From mark at openssl.org Thu Jul 2 09:49:18 2015 From: mark at openssl.org (Mark J. Cox) Date: Thu, 02 Jul 2015 09:49:18 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1435830558.493240.21570.nullmailer@dev.openssl.org> The branch master has been updated via d1ec4a0f232f39a66aeb83bba3fcaf76113e050f (commit) from df19ba3056b64a54cfc10837cdc9f4b40633e8a6 (commit) - Log ----------------------------------------------------------------- commit d1ec4a0f232f39a66aeb83bba3fcaf76113e050f Author: Mark J. Cox Date: Thu Jul 2 10:48:54 2015 +0100 My PGPv2 key is no longer useful, update ----------------------------------------------------------------------- Summary of changes: about/index.wml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/about/index.wml b/about/index.wml index 7df98f3..cf363e5 100644 --- a/about/index.wml +++ b/about/index.wml @@ -42,7 +42,7 @@ The current OpenSSL core team consists of (in alphabetical order):

- + @@ -55,7 +55,7 @@ The current OpenSSL development team consists of (in alphabetical order): - + From steve at openssl.org Thu Jul 2 12:04:02 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 02 Jul 2015 12:04:02 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1435838642.356984.9710.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 3c66a669dfc7b3792f7af0758ea26fe8502ce70c (commit) from f8f75a7e4a7746caba9cab843e14ed6a41dfad21 (commit) - Log ----------------------------------------------------------------- commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c Author: Dr. Stephen Henson Date: Wed Jul 1 23:40:03 2015 +0100 Fix PSK handling. The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 17 +++-------------- ssl/s3_srvr.c | 2 +- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2346ce5..6af145a 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1456,8 +1456,6 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1]; - param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); @@ -1483,17 +1481,8 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - /* - * If received PSK identity hint contains NULL characters, the hint - * is truncated from the first NULL. p may not be ending with NULL, - * so create a NULL-terminated string. - */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->ctx->psk_identity_hint == NULL) { + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; @@ -3077,7 +3066,7 @@ int ssl3_send_client_key_exchange(SSL *s) } memset(identity, 0, sizeof(identity)); - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, + psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8885694..acd3b9e 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2780,7 +2780,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (s->session->psk_identity != NULL) OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); + s->session->psk_identity = BUF_strndup((char *)p, i); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto psk_err; From steve at openssl.org Thu Jul 2 12:08:05 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 02 Jul 2015 12:08:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1435838885.123205.10265.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via d6be3124f22870f1888c532523b74ea5d89795eb (commit) from eb0e2a5c5d904c3f74a9387d27bfbad4861469a9 (commit) - Log ----------------------------------------------------------------- commit d6be3124f22870f1888c532523b74ea5d89795eb Author: Dr. Stephen Henson Date: Wed Jul 1 23:40:03 2015 +0100 Fix PSK handling. The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c) ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 17 +++-------------- ssl/s3_srvr.c | 2 +- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 0879a0f..35ad121 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1381,8 +1381,6 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1]; - param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); @@ -1408,17 +1406,8 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - /* - * If received PSK identity hint contains NULL characters, the hint - * is truncated from the first NULL. p may not be ending with NULL, - * so create a NULL-terminated string. - */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->ctx->psk_identity_hint == NULL) { + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; @@ -2951,7 +2940,7 @@ int ssl3_send_client_key_exchange(SSL *s) } memset(identity, 0, sizeof(identity)); - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, + psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 9aa3292..3a5f71d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2792,7 +2792,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (s->session->psk_identity != NULL) OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); + s->session->psk_identity = BUF_strndup((char *)p, i); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto psk_err; From steve at openssl.org Thu Jul 2 12:08:05 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 02 Jul 2015 12:08:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1435838885.052947.10243.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 1392c238657ec745af6a40def03d67d4ce02a082 (commit) from 989ba38f7fa27e567612ab717975c82215c591ba (commit) - Log ----------------------------------------------------------------- commit 1392c238657ec745af6a40def03d67d4ce02a082 Author: Dr. Stephen Henson Date: Wed Jul 1 23:40:03 2015 +0100 Fix PSK handling. The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c) ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 17 +++-------------- ssl/s3_srvr.c | 2 +- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 980c74c..b3a10d1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1240,8 +1240,6 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1]; - param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); @@ -1267,17 +1265,8 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - /* - * If received PSK identity hint contains NULL characters, the hint - * is truncated from the first NULL. p may not be ending with NULL, - * so create a NULL-terminated string. - */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->ctx->psk_identity_hint == NULL) { + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; @@ -2621,7 +2610,7 @@ int ssl3_send_client_key_exchange(SSL *s) } memset(identity, 0, sizeof(identity)); - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, + psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7ebcca6..ef2510b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2583,7 +2583,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (s->session->psk_identity != NULL) OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); + s->session->psk_identity = BUF_strndup((char *)p, i); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto psk_err; From steve at openssl.org Sat Jul 4 21:08:41 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 04 Jul 2015 