = "true" ]; then

[Kurt Roeckx]

The branch master has been updated

via 7054f23464d7f9062cd62034f4e91e346ddfd4f6 (commit)
from ae7d72147f98d0d1f6d20ca51a97b713446a67fc (commit)


- Log -----------------------------------------------------------------
commit 7054f23464d7f9062cd62034f4e91e346ddfd4f6
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Mon Aug 10 16:46:00 2015 +0200

Update last modified date

-----------------------------------------------------------------------

Summary of changes:
about/releasestrat.wml | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/about/releasestrat.wml b/about/releasestrat.wml
index fdd9163..cc20ee1 100644
--- a/about/releasestrat.wml
+++ b/about/releasestrat.wml
@@ -4,7 +4,7 @@
<title>About, Release Strategy</title>
<h1><center>OpenSSL Release Strategy</center></h1>
<h2><center>First issued 23rd December 2014</center></h2>
-<h2><center>Last modified 23rd December 2014</center></h2>
+<h2><center>Last modified 9th August 2015</center></h2>
<p>
<br>
</p>

[Rich Salz]

The branch master has been updated

via 82c494276df9f594064688c920c4431c85759121 (commit)
from 4b9cb35d85c32a8ebc973355bdb4833e719af108 (commit)


- Log -----------------------------------------------------------------
commit 82c494276df9f594064688c920c4431c85759121
Author: Rich Salz <rs...@akamai.com>
Date: Mon Aug 10 11:37:48 2015 -0400

Fix build break.

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/apps.h | 2 +-
apps/ocsp.c | 2 +-

2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/apps.h b/apps/apps.h
index f2dc812..99c5809 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -450,7 +450,7 @@ ENGINE *setup_engine(const char *engine, int debug);
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
const char *host, const char *path,
const char *port, int use_ssl,
- const STACK_OF(CONF_VALUE) *headers,
+ STACK_OF(CONF_VALUE) *headers,
int req_timeout);
# endif

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 5b3092a..7193dae 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1256,7 +1256,7 @@ static OCSP_RESPONSE *query_responder(BIO *cbio, const char *path,
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
const char *host, const char *path,
const char *port, int use_ssl,
- const STACK_OF(CONF_VALUE) *headers,
+ STACK_OF(CONF_VALUE) *headers,
int req_timeout)
{
BIO *cbio = NULL;

[Rich Salz]

The branch master has been updated

via fbfcb2243941bc84b7585711feb906610f9111c4 (commit)
from 82c494276df9f594064688c920c4431c85759121 (commit)


- Log -----------------------------------------------------------------
commit fbfcb2243941bc84b7585711feb906610f9111c4
Author: Rich Salz <rs...@akamai.com>
Date: Fri Aug 7 17:09:30 2015 -0400

RT3999: Remove sub-component version strings

Especially since after the #ifdef cleanups this is not useful.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/aes/aes_misc.c | 2 --
crypto/asn1/asn1_lib.c | 1 -
crypto/bf/bf_ecb.c | 2 --
crypto/bn/bn_lib.c | 2 --
crypto/camellia/cmll_misc.c | 2 --
crypto/cast/c_ecb.c | 2 --
crypto/conf/conf_def.c | 2 --
crypto/conf/conf_lib.c | 2 --
crypto/des/ecb_enc.c | 2 --
crypto/dh/dh_lib.c | 2 --
crypto/dsa/dsa_lib.c | 2 --
crypto/ec/ec_lib.c | 2 --
crypto/ecdh/ech_lib.c | 2 --
crypto/ecdsa/ecs_lib.c | 2 --
crypto/evp/evp_enc.c | 2 --
crypto/idea/i_ecb.c | 2 --
crypto/lhash/lhash.c | 2 --
crypto/md2/md2_dgst.c | 2 --
crypto/md4/md4_dgst.c | 2 --
crypto/md5/md5_dgst.c | 2 --
crypto/pem/pem_lib.c | 2 --
crypto/rand/md_rand.c | 2 --
crypto/rc2/rc2_ecb.c | 2 --
crypto/rc4/rc4_skey.c | 2 --
crypto/rc5/rc5_ecb.c | 2 --
crypto/ripemd/rmd_dgst.c | 2 --
crypto/rsa/rsa_lib.c | 2 --
crypto/sha/sha1dgst.c | 2 --
crypto/sha/sha256.c | 2 --
crypto/sha/sha512.c | 2 --
crypto/stack/stack.c | 2 --
crypto/txt_db/txt_db.c | 2 --
crypto/x509/x509_vfy.c | 1 -
include/openssl/opensslv.h | 1 -
ssl/d1_lib.c | 1 -
ssl/s3_lib.c | 2 --
ssl/t1_lib.c | 2 --
37 files changed, 70 deletions(-)

diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
index 68a48ba..1775442 100644
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@@ -53,8 +53,6 @@
#include <openssl/aes.h>
#include "aes_locl.h"

-const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
-
const char *AES_options(void)
{
#ifdef FULL_UNROLL
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index b611f35..94b5ad5 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -64,7 +64,6 @@
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
int max);
static void asn1_put_length(unsigned char **pp, int length);
-const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;

static int _asn1_check_infinite_end(const unsigned char **p, long len)
{
diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
index 967a7f5..7a45a02 100644
--- a/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
@@ -66,8 +66,6 @@
* SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
*/

-const char BF_version[] = "Blowfish" OPENSSL_VERSION_PTEXT;
-
const char *BF_options(void)
{
#ifdef BF_PTR
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index f10f44a..4e133ce 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -66,8 +66,6 @@
#include "internal/cryptlib.h"
#include "bn_lcl.h"

-const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
-
/* This stuff appears to be completely unused, so is deprecated */
#ifndef OPENSSL_NO_DEPRECATED
/*-
diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c
index 4e15906..d73499b 100644
--- a/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
@@ -53,8 +53,6 @@
#include <openssl/camellia.h>
#include "cmll_locl.h"

-const char CAMELLIA_version[] = "CAMELLIA" OPENSSL_VERSION_PTEXT;
-
int Camellia_set_key(const unsigned char *userKey, const int bits,
CAMELLIA_KEY *key)
{
diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c
index 4793f28..2430bb5 100644
--- a/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
@@ -60,8 +60,6 @@
#include "cast_lcl.h"
#include <openssl/opensslv.h>

-const char CAST_version[] = "CAST" OPENSSL_VERSION_PTEXT;
-
void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAST_KEY *ks, int enc)
{
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 098fc8e..b490377 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -88,8 +88,6 @@ static int def_dump(const CONF *conf, BIO *bp);
static int def_is_number(const CONF *conf, char c);
static int def_to_int(const CONF *conf, char c);

-const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT;
-
static CONF_METHOD default_method = {
"OpenSSL default",
def_create,
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 838a645..12a061c 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -64,8 +64,6 @@
#include <openssl/conf_api.h>
#include <openssl/lhash.h>

-const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT;
-
static CONF_METHOD *default_CONF_method = NULL;

/* Init a 'CONF' structure from an old LHASH */
diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
index f97fd97..d638a49 100644
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -61,8 +61,6 @@
#include <openssl/opensslv.h>
#include <openssl/bio.h>

-OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT;

const char *DES_options(void)
{
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index cce2514..4e087d0 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -64,8 +64,6 @@
# include <openssl/engine.h>
#endif

-const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT;
-
static const DH_METHOD *default_DH_method = NULL;

void DH_set_default_method(const DH_METHOD *meth)
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index cb59e7e..a4a8163 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -70,8 +70,6 @@
# include <openssl/dh.h>
#endif

-const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT;
-
static const DSA_METHOD *default_DSA_method = NULL;

void DSA_set_default_method(const DSA_METHOD *meth)
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 3ddaa5d..cd08a55 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -68,8 +68,6 @@

#include "ec_lcl.h"

-const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
-
/* functions for EC_GROUP objects */

EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index 62734bc..363d2fe 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -74,8 +74,6 @@
#endif
#include <openssl/err.h>

-const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT;
-
static const ECDH_METHOD *default_ECDH_method = NULL;

static void *ecdh_data_new(void);
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index cabf6ec..0db3534 100644
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@@ -61,8 +61,6 @@
#include <openssl/err.h>
#include <openssl/bn.h>

-const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT;
-
static const ECDSA_METHOD *default_ECDSA_method = NULL;

static void *ecdsa_data_new(void);
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 125556e..405cbb0 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -66,8 +66,6 @@
#endif
#include "evp_locl.h"

-const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
-
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
{
memset(ctx, 0, sizeof(*ctx));
diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c
index a6b879a..4ed206e 100644
--- a/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
@@ -60,8 +60,6 @@
#include "idea_lcl.h"
#include <openssl/opensslv.h>

-const char IDEA_version[] = "IDEA" OPENSSL_VERSION_PTEXT;
-
const char *idea_options(void)
{
if (sizeof(short) != sizeof(IDEA_INT))
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 083310e..0c9ce8f 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -101,8 +101,6 @@
#include <openssl/crypto.h>
#include <openssl/lhash.h>

-const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
-
#undef MIN_NODES
#define MIN_NODES 16
#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 70c19fb..bb0a7a3 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -63,8 +63,6 @@
#include <openssl/opensslv.h>
#include <openssl/crypto.h>

-const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT;
-
/*
* Implemented from RFC1319 The MD2 Message-Digest Algorithm
*/
diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c
index 966cebe..2b7881e 100644
--- a/crypto/md4/md4_dgst.c
+++ b/crypto/md4/md4_dgst.c
@@ -60,8 +60,6 @@
#include <openssl/opensslv.h>
#include "md4_locl.h"

-const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT;
-
/*
* Implemented from RFC1186 The MD4 Message-Digest Algorithm
*/
diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
index 335126c..f73ca7c 100644
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
@@ -60,8 +60,6 @@
#include "md5_locl.h"
#include <openssl/opensslv.h>

-const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT;
-
/*
* Implemented from RFC1321 The MD5 Message-Digest Algorithm
*/
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 47be640..23b347f 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -74,8 +74,6 @@
# include <openssl/engine.h>
#endif

-const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
-
#define MIN_LENGTH 4

static int load_iv(char **fromp, unsigned char *to, int num);
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 27e785d..c7d54ed 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -164,8 +164,6 @@ static CRYPTO_THREADID locking_threadid;
int rand_predictable = 0;
#endif

-const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT;
-
static void rand_hw_seed(EVP_MD_CTX *ctx);

static void ssleay_rand_cleanup(void);
diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
index 48442a3..4cb1a80 100644
--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
@@ -60,8 +60,6 @@
#include "rc2_locl.h"
#include <openssl/opensslv.h>

-const char RC2_version[] = "RC2" OPENSSL_VERSION_PTEXT;
-
/*-
* RC2 as implemented frm a posting from
* Newsgroups: sci.crypt
diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c
index ce38224..7b198bb 100644
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -60,8 +60,6 @@
#include "rc4_locl.h"
#include <openssl/opensslv.h>

-const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT;
-
const char *RC4_options(void)
{
#ifdef RC4_INDEX
diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c
index e657a93..2b5fa2a 100644
--- a/crypto/rc5/rc5_ecb.c
+++ b/crypto/rc5/rc5_ecb.c
@@ -60,8 +60,6 @@
#include "rc5_locl.h"
#include <openssl/opensslv.h>

-const char RC5_version[] = "RC5" OPENSSL_VERSION_PTEXT;
-
void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
RC5_32_KEY *ks, int encrypt)
{
diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c
index 2496c11..f351df1 100644
--- a/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
@@ -60,8 +60,6 @@
#include "rmd_locl.h"
#include <openssl/opensslv.h>

-const char RMD160_version[] = "RIPE-MD160" OPENSSL_VERSION_PTEXT;
-
#ifdef RMD160_ASM
void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
# define ripemd160_block ripemd160_block_x86
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 2ec39e7..76c9796 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -67,8 +67,6 @@
# include <openssl/engine.h>
#endif

-const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT;
-
static const RSA_METHOD *default_RSA_meth = NULL;

RSA *RSA_new(void)
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index 9f1b8f0..a6c6338 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -61,8 +61,6 @@

# include <openssl/opensslv.h>

-const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT;
-
/* The implementation is in ../md32_common.h */

# include "sha_locl.h"
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index c112b04..096981b 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -13,8 +13,6 @@
#include <openssl/sha.h>
#include <openssl/opensslv.h>

-const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
-
int SHA224_Init(SHA256_CTX *c)
{
memset(c, 0, sizeof(*c));
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index ebae411..427cdf5 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -49,8 +49,6 @@

#include "internal/cryptlib.h"

-const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
-
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__) || \
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index a6182df..c7643db 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -71,8 +71,6 @@ struct stack_st {
#undef MIN_NODES
#define MIN_NODES 4

-const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT;
-
#include <errno.h>

int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
index 5b1e592..2c4d2cd 100644
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -66,8 +66,6 @@
#undef BUFSIZE
#define BUFSIZE 512

-const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT;
-
TXT_DB *TXT_DB_read(BIO *in, int num)
{
TXT_DB *ret = NULL;
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index df012dd..26867cb 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -138,7 +138,6 @@ static int check_crl_chain(X509_STORE_CTX *ctx,
STACK_OF(X509) *crl_path);

static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT;

static int null_callback(int ok, X509_STORE_CTX *e)
{
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index 97c27e7..5b6abdf 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -36,7 +36,6 @@ extern "C" {
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-dev xx XXX xxxx"
# endif
-# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index c0ed8fb..fc1887a 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -75,7 +75,6 @@
static void get_current_time(struct timeval *t);
static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
static int dtls1_handshake_write(SSL *s);
-const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
int dtls1_listen(SSL *s, struct sockaddr *client);

const SSL3_ENC_METHOD DTLSv1_enc_data = {
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d39346a..83b8f68 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -157,8 +157,6 @@
#endif
#include <openssl/rand.h>

-const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
-
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)

/* list of available SSLv3 ciphers (sorted by id) */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c0dd35f..ece2b72 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -121,8 +121,6 @@
#endif
#include "ssl_locl.h"

-const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
-
static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
const unsigned char *sess_id, int sesslen,
SSL_SESSION **psess);

[Rich Salz]

The branch master has been updated

via fd682e4cddc44b2869f43c910be49ab4f3a09b08 (commit)
from fbfcb2243941bc84b7585711feb906610f9111c4 (commit)


- Log -----------------------------------------------------------------
commit fd682e4cddc44b2869f43c910be49ab4f3a09b08
Author: Rich Salz <rs...@akamai.com>
Date: Thu Aug 6 12:22:31 2015 -0400

GH365: Missing #ifdef rename.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/speed.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 1a3027b..ca93d2c 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -429,7 +429,7 @@ OPT_PAIR doit_choices[] = {
#ifndef OPENSSL_NO_WHIRLPOOL
{"whirlpool", D_WHIRLPOOL},
#endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef OPENSSL_NO_RMD160
{"ripemd", D_RMD160},
{"rmd160", D_RMD160},
{"ripemd160", D_RMD160},
@@ -605,7 +605,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_WHIRLPOOL
unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
#endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef OPENSSL_NO_RMD160
unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
#endif
#ifndef OPENSSL_NO_RC4

[Matt Caswell]

The branch master has been updated

via 6a009812b2e249fed01488f6f19f9fbfd9ee74c4 (commit)
via 61e72d761c945e128ca13599a98a187ac23650dd (commit)
via 870063c83db6514b0cb637b86cadbc9f5c2270a9 (commit)
from fd682e4cddc44b2869f43c910be49ab4f3a09b08 (commit)


- Log -----------------------------------------------------------------
commit 6a009812b2e249fed01488f6f19f9fbfd9ee74c4
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Aug 10 12:00:29 2015 +0100

Check for 0 modulus in BN_MONT_CTX_set

The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 61e72d761c945e128ca13599a98a187ac23650dd
Author: Guy Leaver (guleaver) <gule...@cisco.com>
Date: Fri Aug 7 15:45:21 2015 +0100

Fix seg fault with 0 p val in SKE

If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)

The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.

CVE-2015-1794

Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 870063c83db6514b0cb637b86cadbc9f5c2270a9
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Aug 7 15:42:37 2015 +0100

Normalise make errors output

make errors wants things in a different order to the way things are
currently defined in the header files. The easiest fix is to just let it
reorder it.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/bn/bn_mont.c | 3 +++
include/openssl/ssl.h | 5 ++++-
ssl/s3_clnt.c | 16 ++++++++++++++++
ssl/ssl_err.c | 5 ++++-
4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 1580e97..d4d817a 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -351,6 +351,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
int ret = 0;
BIGNUM *Ri, *R;

+ if (BN_is_zero(mod))
+ return 0;
+
BN_CTX_start(ctx);
if ((Ri = BN_CTX_get(ctx)) == NULL)
goto err;
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 06ac5c1..28c2fb9 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2016,7 +2016,6 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_CTX_SET_TRUST 229
# define SSL_F_SSL_CTX_USE_CERTIFICATE 171
# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
-# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
@@ -2097,6 +2096,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_TLS1_PROCESS_HEARTBEAT 341
# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
+# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220

/* Reason codes. */
# define SSL_R_APP_DATA_IN_HANDSHAKE 100
@@ -2107,8 +2107,11 @@ void ERR_load_SSL_strings(void);
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_G_LENGTH 108
+# define SSL_R_BAD_DH_G_VALUE 375
# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
+# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
# define SSL_R_BAD_DH_P_LENGTH 110
+# define SSL_R_BAD_DH_P_VALUE 395
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_DSA_SIGNATURE 112
# define SSL_R_BAD_ECC_CERT 304
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index cd6918a..1661b0e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1693,6 +1693,12 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;

+ if (BN_is_zero(dh->p)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);

+ goto f_err;
+ }
+

+
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1713,6 +1719,11 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;

+ if (BN_is_zero(dh->g)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);

+ goto f_err;
+ }
+

if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1734,6 +1745,11 @@ int ssl3_get_key_exchange(SSL *s)
p += i;
n -= param_len;

+ if (BN_is_zero(dh->pub_key)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);

+ goto f_err;
+ }
+

if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL);
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 539146f..21836d8 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -226,7 +226,6 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
"SSL_CTX_use_certificate_ASN1"},
- {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), "use_certificate_chain_file"},
{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),
"SSL_CTX_use_certificate_file"},
{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
@@ -331,6 +330,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_TLS1_PROCESS_HEARTBEAT), "tls1_process_heartbeat"},
{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
{ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
+ {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), "use_certificate_chain_file"},
{0, NULL}
};

@@ -345,8 +345,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"bad data returned by callback"},
{ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
{ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
+ {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
+ {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
{ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
+ {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
{ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},

[Matt Caswell]

The branch master has been updated

via 6142f5c640f98429d4798b8418e8cc2cf6cc1fb8 (commit)
via c0cbb4c19bb6e22b338dd17c096be323f7414faf (commit)
via c2a34c58f56980b80f034e8295210146b5c247c3 (commit)
via a1accbb1d704da9a25b18e7053ee191a8f510d93 (commit)
via 011467ee55aa82a96cd8a539560c46fd4504a82b (commit)
via 631c1206334adfb21758220362a56fa157a47596 (commit)
via 2d5d70b15559f9813054ddb11b30b816daf62ebe (commit)
from 6a009812b2e249fed01488f6f19f9fbfd9ee74c4 (commit)


- Log -----------------------------------------------------------------
commit 6142f5c640f98429d4798b8418e8cc2cf6cc1fb8
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 11 11:41:51 2015 +0100

make update

Run a "make update" for the OSSLTest Engine changes

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit c0cbb4c19bb6e22b338dd17c096be323f7414faf
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Aug 10 10:46:27 2015 +0100

Use dynamic engine for libssl test harness

Use a dynamic engine for ossltest engine so that we can build it without
subsequently deploying it during install. We do not want people accidentally
using this engine.

Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit c2a34c58f56980b80f034e8295210146b5c247c3
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Aug 7 14:40:00 2015 +0100

Add a test for 0 p value in anon DH SKE

When using an anon DH ciphersuite a client should reject a 0 value for p.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit a1accbb1d704da9a25b18e7053ee191a8f510d93
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Aug 7 14:38:21 2015 +0100

Extend TLSProxy capabilities

Add ServerHello parsing to TLSProxy.
Also add some (very) limited ServerKeyExchange parsing.
Add the capability to set client and server cipher lists
Fix a bug with fragment lengths

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 011467ee55aa82a96cd8a539560c46fd4504a82b
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 16 13:12:37 2015 +0100

Add some libssl tests

Two tests are added: one is a simple version tolerance test; the second is
a test to ensure that OpenSSL operates correctly in the case of a zero
length extensions block. The latter was broken inadvertently (now fixed)
and it would have been helpful to have a test case for it.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 631c1206334adfb21758220362a56fa157a47596
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 16 13:06:41 2015 +0100

Add a libssl test harness

This commit provides a set of perl modules that support the testing of
libssl. The test harness operates as a man-in-the-middle proxy between
s_server and s_client. Both s_server and s_client must be started using the
"-testmode" option which loads the new OSSLTEST engine.

The test harness enables scripts to be written that can examine the packets
sent during a handshake, as well as (potentially) modifying them so that
otherwise illegal handshake messages can be sent.

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 2d5d70b15559f9813054ddb11b30b816daf62ebe
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 16 12:59:37 2015 +0100

Add OSSLTest Engine

This engine is for testing purposes only. It provides crippled crypto
implementations and therefore must not be used in any instance where
security is required.

This will be used by the forthcoming libssl test harness which will operate
as a man-in-the-middle proxy. The test harness will be able to modify
TLS packets and read their contents. By using this test engine packets are
not encrypted and MAC codes always verify.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

engines/Makefile | 29 +-
engines/e_ossltest.c | 542 ++++++++++++++++++++++++++++++
engines/e_ossltest.ec | 1 +
engines/{e_gmp_err.c => e_ossltest_err.c} | 70 ++--
engines/{e_gmp_err.h => e_ossltest_err.h} | 23 +-
test/Makefile | 22 +-
test/sslextensiontest.pl | 89 +++++
test/sslskewith0ptest.pl | 89 +++++
test/sslvertoltest.pl | 93 +++++
util/TLSProxy/ClientHello.pm | 272 +++++++++++++++
util/TLSProxy/Message.pm | 457 +++++++++++++++++++++++++
util/TLSProxy/Proxy.pm | 394 ++++++++++++++++++++++
util/TLSProxy/Record.pm | 360 ++++++++++++++++++++
util/TLSProxy/ServerHello.pm | 235 +++++++++++++
util/TLSProxy/ServerKeyExchange.pm | 176 ++++++++++
15 files changed, 2796 insertions(+), 56 deletions(-)
create mode 100644 engines/e_ossltest.c
create mode 100644 engines/e_ossltest.ec
copy engines/{e_gmp_err.c => e_ossltest_err.c} (65%)
copy engines/{e_gmp_err.h => e_ossltest_err.h} (80%)
create mode 100755 test/sslextensiontest.pl
create mode 100755 test/sslskewith0ptest.pl
create mode 100755 test/sslvertoltest.pl
create mode 100644 util/TLSProxy/ClientHello.pm
create mode 100644 util/TLSProxy/Message.pm
create mode 100644 util/TLSProxy/Proxy.pm
create mode 100644 util/TLSProxy/Record.pm
create mode 100644 util/TLSProxy/ServerHello.pm
create mode 100644 util/TLSProxy/ServerKeyExchange.pm

diff --git a/engines/Makefile b/engines/Makefile
index e9dc1c4..a1ea0a6 100644
--- a/engines/Makefile
+++ b/engines/Makefile
@@ -32,7 +32,6 @@ GENERAL=Makefile engines.com install.com engine_vector.mar

LIB=$(TOP)/libcrypto.a
LIBNAMES= 4758cca gmp padlock capi
-
LIBSRC= e_4758cca.c \
e_gmp.c \
e_padlock.c \
@@ -43,6 +42,10 @@ LIBOBJ= e_4758cca.o \
e_capi.o \
$(ENGINES_ASM_OBJ)

+TESTLIBNAMES= ossltest
+TESTLIBSRC= e_ossltest.c
+TESTLIBOBJ= e_ossltest.o
+
SRC= $(LIBSRC)

HEADER= e_4758cca_err.c e_4758cca_err.h \
@@ -51,7 +54,8 @@ HEADER= e_4758cca_err.c e_4758cca_err.h \
e_nuron_err.c e_nuron_err.h \
e_sureware_err.c e_sureware_err.h \
e_ubsec_err.c e_ubsec_err.h \
- e_capi_err.c e_capi_err.h
+ e_capi_err.c e_capi_err.h \
+ e_ossltest_err.c e_ossltest_err.h

ALL= $(GENERAL) $(SRC) $(HEADER)

@@ -60,10 +64,10 @@ top:

all: lib subdirs

-lib: $(LIBOBJ)
+lib: $(LIBOBJ) $(TESTLIBOBJ)
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
- for l in $(LIBNAMES); do \
+ for l in $(LIBNAMES) $(TESTLIBNAMES); do \
$(MAKE) -f ../Makefile.shared -e \
LIBNAME=$$l LIBEXTRAS="e_$$l*.o" \
LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
@@ -142,7 +146,7 @@ depend: local_depend

@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
local_depend:
- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(TESTLIBSRC)

dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -196,6 +200,21 @@ e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h
e_gmp.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c
+e_ossltest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+e_ossltest.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+e_ossltest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+e_ossltest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+e_ossltest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+e_ossltest.o: ../include/openssl/err.h ../include/openssl/evp.h
+e_ossltest.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+e_ossltest.o: ../include/openssl/modes.h ../include/openssl/obj_mac.h
+e_ossltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_ossltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_ossltest.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+e_ossltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_ossltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_ossltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_ossltest.o: e_ossltest.c e_ossltest_err.c e_ossltest_err.h
e_padlock.o: ../include/openssl/aes.h ../include/openssl/asn1.h
e_padlock.o: ../include/openssl/bio.h ../include/openssl/buffer.h
e_padlock.o: ../include/openssl/crypto.h ../include/openssl/dso.h
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
new file mode 100644
index 0000000..6e50a5f
--- /dev/null
+++ b/engines/e_ossltest.c
@@ -0,0 +1,542 @@
+/* engines/e_ossltest.c */
+/*
+ * Written by Matt Caswell (ma...@openssl.org) for the OpenSSL project.

+ */
+/* ====================================================================
+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project

+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact

+ * lice...@OpenSSL.org.

+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project

+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================

+ */
+
+/*
+ * This is the OSSLTEST engine. It provides deliberately crippled digest
+ * implementations for test purposes. It is highly insecure and must NOT be
+ * used for any purpose except testing
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/modes.h>
+#include <openssl/aes.h>
+
+#define OSSLTEST_LIB_NAME "OSSLTEST"
+#include "e_ossltest_err.c"
+
+/* Engine Id and Name */
+static const char *engine_ossltest_id = "ossltest";
+static const char *engine_ossltest_name = "OpenSSL Test engine support";
+
+
+/* Engine Lifetime functions */
+static int ossltest_destroy(ENGINE *e);
+static int ossltest_init(ENGINE *e);
+static int ossltest_finish(ENGINE *e);
+void ENGINE_load_ossltest(void);
+
+
+/* Set up digests */
+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid);
+
+static int ossltest_digest_nids[] = {
+ NID_md5, NID_sha1, NID_sha256, NID_sha384, NID_sha512, 0
+};
+
+/* MD5 */
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static const EVP_MD digest_md5 = {
+ NID_md5,
+ NID_md5WithRSAEncryption,
+ MD5_DIGEST_LENGTH,
+ 0,
+ digest_md5_init,
+ digest_md5_update,
+ digest_md5_final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ MD5_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(MD5_CTX),
+};
+
+/* SHA1 */
+static int digest_sha1_init(EVP_MD_CTX *ctx);
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static const EVP_MD digest_sha1 = {
+ NID_sha1,
+ NID_sha1WithRSAEncryption,
+ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+ digest_sha1_init,
+ digest_sha1_update,
+ digest_sha1_final,
+ NULL,
+ NULL,
+ EVP_PKEY_NULL_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+/* SHA256 */
+static int digest_sha256_init(EVP_MD_CTX *ctx);
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static const EVP_MD digest_sha256 = {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
+ SHA256_DIGEST_LENGTH,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+ digest_sha256_init,
+ digest_sha256_update,
+ digest_sha256_final,
+ NULL,
+ NULL,
+ EVP_PKEY_NULL_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+/* SHA384/SHA512 */
+static int digest_sha384_init(EVP_MD_CTX *ctx);
+static int digest_sha512_init(EVP_MD_CTX *ctx);
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static const EVP_MD digest_sha384 = {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
+ SHA384_DIGEST_LENGTH,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+ digest_sha384_init,
+ digest_sha512_update,
+ digest_sha384_final,
+ NULL,
+ NULL,
+ EVP_PKEY_NULL_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+static const EVP_MD digest_sha512 = {
+ NID_sha512,
+ NID_sha512WithRSAEncryption,
+ SHA512_DIGEST_LENGTH,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
+ digest_sha512_init,
+ digest_sha512_update,
+ digest_sha512_final,
+ NULL,
+ NULL,
+ EVP_PKEY_NULL_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+/* Setup ciphers */
+static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
+ const int **, int);
+
+static int ossltest_cipher_nids[] = {
+ NID_aes_128_cbc, 0
+};
+
+/* AES128 */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
+
+/*
+ * Copy of the definition in crypto/evp/e_aes.c. Only used for the "sizeof"
+ * below
+ */
+typedef struct {
+ union {
+ double align;
+ AES_KEY ks;
+ } ks;
+ block128_f block;
+ union {
+ cbc128_f cbc;
+ ctr128_f ctr;
+ } stream;
+} EVP_AES_KEY;
+
+
+static const EVP_CIPHER ossltest_aes_128_cbc = { \
+ NID_aes_128_cbc,
+ 16, /* block size */
+ 16, /* key len */
+ 16, /* iv len */
+ EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
+ ossltest_aes128_init_key,
+ ossltest_aes128_cbc_cipher,
+ NULL,
+ sizeof(EVP_AES_KEY),
+ NULL,NULL,NULL,NULL
+};
+
+
+static int bind_ossltest(ENGINE *e)
+{
+ /* Ensure the ossltest error handling is set up */
+ ERR_load_OSSLTEST_strings();
+
+ if (!ENGINE_set_id(e, engine_ossltest_id)
+ || !ENGINE_set_name(e, engine_ossltest_name)
+ || !ENGINE_set_digests(e, ossltest_digests)
+ || !ENGINE_set_ciphers(e, ossltest_ciphers)
+ || !ENGINE_set_destroy_function(e, ossltest_destroy)
+ || !ENGINE_set_init_function(e, ossltest_init)
+ || !ENGINE_set_finish_function(e, ossltest_finish)) {
+ OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);

+ return 0;
+ }
+

+ return 1;
+}
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_ossltest_id) != 0))
+ return 0;
+ if (!bind_ossltest(e))
+ return 0;

+ return 1;
+}
+

+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#endif
+
+static ENGINE *engine_ossltest(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_ossltest(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_ossltest(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_ossltest();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+
+
+static int ossltest_init(ENGINE *e)

+{
+ return 1;
+}

+
+
+static int ossltest_finish(ENGINE *e)

+{
+ return 1;
+}

+
+
+static int ossltest_destroy(ENGINE *e)
+{
+ ERR_unload_OSSLTEST_strings();

+ return 1;
+}
+

+static int ossltest_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid)
+{
+ int ok = 1;
+ if (!digest) {
+ /* We are returning a list of supported nids */
+ *nids = ossltest_digest_nids;
+ return (sizeof(ossltest_digest_nids) -
+ 1) / sizeof(ossltest_digest_nids[0]);
+ }
+ /* We are being asked for a specific digest */
+ switch (nid) {
+ case NID_md5:
+ *digest = &digest_md5;
+ break;
+ case NID_sha1:
+ *digest = &digest_sha1;
+ break;
+ case NID_sha256:
+ *digest = &digest_sha256;
+ break;
+ case NID_sha384:
+ *digest = &digest_sha384;
+ break;
+ case NID_sha512:
+ *digest = &digest_sha512;
+ break;
+ default:
+ ok = 0;
+ *digest = NULL;
+ break;
+ }
+ return ok;
+}
+
+static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid)
+{
+ int ok = 1;
+ if (!cipher) {
+ /* We are returning a list of supported nids */
+ *nids = ossltest_cipher_nids;
+ return (sizeof(ossltest_cipher_nids) - 1)
+ / sizeof(ossltest_cipher_nids[0]);
+ }
+ /* We are being asked for a specific cipher */
+ switch (nid) {
+ case NID_aes_128_cbc:
+ *cipher = &ossltest_aes_128_cbc;
+ break;
+ default:
+ ok = 0;
+ *cipher = NULL;
+ break;
+ }
+ return ok;
+}
+
+static void fill_known_data(unsigned char *md, unsigned int len)

+{
+ unsigned int i;
+

+ for (i=0; i<len; i++) {
+ md[i] = (unsigned char)(i & 0xff);
+ }
+}
+
+/*
+ * MD5 implementation. We go through the motions of doing MD5 by deferring to
+ * the standard implementation. Then we overwrite the result with a will defined
+ * value, so that all "MD5" digests using the test engine always end up with
+ * the same value.
+ */
+#undef data
+#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
+static int digest_md5_init(EVP_MD_CTX *ctx)
+{
+ return MD5_Init(data(ctx));
+}
+
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+ return MD5_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ int ret;
+ ret = MD5_Final(md, data(ctx));
+
+ if (ret > 0) {
+ fill_known_data(md, MD5_DIGEST_LENGTH);
+ }
+ return ret;
+}
+
+/*
+ * SHA1 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA_CTX *)(ctx)->md_data)
+static int digest_sha1_init(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(data(ctx));
+}
+
+static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+ return SHA1_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ int ret;
+ ret = SHA1_Final(md, data(ctx));
+
+ if (ret > 0) {
+ fill_known_data(md, SHA_DIGEST_LENGTH);
+ }
+ return ret;
+}
+
+/*
+ * SHA256 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA256_CTX *)(ctx)->md_data)
+static int digest_sha256_init(EVP_MD_CTX *ctx)
+{
+ return SHA256_Init(data(ctx));
+}
+
+static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+ return SHA256_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ int ret;
+ ret = SHA256_Final(md, data(ctx));
+
+ if (ret > 0) {
+ fill_known_data(md, SHA256_DIGEST_LENGTH);
+ }
+ return ret;
+}
+
+/*
+ * SHA384/512 implementation.
+ */
+#undef data
+#define data(ctx) ((SHA512_CTX *)(ctx)->md_data)
+static int digest_sha384_init(EVP_MD_CTX *ctx)
+{
+ return SHA384_Init(data(ctx));
+}
+
+static int digest_sha512_init(EVP_MD_CTX *ctx)
+{
+ return SHA512_Init(data(ctx));
+}
+
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+ return SHA512_Update(data(ctx), data, (size_t)count);
+}
+
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ int ret;
+ /* Actually uses SHA512_Final! */
+ ret = SHA512_Final(md, data(ctx));
+
+ if (ret > 0) {
+ fill_known_data(md, SHA384_DIGEST_LENGTH);
+ }
+ return ret;
+}
+
+static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ int ret;
+ ret = SHA512_Final(md, data(ctx));
+
+ if (ret > 0) {
+ fill_known_data(md, SHA512_DIGEST_LENGTH);
+ }
+ return ret;
+}
+
+/*
+ * AES128 Implementation
+ */
+
+int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ return EVP_aes_128_cbc()->init(ctx, key, iv, enc);
+}
+
+int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ unsigned char *tmpbuf;
+ int ret;
+
+ tmpbuf = OPENSSL_malloc(inl);
+ if (tmpbuf == NULL)
+ return -1;
+
+ /* Remember what we were asked to encrypt */
+ memcpy(tmpbuf, in, inl);
+
+ /* Go through the motions of encrypting it */
+ ret = EVP_aes_128_cbc()->do_cipher(ctx, out, in, inl);
+
+ /* Throw it all away and just use the plaintext as the output */
+ memcpy(out, tmpbuf, inl);
+ OPENSSL_free(tmpbuf);
+
+ return ret;
+}
diff --git a/engines/e_ossltest.ec b/engines/e_ossltest.ec
new file mode 100644
index 0000000..d8a1bef
--- /dev/null
+++ b/engines/e_ossltest.ec
@@ -0,0 +1 @@
+L OSSLTEST e_ossltest_err.h e_ossltest_err.c
diff --git a/engines/e_gmp_err.c b/engines/e_ossltest_err.c
similarity index 65%
copy from engines/e_gmp_err.c
copy to engines/e_ossltest_err.c
index 002a3ab..c1b0063 100644
--- a/engines/e_gmp_err.c
+++ b/engines/e_ossltest_err.c
@@ -1,6 +1,6 @@
-/* e_gmp_err.c */
+/* e_ossltest_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -61,7 +61,7 @@

#include <stdio.h>
#include <openssl/err.h>
-#include "e_gmp_err.h"
+#include "e_ossltest_err.h"

/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
@@ -69,69 +69,65 @@
# define ERR_FUNC(func) ERR_PACK(0,func,0)
# define ERR_REASON(reason) ERR_PACK(0,0,reason)

-static ERR_STRING_DATA GMP_str_functs[] = {
- {ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
- {ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
+static ERR_STRING_DATA OSSLTEST_str_functs[] = {
+ {ERR_FUNC(OSSLTEST_F_BIND_OSSLTEST), "BIND_OSSLTEST"},
{0, NULL}
};

-static ERR_STRING_DATA GMP_str_reasons[] = {
- {ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),
- "ctrl command not implemented"},
- {ERR_REASON(GMP_R_KEY_CONTEXT_ERROR), "key context error"},
- {ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS), "missing key components"},
+static ERR_STRING_DATA OSSLTEST_str_reasons[] = {
+ {ERR_REASON(OSSLTEST_R_INIT_FAILED), "init failed"},
{0, NULL}
};

#endif

-#ifdef GMP_LIB_NAME
-static ERR_STRING_DATA GMP_lib_name[] = {
- {0, GMP_LIB_NAME},
+#ifdef OSSLTEST_LIB_NAME
+static ERR_STRING_DATA OSSLTEST_lib_name[] = {
+ {0, OSSLTEST_LIB_NAME},
{0, NULL}
};
#endif

-static int GMP_lib_error_code = 0;
-static int GMP_error_init = 1;
+static int OSSLTEST_lib_error_code = 0;
+static int OSSLTEST_error_init = 1;

-static void ERR_load_GMP_strings(void)
+static void ERR_load_OSSLTEST_strings(void)
{
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code = ERR_get_next_error_library();
+ if (OSSLTEST_lib_error_code == 0)
+ OSSLTEST_lib_error_code = ERR_get_next_error_library();

- if (GMP_error_init) {
- GMP_error_init = 0;
+ if (OSSLTEST_error_init) {
+ OSSLTEST_error_init = 0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(GMP_lib_error_code, GMP_str_functs);
- ERR_load_strings(GMP_lib_error_code, GMP_str_reasons);
+ ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs);
+ ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons);
#endif

-#ifdef GMP_LIB_NAME
- GMP_lib_name->error = ERR_PACK(GMP_lib_error_code, 0, 0);
- ERR_load_strings(0, GMP_lib_name);
+#ifdef OSSLTEST_LIB_NAME
+ OSSLTEST_lib_name->error = ERR_PACK(OSSLTEST_lib_error_code, 0, 0);
+ ERR_load_strings(0, OSSLTEST_lib_name);
#endif
}
}

-static void ERR_unload_GMP_strings(void)
+static void ERR_unload_OSSLTEST_strings(void)
{
- if (GMP_error_init == 0) {
+ if (OSSLTEST_error_init == 0) {
#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(GMP_lib_error_code, GMP_str_functs);
- ERR_unload_strings(GMP_lib_error_code, GMP_str_reasons);
+ ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs);
+ ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons);
#endif

-#ifdef GMP_LIB_NAME
- ERR_unload_strings(0, GMP_lib_name);
+#ifdef OSSLTEST_LIB_NAME
+ ERR_unload_strings(0, OSSLTEST_lib_name);
#endif
- GMP_error_init = 1;
+ OSSLTEST_error_init = 1;
}
}

-static void ERR_GMP_error(int function, int reason, char *file, int line)
+static void ERR_OSSLTEST_error(int function, int reason, char *file, int line)
{
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code = ERR_get_next_error_library();
- ERR_PUT_error(GMP_lib_error_code, function, reason, file, line);
+ if (OSSLTEST_lib_error_code == 0)
+ OSSLTEST_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(OSSLTEST_lib_error_code, function, reason, file, line);
}
diff --git a/engines/e_gmp_err.h b/engines/e_ossltest_err.h
similarity index 80%
copy from engines/e_gmp_err.h
copy to engines/e_ossltest_err.h
index 637abbc..8f874e0 100644
--- a/engines/e_gmp_err.h
+++ b/engines/e_ossltest_err.h
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.