21:08:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0-stable update Message-ID: <1436044121.137262.6579.nullmailer@dev.openssl.org> The branch OpenSSL-fips-2_0-stable has been updated via a0f8d282d728a3584f08ecb5f8321c37bb06dd28 (commit) via 0f38e9cd782167471898440c3179c648e196d456 (commit) from 34f39b062c76fbd3082521b26edee7f53afc061d (commit) - Log ----------------------------------------------------------------- commit a0f8d282d728a3584f08ecb5f8321c37bb06dd28 Author: Steve Marquess Date: Sat Jul 4 15:18:46 2015 -0400 Add new iOS subdirectory Reviewed-by: Rich Salz Reviewed-by: Stephen Henson commit 0f38e9cd782167471898440c3179c648e196d456 Author: Andy Polyakov Date: Sat Jul 4 15:17:45 2015 -0400 Add new VxWorks x86 platform Reviewed-by: Rich Salz Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: Configure | 1 + fips/fips_canister.c | 3 ++- util/fipsdist.pl | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 613f829..5f3d0cd 100755 --- a/Configure +++ b/Configure @@ -613,6 +613,7 @@ my %table=( "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:", "vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", +"vxworks-pentium","ccpentium:-Os -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=PENTIUM4 -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -D_WRS_KERNEL -D_WRS_VX_SMP -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", diff --git a/fips/fips_canister.c b/fips/fips_canister.c index adbe696..3c33d00 100644 --- a/fips/fips_canister.c +++ b/fips/fips_canister.c @@ -32,7 +32,8 @@ const void *FIPS_text_end(void); defined(__aarch64__) || \ defined(__i386__)|| defined(__i386))) || \ (defined(__vxworks) && (defined(__ppc__) || defined(__ppc) || \ - defined(__mips__)|| defined(__mips))) || \ + defined(__mips__)|| defined(__mips) || \ + defined(__i386__)|| defined(__i386))) || \ (defined(__NetBSD__) && (defined(__powerpc__) || defined(__i386))) || \ (defined(__linux) && ((defined(__PPC__) && !defined(__PPC64__)) || \ defined(__arm__) || defined(__arm)) || \ diff --git a/util/fipsdist.pl b/util/fipsdist.pl index 53f9d3e..4ebf1ac 100644 --- a/util/fipsdist.pl +++ b/util/fipsdist.pl @@ -58,7 +58,7 @@ while () } else { - next unless (/^(fips\/|crypto|util|test|include|ms|c6x)/); + next unless (/^(fips\/|crypto|util|test|include|ms|c6x|iOS)/); } if (/^crypto\/([^\/]+)/) { From steve at openssl.org Mon Jul 6 17:35:23 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 06 Jul 2015 17:35:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436204123.137329.29564.nullmailer@dev.openssl.org> The branch master has been updated via 5727582cf51e98e5e0faa435e7da2c8929533c0d (commit) via 9cca7be11d62298b2af0722f94345012c86eaed4 (commit) from 36f038f1041f9f31878f75b567959ceae08eb34e (commit) - Log ----------------------------------------------------------------- commit 5727582cf51e98e5e0faa435e7da2c8929533c0d Author: Dr. Stephen Henson Date: Mon Jul 6 14:17:49 2015 +0100 document -2 return value Reviewed-by: Rich Salz commit 9cca7be11d62298b2af0722f94345012c86eaed4 Author: Dr. Stephen Henson Date: Tue Jun 9 23:17:06 2015 +0100 Relax CCM tag check. In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 2 +- doc/crypto/X509_NAME_get_index_by_NID.pod | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 895e8ee..f8365a2 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1866,7 +1866,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) + if (c->encrypt && ptr) return 0; if (ptr) { cctx->tag_set = 1; diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index 84fc180..380356e 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -29,6 +29,7 @@ and issuer names. X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching B or B after B. B should initially be set to -1. If there are no more entries -1 is returned. +If B is invalid (doesn't correspond to a valid OID) then -2 is returned. X509_NAME_entry_count() returns the total number of entries in B. @@ -63,6 +64,10 @@ The list of all relevant B and B can be found in the source code header files Eopenssl/obj_mac.hE and/or Eopenssl/objects.hE. +Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. + =head1 EXAMPLES Process all entries: @@ -95,6 +100,8 @@ Process all commonName entries: X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. X509_NAME_entry_count() returns the total number of entries. From steve at openssl.org Mon Jul 6 17:38:51 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 06 Jul 2015 17:38:51 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436204331.206701.5188.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c0b674b7cbd9146982850523293c74b9131b26d5 (commit) via a229c2b805bb8c8081fe6d9cb5d9fc2fb9888c19 (commit) from 3c66a669dfc7b3792f7af0758ea26fe8502ce70c (commit) - Log ----------------------------------------------------------------- commit c0b674b7cbd9146982850523293c74b9131b26d5 Author: Dr. Stephen Henson Date: Tue Jun 9 23:17:06 2015 +0100 Relax CCM tag check. In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: Rich Salz (cherry picked from commit 9cca7be11d62298b2af0722f94345012c86eaed4) commit a229c2b805bb8c8081fe6d9cb5d9fc2fb9888c19 Author: Dr. Stephen Henson Date: Mon Jul 6 14:17:49 2015 +0100 document -2 return value Reviewed-by: Rich Salz (cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 2 +- doc/crypto/X509_NAME_get_index_by_NID.pod | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 33cbed8..1734a82 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1771,7 +1771,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_CCM_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) + if (c->encrypt && ptr) return 0; if (ptr) { cctx->tag_set = 1; diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index c8a8128..109f561 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -29,6 +29,7 @@ and issuer names. X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching B or B after B. B should initially be set to -1. If there are no more entries -1 is returned. +If B is invalid (doesn't correspond to a valid OID) then -2 is returned. X509_NAME_entry_count() returns the total number of entries in B. @@ -63,6 +64,10 @@ The list of all relevant B and B can be found in the source code header files Eopenssl/obj_mac.hE and/or Eopenssl/objects.hE. +Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. + =head1 EXAMPLES Process all entries: @@ -95,6 +100,8 @@ Process all commonName entries: X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. X509_NAME_entry_count() returns the total number of entries. From steve at openssl.org Mon Jul 6 17:38:51 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 06 Jul 2015 17:38:51 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436204331.136493.5165.