+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.

*

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -52,8 +52,8 @@
*
*/

-#ifndef HEADER_GMP_ERR_H
-# define HEADER_GMP_ERR_H
+#ifndef HEADER_OSSLTEST_ERR_H
+# define HEADER_OSSLTEST_ERR_H

#ifdef __cplusplus
extern "C" {
@@ -64,21 +64,18 @@ extern "C" {
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
-static void ERR_load_GMP_strings(void);
-static void ERR_unload_GMP_strings(void);
-static void ERR_GMP_error(int function, int reason, char *file, int line);
-# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
+static void ERR_load_OSSLTEST_strings(void);
+static void ERR_unload_OSSLTEST_strings(void);
+static void ERR_OSSLTEST_error(int function, int reason, char *file, int line);
+# define OSSLTESTerr(f,r) ERR_OSSLTEST_error((f),(r),__FILE__,__LINE__)

-/* Error codes for the GMP functions. */
+/* Error codes for the OSSLTEST functions. */

/* Function codes. */
-# define GMP_F_E_GMP_CTRL 100
-# define GMP_F_E_GMP_RSA_MOD_EXP 101
+# define OSSLTEST_F_BIND_OSSLTEST 100

/* Reason codes. */
-# define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100
-# define GMP_R_KEY_CONTEXT_ERROR 101
-# define GMP_R_MISSING_KEY_COMPONENTS 102
+# define OSSLTEST_R_INIT_FAILED 100

#ifdef __cplusplus
}
diff --git a/test/Makefile b/test/Makefile
index f49dc76..31b3796 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -71,6 +71,9 @@ CONSTTIMETEST= constant_time_test
VERIFYEXTRATEST= verify_extra_test
CLIENTHELLOTEST= clienthellotest
PACKETTEST= packettest
+SSLVERTOLTEST= sslvertoltest.pl
+SSLEXTENSIONTEST= sslextensiontest.pl
+SSLSKEWITH0PTEST= sslskewith0ptest.pl

TESTS= alltests

@@ -156,7 +159,8 @@ alltests: \

test_ige test_jpake test_secmem \
test_srp test_cms test_v3name test_ocsp \
test_gost2814789 test_heartbeat test_p5_crpt2 \

- test_constant_time test_verify_extra test_clienthello test_packet
+ test_constant_time test_verify_extra test_clienthello test_packet \
+ test_sslvertol test_sslextension test_sslskewith0p

test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
@echo $(START) $@

@@ -417,6 +421,22 @@ test_packet: $(PACKETTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(PACKETTEST)

+#OPENSSL_ia32cap=... in ssl tests below ensures AES-NI is switched off (AES-NI does not go through the testmode engine)
+test_sslvertol: ../apps/openssl$(EXE_EXT)
+ @echo $(START) $@
+ [ -z "$(SHARED_LIBS)" ] || PERL5LIB=$$PERL5LIB:../util OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh ./$(SSLVERTOLTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem
+ @[ -n "$(SHARED_LIBS)" ] || echo test_sslvertol can only be performed with OpenSSL configured shared
+
+test_sslextension: ../apps/openssl$(EXE_EXT)
+ @echo $(START) $@
+ [ -z "$(SHARED_LIBS)" ] || PERL5LIB=$$PERL5LIB:../util OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh ./$(SSLEXTENSIONTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem
+ @[ -n "$(SHARED_LIBS)" ] || echo test_sslextension can only be performed with OpenSSL configured shared
+
+test_sslskewith0p: ../apps/openssl$(EXE_EXT)
+ @echo $(START) $@
+ [ -z "$(SHARED_LIBS)" ] || PERL5LIB=$$PERL5LIB:../util OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh ./$(SSLSKEWITH0PTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem
+ @[ -n "$(SHARED_LIBS)" ] || echo test_sslskewith0p can only be performed with OpenSSL configured shared

+
update: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

diff --git a/test/sslextensiontest.pl b/test/sslextensiontest.pl
new file mode 100755
index 0000000..802bac1
--- /dev/null
+++ b/test/sslextensiontest.pl
@@ -0,0 +1,89 @@
+#!/usr/bin/perl
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+use TLSProxy::Proxy;
+
+my $proxy = TLSProxy::Proxy->new(
+ \&extension_filter,
+ @ARGV
+);
+
+#Test 1: Sending a zero length extension block should pass
+$proxy->start();
+TLSProxy::Message->success or die "FAILED: Zero extension length test\n";
+
+print "SUCCESS: Extension test\n";
+
+sub extension_filter
+{
+ my $proxy = shift;
+
+ # We're only interested in the initial ClientHello
+ if ($proxy->flight != 0) {
+ return;
+ }
+
+ foreach my $message (@{$proxy->message_list}) {
+ if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+ #Remove all extensions and set the extension len to zero
+ $message->extension_data({});
+ $message->extensions_len(0);
+ #Extensions have been removed so make sure we don't try to use them
+ $message->process_extensions();
+
+ $message->repack();
+ }
+ }
+}
diff --git a/test/sslskewith0ptest.pl b/test/sslskewith0ptest.pl
new file mode 100755
index 0000000..63f8398
--- /dev/null
+++ b/test/sslskewith0ptest.pl
@@ -0,0 +1,89 @@
+#!/usr/bin/perl
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+use TLSProxy::Proxy;
+
+my $proxy = TLSProxy::Proxy->new(
+ \&ske_0_p_filter,
+ @ARGV
+);
+
+#We must use an anon DHE cipher for this test
+$proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0');
+$proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0');
+
+$proxy->start();
+TLSProxy::Message->fail or die "FAILED: ServerKeyExchange with 0 p\n";
+
+print "SUCCESS: ServerKeyExchange with 0 p\n";
+
+sub ske_0_p_filter
+{
+ my $proxy = shift;
+
+ # We're only interested in the SKE - always in flight 1
+ if ($proxy->flight != 1) {
+ return;
+ }
+
+ foreach my $message (@{$proxy->message_list}) {
+ if ($message->mt == TLSProxy::Message::MT_SERVER_KEY_EXCHANGE) {
+ #Set p to a value of 0
+ $message->p(pack('C', 0));
+
+ $message->repack();
+ }
+ }
+}
diff --git a/test/sslvertoltest.pl b/test/sslvertoltest.pl
new file mode 100755
index 0000000..1828a7d
--- /dev/null
+++ b/test/sslvertoltest.pl
@@ -0,0 +1,93 @@
+#!/usr/bin/perl
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+use TLSProxy::Proxy;
+
+my $proxy = TLSProxy::Proxy->new(
+ \&vers_tolerance_filter,
+ @ARGV
+);
+
+#Test 1: Asking for TLS1.3 should pass
+my $client_version = TLSProxy::Record::VERS_TLS_1_3;
+$proxy->start();
+TLSProxy::Message->success or die "FAILED: Version tolerance test\n";
+
+#Test 2: Testing something below SSLv3 should fail
+$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1;
+$proxy->restart();
+TLSProxy::Message->success and die "FAILED: Version tolerance test\n";
+
+print "SUCCESS: Version tolerance test\n";
+
+sub vers_tolerance_filter
+{
+ my $proxy = shift;
+
+ # We're only interested in the initial ClientHello
+ if ($proxy->flight != 0) {
+ return;
+ }
+
+ foreach my $message (@{$proxy->message_list}) {
+ if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+ #Set the client version
+ #Anything above the max supported version (TLS1.2) should succeed
+ #Anything below SSLv3 should fail
+ $message->client_version($client_version);
+ $message->repack();
+ }
+ }
+}
diff --git a/util/TLSProxy/ClientHello.pm b/util/TLSProxy/ClientHello.pm
new file mode 100644
index 0000000..54fb5bb
--- /dev/null
+++ b/util/TLSProxy/ClientHello.pm
@@ -0,0 +1,272 @@
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+
+package TLSProxy::ClientHello;
+
+use parent 'TLSProxy::Message';
+
+use constant {
+ EXT_ENCRYPT_THEN_MAC => 22
+};
+
+sub new
+{
+ my $class = shift;
+ my ($server,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens) = @_;
+
+ my $self = $class->SUPER::new(
+ $server,
+ 1,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens);
+
+ $self->{client_version} = 0;
+ $self->{random} = [];
+ $self->{session_id_len} = 0;
+ $self->{session} = "";
+ $self->{ciphersuite_len} = 0;
+ $self->{ciphersuites} = [];
+ $self->{comp_meth_len} = 0;
+ $self->{comp_meths} = [];
+ $self->{extensions_len} = 0;
+ $self->{extensions_data} = "";
+
+ return $self;
+}
+
+sub parse
+{
+ my $self = shift;
+ my $ptr = 2;
+ my ($client_version) = unpack('n', $self->data);
+ my $random = substr($self->data, $ptr, 32);
+ $ptr += 32;
+ my $session_id_len = unpack('C', substr($self->data, $ptr));
+ $ptr++;
+ my $session = substr($self->data, $ptr, $session_id_len);
+ $ptr += $session_id_len;
+ my $ciphersuite_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my @ciphersuites = unpack('n*', substr($self->data, $ptr,
+ $ciphersuite_len));
+ $ptr += $ciphersuite_len;
+ my $comp_meth_len = unpack('C', substr($self->data, $ptr));
+ $ptr++;
+ my @comp_meths = unpack('C*', substr($self->data, $ptr, $comp_meth_len));
+ $ptr += $comp_meth_len;
+ my $extensions_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ #For now we just deal with this as a block of data. In the future we will
+ #want to parse this
+ my $extension_data = substr($self->data, $ptr);
+
+ if (length($extension_data) != $extensions_len) {
+ die "Invalid extension length\n";
+ }
+ my %extensions = ();
+ while (length($extension_data) >= 4) {
+ my ($type, $size) = unpack("nn", $extension_data);
+ my $extdata = substr($extension_data, 4, $size);
+ $extension_data = substr($extension_data, 4 + $size);
+ $extensions{$type} = $extdata;
+ }
+
+ $self->client_version($client_version);
+ $self->random($random);
+ $self->session_id_len($session_id_len);
+ $self->session($session);
+ $self->ciphersuite_len($ciphersuite_len);
+ $self->ciphersuites(\@ciphersuites);
+ $self->comp_meth_len($comp_meth_len);
+ $self->comp_meths(\@comp_meths);
+ $self->extensions_len($extensions_len);
+ $self->extension_data(\%extensions);
+
+ $self->process_extensions();
+
+ print " Client Version:".$client_version."\n";
+ print " Session ID Len:".$session_id_len."\n";
+ print " Ciphersuite len:".$ciphersuite_len."\n";
+ print " Compression Method Len:".$comp_meth_len."\n";
+ print " Extensions Len:".$extensions_len."\n";
+}
+
+#Perform any actions necessary based on the extensions we've seen
+sub process_extensions
+{
+ my $self = shift;
+ my %extensions = %{$self->extension_data};
+
+ #Clear any state from a previous run
+ TLSProxy::Record->etm(0);
+
+ if (exists $extensions{&EXT_ENCRYPT_THEN_MAC}) {
+ TLSProxy::Record->etm(1);
+ }
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+ my $self = shift;
+ my $data;
+
+ $data = pack('n', $self->client_version);
+ $data .= $self->random;
+ $data .= pack('C', $self->session_id_len);
+ $data .= $self->session;
+ $data .= pack('n', $self->ciphersuite_len);
+ $data .= pack("n*", @{$self->ciphersuites});
+ $data .= pack('C', $self->comp_meth_len);
+ $data .= pack("C*", @{$self->comp_meths});
+ $data .= pack('n', $self->extensions_len);
+ foreach my $key (keys %{$self->extension_data}) {
+ my $extdata = ${$self->extension_data}{$key};
+ $data .= pack("n", $key);
+ $data .= pack("n", length($extdata));
+ $data .= $extdata;
+ }
+
+ $self->data($data);
+}
+
+#Read/write accessors
+sub client_version
+{
+ my $self = shift;
+ if (@_) {
+ $self->{client_version} = shift;
+ }
+ return $self->{client_version};
+}
+sub random
+{
+ my $self = shift;
+ if (@_) {
+ $self->{random} = shift;
+ }
+ return $self->{random};
+}
+sub session_id_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{session_id_len} = shift;
+ }
+ return $self->{session_id_len};
+}
+sub session
+{
+ my $self = shift;
+ if (@_) {
+ $self->{session} = shift;
+ }
+ return $self->{session};
+}
+sub ciphersuite_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{ciphersuite_len} = shift;
+ }
+ return $self->{ciphersuite_len};
+}
+sub ciphersuites
+{
+ my $self = shift;
+ if (@_) {
+ $self->{ciphersuites} = shift;
+ }
+ return $self->{ciphersuites};
+}
+sub comp_meth_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{comp_meth_len} = shift;
+ }
+ return $self->{comp_meth_len};
+}
+sub comp_meths
+{
+ my $self = shift;
+ if (@_) {
+ $self->{comp_meths} = shift;
+ }
+ return $self->{comp_meths};
+}
+sub extensions_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{extensions_len} = shift;
+ }
+ return $self->{extensions_len};
+}
+sub extension_data
+{
+ my $self = shift;
+ if (@_) {
+ $self->{extension_data} = shift;
+ }
+ return $self->{extension_data};
+}
+1;
diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm
new file mode 100644
index 0000000..66a4a7b
--- /dev/null
+++ b/util/TLSProxy/Message.pm
@@ -0,0 +1,457 @@
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+
+package TLSProxy::Message;
+
+use constant TLS_MESSAGE_HEADER_LENGTH => 4;
+
+#Message types
+use constant {
+ MT_HELLO_REQUEST => 0,
+ MT_CLIENT_HELLO => 1,
+ MT_SERVER_HELLO => 2,
+ MT_NEW_SESSION_TICKET => 4,
+ MT_CERTIFICATE => 11,
+ MT_SERVER_KEY_EXCHANGE => 12,
+ MT_CERTIFICATE_REQUEST => 13,
+ MT_SERVER_HELLO_DONE => 14,
+ MT_CERTIFICATE_VERIFY => 15,
+ MT_CLIENT_KEY_EXCHANGE => 16,
+ MT_FINISHED => 20,
+ MT_CERTIFICATE_STATUS => 22,
+ MT_NEXT_PROTO => 67
+};
+my %message_type = (
+ MT_HELLO_REQUEST, "HelloRequest",
+ MT_CLIENT_HELLO, "ClientHello",
+ MT_SERVER_HELLO, "ServerHello",
+ MT_NEW_SESSION_TICKET, "NewSessionTicket",
+ MT_CERTIFICATE, "Certificate",
+ MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
+ MT_CERTIFICATE_REQUEST, "CertificateRequest",
+ MT_SERVER_HELLO_DONE, "ServerHelloDone",
+ MT_CERTIFICATE_VERIFY, "CertificateVerify",
+ MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
+ MT_FINISHED, "Finished",
+ MT_CERTIFICATE_STATUS, "CertificateStatus",
+ MT_NEXT_PROTO, "NextProto"
+);
+
+my $payload = "";
+my $messlen = -1;
+my $mt;
+my $startoffset = -1;
+my $server = 0;
+my $success = 0;
+my $end = 0;
+my @message_rec_list = ();
+my @message_frag_lens = ();
+my $ciphersuite = 0;
+
+sub clear
+{
+ $payload = "";
+ $messlen = -1;
+ $startoffset = -1;
+ $server = 0;
+ $success = 0;
+ $end = 0;
+ @message_rec_list = ();
+ @message_frag_lens = ();
+}
+
+#Class method to extract messages from a record
+sub get_messages
+{
+ my $class = shift;
+ my $serverin = shift;
+ my $record = shift;
+ my @messages = ();
+ my $message;
+
+ @message_frag_lens = ();
+
+ if ($serverin != $server && length($payload) != 0) {
+ die "Changed peer, but we still have fragment data\n";
+ }
+ $server = $serverin;
+
+ if ($record->content_type == TLSProxy::Record::RT_CCS) {
+ if ($payload ne "") {
+ #We can't handle this yet
+ die "CCS received before message data complete\n";
+ }
+ if ($server) {
+ TLSProxy::Record->server_ccs_seen(1);
+ } else {
+ TLSProxy::Record->client_ccs_seen(1);
+ }
+ } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
+ if ($record->len == 0 || $record->len_real == 0) {
+ print " Message truncated\n";
+ } else {
+ my $recoffset = 0;
+
+ if (length $payload > 0) {
+ #We are continuing processing a message started in a previous
+ #record. Add this record to the list associated with this
+ #message
+ push @message_rec_list, $record;
+
+ if ($messlen <= length($payload)) {
+ #Shouldn't happen
+ die "Internal error: invalid messlen: ".$messlen
+ ." payload length:".length($payload)."\n";
+ }
+ if (length($payload) + $record->decrypt_len >= $messlen) {
+ #We can complete the message with this record
+ $recoffset = $messlen - length($payload);
+ $payload .= substr($record->decrypt_data, 0, $recoffset);
+ push @message_frag_lens, $recoffset;
+ $message = create_message($server, $mt, $payload,
+ $startoffset);
+ push @messages, $message;
+
+ #Check if we have finished the handshake
+ if ($mt == MT_FINISHED && $server) {
+ $success = 1;
+ $end = 1;
+ }
+ $payload = "";
+ } else {
+ #This is just part of the total message
+ $payload .= $record->decrypt_data;
+ $recoffset = $record->decrypt_len;
+ push @message_frag_lens, $record->decrypt_len;
+ }
+ print " Partial message data read: ".$recoffset." bytes\n";
+ }
+
+ while ($record->decrypt_len > $recoffset) {
+ #We are at the start of a new message
+ if ($record->decrypt_len - $recoffset < 4) {
+ #Whilst technically probably valid we can't cope with this
+ die "End of record in the middle of a message header\n";
+ }
+ @message_rec_list = ($record);
+ my $lenhi;
+ my $lenlo;
+ ($mt, $lenhi, $lenlo) = unpack('CnC',
+ substr($record->decrypt_data,
+ $recoffset));
+ $messlen = ($lenhi << 8) | $lenlo;
+ print " Message type: $message_type{$mt}\n";
+ print " Message Length: $messlen\n";
+ $startoffset = $recoffset;
+ $recoffset += 4;
+ $payload = "";
+
+ if ($recoffset < $record->decrypt_len) {
+ #Some payload data is present in this record
+ if ($record->decrypt_len - $recoffset >= $messlen) {
+ #We can complete the message with this record
+ $payload .= substr($record->decrypt_data, $recoffset,
+ $messlen);
+ $recoffset += $messlen;
+ push @message_frag_lens, $messlen;
+ $message = create_message($server, $mt, $payload,
+ $startoffset);
+ push @messages, $message;
+
+ #Check if we have finished the handshake
+ if ($mt == MT_FINISHED && $server) {
+ $success = 1;
+ $end = 1;
+ }
+ $payload = "";
+ } else {
+ #This is just part of the total message
+ $payload .= substr($record->decrypt_data, $recoffset,
+ $record->decrypt_len - $recoffset);
+ $recoffset = $record->decrypt_len;
+ push @message_frag_lens, $recoffset;
+ }
+ }
+ }
+ }
+ } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
+ print " [ENCRYPTED APPLICATION DATA]\n";
+ print " [".$record->decrypt_data."]\n";
+ } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
+ #For now assume all alerts are fatal
+ $end = 1;
+ }
+
+ return @messages;
+}
+
+#Function to work out which sub-class we need to create and then
+#construct it
+sub create_message
+{
+ my ($server, $mt, $data, $startoffset) = @_;
+ my $message;
+
+ #We only support ClientHello in this version...needs to be extended for
+ #others
+ if ($mt == MT_CLIENT_HELLO) {
+ $message = TLSProxy::ClientHello->new(
+ $server,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ $message->parse();
+ } elsif ($mt == MT_SERVER_HELLO) {
+ $message = TLSProxy::ServerHello->new(
+ $server,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ $message->parse();
+ } elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
+ $message = TLSProxy::ServerKeyExchange->new(
+ $server,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ $message->parse();
+ } else {
+ #Unknown message type
+ $message = TLSProxy::Message->new(
+ $server,
+ $mt,
+ $data,
+ [@message_rec_list],
+ $startoffset,
+ [@message_frag_lens]
+ );
+ }
+
+ return $message;
+}
+
+sub end
+{
+ my $class = shift;
+ return $end;
+}
+sub success
+{
+ my $class = shift;
+ return $success;
+}
+sub fail
+{
+ my $class = shift;
+ return !$success && $end;
+}
+sub new
+{
+ my $class = shift;
+ my ($server,
+ $mt,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens) = @_;
+
+ my $self = {
+ server => $server,
+ data => $data,
+ records => $records,
+ mt => $mt,
+ startoffset => $startoffset,
+ message_frag_lens => $message_frag_lens
+ };
+
+ return bless $self, $class;
+}
+
+sub ciphersuite
+{
+ my $class = shift;
+ if (@_) {
+ $ciphersuite = shift;
+ }
+ return $ciphersuite;
+}
+
+#Update all the underlying records with the modified data from this message
+#Note: Does not currently support re-encrypting
+sub repack
+{
+ my $self = shift;
+ my $msgdata;
+
+ my $numrecs = $#{$self->records};
+
+ $self->set_message_contents();
+
+ my $lenhi;
+ my $lenlo;
+
+ $lenlo = length($self->data) & 0xff;
+ $lenhi = length($self->data) >> 8;
+ my $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;
+
+
+ if ($numrecs == 0) {
+ #The message is fully contained within one record
+ my ($rec) = @{$self->records};
+ my $recdata = $rec->decrypt_data;
+
+ if (length($msgdata) != ${$self->message_frag_lens}[0]
+ + TLS_MESSAGE_HEADER_LENGTH) {
+ #Message length has changed! Better adjust the record length
+ my $diff = length($msgdata) - ${$self->message_frag_lens}[0]
+ - TLS_MESSAGE_HEADER_LENGTH;
+ $rec->len($rec->len + $diff);
+ }
+
+ $rec->data(substr($recdata, 0, $self->startoffset)
+ .($msgdata)
+ .substr($recdata, ${$self->message_frag_lens}[0]
+ + TLS_MESSAGE_HEADER_LENGTH));
+
+ #Update the fragment len in case we changed it above
+ ${$self->message_frag_lens}[0] = length($msgdata)
+ - TLS_MESSAGE_HEADER_LENGTH;
+ return;
+ }
+
+ #Note we don't currently support changing a fragmented message length
+ my $recctr = 0;
+ my $datadone = 0;
+ foreach my $rec (@{$self->records}) {
+ my $recdata = $rec->decrypt_data;
+ if ($recctr == 0) {
+ #This is the first record
+ my $remainlen = length($recdata) - $self->startoffset;
+ $rec->data(substr($recdata, 0, $self->startoffset)
+ .substr(($msgdata), 0, $remainlen));
+ $datadone += $remainlen;
+ } elsif ($recctr + 1 == $numrecs) {
+ #This is the last record
+ $rec->data(substr($msgdata, $datadone));
+ } else {
+ #This is a middle record
+ $rec->data(substr($msgdata, $datadone, length($rec->data)));
+ $datadone += length($rec->data);
+ }
+ $recctr++;
+ }
+}
+
+#To be overridden by sub-classes
+sub set_message_contents
+{
+}
+
+#Read only accessors
+sub server
+{
+ my $self = shift;
+ return $self->{server};
+}
+
+#Read/write accessors
+sub mt
+{
+ my $self = shift;
+ if (@_) {
+ $self->{mt} = shift;
+ }
+ return $self->{mt};
+}
+sub data
+{
+ my $self = shift;
+ if (@_) {
+ $self->{data} = shift;
+ }
+ return $self->{data};
+}
+sub records
+{
+ my $self = shift;
+ if (@_) {
+ $self->{records} = shift;
+ }
+ return $self->{records};
+}
+sub startoffset
+{
+ my $self = shift;
+ if (@_) {
+ $self->{startoffset} = shift;
+ }
+ return $self->{startoffset};
+}
+sub message_frag_lens
+{
+ my $self = shift;
+ if (@_) {
+ $self->{message_frag_lens} = shift;
+ }
+ return $self->{message_frag_lens};
+}
+
+1;
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
new file mode 100644
index 0000000..c033c29
--- /dev/null
+++ b/util/TLSProxy/Proxy.pm
@@ -0,0 +1,394 @@
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+
+package TLSProxy::Proxy;
+
+use File::Spec;
+use IO::Socket;
+use IO::Select;
+use TLSProxy::Record;
+use TLSProxy::Message;
+use TLSProxy::ClientHello;
+use TLSProxy::ServerHello;
+use TLSProxy::ServerKeyExchange;
+
+sub new
+{
+ my $class = shift;
+ my ($filter,
+ $execute,
+ $cert,
+ $debug) = @_;
+
+ my $self = {
+ #Public read/write
+ proxy_addr => "localhost",
+ proxy_port => 4453,
+ server_addr => "localhost",
+ server_port => 4443,
+ filter => $filter,
+
+ #Public read
+ execute => $execute,
+ cert => $cert,
+ debug => $debug,
+ cipherc => "AES128-SHA",
+ ciphers => "",
+ flight => 0,
+ record_list => [],
+ message_list => [],
+
+ #Private
+ message_rec_list => []
+ };
+
+ return bless $self, $class;
+}
+
+sub clear
+{
+ my $self = shift;
+
+ $self->{cipherc} = "AES128-SHA";
+ $self->{ciphers} = "";
+ $self->{flight} = 0;
+ $self->{record_list} = [];
+ $self->{message_list} = [];
+ $self->{message_rec_list} = [];
+
+ TLSProxy::Message->clear();
+ TLSProxy::Record->clear();
+}
+
+sub restart
+{
+ my $self = shift;
+
+ $self->clear;
+ $self->start;
+}
+
+sub start
+{
+ my ($self) = shift;
+ my $pid;
+
+ $pid = fork();
+ if ($pid == 0) {
+ open(STDOUT, ">", File::Spec->devnull())
+ or die "Failed to redirect stdout";
+ open(STDERR, ">&STDOUT");
+ my $execcmd = $self->execute." s_server -engine ossltest -accept "
+ .($self->server_port)
+ ." -cert ".$self->cert." -naccept 1";
+ if ($self->ciphers ne "") {
+ $execcmd .= " -cipher ".$self->ciphers;
+ }
+ exec($execcmd);
+ }
+
+ my $oldstdout;
+
+ if(!$self->debug) {
+ $oldstdout = select(File::Spec->devnull());
+ }
+
+ # Create the Proxy socket
+ my $proxy_sock = new IO::Socket::INET(
+ LocalHost => $self->proxy_addr,
+ LocalPort => $self->proxy_port,
+ Proto => "tcp",
+ Listen => SOMAXCONN,
+ Reuse => 1
+ );
+
+ if ($proxy_sock) {
+ print "Proxy started on port ".$self->proxy_port."\n";
+ } else {
+ die "Failed creating proxy socket\n";
+ }
+
+ if ($self->execute) {
+ my $pid = fork();
+ if ($pid == 0) {
+ open(STDOUT, ">", File::Spec->devnull())
+ or die "Failed to redirect stdout";
+ open(STDERR, ">&STDOUT");
+ my $execcmd = $self->execute
+ ." s_client -engine ossltest -connect "
+ .($self->proxy_addr).":".($self->proxy_port);
+ if ($self->cipherc ne "") {
+ $execcmd .= " -cipher ".$self->cipherc;
+ }
+ exec($execcmd);
+ }
+ }
+
+ # Wait for incoming connection from client
+ my $client_sock = $proxy_sock->accept()
+ or die "Failed accepting incoming connection\n";
+
+ print "Connection opened\n";
+
+ # Now connect to the server
+ my $retry = 3;
+ my $server_sock;
+ #We loop over this a few times because sometimes s_server can take a while
+ #to start up
+ do {
+ $server_sock = new IO::Socket::INET(
+ PeerAddr => $self->server_addr,
+ PeerPort => $self->server_port,
+ Proto => 'tcp'
+ );
+
+ $retry--;
+ if (!$server_sock) {
+ if ($retry) {
+ #Sleep for a short while
+ select(undef, undef, undef, 0.1);
+ } else {
+ die "Failed to start up server\n";
+ }
+ }
+ } while (!$server_sock);
+
+ my $sel = IO::Select->new($server_sock, $client_sock);
+ my $indata;
+ my @handles = ($server_sock, $client_sock);
+
+ #Wait for either the server socket or the client socket to become readable
+ my @ready;
+ while(!(TLSProxy::Message->end) && (@ready = $sel->can_read)) {
+ foreach my $hand (@ready) {
+ if ($hand == $server_sock) {
+ $server_sock->sysread($indata, 16384) or goto END;
+ $indata = $self->process_packet(1, $indata);
+ $client_sock->syswrite($indata);
+ } elsif ($hand == $client_sock) {
+ $client_sock->sysread($indata, 16384) or goto END;
+ $indata = $self->process_packet(0, $indata);
+ $server_sock->syswrite($indata);
+ } else {
+ print "Err\n";
+ goto END;
+ }
+ }
+ }
+
+ END:
+ print "Connection closed\n";
+ if($server_sock) {
+ $server_sock->close();
+ }
+ if($client_sock) {
+ #Closing this also kills the child process
+ $client_sock->close();
+ }
+ if($proxy_sock) {
+ $proxy_sock->close();
+ }
+ if(!$self->debug) {
+ select($oldstdout);
+ }
+}
+
+
+sub process_packet
+{
+ my ($self, $server, $packet) = @_;
+ my $len_real;
+ my $decrypt_len;
+ my $data;
+ my $recnum;
+
+ if ($server) {
+ print "Received server packet\n";
+ } else {
+ print "Received client packet\n";
+ }
+
+ print "Packet length = ".length($packet)."\n";
+ print "Processing flight ".$self->flight."\n";
+
+ #Return contains the list of record found in the packet followed by the
+ #list of messages in those records
+ my @ret = TLSProxy::Record->get_records($server, $self->flight, $packet);
+ push @{$self->record_list}, @{$ret[0]};
+ $self->{message_rec_list} = $ret[0];
+ push @{$self->{message_list}}, @{$ret[1]};
+
+ print "\n";
+
+ #Finished parsing. Call user provided filter here
+ $self->filter->($self);
+
+ #Reconstruct the packet
+ $packet = "";
+ foreach my $record (@{$self->record_list}) {
+ #We only replay the records for the current flight
+ if ($record->flight != $self->flight) {
+ next;
+ }
+ $packet .= $record->reconstruct_record();
+ }
+
+ $self->{flight} = $self->{flight} + 1;
+
+ print "Forwarded packet length = ".length($packet)."\n\n";
+
+ return $packet;
+}
+
+#Read accessors
+sub execute
+{
+ my $self = shift;
+ return $self->{execute};
+}
+sub cert
+{
+ my $self = shift;
+ return $self->{cert};
+}
+sub debug
+{
+ my $self = shift;
+ return $self->{debug};
+}
+sub flight
+{
+ my $self = shift;
+ return $self->{flight};
+}
+sub record_list
+{
+ my $self = shift;
+ return $self->{record_list};
+}
+sub message_list
+{
+ my $self = shift;
+ return $self->{message_list};
+}
+sub success
+{
+ my $self = shift;
+ return $self->{success};
+}
+sub end
+{
+ my $self = shift;
+ return $self->{end};
+}
+
+#Read/write accessors
+sub proxy_addr
+{
+ my $self = shift;
+ if (@_) {
+ $self->{proxy_addr} = shift;
+ }
+ return $self->{proxy_addr};
+}
+sub proxy_port
+{
+ my $self = shift;
+ if (@_) {
+ $self->{proxy_port} = shift;
+ }
+ return $self->{proxy_port};
+}
+sub server_addr
+{
+ my $self = shift;
+ if (@_) {
+ $self->{server_addr} = shift;
+ }
+ return $self->{server_addr};
+}
+sub server_port
+{
+ my $self = shift;
+ if (@_) {
+ $self->{server_port} = shift;
+ }
+ return $self->{server_port};
+}
+sub filter
+{
+ my $self = shift;
+ if (@_) {
+ $self->{filter} = shift;
+ }
+ return $self->{filter};
+}
+sub cipherc
+{
+ my $self = shift;
+ if (@_) {
+ $self->{cipherc} = shift;
+ }
+ return $self->{cipherc};
+}
+sub ciphers
+{
+ my $self = shift;
+ if (@_) {
+ $self->{ciphers} = shift;
+ }
+ return $self->{ciphers};
+}
+1;
diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm
new file mode 100644
index 0000000..1d10508
--- /dev/null
+++ b/util/TLSProxy/Record.pm
@@ -0,0 +1,360 @@
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+
+use TLSProxy::Proxy;
+
+package TLSProxy::Record;
+
+my $server_ccs_seen = 0;
+my $client_ccs_seen = 0;
+my $etm = 0;
+
+use constant TLS_RECORD_HEADER_LENGTH => 5;
+
+#Record types
+use constant {
+ RT_APPLICATION_DATA => 23,
+ RT_HANDSHAKE => 22,
+ RT_ALERT => 21,
+ RT_CCS => 20
+};
+
+my %record_type = (
+ RT_APPLICATION_DATA, "APPLICATION DATA",
+ RT_HANDSHAKE, "HANDSHAKE",
+ RT_ALERT, "ALERT",
+ RT_CCS, "CCS"
+);
+
+use constant {
+ VERS_TLS_1_3 => 772,
+ VERS_TLS_1_2 => 771,
+ VERS_TLS_1_1 => 770,
+ VERS_TLS_1_0 => 769,
+ VERS_SSL_3_0 => 768
+};
+
+my %tls_version = (
+ VERS_TLS_1_3, "TLS1.3",
+ VERS_TLS_1_2, "TLS1.2",
+ VERS_TLS_1_1, "TLS1.1",
+ VERS_TLS_1_0, "TLS1.0",
+ VERS_SSL_3_0, "SSL3"
+);
+
+#Class method to extract records from a packet of data
+sub get_records
+{
+ my $class = shift;
+ my $server = shift;
+ my $flight = shift;
+ my $packet = shift;
+ my @record_list = ();
+ my @message_list = ();
+ my $data;
+ my $content_type;
+ my $version;
+ my $len;
+ my $len_real;
+ my $decrypt_len;
+
+ my $recnum = 1;
+ while (length ($packet) > 0) {
+ print " Record $recnum";
+ if ($server) {
+ print " (server -> client)\n";
+ } else {
+ print " (client -> server)\n";
+ }
+ #Get the record header
+ if (length($packet) < TLS_RECORD_HEADER_LENGTH) {
+ print "Partial data : ".length($packet)." bytes\n";
+ $packet = "";
+ } else {
+ ($content_type, $version, $len) = unpack('CnnC*', $packet);
+ $data = substr($packet, 5, $len);
+
+ print " Content type: ".$record_type{$content_type}."\n";
+ print " Version: $tls_version{$version}\n";
+ print " Length: $len";
+ if ($len == length($data)) {
+ print "\n";
+ $decrypt_len = $len_real = $len;
+ } else {
+ print " (expected), ".length($data)." (actual)\n";
+ $decrypt_len = $len_real = length($data);
+ }
+
+ my $record = TLSProxy::Record->new(
+ $flight,
+ $content_type,
+ $version,
+ $len,
+ $len_real,
+ $decrypt_len,
+ substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real),
+ substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real)
+ );
+
+ if (($server && $server_ccs_seen)
+ || (!$server && $client_ccs_seen)) {
+ if ($etm) {
+ $record->decryptETM();
+ } else {
+ $record->decrypt();
+ }
+ }
+
+ push @record_list, $record;
+
+ #Now figure out what messages are contained within this record
+ my @messages = TLSProxy::Message->get_messages($server, $record);
+ push @message_list, @messages;
+
+ $packet = substr($packet, TLS_RECORD_HEADER_LENGTH + $len_real);
+ $recnum++;
+ }
+ }
+
+ return (\@record_list, \@message_list);
+}
+
+sub clear
+{
+ $server_ccs_seen = 0;
+ $client_ccs_seen = 0;
+}
+
+#Class level accessors
+sub server_ccs_seen
+{
+ my $class = shift;
+ if (@_) {
+ $server_ccs_seen = shift;
+ }
+ return $server_ccs_seen;
+}
+sub client_ccs_seen
+{
+ my $class = shift;
+ if (@_) {
+ $client_ccs_seen = shift;
+ }
+ return $client_ccs_seen;
+}
+#Enable/Disable Encrypt-then-MAC
+sub etm
+{
+ my $class = shift;
+ if (@_) {
+ $etm = shift;
+ }
+ return $etm;
+}
+
+sub new
+{
+ my $class = shift;
+ my ($flight,
+ $content_type,
+ $version,
+ $len,
+ $len_real,
+ $decrypt_len,
+ $data,
+ $decrypt_data) = @_;
+
+ my $self = {
+ flight => $flight,
+ content_type => $content_type,
+ version => $version,
+ len => $len,
+ len_real => $len_real,
+ decrypt_len => $decrypt_len,
+ data => $data,
+ decrypt_data => $decrypt_data,
+ orig_decrypt_data => $decrypt_data
+ };
+
+ return bless $self, $class;
+}
+
+#Decrypt using encrypt-then-MAC
+sub decryptETM
+{
+ my ($self) = shift;
+
+ my $data = $self->data;
+
+ if($self->version >= VERS_TLS_1_1()) {
+ #TLS1.1+ has an explicit IV. Throw it away
+ $data = substr($data, 16);
+ }
+
+ #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)
+ $data = substr($data, 0, length($data) - 20);
+
+ #Find out what the padding byte is
+ my $padval = unpack("C", substr($data, length($data) - 1));
+
+ #Throw away the padding
+ $data = substr($data, 0, length($data) - ($padval + 1));
+
+ $self->decrypt_data($data);
+ $self->decrypt_len(length($data));
+
+ return $data;
+}
+
+#Standard decrypt
+sub decrypt()
+{
+ my ($self) = shift;
+
+ my $data = $self->data;
+
+ if($self->version >= VERS_TLS_1_1()) {
+ #TLS1.1+ has an explicit IV. Throw it away
+ $data = substr($data, 16);
+ }
+
+ #Find out what the padding byte is
+ my $padval = unpack("C", substr($data, length($data) - 1));
+
+ #Throw away the padding
+ $data = substr($data, 0, length($data) - ($padval + 1));
+
+ #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)
+ $data = substr($data, 0, length($data) - 20);
+
+ $self->decrypt_data($data);
+ $self->decrypt_len(length($data));
+
+ return $data;
+}
+
+#Reconstruct the on-the-wire record representation
+sub reconstruct_record
+{
+ my $self = shift;
+ my $data;
+
+ $data = pack('Cnn', $self->content_type, $self->version, $self->len);
+ $data .= $self->data;
+
+ return $data;
+}
+
+#Read only accessors
+sub flight
+{
+ my $self = shift;
+ return $self->{flight};
+}
+sub content_type
+{
+ my $self = shift;
+ return $self->{content_type};
+}
+sub version
+{
+ my $self = shift;
+ return $self->{version};
+}
+sub len_real
+{
+ my $self = shift;
+ return $self->{len_real};
+}
+sub orig_decrypt_data
+{
+ my $self = shift;
+ return $self->{orig_decrypt_data};
+}
+
+#Read/write accessors
+sub decrypt_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{decrypt_len} = shift;
+ }
+ return $self->{decrypt_len};
+}
+sub data
+{
+ my $self = shift;
+ if (@_) {
+ $self->{data} = shift;
+ }
+ return $self->{data};
+}
+sub decrypt_data
+{
+ my $self = shift;
+ if (@_) {
+ $self->{decrypt_data} = shift;
+ }
+ return $self->{decrypt_data};
+}
+sub len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{len} = shift;
+ }
+ return $self->{len};
+}
+1;
diff --git a/util/TLSProxy/ServerHello.pm b/util/TLSProxy/ServerHello.pm
new file mode 100644
index 0000000..693430e
--- /dev/null
+++ b/util/TLSProxy/ServerHello.pm
@@ -0,0 +1,235 @@
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+
+package TLSProxy::ServerHello;
+
+use parent 'TLSProxy::Message';
+
+sub new
+{
+ my $class = shift;
+ my ($server,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens) = @_;
+
+ my $self = $class->SUPER::new(
+ $server,
+ TLSProxy::Message::MT_SERVER_HELLO,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens);
+
+ $self->{server_version} = 0;
+ $self->{random} = [];
+ $self->{session_id_len} = 0;
+ $self->{session} = "";
+ $self->{ciphersuite} = 0;
+ $self->{comp_meth} = 0;
+ $self->{extensions_len} = 0;
+ $self->{extensions_data} = "";
+
+ return $self;
+}
+
+sub parse
+{
+ my $self = shift;
+ my $ptr = 2;
+ my ($server_version) = unpack('n', $self->data);
+ my $random = substr($self->data, $ptr, 32);
+ $ptr += 32;
+ my $session_id_len = unpack('C', substr($self->data, $ptr));
+ $ptr++;
+ my $session = substr($self->data, $ptr, $session_id_len);
+ $ptr += $session_id_len;
+ my $ciphersuite = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $comp_meth = unpack('C', substr($self->data, $ptr));
+ $ptr++;
+ my $extensions_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ #For now we just deal with this as a block of data. In the future we will
+ #want to parse this
+ my $extension_data = substr($self->data, $ptr);
+
+ if (length($extension_data) != $extensions_len) {
+ die "Invalid extension length\n";
+ }
+ my %extensions = ();
+ while (length($extension_data) >= 4) {
+ my ($type, $size) = unpack("nn", $extension_data);
+ my $extdata = substr($extension_data, 4, $size);
+ $extension_data = substr($extension_data, 4 + $size);
+ $extensions{$type} = $extdata;
+ }
+
+ $self->server_version($server_version);
+ $self->random($random);
+ $self->session_id_len($session_id_len);
+ $self->session($session);
+ $self->ciphersuite($ciphersuite);
+ $self->comp_meth($comp_meth);
+ $self->extensions_len($extensions_len);
+ $self->extension_data(\%extensions);
+
+ $self->process_data();
+
+ print " Server Version:".$server_version."\n";
+ print " Session ID Len:".$session_id_len."\n";
+ print " Ciphersuite:".$ciphersuite."\n";
+ print " Compression Method:".$comp_meth."\n";
+ print " Extensions Len:".$extensions_len."\n";
+}
+
+#Perform any actions necessary based on the data we've seen
+sub process_data
+{
+ my $self = shift;
+
+ TLSProxy::Message->ciphersuite($self->ciphersuite);
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+ my $self = shift;
+ my $data;
+
+ $data = pack('n', $self->server_version);
+ $data .= $self->random;
+ $data .= pack('C', $self->session_id_len);
+ $data .= $self->session;
+ $data .= pack('n', $self->ciphersuite);
+ $data .= pack('C', $self->comp_meth);
+ $data .= pack('n', $self->extensions_len);
+ foreach my $key (keys %{$self->extension_data}) {
+ my $extdata = ${$self->extension_data}{$key};
+ $data .= pack("n", $key);
+ $data .= pack("n", length($extdata));
+ $data .= $extdata;
+ }
+
+ $self->data($data);
+}
+
+#Read/write accessors
+sub server_version
+{
+ my $self = shift;
+ if (@_) {
+ $self->{client_version} = shift;
+ }
+ return $self->{client_version};
+}
+sub random
+{
+ my $self = shift;
+ if (@_) {
+ $self->{random} = shift;
+ }
+ return $self->{random};
+}
+sub session_id_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{session_id_len} = shift;
+ }
+ return $self->{session_id_len};
+}
+sub session
+{
+ my $self = shift;
+ if (@_) {
+ $self->{session} = shift;
+ }
+ return $self->{session};
+}
+sub ciphersuite
+{
+ my $self = shift;
+ if (@_) {
+ $self->{ciphersuite} = shift;
+ }
+ return $self->{ciphersuite};
+}
+sub comp_meth
+{
+ my $self = shift;
+ if (@_) {
+ $self->{comp_meth} = shift;
+ }
+ return $self->{comp_meth};
+}
+sub extensions_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{extensions_len} = shift;
+ }
+ return $self->{extensions_len};
+}
+sub extension_data
+{
+ my $self = shift;
+ if (@_) {
+ $self->{extension_data} = shift;
+ }
+ return $self->{extension_data};
+}
+1;
diff --git a/util/TLSProxy/ServerKeyExchange.pm b/util/TLSProxy/ServerKeyExchange.pm
new file mode 100644
index 0000000..3a91d17
--- /dev/null
+++ b/util/TLSProxy/ServerKeyExchange.pm
@@ -0,0 +1,176 @@
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openss...@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (e...@cryptsoft.com). This product includes software written by Tim
+# Hudson (t...@cryptsoft.com).
+
+use strict;
+
+package TLSProxy::ServerKeyExchange;
+
+use parent 'TLSProxy::Message';
+
+sub new
+{
+ my $class = shift;
+ my ($server,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens) = @_;
+
+ my $self = $class->SUPER::new(
+ $server,
+ TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens);
+
+ #DHE
+ $self->{p} = "";
+ $self->{g} = "";
+ $self->{pub_key} = "";
+ $self->{sig} = "";
+
+ return $self;
+}
+
+sub parse
+{
+ my $self = shift;
+
+ #Minimal SKE parsing. Only supports DHE at the moment (if its not DHE
+ #the parsing data will be trash...which is ok as long as we don't try to
+ #use it)
+
+ my $p_len = unpack('n', $self->data);
+ my $ptr = 2;
+ my $p = substr($self->data, $ptr, $p_len);
+ $ptr += $p_len;
+
+ my $g_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $g = substr($self->data, $ptr, $g_len);
+ $ptr += $g_len;
+
+ my $pub_key_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $pub_key = substr($self->data, $ptr, $pub_key_len);
+ $ptr += $g_len;
+
+ #We assume its signed
+ my $sig_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $sig = substr($self->data, $ptr, $sig_len);
+ $ptr += $sig_len;
+
+ $self->p($p);
+ $self->g($g);
+ $self->pub_key($pub_key);
+ $self->sig($sig);
+}
+
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+ my $self = shift;
+ my $data;
+
+ $data = pack('n', length($self->p));
+ $data .= $self->p;
+ $data .= pack('n', length($self->g));
+ $data .= $self->g;
+ $data .= pack('n', length($self->pub_key));
+ $data .= $self->pub_key;
+ if (length($self->sig) > 0) {
+ $data .= pack('n', length($self->sig));
+ $data .= $self->sig;
+ }
+
+ $self->data($data);
+}
+
+#Read/write accessors
+#DHE
+sub p
+{
+ my $self = shift;
+ if (@_) {
+ $self->{p} = shift;
+ }
+ return $self->{p};
+}
+sub g
+{
+ my $self = shift;
+ if (@_) {
+ $self->{g} = shift;
+ }
+ return $self->{g};
+}
+sub pub_key
+{
+ my $self = shift;
+ if (@_) {
+ $self->{pub_key} = shift;
+ }
+ return $self->{pub_key};
+}
+sub sig
+{
+ my $self = shift;
+ if (@_) {
+ $self->{sig} = shift;
+ }
+ return $self->{sig};
+}
+1;

[Matt Caswell]

The branch master has been updated

via f75d5171be0b3b5419c8974133e1573cf976a8bb (commit)
via d8e8590ed90eba6ef651d09d77befb14f980de2c (commit)
from 6142f5c640f98429d4798b8418e8cc2cf6cc1fb8 (commit)


- Log -----------------------------------------------------------------
commit f75d5171be0b3b5419c8974133e1573cf976a8bb
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 11 19:38:39 2015 +0100

Fix "make test" seg fault with SCTP enabled

When config'd with "sctp" running "make test" causes a seg fault. This is
actually due to the way ssltest works - it dives under the covers and frees
up BIOs manually and so some BIOs are NULL when the SCTP code does not
expect it. The simplest fix is just to add some sanity checks to make sure
the BIOs aren't NULL before we use them.

This problem occurs in master and 1.0.2. The fix has also been applied to
1.0.1 to keep the code in sync.

Reviewed-by: Tim Hudson <t...@openssl.org>

commit d8e8590ed90eba6ef651d09d77befb14f980de2c
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 11 19:36:43 2015 +0100

Fix missing return value checks in SCTP

There are some missing return value checks in the SCTP code. In master this
was causing a compilation failure when config'd with
"--strict-warnings sctp".

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/d1_both.c | 7 +++++--
ssl/d1_clnt.c | 16 ++++++++++++----
ssl/d1_srvr.c | 18 +++++++++++++-----
3 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index ec47b94..2c3ab54 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1365,9 +1365,12 @@ int dtls1_shutdown(SSL *s)
{
int ret;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+ BIO *wbio;
+
+ wbio = SSL_get_wbio(s);
+ if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) {
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+ ret = BIO_dgram_sctp_wait_for_dry(wbio);
if (ret < 0)
return -1;

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 566c154..d411614 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -364,11 +364,15 @@ int dtls1_connect(SSL *s)
sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey),
labelbuffer,
sizeof(labelbuffer), NULL, 0,
- 0);
+ 0) <= 0) {
+ ret = -1;

+ s->state = SSL_ST_ERR;

+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
@@ -493,9 +497,13 @@ int dtls1_connect(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;

+ s->state = SSL_ST_ERR;

+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 19562e1..555bbdf 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -417,9 +417,13 @@ int dtls1_accept(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ if (SSL_export_keying_material(s, sctpauthkey,
+ sizeof(sctpauthkey), labelbuffer,
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;

+ s->state = SSL_ST_ERR;

+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -606,9 +610,13 @@ int dtls1_accept(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);

- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;

+ s->state = SSL_ST_ERR;

+ goto end;
+ }

BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);

[Rich Salz]

The branch master has been updated

via ade44dcb16141c8a30ca6c56a1fd1a0b14dcc360 (commit)
from f75d5171be0b3b5419c8974133e1573cf976a8bb (commit)


- Log -----------------------------------------------------------------
commit ade44dcb16141c8a30ca6c56a1fd1a0b14dcc360
Author: Rich Salz <rs...@akamai.com>
Date: Tue Aug 4 12:32:40 2015 -0400

Remove Gost94 signature algorithm.

This was obsolete in 2001. This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <bel...@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/s_cb.c | 1 -
crypto/x509/x509type.c | 1 -
doc/apps/ciphers.pod | 5 -
engines/ccgost/Makefile | 63 ++------
engines/ccgost/e_gost_err.c | 18 ---
engines/ccgost/gost2001.c | 1 -
engines/ccgost/gost94_keyx.c | 281 ---------------------------------
engines/ccgost/gost_ameth.c | 316 +++----------------------------------
engines/ccgost/gost_asn1.c | 16 ++
engines/ccgost/gost_crypt.c | 1 -
engines/ccgost/gost_eng.c | 41 ++---
engines/ccgost/gost_lcl.h | 28 ++--
engines/ccgost/gost_params.c | 129 +--------------
engines/ccgost/gost_params.h | 34 ----
engines/ccgost/gost_pmeth.c | 164 +++----------------
engines/ccgost/gost_sign.c | 365 -------------------------------------------
include/openssl/tls1.h | 1 -
ssl/s3_both.c | 4 +-
ssl/s3_clnt.c | 3 +-
ssl/s3_lib.c | 90 +----------
ssl/s3_srvr.c | 10 +-
ssl/ssl_ciph.c | 12 +-
ssl/ssl_lib.c | 5 -
ssl/ssl_locl.h | 3 -
24 files changed, 118 insertions(+), 1474 deletions(-)
delete mode 100644 engines/ccgost/gost94_keyx.c
delete mode 100644 engines/ccgost/gost_params.h
delete mode 100644 engines/ccgost/gost_sign.c

diff --git a/apps/s_cb.c b/apps/s_cb.c
index a14e00c..2a18f74 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -288,7 +288,6 @@ static STRINT_PAIR cert_type_list[] = {
{"ECDSA sign", TLS_CT_ECDSA_SIGN},
{"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
{"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
- {"GOST94 Sign", TLS_CT_GOST94_SIGN},
{"GOST01 Sign", TLS_CT_GOST01_SIGN},
{NULL}
};
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index 97e5bab..232ba9b 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -93,7 +93,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
case EVP_PKEY_DH:
ret = EVP_PK_DH | EVP_PKT_EXCH;
break;
- case NID_id_GostR3410_94:
case NID_id_GostR3410_2001:
ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
break;
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index d7b7bea..5a4a4fd 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -310,11 +310,6 @@ cipher suites using GOST R 34.10 (either 2001 or 94) for authentication

cipher suites using GOST R 34.10-2001 authentication.

-=item B<aGOST94>
-
-cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
-standard has been expired so use GOST R 34.10-2001)
-
=item B<kGOST>

cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
index 57b9c59..3c1e4f9 100644
--- a/engines/ccgost/Makefile
+++ b/engines/ccgost/Makefile
@@ -8,9 +8,9 @@ AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
LIB=$(TOP)/libcrypto.a

-LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
+LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_pmeth.c gost_params.c

-LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
+LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_pmeth.o gost_params.o

SRC=$(LIBSRC)

@@ -100,8 +100,7 @@ gost2001.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h
-gost2001.o: gosthash.h
+gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gosthash.h
gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -120,23 +119,6 @@ gost2001_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c
gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h
gost89.o: gost89.c gost89.h
-gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost94_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost94_keyx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-gost94_keyx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-gost94_keyx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-gost94_keyx.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-gost94_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost94_keyx.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost94_keyx.o: ../../include/openssl/opensslconf.h
-gost94_keyx.o: ../../include/openssl/opensslv.h
-gost94_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost94_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-gost94_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost94_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
@@ -152,7 +134,7 @@ gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h
+gost_ameth.o: gost_ameth.c gost_lcl.h gosthash.h
gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -229,14 +211,21 @@ gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h
-gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-gost_params.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+gost_params.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+gost_params.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+gost_params.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+gost_params.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+gost_params.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+gost_params.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
gost_params.o: ../../include/openssl/opensslconf.h
gost_params.o: ../../include/openssl/opensslv.h
-gost_params.o: ../../include/openssl/ossl_typ.h
-gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
+gost_params.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+gost_params.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+gost_params.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+gost_params.o: gost89.h gost_lcl.h gost_params.c gosthash.h
gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
@@ -252,23 +241,5 @@ gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c
-gost_pmeth.o: gosthash.h
-gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_sign.o: ../../include/openssl/objects.h
-gost_sign.o: ../../include/openssl/opensslconf.h
-gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_sign.c
-gost_sign.o: gosthash.h
+gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_pmeth.c gosthash.h
gosthash.o: gost89.h gosthash.c gosthash.h
diff --git a/engines/ccgost/e_gost_err.c b/engines/ccgost/e_gost_err.c
index 0afd913..d05ef61 100644
--- a/engines/ccgost/e_gost_err.c
+++ b/engines/ccgost/e_gost_err.c
@@ -73,7 +73,6 @@ static ERR_STRING_DATA GOST_str_functs[] = {
{ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
{ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
- {ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
{ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
{ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
@@ -83,37 +82,24 @@ static ERR_STRING_DATA GOST_str_functs[] = {
"GOST89_GET_ASN1_PARAMETERS"},
{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),
"GOST89_SET_ASN1_PARAMETERS"},
- {ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
{ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
- {ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
- {ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
{ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
- {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"},
{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
- {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
{ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
- {ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
- {ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
- {ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
- {ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
- {ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
{ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
- {ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
{ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
{ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
- {ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
- {ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
{ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
{0, NULL}
};
@@ -128,8 +114,6 @@ static ERR_STRING_DATA GOST_str_reasons[] = {
{ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"},
{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),
"error computing shared key"},
- {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),
- "error packing key transport info"},
{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),
"error parsing key transport info"},
{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"},
@@ -137,11 +121,9 @@ static ERR_STRING_DATA GOST_str_reasons[] = {
{ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"},
{ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"},
{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"},
- {ERR_REASON(GOST_R_INVALID_GOST94_PARMSET), "invalid gost94 parmset"},
{ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"},
{ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"},
- {ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"},
{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"},
{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"},
{ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"},
diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c
index 6d41f31..985795e 100644
--- a/engines/ccgost/gost2001.c
+++ b/engines/ccgost/gost2001.c
@@ -7,7 +7,6 @@
* Requires OpenSSL 0.9.9 for compilation *
**********************************************************************/
#include "gost_lcl.h"
-#include "gost_params.h"
#include <string.h>
#include <openssl/rand.h>
#include <openssl/ecdsa.h>
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
deleted file mode 100644
index b529c8e..0000000
--- a/engines/ccgost/gost94_keyx.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/**********************************************************************
- * gost94_keyx.c *
- * Copyright (c) 2005-2006 Cryptocom LTD *
- * This file is distributed under the same license as OpenSSL *
- * *
- * Implements generation and parsing of GOST_KEY_TRANSPORT for *
- * GOST R 34.10-94 algorithms *
- * *
- * Requires OpenSSL 0.9.9 for compilation *
- **********************************************************************/
-#include <string.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-#include "gost89.h"
-#include "gosthash.h"
-#include "e_gost_err.h"
-#include "gost_keywrap.h"
-#include "gost_lcl.h"
-/* Common functions for both 94 and 2001 key exchange schemes */
-/*
- * Implementation of the Diffi-Hellman key agreement scheme based on GOST-94
- * keys
- */
-
-/*
- * Computes Diffie-Hellman key and stores it into buffer in little-endian
- * byte order as expected by both versions of GOST 94 algorithm
- */
-static int compute_pair_key_le(unsigned char *pair_key, BIGNUM *pub_key,
- DH *dh)
-{
- unsigned char be_key[128];
- int i, key_size;
- key_size = DH_compute_key(be_key, pub_key, dh);
- if (!key_size)
- return 0;
- memset(pair_key, 0, 128);
- for (i = 0; i < key_size; i++) {
- pair_key[i] = be_key[key_size - 1 - i];
- }
- return key_size;
-}
-
-/*
- * Computes 256 bit Key exchange key as specified in RFC 4357
- */
-static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk,
- unsigned char *shared_key)
-{
- unsigned char dh_key[128];
- int ret;
- gost_hash_ctx hash_ctx;
- DH *dh = DH_new();
-
- if (!dh)
- return 0;
- memset(dh_key, 0, 128);
- dh->g = BN_dup(pubk->pkey.dsa->g);
- dh->p = BN_dup(pubk->pkey.dsa->p);
- dh->priv_key = BN_dup(priv_key);
- ret =
- compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,
- dh);
- DH_free(dh);
- if (!ret)
- return 0;
- init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
- start_hash(&hash_ctx);
- hash_block(&hash_ctx, dh_key, 128);
- finish_hash(&hash_ctx, shared_key);
- done_gost_hash_ctx(&hash_ctx);

- return 1;
-}
-

-/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */
-
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-{
- EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
- EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
- *keylen = 32;
- if (key == NULL)
- return 1;
-
- return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
-}
-
-/*
- * EVP_PKEY_METHOD callback encrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
- size_t *outlen, const unsigned char *key,
- size_t key_len)
-{
- GOST_KEY_TRANSPORT *gkt = NULL;
- unsigned char shared_key[32], ukm[8], crypted_key[44];
- const struct gost_cipher_info *param = get_encryption_params(NULL);
- EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- gost_ctx cctx;
- int key_is_ephemeral = 1;
- int tmp_outlen;
- EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
-
- /* Do not use vizir cipher parameters with cryptopro */
- if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
- && param == gost_cipher_list) {
- param = gost_cipher_list + 1;
- }
-
- if (mykey) {
- /* If key already set, it is not ephemeral */
- key_is_ephemeral = 0;
- if (!gost_get0_priv_key(mykey)) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
- goto err;
- }
- } else {
- /* Otherwise generate ephemeral key */
- key_is_ephemeral = 1;
- if (out) {
- mykey = EVP_PKEY_new();
- EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
- EVP_PKEY_copy_parameters(mykey, pubk);
- if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {

- goto err;
- }
- }
- }

- if (out)
- make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, shared_key);
- if (data->shared_ukm) {
- memcpy(ukm, data->shared_ukm, 8);
- } else if (out) {
- if (RAND_bytes(ukm, 8) <= 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_RANDOM_GENERATOR_FAILURE);

- goto err;
- }
- }
-

- if (out) {
- gost_init(&cctx, param->sblock);
- keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
- }
- gkt = GOST_KEY_TRANSPORT_new();
- if (!gkt) {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
- goto memerr;
- }
- if (!ASN1_OCTET_STRING_set
- (gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
- goto memerr;
- }
- if (key_is_ephemeral) {
- if (!X509_PUBKEY_set
- (&gkt->key_agreement_info->ephem_key, out ? mykey : pubk)) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
- goto err;
- }
- if (out)
- EVP_PKEY_free(mykey);
- }
- ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
- gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
- tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
- if (tmp_outlen <= 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
- GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
- goto err;
- }
- *outlen = tmp_outlen;
- if (!key_is_ephemeral) {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
- 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);

- goto err;
- }
- }

- GOST_KEY_TRANSPORT_free(gkt);
- return 1;
- memerr:
- if (key_is_ephemeral) {
- EVP_PKEY_free(mykey);
- }
- GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, ERR_R_MALLOC_FAILURE);
- err:
- GOST_KEY_TRANSPORT_free(gkt);

- return -1;
-}
-

-/*
- * EVP_PLEY_METHOD callback decrypt for GOST R 34.10-94 cryptopro
- * modification
- */
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key,
- size_t *key_len, const unsigned char *in,
- size_t in_len)
-{
- const unsigned char *p = in;
- GOST_KEY_TRANSPORT *gkt = NULL;
- unsigned char wrappedKey[44];
- unsigned char sharedKey[32];
- gost_ctx cctx;
- const struct gost_cipher_info *param = NULL;
- EVP_PKEY *eph_key = NULL, *peerkey = NULL;
- EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(ctx);
-
- if (!key) {
- *key_len = 32;

- return 1;
- }
-

- gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
- if (!gkt) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
- return 0;
- }
- eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
- if (eph_key) {
- if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_INCOMPATIBLE_PEER_KEY);
- goto err;
- }
- } else {
- /* Set control "public key from client certificate used" */
- if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
- 0) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED);

- goto err;
- }
- }

- peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
- if (!peerkey) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY);

- goto err;
- }
-

- param = get_encryption_params(gkt->key_agreement_info->cipher);
- if (!param) {

- goto err;
- }
-

- gost_init(&cctx, param->sblock);
- OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
- memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
- OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
- memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
- OPENSSL_assert(gkt->key_info->imit->length == 4);
- memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
- make_cp_exchange_key(gost_get0_priv_key(priv), peerkey, sharedKey);
- if (!keyUnwrapCryptoPro(&cctx, sharedKey, wrappedKey, key)) {
- GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
- GOST_R_ERROR_COMPUTING_SHARED_KEY);

- goto err;
- }
-

- EVP_PKEY_free(eph_key);
- GOST_KEY_TRANSPORT_free(gkt);
- return 1;
- err:
- EVP_PKEY_free(eph_key);
- GOST_KEY_TRANSPORT_free(gkt);
- return -1;
-}
diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index 5ca3a6e..4f3bd90 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -16,23 +16,32 @@
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
-#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"

-int gost94_nid_by_params(DSA *p)
+
+/* Convert little-endian byte array into bignum */
+BIGNUM *hashsum2bn(const unsigned char *dgst)
{
- R3410_params *gost_params;
- BIGNUM *q = BN_new();
- for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) {
- BN_dec2bn(&q, gost_params->q);
- if (!BN_cmp(q, p->q)) {
- BN_free(q);
- return gost_params->nid;
- }
- }
- BN_free(q);
- return NID_undef;
+ unsigned char buf[32];
+
+ BUF_reverse(buf, (unsigned char*)dgst, 32);
+ return BN_bin2bn(buf, 32, NULL);
+}
+
+/*
+ * Pack bignum into byte buffer of given size, filling all leading bytes by
+ * zeros
+ */
+int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
+{
+ int bytes = BN_num_bytes(bn);
+
+ if (bytes > len)
+ return 0;
+ memset(buf, 0, len);
+ BN_bn2bin(bn, buf + len - bytes);
+ return 1;
}

static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
@@ -53,17 +62,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)key)));
break;
- case NID_id_GostR3410_94:
- pkey_param_nid =
- (int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
- if (pkey_param_nid == NID_undef) {
- GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
- GOST_R_INVALID_GOST94_PARMSET);
- ASN1_STRING_free(params);
- params = NULL;
- goto err;
- }
- break;
}
gkp->key_params = OBJ_nid2obj(pkey_param_nid);
gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
@@ -120,18 +118,6 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
return 0;
}
switch (pkey_nid) {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0(pkey);
- if (!dsa) {
- dsa = DSA_new();
- if (!EVP_PKEY_assign(pkey, pkey_nid, dsa))
- return 0;
- }
- if (!fill_GOST94_params(dsa, param_nid))
- return 0;
- break;
- }
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0(pkey);
@@ -151,18 +137,6 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
{
switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0(pkey);
- if (!dsa) {
- dsa = DSA_new();
- EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa);
- }
- dsa->priv_key = BN_dup(priv);
- if (!EVP_PKEY_missing_parameters(pkey))
- gost94_compute_public(dsa);
- break;
- }
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0(pkey);
@@ -183,16 +157,6 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
{
switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_94:
- {
- DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
- if (!dsa) {
- return NULL;
- }
- if (!dsa->priv_key)
- return NULL;
- return dsa->priv_key;
- }
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
@@ -277,11 +241,6 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
}

/* --------------------- free functions * ------------------------------*/
-static void pkey_free_gost94(EVP_PKEY *key)
-{
- DSA_free(key->pkey.dsa);
-}
-
static void pkey_free_gost01(EVP_PKEY *key)
{
EC_KEY_free(key->pkey.ec);
@@ -355,58 +314,6 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
}

/* --------- printing keys --------------------------------*/
-static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx, int type)
-{
- int param_nid = NID_undef;
-
- if (type == 2) {
- BIGNUM *key;
-
- if (!BIO_indent(out, indent, 128))
- return 0;
- BIO_printf(out, "Private key: ");
- key = gost_get0_priv_key(pkey);
- if (!key)
- BIO_printf(out, "<undefined>");
- else
- BN_print(out, key);
- BIO_printf(out, "\n");
- }
- if (type >= 1) {
- BIGNUM *pubkey;
-
- pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
- BIO_indent(out, indent, 128);
- BIO_printf(out, "Public key: ");
- BN_print(out, pubkey);
- BIO_printf(out, "\n");
- }
-
- param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
- BIO_indent(out, indent, 128);
- BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));

- return 1;
-}
-

-static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
-{
- return print_gost_94(out, pkey, indent, pctx, 0);
-}
-
-static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
-{
- return print_gost_94(out, pkey, indent, pctx, 1);
-}
-
-static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *pctx)
-{
- return print_gost_94(out, pkey, indent, pctx, 2);
-}
-
static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx, int type)
{
@@ -489,16 +396,6 @@ static int priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
}

/* ---------------------------------------------------------------------*/
-static int param_missing_gost94(const EVP_PKEY *pk)
-{
- const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
- if (!dsa)
- return 1;
- if (!dsa->q)
- return 1;

- return 0;
-}
-

static int param_missing_gost01(const EVP_PKEY *pk)
{
const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
@@ -509,33 +406,6 @@ static int param_missing_gost01(const EVP_PKEY *pk)
return 0;
}

-static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
-{
- const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
- DSA *dto = EVP_PKEY_get0(to);
- if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
- GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS);
- return 0;
- }
- if (!dfrom) {
- GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING);
- return 0;
- }
- if (!dto) {
- dto = DSA_new();
- EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto);
- }
- BN_free(dto->p);
- dto->p = BN_dup(dfrom->p);
- BN_free(dto->q);
- dto->q = BN_dup(dfrom->q);
- BN_free(dto->g);
- dto->g = BN_dup(dfrom->g);
-
- if (dto->priv_key)
- gost94_compute_public(dto);
- return 1;
-}

static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
{
@@ -570,15 +440,6 @@ static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
return 1;
}

-static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
- const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
- const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
- if (!BN_cmp(da->q, db->q))
- return 1;

- return 0;
-}
-

static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
{
if (EC_GROUP_get_curve_name
@@ -592,84 +453,6 @@ static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
}

/* ---------- Public key functions * --------------------------------------*/
-static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
-{
- X509_ALGOR *palg = NULL;
- const unsigned char *pubkey_buf = NULL;
- unsigned char *databuf;
- ASN1_OBJECT *palgobj = NULL;
- int pub_len, i, j;
- DSA *dsa;
- ASN1_OCTET_STRING *octet = NULL;
-
- if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub))
- return 0;
- EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL);
- if (!decode_gost_algor_params(pk, palg))
- return 0;
- octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
- if (!octet) {
- GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- databuf = OPENSSL_malloc(octet->length);
- if (databuf == NULL) {
- GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
- ASN1_OCTET_STRING_free(octet);
- return 0;
- }
- for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
- databuf[j] = octet->data[i];
- }
- dsa = EVP_PKEY_get0(pk);
- dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL);
- ASN1_OCTET_STRING_free(octet);
- OPENSSL_free(databuf);

- return 1;
-
-}
-

-static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
-{
- ASN1_OBJECT *algobj = NULL;
- ASN1_OCTET_STRING *octet = NULL;
- void *pval = NULL;
- unsigned char *buf = NULL, *databuf, *sptr;
- int i, j, data_len, ret = 0;
-
- int ptype = V_ASN1_UNDEF;
- DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
- algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
- if (pk->save_parameters) {
- ASN1_STRING *params = encode_gost_algor_params(pk);
- pval = params;
- ptype = V_ASN1_SEQUENCE;
- }
- data_len = BN_num_bytes(dsa->pub_key);
- databuf = OPENSSL_malloc(data_len);
- if (databuf == NULL) {
- GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- BN_bn2bin(dsa->pub_key, databuf);
- octet = ASN1_OCTET_STRING_new();
- if (octet == NULL) {
- GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(databuf);
- return 0;
- }
- ASN1_STRING_set(octet, NULL, data_len);
- sptr = ASN1_STRING_data(octet);
- for (i = 0, j = data_len - 1; i < data_len; i++, j--) {
- sptr[i] = databuf[j];
- }
- OPENSSL_free(databuf);
- ret = i2d_ASN1_OCTET_STRING(octet, &buf);
- ASN1_BIT_STRING_free(octet);
- if (ret < 0)
- return 0;
- return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
-}

static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
{
@@ -808,17 +591,6 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
}

-static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
-{
- const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
- const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
- if (da && db && da->pub_key && db->pub_key
- && !BN_cmp(da->pub_key, db->pub_key)) {
- return 1;
- }

- return 0;
-}
-

static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
{
const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
@@ -861,12 +633,6 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
return -2;
}

-static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
- int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
- return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
-}
-
static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
int nid =
@@ -875,27 +641,6 @@ static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
}

-static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
- int derlen)
-{
- ASN1_OBJECT *obj = NULL;
- DSA *dsa = EVP_PKEY_get0(pkey);
- int nid;
- if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
- return 0;
- }
- nid = OBJ_obj2nid(obj);
- ASN1_OBJECT_free(obj);
- if (!dsa) {
- dsa = DSA_new();
- if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))
- return 0;
- }
- if (!fill_GOST94_params(dsa, nid))
- return 0;
- return 1;
-}
-
static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,
int derlen)
{
@@ -925,23 +670,6 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
if (!*ameth)
return 0;
switch (nid) {
- case NID_id_GostR3410_94:
- EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94);
- EVP_PKEY_asn1_set_private(*ameth,
- priv_decode_gost, priv_encode_gost,
- priv_print_gost94);
-
- EVP_PKEY_asn1_set_param(*ameth,
- gost94_param_decode, gost94_param_encode,
- param_missing_gost94, param_copy_gost94,
- param_cmp_gost94, param_print_gost94);
- EVP_PKEY_asn1_set_public(*ameth,
- pub_decode_gost94, pub_encode_gost94,
- pub_cmp_gost94, pub_print_gost94,
- pkey_size_gost, pkey_bits_gost);
-
- EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
- break;
case NID_id_GostR3410_2001:
EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01);
EVP_PKEY_asn1_set_private(*ameth,
diff --git a/engines/ccgost/gost_asn1.c b/engines/ccgost/gost_asn1.c
index 1168633..0412d2c 100644
--- a/engines/ccgost/gost_asn1.c
+++ b/engines/ccgost/gost_asn1.c
@@ -54,3 +54,19 @@ ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */

ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
+
+/* Convert byte buffer to bignum, skipping leading zeros*/
+BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
+{
+ BIGNUM *b;
+
+ while (*buf == 0 && len > 0) {
+ buf++;
+ len--;
+ }
+ if (len)
+ return BN_bin2bn(buf, len, NULL);
+ b = BN_new();
+ BN_zero(b);
+ return b;
+}
diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c
index 5f50fcc..e2a2ff6 100644
--- a/engines/ccgost/gost_crypt.c
+++ b/engines/ccgost/gost_crypt.c
@@ -118,7 +118,6 @@ struct gost_cipher_info gost_cipher_list[] = {
/*
* {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
*/
- {NID_id_Gost28147_89_cc, &GostR3411_94_CryptoProParamSet, 0},
{NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA,
1},
{NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB,
diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c
index 5924791..4129260 100644
--- a/engines/ccgost/gost_eng.c
+++ b/engines/ccgost/gost_eng.c
@@ -19,6 +19,10 @@ static const char *engine_gost_id = "gost";
static const char *engine_gost_name =
"Reference implementation of GOST engine";

+static int gost_pkey_meth_nids[] = {
+ NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
+};
+
/* Symmetric cipher and digest function registrar */

static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
@@ -38,15 +42,11 @@ static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
static int gost_digest_nids[] =
{ NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };

-static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
- NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
-};
-
-static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
- *pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
+static EVP_PKEY_METHOD *pmeth_GostR3410_2001 = NULL;
+static EVP_PKEY_METHOD *pmeth_Gost28147_MAC = NULL;

-static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
- *ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
+static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_2001 = NULL;
+static EVP_PKEY_ASN1_METHOD *ameth_Gost28147_MAC = NULL;

static int gost_engine_init(ENGINE *e)
{
@@ -62,10 +62,8 @@ static int gost_engine_destroy(ENGINE *e)
{
gost_param_free();

- pmeth_GostR3410_94 = NULL;
pmeth_GostR3410_2001 = NULL;
pmeth_Gost28147_MAC = NULL;
- ameth_GostR3410_94 = NULL;
ameth_GostR3410_2001 = NULL;
ameth_Gost28147_MAC = NULL;
return 1;
@@ -76,7 +74,7 @@ static int bind_gost(ENGINE *e, const char *id)
int ret = 0;
if (id && strcmp(id, engine_gost_id))
return 0;
- if (ameth_GostR3410_94) {
+ if (ameth_GostR3410_2001) {
printf("GOST engine already loaded\n");
goto end;
}
@@ -121,10 +119,6 @@ static int bind_gost(ENGINE *e, const char *id)
}

if (!register_ameth_gost
- (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94",
- "GOST R 34.10-94"))
- goto end;
- if (!register_ameth_gost
(NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
"GOST R 34.10-2001"))
goto end;
@@ -132,12 +126,9 @@ static int bind_gost(ENGINE *e, const char *id)
"GOST-MAC", "GOST 28147-89 MAC"))
goto end;

- if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
- goto end;
if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
goto end;
- if (!register_pmeth_gost
- (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
+ if (!register_pmeth_gost(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
goto end;
if (!ENGINE_register_ciphers(e)
|| !ENGINE_register_digests(e)
@@ -208,13 +199,10 @@ static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
{
if (!pmeth) {
*nids = gost_pkey_meth_nids;
- return 3;
+ return 2;
}

switch (nid) {
- case NID_id_GostR3410_94:
- *pmeth = pmeth_GostR3410_94;
- return 1;
case NID_id_GostR3410_2001:
*pmeth = pmeth_GostR3410_2001;
return 1;
@@ -233,12 +221,9 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
{
if (!ameth) {
*nids = gost_pkey_meth_nids;
- return 3;
+ return 2;
}
switch (nid) {
- case NID_id_GostR3410_94:
- *ameth = ameth_GostR3410_94;
- return 1;
case NID_id_GostR3410_2001:
*ameth = ameth_GostR3410_2001;
return 1;
@@ -269,7 +254,7 @@ static ENGINE *engine_gost(void)
void ENGINE_load_gost(void)
{
ENGINE *toadd;
- if (pmeth_GostR3410_94)
+ if (pmeth_GostR3410_2001)
return;
toadd = engine_gost();
if (!toadd)
diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h
index 3a2c7d5..27fe0e7 100644
--- a/engines/ccgost/gost_lcl.h
+++ b/engines/ccgost/gost_lcl.h
@@ -23,6 +23,18 @@
# define GOST_PARAM_MAX 0
# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)