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via cb6e0ed17a61ae3711d385f517d61be2b4c33a55 (commit) via e5d5019a233d15e3ce93e57925c98bd0c8e71f46 (commit) from d6be3124f22870f1888c532523b74ea5d89795eb (commit) - Log ----------------------------------------------------------------- commit cb6e0ed17a61ae3711d385f517d61be2b4c33a55 Author: Dr. Stephen Henson Date: Tue Jun 9 23:17:06 2015 +0100 Relax CCM tag check. In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: Rich Salz (cherry picked from commit 9cca7be11d62298b2af0722f94345012c86eaed4) commit e5d5019a233d15e3ce93e57925c98bd0c8e71f46 Author: Dr. Stephen Henson Date: Mon Jul 6 14:17:49 2015 +0100 document -2 return value Reviewed-by: Rich Salz (cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 2 +- doc/crypto/X509_NAME_get_index_by_NID.pod | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 1ede7bd..a4327fc 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1146,7 +1146,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_CCM_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) + if (c->encrypt && ptr) return 0; if (ptr) { cctx->tag_set = 1; diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index c8a8128..109f561 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -29,6 +29,7 @@ and issuer names. X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching B or B after B. B should initially be set to -1. If there are no more entries -1 is returned. +If B is invalid (doesn't correspond to a valid OID) then -2 is returned. X509_NAME_entry_count() returns the total number of entries in B. @@ -63,6 +64,10 @@ The list of all relevant B and B can be found in the source code header files Eopenssl/obj_mac.hE and/or Eopenssl/objects.hE. +Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. + =head1 EXAMPLES Process all entries: @@ -95,6 +100,8 @@ Process all commonName entries: X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. X509_NAME_entry_count() returns the total number of entries. From steve at openssl.org Mon Jul 6 17:44:00 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 06 Jul 2015 17:44:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1436204640.674198.5961.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 9b914c7f9147c49a569108ab7f524ebaeb92eaaa (commit) from 2c9dfa18aacdd22537ced0815d0a53532c019d5b (commit) - Log ----------------------------------------------------------------- commit 9b914c7f9147c49a569108ab7f524ebaeb92eaaa Author: Dr. Stephen Henson Date: Mon Jul 6 14:17:49 2015 +0100 document -2 return value Reviewed-by: Rich Salz (cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d) Conflicts: doc/crypto/X509_NAME_get_index_by_NID.pod ----------------------------------------------------------------------- Summary of changes: doc/crypto/X509_NAME_get_index_by_NID.pod | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index 3b1f9ff..3618b21 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -29,6 +29,7 @@ and issuer names. X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching B or B after B. B should initially be set to -1. If there are no more entries -1 is returned. +If B is invalid (doesn't correspond to a valid OID) then -2 is returned. X509_NAME_entry_count() returns the total number of entries in B. @@ -59,6 +60,10 @@ X509_NAME_get_index_by_OBJ() should be used followed by X509_NAME_get_entry() on any matching indices and then the various B utility functions on the result. +Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. + =head1 EXAMPLES Process all entries: @@ -91,6 +96,8 @@ Process all commonName entries: X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. X509_NAME_entry_count() returns the total number of entries. From steve at openssl.org Mon Jul 6 17:44:00 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 06 Jul 2015 17:44:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1436204640.733577.5983.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 18c5ead86e781ba27c9108ab1854f0b2843238ec (commit) from 1392c238657ec745af6a40def03d67d4ce02a082 (commit) - Log ----------------------------------------------------------------- commit 18c5ead86e781ba27c9108ab1854f0b2843238ec Author: Dr. Stephen Henson Date: Mon Jul 6 14:17:49 2015 +0100 document -2 return value Reviewed-by: Rich Salz (cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d) Conflicts: doc/crypto/X509_NAME_get_index_by_NID.pod ----------------------------------------------------------------------- Summary of changes: doc/crypto/X509_NAME_get_index_by_NID.pod | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index 3b1f9ff..3618b21 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -29,6 +29,7 @@ and issuer names. X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching B or B after B. B should initially be set to -1. If there are no more entries -1 is returned. +If B is invalid (doesn't correspond to a valid OID) then -2 is returned. X509_NAME_entry_count() returns the total number of entries in B. @@ -59,6 +60,10 @@ X509_NAME_get_index_by_OBJ() should be used followed by X509_NAME_get_entry() on any matching indices and then the various B utility functions on the result. +Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL. + =head1 EXAMPLES Process all entries: @@ -91,6 +96,8 @@ Process all commonName entries: X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid. X509_NAME_entry_count() returns the total number of entries. From mark at openssl.org Tue Jul 7 09:11:23 2015 From: mark at openssl.org (Mark J. Cox) Date: Tue, 07 Jul 2015 09:11:23 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436260283.533793.9928.nullmailer@dev.openssl.org> The branch master has been updated via a8e5ad250be42a3a9a386188ff6e75ce8df1342e (commit) via 1e7dbe187342b7ff762b9d0796fd536176ec46f0 (commit) from d1ec4a0f232f39a66aeb83bba3fcaf76113e050f (commit) - Log ----------------------------------------------------------------- commit a8e5ad250be42a3a9a386188ff6e75ce8df1342e Author: Mark J. Cox Date: Tue Jul 7 10:10:59 2015 +0100 A colleague couldn't find our mailing lists because it's non-obvious what Join means commit 1e7dbe187342b7ff762b9d0796fd536176ec46f0 Author: Mark J. Cox Date: Tue Jul 7 10:09:25 2015 +0100 Our policy says we'll mention on the home page ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + support/index.wml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index def6902..eeecf70 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,3 +1,4 @@ +06-Jul-2015: OpenSSL 1.0.2d and 1.0.1p security releases due 9th July 2015 12-Jun-2015: New releases to resolve ABI compatibility problems: 12-Jun-2015: OpenSSL 1.0.2c is now available, including bug fixes 12-Jun-2015: OpenSSL 1.0.1o is now available, including bug fixes diff --git a/support/index.wml b/support/index.wml index 025aec3..d3ec74d 100644 --- a/support/index.wml +++ b/support/index.wml @@ -12,7 +12,7 @@ You can contribute to the OpenSSL project in any of the following ways:

-
Join the online community
+
Join the online community via public mailing lists
Participate in the online community of developers, testers, and contributing end users working to make OpenSSL a better product.