+typedef struct R3410_2001 {
+ int nid;
+ char *a;
+ char *b;
+ char *p;
+ char *q;
+ char *x;
+ char *y;
+} R3410_2001_params;
+
+extern R3410_2001_params R3410_2001_paramset[];
+
extern const ENGINE_CMD_DEFN gost_cmds[];
int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
const char *get_gost_engine_param(int param);
@@ -167,14 +179,6 @@ extern EVP_CIPHER cipher_gost_cpacnt;
# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
/* EVP_PKEY_METHOD key encryption callbacks */
-/* From gost94_keyx.c */
-int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
- size_t *outlen, const unsigned char *key,
- size_t key_len);
-
-int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
- size_t *outlen, const unsigned char *in,
- size_t in_len);
/* From gost2001_keyx.c */
int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *key,
@@ -187,10 +191,7 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
/* From gost2001_keyx.c */
int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen);
-/* From gost94_keyx.c */
-int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
/* Internal functions for signature algorithms */
-int fill_GOST94_params(DSA *dsa, int nid);
int fill_GOST2001_params(EC_KEY *eckey, int nid);
int gost_sign_keygen(DSA *dsa);
int gost2001_keygen(EC_KEY *ec);
@@ -203,7 +204,6 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len,
int gost2001_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, EC_KEY *ec);
int gost2001_compute_public(EC_KEY *ec);
-int gost94_compute_public(DSA *dsa);
/*============== miscellaneous functions============================= */
/* from gost_sign.c */
/* Convert GOST R 34.11 hash sum to bignum according to standard */
@@ -220,10 +220,8 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
/* Unpack GOST R 34.10 signature according to CryptoPro rules */
DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen);
/* from ameth.c */
-/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/
+/* Get private key as BIGNUM from both 34.10-2001 keys*/
/* Returns pointer into EVP_PKEY structure */
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
-/* Find NID by GOST 94 parameters */
-int gost94_nid_by_params(DSA *p);

#endif
diff --git a/engines/ccgost/gost_params.c b/engines/ccgost/gost_params.c
index 0411534..2371c9a 100644
--- a/engines/ccgost/gost_params.c
+++ b/engines/ccgost/gost_params.c
@@ -7,138 +7,11 @@
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
**********************************************************************/
-#include "gost_params.h"
+#include "gost_lcl.h"
#include <openssl/objects.h>
/* Parameters of GOST 34.10 */

-R3410_params R3410_paramset[] = {
-/* Paramset A */
- {NID_id_GostR3410_94_CryptoPro_A_ParamSet,
- "100997906755055304772081815535925224869"
- "8410825720534578748235158755771479905292727772441528526992987964833"
- "5669968284202797289605274717317548059048560713474685214192868091256"
- "1502802222185647539190902656116367847270145019066794290930185446216"
- "3997308722217328898303231940973554032134009725883228768509467406639"
- "62",
- "127021248288932417465907042777176443525"
- "7876535089165358128175072657050312609850984974231883334834011809259"
- "9999512098893413065920561499672425412104927434935707492031276956145"
- "1689224110579311248812610229678534638401693520013288995000362260684"
- "2227508135323070045173416336850045410625869714168836867788425378203"
- "83",
- "683631961449557007844441656118272528951"
- "02170888761442055095051287550314083023"}
- ,
- {NID_id_GostR3410_94_CryptoPro_B_ParamSet,
- "429418261486158041438734477379555023926"
- "7234596860714306679811299408947123142002706038521669956384871995765"
- "7284814898909770759462613437669456364882730370838934791080835932647"
- "9767786019153434744009610342313166725786869204821949328786333602033"
- "8479709268434224762105576023501613261478065276102850944540333865234"
- "1",
- "139454871199115825601409655107690713107"
- "0417070599280317977580014543757653577229840941243685222882398330391"
- "1468164807668823692122073732267216074074777170091113455043205380464"
- "7694904686120113087816240740184800477047157336662926249423571248823"
- "9685422217536601433914856808405203368594584948031873412885804895251"
- "63",
- "79885141663410976897627118935756323747307951916507639758300472692338873533959"}
- ,
- {NID_id_GostR3410_94_CryptoPro_C_ParamSet,
- "816552717970881016017893191415300348226"
- "2544051353358162468249467681876621283478212884286545844013955142622"
- "2087723485023722868022275009502224827866201744494021697716482008353"
- "6398202298024892620480898699335508064332313529725332208819456895108"
- "5155178100221003459370588291073071186553005962149936840737128710832"
- "3",
- "110624679233511963040518952417017040248"
- "5862954819831383774196396298584395948970608956170224210628525560327"
- "8638246716655439297654402921844747893079518669992827880792192992701"
- "1428546551433875806377110443534293554066712653034996277099320715774"
- "3542287621283671843703709141350171945045805050291770503634517804938"
- "01",
- "113468861199819350564868233378875198043"
- "267947776488510997961231672532899549103"}
- ,
- {NID_id_GostR3410_94_CryptoPro_D_ParamSet,
- "756976611021707301782128757801610628085"
- "5283803109571158829574281419208532589041660017017859858216341400371"
- "4687551412794400562878935266630754392677014598582103365983119173924"
- "4732511225464712252386803315902707727668715343476086350472025298282"
- "7271461690125050616858238384366331089777463541013033926723743254833"
- "7",
- "905457649621929965904290958774625315611"
- "3056083907389766971404812524422262512556054474620855996091570786713"
- "5849550236741915584185990627801066465809510095784713989819413820871"
- "5964648914493053407920737078890520482730623038837767710173664838239"
- "8574828787891286471201460474326612697849693665518073864436497893214"
- "9",
- "108988435796353506912374591498972192620"
- "190487557619582334771735390599299211593"}
- ,
-
- {NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
- "1335318132727206734338595199483190012179423759678474868994823595993"
- "6964252873471246159040332773182141032801252925387191478859899310331"
- "0567744136196364803064721377826656898686468463277710150809401182608"
- "7702016153249904683329312949209127762411378780302243557466062839716"
- "59376426832674269780880061631528163475887",
- "14201174159756348119636828602231808974327613839524373876287257344192"
- "74593935127189736311660784676003608489466235676257952827747192122419"
- "29071046134208380636394084512691828894000571524625445295769349356752"
- "72895683154177544176313938445719175509684710784659566254794231229333"
- "8483924514339614727760681880609734239",
- "91771529896554605945588149018382750217296858393520724172743325725474"
- "374979801"}
- ,
- {NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
- "8890864727828423151699995801875757891031463338652579140051973659"
- "3048131440685857067369829407947744496306656291505503608252399443"
- "7900272386749145996230867832228661977543992816745254823298629859"
- "8753575466286051738837854736167685769017780335804511440773337196"
- "2538423532919394477873664752824509986617878992443177",
- "1028946126624994859676552074360530315217970499989304888248413244"
- "8474923022758470167998871003604670704877377286176171227694098633"
- "1539089568784129110109512690503345393869871295783467257264868341"
- "7200196629860561193666752429682367397084815179752036423595736533"
- "68957392061769855284593965042530895046088067160269433",
- "9109671391802626916582318050603555673628769498182593088388796888"
- "5281641595199"}
- ,
- {NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
- "4430618464297584182473135030809859326863990650118941756995270074"
- "8609973181426950235239623239110557450826919295792878938752101867"
- "7047181623251027516953100431855964837602657827828194249605561893"
- "6965865325513137194483136247773653468410118796740709840825496997"
- "9375560722345106704721086025979309968763193072908334",
- "1246996366993477513607147265794064436203408861395055989217248455"
- "7299870737698999651480662364723992859320868822848751165438350943"
- "3276647222625940615560580450040947211826027729977563540237169063"
- "0448079715771649447778447000597419032457722226253269698374446528"
- "35352729304393746106576383349151001715930924115499549",
- "6787876137336591234380295020065682527118129468050147943114675429"
- "4748422492761"}
- ,
-
- {NID_undef, NULL, NULL, NULL}
-};
-
R3410_2001_params R3410_2001_paramset[] = {
- /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
- {NID_id_GostR3410_2001_ParamSet_cc,
- /* A */
- "C0000000000000000000000000000000000000000000000000000000000003c4",
- /* B */
- "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
- /* P */
- "C0000000000000000000000000000000000000000000000000000000000003C7",
- /* Q */
- "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
- /* X */
- "2",
- /* Y */
- "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"}
- ,
/* 1.2.643.2.2.35.0 */
{NID_id_GostR3410_2001_TestParamSet,
"7",
diff --git a/engines/ccgost/gost_params.h b/engines/ccgost/gost_params.h
deleted file mode 100644
index 0773cbf..0000000
--- a/engines/ccgost/gost_params.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/**********************************************************************
- * gost_params.h *
- * Copyright (c) 2005-2006 Cryptocom LTD *
- * This file is distributed under the same license as OpenSSL *
- * *
- * Declaration of structures used to represent GOST R 34.10 *
- * parameter sets, defined in RFC 4357 *
- * OpenSSL 0.9.9 libraries required to compile and use *
- * this code *
- **********************************************************************/
-#ifndef GOST_PARAMSET_H
-# define GOST_PARAMSET_H
-typedef struct R3410 {
- int nid;
- char *a;
- char *p;
- char *q;
-} R3410_params;
-
-extern R3410_params R3410_paramset[];
-
-typedef struct R3410_2001 {
- int nid;
- char *a;
- char *b;
- char *p;
- char *q;
- char *x;
- char *y;
-} R3410_2001_params;
-
-extern R3410_2001_params R3410_2001_paramset[];
-
-#endif
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index af1d29e..0574d6e 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -15,7 +15,6 @@
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
-#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"
/* -----init, cleanup, copy - uniform for all algs ---------------*/
@@ -31,9 +30,6 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx)
memset(data, 0, sizeof(*data));
if (pkey && EVP_PKEY_get0(pkey)) {
switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_94:
- data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
- break;
case NID_id_GostR3410_2001:
data->sign_param_nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
@@ -126,69 +122,6 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return -2;
}

-static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
-{
- int param_nid = 0;
-
- if (strcmp(type, param_ctrl_string) == 0) {
- if (!value) {
- return 0;
- }
- if (strlen(value) == 1) {
- switch (toupper((unsigned char)value[0])) {
- case 'A':
- param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
- break;
- case 'C':
- param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
- break;
- case 'D':
- param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
- break;
- default:
- return 0;
- }
- } else if ((strlen(value) == 2)
- && (toupper((unsigned char)value[0]) == 'X')) {
- switch (toupper((unsigned char)value[1])) {
- case 'A':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
- break;
- case 'B':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
- break;
- case 'C':
- param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
- break;
- default:
- return 0;
- }
- } else {
- R3410_params *p = R3410_paramset;
- param_nid = OBJ_txt2nid(value);
- if (param_nid == NID_undef) {
- return 0;
- }
- for (; p->nid != NID_undef; p++) {
- if (p->nid == param_nid)
- break;
- }
- if (p->nid == NID_undef) {
- GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET);

- return 0;
- }
- }

-
- return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
- param_nid, NULL);
- }
- return -2;
-}
-
static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
{
@@ -256,23 +189,6 @@ static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
return 1;
}

-static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- DSA *dsa = NULL;
- if (data->sign_param_nid == NID_undef) {
- GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
- return 0;
- }
- dsa = DSA_new();
- if (!fill_GOST94_params(dsa, data->sign_param_nid)) {
- DSA_free(dsa);
- return 0;
- }
- EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);

- return 1;
-}
-

static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
@@ -292,17 +208,6 @@ static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
return 1;
}

-/* Generates Gost_R3410_94_cp key */
-static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
- DSA *dsa;
- if (!pkey_gost94_paramgen(ctx, pkey))
- return 0;
- dsa = EVP_PKEY_get0(pkey);
- gost_sign_keygen(dsa);

- return 1;
-}
-

/* Generates GOST_R3410 2001 key and assigns it using specified type */
static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
@@ -315,26 +220,21 @@ static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
}

/* ----------- sign callbacks --------------------------------------*/
-
-static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
- size_t *siglen, const unsigned char *tbs,
- size_t tbs_len)
+/*
+ * Packs signature according to Cryptopro rules
+ * and frees up DSA_SIG structure
+ */
+int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
{
- DSA_SIG *unpacked_sig = NULL;
- EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
- if (!siglen)
- return 0;
- if (!sig) {
- *siglen = 64; /* better to check size of pkey->pkey.dsa-q */
- return 1;
- }
- unpacked_sig = gost_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
- if (!unpacked_sig) {
- return 0;
- }
- return pack_sign_cp(unpacked_sig, 32, sig, siglen);
+ *siglen = 2 * order;
+ memset(sig, 0, *siglen);
+ store_bignum(s->s, sig, order);
+ store_bignum(s->r, sig + order, order);
+ DSA_SIG_free(s);
+ return 1;
}

+
static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbs_len)
@@ -355,22 +255,22 @@ static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
}

/* ------------------- verify callbacks ---------------------------*/
-
-static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
- size_t siglen, const unsigned char *tbs,
- size_t tbs_len)
+/* Unpack signature according to cryptopro rules */
+DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
{
- int ok = 0;
- EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
- DSA_SIG *s = unpack_cp_signature(sig, siglen);
- if (!s)
- return 0;
- if (pub_key)
- ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
- DSA_SIG_free(s);
- return ok;
+ DSA_SIG *s;
+
+ s = DSA_SIG_new();
+ if (s == NULL) {
+ GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ s->s = BN_bin2bn(sig, siglen / 2, NULL);
+ s->r = BN_bin2bn(sig + siglen / 2, siglen / 2, NULL);
+ return s;
}

+
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbs_len)
@@ -570,20 +470,6 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
return 0;

switch (id) {
- case NID_id_GostR3410_94:
- EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str);
- EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen);
- EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
- EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
- EVP_PKEY_meth_set_encrypt(*pmeth,
- pkey_gost_encrypt_init,
- pkey_GOST94cp_encrypt);
- EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
- EVP_PKEY_meth_set_derive(*pmeth,
- pkey_gost_derive_init, pkey_gost94_derive);
- EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
- pkey_gost94_paramgen);
- break;
case NID_id_GostR3410_2001:
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str);
EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c
deleted file mode 100644
index 543c399..0000000
--- a/engines/ccgost/gost_sign.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/**********************************************************************
- * gost_sign.c *
- * Copyright (c) 2005-2006 Cryptocom LTD *
- * This file is distributed under the same license as OpenSSL *
- * *
- * Implementation of GOST R 34.10-94 signature algorithm *
- * for OpenSSL *
- * Requires OpenSSL 0.9.9 for compilation *
- **********************************************************************/
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-
-#include "gost_params.h"
-#include "gost_lcl.h"
-#include "e_gost_err.h"
-
-#ifdef DEBUG_SIGN
-void dump_signature(const char *message, const unsigned char *buffer,
- size_t len)
-{
- size_t i;
- fprintf(stderr, "signature %s Length=%d", message, len);
- for (i = 0; i < len; i++) {
- if (i % 16 == 0)
- fputc('\n', stderr);
- fprintf(stderr, " %02x", buffer[i]);
- }
- fprintf(stderr, "\nEnd of signature\n");
-}
-
-void dump_dsa_sig(const char *message, DSA_SIG *sig)
-{
- fprintf(stderr, "%s\nR=", message);
- BN_print_fp(stderr, sig->r);
- fprintf(stderr, "\nS=");
- BN_print_fp(stderr, sig->s);
- fprintf(stderr, "\n");
-}
-
-#else
-
-# define dump_signature(a,b,c)
-# define dump_dsa_sig(a,b)
-#endif
-
-/*
- * Computes signature and returns it as DSA_SIG structure
- */
-DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
- BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
- DSA_SIG *newsig = NULL, *ret = NULL;
- BIGNUM *md = hashsum2bn(dgst);
- /* check if H(M) mod q is zero */
- BN_CTX *ctx = BN_CTX_new();
- if (!ctx) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_CTX_start(ctx);
- newsig = DSA_SIG_new();
- if (!newsig) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- tmp = BN_CTX_get(ctx);
- k = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- if (!tmp || !k || !tmp2) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_mod(tmp, md, dsa->q, ctx);
- if (BN_is_zero(tmp)) {
- BN_one(md);
- }
- do {
- do {
- /*
- * Generate random number k less than q
- */
- BN_rand_range(k, dsa->q);
- /* generate r = (a^x mod p) mod q */
- BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
- if (!(newsig->r)) {
- newsig->r = BN_new();
- if (!newsig->r) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);

- goto err;
- }
- }

- BN_mod(newsig->r, tmp, dsa->q, ctx);
- }
- while (BN_is_zero(newsig->r));
- /* generate s = (xr + k(Hm)) mod q */
- BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
- BN_mod_mul(tmp2, k, md, dsa->q, ctx);
- if (!newsig->s) {
- newsig->s = BN_new();
- if (!newsig->s) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);

- goto err;
- }
- }

- BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
- }
- while (BN_is_zero(newsig->s));
-
- ret = newsig;
- err:
- BN_free(md);
- if (ctx)
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- if (!ret)
- DSA_SIG_free(newsig);
- return ret;
-}
-
-/*
- * Packs signature according to Cryptocom rules
- * and frees up DSA_SIG structure
- */
-/*-
-int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
- {
- *siglen = 2*order;
- memset(sig,0,*siglen);
- store_bignum(s->r, sig,order);
- store_bignum(s->s, sig + order,order);
- dump_signature("serialized",sig,*siglen);
- DSA_SIG_free(s);
- return 1;
- }
-*/
-/*
- * Packs signature according to Cryptopro rules
- * and frees up DSA_SIG structure
- */
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
-{
- *siglen = 2 * order;
- memset(sig, 0, *siglen);
- store_bignum(s->s, sig, order);
- store_bignum(s->r, sig + order, order);
- dump_signature("serialized", sig, *siglen);
- DSA_SIG_free(s);

- return 1;
-}
-
-/*

- * Verifies signature passed as DSA_SIG structure
- *
- */
-
-int gost_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
-{
- BIGNUM *md = NULL, *tmp = NULL;
- BIGNUM *q2 = NULL;
- BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
- BIGNUM *tmp2 = NULL, *tmp3 = NULL;
- int ok = 0;
- BN_CTX *ctx = BN_CTX_new();
- if (!ctx) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);

- goto err;
- }
-

- BN_CTX_start(ctx);
- if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
- goto err;
- }
- md = hashsum2bn(dgst);
-
- tmp = BN_CTX_get(ctx);
- v = BN_CTX_get(ctx);
- q2 = BN_CTX_get(ctx);
- z1 = BN_CTX_get(ctx);
- z2 = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- tmp3 = BN_CTX_get(ctx);
- u = BN_CTX_get(ctx);
- if (!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);

- goto err;
- }
-

- BN_mod(tmp, md, dsa->q, ctx);
- if (BN_is_zero(tmp)) {
- BN_one(md);
- }
- BN_copy(q2, dsa->q);
- BN_sub_word(q2, 2);
- BN_mod_exp(v, md, q2, dsa->q, ctx);
- BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
- BN_sub(tmp, dsa->q, sig->r);
- BN_mod_mul(z2, tmp, v, dsa->p, ctx);
- BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
- BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
- BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
- BN_mod(u, tmp3, dsa->q, ctx);
- ok = (BN_cmp(u, sig->r) == 0);
-
- if (!ok) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
- }
-err:
- BN_free(md);
- if (ctx)
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return (ok == 0);
-}
-
-/*
- * Computes public keys for GOST R 34.10-94 algorithm
- *
- */
-int gost94_compute_public(DSA *dsa)
-{
- /* Now fill algorithm parameters with correct values */
- BN_CTX *ctx;
- if (!dsa->g) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
- return 0;
- }
- ctx = BN_CTX_new();
- if (!ctx) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);

- return 0;
- }
-

- dsa->pub_key = BN_new();
- if (!dsa->pub_key) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
- BN_CTX_free(ctx);
- return 0;
- }
- /* Compute public key y = a^x mod p */
- BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
- BN_CTX_free(ctx);

- return 1;
-}
-
-/*

- * Fill GOST 94 params, searching them in R3410_paramset array
- * by nid of paramset
- *
- */
-int fill_GOST94_params(DSA *dsa, int nid)
-{
- R3410_params *params = R3410_paramset;
- while (params->nid != NID_undef && params->nid != nid)
- params++;
- if (params->nid == NID_undef) {
- GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
- return 0;
- }
-#define dump_signature(a,b,c)
- BN_free(dsa->p);
- dsa->p = NULL;
- BN_dec2bn(&(dsa->p), params->p);
- BN_free(dsa->q);
- dsa->q = NULL;
- BN_dec2bn(&(dsa->q), params->q);
- BN_free(dsa->g);
- dsa->g = NULL;
- BN_dec2bn(&(dsa->g), params->a);

- return 1;
-}
-
-/*

- * Generate GOST R 34.10-94 keypair
- *
- *
- */
-int gost_sign_keygen(DSA *dsa)
-{
- dsa->priv_key = BN_new();
- if (!dsa->priv_key) {
- GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- BN_rand_range(dsa->priv_key, dsa->q);
- return gost94_compute_public(dsa);
-}
-
-/* Unpack signature according to cryptocom rules */
-/*-
-DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
- {
- DSA_SIG *s;
- s = DSA_SIG_new();
- if (s == NULL)
- {
- GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- s->r = getbnfrombuf(sig, siglen/2);
- s->s = getbnfrombuf(sig + siglen/2, siglen/2);
- return s;
- }
-*/
-/* Unpack signature according to cryptopro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
-{
- DSA_SIG *s;
-
- s = DSA_SIG_new();
- if (s == NULL) {
- GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- s->s = getbnfrombuf(sig, siglen / 2);
- s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
- return s;
-}
-
-/* Convert little-endian byte array into bignum */
-BIGNUM *hashsum2bn(const unsigned char *dgst)
-{
- unsigned char buf[32];
- int i;
- for (i = 0; i < 32; i++) {
- buf[31 - i] = dgst[i];
- }
- return getbnfrombuf(buf, 32);
-}
-
-/* Convert byte buffer to bignum, skipping leading zeros*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
-{
- while (*buf == 0 && len > 0) {
- buf++;
- len--;
- }
- if (len) {
- return BN_bin2bn(buf, len, NULL);
- } else {
- BIGNUM *b = BN_new();
- BN_zero(b);
- return b;
- }
-}
-
-/*
- * Pack bignum into byte buffer of given size, filling all leading bytes by
- * zeros
- */
-int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
-{
- int bytes = BN_num_bytes(bn);
- if (bytes > len)
- return 0;
- memset(buf, 0, len);
- BN_bn2bin(bn, buf + len - bytes);
- return 1;
-}
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 1eef9cc..6e98784 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -878,7 +878,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS_CT_ECDSA_SIGN 64
# define TLS_CT_RSA_FIXED_ECDH 65
# define TLS_CT_ECDSA_FIXED_ECDH 66
-# define TLS_CT_GOST94_SIGN 21
# define TLS_CT_GOST01_SIGN 22
/*
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 943cf73..4d69c2a 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -618,9 +618,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
ret = SSL_PKEY_ECC;
}
#endif
- else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
- ret = SSL_PKEY_GOST94;
- } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
+ else if (i == NID_id_GostR3410_2001) {
ret = SSL_PKEY_GOST01;
} else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
/*
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1661b0e..01a0a8c 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3059,8 +3059,7 @@ int ssl3_send_client_verify(SSL *s)
n = j + 2;
} else
#endif
- if (pkey->type == NID_id_GostR3410_94
- || pkey->type == NID_id_GostR3410_2001) {
+ if (pkey->type == NID_id_GostR3410_2001) {
unsigned char signbuf[64];
int i;
size_t sigsize = 64;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 83b8f68..0a3bba4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1147,19 +1147,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {

{
1,
- "GOST94-GOST89-GOST89",
- 0x3000080,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
- 256,
- 256},
- {
- 1,
"GOST2001-GOST89-GOST89",
0x3000081,
SSL_kGOST,
@@ -1170,20 +1157,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
- 256},
- {
- 1,
- "GOST94-NULL-GOST94",
- 0x3000082,
- SSL_kGOST,
- SSL_aGOST94,
- SSL_eNULL,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
- 0,
- 0},
+ 256
+ },
{
1,
"GOST2001-NULL-GOST94",
@@ -1196,7 +1171,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
SSL_NOT_EXP | SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0,
- 0},
+ 0
+ },

#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -3474,63 +3450,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256},
#endif

-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
- {
- 1,
- "GOST-MD5",
- 0x0300ff00,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_MD5,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
- {
- 1,
- "GOST-GOST94",
- 0x0300ff01,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST94,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256},
- {
- 1,
- "GOST-GOST89MAC",
- 0x0300ff02,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256},
- {
- 1,
- "GOST-GOST89STREAM",
- 0x0300ff03,
- SSL_kRSA,
- SSL_aRSA,
- SSL_eGOST2814789CNT,
- SSL_GOST89MAC,
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
- 256,
- 256},
-#endif
-
/* end of list */
};

@@ -4694,7 +4613,6 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION) {
if (alg_k & SSL_kGOST) {
- p[ret++] = TLS_CT_GOST94_SIGN;
p[ret++] = TLS_CT_GOST01_SIGN;
return (ret);
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 76f49bd..acb2fa9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2736,9 +2736,7 @@ int ssl3_get_client_key_exchange(SSL *s)

/* Get our certificate private key */
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- if (alg_a & SSL_aGOST94)
- pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
- else if (alg_a & SSL_aGOST01)
+ if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;

pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
@@ -2874,8 +2872,7 @@ int ssl3_get_cert_verify(SSL *s)

* If key is GOST and n is exactly 64, it is bare signature without

* length field
*/
- if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
- pkey->type == NID_id_GostR3410_2001)) {
+ if (n == 64 && pkey->type == NID_id_GostR3410_2001) {

len = 64;
} else {
if (SSL_USE_SIGALGS(s)) {

@@ -2984,8 +2981,7 @@ int ssl3_get_cert_verify(SSL *s)
}
} else
#endif
- if (pkey->type == NID_id_GostR3410_94
- || pkey->type == NID_id_GostR3410_2001) {
+ if (pkey->type == NID_id_GostR3410_2001) {
unsigned char signature[64];

int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index da64301..08a95f9 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -331,9 +331,8 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},

/* aliases combining key exchange and server authentication */
@@ -528,14 +527,12 @@ void ssl_load_ciphers(void)
disabled_mac_mask |= SSL_GOST89MAC;
}

- if (!get_optional_pkey_id("gost94"))
- disabled_auth_mask |= SSL_aGOST94;
if (!get_optional_pkey_id("gost2001"))
disabled_auth_mask |= SSL_aGOST01;
/*
* Disable GOST key exchange if no GOST signature algs are available *
*/
- if ((disabled_auth_mask & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01))
+ if ((disabled_auth_mask & SSL_aGOST01) == SSL_aGOST01)
disabled_mkey_mask |= SSL_kGOST;
}

@@ -1673,9 +1670,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aSRP:
au = "SRP";
break;
- case SSL_aGOST94:
- au = "GOST94";
- break;
case SSL_aGOST01:
au = "GOST01";
break;
@@ -1961,8 +1955,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
return SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA)
return SSL_PKEY_RSA_ENC;
- else if (alg_a & SSL_aGOST94)
- return SSL_PKEY_GOST94;
else if (alg_a & SSL_aGOST01)
return SSL_PKEY_GOST01;
return -1;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5a0ec8a..2a2eb78 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2007,11 +2007,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
- cpk = &(c->pkeys[SSL_PKEY_GOST94]);
- if (cpk->x509 != NULL && cpk->privatekey != NULL) {
- mask_k |= SSL_kGOST;
- mask_a |= SSL_aGOST94;
- }

if (rsa_enc || (rsa_tmp && rsa_sign))
mask_k |= SSL_kRSA;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index bc8388a..63b547a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -339,8 +339,6 @@
# define SSL_aECDSA 0x00000040L
/* PSK auth */
# define SSL_aPSK 0x00000080L
-/* GOST R 34.10-94 signature auth */
-# define SSL_aGOST94 0x00000100L
/* GOST R 34.10-2001 signature auth */
# define SSL_aGOST01 0x00000200L
/* SRP auth */
@@ -508,7 +506,6 @@
# define SSL_PKEY_DH_RSA 3
# define SSL_PKEY_DH_DSA 4
# define SSL_PKEY_ECC 5
-# define SSL_PKEY_GOST94 6
# define SSL_PKEY_GOST01 7
# define SSL_PKEY_NUM 8

[Dr. Stephen Henson]

The branch master has been updated

via 2acdef5e97977958e9bb3b4a139039599ef1aefe (commit)
via 891eac4604b5f05413e59602fae1f11136f4719a (commit)
via a187e08d856690b5c1da3184d0ff560d572f893b (commit)
from ade44dcb16141c8a30ca6c56a1fd1a0b14dcc360 (commit)


- Log -----------------------------------------------------------------
commit 2acdef5e97977958e9bb3b4a139039599ef1aefe
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sat Aug 1 15:38:11 2015 +0100

Return error for unsupported modes.

PR#3974
PR#3975

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 891eac4604b5f05413e59602fae1f11136f4719a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sat Aug 1 15:37:44 2015 +0100

Fix memory leak if setup fails.

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit a187e08d856690b5c1da3184d0ff560d572f893b
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sat Aug 1 15:37:01 2015 +0100

Err isn't always malloc failure.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/cms/cms_enc.c | 2 +-
crypto/cms/cms_smime.c | 2 +-
crypto/evp/evp_lib.c | 35 ++++++++++++++++++++++++++++++-----
3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index f9556ac..16b4225 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -194,7 +194,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
ok = 1;

err:
- if (!keep_key) {
+ if (!keep_key || !ok) {
OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = NULL;
}
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index b33bc1d..6bed211 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -804,7 +804,7 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
int ret = 0;

if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
- CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
+ CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
return 0;
}

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 1fdde9a..5ee3dcb 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -68,11 +68,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->set_asn1_parameters != NULL)
ret = c->cipher->set_asn1_parameters(c, type);
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
- if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+ case EVP_CIPH_WRAP_MODE:
ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
ret = 1;
- } else
+ break;
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ case EVP_CIPH_OCB_MODE:
+ ret = -1;
+ break;
+
+ default:
ret = EVP_CIPHER_set_asn1_iv(c, type);
+ }
} else
ret = -1;
return (ret);
@@ -85,9 +96,23 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->get_asn1_parameters != NULL)
ret = c->cipher->get_asn1_parameters(c, type);
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
- if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE)
- return 1;
- ret = EVP_CIPHER_get_asn1_iv(c, type);
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_WRAP_MODE:
+ ret = 1;
+ break;
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ case EVP_CIPH_OCB_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_get_asn1_iv(c, type);
+ break;
+ }
} else
ret = -1;
return (ret);

[Matt Caswell]

The branch master has been updated

via df758a8569efe9e124baaa16aba4ac3fc35bbd9d (commit)
from 2acdef5e97977958e9bb3b4a139039599ef1aefe (commit)

- Log -----------------------------------------------------------------
commit df758a8569efe9e124baaa16aba4ac3fc35bbd9d
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 4 20:10:06 2015 +0100

PACKETise Server Certificate processing

Use the PACKET API to process an incoming server Certificate message.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 01a0a8c..4ebd7aa 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1232,12 +1232,12 @@ int ssl3_get_server_hello(SSL *s)
int ssl3_get_server_certificate(SSL *s)
{
int al, i, ok, ret = -1, exp_idx;
- unsigned long n, nc, llen, l;
+ unsigned long n, cert_list_len, cert_len;
X509 *x = NULL;
- const unsigned char *q, *p;
- unsigned char *d;
+ unsigned char *certstart, *certbytes;
STACK_OF(X509) *sk = NULL;
EVP_PKEY *pkey = NULL;
+ PACKET pkt;

n = s->method->ssl_get_message(s,

SSL3_ST_CR_CERT_A,
@@ -1257,36 +1257,41 @@ int ssl3_get_server_certificate(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
goto f_err;
}
- p = d = (unsigned char *)s->init_msg;

+
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {

+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }

if ((sk = sk_X509_new_null()) == NULL) {

SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
goto err;

}

- n2l3(p, llen);
- if (llen + 3 != n) {

+ if (!PACKET_get_net_3(&pkt, &cert_list_len)
+ || PACKET_remaining(&pkt) != cert_list_len) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);

goto f_err;
}
- for (nc = 0; nc < llen;) {
- n2l3(p, l);
- if ((l + nc + 3) > llen) {

+ while (PACKET_remaining(&pkt)) {
+ if (!PACKET_get_net_3(&pkt, &cert_len)
+ || !PACKET_get_bytes(&pkt, &certbytes, cert_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,

SSL_R_CERT_LENGTH_MISMATCH);
goto f_err;
}

- q = p;

- x = d2i_X509(NULL, &q, l);
+ certstart = certbytes;
+ x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);
if (x == NULL) {
al = SSL_AD_BAD_CERTIFICATE;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
goto f_err;
}
- if (q != (p + l)) {
+ if (certbytes != (certstart + cert_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
@@ -1297,8 +1302,6 @@ int ssl3_get_server_certificate(SSL *s)
goto err;
}

x = NULL;
- nc += l + 3;

- p = q;
}

i = ssl_verify_cert_chain(s, sk);

[Rich Salz]

The branch master has been updated

via cc2829e6641092abed8360433dbe67e883fd1cc6 (commit)
from df758a8569efe9e124baaa16aba4ac3fc35bbd9d (commit)


- Log -----------------------------------------------------------------
commit cc2829e6641092abed8360433dbe67e883fd1cc6
Author: Ismo Puustinen <ismo.pu...@intel.com>
Date: Fri Aug 7 22:11:28 2015 -0400

GH364: Free memory on an error path

Part of RT 3997
Per Ben, just jump to common exit code.

Signed-off-by: Rich Salz <rs...@akamai.com>

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/x509/x509_vfy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 26867cb..6b1f7fe 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -348,7 +348,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (!sk_X509_push(ctx->chain, x)) {
X509_free(xtmp);
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
- return 0;
+ ok = 0;
+ goto done;
}
num++;

[Matt Caswell]

The branch master has been updated

via bc6616a4347d4c30bce1d1918da09f09f84c0403 (commit)
via f9f6053442a2918d0445866252256b2cb54a1187 (commit)
from cc2829e6641092abed8360433dbe67e883fd1cc6 (commit)

- Log -----------------------------------------------------------------
commit bc6616a4347d4c30bce1d1918da09f09f84c0403
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Aug 3 17:20:47 2015 +0100

Enhance PACKET readability

Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bka...@akamai.com) for pointing this out.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

commit f9f6053442a2918d0445866252256b2cb54a1187
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Aug 3 17:20:07 2015 +0100

Add missing return check for PACKET_buf_init

The new ClientHello PACKET code is missing a return value check.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/packet_locl.h | 3 +--
ssl/s3_srvr.c | 8 ++++++--
ssl/t1_lib.c | 4 ++--
test/packettest.c | 2 +-
4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 80d0b93..a5e4d00 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -80,8 +80,7 @@ typedef struct {
} PACKET;

/*
- * Returns 1 if there are exactly |len| bytes left to be read from |pkt|
- * and 0 otherwise
+ * Returns the number of bytes remaining to be read in the PACKET
*/
__owur static inline size_t PACKET_remaining(PACKET *pkt)
{
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index acb2fa9..a015a49 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -874,7 +874,11 @@ int ssl3_get_client_hello(SSL *s)
if (!ok)
return ((int)n);
s->first_packet = 0;
- PACKET_buf_init(&pkt, s->init_msg, n);

+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {

+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }

/* First lets get s->client_version set correctly */
if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
@@ -1055,7 +1059,7 @@ int ssl3_get_client_hello(SSL *s)
memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i)
|| !PACKET_forward(&pkt, cl)
- || !PACKET_remaining(&pkt) == 0) {
+ || PACKET_remaining(&pkt) != 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);

al = SSL_AD_DECODE_ERROR;
goto f_err;

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ece2b72..e37411c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2036,7 +2036,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
}
}
/* We shouldn't have any bytes left */
- if (PACKET_remaining(&ssubpkt))
+ if (PACKET_remaining(&ssubpkt) != 0)
goto err;

}
@@ -2140,7 +2140,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
|| (dsize & 1) != 0
|| (dsize == 0)
|| !PACKET_get_bytes(&subpkt, &data, dsize)
- || PACKET_remaining(&subpkt)
+ || PACKET_remaining(&subpkt) != 0
|| !tls1_save_sigalgs(s, data, dsize)) {
goto err;
}
diff --git a/test/packettest.c b/test/packettest.c
index d6d0c08..c3ac53b 100644
--- a/test/packettest.c
+++ b/test/packettest.c
@@ -67,7 +67,7 @@ static int test_PACKET_remaining(PACKET *pkt)
|| !PACKET_forward(pkt, BUF_LEN - 1)
|| PACKET_remaining(pkt) != 1
|| !PACKET_forward(pkt, 1)
- || PACKET_remaining(pkt)) {
+ || PACKET_remaining(pkt) != 0) {
fprintf(stderr, "test_PACKET_remaining() failed\n");
return 0;
}

[Matt Caswell]

The branch master has been updated

via ac63710a3d718cad5c4d151f0e039ce2fe9c732e (commit)
from bc6616a4347d4c30bce1d1918da09f09f84c0403 (commit)

- Log -----------------------------------------------------------------
commit ac63710a3d718cad5c4d151f0e039ce2fe9c732e
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Aug 5 15:52:26 2015 +0100

PACKETise Certificate Status message

Process the Certificate Status message using the PACKET API

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 4ebd7aa..dedbfea 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2271,7 +2271,8 @@ int ssl3_get_cert_status(SSL *s)
{
int ok, al;
unsigned long resplen, n;
- const unsigned char *p;
+ unsigned int type;

+ PACKET pkt;

n = s->method->ssl_get_message(s,

SSL3_ST_CR_CERT_STATUS_A,
@@ -2280,31 +2281,36 @@ int ssl3_get_cert_status(SSL *s)

if (!ok)
return ((int)n);
- if (n < 4) {
- /* need at least status type + length */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+

+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {

+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_INTERNAL_ERROR);
goto f_err;
}
- p = (unsigned char *)s->init_msg;
- if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
+ if (!PACKET_get_1(&pkt, &type)
+ || type != TLSEXT_STATUSTYPE_ocsp) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
goto f_err;
}
- n2l3(p, resplen);
- if (resplen + 4 != n) {
+ if (!PACKET_get_net_3(&pkt, &resplen)
+ || PACKET_remaining(&pkt) != resplen) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
+ s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
if (!s->tlsext_ocsp_resp) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
goto f_err;
}
+ if (!PACKET_copy_bytes(&pkt, s->tlsext_ocsp_resp, resplen)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
s->tlsext_ocsp_resplen = resplen;
if (s->ctx->tlsext_status_cb) {
int ret;

[Rich Salz]

The branch master has been updated

via f25825c218efb71c13ef7c60c1acbe13cfdfe78b (commit)
from ac63710a3d718cad5c4d151f0e039ce2fe9c732e (commit)


- Log -----------------------------------------------------------------
commit f25825c218efb71c13ef7c60c1acbe13cfdfe78b
Author: Rich Salz <rs...@akamai.com>
Date: Thu Aug 13 11:22:10 2015 -0400

Fix FAQ formatting for new website.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

FAQ | 26 ++++++++++++++++----------

1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/FAQ b/FAQ
index 2579d51..0ff792b 100644
--- a/FAQ
+++ b/FAQ
@@ -861,22 +861,25 @@ with the i2d_*_bio() or d2i_*_bio() functions or you can use the
i2d_*(), d2i_*() functions directly. Since these are often the
cause of grief here are some code fragments using PKCS7 as an example:

+----- snip:start -----
unsigned char *buf, *p;
- int len;
+ int len = i2d_PKCS7(p7, NULL);

- len = i2d_PKCS7(p7, NULL);
- buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+ buf = OPENSSL_malloc(len); /* error checking omitted */
p = buf;
i2d_PKCS7(p7, &p);
+----- snip:end -----

At this point buf contains the len bytes of the DER encoding of
p7.

The opposite assumes we already have len bytes in buf:

- unsigned char *p;
- p = buf;
+----- snip:start -----
+ unsigned char *p = buf;
+
p7 = d2i_PKCS7(NULL, &p, len);
+----- snip:end -----

At this point p7 contains a valid PKCS7 structure or NULL if an error
occurred. If an error occurred ERR_print_errors(bio) should give more
@@ -893,14 +896,17 @@ because it no longer points to the same address.
Memory allocation and encoding can also be combined in a single
operation by the ASN1 routines:

- unsigned char *buf = NULL; /* mandatory */
- int len;
- len = i2d_PKCS7(p7, &buf);
- if (len < 0)
- /* Error */
+----- snip:start -----
+ unsigned char *buf = NULL;
+ int len = i2d_PKCS7(p7, &buf);
+
+ if (len < 0) {
+ /* Error */
+ }
/* Do some things with 'buf' */
/* Finished with buf: free it */
OPENSSL_free(buf);
+----- snip:end -----

In this special case the "buf" parameter is *not* incremented, it points
to the start of the encoding.

[Richard Levitte]

The branch master has been updated

via 00bf5001f72144062fe3f7973b968be534ac1246 (commit)
via 4deefd6567cce43ef6c6b910693c093e9598f556 (commit)
via b3a231db49f864a40f999bf5b3843bebec5e3730 (commit)
from f25825c218efb71c13ef7c60c1acbe13cfdfe78b (commit)


- Log -----------------------------------------------------------------
commit 00bf5001f72144062fe3f7973b968be534ac1246
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Aug 13 19:15:45 2015 +0200

for test_sslvertol, add a value to display SSL version < 3 in debug

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 4deefd6567cce43ef6c6b910693c093e9598f556
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Aug 13 19:14:34 2015 +0200

Fixups in libssl test harness

- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit b3a231db49f864a40f999bf5b3843bebec5e3730
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Aug 13 19:13:16 2015 +0200

Use -I to add to @INC, and use -w to produce warnings

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

test/Makefile | 6 +++---
util/TLSProxy/Message.pm | 2 +-
util/TLSProxy/Proxy.pm | 3 ++-
util/TLSProxy/Record.pm | 6 ++++--
util/TLSProxy/ServerKeyExchange.pm | 11 +++++++----
5 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/test/Makefile b/test/Makefile
index 31b3796..b59613c 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -424,17 +424,17 @@ test_packet: $(PACKETTEST)$(EXE_EXT)

#OPENSSL_ia32cap=... in ssl tests below ensures AES-NI is switched off (AES-NI does not go through the testmode engine)

test_sslvertol: ../apps/openssl$(EXE_EXT)
@echo $(START) $@
- [ -z "$(SHARED_LIBS)" ] || PERL5LIB=$$PERL5LIB:../util OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh ./$(SSLVERTOLTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem
+ [ -z "$(SHARED_LIBS)" ] || OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh $(PERL) -I../util -w ./$(SSLVERTOLTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem

@[ -n "$(SHARED_LIBS)" ] || echo test_sslvertol can only be performed with OpenSSL configured shared

test_sslextension: ../apps/openssl$(EXE_EXT)
@echo $(START) $@
- [ -z "$(SHARED_LIBS)" ] || PERL5LIB=$$PERL5LIB:../util OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh ./$(SSLEXTENSIONTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem
+ [ -z "$(SHARED_LIBS)" ] || OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh $(PERL) -I../util -w ./$(SSLEXTENSIONTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem

@[ -n "$(SHARED_LIBS)" ] || echo test_sslextension can only be performed with OpenSSL configured shared

test_sslskewith0p: ../apps/openssl$(EXE_EXT)
@echo $(START) $@
- [ -z "$(SHARED_LIBS)" ] || PERL5LIB=$$PERL5LIB:../util OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh ./$(SSLSKEWITH0PTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem
+ [ -z "$(SHARED_LIBS)" ] || OPENSSL_ENGINES=../engines ../util/shlib_wrap.sh $(PERL) -I../util -w ./$(SSLSKEWITH0PTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem

@[ -n "$(SHARED_LIBS)" ] || echo test_sslskewith0p can only be performed with OpenSSL configured shared

update: local_depend
diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm
index 66a4a7b..028322b 100644
--- a/util/TLSProxy/Message.pm
+++ b/util/TLSProxy/Message.pm
@@ -350,7 +350,7 @@ sub repack

$lenlo = length($self->data) & 0xff;

$lenhi = length($self->data) >> 8;

- my $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;
+ $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;


if ($numrecs == 0) {
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index c033c29..571ab10 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -142,7 +142,8 @@ sub start
my $oldstdout;

if(!$self->debug) {
- $oldstdout = select(File::Spec->devnull());
+ open DEVNULL, ">", File::Spec->devnull();
+ $oldstdout = select(DEVNULL);

}

# Create the Proxy socket

diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm
index 1d10508..124f924 100644
--- a/util/TLSProxy/Record.pm
+++ b/util/TLSProxy/Record.pm
@@ -83,7 +83,8 @@ use constant {
VERS_TLS_1_2 => 771,
VERS_TLS_1_1 => 770,
VERS_TLS_1_0 => 769,
- VERS_SSL_3_0 => 768
+ VERS_SSL_3_0 => 768,
+ VERS_SSL_LT_3_0 => 767
};

my %tls_version = (
@@ -91,7 +92,8 @@ my %tls_version = (
VERS_TLS_1_2, "TLS1.2",
VERS_TLS_1_1, "TLS1.1",
VERS_TLS_1_0, "TLS1.0",
- VERS_SSL_3_0, "SSL3"
+ VERS_SSL_3_0, "SSL3",
+ VERS_SSL_LT_3_0, "SSL<3"
);

#Class method to extract records from a packet of data

diff --git a/util/TLSProxy/ServerKeyExchange.pm b/util/TLSProxy/ServerKeyExchange.pm
index 3a91d17..b85b8ad 100644
--- a/util/TLSProxy/ServerKeyExchange.pm
+++ b/util/TLSProxy/ServerKeyExchange.pm
@@ -104,13 +104,16 @@ sub parse

my $pub_key_len = unpack('n', substr($self->data, $ptr));

$ptr += 2;

my $pub_key = substr($self->data, $ptr, $pub_key_len);

- $ptr += $g_len;
+ $ptr += $pub_key_len;

#We assume its signed

my $sig_len = unpack('n', substr($self->data, $ptr));

- $ptr += 2;
- my $sig = substr($self->data, $ptr, $sig_len);
- $ptr += $sig_len;
+ my $sig = "";
+ if (defined $sig_len) {
+ $ptr += 2;
+ $sig = substr($self->data, $ptr, $sig_len);

+ $ptr += $sig_len;
+ }

$self->p($p);
$self->g($g);

[Dr. Stephen Henson]

The branch master has been updated

via 6d5f8265ce6c4a8ed528462f519d9e8f2b7cfafd (commit)
from 00bf5001f72144062fe3f7973b968be534ac1246 (commit)


- Log -----------------------------------------------------------------
commit 6d5f8265ce6c4a8ed528462f519d9e8f2b7cfafd

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Thu Jul 23 16:38:58 2015 +0100

Documentation for SSL_check_chain()

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/ssl/SSL_check_chain.pod | 85 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 85 insertions(+)
create mode 100644 doc/ssl/SSL_check_chain.pod

diff --git a/doc/ssl/SSL_check_chain.pod b/doc/ssl/SSL_check_chain.pod
new file mode 100644
index 0000000..d3b7601
--- /dev/null
+++ b/doc/ssl/SSL_check_chain.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+SSL_check_chain - check certificate chain suitability
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+
+=head1 DESCRIPTION
+
+SSL_check_chain() checks whether certificate B<x>, private key B<pk> and
+certificate chain B<chain> is suitable for use with the current session
+B<s>.
+
+=head1 RETURN VALUES
+
+SSL_check_chain() returns a bitmap of flags indicating the validity of the
+chain.
+
+B<CERT_PKEY_VALID>: the chain can be used with the current session.
+If this flag is B<not> set then the certificate will never be used even
+if the application tries to set it because it is inconsistent with the
+peer preferences.
+
+B<CERT_PKEY_SIGN>: the EE key can be used for signing.
+
+B<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is
+acceptable.
+
+B<CERT_PKEY_CA_SIGNATURE>: the signature algorithms of all CA certificates
+are acceptable.
+
+B<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are
+acceptable (e.g. it is a supported curve).
+
+B<CERT_PKEY_CA_PARAM>: the parameters of all CA certificates are acceptable.
+
+B<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm
+can be used explicitly for signing (i.e. it is mentioned in the signature
+algorithms extension).
+
+B<CERT_PKEY_ISSUER_NAME>: the issuer name is acceptable. This is only
+meaningful for client authentication.
+
+B<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful
+for client authentication.
+
+B<CERT_PKEY_SUITEB>: chain is suitable for Suite B use.
+
+=head1 NOTES
+
+SSL_check_chain() must be called in servers after a client hello message or in
+clients after a certificate request message. It will typically be called
+in the certificate callback.
+
+An application wishing to support multiple certificate chains may call this
+function on each chain in turn: starting with the one it considers the
+most secure. It could then use the chain of the first set which returns
+suitable flags.
+
+As a minimum the flag B<CERT_PKEY_VALID> must be set for a chain to be
+usable. An application supporting multiple chains with different CA signature
+algorithms may also wish to check B<CERT_PKEY_CA_SIGNATURE> too. If no
+chain is suitable a server should fall back to the most secure chain which
+sets B<CERT_PKEY_VALID>.
+
+The validity of a chain is determined by checking if it matches a supported
+signature algorithm, supported curves and in the case of client authentication
+certificate types and issuer names.
+
+Since the supported signature algorithms extension is only used in TLS 1.2
+and DTLS 1.2 the results for earlier versions of TLS and DTLS may not be
+very useful. Applications may wish to specify a different "legacy" chain
+for earlier versions of TLS or DTLS.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_cert_cb(3)|SSL_CTX_set_cert_cb(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut

[Dr. Stephen Henson]

The branch master has been updated

via 2fd7fb99dba9f56fbcb7ee1686bef30c7aef4754 (commit)
from 6d5f8265ce6c4a8ed528462f519d9e8f2b7cfafd (commit)


- Log -----------------------------------------------------------------
commit 2fd7fb99dba9f56fbcb7ee1686bef30c7aef4754

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Jun 17 01:13:40 2015 +0100

Update docs.

Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/ssl/SSL_CTX_add_extra_chain_cert.pod | 35 +++++++++++++++++++++-----------
1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
index 8e832a5..04300fb 100644
--- a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
+++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -2,29 +2,39 @@

=head1 NAME

-SSL_CTX_add_extra_chain_cert - add certificate to chain
+SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
+extra chain certificates

=head1 SYNOPSIS

#include <openssl/ssl.h>

- long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
+ long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);

=head1 DESCRIPTION

-SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
-chain presented together with the certificate. Several certificates
-can be added one after the other.
+SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
+certificates associated with B<ctx>. Several certificates can be added one
+after another.
+
+SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
+associated with B<ctx>.
+
+These functions are implemented as macros.

=head1 NOTES

-When constructing the certificate chain, the chain will be formed from
-these certificates explicitly specified. If no chain is specified,
-the library will try to complete the chain from the available CA
-certificates in the trusted CA storage, see
+When sending a certificate chain, extra chain certificates are sent in order
+following the end entity certificate.
+
+If no chain is specified, the library will try to complete the chain from the
+available CA certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.

-The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object.
+The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
+freed by the library when the B<SSL_CTX> is destroyed. An application
+B<should not> free the B<x509> object.

=head1 RESTRICTIONS

@@ -37,8 +47,9 @@ be used instead.

=head1 RETURN VALUES

-SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
-error stack to find out the reason for failure otherwise.
+SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
+1 on success and 0 for failure. Check out the error stack to find out the
+reason for failure.

=head1 SEE ALSO

[Dr. Stephen Henson]

The branch master has been updated

via f8f5f8369d1d76fd8ec28d3d2422a47f8440f452 (commit)
via 176f85a28ec73b16f68a4f1737fb4645b9e9ae7b (commit)
via 3d3701ea20ca36215e3af5ac090797cfec5fca2a (commit)
via e75c5a794e71baa3d76214be3ac8dc6e082e4a1a (commit)
from 2fd7fb99dba9f56fbcb7ee1686bef30c7aef4754 (commit)


- Log -----------------------------------------------------------------
commit f8f5f8369d1d76fd8ec28d3d2422a47f8440f452

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Aug 10 19:17:50 2015 +0100

add CCM docs

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 176f85a28ec73b16f68a4f1737fb4645b9e9ae7b

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jul 31 16:53:45 2015 +0100

Add CCM ciphersuites from RFC6655 and RFC7251

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 3d3701ea20ca36215e3af5ac090797cfec5fca2a

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jul 31 16:59:45 2015 +0100

ccm8 support

Reviewed-by: Tim Hudson <t...@openssl.org>

commit e75c5a794e71baa3d76214be3ac8dc6e082e4a1a

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jul 31 16:54:35 2015 +0100

CCM support.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/evp/e_aes.c | 92 ++++++++++++-
doc/apps/ciphers.pod | 29 +++++
include/openssl/evp.h | 10 +-
include/openssl/ssl.h | 2 +
include/openssl/tls1.h | 54 ++++++++
ssl/record/rec_layer_d1.c | 2 +
ssl/record/rec_layer_s3.c | 2 +
ssl/record/ssl3_record.c | 14 +-
ssl/s3_lib.c | 320 ++++++++++++++++++++++++++++++++++++++++++++++
ssl/ssl_algs.c | 2 +
ssl/ssl_ciph.c | 36 +++++-
ssl/ssl_locl.h | 6 +-
ssl/t1_enc.c | 18 ++-
13 files changed, 570 insertions(+), 17 deletions(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index f8365a2..b02cf6e 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -110,6 +110,7 @@ typedef struct {
int tag_set; /* Set if tag is valid */
int len_set; /* Set if message length set */
int L, M; /* L and M parameters from RFC3610 */
+ int tls_aad_len; /* TLS AAD length */
CCM128_CONTEXT ccm;
ccm128_f str;
} EVP_AES_CCM_CTX;
@@ -1853,6 +1854,34 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
cctx->M = 12;
cctx->tag_set = 0;
cctx->len_set = 0;
+ cctx->tls_aad_len = -1;
+ return 1;
+
+ case EVP_CTRL_AEAD_TLS1_AAD:
+ /* Save the AAD for later use */
+ if (arg != EVP_AEAD_TLS1_AAD_LEN)
+ return 0;
+ memcpy(c->buf, ptr, arg);
+ cctx->tls_aad_len = arg;
+ {
+ uint16_t len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+ /* Correct length for explicit IV */
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ /* If decrypting correct for tag too */
+ if (!c->encrypt)
+ len -= cctx->M;
+ c->buf[arg - 2] = len >> 8;
+ c->buf[arg - 1] = len & 0xff;
+ }
+ /* Extra padding: tag appended to record */
+ return cctx->M;
+
+ case EVP_CTRL_CCM_SET_IV_FIXED:
+ /* Sanity check length */
+ if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+ return 0;
+ /* Just copy to first part of IV */
+ memcpy(c->iv, ptr, arg);
return 1;

case EVP_CTRL_AEAD_SET_IVLEN:
@@ -1945,14 +1974,66 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 1;
}

+static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+ CCM128_CONTEXT *ccm = &cctx->ccm;
+ /* Encrypt/decrypt must be performed in place */
+ if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+ return -1;
+ /* If encrypting set explicit IV from sequence number (start of AAD) */
+ if (ctx->encrypt)
+ memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ /* Get rest of IV from explicit IV */
+ memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ /* Correct length value */
+ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
+ return -1;
+ /* Use saved AAD */
+ CRYPTO_ccm128_aad(ccm, ctx->buf, cctx->tls_aad_len);
+ /* Fix buffer to point to payload */
+ in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ if (ctx->encrypt) {
+ if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+ cctx->str) :
+ CRYPTO_ccm128_encrypt(ccm, in, out, len))
+ return -1;
+ if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+ return -1;
+ return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+ } else {
+ if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+ cctx->str) :
+ !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+ unsigned char tag[16];
+ if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+ if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+ return len;
+ }
+ }
+ OPENSSL_cleanse(out, len);

+ return -1;
+ }
+}

+
static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
CCM128_CONTEXT *ccm = &cctx->ccm;
/* If not set up, return error */
- if (!cctx->iv_set && !cctx->key_set)
+ if (!cctx->key_set)
+ return -1;
+
+ if (cctx->tls_aad_len >= 0)
+ return aes_ccm_tls_cipher(ctx, out, in, len);
+
+ if (!cctx->iv_set)
return -1;
+
if (!ctx->encrypt && !cctx->tag_set)
return -1;
if (!out) {
@@ -2007,9 +2088,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

# define aes_ccm_cleanup NULL

-BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+ BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+ BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)

typedef struct {
union {
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 5a4a4fd..3f146e8 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -260,6 +260,13 @@ cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
AES in Galois Counter Mode (GCM): these ciphersuites are only supported
in TLS v1.2.

+=item B<AESCCM>, B<AESCCM8>
+
+AES in Cipher Block Chaining - Message Authentication Mode (CCM): these
+ciphersuites are only supported in TLS v1.2. B<AESCCM> references CCM
+cipher suites using both 16 and 8 octet Integrity Check Value (ICV)
+while B<AESCCM8> only references 8 octet ICV.
+
=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>

cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
@@ -576,6 +583,19 @@ Note: these ciphers can also be used in SSL v3.
TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384

+ RSA_WITH_AES_128_CCM AES128-CCM
+ RSA_WITH_AES_256_CCM AES256-CCM
+ DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM
+ DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM
+ RSA_WITH_AES_128_CCM_8 AES128-CCM8
+ RSA_WITH_AES_256_CCM_8 AES256-CCM8
+ DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8
+ DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8
+ ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM
+ ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM
+ ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8
+ ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8
+
=head2 Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2

TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
@@ -652,6 +672,15 @@ Note: these ciphers can also be used in SSL v3.
ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384

+ PSK_WITH_AES_128_CCM PSK-AES128-CCM
+ PSK_WITH_AES_256_CCM PSK-AES256-CCM
+ DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM
+ DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM
+ PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8
+ PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8
+ DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
+ DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
+
=head1 NOTES

Some compiled versions of OpenSSL may not include all the ciphers
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index dff81b0..ddefbf6 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -399,14 +399,16 @@ struct evp_cipher_st {
# define EVP_CTRL_AEAD_SET_IVLEN 0x9
# define EVP_CTRL_AEAD_GET_TAG 0x10
# define EVP_CTRL_AEAD_SET_TAG 0x11
+# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
-# define EVP_CTRL_GCM_SET_IV_FIXED 0x12
+# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
# define EVP_CTRL_GCM_IV_GEN 0x13
# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
+# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
# define EVP_CTRL_CCM_SET_L 0x14
# define EVP_CTRL_CCM_SET_MSGLEN 0x15
/*
@@ -443,6 +445,12 @@ typedef struct {
/* Length of tag for TLS */
# define EVP_GCM_TLS_TAG_LEN 16

+/* CCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_CCM_TLS_FIXED_IV_LEN 4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8
+
typedef struct evp_cipher_info_st {
const EVP_CIPHER *cipher;
unsigned char iv[EVP_MAX_IV_LENGTH];
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 28c2fb9..10f8041 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -245,6 +245,8 @@ extern "C" {
# define SSL_TXT_AES256 "AES256"
# define SSL_TXT_AES "AES"
# define SSL_TXT_AES_GCM "AESGCM"
+# define SSL_TXT_AES_CCM "AESCCM"
+# define SSL_TXT_AES_CCM_8 "AESCCM8"
# define SSL_TXT_CAMELLIA128 "CAMELLIA128"
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
# define SSL_TXT_CAMELLIA "CAMELLIA"
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 6e98784..6adfcf3 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -519,6 +519,31 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7

+/* CCM ciphersuites from RFC6655 */
+# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C
+# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F
+# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0
+# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3
+# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4
+# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7
+# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8
+# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB
+
+/* CCM ciphersuites from RFC7251 */
+
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF
+
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB
@@ -823,6 +848,35 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"

+/* CCM ciphersuites from RFC6655 */
+
+# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM"
+
+# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8"
+
+/* CCM ciphersuites from RFC7251 */
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8"
+
/* ECDH HMAC based ciphersuites from RFC5289 */

# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 3da4f11..74796be 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -1120,6 +1120,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
/* Need explicit part of IV for GCM mode */
else if (mode == EVP_CIPH_GCM_MODE)
eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ else if (mode == EVP_CIPH_CCM_MODE)
+ eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
else
eivlen = 0;
} else
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 8a9e303..5b28663 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -799,6 +799,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* Need explicit part of IV for GCM mode */
else if (mode == EVP_CIPH_GCM_MODE)
eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ else if (mode == EVP_CIPH_CCM_MODE)
+ eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
else
eivlen = 0;
} else
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 1865f24..1fa1710 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -764,10 +764,16 @@ int tls1_enc(SSL *s, int send)
? (i < 0)
: (i == 0))
return -1; /* AEAD can fail to verify MAC */
- if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
- rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
- rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
- rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ if (send == 0) {
+ if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+ rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+ rec->data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ rec->input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ rec->length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ }
}

ret = 1;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0a3bba4..47d28e7 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3450,6 +3450,326 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256},
#endif

+ /* Cipher C09C */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_128_CCM,
+ TLS1_CK_RSA_WITH_AES_128_CCM,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C09D */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_CCM,
+ TLS1_CK_RSA_WITH_AES_256_CCM,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C09E */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C09F */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A0 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_RSA_WITH_AES_128_CCM_8,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A1 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_RSA_WITH_AES_256_CCM_8,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A2 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A3 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A4 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CCM,
+ TLS1_CK_PSK_WITH_AES_128_CCM,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A4 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CCM,
+ TLS1_CK_PSK_WITH_AES_256_CCM,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A6 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A7 */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_PSK_WITH_AES_128_CCM_8,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_PSK_WITH_AES_256_CCM_8,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AA */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AB */
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AC */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AD */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+
+ /* Cipher C0AE */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher C0AF */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_AES256CCM8,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+

/* end of list */
};

diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index ba9fc48..f4827fd 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -91,6 +91,8 @@ int SSL_library_init(void)
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
+ EVP_add_cipher(EVP_aes_128_ccm());
+ EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 08a95f9..c048fc2 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -164,7 +164,11 @@
#define SSL_ENC_SEED_IDX 11
#define SSL_ENC_AES128GCM_IDX 12
#define SSL_ENC_AES256GCM_IDX 13
-#define SSL_ENC_NUM_IDX 14
+#define SSL_ENC_AES128CCM_IDX 14
+#define SSL_ENC_AES256CCM_IDX 15
+#define SSL_ENC_AES128CCM8_IDX 16
+#define SSL_ENC_AES256CCM8_IDX 17
+#define SSL_ENC_NUM_IDX 18

/* NB: make sure indices in these tables match values above */

@@ -188,7 +192,11 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
{SSL_SEED, NID_seed_cbc}, /* SSL_ENC_SEED_IDX 11 */
{SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
- {SSL_AES256GCM, NID_aes_256_gcm} /* SSL_ENC_AES256GCM_IDX 13 */
+ {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */
+ {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */
+ {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
+ {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
+ {SSL_AES256CCM8, NID_aes_256_ccm} /* SSL_ENC_AES256CCM8_IDX 17 */
};

static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
@@ -355,13 +363,17 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0,
- 0},
- {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0,
- 0},
+ {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
+ 0, 0, 0, 0, 0},
+ {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
+ 0, 0, 0, 0, 0},
{0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
0, 0},
+ {0, SSL_TXT_AES_CCM, 0, 0, 0, SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0, 0,
+ 0, 0},
+ {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0, 0,
+ 0, 0},
{0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0,
@@ -1709,6 +1721,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_AES256GCM:
enc = "AESGCM(256)";
break;
+ case SSL_AES128CCM:
+ enc = "AESCCM(128)";
+ break;
+ case SSL_AES256CCM:
+ enc = "AESCCM(256)";
+ break;
+ case SSL_AES128CCM8:
+ enc = "AESCCM8(128)";
+ break;
+ case SSL_AES256CCM8:
+ enc = "AESCCM8(256)";
+ break;
case SSL_CAMELLIA128:
enc = "Camellia(128)";
break;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 63b547a..79926ff 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -359,8 +359,12 @@
# define SSL_SEED 0x00000800L
# define SSL_AES128GCM 0x00001000L
# define SSL_AES256GCM 0x00002000L
+# define SSL_AES128CCM 0x00004000L
+# define SSL_AES256CCM 0x00008000L
+# define SSL_AES128CCM8 0x00010000L
+# define SSL_AES256CCM8 0x00020000L

-# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
+# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)

/* Bits for algorithm_mac (symmetric authentication) */
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 9942bb4..1f539aa 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -422,9 +422,11 @@ int tls1_change_cipher_state(SSL *s, int which)
j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
- /* If GCM mode only part of IV comes from PRF */
+ /* If GCM/CCM mode only part of IV comes from PRF */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
k = EVP_GCM_TLS_FIXED_IV_LEN;
+ else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+ k = EVP_CCM_TLS_FIXED_IV_LEN;
else
k = EVP_CIPHER_iv_length(c);
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -506,6 +508,20 @@ int tls1_change_cipher_state(SSL *s, int which)
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
+ } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+ int taglen;
+ if (s->s3->tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8|SSL_AES256CCM8))
+ taglen = 8;
+ else
+ taglen = 16;
+ if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv)
+ || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
} else {
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);

[Matt Caswell]

The branch master has been updated

via c83eda8c22f08346d5434662643de523a469c81e (commit)
from f8f5f8369d1d76fd8ec28d3d2422a47f8440f452 (commit)

- Log -----------------------------------------------------------------
commit c83eda8c22f08346d5434662643de523a469c81e
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Aug 13 10:04:23 2015 +0100

Fix session tickets

Commit 9ceb2426b0 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/t1_lib.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e37411c..f004288 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3043,6 +3043,11 @@ int tls1_process_ticket(SSL *s, PACKET *pkt, unsigned char *session_id,
break;
}
goto end;
+ } else {
+ if (!PACKET_forward(pkt, size)) {
+ retv = -1;
+ goto end;
+ }
}
}
retv = 0;

[Matt Caswell]

The branch master has been updated

via 561e12bbb0a85c44d2b5501ccd430f2fb2fd63aa (commit)
from c83eda8c22f08346d5434662643de523a469c81e (commit)

- Log -----------------------------------------------------------------
commit 561e12bbb0a85c44d2b5501ccd430f2fb2fd63aa
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Aug 5 14:50:24 2015 +0100

PACKETise NewSessionTicket

Process NewSessionTicket messages using the new PACKET API

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index dedbfea..1394293 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2174,10 +2174,10 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)

int ssl3_get_new_session_ticket(SSL *s)
{
- int ok, al, ret = 0, ticklen;
+ int ok, al, ret = 0;
+ unsigned int ticklen;
long n;

- const unsigned char *p;

- unsigned char *d;

+ PACKET pkt;

n = s->method->ssl_get_message(s,

SSL3_ST_CR_SESSION_TICKET_A,
@@ -2187,15 +2187,12 @@ int ssl3_get_new_session_ticket(SSL *s)
if (!ok)
return ((int)n);

- if (n < 6) {
- /* need at least ticket_lifetime_hint + ticket length */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);

+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;

+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
goto f_err;
}

- p = d = (unsigned char *)s->init_msg;
-
if (s->session->session_id_length > 0) {
int i = s->session_ctx->session_cache_mode;
SSL_SESSION *new_sess;
@@ -2227,10 +2224,9 @@ int ssl3_get_new_session_ticket(SSL *s)
s->session = new_sess;
}

- n2l(p, s->session->tlsext_tick_lifetime_hint);
- n2s(p, ticklen);
- /* ticket_lifetime_hint + ticket_length + ticket */
- if (ticklen + 6 != n) {
+ if (!PACKET_get_net_4(&pkt, &s->session->tlsext_tick_lifetime_hint)
+ || !PACKET_get_net_2(&pkt, &ticklen)
+ || PACKET_remaining(&pkt) != ticklen) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
goto f_err;
@@ -2242,7 +2238,11 @@ int ssl3_get_new_session_ticket(SSL *s)
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
goto err;
}
- memcpy(s->session->tlsext_tick, p, ticklen);
+ if (!PACKET_copy_bytes(&pkt, s->session->tlsext_tick, ticklen)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
s->session->tlsext_ticklen = ticklen;
/*
* There are two ways to detect a resumed ticket session. One is to set
@@ -2255,7 +2255,7 @@ int ssl3_get_new_session_ticket(SSL *s)
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket.
*/
- EVP_Digest(p, ticklen,
+ EVP_Digest(s->session->tlsext_tick, ticklen,
s->session->session_id, &s->session->session_id_length,
EVP_sha256(), NULL);
ret = 1;

[Matt Caswell]

The branch master has been updated

via efcdbcbeda556876c0147dca21d51610de30dfd9 (commit)
from 561e12bbb0a85c44d2b5501ccd430f2fb2fd63aa (commit)


- Log -----------------------------------------------------------------
commit efcdbcbeda556876c0147dca21d51610de30dfd9
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Aug 3 12:57:51 2015 +0100

PACKETise ClientKeyExchange processing

Use the new PACKET code to process the CKE message

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_srvr.c | 183 ++++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 119 insertions(+), 64 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a015a49..8bdb082 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2211,10 +2211,10 @@ int ssl3_send_certificate_request(SSL *s)

int ssl3_get_client_key_exchange(SSL *s)
{
- int i, al, ok;
+ unsigned int i;
+ int al, ok;
long n;
unsigned long alg_k;
- unsigned char *p;
#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
@@ -2229,6 +2229,9 @@ int ssl3_get_client_key_exchange(SSL *s)
EC_POINT *clnt_ecpoint = NULL;
BN_CTX *bn_ctx = NULL;
#endif
+ PACKET pkt;
+ unsigned char *data;
+ size_t remain;

n = s->method->ssl_get_message(s,

SSL3_ST_SR_KEY_EXCH_A,
@@ -2237,7 +2240,11 @@ int ssl3_get_client_key_exchange(SSL *s)

if (!ok)
return ((int)n);
- p = (unsigned char *)s->init_msg;

+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;

+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }

alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

@@ -2246,13 +2253,8 @@ int ssl3_get_client_key_exchange(SSL *s)
if (alg_k & SSL_PSK) {
unsigned char psk[PSK_MAX_PSK_LEN];
size_t psklen;
- if (n < 2) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- n2s(p, i);
- if (i + 2 > n) {
+
+ if (!PACKET_get_net_2(&pkt, &i)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
@@ -2271,14 +2273,20 @@ int ssl3_get_client_key_exchange(SSL *s)
}

OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = BUF_strndup((char *)p, i);
-
+ s->session->psk_identity = OPENSSL_malloc(i + 1);
if (s->session->psk_identity == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
ERR_R_MALLOC_FAILURE);
goto f_err;
}
+ if (!PACKET_copy_bytes(&pkt, (unsigned char *)s->session->psk_identity,
+ i)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ s->session->psk_identity[i] = '\0';

psklen = s->psk_server_callback(s, s->session->psk_identity,
psk, sizeof(psk));
@@ -2308,13 +2316,10 @@ int ssl3_get_client_key_exchange(SSL *s)
}

s->s3->tmp.psklen = psklen;
-
- n -= i + 2;
- p += i;
}
if (alg_k & SSL_kPSK) {
/* Identity extracted earlier: should be nothing left */
- if (n != 0) {
+ if (PACKET_remaining(&pkt) != 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
@@ -2362,17 +2367,34 @@ int ssl3_get_client_key_exchange(SSL *s)

/* TLS and [incidentally] DTLS{0xFEFF} */
if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
- n2s(p, i);
- if (n != i + 2) {
+ if (!PACKET_get_net_2(&pkt, &i)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ remain = PACKET_remaining(&pkt);
+ if (remain != i) {
if (!(s->options & SSL_OP_TLS_D5_BUG)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
goto f_err;
- } else
- p -= 2;
- } else
- n = i;
+ } else {
+ remain += 2;
+ if (!PACKET_back(&pkt, 2)) {
+ /*
+ * We already read these 2 bytes so this should never
+ * fail
+ */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ }
+ }
+ } else {
+ remain = PACKET_remaining(&pkt);
}

/*
@@ -2382,13 +2404,20 @@ int ssl3_get_client_key_exchange(SSL *s)
* actual expected size is larger due to RSA padding, but the
* bound is sufficient to be safe.
*/
- if (n < SSL_MAX_MASTER_KEY_LENGTH) {
+
+ if (remain < SSL_MAX_MASTER_KEY_LENGTH) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
goto f_err;
}

+ if (!PACKET_get_bytes(&pkt, &data, remain)) {
+ /* We already checked we had enough data so this shouldn't happen */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

+ goto f_err;
+ }
/*

* We must not leak whether a decryption failure occurs because of
* Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
@@ -2401,7 +2430,7 @@ int ssl3_get_client_key_exchange(SSL *s)
sizeof(rand_premaster_secret)) <= 0)
goto err;
decrypt_len =
- RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
+ RSA_private_decrypt(remain, data, data, rsa, RSA_PKCS1_PADDING);
ERR_clear_error();

/*
@@ -2420,9 +2449,9 @@ int ssl3_get_client_key_exchange(SSL *s)
* constant time and are treated like any other decryption error.
*/
version_good =
- constant_time_eq_8(p[0], (unsigned)(s->client_version >> 8));
+ constant_time_eq_8(data[0], (unsigned)(s->client_version >> 8));
version_good &=
- constant_time_eq_8(p[1], (unsigned)(s->client_version & 0xff));
+ constant_time_eq_8(data[1], (unsigned)(s->client_version & 0xff));

/*
* The premaster secret must contain the same version number as the
@@ -2436,9 +2465,9 @@ int ssl3_get_client_key_exchange(SSL *s)
if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
unsigned char workaround_good;
workaround_good =
- constant_time_eq_8(p[0], (unsigned)(s->version >> 8));
+ constant_time_eq_8(data[0], (unsigned)(s->version >> 8));
workaround_good &=
- constant_time_eq_8(p[1], (unsigned)(s->version & 0xff));
+ constant_time_eq_8(data[1], (unsigned)(s->version & 0xff));
version_good |= workaround_good;
}

@@ -2455,11 +2484,12 @@ int ssl3_get_client_key_exchange(SSL *s)
* it is still sufficiently large to read from.
*/
for (j = 0; j < sizeof(rand_premaster_secret); j++) {
- p[j] = constant_time_select_8(decrypt_good, p[j],
+ data[j] = constant_time_select_8(decrypt_good, data[j],
rand_premaster_secret[j]);
}

- if (!ssl_generate_master_secret(s, p, sizeof(rand_premaster_secret), 0)) {
+ if (!ssl_generate_master_secret(s, data, sizeof(rand_premaster_secret),
+ 0)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
@@ -2470,9 +2500,15 @@ int ssl3_get_client_key_exchange(SSL *s)
if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
int idx = -1;
EVP_PKEY *skey = NULL;
- if (n > 1) {
- n2s(p, i);
- } else {
+ size_t bookm;
+ unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8];
+
+ if (!PACKET_get_bookmark(&pkt, &bookm)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ if (!PACKET_get_net_2(&pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2481,14 +2517,19 @@ int ssl3_get_client_key_exchange(SSL *s)
}
i = 0;
}
- if (n && n != i + 2) {
+ if (PACKET_remaining(&pkt) != i) {
if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
} else {
- p -= 2;
- i = (int)n;
+ if (!PACKET_goto_bookmark(&pkt, bookm)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ i = PACKET_remaining(&pkt);
}
}
if (alg_k & SSL_kDHr)
@@ -2528,14 +2569,22 @@ int ssl3_get_client_key_exchange(SSL *s)
}
EVP_PKEY_free(clkey);
pub = dh_clnt->pub_key;
- } else
- pub = BN_bin2bn(p, i, NULL);
+ } else {
+ if (!PACKET_get_bytes(&pkt, &data, i)) {
+ /* We already checked we have enough data */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ pub = BN_bin2bn(data, i, NULL);
+ }
if (pub == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}

- i = DH_compute_key(p, pub, dh_srvr);
+ i = DH_compute_key(shared, pub, dh_srvr);

if (i <= 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
@@ -2550,7 +2599,7 @@ int ssl3_get_client_key_exchange(SSL *s)
else
BN_clear_free(pub);
pub = NULL;
- if (!ssl_generate_master_secret(s, p, i, 0)) {
+ if (!ssl_generate_master_secret(s, shared, i, 0)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
@@ -2567,6 +2616,7 @@ int ssl3_get_client_key_exchange(SSL *s)
const EC_KEY *tkey;
const EC_GROUP *group;
const BIGNUM *priv_key;
+ unsigned char *shared;

/* initialize structures for server's ECDH key pair */
if ((srvr_ecdh = EC_KEY_new()) == NULL) {
@@ -2645,21 +2695,21 @@ int ssl3_get_client_key_exchange(SSL *s)
}

/* Get encoded point length */
- i = *p;
- p += 1;
- if (n != 1 + i) {
+ if (!PACKET_get_1(&pkt, &i)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (!PACKET_get_bytes(&pkt, &data, i)
+ || PACKET_remaining(&pkt) != 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
- if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
+ if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, bn_ctx) == 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
- /*
- * p is pointing to somewhere in the buffer currently, so set it
- * to the start
- */
- p = (unsigned char *)s->init_buf->data;
}

/* Compute the shared pre-master secret */
@@ -2668,10 +2718,16 @@ int ssl3_get_client_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
}
- i = ECDH_compute_key(p, (field_size + 7) / 8, clnt_ecpoint, srvr_ecdh,
- NULL);
+ shared = OPENSSL_malloc((field_size + 7) / 8);
+ if (shared == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ i = ECDH_compute_key(shared, (field_size + 7) / 8, clnt_ecpoint,
+ srvr_ecdh, NULL);
if (i <= 0) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ OPENSSL_free(shared);
goto err;
}