Donate to the OpenSSL project
From levitte at openssl.org Tue Jul 7 14:41:02 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 07 Jul 2015 14:41:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436280062.712360.20704.nullmailer@dev.openssl.org> The branch master has been updated via 9cf315ef90d0cfeb8bb7a38873eea07a8f0dffec (commit) via f1cece554ddf282f1512b4da04664467746ffd24 (commit) from 5727582cf51e98e5e0faa435e7da2c8929533c0d (commit) - Log ----------------------------------------------------------------- commit 9cf315ef90d0cfeb8bb7a38873eea07a8f0dffec Author: Richard Levitte Date: Tue Jul 7 14:50:10 2015 +0200 Document the nameopt change Reviewed-by: Rich Salz commit f1cece554ddf282f1512b4da04664467746ffd24 Author: Richard Levitte Date: Tue Jul 7 11:13:20 2015 +0200 Make "oneline" the default for nameopt There's no reason why we should default to a output format that is old, and confusing in some cases. This affects the commands "ca", "crl", "req" and "x509". Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++++ apps/ca.c | 6 ++++-- apps/crl.c | 5 +++++ apps/req.c | 8 +++++++- apps/x509.c | 5 +++++ doc/apps/x509.pod | 4 ++-- 6 files changed, 27 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 88b3d67..057909e 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,10 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Changed the default name options in the "ca", "crl", "req" and "x509" + to be "oneline" instead of "compat". + [Richard Levitte] + *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're not aware of clients that still exhibit this bug, and the workaround hasn't been working properly for a while. diff --git a/apps/ca.c b/apps/ca.c index a0f9f79..0a8d7b7 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -325,7 +325,7 @@ opthelp: ret = 0; goto end; case OPT_IN: - req = 1; + req = 1; infile = opt_arg(); break; case OPT_OUT: @@ -638,8 +638,10 @@ end_of_options: goto end; } default_op = 0; - } else + } else { + nameopt = XN_FLAG_ONELINE; ERR_clear_error(); + } f = NCONF_get_string(conf, section, ENV_CERTOPT); diff --git a/apps/crl.c b/apps/crl.c index c897335..b4c9c75 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -114,6 +114,7 @@ int crl_main(int argc, char **argv) EVP_PKEY *pkey; const EVP_MD *digest = EVP_sha1(); unsigned long nmflag = 0; + char nmflag_set = 0; char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; @@ -206,6 +207,7 @@ int crl_main(int argc, char **argv) badsig = 1; break; case OPT_NAMEOPT: + nmflag_set = 1; if (!set_name_ex(&nmflag, opt_arg())) goto opthelp; break; @@ -217,6 +219,9 @@ int crl_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!nmflag_set) + nmflag = XN_FLAG_ONELINE; + if (!app_load_modules(NULL)) goto end; diff --git a/apps/req.c b/apps/req.c index 03736cc..b3220ba 100644 --- a/apps/req.c +++ b/apps/req.c @@ -211,6 +211,7 @@ int req_main(int argc, char **argv) int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0; long newkey = -1; unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0; + char nmflag_set = 0; #ifndef OPENSSL_NO_DES cipher = EVP_des_ede3_cbc(); @@ -323,6 +324,7 @@ int req_main(int argc, char **argv) chtype = MBSTRING_UTF8; break; case OPT_NAMEOPT: + nmflag_set = 1; if (!set_name_ex(&nmflag, opt_arg())) goto opthelp; break; @@ -352,7 +354,7 @@ int req_main(int argc, char **argv) goto opthelp; break; case OPT_SUBJECT: - subject = 1; + subject = 1; break; case OPT_SUBJ: subj = opt_arg(); @@ -375,6 +377,10 @@ int req_main(int argc, char **argv) } argc = opt_num_rest(); argv = opt_rest(); + + if (!nmflag_set) + nmflag = XN_FLAG_ONELINE; + private = newreq && (pkey == NULL) ? 1 : 0; if (!app_passwd(passargin, passargout, &passin, &passout)) { diff --git a/apps/x509.c b/apps/x509.c index 8293a6e..18e13e7 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -227,6 +227,7 @@ int x509_main(int argc, char **argv) int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; int checkoffset = 0, enddate = 0; unsigned long nmflag = 0, certflag = 0; + char nmflag_set = 0; OPTION_CHOICE o; ENGINE *e = NULL; #ifndef OPENSSL_NO_MD5 @@ -360,6 +361,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_NAMEOPT: + nmflag_set = 1; if (!set_name_ex(&nmflag, opt_arg())) goto opthelp; break; @@ -488,6 +490,9 @@ int x509_main(int argc, char **argv) goto opthelp; } + if (!nmflag_set) + nmflag = XN_FLAG_ONELINE; + if (!app_load_modules(NULL)) goto end; diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 062a919..a0127fe 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -442,7 +442,7 @@ a B<-> to turn the option off. Only the first four will normally be used. =item B -use the old format. This is equivalent to specifying no name options at all. +use the old format. =item B @@ -455,7 +455,7 @@ B, B and B. a oneline format which is more readable than RFC2253. It is equivalent to specifying the B, B, B, B, B, B, B, B, B and B -options. +options. This is the I of no name options are given explicitely. =item B From matt at openssl.org Thu Jul 9 12:45:38 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2015 12:45:38 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436445938.901393.32544.nullmailer@dev.openssl.org> The branch master has been updated via 0dd8b2ab306a6b93e4901b0eb7f787edcd4a7199 (commit) via 5f9ad2d09f87c98114ec2f4817cede2ecb89ec80 (commit) from a8e5ad250be42a3a9a386188ff6e75ce8df1342e (commit) - Log ----------------------------------------------------------------- commit 0dd8b2ab306a6b93e4901b0eb7f787edcd4a7199 Author: Matt Caswell Date: Thu Jul 9 13:38:22 2015 +0100 Update to vulernabilities xml commit 5f9ad2d09f87c98114ec2f4817cede2ecb89ec80 Author: Matt Caswell Date: Thu Jul 9 13:35:25 2015 +0100 Update website news ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 3 +++ news/vulnerabilities.xml | 21 ++++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index eeecf70..1cd231e 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,3 +1,6 @@ +11-Jul-2015: Security Advisory: one security fix +11-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes +11-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes 06-Jul-2015: OpenSSL 1.0.2d and 1.0.1p security releases due 9th July 2015 12-Jun-2015: New releases to resolve ABI compatibility problems: 12-Jun-2015: OpenSSL 1.0.2c is now available, including bug fixes diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index aaacfdc..49d0038 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,26 @@ 1.0.0 on 20100329 --> - + + + + + + + + + + + + An error in the implementation of the alternative certificate + chain logic could allow an attacker to cause certain checks on + untrusted certificates to be bypassed, such as the CA flag, + enabling them to use a valid leaf certificate to act as a CA and + "issue" an invalid certificate. + + + + From matt at openssl.org Thu Jul 9 12:48:14 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2015 12:48:14 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436446094.616084.9993.nullmailer@dev.openssl.org> The branch master has been updated via b50b8b11e61183e44d0bb521d5512416fbc261c7 (commit) from 0dd8b2ab306a6b93e4901b0eb7f787edcd4a7199 (commit) - Log ----------------------------------------------------------------- commit b50b8b11e61183e44d0bb521d5512416fbc261c7 Author: Matt Caswell Date: Thu Jul 9 13:48:04 2015 +0100 Add security advisory ----------------------------------------------------------------------- Summary of changes: news/secadv_20150709.txt | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 news/secadv_20150709.txt diff --git a/news/secadv_20150709.txt b/news/secadv_20150709.txt new file mode 100644 index 0000000..f7cc8eb --- /dev/null +++ b/news/secadv_20150709.txt @@ -0,0 +1,47 @@ +OpenSSL Security Advisory [9 Jul 2015] +======================================= + +Alternative chains certificate forgery (CVE-2015-1793) +====================================================== + +Severity: High + +During certificate verification, OpenSSL (starting from version 1.0.1n and +1.0.2b) will attempt to find an alternative certificate chain if the first +attempt to build such a chain fails. An error in the implementation of this +logic can mean that an attacker could cause certain checks on untrusted +certificates to be bypassed, such as the CA flag, enabling them to use a valid +leaf certificate to act as a CA and "issue" an invalid certificate. + +This issue will impact any application that verifies certificates including +SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. + +This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. + +OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d +OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p + +This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David +Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project. + +Note +==== + +As per our previous announcements and our Release Strategy +(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions +1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these +releases will be provided after that date. Users of these releases are advised +to upgrade. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv_20150709.txt + +Note: the online version of the advisory may be updated with additional +details over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/about/secpolicy.html + From mark at openssl.org Thu Jul 9 12:50:11 2015 From: mark at openssl.org (Mark J. Cox) Date: Thu, 09 Jul 2015 12:50:11 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436446211.377141.19537.nullmailer@dev.openssl.org> The branch master has been updated via bc096d567c828f6b5e7ec89dbfbe3d20bb5874d8 (commit) from b50b8b11e61183e44d0bb521d5512416fbc261c7 (commit) - Log ----------------------------------------------------------------- commit bc096d567c828f6b5e7ec89dbfbe3d20bb5874d8 Author: Mark J. Cox Date: Thu Jul 9 13:49:57 2015 +0100 It's the 9th ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1cd231e..a49983f 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,6 +1,6 @@ -11-Jul-2015: Security Advisory: one security fix -11-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes -11-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes +09-Jul-2015: Security Advisory: one security fix +09-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes +09-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes 06-Jul-2015: OpenSSL 1.0.2d and 1.0.1p security releases due 9th July 2015 12-Jun-2015: New releases to resolve ABI compatibility problems: 12-Jun-2015: OpenSSL 1.0.2c is now available, including bug fixes From matt at openssl.org Thu Jul 9 13:01:12 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2015 13:01:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436446872.941020.30183.nullmailer@dev.openssl.org> The branch master has been updated via 040b93353e8b48cfc0e2429d96eb3a27f259512d (commit) via 6f47ced0157059edee2d4c0d94fcf76e08763c5f (commit) via 7f3f41d816bb80e362a5978420f59030b3132c81 (commit) via a64ba70dbb7e4886d7bae0b85a2a1070e22dd8fb (commit) via 79a55b1f2796bf6471360e8b6ab131cdedca256e (commit) via aae41f8c54257d9fa6904d3a9aa09c5db6cefd0d (commit) via 593e9c638c58e1a510c519db0d024527113330f3 (commit) via 2aacec8f4a5ba1b365620a7b17fcce311ada93ad (commit) from 9cf315ef90d0cfeb8bb7a38873eea07a8f0dffec (commit) - Log ----------------------------------------------------------------- commit 040b93353e8b48cfc0e2429d96eb3a27f259512d Author: Matt Caswell Date: Thu Jul 9 09:45:22 2015 +0100 Apply some missing updates from previous commits Reviewed-by: Stephen Henson commit 6f47ced0157059edee2d4c0d94fcf76e08763c5f Author: Matt Caswell Date: Thu Jul 2 15:38:32 2015 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Stephen Henson commit 7f3f41d816bb80e362a5978420f59030b3132c81 Author: Matt Caswell Date: Thu Jun 25 12:28:28 2015 +0100 Extend -show_chain option to verify to show more info The -show_chain flag to the verify command line app shows information about the chain that has been built. This commit adds the text "untrusted" against those certificates that have been used from the untrusted list. Reviewed-by: Rich Salz commit a64ba70dbb7e4886d7bae0b85a2a1070e22dd8fb Author: Matt Caswell Date: Thu Jun 25 12:27:05 2015 +0100 Add help text for some verify options Fills in the help text for a number of options to verify that were blank. Reviewed-by: Rich Salz commit 79a55b1f2796bf6471360e8b6ab131cdedca256e Author: Matt Caswell Date: Thu Jun 25 12:34:38 2015 +0100 Add documentation for some missing verify options Fills in a couple of verify options that were lacking documentation. Reviewed-by: Rich Salz commit aae41f8c54257d9fa6904d3a9aa09c5db6cefd0d Author: Matt Caswell Date: Thu Jun 25 09:47:15 2015 +0100 Reject calls to X509_verify_cert that have not been reinitialised The function X509_verify_cert checks the value of |ctx->chain| at the beginning, and if it is NULL then it initialises it, along with the value of ctx->untrusted. The normal way to use X509_verify_cert() is to first call X509_STORE_CTX_init(); then set up various parameters etc; then call X509_verify_cert(); then check the results; and finally call X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets |ctx->chain| to NULL. The only place in the OpenSSL codebase where |ctx->chain| is set to anything other than a non NULL value is in X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be non NULL on entry to X509_verify_cert is if one of the following occurs: 1) An application calls X509_verify_cert() twice without re-initialising in between. 2) An application reaches inside the X509_STORE_CTX structure and changes the value of |ctx->chain| directly. With regards to the second of these, we should discount this - it should not be supported to allow this. With regards to the first of these, the documentation is not exactly crystal clear, but the implication is that you must call X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail to do this then, at best, the results would be undefined. Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is likely to have unexpected results, and could be dangerous. This commit changes the behaviour of X509_verify_cert() so that it causes an error if |ctx->chain| is anything other than NULL (because this indicates that we have not been initialised properly). It also clarifies the associated documentation. This is a follow up commit to CVE-2015-1793. Reviewed-by: Stephen Henson commit 593e9c638c58e1a510c519db0d024527113330f3 Author: Matt Caswell Date: Thu Jul 2 00:15:56 2015 +0100 Add test for CVE-2015-1793 This adds a test for CVE-2015-1793. This adds a new test file verify_extra_test.c, which could form the basis for additional verification tests. Reviewed-by: Stephen Henson commit 2aacec8f4a5ba1b365620a7b17fcce311ada93ad Author: Matt Caswell Date: Wed Jun 24 15:55:36 2015 +0100 Fix alternate chains certificate forgery issue During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This occurs where at least one cert is added to the first chain from the trust store, but that chain still ends up being untrusted. In that case ctx->last_untrusted is decremented in error. Patch provided by the BoringSSL project. CVE-2015-1793 Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 24 ++++- NEWS | 10 +- apps/verify.c | 28 +++-- crypto/x509/x509_vfy.c | 29 ++++-- doc/apps/verify.pod | 20 +++- doc/crypto/X509_STORE_CTX_new.pod | 22 +++- doc/crypto/X509_verify_cert.pod | 3 +- include/openssl/x509_vfy.h | 1 + test/Makefile | 31 +++++- test/certs/bad.key | 27 +++++ test/certs/bad.pem | 21 ++++ test/certs/interCA.key | 27 +++++ test/certs/interCA.pem | 21 ++++ test/certs/leaf.key | 27 +++++ test/certs/leaf.pem | 21 ++++ test/certs/rootCA.key | 27 +++++ test/certs/rootCA.pem | 21 ++++ test/certs/roots.pem | 42 ++++++++ test/certs/subinterCA-ss.pem | 21 ++++ test/certs/subinterCA.key | 27 +++++ test/certs/subinterCA.pem | 21 ++++ test/certs/untrusted.pem | 42 ++++++++ test/verify_extra_test.c | 208 ++++++++++++++++++++++++++++++++++++++ util/libeay.num | 1 + 24 files changed, 692 insertions(+), 