@@ -2682,7 +2738,7 @@ int ssl3_get_client_key_exchange(SSL *s)
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;

- if (!ssl_generate_master_secret(s, p, i, 0)) {
+ if (!ssl_generate_master_secret(s, shared, i, 1)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
@@ -2692,17 +2748,13 @@ int ssl3_get_client_key_exchange(SSL *s)
#endif
#ifndef OPENSSL_NO_SRP
if (alg_k & SSL_kSRP) {
- int param_len;
-
- n2s(p, i);
- param_len = i + 2;
- if (param_len > n) {
+ if (!PACKET_get_net_2(&pkt, &i)
+ || !PACKET_get_bytes(&pkt, &data, i)) {
al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_BAD_SRP_A_LENGTH);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_SRP_A_LENGTH);
goto f_err;
}
- if ((s->srp_ctx.A = BN_bin2bn(p, i, NULL)) == NULL) {
+ if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB);
goto err;
}
@@ -2724,8 +2776,6 @@ int ssl3_get_client_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
-
- p += i;
} else
#endif /* OPENSSL_NO_SRP */
if (alg_k & SSL_kGOST) {
@@ -2757,15 +2807,20 @@ int ssl3_get_client_key_exchange(SSL *s)
ERR_clear_error();
}
/* Decrypt session key */
+ if (!PACKET_get_bytes(&pkt, &data, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if (ASN1_get_object
- ((const unsigned char **)&p, &Tlen, &Ttag, &Tclass,
+ ((const unsigned char **)&data, &Tlen, &Ttag, &Tclass,
n) != V_ASN1_CONSTRUCTED || Ttag != V_ASN1_SEQUENCE
|| Tclass != V_ASN1_UNIVERSAL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
goto gerr;
}
- start = p;
+ start = data;
inlen = Tlen;
if (EVP_PKEY_decrypt
(pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {

[Matt Caswell]

The branch master has been updated

via ac1123320145f731fb04a4cc3df1fbd9c3d5e513 (commit)
from efcdbcbeda556876c0147dca21d51610de30dfd9 (commit)

- Log -----------------------------------------------------------------
commit ac1123320145f731fb04a4cc3df1fbd9c3d5e513
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Aug 4 22:12:53 2015 +0100

PACKETise CertificateRequest

Process CertificateRequest messages using the PACKET API

Reviewed-by: Emilia Käsper <emi...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 66 ++++++++++++++++++++++++++++++-----------------------------
1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1394293..e7bbfc9 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2011,12 +2011,13 @@ int ssl3_get_key_exchange(SSL *s)
int ssl3_get_certificate_request(SSL *s)
{
int ok, ret = 0;
- unsigned long n, nc, l;
- unsigned int llen, ctype_num, i;
+ unsigned long n;
+ unsigned int list_len, ctype_num, i, name_len;
X509_NAME *xn = NULL;
- const unsigned char *p, *q;
- unsigned char *d;
+ unsigned char *data;
+ unsigned char *namestart, *namebytes;
STACK_OF(X509_NAME) *ca_sk = NULL;
+ PACKET pkt;

n = s->method->ssl_get_message(s,

SSL3_ST_CR_CERT_REQ_A,
@@ -2055,7 +2056,11 @@ int ssl3_get_certificate_request(SSL *s)
}
}

- p = d = (unsigned char *)s->init_msg;

+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {

+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }

if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
@@ -2063,7 +2068,12 @@ int ssl3_get_certificate_request(SSL *s)
}

/* get the certificate types */
- ctype_num = *(p++);
+ if (!PACKET_get_1(&pkt, &ctype_num)
+ || !PACKET_get_bytes(&pkt, &data, ctype_num)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
OPENSSL_free(s->cert->ctypes);
s->cert->ctypes = NULL;
if (ctype_num > SSL3_CT_NUMBER) {
@@ -2073,31 +2083,27 @@ int ssl3_get_certificate_request(SSL *s)
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
goto err;
}
- memcpy(s->cert->ctypes, p, ctype_num);
+ memcpy(s->cert->ctypes, data, ctype_num);
s->cert->ctype_num = (size_t)ctype_num;
ctype_num = SSL3_CT_NUMBER;
}
for (i = 0; i < ctype_num; i++)
- s->s3->tmp.ctype[i] = p[i];
- p += p[-1];
+ s->s3->tmp.ctype[i] = data[i];
+
if (SSL_USE_SIGALGS(s)) {
- n2s(p, llen);
- /*
- * Check we have enough room for signature algorithms and following
- * length value.
- */
- if ((unsigned long)(p - d + llen + 2) > n) {
+ if (!PACKET_get_net_2(&pkt, &list_len)
+ || !PACKET_get_bytes(&pkt, &data, list_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
- SSL_R_DATA_LENGTH_TOO_LONG);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
goto err;
}
+
/* Clear certificate digests and validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) {
s->s3->tmp.md[i] = NULL;
s->s3->tmp.valid_flags[i] = 0;
}
- if ((llen & 1) || !tls1_save_sigalgs(s, p, llen)) {
+ if ((list_len & 1) || !tls1_save_sigalgs(s, data, list_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
SSL_R_SIGNATURE_ALGORITHMS_ERROR);
@@ -2108,35 +2114,34 @@ int ssl3_get_certificate_request(SSL *s)
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
goto err;
}
- p += llen;
}

/* get the CA RDNs */
- n2s(p, llen);
-
- if ((unsigned long)(p - d + llen) != n) {
+ if (!PACKET_get_net_2(&pkt, &list_len)
+ || PACKET_remaining(&pkt) != list_len) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
goto err;

}

- for (nc = 0; nc < llen;) {

- n2s(p, l);
- if ((l + nc + 2) > llen) {
+ while (PACKET_remaining(&pkt)) {
+ if (!PACKET_get_net_2(&pkt, &name_len)
+ || !PACKET_get_bytes(&pkt, &namebytes, name_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
goto err;
}

- q = p;
+ namestart = namebytes;

- if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
+ if ((xn = d2i_X509_NAME(NULL, (const unsigned char **)&namebytes,
+ name_len)) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
goto err;

}

- if (q != (p + l)) {

+ if (namebytes != (namestart + name_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
SSL_R_CA_DN_LENGTH_MISMATCH);
@@ -2146,9 +2151,6 @@ int ssl3_get_certificate_request(SSL *s)
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
goto err;
}
-
- p += l;
- nc += l + 2;
}

/* we should setup a certificate to return.... */

[Rich Salz]

The branch master has been updated

via a7b78d1e638f196112945cab8f86ad29594c4ea6 (commit)
from e42ef50e5b67be76e0a2e0b14d3ec85fdc88d7ec (commit)


- Log -----------------------------------------------------------------
commit a7b78d1e638f196112945cab8f86ad29594c4ea6
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 13:25:30 2015 -0400

Fix source/old indices

-----------------------------------------------------------------------

Summary of changes:
Makefile | 2 +-
source/old/0.9.x/index.html | 5 +++--
source/old/1.0.0/index.html | 5 +++--
source/old/1.0.1/index.html | 5 +++--
source/old/1.0.2/index.html | 5 +++--
source/old/fips/index.html | 5 +++--
source/old/index.html | 5 +++--
source/sidebar.inc | 3 +++
8 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/Makefile b/Makefile
index 1e0ddaa..dc5711b 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@ SIMPLE = newsflash.inc sitemap.txt \
news/vulnerabilities.inc \
source/license.txt \
source/index.inc
-SRCLISTS = source/old/index.inc \
+SRCLISTS = \
source/old/0.9.x/index.inc \
source/old/1.0.0/index.inc \
source/old/1.0.1/index.inc \
diff --git a/source/old/0.9.x/index.html b/source/old/0.9.x/index.html
index dc74bce..07b991f 100644
--- a/source/old/0.9.x/index.html
+++ b/source/old/0.9.x/index.html
@@ -15,15 +15,16 @@
<footer>
You are here: <a href="/">Home</a>
: <a href=".">Source</a>
+ : <a href="">Old Releases</a>
<br/><a href="/sitemap.txt">Sitemap</a>
</footer>
+ <!--#include virtual="/inc/legalities.inc" -->
</article>


</div>
- <!--NO NO #include virtual="sidebar.inc" -->
+ <!--#include virtual="../../sidebar.inc" -->
</div>
- <!--#include virtual="/inc/legalities.inc" -->

</div>
<!--#include virtual="/inc/footer.inc" -->
diff --git a/source/old/1.0.0/index.html b/source/old/1.0.0/index.html
index a040259..2fae25b 100644
--- a/source/old/1.0.0/index.html
+++ b/source/old/1.0.0/index.html
@@ -12,18 +12,19 @@
<p>Here are the old 1.0.0 releases.</p>
<!--#include virtual="index.inc" -->
</div>
+ <!--#include virtual="/inc/legalities.inc" -->
<footer>
You are here: <a href="/">Home</a>
: <a href=".">Source</a>
+ : <a href="">Old Releases</a>
<br/><a href="/sitemap.txt">Sitemap</a>
</footer>
</article>


</div>
- <!--NO NO #include virtual="sidebar.inc" -->
+ <!--#include virtual="../../sidebar.inc" -->
</div>
- <!--#include virtual="/inc/legalities.inc" -->

</div>
<!--#include virtual="/inc/footer.inc" -->
diff --git a/source/old/1.0.1/index.html b/source/old/1.0.1/index.html
index 5028934..eb2121d 100644
--- a/source/old/1.0.1/index.html
+++ b/source/old/1.0.1/index.html
@@ -12,18 +12,19 @@
<p>Here are the old 1.0.1 releases.</p>
<!--#include virtual="index.inc" -->
</div>
+ <!--#include virtual="/inc/legalities.inc" -->
<footer>
You are here: <a href="/">Home</a>
: <a href=".">Source</a>
+ : <a href="">Old Releases</a>
<br/><a href="/sitemap.txt">Sitemap</a>
</footer>
</article>


</div>
- <!--NO NO #include virtual="sidebar.inc" -->
+ <!--#include virtual="../../sidebar.inc" -->
</div>
- <!--#include virtual="/inc/legalities.inc" -->

</div>
<!--#include virtual="/inc/footer.inc" -->
diff --git a/source/old/1.0.2/index.html b/source/old/1.0.2/index.html
index b238dcf..8ed017a 100644
--- a/source/old/1.0.2/index.html
+++ b/source/old/1.0.2/index.html
@@ -12,18 +12,19 @@
<p>Here are the old 1.0.2 releases.</p>
<!--#include virtual="index.inc" -->
</div>
+ <!--#include virtual="/inc/legalities.inc" -->
<footer>
You are here: <a href="/">Home</a>
: <a href=".">Source</a>
+ : <a href="">Old Releases</a>
<br/><a href="/sitemap.txt">Sitemap</a>
</footer>
</article>


</div>
- <!--NO NO #include virtual="sidebar.inc" -->
+ <!--#include virtual="../../sidebar.inc" -->
</div>
- <!--#include virtual="/inc/legalities.inc" -->

</div>
<!--#include virtual="/inc/footer.inc" -->
diff --git a/source/old/fips/index.html b/source/old/fips/index.html
index 1ade710..80385d7 100644
--- a/source/old/fips/index.html
+++ b/source/old/fips/index.html
@@ -12,18 +12,19 @@
<p>Here are the old xxx releases.</p>
<!--#include virtual="index.inc" -->
</div>
+ <!--#include virtual="/inc/legalities.inc" -->
<footer>
You are here: <a href="/">Home</a>
: <a href=".">Source</a>
+ : <a href="">Old Releases</a>
<br/><a href="/sitemap.txt">Sitemap</a>
</footer>
</article>


</div>
- <!--NO NO #include virtual="sidebar.inc" -->
+ <!--#include virtual="../../sidebar.inc" -->
</div>
- <!--#include virtual="/inc/legalities.inc" -->

</div>
<!--#include virtual="/inc/footer.inc" -->
diff --git a/source/old/index.html b/source/old/index.html
index 4d2b267..9e5b4e5 100644
--- a/source/old/index.html
+++ b/source/old/index.html
@@ -18,18 +18,19 @@
<li><a href="fips">fips</a></li>
</ul>
</div>
+ <!--#include virtual="/inc/legalities.inc" -->
<footer>
You are here: <a href="/">Home</a>
: <a href=".">Source</a>
+ : <a href="">Old Releases</a>
<br/><a href="/sitemap.txt">Sitemap</a>
</footer>
</article>


</div>
- <!--NO NO #include virtual="sidebar.inc" -->
+ <!--#include virtual="../sidebar.inc" -->
</div>
- <!--#include virtual="/inc/legalities.inc" -->

</div>
<!--#include virtual="/inc/footer.inc" -->
diff --git a/source/sidebar.inc b/source/sidebar.inc
index 4eab542..7b631e5 100644
--- a/source/sidebar.inc
+++ b/source/sidebar.inc
@@ -10,6 +10,9 @@
<a href="license.html">License</a>
</li>
<li>
+ <a href="old">Old Releases</a>
+ </li>
+ <li>
<a href="mirror.html">Mirror Sites</a>
</li>
</ul>

[Rich Salz]

The branch master has been updated

via 703a70aaedec96c63d13bcea884f04cee4a58b97 (commit)
from a7b78d1e638f196112945cab8f86ad29594c4ea6 (commit)


- Log -----------------------------------------------------------------
commit 703a70aaedec96c63d13bcea884f04cee4a58b97
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 13:30:04 2015 -0400

ignore source/old/ tgz files

-----------------------------------------------------------------------

Summary of changes:
.gitignore | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/.gitignore b/.gitignore
index 4e9329d..e0646bc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,9 @@ source/*.gz.md5
source/*.gz.sha1
source/*.tar.gz.sig
source/*.patch
+source/old/x/*.tar.gz*
+source/old/0.9.x/*.tar.gz*
+source/old/1.0.0/*.tar.gz*
+source/old/1.0.1/*.tar.gz*
+source/old/1.0.2/*.tar.gz*
+source/old/fips/*.tar.gz*

[Rich Salz]

The branch master has been updated

via 907dca8062c2e3b9d2e1242258ee7de822c87447 (commit)
from 703a70aaedec96c63d13bcea884f04cee4a58b97 (commit)


- Log -----------------------------------------------------------------
commit 907dca8062c2e3b9d2e1242258ee7de822c87447
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 13:33:03 2015 -0400

More ignore fixes, from dynamic content

-----------------------------------------------------------------------

Summary of changes:
.gitignore | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/.gitignore b/.gitignore
index e0646bc..f4c749a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,25 +1,16 @@
*.swp
+*.inc
sitemap.txt
-docs/faq.inc
docs/faq.txt
-docs/fips.inc
-news/changelog.inc
news/changelog.txt
-news/newsflash.inc
news/vulnerabilities.html
-news/vulnerabilities.inc
-newsflash.inc
-source/index.inc
source/license.txt
docs/HOWTO/*.txt
-source/*.gz
-source/*.gz.asc
-source/*.gz.md5
-source/*.gz.sha1
-source/*.tar.gz.sig
+source/*.gz*
source/*.patch
source/old/x/*.tar.gz*
source/old/0.9.x/*.tar.gz*
+source/old/0.9.x/*.patch
source/old/1.0.0/*.tar.gz*
source/old/1.0.1/*.tar.gz*
source/old/1.0.2/*.tar.gz*

[Rich Salz]

The branch master has been updated

via 03e725858a77a8d76452903516c2529fd30c6f40 (commit)
from 907dca8062c2e3b9d2e1242258ee7de822c87447 (commit)


- Log -----------------------------------------------------------------
commit 03e725858a77a8d76452903516c2529fd30c6f40
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 13:44:20 2015 -0400

Fix most of relupd target

-----------------------------------------------------------------------

Summary of changes:
.gitignore | 11 ++++-------
Makefile | 23 ++++++++++++++++++-----
2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/.gitignore b/.gitignore
index f4c749a..f448120 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
*.swp
*.inc
+blog
sitemap.txt
docs/faq.txt
news/changelog.txt
@@ -8,10 +9,6 @@ source/license.txt
docs/HOWTO/*.txt
source/*.gz*
source/*.patch
-source/old/x/*.tar.gz*
-source/old/0.9.x/*.tar.gz*
-source/old/0.9.x/*.patch
-source/old/1.0.0/*.tar.gz*
-source/old/1.0.1/*.tar.gz*
-source/old/1.0.2/*.tar.gz*
-source/old/fips/*.tar.gz*
+source/old/*/*.tar.gz*
+source/old/*/*.patch
+source/old/*/*.txt.asc
diff --git a/Makefile b/Makefile
index dc5711b..1028456 100644
--- a/Makefile
+++ b/Makefile
@@ -3,8 +3,10 @@

## Snapshot directory
SNAP = /var/cache/openssl/checkouts/openssl
+## Where releases are found.
RELEASEDIR = /var/www/openssl/source

+
# All simple generated files.
SIMPLE = newsflash.inc sitemap.txt \
docs/faq.txt docs/faq.inc docs/fips.inc \
@@ -22,17 +24,28 @@ SRCLISTS = \

all: $(SIMPLE) $(SRCLISTS)

-# Legacy targets
-simple: all
-generated: all
-manpages: all
-rebuild: all
relupd: all
+ if [ "`id -un`" != openssl ]; then \
+ echo "You must run this as 'openssl'" ; \
+ echo " sudo -u openssl -H make"; \
+ exit 1; \
+ fi
+ cd $(SNAP)/.. ; for dir in openssl* ; do \
+ echo Updating $$dir ; ( cd $$dir ; git pull $(QUIET) ) ; \
+ done
+ git pull $(QUIET)
+ $(MAKE)

# To be fixed.
hack-source_htaccess:
exit 1;

+# Legacy targets
+simple: all
+generated: all
+manpages: all
+rebuild: all
+
clean:
rm -f $(SIMPLE)

[Rich Salz]

The branch master has been updated

via c4ec6409d5d46ef41047d2085814534c7ad53e54 (commit)
from 03e725858a77a8d76452903516c2529fd30c6f40 (commit)


- Log -----------------------------------------------------------------
commit c4ec6409d5d46ef41047d2085814534c7ad53e54
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 13:55:10 2015 -0400

Remove HOWTO (for now?), old URL patching.

-----------------------------------------------------------------------

Summary of changes:
docs/.htaccess | 4 ++++
docs/HOWTO/index.wml | 17 -----------------
source/sidebar.inc | 9 +++++----
3 files changed, 9 insertions(+), 21 deletions(-)
create mode 100644 docs/.htaccess
delete mode 100644 docs/HOWTO/index.wml

diff --git a/docs/.htaccess b/docs/.htaccess
new file mode 100644
index 0000000..fa6d11a
--- /dev/null
+++ b/docs/.htaccess
@@ -0,0 +1,4 @@
+RewriteEngine on
+RewriteBase /docs
+RewriteRule fips fips.html [L,R=302,NC]
+RewriteRule fips/* fips.html [L,R=302,NC]
diff --git a/docs/HOWTO/index.wml b/docs/HOWTO/index.wml
deleted file mode 100644
index b1c5336..0000000
--- a/docs/HOWTO/index.wml
+++ /dev/null
@@ -1,17 +0,0 @@
-
-#use wml::openssl area=documents page=HOWTO
-
-<title>Documents, HOWTO's</title>
-
-<h1>HOWTO's</h1>
-
-Here you can find a number of howto's. These howto's are also part of the
-OpenSSL distribution, in <tt>doc/HOWTO/</tt>.
-
-<p>
-<filelist *.txt>
-
-<h2>Legalities</h2>
-
-<disclaimer>
-
diff --git a/source/sidebar.inc b/source/sidebar.inc
index 7b631e5..96eafc9 100644
--- a/source/sidebar.inc
+++ b/source/sidebar.inc
@@ -1,16 +1,17 @@
<!-- sidebar.inc -->
+<!-- This needs full paths since the subdirs include this navbar. -->
<aside class="sidebar">
<section>
- <h1><a href=".">Downloads</a></h1>
+ <h1><a href="/source">Downloads</a></h1>
<ul>
<li>
- <a href="gitrepo.html">Git Repository</a>
+ <a href="/source/gitrepo.html">Git Repository</a>
</li>
<li>
- <a href="license.html">License</a>
+ <a href="/source/license.html">License</a>
</li>
<li>
- <a href="old">Old Releases</a>
+ <a href="/source/old">Old Releases</a>
</li>

<li>
<a href="mirror.html">Mirror Sites</a>

[Rich Salz]

The branch master has been updated

via 173047539a218cb383c451ec64f14fb9179f311d (commit)
from c4ec6409d5d46ef41047d2085814534c7ad53e54 (commit)


- Log -----------------------------------------------------------------
commit 173047539a218cb383c451ec64f14fb9179f311d
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 14:08:50 2015 -0400

More work on old release URL's

-----------------------------------------------------------------------

Summary of changes:
Makefile | 2 +-

docs/.htaccess | 6 ++++--
source/old/0.9.x/index.html | 10 +++++++++-
source/old/1.0.0/index.html | 10 +++++++++-
source/old/1.0.1/index.html | 10 +++++++++-
source/old/1.0.2/index.html | 10 +++++++++-
source/old/fips/index.html | 10 +++++++++-
7 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 1028456..19d203c 100644
--- a/Makefile
+++ b/Makefile
@@ -90,7 +90,7 @@ source/index.inc:

source/old/0.9.x/index.inc:
@rm -f $@
- ./bin/mk-filelist source/old/0.9.8 '' '*.gz' >$@
+ ./bin/mk-filelist source/old/0.9.x '' '*.gz' >$@
source/old/1.0.0/index.inc:
@rm -f $@
./bin/mk-filelist source/old/1.0.0 '' '*.gz' >$@
diff --git a/docs/.htaccess b/docs/.htaccess
index fa6d11a..39c9d22 100644
--- a/docs/.htaccess
+++ b/docs/.htaccess
@@ -1,4 +1,6 @@
RewriteEngine on
RewriteBase /docs
-RewriteRule fips fips.html [L,R=302,NC]
-RewriteRule fips/* fips.html [L,R=302,NC]
+RewriteRule fips/ fips.html [L,R=302,NC]
+RewriteRule fips/fipsnotes.html fips.html [L,R=302,NC]
+RewriteRule docs/fips/fipsvalidation.html fips.html [L,R=302,NC]
+RewriteRule docs/fips/index.html fips.html [L,R=302,NC]
diff --git a/source/old/0.9.x/index.html b/source/old/0.9.x/index.html
index 07b991f..aa1e633 100644
--- a/source/old/0.9.x/index.html
+++ b/source/old/0.9.x/index.html
@@ -10,7 +10,15 @@
<header><h2>Old 0.9.x Releases</h2></header>
<div class="entry-content">
<p>Here are the old 0.9.x releases.</p>
- <!--#include virtual="index.inc" -->
+ <table>
+ <tr>
+ <td>KBytes&nbsp;</td>
+ <td>Date&nbsp;&nbsp;</td>
+ <td>File&nbsp;</td>
+ </tr>
+ <!--#include virtual="index.inc" -->
+ </table>
+ <p>&nbsp;</p>
</div>

<footer>
You are here: <a href="/">Home</a>

diff --git a/source/old/1.0.0/index.html b/source/old/1.0.0/index.html
index 2fae25b..efbb214 100644
--- a/source/old/1.0.0/index.html
+++ b/source/old/1.0.0/index.html
@@ -10,7 +10,15 @@
<header><h2>Old 1.0.0 Releases</h2></header>
<div class="entry-content">

<p>Here are the old 1.0.0 releases.</p>

- <!--#include virtual="index.inc" -->
+ <table>
+ <tr>
+ <td>KBytes&nbsp;</td>
+ <td>Date&nbsp;&nbsp;</td>
+ <td>File&nbsp;</td>
+ </tr>
+ <!--#include virtual="index.inc" -->
+ </table>
+ <p>&nbsp;</p>
</div>

<!--#include virtual="/inc/legalities.inc" -->
<footer>

diff --git a/source/old/1.0.1/index.html b/source/old/1.0.1/index.html
index eb2121d..cf46c10 100644
--- a/source/old/1.0.1/index.html
+++ b/source/old/1.0.1/index.html
@@ -10,7 +10,15 @@
<header><h2>Old 1.0.1 Releases</h2></header>
<div class="entry-content">

<p>Here are the old 1.0.1 releases.</p>

- <!--#include virtual="index.inc" -->
+ <table>
+ <tr>
+ <td>KBytes&nbsp;</td>
+ <td>Date&nbsp;&nbsp;</td>
+ <td>File&nbsp;</td>
+ </tr>
+ <!--#include virtual="index.inc" -->
+ </table>
+ <p>&nbsp;</p>
</div>

<!--#include virtual="/inc/legalities.inc" -->
<footer>

diff --git a/source/old/1.0.2/index.html b/source/old/1.0.2/index.html
index 8ed017a..9934b85 100644
--- a/source/old/1.0.2/index.html
+++ b/source/old/1.0.2/index.html
@@ -10,7 +10,15 @@
<header><h2>Old 1.0.2 Releases</h2></header>
<div class="entry-content">

<p>Here are the old 1.0.2 releases.</p>

- <!--#include virtual="index.inc" -->
+ <table>
+ <tr>
+ <td>KBytes&nbsp;</td>
+ <td>Date&nbsp;&nbsp;</td>
+ <td>File&nbsp;</td>
+ </tr>
+ <!--#include virtual="index.inc" -->
+ </table>
+ <p>&nbsp;</p>
</div>

<!--#include virtual="/inc/legalities.inc" -->
<footer>

diff --git a/source/old/fips/index.html b/source/old/fips/index.html
index 80385d7..933374a 100644
--- a/source/old/fips/index.html
+++ b/source/old/fips/index.html
@@ -10,7 +10,15 @@
<header><h2>Old XXX Releases</h2></header>
<div class="entry-content">

<p>Here are the old xxx releases.</p>

- <!--#include virtual="index.inc" -->
+ <table>
+ <tr>
+ <td>KBytes&nbsp;</td>
+ <td>Date&nbsp;&nbsp;</td>
+ <td>File&nbsp;</td>
+ </tr>
+ <!--#include virtual="index.inc" -->
+ </table>
+ <p>&nbsp;</p>
</div>

<!--#include virtual="/inc/legalities.inc" -->
<footer>

[Rich Salz]

The branch master has been updated

via 89738db3a78e48c58284fa9f69abcbbf56a1b4cc (commit)
from 173047539a218cb383c451ec64f14fb9179f311d (commit)


- Log -----------------------------------------------------------------
commit 89738db3a78e48c58284fa9f69abcbbf56a1b4cc
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 14:19:14 2015 -0400

mv some files, fix some links.

-----------------------------------------------------------------------

Summary of changes:
Makefile | 2 +-

getnames.pl => bin/getnames.pl | 0
run-pod2html.sh => bin/run-pod2html.sh | 0
community/sidebar.inc | 2 +-
docs/fips.html | 2 +-
policies/cla.html | 2 +-
source/old/fips/index.html | 4 ++--
7 files changed, 6 insertions(+), 6 deletions(-)
rename getnames.pl => bin/getnames.pl (100%)
rename run-pod2html.sh => bin/run-pod2html.sh (100%)

diff --git a/Makefile b/Makefile
index 19d203c..23d0275 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ manpages: all
rebuild: all

clean:
- rm -f $(SIMPLE)
+ rm -f $(SIMPLE) $(SRCLISTS)

newsflash.inc: news/newsflash.inc
@rm -f $@
diff --git a/getnames.pl b/bin/getnames.pl
similarity index 100%
rename from getnames.pl
rename to bin/getnames.pl
diff --git a/run-pod2html.sh b/bin/run-pod2html.sh
similarity index 100%
rename from run-pod2html.sh
rename to bin/run-pod2html.sh
diff --git a/community/sidebar.inc b/community/sidebar.inc
index 4cbbebb..7017277 100644
--- a/community/sidebar.inc
+++ b/community/sidebar.inc
@@ -19,7 +19,7 @@
<a href="http://wiki.openssl.org">Wiki</a>
</li>
<li>
- <a href="http://www.openssl.org/blog">Blog</a>
+ <a href="/blog">Blog</a>
</li>
<li>
<a href="binaries.html">Binaries</a>
diff --git a/docs/fips.html b/docs/fips.html
index 61b4378..a942515 100644
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -33,7 +33,7 @@
includes the largest number of formally tested platforms for any
validated module.</p>

- The <a href="http://www.openssl.org/source/openssl-fips-2.0.1.tar.gz">source code</a> and
+ The <a href="/source/openssl-fips-2.0.1.tar.gz">source code</a> and
<a href="fips/UserGuide-2.0.pdf">User Guide</a> are available.
Here is the complete set of files:</p>

diff --git a/policies/cla.html b/policies/cla.html
index 77ff892..a13319c 100644
--- a/policies/cla.html
+++ b/policies/cla.html
@@ -13,7 +13,7 @@
<div class="entry-content">
<p>
As we described in
- <a href="http://www.openssl.org/blog/blog/2015/08/01/cla/">a recent blog post</a>,
+ <a href="/blog/blog/2015/08/01/cla/">a blog post</a>,
we will soon require almost every
contributor to have a signed Contributor License Agreement (CLA)
on file. We are following the practice of
diff --git a/source/old/fips/index.html b/source/old/fips/index.html
index 933374a..a5058b2 100644
--- a/source/old/fips/index.html
+++ b/source/old/fips/index.html
@@ -7,9 +7,9 @@
<div id="content">
<div class="blog-index">
<article>
- <header><h2>Old XXX Releases</h2></header>
+ <header><h2>Old FIPS Releases</h2></header>
<div class="entry-content">
- <p>Here are the old xxx releases.</p>
+ <p>Here are the old FIPS releases.</p>
<table>
<tr>
<td>KBytes&nbsp;</td>

[Rich Salz]

The branch master has been updated

via b4ff83c2d59972634c1fb5cec296e8b4b4217c55 (commit)
from 89738db3a78e48c58284fa9f69abcbbf56a1b4cc (commit)


- Log -----------------------------------------------------------------
commit b4ff83c2d59972634c1fb5cec296e8b4b4217c55
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 14:33:52 2015 -0400

CLA PDF's moved

-----------------------------------------------------------------------

Summary of changes:
.htaccess | 3 +++
bin/mk-sitemap | 4 +++-
licenses/openssl_ccla.pdf | Bin 37962 -> 0 bytes
licenses/openssl_icla.pdf | Bin 37290 -> 0 bytes
4 files changed, 6 insertions(+), 1 deletion(-)
delete mode 100644 licenses/openssl_ccla.pdf
delete mode 100644 licenses/openssl_icla.pdf

diff --git a/.htaccess b/.htaccess
index ac417dd..62a857a 100644
--- a/.htaccess
+++ b/.htaccess
@@ -4,6 +4,9 @@ RewriteEngine on

Options +ExecCGI +FollowSymLinks

+RewriteRule licenses/openssl_ccla.pdf policies/openssl_ccla.pdf
+RewriteRule licenses/openssl_icla.pdf policies/openssl_icla.pdf
+
<Files *.md5>
ForceType application/binary
</Files>
diff --git a/bin/mk-sitemap b/bin/mk-sitemap
index d53d3cb..ee76444 100755
--- a/bin/mk-sitemap
+++ b/bin/mk-sitemap
@@ -9,6 +9,8 @@ dodir()
my @files = ();
my @dirs = ();

+ return if $dir eq 'source/old' || $dir eq 'docs/fips';
+
foreach my $entry ( glob($dir . "/*")) {
if (-f $entry ) {
next unless $entry =~ m/.*\.(html|pdf|txt|png)$/;
@@ -26,7 +28,7 @@ dodir()

foreach my $entry ( @dirs) {
$entry =~ s@^\.\/@@;
- next if $entry =~ m/.git|inc|img|bin/;
+ next if $entry =~ m/.git|inc|img|bin|blog/;
next if $entry =~ m/secadv/;
my $simple = $entry;
$simple =~ s@.*/@@;
diff --git a/licenses/openssl_ccla.pdf b/licenses/openssl_ccla.pdf
deleted file mode 100644
index 031ed4c..0000000
Binary files a/licenses/openssl_ccla.pdf and /dev/null differ
diff --git a/licenses/openssl_icla.pdf b/licenses/openssl_icla.pdf
deleted file mode 100644
index 798b231..0000000
Binary files a/licenses/openssl_icla.pdf and /dev/null differ

[Rich Salz]

The branch master has been updated

via 177bf95046063c83c2e0fca944acde7da178824d (commit)
from b4ff83c2d59972634c1fb5cec296e8b4b4217c55 (commit)


- Log -----------------------------------------------------------------
commit 177bf95046063c83c2e0fca944acde7da178824d
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 14:41:13 2015 -0400

Remove old images, broken link, mv OCB license

-----------------------------------------------------------------------

Summary of changes:
images/misc-new.gif | Bin 111 -> 0 bytes
images/misc-space.imgdot-1x1-transp-ffffff.gif | Bin 43 -> 0 bytes
images/misc-space.imgdot-1x1-transp.gif | Bin 43 -> 0 bytes
images/smartisan-logo-med.jpg | Bin 6744 -> 0 bytes
{images => img}/symantec-logo-large.jpg | Bin
news/secadv/20130204.txt | 1 -
{docs/misc => source}/OCB-patent-grant-OpenSSL.pdf | Bin
source/sidebar.inc | 10 ++++++++--
8 files changed, 8 insertions(+), 3 deletions(-)
delete mode 100644 images/misc-new.gif
delete mode 100644 images/misc-space.imgdot-1x1-transp-ffffff.gif
delete mode 100644 images/misc-space.imgdot-1x1-transp.gif
delete mode 100644 images/smartisan-logo-med.jpg
rename {images => img}/symantec-logo-large.jpg (100%)
delete mode 120000 news/secadv/20130204.txt
rename {docs/misc => source}/OCB-patent-grant-OpenSSL.pdf (100%)

diff --git a/images/misc-new.gif b/images/misc-new.gif
deleted file mode 100644
index ede003b..0000000
Binary files a/images/misc-new.gif and /dev/null differ
diff --git a/images/misc-space.imgdot-1x1-transp-ffffff.gif b/images/misc-space.imgdot-1x1-transp-ffffff.gif
deleted file mode 100644
index 35d42e8..0000000
Binary files a/images/misc-space.imgdot-1x1-transp-ffffff.gif and /dev/null differ
diff --git a/images/misc-space.imgdot-1x1-transp.gif b/images/misc-space.imgdot-1x1-transp.gif
deleted file mode 100644
index 5bfd67a..0000000
Binary files a/images/misc-space.imgdot-1x1-transp.gif and /dev/null differ
diff --git a/images/smartisan-logo-med.jpg b/images/smartisan-logo-med.jpg
deleted file mode 100644
index aea6e25..0000000
Binary files a/images/smartisan-logo-med.jpg and /dev/null differ
diff --git a/images/symantec-logo-large.jpg b/img/symantec-logo-large.jpg
similarity index 100%
rename from images/symantec-logo-large.jpg
rename to img/symantec-logo-large.jpg
diff --git a/news/secadv/20130204.txt b/news/secadv/20130204.txt
deleted file mode 120000
index 05a9e9e..0000000
--- a/news/secadv/20130204.txt
+++ /dev/null
@@ -1 +0,0 @@
-secadv_20130205.txt
\ No newline at end of file
diff --git a/docs/misc/OCB-patent-grant-OpenSSL.pdf b/source/OCB-patent-grant-OpenSSL.pdf
similarity index 100%
rename from docs/misc/OCB-patent-grant-OpenSSL.pdf
rename to source/OCB-patent-grant-OpenSSL.pdf
diff --git a/source/sidebar.inc b/source/sidebar.inc
index 96eafc9..6862589 100644
--- a/source/sidebar.inc
+++ b/source/sidebar.inc
@@ -1,7 +1,10 @@
<!-- sidebar.inc -->
-<!-- This needs full paths since the subdirs include this navbar. -->
<aside class="sidebar">
<section>
+ <!-- What I tell you three times is true: -->
+ <!-- THIS NEEDS FULL PATHS SINCE THE SUBDIRS INCLUDE THIS NAVBAR. -->
+ <!-- THIS NEEDS FULL PATHS SINCE THE SUBDIRS INCLUDE THIS NAVBAR. -->
+ <!-- THIS NEEDS FULL PATHS SINCE THE SUBDIRS INCLUDE THIS NAVBAR. -->

<h1><a href="/source">Downloads</a></h1>
<ul>
<li>

@@ -11,10 +14,13 @@

<a href="/source/license.html">License</a>
</li>
<li>

+ <a href="/source/OCB-patent-grant-OpenSSL.pdf">OCB License</a>
+ </li>
+ <li>
<a href="/source/old">Old Releases</a>
</li>
<li>
- <a href="mirror.html">Mirror Sites</a>
+ <a href="/source/mirror.html">Mirror Sites</a>
</li>
</ul>
</section>

[Rich Salz]

The branch master has been updated

via 39107644a019885ccdef15ae1033550d45e5e932 (commit)
from 177bf95046063c83c2e0fca944acde7da178824d (commit)


- Log -----------------------------------------------------------------
commit 39107644a019885ccdef15ae1033550d45e5e932
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 15:26:02 2015 -0400

Create "latest" links

And the last of WML is gone gone gone!

-----------------------------------------------------------------------

Summary of changes:
.gitignore | 2 +-
Makefile | 9 +++++----
bin/mk-latest | 48 ++++++++++++++++++++++++++++++++++++++++++++++
source/.htaccess.wml | 54 ----------------------------------------------------
4 files changed, 54 insertions(+), 59 deletions(-)
create mode 100755 bin/mk-latest
delete mode 100644 source/.htaccess.wml

diff --git a/.gitignore b/.gitignore
index f448120..2c89231 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,7 +6,7 @@ docs/faq.txt
news/changelog.txt
news/vulnerabilities.html
source/license.txt
-docs/HOWTO/*.txt
+source/.htaccess
source/*.gz*
source/*.patch
source/old/*/*.tar.gz*
diff --git a/Makefile b/Makefile
index 23d0275..ab069ec 100644
--- a/Makefile
+++ b/Makefile
@@ -13,6 +13,7 @@ SIMPLE = newsflash.inc sitemap.txt \
news/changelog.inc news/changelog.txt \
news/newsflash.inc \
news/vulnerabilities.inc \
+ source/.htaccess \
source/license.txt \
source/index.inc
SRCLISTS = \
@@ -36,11 +37,8 @@ relupd: all
git pull $(QUIET)
$(MAKE)

-# To be fixed.
-hack-source_htaccess:
- exit 1;
-
# Legacy targets
+hack-source_htaccess: all
simple: all
generated: all
manpages: all
@@ -81,6 +79,9 @@ docs/fips.inc:
@rm -f $@
./bin/mk-filelist docs/fips fips/ '*' >$@

+source/.htaccess:
+ @rm -f @?
+ ./bin/mk-latest >$@
source/license.txt: $(SNAP)/LICENSE
@rm -f $@
cp $? $@
diff --git a/bin/mk-latest b/bin/mk-latest
new file mode 100755
index 0000000..519c353
--- /dev/null
+++ b/bin/mk-latest
@@ -0,0 +1,48 @@
+#! /usr/bin/perl -w
+use strict;
+
+my @tarballs =
+ sort grep /openssl-\d+\.\d+\.\d+[a-z]*\.tar\.gz$/, glob("openssl-*.tar.gz");
+my %series = ();
+foreach(@tarballs) {
+ my ($version, $serie) = /^openssl-((\d+\.\d+\.\d+)[a-z]*)\./;
+ $series{$serie} = $_;
+}
+my $latest = $series{ (reverse sort keys %series)[0] };
+
+print "RewriteEngine on\n";
+print "RewriteBase /source\n";
+print "# First, rewrite all the 'latest' URLs\n";
+print "RewriteRule ^latest.tar.gz\$ $latest [L,R=302,NC]\n";
+
+foreach (sort keys %series) {
+ my $rule = "openssl-$_-latest.tar.gz";
+ #don't bother: $rule =~ s|\.|\\.|g;
+ my $target = $series{$_};
+ print "RewriteRule ^$rule\$ $target [L,R=302,NC]\n";
+}
+
+print <<\EOF
+
+# Old distro's are in subdirs.
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule (openssl-0\.9\.8.*) old/0.9.x/$1 [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule openssl-(1\.0\.2.*) old/1.0.1/openssl-$1 [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule openssl-(fips.*) old/fips/openssl-$1 [L]
+
+<Files *.gz.asc>
+ RemoveEncoding .gz
+</Files>
+<Files *.gz.md5>
+ RemoveEncoding .gz
+</Files>
+<Files *.gz.sha1>
+ RemoveEncoding .gz
+</Files>
+EOF
diff --git a/source/.htaccess.wml b/source/.htaccess.wml
deleted file mode 100644
index 23ccfd7..0000000
--- a/source/.htaccess.wml
+++ /dev/null
@@ -1,54 +0,0 @@
-<protect>##
-## .htaccess -- Apache per-dir config
-##
-
-RewriteEngine on
-
-RewriteBase /source
-
-# First, rewrite all the 'latest' URLs</protect>
-<:{
- my @tarballs =
- sort grep /openssl-\d+\.\d+\.\d+[a-z]*\.tar\.gz$/, glob("openssl-*.tar.gz");
- my %series = ();
- foreach(@tarballs) {
- my ($version, $serie) = /^openssl-((\d+\.\d+\.\d+)[a-z]*)\./;
- $series{$serie} = $_;
- }
-
- my $latest = $series{ (reverse sort keys %series)[0] };
- print "RewriteRule ^latest\\.tar\\.gz\$ $latest [L,R=302,NC]\n";
-
- foreach (sort keys %series) {
- my $rule = "openssl-$_-latest.tar.gz"; $rule =~ s|\.|\\.|g;
- my $target = $series{$_};
- print "RewriteRule ^$rule\$ $target [L,R=302,NC]\n";
- }
-}:>
-<protect>
-# Old distro's are in subdirs.
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule (openssl-0\.9\.8.*) old/0.9.x/$1 [L]
-
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L]
-
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L]
-
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule openssl-(1\.0\.2.*) old/1.0.1/openssl-$1 [L]
-
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule openssl-(fips.*) old/fips/openssl-$1 [L]
-
-<Files *.gz.asc>
- RemoveEncoding .gz
-</Files>
-<Files *.gz.md5>
- RemoveEncoding .gz
-</Files>
-<Files *.gz.sha1>
- RemoveEncoding .gz
-</Files>
-</protect>

[Rich Salz]

The branch master has been updated

via 4e03b7d918207bb1f9a80295b3cc70986dfc1f05 (commit)
from 39107644a019885ccdef15ae1033550d45e5e932 (commit)


- Log -----------------------------------------------------------------
commit 4e03b7d918207bb1f9a80295b3cc70986dfc1f05
Author: Rich Salz <rs...@akamai.com>
Date: Sat Aug 15 21:25:06 2015 -0400

fix mk-latest

-----------------------------------------------------------------------

Summary of changes:
Makefile | 2 +-

bin/mk-latest | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index ab069ec..4f48bd5 100644
--- a/Makefile
+++ b/Makefile
@@ -81,7 +81,7 @@ docs/fips.inc:

source/.htaccess:
@rm -f @?
- ./bin/mk-latest >$@
+ ./bin/mk-latest source >$@

source/license.txt: $(SNAP)/LICENSE
@rm -f $@
cp $? $@
diff --git a/bin/mk-latest b/bin/mk-latest

index 519c353..14f586f 100755
--- a/bin/mk-latest
+++ b/bin/mk-latest
@@ -1,8 +1,16 @@
#! /usr/bin/perl -w
use strict;

+die "Missing args\n" if $#ARGV < 0;
+my $SRCDIR = $ARGV[0]; shift;
+
+chdir $SRCDIR || die "Can't chdir $SRCDIR, $!";
+

my @tarballs =
- sort grep /openssl-\d+\.\d+\.\d+[a-z]*\.tar\.gz$/, glob("openssl-*.tar.gz");

+ sort grep /openssl-\d+\.\d+\.\d+[a-z]*\.tar\.gz$/,

+ glob("openssl-*.tar.gz");
+die "No tgz files found in $SRCDIR?\n" if $#tarballs < 1;
+
my %series = ();
foreach(@tarballs) {

my ($version, $serie) = /^openssl-((\d+\.\d+\.\d+)[a-z]*)\./;

[Rich Salz]

The branch master has been updated

via 51bd993076419bff35c388606e25d3996f65e225 (commit)
from a98bd690c360dcb61e000dd9c0d3a43bc5c39ac5 (commit)


- Log -----------------------------------------------------------------
commit 51bd993076419bff35c388606e25d3996f65e225
Author: Rich Salz <rs...@akamai.com>
Date: Mon Aug 17 13:03:25 2015 -0400

fix typo

-----------------------------------------------------------------------

Summary of changes:
docs/fips.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/fips.html b/docs/fips.html
index ecf4157..84be232 100644
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -35,7 +35,7 @@

The <a href="/source/openssl-fips-2.0.9.tar.gz">source code</a>,
<a href="fips/UserGuide-2.0.pdf">User Guide</a>, and
- <a href="fips/SecurityPolicy-2.0.9.pdf">Secure Policy</a>
+ <a href="fips/SecurityPolicy-2.0.9.pdf">Security Policy</a>

are available.
Here is the complete set of files:</p>

[Rich Salz]

The branch master has been updated

via 482ff77fec76d1610466d8b36bf2d37a9fd0349a (commit)
from 95690a5c283c96369fa5eb1db874ff9141eb8fce (commit)


- Log -----------------------------------------------------------------
commit 482ff77fec76d1610466d8b36bf2d37a9fd0349a
Author: Rich Salz <rs...@akamai.com>
Date: Mon Aug 17 11:54:54 2015 -0400

move #include to right place

-----------------------------------------------------------------------

Summary of changes:
source/old/0.9.x/index.html | 6 ++----
source/old/1.0.0/index.html | 2 +-
source/old/1.0.1/index.html | 2 +-
source/old/1.0.2/index.html | 2 +-
source/old/fips/index.html | 2 +-
5 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/source/old/0.9.x/index.html b/source/old/0.9.x/index.html
index 6d13cf6..f66199b 100644
--- a/source/old/0.9.x/index.html
+++ b/source/old/0.9.x/index.html
@@ -19,8 +19,8 @@
<!--#include virtual="index.inc" -->
</table>
<p>&nbsp;</p>

+ <!--#include virtual="/inc/legalities.inc" -->

</div>
- <!--#include virtual="../../sidebar.inc" -->

<footer>
You are here: <a href="/">Home</a>

: <a href="/source">Downloads</a>
@@ -28,11 +28,9 @@
: <a href="">0.9.x</a>

<br/><a href="/sitemap.txt">Sitemap</a>
</footer>

- <!--#include virtual="/inc/legalities.inc" -->

</article>
-
-
</div>

+ <!--#include virtual="../../sidebar.inc" -->
</div>

</div>
diff --git a/source/old/1.0.0/index.html b/source/old/1.0.0/index.html
index 4cdfc1a..125ef28 100644
--- a/source/old/1.0.0/index.html
+++ b/source/old/1.0.0/index.html
@@ -19,8 +19,8 @@
<!--#include virtual="index.inc" -->
</table>
<p>&nbsp;</p>

+ <!--#include virtual="/inc/legalities.inc" -->

</div>
- <!--#include virtual="/inc/legalities.inc" -->
<footer>

You are here: <a href="/">Home</a>

: <a href="/source">Downloads</a>
diff --git a/source/old/1.0.1/index.html b/source/old/1.0.1/index.html
index b90c9ce..627193c 100644
--- a/source/old/1.0.1/index.html
+++ b/source/old/1.0.1/index.html
@@ -19,8 +19,8 @@
<!--#include virtual="index.inc" -->
</table>
<p>&nbsp;</p>

+ <!--#include virtual="/inc/legalities.inc" -->

</div>
- <!--#include virtual="/inc/legalities.inc" -->
<footer>

You are here: <a href="/">Home</a>

: <a href="/source">Downloads</a>
diff --git a/source/old/1.0.2/index.html b/source/old/1.0.2/index.html
index e07fea5..930d2bf 100644
--- a/source/old/1.0.2/index.html
+++ b/source/old/1.0.2/index.html
@@ -19,8 +19,8 @@
<!--#include virtual="index.inc" -->
</table>
<p>&nbsp;</p>

+ <!--#include virtual="/inc/legalities.inc" -->

</div>
- <!--#include virtual="/inc/legalities.inc" -->
<footer>

You are here: <a href="/">Home</a>

: <a href="/source">Downloads</a>
diff --git a/source/old/fips/index.html b/source/old/fips/index.html
index a04d6a6..4842af3 100644
--- a/source/old/fips/index.html
+++ b/source/old/fips/index.html
@@ -19,8 +19,8 @@
<!--#include virtual="index.inc" -->
</table>
<p>&nbsp;</p>

+ <!--#include virtual="/inc/legalities.inc" -->

</div>
- <!--#include virtual="/inc/legalities.inc" -->
<footer>

You are here: <a href="/">Home</a>

: <a href="/source">Downloads</a>

[Tim Hudson]

The branch master has been updated

via dfba17b4f3b2f87b50f2251a608d1911bfd202bc (commit)
via 686e344918229cae90562384c01606ba88ed51ba (commit)
from eb647452eb73be491521980f45582c63f7194521 (commit)


- Log -----------------------------------------------------------------
commit dfba17b4f3b2f87b50f2251a608d1911bfd202bc
Author: Tim Hudson <t...@openssl.org>
Date: Mon Aug 17 22:20:06 2015 +1000

Restore previous behaviour of only running one algorithm when -evp alg is used.

Submitted by: Eric Young <e...@pobox.com>
Reviewed-by: Ben Laurie <b...@openssl.org>

commit 686e344918229cae90562384c01606ba88ed51ba
Author: Tim Hudson <t...@openssl.org>
Date: Mon Aug 17 22:16:39 2015 +1000

restore usage of -elapsed that was disabled in the ifdef reorg

Reviewed-by: Ben Laurie <b...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
apps/speed.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index ca93d2c..b4722f1 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -364,10 +364,8 @@ OPTIONS speed_options[] = {
{"mr", OPT_MR, '-', "Produce machine readable output"},
{"mb", OPT_MB, '-'},
{"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
-#if defined(TIMES) || defined(USE_TOD)
{"elapsed", OPT_ELAPSED, '-',
"Measure time in real time instead of CPU user time"},
-#endif
#ifndef NO_FORK
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
#endif
@@ -755,9 +753,6 @@ int speed_main(int argc, char **argv)
long ecdh_c[EC_NUM][2];
int ecdh_doit[EC_NUM];
#endif
-#ifndef TIMES
- usertime = -1;
-#endif

memset(results, 0, sizeof(results));
#ifndef OPENSSL_NO_DSA
@@ -949,7 +944,7 @@ int speed_main(int argc, char **argv)
#endif

/* No parameters; turn on everything. */
- if (argc == 0) {
+ if ((argc == 0) && !doit[D_EVP]) {
for (i = 0; i < ALGOR_NUM; i++)
if (i != D_EVP)
doit[i] = 1;

[Rich Salz]

The branch master has been updated

via 1fe9edb17942f938e6035129ede62a5a27866bd3 (commit)
via 0fe00acd768dbc5785677d0ef375bf4580a7f9d5 (commit)
from a845a6aabc995d32f3337666ac13f731d9a1bbaf (commit)

- Log -----------------------------------------------------------------
commit 1fe9edb17942f938e6035129ede62a5a27866bd3
Author: Rich Salz <rs...@akamai.com>
Date: Sun Aug 16 19:36:03 2015 -0400

Fix FAQ links for new website

commit 0fe00acd768dbc5785677d0ef375bf4580a7f9d5
Author: Viktor Szakats <vsza...@users.noreply.github.com>
Date: Mon Aug 17 01:20:51 2015 +0200

use https URLs where available

Signed-off-by: Rich Salz <rs...@akamai.com>

-----------------------------------------------------------------------

Summary of changes:
bin/vulnerabilities.xsl | 2 +-
community/binaries.html | 4 ++--
community/index.html | 2 +-
community/mailinglists.html | 22 +++++++++++-----------
community/sidebar.inc | 2 +-
community/thanks.html | 2 +-
docs/faq.txt | 20 ++++++++++----------
docs/fips/privatelabel.html | 6 +++---
docs/fipsvalidation.html | 12 ++++++------
inc/head.inc | 2 +-
news/secadv/20130205.txt | 2 +-
policies/codingstyle.txt | 2 +-
source/mirror.html | 2 +-
source/mirror.inc | 31 -------------------------------
support/acks.html | 6 +++---
support/donations-cn.html | 2 +-
16 files changed, 44 insertions(+), 75 deletions(-)
delete mode 100644 source/mirror.inc

diff --git a/bin/vulnerabilities.xsl b/bin/vulnerabilities.xsl
index 83971a6..8c7b915 100644
--- a/bin/vulnerabilities.xsl
+++ b/bin/vulnerabilities.xsl
@@ -130,7 +130,7 @@
The Common Vulnerabilities and Exposures project
has assigned the name
</xsl:if>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-{@name}">CVE-<xsl:value-of select="@name"/> </a>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-{@name}">CVE-<xsl:value-of select="@name"/> </a>
<xsl:if test="@description = 'full'">
to this issue.
</xsl:if>
diff --git a/community/binaries.html b/community/binaries.html
index 7774af5..0842413 100644
--- a/community/binaries.html
+++ b/community/binaries.html
@@ -29,7 +29,7 @@
<dd>Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form
of self-install executables.
<a
- href="http://www.slproweb.com/products/Win32OpenSSL.html">http://www.slproweb.com/products/Win32OpenSSL.html</a>
+ href="https://slproweb.com/products/Win32OpenSSL.html">https://slproweb.com/products/Win32OpenSSL.html</a>
</dd>

<dt>OpenSSL for Windows</dt>
@@ -37,7 +37,7 @@
dependencies to the Microsoft Visual Studio Runtime DLLs, except
for the system provided msvcrt.dll.
<a
- href="http://indy.fulgan.com/SSL/">http://indy.fulgan.com/SSL/</a>
+ href="https://indy.fulgan.com/SSL/">https://indy.fulgan.com/SSL/</a>
</dd>

<dt>OpenSSL for Solaris</dt>
diff --git a/community/index.html b/community/index.html
index 9129cf4..b15110e 100644
--- a/community/index.html
+++ b/community/index.html
@@ -43,7 +43,7 @@
for information on how to report it.</p>

<p>We have set up a request tracker at
- <a href="https://rt.openssl.org">http://rt.openssl.org</a>,
+ <a href="https://rt.openssl.org">https://rt.openssl.org</a>,
with read-only access using <em>guest</em> as the name
and password.
Requests can be viewed on-line by using the following URL,
diff --git a/community/mailinglists.html b/community/mailinglists.html
index 5ca5d4c..a9197e8 100644
--- a/community/mailinglists.html
+++ b/community/mailinglists.html

@@ -13,7 +13,7 @@
<div class="entry-content">
<p>

Here is are the
- <a href="http://mta.openssl.org/">mailing lists</a> we run.
+ <a href="https://mta.openssl.org/">mailing lists</a> we run.
You must be a member of the list to post to it.
</p>

@@ -54,31 +54,31 @@
<tr><td>List</td><td>Archives</td></tr>
<tr><td>openssl-announce</td><td>
<a
- href="http://marc.info/?l=openssl-announce">http://marc.info/?l=openssl-announce</a><br>
+ href="https://marc.info/?l=openssl-announce">https://marc.info/?l=openssl-announce</a><br>
<a
- href="http://www.mail-archive.com/openssl-...@openssl.org/">http://www.mail-archive.com/openssl-...@openssl.org/</a>
+ href="https://www.mail-archive.com/openssl-...@openssl.org/">https://www.mail-archive.com/openssl-...@openssl.org/</a>
</td></tr>
<tr><td>openssl-users</td><td>
<a
- href="http://marc.info/?l=openssl-users">http://marc.info/?l=openssl-users</a><br>
+ href="https://marc.info/?l=openssl-users">https://marc.info/?l=openssl-users</a><br>
<a
- href="http://www.mail-archive.com/openss...@openssl.org/">http://www.mail-archive.com/openss...@openssl.org/</a><br>
+ href="https://www.mail-archive.com/openss...@openssl.org/">https://www.mail-archive.com/openss...@openssl.org/</a><br>
<a
- href="http://groups.google.com/groups?group=mailing.openssl.users">http://groups.google.com/groups?group=mailing.openssl.users</a><br>
+ href="https://groups.google.com/groups?group=mailing.openssl.users">https://groups.google.com/groups?group=mailing.openssl.users</a><br>
</td></tr>
<tr><td>openssl-dev</td><td>
<a
- href="http://marc.info/?l=openssl-dev">http://marc.info/?l=openssl-dev</a><br>
+ href="https://marc.info/?l=openssl-dev">https://marc.info/?l=openssl-dev</a><br>
<a
- href="http://www.mail-archive.com/opens...@openssl.org/">http://www.mail-archive.com/opens...@openssl.org/</a><br>
+ href="https://www.mail-archive.com/opens...@openssl.org/">https://www.mail-archive.com/opens...@openssl.org/</a><br>
<a
- href="http://groups.google.com/groups?group=mailing.openssl.dev">http://groups.google.com/groups?group=mailing.openssl.dev</a>
+ href="https://groups.google.com/groups?group=mailing.openssl.dev">https://groups.google.com/groups?group=mailing.openssl.dev</a>
</td></tr>
<tr><td>openssl-commits</td><td>
<a
- href="http://marc.info/?l=openssl-cvs">http://marc.info/?l=openssl-cvs</a>
+ href="https://marc.info/?l=openssl-cvs">https://marc.info/?l=openssl-cvs</a>
<a
- href="http://groups.google.com/groups?group=mailing.openssl.cvs">http://groups.google.com/groups?group=mailing.openssl.cvs</a>
+ href="https://groups.google.com/groups?group=mailing.openssl.cvs">https://groups.google.com/groups?group=mailing.openssl.cvs</a>
</table>
</div>
<footer>
diff --git a/community/sidebar.inc b/community/sidebar.inc
index 7017277..f975066 100644
--- a/community/sidebar.inc
+++ b/community/sidebar.inc
@@ -16,7 +16,7 @@
<a href="mailinglists.html">Mailing Lists</a>
</li>
<li>
- <a href="http://wiki.openssl.org">Wiki</a>
+ <a href="https://wiki.openssl.org">Wiki</a>
</li>
<li>

<a href="/blog">Blog</a>

diff --git a/community/thanks.html b/community/thanks.html
index 8433046..5e2ba3b 100644
--- a/community/thanks.html
+++ b/community/thanks.html
@@ -50,7 +50,7 @@

<li>Thanks to the IT Support Group of the Department of
Information Technology and Electrical Engineering at the
- <a href="http://www.ethz.ch/">Swiss Federal Institute of Technology Zurich</a>
+ <a href="https://www.ethz.ch/">Swiss Federal Institute of Technology Zurich</a>
(ETHZ) for providing the hardware and network resources
from 1998 to 2002.
</li>
diff --git a/docs/faq.txt b/docs/faq.txt
index 0ff792b..0197da3 100644
--- a/docs/faq.txt
+++ b/docs/faq.txt
@@ -84,7 +84,7 @@ OpenSSL - Frequently Asked Questions

* Which is the current version of OpenSSL?

-The current version is available from <URL: http://www.openssl.org>.
+The current version is available from <URL: https://www.openssl.org>.

In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -107,7 +107,7 @@ libssl are given in the crypto(3) and ssl(3) manpages.
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
different directory if you specified one as described in INSTALL).
In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>. Note that the online documents refer
+<URL: https://www.openssl.org/docs/>. Note that the online documents refer
to the very latest development versions of OpenSSL and may include features
not present in released versions. If in doubt refer to the documentation
that came with the version of OpenSSL you are using. The pod format
@@ -127,13 +127,13 @@ help, but please note that it reflects the obsolete version SSLeay

The README file describes how to submit bug reports and patches to
OpenSSL. Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
+<URL: https://www.openssl.org/community/mailinglists.html>.


* Where can I get a compiled version of OpenSSL?

You can finder pointers to binary distributions in
-<URL: http://www.openssl.org/about/binaries.html> .
+<URL: https://www.openssl.org/community/binaries.html> .

Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
@@ -167,7 +167,7 @@ Use MD5 to check that a tarball from a mirror site is identical:

You can check authenticity using pgp or gpg. You need the OpenSSL team
member public key used to sign it (download it from a key server, see a
-list of keys at <URL: http://www.openssl.org/about/>). Then
+list of keys at <URL: https://www.openssl.org/community/team.html>). Then
just do:

pgp TARBALL.asc
@@ -492,7 +492,7 @@ this increases the size of the default ClientHello message to more than
255 bytes in length. Some software cannot handle this and hangs. For more
details and workarounds see:

- <URL: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=2771>
+ <URL: https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=2771>


[BUILD] =======================================================================
@@ -697,9 +697,9 @@ of the machine code, which is essential for shared library support. For
some reason OpenBSD is equipped with an out-of-date GNU assembler which
finds the new code offensive. To work around the problem, configure with
no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
+according to <URL: https://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
+<URL: https://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
Reportedly elder *BSD a.out platforms also suffer from this problem and
remedy should be same. Provided binary is statically linked and should be
working across wider range of *BSD branches, not just OpenBSD.
@@ -770,7 +770,7 @@ accessed and if the issue has been addressed or a reason why not. If patches
are only sent to openssl-dev they can be mislaid if a team member has to
wade through months of old messages to review the discussion.

-See also <URL: http://www.openssl.org/support/rt.html>
+See also <URL: https://www.openssl.org/community>


* I've found a security issue, how do I report it?
@@ -780,7 +780,7 @@ openssl-...@openssl.org if you don't get a prompt reply at least
acknowledging receipt then resend or mail it directly to one of the
more active team members (e.g. Steve). If you wish to use PGP to send
in a report please use one or more of the keys of the team members listed
-at <URL: http://www.openssl.org/about/>
+at <URL: https://www.openssl.org/community/team.html>

Note that bugs only present in the openssl utility are not in general
considered to be security issues.
diff --git a/docs/fips/privatelabel.html b/docs/fips/privatelabel.html
index 00a9740..ab13f0b 100644
--- a/docs/fips/privatelabel.html
+++ b/docs/fips/privatelabel.html
@@ -24,7 +24,7 @@
money required to pursue new validations. As of 2015 we are no
longer performing any private label validations. The addition of
new platforms to the existing #1747 or <a
- href="http://openssl.com/fips/ransom.html">comparable</a>
+ href="https://openssl.com/fips/ransom.html">comparable</a>
validations is still possible and those validation actions are still
being performed.</p>

@@ -68,7 +68,7 @@

<p>We will handle all interaction with the accredited testing lab
and the <a
- href="http://csrc.nist.gov/groups/STM/cmvp/index.html">CMVP</a>.
+ href="https://csrc.nist.gov/groups/STM/cmvp/index.html">CMVP</a>.
You sign one contract with the OSF with half of the price due as a
down payment and the remainder due only when your certificate is <a
href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm">posted</a>
@@ -120,7 +120,7 @@

<hr>
<p>Interested? Contact
- <a href="http://openssl.com/fips">OpenSSL Software Services</a>.
+ <a href="https://openssl.com/fips">OpenSSL Software Services</a>.
</p>

</div>
diff --git a/docs/fipsvalidation.html b/docs/fipsvalidation.html
index 534c87b..f978210 100644
--- a/docs/fipsvalidation.html
+++ b/docs/fipsvalidation.html
@@ -27,7 +27,7 @@
Due to new requirements introduced in 2013 the current v2.0 Module
is no longer suitable as a reference for private label
validations; see the <a
- href="http://www.openssl.com/fips/ig95.html">I.G. 9.5 FAQ</a>.
+ href="https://www.openssl.com/fips/ig95.html">I.G. 9.5 FAQ</a>.
Due to earlier changes in the FIPS 140-2 validation requirements
the v1.2 Module is no longer be a suitable model for private label
validations in its current form past the year 2010; see the NIST <a
@@ -63,12 +63,12 @@

<hr>
<img src="/img/pkware-logo-med.jpg">
- <a href="http://www.pkware.com/">PKWARE, Inc.</a>, platform sponsor
+ <a href="https://www.pkware.com/">PKWARE, Inc.</a>, platform sponsor
(HPUX 11i on Itanium 32, 64 bit with asm optimisation)

<hr>
<img src="/img/cerberus-logo-med.jpg">
- <a href="http://www.cerberusftp.com/">Cerberus, LLC</a>, general sponsor
+ <a href="https://www.cerberusftp.com/">Cerberus, LLC</a>, general sponsor
<hr>
<img src="/img/DHS-logo-med.jpg">
<a href="http://www.cyber.st.dhs.gov/host.html">DHS Science and Technology Directorate-sponsored Homeland Open Security Technology (HOST) program</a>,
@@ -76,7 +76,7 @@

<hr>
<img src="/img/innominate-logo-med.jpg">
- <a href="http://www.innominate.com/">Innominate Security Technologies AG</a>,
+ <a href="https://www.innominate.com/">Innominate Security Technologies AG</a>,
platform sponsor (Linux on Freescale MPC8313)

<hr>
@@ -86,14 +86,14 @@

<hr>
<img src="/img/citrix-logo-med.jpg">
- <a href="http://www.citrix.com/">Citrix Systems, Inc.</a>,
+ <a href="https://www.citrix.com/">Citrix Systems, Inc.</a>,
platform sponsor (multiple platforms)

<hr>

<p>If you have an interest in sponsoring any changes or additions
to this validation please contact <a
- href="http://openssl.com/fips">OpenSSL Validation Services</a>.</p>
+ href="https://openssl.com/fips">OpenSSL Validation Services</a>.</p>
<p>Some commercial software vendors ask us "what do we gain from
sponsoring a validation that our competition can also use?". Our
answer is "nothing, if you think in terms of obstructing your
diff --git a/inc/head.inc b/inc/head.inc
index 9367a7f..e13a700 100644
--- a/inc/head.inc
+++ b/inc/head.inc
@@ -20,6 +20,6 @@
<link href="//fonts.googleapis.com/css?family=PT+Sans:regular,italic,bold,bolditalic" rel="stylesheet" type="text/css">

<!--[if lt IE 9]>
- <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+ <script src="https://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<!-- end -->
diff --git a/news/secadv/20130205.txt b/news/secadv/20130205.txt
index e7a46ae..4d4a610 100644
--- a/news/secadv/20130205.txt
+++ b/news/secadv/20130205.txt
@@ -59,5 +59,5 @@ References
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20130204.txt
Wikipedia AES-NI description:
-http://en.wikipedia.org/wiki/AES-NI
+https://en.wikipedia.org/wiki/AES-NI

diff --git a/policies/codingstyle.txt b/policies/codingstyle.txt
index 1b22575..ada3cbc 100644
--- a/policies/codingstyle.txt
+++ b/policies/codingstyle.txt
@@ -569,7 +569,7 @@ ISBN 0-201-61586-X.
URL: http://cm.bell-labs.com/cm/cs/tpop/

GNU manuals - where in compliance with K&R and this text - for cpp, gcc,
-gcc internals and indent, all available from http://www.gnu.org/manual/
+gcc internals and indent, all available from https://www.gnu.org/manual/

WG14 is the international standardization working group for the programming
language C, URL: http://www.open-std.org/JTC1/SC22/WG14/
diff --git a/source/mirror.html b/source/mirror.html
index 58e282b..04680d5 100644
--- a/source/mirror.html
+++ b/source/mirror.html
@@ -45,7 +45,7 @@
<tr><td>CA</td><td><a
href="http://openssl.skazkaforyou.com/">http://openssl.skazkaforyou.com/</a></td></tr>
<tr><td>CA</td><td><a
- href="http://openssl.raffsoftware.com/">http://openssl.raffsoftware.com/</a></td></tr>
+ href="https://openssl.raffsoftware.com/">https://openssl.raffsoftware.com/</a></td></tr>
<tr><td>DE</td><td><a
href="http://artfiles.org/openssl.org/">http://artfiles.org/openssl.org/</a></td></tr>

diff --git a/source/mirror.inc b/source/mirror.inc
deleted file mode 100644
index 4e8c7bf..0000000
--- a/source/mirror.inc
+++ /dev/null
@@ -1,31 +0,0 @@
-
-<ul type=square>
-<define-tag mirror>
-<preserve url>
-<preserve loc>
-<set-var %attributes>
-<li><a href="<get-var url>" rel="nofollow"><get-var url></a>
- &nbsp;&nbsp;[<get-var loc>]
-<restore loc>
-<restore url>
-</define-tag>
-
-<mirror url="ftp://ftp.openssl.org/source/" loc="DE">
-<mirror url="ftp://mirror.switch.ch/mirror/openssl/" loc="CH">
-<mirror url="http://mirror.switch.ch/ftp/mirror/openssl/" loc="CH">
-<mirror url="ftp://ftp.pca.dfn.de/pub/tools/net/openssl/" loc="DE">
-<mirror url="ftp://sunsite.uio.no/pub/security/openssl/" loc="NO">
-<mirror url="ftp://ftp.sunet.se/pub/security/tools/net/openssl/" loc="SE">
-<mirror url="ftp://gd.tuwien.ac.at/infosys/security/openssl/" loc="AT">
-<mirror url="ftp://ftp.kfki.hu/pub/packages/security/openssl/" loc="HU">
-<mirror url="ftp://guest.kuria.katowice.pl/pub/openssl/" loc="PL">
-<mirror url="ftp://ftp.fi.muni.cz/pub/openssl/" loc="CZ">
-<mirror url="ftp://ftp.linux.hr/pub/openssl/" loc="HR">
-<mirror url="http://openssl.initrd.net/" loc="DE">
-<mirror url="rsync://ftp.tpnet.pl/pub/security/openssl/" loc="PL">
-<mirror url="http://openssl.skazkaforyou.com/" loc="CA">
-<mirror url="http://openssl.raffsoftware.com/" loc="CA">
-<mirror url="http://artfiles.org/openssl.org/" loc="DE">
-
-</ul>
-
diff --git a/support/acks.html b/support/acks.html
index 1368ee1..d8eb88e 100644
--- a/support/acks.html
+++ b/support/acks.html
@@ -36,7 +36,7 @@
planning:</p>
<a href="http://company.nokia.com/en"><img src="/img/nokia-logo-med.jpg"></a>
<a href="http://www.huawei.com/"><img src="/img/huawei-logo-med.jpg"></a>
- <a href="http://www.oracle.com/"><img src="/img/oracle-logo-med.jpg"></a>
+ <a href="https://www.oracle.com/"><img src="/img/oracle-logo-med.jpg"></a>

<hr noshade size=1>
<p>Major sustaining support:</p>
@@ -45,7 +45,7 @@
<hr noshade size=1>
<p>Major support:</p>
<a href="https://www.globalsign.com/"><img src="/img/globalsign-logo-med.jpg"></a>
- <a href="http://www.qualys.com/"><img src="/img/qualsys-logo-med.jpg"></a>
+ <a href="https://www.qualys.com/"><img src="/img/qualsys-logo-med.jpg"></a>

<hr noshade size=1>
<p>Very significant support:</p>
@@ -53,7 +53,7 @@

<hr noshade size=1>
<p>Significant support:</p>
- <a href="http://www.psw.net/"><img src="/img/psw-logo.gif" alt="SSL-Zertifikate"></a>
+ <a href="https://www.psw.net/"><img src="/img/psw-logo.gif" alt="SSL-Zertifikate"></a>
<a href="https://miltonsecurity.com/"><img src="/img/milton-logo-med.jpg" alt="Milton Security"></a>
<a href="http://acano.com/"><img src="/img/acano-logo.jpg"></a>

diff --git a/support/donations-cn.html b/support/donations-cn.html
index 48b9c69..eefe8a9 100644
--- a/support/donations-cn.html
+++ b/support/donations-cn.html
@@ -45,7 +45,7 @@ Paypal中国
2. 注册成功后，在“我的Paypal”页面点击付款，付款种类请选择美元，Paypal中国会自动按美元支付但换算成人民币后扣款，您不必去银行兑换外币。在收款人处填写 “pay...@opensslfoundation.org”，然后按照网站指示操作即可完成捐款。
<br>
3. 你拥有Paypal中国账户后，也可在我们
-<a href="http://openssl.org/support/donations.html">
+<a href="https://openssl.org/support/donations.html">
网站的页面
</a>
按照捐款指南2操作，完成捐款。

[Rich Salz]

The branch master has been updated

via a98bd690c360dcb61e000dd9c0d3a43bc5c39ac5 (commit)
from 482ff77fec76d1610466d8b36bf2d37a9fd0349a (commit)


- Log -----------------------------------------------------------------
commit a98bd690c360dcb61e000dd9c0d3a43bc5c39ac5
Author: Rich Salz <rs...@akamai.com>
Date: Mon Aug 17 12:52:35 2015 -0400

update version fro 2.0.1 to 2.0.9

-----------------------------------------------------------------------

Summary of changes:
docs/fips.html | 8 +++++---
docs/fipsvalidation.html | 2 +-
2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/fips.html b/docs/fips.html
index a942515..ecf4157 100644
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -22,7 +22,7 @@


<p>The most recent open source based validation of a cryptographic
- module (Module) compatible with the OpenSSL libraries is v2.0.1,
+ module (Module) compatible with the OpenSSL libraries is v2.0.9,
FIPS 140-2 certificate <a
href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
This Module is documented in the
@@ -33,8 +33,10 @@

includes the largest number of formally tested platforms for any
validated module.</p>

- The <a href="/source/openssl-fips-2.0.1.tar.gz">source code</a> and
- <a href="fips/UserGuide-2.0.pdf">User Guide</a> are available.
+ The <a href="/source/openssl-fips-2.0.9.tar.gz">source code</a>,
+ <a href="fips/UserGuide-2.0.pdf">User Guide</a>, and
+ <a href="fips/SecurityPolicy-2.0.9.pdf">Secure Policy</a>
+ are available.

Here is the complete set of files:</p>

diff --git a/docs/fipsvalidation.html b/docs/fipsvalidation.html
index f978210..32155da 100644
--- a/docs/fipsvalidation.html
+++ b/docs/fipsvalidation.html
@@ -11,7 +11,7 @@

<div class="entry-content">
<p>The most recent open source based validation of a cryptographic
- module (Module) compatible with the OpenSSL libraries is v2.0.1,
+ module (Module) compatible with the OpenSSL libraries is v2.0.9,
FIPS 140-2 certificate <a
href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
This Module is documented in the

[Rich Salz]

The branch master has been updated

via 4f46473a86c9e3741203b22d4d401a3763583494 (commit)
from ac1123320145f731fb04a4cc3df1fbd9c3d5e513 (commit)


- Log -----------------------------------------------------------------
commit 4f46473a86c9e3741203b22d4d401a3763583494
Author: Rich Salz <rs...@akamai.com>
Date: Sun Aug 16 18:38:24 2015 -0400

Move FAQ to the web.

Best hope of keeping current.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

FAQ | 1093 +------------------------------------------------------------------
1 file changed, 2 insertions(+), 1091 deletions(-)

diff --git a/FAQ b/FAQ
index 0ff792b..22c5cf7 100644
--- a/FAQ
+++ b/FAQ
@@ -1,1091 +1,2 @@
-OpenSSL - Frequently Asked Questions
---------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?
-* How does the versioning scheme work?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software?
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-* Why does OpenSSL set the authority key identifier extension incorrectly?
-* How can I set up a bundle of commercial root CA certificates?
-* Some secure servers 'hang' with OpenSSL 1.0.1, is this a bug?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL compilation fail on MacOS X?
-* Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-* Why does compiler fail to compile sha512.c?
-* Test suite still fails, what to do?
-* I think I've found a bug, what should I do?
-* I'm SURE I've found a bug, how do I report it?
-* I've found a security issue, how do I report it?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?
-* Why does Valgrind complain about the use of uninitialized data?
-* Why doesn't a memory BIO work when a file does?
-* Where are the declarations and implementations of d2i_X509() etc?
-* When debugging I observe SIGILL during OpenSSL initialization: why?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?

-
-The current version is available from <URL: http://www.openssl.org>.

-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers. Be sure to read the
-documentation of the application you want to use. The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions. It is described in the openssl(1)
-manpage. Documentation for developers is currently being written. Many
-manual pages are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at

-<URL: http://www.openssl.org/docs/>. Note that the online documents refer

-to the very latest development versions of OpenSSL and may include features
-not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using. The pod format
-documentation is included in each OpenSSL distribution under the docs
-directory.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt. It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL. Information on the OpenSSL mailing lists is available from

-<URL: http://www.openssl.org>.

-
-
-* Where can I get a compiled version of OpenSSL?
-
-You can finder pointers to binary distributions in

-<URL: http://www.openssl.org/about/binaries.html> .