30 deletions(-) create mode 100644 test/certs/bad.key create mode 100644 test/certs/bad.pem create mode 100644 test/certs/interCA.key create mode 100644 test/certs/interCA.pem create mode 100644 test/certs/leaf.key create mode 100644 test/certs/leaf.pem create mode 100644 test/certs/rootCA.key create mode 100644 test/certs/rootCA.pem create mode 100644 test/certs/roots.pem create mode 100644 test/certs/subinterCA-ss.pem create mode 100644 test/certs/subinterCA.key create mode 100644 test/certs/subinterCA.pem create mode 100644 test/certs/untrusted.pem create mode 100644 test/verify_extra_test.c diff --git a/CHANGES b/CHANGES index 057909e..4f0749d 100644 --- a/CHANGES +++ b/CHANGES @@ -434,7 +434,29 @@ whose return value is often ignored. [Steve Henson] - Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + Changes between 1.0.2c and 1.0.2d [xx XXX xxxx] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] + + *) Fix HMAC ABI incompatibility. The previous version introduced an ABI + incompatibility in the handling of HMAC. The previous ABI has now been + restored. + [Matt Caswell] + + Changes between 1.0.2a and 1.0.2b [11 Jun 2015] *) Malformed ECParameters causes infinite loop diff --git a/NEWS b/NEWS index beb2dd3..e51526e 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [under development] + Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [under development] + + o Alternate chains certificate forgery (CVE-2015-1793) + + Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] + + o Fix HMAC ABI incompatibility + + Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) diff --git a/apps/verify.c b/apps/verify.c index 227b85b..a823d58 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -83,14 +83,18 @@ OPTIONS verify_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, - {"verbose", OPT_VERBOSE, '-'}, - {"CApath", OPT_CAPATH, '/'}, - {"CAfile", OPT_CAFILE, '<'}, - {"untrusted", OPT_UNTRUSTED, '<'}, - {"trusted", OPT_TRUSTED, '<'}, - {"CRLfile", OPT_CRLFILE, '<'}, - {"crl_download", OPT_CRL_DOWNLOAD, '-'}, - {"show_chain", OPT_SHOW_CHAIN, '-'}, + {"verbose", OPT_VERBOSE, '-', + "Print extra information about the operations being performed."}, + {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"}, + {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"}, + {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"}, + {"trusted", OPT_TRUSTED, '<', "A file of additional trusted certificates"}, + {"CRLfile", OPT_CRLFILE, '<', + "File containing one or more CRL's (in PEM format) to load"}, + {"crl_download", OPT_CRL_DOWNLOAD, '-', + "Attempt to download CRL information for this certificate"}, + {"show_chain", OPT_SHOW_CHAIN, '-', + "Display information about the certificate chain"}, OPT_V_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -240,6 +244,7 @@ static int check(X509_STORE *ctx, char *file, int i = 0, ret = 0; X509_STORE_CTX *csc; STACK_OF(X509) *chain = NULL; + int num_untrusted; x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file"); if (x == NULL) @@ -261,8 +266,10 @@ static int check(X509_STORE *ctx, char *file, if (crls) X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); - if (i > 0 && show_chain) + if (i > 0 && show_chain) { chain = X509_STORE_CTX_get1_chain(csc); + num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); + } X509_STORE_CTX_free(csc); ret = 0; @@ -280,6 +287,9 @@ static int check(X509_STORE *ctx, char *file, X509_NAME_print_ex_fp(stdout, X509_get_subject_name(cert), 0, XN_FLAG_ONELINE); + if (i < num_untrusted) { + printf(" (untrusted)"); + } printf("\n"); } sk_X509_pop_free(chain, X509_free); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index a920ea7..df012dd 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -193,6 +193,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; } + if (ctx->chain != NULL) { + /* + * This X509_STORE_CTX has already been used to verify a cert. We + * cannot do another one. + */ + X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } cb = ctx->verify_cb; @@ -200,15 +208,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (ctx->chain == NULL) { - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); - ctx->last_untrusted = 1; + if (((ctx->chain = sk_X509_new_null()) == NULL) || + (!sk_X509_push(ctx->chain, ctx->cert))) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + goto end; } + CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); + ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL @@ -392,8 +398,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) xtmp = sk_X509_pop(ctx->chain); X509_free(xtmp); num--; - ctx->last_untrusted--; } + ctx->last_untrusted = sk_X509_num(ctx->chain); retry = 1; break; } @@ -2446,6 +2452,11 @@ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) return ctx->explicit_policy; } +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) +{ + return ctx->last_untrusted; +} + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) { const X509_VERIFY_PARAM *param; diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 9407fae..9cc7fcb 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -12,6 +12,7 @@ B B [B<-attime timestamp>] [B<-check_ss_sig>] [B<-CRLfile file>] +[B<-crl_download>] [B<-crl_check>] [B<-crl_check_all>] [B<-explicit_policy>] @@ -32,6 +33,7 @@ B B [B<-trusted_first>] [B<-no_alt_chains>] [B<-untrusted file>] +[B<-trusted file>] [B<-use_deltas>] [B<-verbose>] [B<-verify_depth num>] @@ -40,6 +42,7 @@ B B [B<-verify_ip ip>] [B<-verify_name name>] [B<-x509_strict>] +[B<-show_chain>] [B<->] [certificates] @@ -80,6 +83,10 @@ because it doesn't add any security. File containing one or more CRL's (in PEM format) to load. +=item B<-crl_download> + +Attempt to download CRL information for this certificate. + =item B<-crl_check> Checks end entity certificate validity by attempting to look up a valid CRL. @@ -178,6 +185,11 @@ behaviour to match that of OpenSSL versions prior to 1.1.0. A file of untrusted certificates. The file should contain multiple certificates in PEM format concatenated together. +=item B<-trusted file> + +A file of additional trusted certificates. The file should contain multiple +certificates in PEM format concatenated together. + =item B<-use_deltas> Enable support for delta CRLs. @@ -216,6 +228,12 @@ Supported usages include: default, pkcs7, smime_sign, ssl_client, ssl_server. For strict X.509 compliance, disable non-compliant workarounds for broken certificates. +=item B<-show_chain> + +Display information about the certificate chain that has been built (if +successful). Certificates in the chain that came from the untrusted list will be +flagged as "untrusted". + =item B<-> Indicates the last option. All arguments following this are assumed to be @@ -480,6 +498,6 @@ L =head1 HISTORY -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -show_chain option was first added to OpenSSL 1.1.0. =cut diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index d8d3346..f8907d7 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -25,6 +25,8 @@ X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + =head1 DESCRIPTION These functions initialise an B structure for subsequent use @@ -40,10 +42,15 @@ is no longer valid. If B is NULL nothing is done. X509_STORE_CTX_init() sets up B for a subsequent verification operation. -The trusted certificate store is set to B, the end entity certificate -to be verified is set to B and a set of additional certificates (which -will be untrusted but may be used to build the chain) in B. Any or -all of the B, B and B parameters can be B. +It must be called before each call to X509_verify_cert(), i.e. a B is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same B then you must call X509_XTORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to B, the end +entity certificate to be verified is set to B and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +B. Any or all of the B, B and B parameters can be +B. X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B to B. This is an alternative way of specifying trusted certificates @@ -71,6 +78,9 @@ X509_STORE_CTX_set_default() looks up and sets the default verification method to B. This uses the function X509_VERIFY_PARAM_lookup() to find an appropriate set of parameters from B. +X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates +that were used in building the chain following a call to X509_verify_cert(). + =head1 NOTES The certificates and CRLs in a store are used internally and should B @@ -111,6 +121,9 @@ values. X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred. +X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates +used. + =head1 SEE ALSO L @@ -119,5 +132,6 @@ L =head1 HISTORY X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0 +X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0 =cut diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod index e5cfc6f..48055b0 100644 --- a/doc/crypto/X509_verify_cert.pod +++ b/doc/crypto/X509_verify_cert.pod @@ -32,7 +32,8 @@ OpenSSL internally for certificate validation, in both the S/MIME and SSL/TLS code. The negative return value from X509_verify_cert() can only occur if no -certificate is set in B (due to a programming error) or if a retry +certificate is set in B (due to a programming error); if X509_verify_cert() +twice without reinitialising B in between; or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). It is however recommended that application check for <= 0 return value on error. diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 4ad2029..8e0a225 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -528,6 +528,7 @@ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); diff --git a/test/Makefile b/test/Makefile index 508c53b..d9aa750 100644 --- a/test/Makefile +++ b/test/Makefile @@ -68,6 +68,7 @@ SRPTEST= srptest V3NAMETEST= v3nametest HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test +VERIFYEXTRATEST= verify_extra_test TESTS= alltests @@ -84,7 +85,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(JPAKETEST)$(EXE_EXT) $(SECMEMTEST)$(EXE_EXT) \ $(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \ $(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \ - $(CONSTTIMETEST)$(EXE_EXT) + $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -98,7 +99,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \ $(GOST2814789TEST).o $(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \ - $(CONSTTIMETEST).o testutil.o + $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o testutil.o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -109,7 +110,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \ $(GOST2814789TEST).c $(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \ - $(CONSTTIMETEST).c testutil.c + $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c testutil.c HEADER= testutil.h @@ -150,7 +151,7 @@ alltests: \ test_ige test_jpake test_secmem \ test_srp test_cms test_v3name test_ocsp \ test_gost2814789 test_heartbeat test_p5_crpt2 \ - test_constant_time + test_constant_time test_verify_extra test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt @echo $(START) $@ @@ -399,6 +400,10 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(CONSTTIMETEST) +test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) + update: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @@ -586,6 +591,9 @@ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) testutil.o $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o @target=$(CONSTTIMETEST) $(BUILD_CMD) +$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o + @target=$(VERIFYEXTRATEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -881,6 +889,21 @@ v3nametest.o: ../include/openssl/sha.h ../include/openssl/stack.h v3nametest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h v3nametest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h v3nametest.o: v3nametest.c +verify_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +verify_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +verify_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +verify_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +verify_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +verify_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +verify_extra_test.o: ../include/openssl/objects.h +verify_extra_test.o: ../include/openssl/opensslconf.h +verify_extra_test.o: ../include/openssl/opensslv.h +verify_extra_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify_extra_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +verify_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify_extra_test.o: verify_extra_test.c wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/test/certs/bad.key b/test/certs/bad.key new file mode 100644 index 0000000..4708495 --- /dev/null +++ b/test/certs/bad.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi +HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL +fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ +n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh +7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6 +y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R +452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO ++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/ +rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9 +ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr +5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF +XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr +YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC +PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw +MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ +AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR +Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf +pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP +kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH ++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur +WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi +njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR +R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR +8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP +RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA= +-----END RSA PRIVATE KEY----- diff --git a/test/certs/bad.pem b/test/certs/bad.pem new file mode 100644 index 0000000..8769231 --- /dev/null +++ b/test/certs/bad.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN +MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 +ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi +YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8 +nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp +bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh +twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB +cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb +Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm +ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4 +9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht +OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H +pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR +VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ +ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ +O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE +-----END CERTIFICATE----- diff --git a/test/certs/interCA.key b/test/certs/interCA.key new file mode 100644 index 0000000..c32fe26 --- /dev/null +++ b/test/certs/interCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q +xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl +oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ +vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj +m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ +T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC +cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww +CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V +PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676 +X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO +674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ +Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW +EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L +/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w +Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay +ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm +R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af +N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F +kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr +fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc +YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu +DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U +fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT ++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe +nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa +-----END RSA PRIVATE KEY----- diff --git a/test/certs/interCA.pem b/test/certs/interCA.pem new file mode 100644 index 0000000..35568ab --- /dev/null +++ b/test/certs/interCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/test/certs/leaf.key b/test/certs/leaf.key new file mode 100644 index 0000000..a1b1721 --- /dev/null +++ b/test/certs/leaf.