-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to build OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
- md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a

-list of keys at <URL: http://www.openssl.org/about/>). Then

-just do:
-
- pgp TARBALL.asc
-
-* How does the versioning scheme work?
-
-After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
-releases (e.g. 1.0.1a) can only contain bug and security fixes and no
-new features. Minor releases change the last number (e.g. 1.0.2) and
-can contain new features that retain binary compatibility. Changes to
-the middle number are considered major releases and neither source nor
-binary compatibility is guaranteed.
-
-Therefore the answer to the common question "when will feature X be
-backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
-in the next minor release.
-
-* What happens when the letter release reaches z?
-
-It was decided after the release of OpenSSL 0.9.8y the next version should
-be 0.9.8za then 0.9.8zb and so on.
-
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-For information on intellectual property rights, please consult a lawyer.
-The OpenSSL team does not offer legal advice.
-
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
- ./config no-idea no-mdc2 no-rc5
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed." If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly. Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
-
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.) Some broken applications do
-not do this. As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness. If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly. OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details. Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file. The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file. Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all. OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'". This message refers to the
-default seeding file (see previous answer). A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (in ca(1), req(1), x509v3_config(5) )
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
- unable to find 'distinguished_name' in config
- problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-
-The ways to print out the oneline format of the DN (Distinguished Name) have
-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
-interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" command line tool for details. The old behaviour
-has however been left as default for the sake of compatibility.
-
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-The term "128 bit certificate" is a highly misleading marketing term. It does
-*not* refer to the size of the public key in the certificate! A certificate
-containing a 128 bit RSA key would have negligible security.
-
-There were various other names such as "magic certificates", "SGC
-certificates", "step up certificates" etc.
-
-You can't generally create such a certificate using OpenSSL but there is no
-need to any more. Nowadays web browsers using unrestricted strong encryption
-are generally available.
-
-When there were tight restrictions on the export of strong encryption
-software from the US only weak encryption algorithms could be freely exported
-(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation of the rules allowed the use of strong encryption but
-only to an authorised server.
-
-Two slightly different techniques were developed to support this, one used by
-Netscape was called "step up", the other used by MSIE was called "Server Gated
-Cryptography" (SGC). When a browser initially connected to a server it would
-check to see if the certificate contained certain extensions and was issued by
-an authorised authority. If these test succeeded it would reconnect using
-strong encryption.
-
-Only certain (initially one) certificate authorities could issue the
-certificates and they generally cost more than ordinary certificates.
-
-Although OpenSSL can create certificates containing the appropriate extensions
-the certificate would not come from a permitted authority and so would not
-be recognized.
-
-The export laws were later changed to allow almost unrestricted use of strong
-encryption so these certificates are now obsolete.
-
-
-* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
-
-It doesn't: this extension is often the cause of confusion.
-
-Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
-certificate C contains AKID.
-
-The purpose of this extension is to identify the authority certificate B. This
-can be done either by including the subject key identifier of B or its issuer
-name and serial number.
-
-In this latter case because it is identifying certifcate B it must contain the
-issuer name and serial number of B.
-
-It is often wrongly assumed that it should contain the subject name of B. If it
-did this would be redundant information because it would duplicate the issuer
-name of C.
-
-
-* How can I set up a bundle of commercial root CA certificates?
-
-The OpenSSL software is shipped without any root CA certificate as the
-OpenSSL project does not have any policy on including or excluding
-any specific CA and does not intend to set up such a policy. Deciding
-about which CAs to support is up to application developers or
-administrators.
-
-Other projects do have other policies so you can for example extract the CA
-bundle used by Mozilla and/or modssl as described in this article:
-
- <URL: http://www.mail-archive.com/modssl...@modssl.org/msg16980.html>
-
-
-* Some secure servers 'hang' with OpenSSL 1.0.1, is this a bug?
-
-OpenSSL 1.0.1 is the first release to support TLS 1.2, among other things,
-this increases the size of the default ClientHello message to more than
-255 bytes in length. Some software cannot handle this and hangs. For more
-details and workarounds see:
-
- <URL: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=2771>
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing. Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target. File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator. If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test"). The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it. This gets triggered when you run the
-test suite (using "make test"). The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
-memory to continue compilation.' As far as the tests have shown, this may be
-a compiler bug. What happens is that it eats up a lot of resident memory
-to build something, probably a table. The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher. Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level. This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL. A bit more complicated solution is the
-following:
-
------ snip:start -----
- make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
- sed -e 's/ -O[0-9] / -O0 /'`"
- rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
- make
------ snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process. When the above is done, do the
-test and installation and you're set.
-
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default. One of those directories is '/usr/ccs/bin'. The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
------ snip:start -----
- PATH=${PATH}:/usr/ccs/bin; export PATH
------ snip:end -----
-
-and then redo the compilation. What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files'). For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. Red Hat has chosen to disable support for IDEA, RC5 and
-MDC2 in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-
-* Why does the OpenSSL compilation fail on MacOS X?
-
-If the failure happens when trying to build the "openssl" binary, with
-a large number of undefined symbols, it's very probable that you have
-OpenSSL 0.9.6b delivered with the operating system (you can find out by
-running '/usr/bin/openssl version') and that you were trying to build
-OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
-MacOS X has a misfeature that's quite difficult to go around.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d. The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<opens...@openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler

-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.

-For your convenience a pre-compiled replacement binary is provided at

-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.

-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-
-If the test program in question fails withs SIGILL, Illegal Instruction
-exception, then you more than likely to run SSE2-capable CPU, such as
-Intel P4, under control of kernel which does not support SSE2
-instruction extensions. See accompanying INSTALL file and
-OPENSSL_ia32cap(3) documentation page for further information.
-
-* Why does compiler fail to compile sha512.c?
-
-OpenSSL SHA-512 implementation depends on compiler support for 64-bit
-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
-couple] lack support for this and therefore are incapable of compiling
-the module in question. The recommendation is to disable SHA-512 by
-adding no-sha512 to ./config [or ./Configure] command line. Another
-possible alternative might be to switch to GCC.
-
-* Test suite still fails, what to do?
-
-Another common reason for test failures is bugs in the toolchain
-or run-time environment. Known cases of this are documented in the
-PROBLEMS file, please review it before you beat the drum. Even if you
-don't find anything in that file, please do consider the possibility
-of a compiler bug. Compiler bugs often appear in rather bizarre ways,
-they never make sense, and tend to emerge when you least expect
-them. One thing to try is to reduce the level of optimization (such
-as by editing the CFLAG variable line in the top-level Makefile),
-and then recompile and re-run the test.
-
-* I think I've found a bug, what should I do?
-
-If you are a new user then it is quite likely you haven't found a bug and
-something is happening you aren't familiar with. Check this FAQ, the associated
-documentation and the mailing lists for similar queries. If you are still
-unsure whether it is a bug or not submit a query to the openssl-users mailing
-list.
-
-If you think you have found a bug based on the output of static analysis tools
-then please manually check the issue is genuine. Such tools can produce a
-LOT of false positives.
-
-
-* I'm SURE I've found a bug, how do I report it?
-
-To avoid duplicated reports check the mailing lists and release notes for the
-relevant version of OpenSSL to see if the problem has been reported already.
-
-Bug reports with no security implications should be sent to the request
-tracker. This can be done by mailing the report to <r...@openssl.org> (or its
-alias <openss...@openssl.org>), please note that messages sent to the
-request tracker also appear in the public openssl-dev mailing list.
-
-The report should be in plain text. Any patches should be sent as
-plain text attachments because some mailers corrupt patches sent inline.
-If your issue affects multiple versions of OpenSSL check any patches apply
-cleanly and, if possible include patches to each affected version.
-
-The report should be given a meaningful subject line briefly summarising the
-issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
-
-By sending reports to the request tracker the bug can then be given a priority
-and assigned to the appropriate maintainer. The history of discussions can be
-accessed and if the issue has been addressed or a reason why not. If patches
-are only sent to openssl-dev they can be mislaid if a team member has to
-wade through months of old messages to review the discussion.

-
-See also <URL: http://www.openssl.org/support/rt.html>

-
-
-* I've found a security issue, how do I report it?
-
-If you think your bug has security implications then please send it to
-openssl-...@openssl.org if you don't get a prompt reply at least
-acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve). If you wish to use PGP to send
-in a report please use one or more of the keys of the team members listed
-at <URL: http://www.openssl.org/about/>
-
-Note that bugs only present in the openssl utility are not in general
-considered to be security issues.
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Provided an application sets up the thread callback functions, the
-answer is yes. There are limitations; for example, an SSL connection
-cannot be used concurrently by multiple threads. This is true for
-most OpenSSL objects.
-
-To do this, your application must call CRYPTO_set_locking_callback()
-and one of the CRYPTO_THREADID_set...() API's. See the OpenSSL threads
-manpage for details and "note on multi-threading" in the INSTALL file in
-the source distribution.
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked. The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link against the same by which OpenSSL was
-built. If you are using MS Visual C++ (Studio) this can be changed
-by:
-
- 1. Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
- run-time library" drop down list box. Perform this step for both
- your debug and release versions of your application (look at the
- top left of the settings panel to change between the two)
-
- Single Threaded /ML - MS VC++ often defaults to
- this for the release
- version of a new project.
- Debug Single Threaded /MLd - MS VC++ often defaults to
- this for the debug version
- of a new project.
- Multithreaded /MT
- Debug Multithreaded /MTd
- Multithreaded DLL /MD - OpenSSL defaults to this.
- Debug Multithreaded DLL /MDd
-
-Note that debug and release libraries are NOT interchangeable. If you
-built OpenSSL with /MD your application must use /MD and cannot use /MDd.
-
-As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
-.DLLs compiled with some specific run-time option [we insist on the
-default /MD] can be deployed with application compiled with different
-option or even different compiler. But there is a catch! Instead of
-re-compiling OpenSSL toolkit, as you would have to with prior versions,
-you have to compile small C snippet with compiler and/or options of
-your choice. The snippet gets installed as
-<install-root>/include/openssl/applink.c and should be either added to
-your application project or simply #include-d in one [and only one]
-of your application source files. Failure to link this shim module
-into your application manifests itself as fatal "no OPENSSL_Applink"
-run-time error. An explicit reminder is due that in this situation
-[mixing compiler options] it is as important to add CRYPTO_malloc_init
-prior first call to OpenSSL.
-
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-
-You have two options. You can either use a memory BIO in conjunction
-with the i2d_*_bio() or d2i_*_bio() functions or you can use the
-i2d_*(), d2i_*() functions directly. Since these are often the
-cause of grief here are some code fragments using PKCS7 as an example:
-
------ snip:start -----

- unsigned char *buf, *p;

- int len = i2d_PKCS7(p7, NULL);
-
- buf = OPENSSL_malloc(len); /* error checking omitted */
- p = buf;
- i2d_PKCS7(p7, &p);
------ snip:end -----
-
-At this point buf contains the len bytes of the DER encoding of
-p7.
-
-The opposite assumes we already have len bytes in buf:
-
------ snip:start -----
- unsigned char *p = buf;
-
- p7 = d2i_PKCS7(NULL, &p, len);
------ snip:end -----
-
-At this point p7 contains a valid PKCS7 structure or NULL if an error
-occurred. If an error occurred ERR_print_errors(bio) should give more
-information.
-
-The reason for the temporary variable 'p' is that the ASN1 functions
-increment the passed pointer so it is ready to read or write the next
-structure. This is often a cause of problems: without the temporary
-variable the buffer pointer is changed to point just after the data
-that has been read or written. This may well be uninitialized data
-and attempts to free the buffer will have unpredictable results
-because it no longer points to the same address.
-
-Memory allocation and encoding can also be combined in a single
-operation by the ASN1 routines:
-
------ snip:start -----

- unsigned char *buf = NULL;

- int len = i2d_PKCS7(p7, &buf);
-

- if (len < 0) {
- /* Error */

- }
- /* Do some things with 'buf' */
- /* Finished with buf: free it */
- OPENSSL_free(buf);
------ snip:end -----
-
-In this special case the "buf" parameter is *not* incremented, it points
-to the start of the encoding.
-
-
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-
-The short answer is yes, because DER is a special case of BER and OpenSSL
-ASN1 decoders can process BER.
-
-The longer answer is that ASN1 structures can be encoded in a number of
-different ways. One set of ways is the Basic Encoding Rules (BER) with various
-permissible encodings. A restriction of BER is the Distinguished Encoding
-Rules (DER): these uniquely specify how a given structure is encoded.
-
-Therefore, because DER is a special case of BER, DER is an acceptable encoding
-for BER.
-
-
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-
-This usually happens when you try compiling something using the PKCS#12
-macros with a C++ compiler. There is hardly ever any need to use the
-PKCS#12 macros in a program, it is much easier to parse and create
-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
-documented in doc/openssl.txt and with examples in demos/pkcs12. The
-'pkcs12' application has to use the macros because it prints out
-debugging information.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-The cause is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information. This
-can cause several problems such as being unable to read in an encrypted
-PEM file, unable to decrypt a PKCS#12 file or signature failure when
-verifying certificates.
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-Several reasons for problems with the automatic detection exist.
-OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-Sometimes the distribution has installed an older version in the system
-locations that is detected instead of a new one installed. The OpenSSL
-library might have been compiled for another CPU or another mode (32/64 bits).
-Permissions might be wrong.
-
-The general answer is to check the config.log file generated when running
-the OpenSSH configure script. It should contain the detailed information
-on why the OpenSSL library was not detected or considered incompatible.
-
-
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-Yes; make sure to read the SSL_get_error(3) manual page!
-
-A pitfall to avoid: Don't assume that SSL_read() will just read from
-the underlying transport or that SSL_write() will just write to it --
-it is also possible that SSL_write() cannot do any useful work until
-there is data to read, or that SSL_read() cannot do anything until it
-is possible to send data. One reason for this is that the peer may
-request a new TLS/SSL handshake at any time during the protocol,
-requiring a bi-directional message exchange; both SSL_read() and
-SSL_write() will try to continue any pending handshake.
-
-
-* Why doesn't my server application receive a client certificate?
-
-Due to the TLS protocol definition, a client will only send a certificate,
-if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
-SSL_CTX_set_verify() function to enable the use of client certificates.
-
-
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-
-For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
-versions, uniqueIdentifier was incorrectly used for X.509 certificates.
-The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
-Change your code to use the new name when compiling against OpenSSL 0.9.7.
-
-
-* I think I've detected a memory leak, is this a bug?
-
-In most cases the cause of an apparent memory leak is an OpenSSL internal table
-that is allocated when an application starts up. Since such tables do not grow
-in size over time they are harmless.
-
-These internal tables can be freed up when an application closes using various
-functions. Currently these include following:
-
-Thread-local cleanup functions:
-
- ERR_remove_state()
-
-Application-global cleanup functions that are aware of usage (and therefore
-thread-safe):
-
- ENGINE_cleanup() and CONF_modules_unload()
-
-"Brutal" (thread-unsafe) Application-global cleanup functions:
-
- ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
-
-
-* Why does Valgrind complain about the use of uninitialized data?
-
-When OpenSSL's PRNG routines are called to generate random numbers the supplied
-buffer contents are mixed into the entropy pool: so it technically does not
-matter whether the buffer is initialized at this point or not. Valgrind (and
-other test tools) will complain about this. When using Valgrind, make sure the
-OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
-to get rid of these warnings.
-
-
-* Why doesn't a memory BIO work when a file does?
-
-This can occur in several cases for example reading an S/MIME email message.
-The reason is that a memory BIO can do one of two things when all the data
-has been read from it.
-
-The default behaviour is to indicate that no more data is available and that
-the call should be retried, this is to allow the application to fill up the BIO
-again if necessary.
-
-Alternatively it can indicate that no more data is available and that EOF has
-been reached.
-
-If a memory BIO is to behave in the same way as a file this second behaviour
-is needed. This must be done by calling:
-
- BIO_set_mem_eof_return(bio, 0);
-
-See the manual pages for more details.
-
-
-* Where are the declarations and implementations of d2i_X509() etc?
-
-These are defined and implemented by macros of the form:
-
-
- DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
-
-The implementation passes an ASN1 "template" defining the structure into an
-ASN1 interpreter using generalised functions such as ASN1_item_d2i().
-
-* When debugging I observe SIGILL during OpenSSL initialization: why?
-
-OpenSSL adapts to processor it executes on and for this reason has to
-query its capabilities. Unfortunately on some processors the only way
-to achieve this for non-privileged code is to attempt instructions
-that can cause Illegal Instruction exceptions. The initialization
-procedure is coded to handle these exceptions to manipulate corresponding
-bits in capabilities vector. This normally appears transparent, except
-when you execute it under debugger, which stops prior delivering signal
-to handler. Simply resuming execution does the trick, but when debugging
-a lot it might feel counterproductive. Two options. Either set explicit
-capability environment variable in order to bypass the capability query
-(see corresponding crypto/*cap.c for details). Or configure debugger not
-to stop upon SIGILL exception, e.g. in gdb case add 'handle SIGILL nostop'
-to your .gdbinit.
-
-===============================================================================
+The FAQ is now maintained on the web:
+ https://www.openssl.org/docs/faq.html

[Rich Salz]

The branch master has been updated

via 0a14e9257e037fbafcb0cbdaf0e6894900b9400e (commit)
from 2bd0d83f0cb5308a534f3b7c2a74416b0832748f (commit)


- Log -----------------------------------------------------------------
commit 0a14e9257e037fbafcb0cbdaf0e6894900b9400e
Author: Rich Salz <rs...@akamai.com>
Date: Sun Aug 16 12:46:13 2015 -0400

fix links in newsflash

-----------------------------------------------------------------------

Summary of changes:
Makefile | 1 +
news/newsflash.txt | 74 +++++++++++++++++++++++++++---------------------------
2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/Makefile b/Makefile
index 4f48bd5..252ed02 100644
--- a/Makefile
+++ b/Makefile
@@ -62,6 +62,7 @@ news/changelog.txt: $(SNAP)/CHANGES
cp $? $@
news/newsflash.inc: news/newsflash.txt
sed <$? >$@ \
+ -e '/^#/d' \
-e 's@^@<tr><td class="d">@' \
-e 's@: @</td><td class="t">@' \
-e 's@$$@</td></tr>@'
diff --git a/news/newsflash.txt b/news/newsflash.txt
index 42e39b2..8822cb9 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -1,17 +1,17 @@
Date: Item
-09-Jul-2015: <a href="secadv/20150709.txt">Security Advisory</a>: one security fix
+09-Jul-2015: <a href="/news/secadv/20150709.txt">Security Advisory</a>: one security fix
09-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes
09-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes
06-Jul-2015: OpenSSL 1.0.2d and 1.0.1p <a href="https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html">security releases due 9th July 2015</a>
12-Jun-2015: New releases to resolve ABI compatibility problems:
12-Jun-2015: OpenSSL 1.0.2c is now available, including bug fixes
12-Jun-2015: OpenSSL 1.0.1o is now available, including bug fixes
-11-Jun-2015: <a href="secadv/20150611.txt">Security Advisory</a>: five security fixes
+11-Jun-2015: <a href="/news/secadv/20150611.txt">Security Advisory</a>: five security fixes
11-Jun-2015: OpenSSL 1.0.2b is now available, including bug and security fixes
11-Jun-2015: OpenSSL 1.0.1n is now available, including bug and security fixes
11-Jun-2015: OpenSSL 1.0.0s is now available, including bug and security fixes
11-Jun-2015: OpenSSL 0.9.8zg is now available, including bug and security fixes
-19-Mar-2015: <a href="secadv/20150319.txt">Security Advisory</a>: twelve security fixes
+19-Mar-2015: <a href="/news/secadv/20150319.txt">Security Advisory</a>: twelve security fixes
19-Mar-2015: OpenSSL 1.0.2a is now available, including bug and security fixes
19-Mar-2015: OpenSSL 1.0.1m is now available, including bug and security fixes
19-Mar-2015: OpenSSL 1.0.0r is now available, including bug and security fixes
@@ -21,107 +21,107 @@ Date: Item
15-Jan-2015: OpenSSL 1.0.1l is now available, including bug fixes
15-Jan-2015: OpenSSL 1.0.0q is now available, including bug fixes
15-Jan-2015: OpenSSL 0.9.8ze is now available, including bug fixes
-08-Jan-2015: <a href="secadv/20150108.txt">Security Advisory</a>: eight security fixes
+08-Jan-2015: <a href="/news/secadv/20150108.txt">Security Advisory</a>: eight security fixes
08-Jan-2015: OpenSSL 1.0.1k is now available, including bug and security fixes
08-Jan-2015: OpenSSL 1.0.0p is now available, including bug and security fixes
08-Jan-2015: OpenSSL 0.9.8zd is now available, including bug and security fixes
-15-Oct-2014: <a href="secadv/20141015.txt">Security Advisory</a>: four security fixes
+15-Oct-2014: <a href="/news/secadv/20141015.txt">Security Advisory</a>: four security fixes
15-Oct-2014: OpenSSL 1.0.1j is now available, including bug and security fixes
15-Oct-2014: OpenSSL 1.0.0o is now available, including bug and security fixes
15-Oct-2014: OpenSSL 0.9.8zc is now available, including bug and security fixes
25-Sep-2014: Beta 3 of OpenSSL 1.0.2 is now available, please test it now
-06-Aug-2014: <a href="secadv/20140806.txt">Security Advisory</a>: nine security fixes
+06-Aug-2014: <a href="/news/secadv/20140806.txt">Security Advisory</a>: nine security fixes
06-Aug-2014: OpenSSL 1.0.1i is now available, including bug and security fixes
06-Aug-2014: OpenSSL 1.0.0n is now available, including bug and security fixes
06-Aug-2014: OpenSSL 0.9.8zb is now available, including bug and security fixes
22-Jul-2014: Beta 2 of OpenSSL 1.0.2 is now available, please test it now
30-Jun-2014: Project roadmap released
24-Jun-2014: Team status changes including six new development team members
-05-Jun-2014: <a href="secadv/20140605.txt">Security Advisory</a>: seven security fixes
+05-Jun-2014: <a href="/news/secadv/20140605.txt">Security Advisory</a>: seven security fixes
05-Jun-2014: OpenSSL 1.0.1h is now available, including bug and security fixes
05-Jun-2014: OpenSSL 1.0.0m is now available, including bug and security fixes
05-Jun-2014: OpenSSL 0.9.8za is now available, including bug and security fixes
23-Apr-2014: Team status changes including new team member: Steve Marquess
-07-Apr-2014: <a href="secadv/20140407.txt">Security Advisory</a>: Heartbeat overflow issue.
+07-Apr-2014: <a href="/news/secadv/20140407.txt">Security Advisory</a>: Heartbeat overflow issue.
07-Apr-2014: OpenSSL 1.0.1g is now available, including bug and security fixes
24-Feb-2014: Beta 1 of OpenSSL 1.0.2 is now available, please test it now
06-Jan-2014: OpenSSL 1.0.0l is now available, including bug and security fixes
06-Jan-2014: OpenSSL 1.0.1f is now available, including bug and security fixes
-03-Jan-2014: UPDATE: site defacement <a href="secadv/hack.txt">final details.</a>
+03-Jan-2014: UPDATE: site defacement <a href="/news/secadv/hack.txt">final details.</a>
11-Feb-2013: OpenSSL 1.0.1e is now available, including bug fixes
-05-Feb-2013: <a href="secadv/20130205.txt">Security Advisory</a>: three security fixes
+05-Feb-2013: <a href="/news/secadv/20130205.txt">Security Advisory</a>: three security fixes
05-Feb-2013: OpenSSL 1.0.1d is now available, including bug and security fixes
05-Feb-2013: OpenSSL 1.0.0k is now available, including security fixes
05-Feb-2013: OpenSSL 0.9.8y is now available, including security fixes
-10-May-2012: <a href="secadv/20120510.txt">Security Advisory</a>: TLS/DTLS DoS issue
+10-May-2012: <a href="/news/secadv/20120510.txt">Security Advisory</a>: TLS/DTLS DoS issue
10-May-2012: OpenSSL 1.0.1c is now available, including bug and security fixes
10-May-2012: OpenSSL 1.0.0j is now available, including security fixes
10-May-2012: OpenSSL 0.9.8x is now available, including security fixes
26-Apr-2012: OpenSSL 1.0.1b is now available, including important bug fixes
25-Apr-2012: Notice: OpenSSL 1.0.1a compilation problems with non x86 platforms
24-Apr-2012: OpenSSL 0.9.8w is now available, including security fixes
-24-Apr-2012: <a href="secadv/20120424.txt">Security Advisory</a>: ASN1 incomplete fix for OpenSSL 0.9.8
+24-Apr-2012: <a href="/news/secadv/20120424.txt">Security Advisory</a>: ASN1 incomplete fix for OpenSSL 0.9.8
19-Apr-2012: OpenSSL 1.0.1a is now available, including important bug and security fixes
19-Apr-2012: OpenSSL 1.0.0i is now available, including important bug and security fixes
19-Apr-2012: OpenSSL 0.9.8v is now available, including important bug and security fixes
-19-Apr-2012: <a href="secadv/20120419.txt">Security Advisory</a>: ASN1 overflow vulnerability
+19-Apr-2012: <a href="/news/secadv/20120419.txt">Security Advisory</a>: ASN1 overflow vulnerability
14-Mar-2012: OpenSSL 1.0.1 is now available, including new features
-12-Mar-2012: <a href="secadv/20120312.txt">Security Advisory</a>: PKCS7/CMS MMA issue
+12-Mar-2012: <a href="/news/secadv/20120312.txt">Security Advisory</a>: PKCS7/CMS MMA issue
12-Mar-2012: OpenSSL 0.9.8u is now available, including important bug and security fixes
12-Mar-2012: OpenSSL 1.0.0h is now available, including important bug and security fixes
23-Feb-2012: Beta 3 of OpenSSL 1.0.1 is now available, please test it now
19-Jan-2012: Beta 2 of OpenSSL 1.0.1 is now available, please test it now
-18-Jan-2012: <a href="secadv/20120118.txt">Security Advisory</a>: DTLS DoS issue
+18-Jan-2012: <a href="/news/secadv/20120118.txt">Security Advisory</a>: DTLS DoS issue
18-Jan-2012: OpenSSL 1.0.0g is now available, including important bug and security fixes
18-Jan-2012: OpenSSL 0.9.8t is now available, including important bug and security fixes
-04-Jan-2012: <a href="secadv/20120104.txt">Security Advisory</a>: six security fixes
+04-Jan-2012: <a href="/news/secadv/20120104.txt">Security Advisory</a>: six security fixes
04-Jan-2012: OpenSSL 0.9.8s is now available, including important bug and security fixes
04-Jan-2012: OpenSSL 1.0.0f is now available, including important bug and security fixes
03-Jan-2012: Beta 1 of OpenSSL 1.0.1 is now available, please test it now
06-Sep-2011: OpenSSL 1.0.0e is now available, including important bug and security fixes
-06-Sep-2011: <a href="secadv/20110906.txt">Security Advisory</a>: two security fixes
-08-Feb-2011: <a href="secadv/20110208.txt">Security Advisory</a>: OCSP stapling vulnerability
+06-Sep-2011: <a href="/news/secadv/20110906.txt">Security Advisory</a>: two security fixes
+08-Feb-2011: <a href="/news/secadv/20110208.txt">Security Advisory</a>: OCSP stapling vulnerability
08-Feb-2011: OpenSSL 1.0.0d is now available, including important bug and security fixes
08-Feb-2011: OpenSSL 0.9.8r is now available, including important bug and security fixes
09-Dec-2010: OpenSSL FIPS 140-2 module 1.2.2 is now available.
-02-Dec-2010: <a href="secadv/20101202.txt">Security Advisory</a>: ciphersuite downgrade fix
+02-Dec-2010: <a href="/news/secadv/20101202.txt">Security Advisory</a>: ciphersuite downgrade fix
02-Dec-2010: OpenSSL 1.0.0c is now available, including important bug and security fixes
02-Dec-2010: OpenSSL 0.9.8q is now available, including important bug and security fixes
16-Nov-2010: OpenSSL 1.0.0b is now available, including important bug and security fixes
16-Nov-2010: OpenSSL 0.9.8p is now available, including important bug and security fixes
-16-Nov-2010: <a href="secadv/20101116.txt">Security Advisory</a>: buffer overrun fix
+16-Nov-2010: <a href="/news/secadv/20101116.txt">Security Advisory</a>: buffer overrun fix
01-Jun-2010: OpenSSL 0.9.8o is now available, including important bug and security fixes
01-Jun-2010: OpenSSL 1.0.0a is now available, including important bug and security fixes
-01-Jun-2010: <a href="secadv/20100601.txt">Security Advisory</a>: two security fixes
+01-Jun-2010: <a href="/news/secadv/20100601.txt">Security Advisory</a>: two security fixes
29-Mar-2010: OpenSSL 1.0.0 is now available, a major release
-24-Mar-2010: <a href="secadv/20100324.txt">Security Advisory</a>: "Record of death" security fix
+24-Mar-2010: <a href="/news/secadv/20100324.txt">Security Advisory</a>: "Record of death" security fix
24-Mar-2010: OpenSSL 0.9.8n is now available, including important bug and security fixes
25-Feb-2010: OpenSSL 0.9.8m is now available, including important bug and security fixes
24-Jun-2009: Commercial support for OpenSSL is now available
25-Mar-2009: OpenSSL 0.9.8k is now available, including important bug fixes
-25-Mar-2009: <a href="secadv/20090325.txt">Security Advisory</a>: Three moderate severity security issues
+25-Mar-2009: <a href="/news/secadv/20090325.txt">Security Advisory</a>: Three moderate severity security issues
07-Jan-2009: OpenSSL 0.9.8j is now available, including important bug fixes
-07-Jan-2009: <a href="secadv/20090107.txt">Security Advisory</a>: incorrect checks for malformed signatures
+07-Jan-2009: <a href="/news/secadv/20090107.txt">Security Advisory</a>: incorrect checks for malformed signatures
18-Nov-2008: OpenSSL FIPS 140-2 module 1.2 is now available
15-Sep-2008: OpenSSL 0.9.8i is now available, including important bug fixes
-28-May-2008: <a href="secadv/20080528.txt">Security Advisory</a>: Two moderate severity security issues
+28-May-2008: <a href="/news/secadv/20080528.txt">Security Advisory</a>: Two moderate severity security issues
28-May-2008: OpenSSL 0.9.8h is now available, including security and bug fixes
-29-Nov-2007: <a href="secadv/20071129.txt">Security Advisory</a>: FIPS 1.1.1 module PRNG security issue
+29-Nov-2007: <a href="/news/secadv/20071129.txt">Security Advisory</a>: FIPS 1.1.1 module PRNG security issue
19-Oct-2007: OpenSSL 0.9.8g is now available, including bug fixes
-12-Oct-2007: <a href="secadv/20071012.txt">Security Advisory</a>: Various security issues
+12-Oct-2007: <a href="/news/secadv/20071012.txt">Security Advisory</a>: Various security issues
11-Oct-2007: OpenSSL 0.9.8f is now available, including security and bug fixes
23-Feb-2007: OpenSSL 0.9.8e is now available, including important bugfixes
23-Feb-2007: OpenSSL 0.9.7m is now available, including important bugfixes
-28-Sep-2006: <a href="secadv/20060928.txt">Security Advisory</a>: Various security issues
+28-Sep-2006: <a href="/news/secadv/20060928.txt">Security Advisory</a>: Various security issues
28-Sep-2006: OpenSSL 0.9.8d is now available, including security fixes
28-Sep-2006: OpenSSL 0.9.7l is now available, including security fixes
-05-Sep-2006: <a href="secadv/20060905.txt">Security Advisory</a>: RSA Signature Forgery
+05-Sep-2006: <a href="/news/secadv/20060905.txt">Security Advisory</a>: RSA Signature Forgery
05-Sep-2006: OpenSSL 0.9.8c is now available, including security fix
05-Sep-2006: OpenSSL 0.9.7k is now available, including security fix
04-May-2006: OpenSSL 0.9.8b is now available, including important bugfixes
04-May-2006: OpenSSL 0.9.7j is now available, including important bugfixes
15-oct-2005: OpenSSL 0.9.7i is now available, contains compatibility fix
-11-oct-2005: <a href="secadv/20051011.txt">Security Advisory</a>: Potential SSL 2.0 rollback
+11-oct-2005: <a href="/news/secadv/20051011.txt">Security Advisory</a>: Potential SSL 2.0 rollback
11-oct-2005: OpenSSL 0.9.8a is now available, including security fix
11-oct-2005: OpenSSL 0.9.7h is now available, including security fix
05-jul-2005: OpenSSL 0.9.8 is now available, a major release
@@ -134,26 +134,26 @@ Date: Item
11-apr-2005: OpenSSL 0.9.7g is now available, including important bugfixes
22-mar-2005: OpenSSL 0.9.7f is now available, including important bugfixes
25-oct-2004: OpenSSL 0.9.7e is now available, including important bugfixes
-17-mar-2004: <a href="secadv/20040317.txt">Security Advisory</a>: Denial of Service flaws in 0.9.6l and 0.9.7c
+17-mar-2004: <a href="/news/secadv/20040317.txt">Security Advisory</a>: Denial of Service flaws in 0.9.6l and 0.9.7c
17-mar-2004: OpenSSL 0.9.7d is now available, including important bugfixes
17-mar-2004: OpenSSL 0.9.6m is now available, including security fix
17-mar-2004: OpenSSL 0.9.6m [engine] is now available, including security fix
04-nov-2003: OpenSSL 0.9.6l is now available, including security fix
04-nov-2003: OpenSSL 0.9.6l [engine] is now available, including security fix
-04-nov-2003: <a href="secadv/20031104.txt">Security Advisory</a>: Denial of Service in ASN.1 parsing in 0.9.6k.
+04-nov-2003: <a href="/news/secadv/20031104.txt">Security Advisory</a>: Denial of Service in ASN.1 parsing in 0.9.6k.
30-sep-2003: OpenSSL 0.9.7c is now available, including important bugfixes
30-sep-2003: OpenSSL 0.9.6k is now available, including important bugfixes
30-sep-2003: OpenSSL 0.9.6k [engine] is now available, including important bugfixes
-30-sep-2003: <a href="secadv/20030930.txt">Security Advisory</a>: Vulnerabilities in ASN.1 parsing.
+30-sep-2003: <a href="/news/secadv/20030930.txt">Security Advisory</a>: Vulnerabilities in ASN.1 parsing.
10-apr-2003: OpenSSL 0.9.7b is now available, including important bugfixes
10-apr-2003: OpenSSL 0.9.6j is now available, including important bugfixes
10-apr-2003: OpenSSL 0.9.6j [engine] is now available, including important bugfixes
-19-Mar-2003: <a href="secadv/20030319.txt">Security Advisory</a>: Klima-Pokorny-Rosa attack.
-17-Mar-2003: <a href="secadv/20030317.txt">Security Advisory</a>: timing attacks, RSA blinding.
+19-Mar-2003: <a href="/news/secadv/20030319.txt">Security Advisory</a>: Klima-Pokorny-Rosa attack.
+17-Mar-2003: <a href="/news/secadv/20030317.txt">Security Advisory</a>: timing attacks, RSA blinding.
19-feb-2003: OpenSSL 0.9.7a is now available, including important bugfixes
19-feb-2003: OpenSSL 0.9.6i is now available, including important bugfixes
19-feb-2003: OpenSSL 0.9.6i [engine] is now available, including important bugfixes
-19-feb-2003: <a href="secadv/20030219.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6i and 0.9.7a
+19-feb-2003: <a href="/news/secadv/20030219.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6i and 0.9.7a
31-Dec-2002: OpenSSL 0.9.7 is now available, a major release
17-dec-2002: Beta 6 of OpenSSL 0.9.7 is now available, please test it now
5-dec-2002: Beta 5 of OpenSSL 0.9.7 is now available, please test it now
@@ -166,7 +166,7 @@ Date: Item
8-aug-2002: OpenSSL 0.9.6f [engine] is now available, including important bugfixes
30-Jul-2002: OpenSSL 0.9.6e is now available, including important bugfixes
30-Jul-2002: OpenSSL 0.9.6e [engine] is now available, including important bugfixes
-30-Jul-2002: <a href="secadv/20020730.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6e
+30-Jul-2002: <a href="/news/secadv/20020730.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6e
30-Jul-2002: Beta 3 of OpenSSL 0.9.7 is now available, please test it now
16-jun-2002: Beta 2 of OpenSSL 0.9.7 is now available, please test it now
01-jun-2002: Beta 1 of OpenSSL 0.9.7 is now available, please test it now

[Rich Salz]

The branch master has been updated

via a5f867abcf46517d10e2219a5d9b38498b32a837 (commit)
from 1fe9edb17942f938e6035129ede62a5a27866bd3 (commit)


- Log -----------------------------------------------------------------
commit a5f867abcf46517d10e2219a5d9b38498b32a837
Author: Rich Salz <rs...@akamai.com>
Date: Sun Aug 16 21:38:56 2015 -0400

fix comment terminator

-----------------------------------------------------------------------

Summary of changes:
news/pgpkey.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/news/pgpkey.html b/news/pgpkey.html
index 4e15e38..b89628f 100644
--- a/news/pgpkey.html
+++ b/news/pgpkey.html
@@ -18,7 +18,7 @@
<a href="openssl-security.asc">openssl-security.asc</a>
</p>
<pre>
- <!--#include virtual="openssl-security.asc">
+ <!--#include virtual="openssl-security.asc" -->
</pre>
</div>
<footer>

[Rich Salz]

The branch master has been updated

via 6fe0c6a6e3676dea5bd1012ff55ef6abe036bf14 (commit)
from 4e03b7d918207bb1f9a80295b3cc70986dfc1f05 (commit)


- Log -----------------------------------------------------------------
commit 6fe0c6a6e3676dea5bd1012ff55ef6abe036bf14
Author: Rich Salz <rs...@akamai.com>
Date: Sun Aug 16 08:52:57 2015 -0400

mised vulnerabilities.html

-----------------------------------------------------------------------

Summary of changes:
.gitignore | 1 -
docs/faq.html => news/vulnerabilities.html | 10 +++++++---
2 files changed, 7 insertions(+), 4 deletions(-)
copy docs/faq.html => news/vulnerabilities.html (75%)

diff --git a/.gitignore b/.gitignore
index 2c89231..0d1f8ae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,6 @@ blog
sitemap.txt
docs/faq.txt
news/changelog.txt
-news/vulnerabilities.html
source/license.txt
source/.htaccess
source/*.gz*
diff --git a/docs/faq.html b/news/vulnerabilities.html
similarity index 75%
copy from docs/faq.html
copy to news/vulnerabilities.html
index 0f8a061..c06d973 100644
--- a/docs/faq.html
+++ b/news/vulnerabilities.html
@@ -9,14 +9,17 @@

<div id="content">
<div class="blog-index">
<article>

- <header><h2>Frequently Asked Questions</h2></header>
+ <header><h2>Vulnerabilities<h2></header>
<div class="entry-content">
- <!--#include virtual="faq.inc" -->
+ <p>
+ </p>
+ <!--#include virtual="vulnerabilities.inc" -->
+ </p>
</div>

<footer>
You are here: <a href="/">Home</a>

: <a href=".">News</a>
- : <a href="">Frequently Asked Questions</a>
+ : <a href="">Vulnerabilities</a>

<br/><a href="/sitemap.txt">Sitemap</a>
</footer>

</article>
@@ -29,3 +32,4 @@
</body>

</html>
+

[Richard Levitte]

The branch master has been updated

via 3da9505dc02b0594633c73a11343f54bb5dbf536 (commit)
from 31001f813172f73e4a27300ef39fc45e2b372a38 (commit)


- Log -----------------------------------------------------------------
commit 3da9505dc02b0594633c73a11343f54bb5dbf536
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Aug 17 18:10:16 2015 +0200

Add new types to indent.pro

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
util/indent.pro | 6 ++++++

1 file changed, 6 insertions(+)

diff --git a/util/indent.pro b/util/indent.pro
index 2a51225..4d1bd45 100644
--- a/util/indent.pro
+++ b/util/indent.pro
@@ -725,3 +725,9 @@
-T int16_t
-T uint8_t
-T int8_t
+-T STRINT_PAIR
+-T felem
+-T felem_bytearray
+-T SH_LIST
+-T PACKET
+-T RECORD_LAYER