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1 +sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs +0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR +yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2 +QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F +auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT +uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX +aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4 +m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn +q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd +vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5 +BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE +L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd +v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86 +Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D +lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG +UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz +1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu +z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt +nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ +C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF +RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O +IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ +IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh +t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/leaf.pem b/test/certs/leaf.pem new file mode 100644 index 0000000..bb94d12 --- /dev/null +++ b/test/certs/leaf.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/test/certs/rootCA.key b/test/certs/rootCA.key new file mode 100644 index 0000000..527f3ad --- /dev/null +++ b/test/certs/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/ +m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD +Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7 +w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM +uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV +ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE +qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL +GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH +g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM +VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj +/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH +bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+ +LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz +YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6 +Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ +iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1 +uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude +8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP +Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh +Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5 +VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ +f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH +mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T +xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g +AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/rootCA.pem b/test/certs/rootCA.pem new file mode 100644 index 0000000..ef73d00 --- /dev/null +++ b/test/certs/rootCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/test/certs/roots.pem b/test/certs/roots.pem new file mode 100644 index 0000000..0bc6912 --- /dev/null +++ b/test/certs/roots.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/test/certs/subinterCA-ss.pem b/test/certs/subinterCA-ss.pem new file mode 100644 index 0000000..a436b4b --- /dev/null +++ b/test/certs/subinterCA-ss.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/test/certs/subinterCA.key b/test/certs/subinterCA.key new file mode 100644 index 0000000..c867af9 --- /dev/null +++ b/test/certs/subinterCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb +2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n +JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C +pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy +wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF +HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg +nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO +ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd +SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5 +P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH +VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX +lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh +ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z +uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g +5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im +S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4 +hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS +zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc +cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7 +M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1 +sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW +aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s +5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu +ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S +zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c= +-----END RSA PRIVATE KEY----- diff --git a/test/certs/subinterCA.pem b/test/certs/subinterCA.pem new file mode 100644 index 0000000..2cdf480 --- /dev/null +++ b/test/certs/subinterCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- diff --git a/test/certs/untrusted.pem b/test/certs/untrusted.pem new file mode 100644 index 0000000..d93d312 --- /dev/null +++ b/test/certs/untrusted.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c new file mode 100644 index 0000000..08509f0 --- /dev/null +++ b/test/verify_extra_test.c @@ -0,0 +1,208 @@ +/* + * Written by Matt Caswell for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include + +static STACK_OF(X509) *load_certs_from_file(const char *filename) +{ + STACK_OF(X509) *certs; + BIO *bio; + X509 *x; + + bio = BIO_new_file(filename, "r"); + + if (bio == NULL) { + return NULL; + } + + certs = sk_X509_new_null(); + if (certs == NULL) { + BIO_free(bio); + return NULL; + } + + ERR_set_mark(); + do { + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x != NULL && !sk_X509_push(certs, x)) { + sk_X509_pop_free(certs, X509_free); + BIO_free(bio); + return NULL; + } else if (x == NULL) { + /* + * We probably just ran out of certs, so ignore any errors + * generated + */ + ERR_pop_to_mark(); + } + } while (x != NULL); + + BIO_free(bio); + + return certs; +} + +/* + * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) + * + * Chain is as follows: + * + * rootCA (self-signed) + * | + * interCA + * | + * subinterCA subinterCA (self-signed) + * | | + * leaf ------------------ + * | + * bad + * + * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE + * leaf and bad have CA=FALSE + * + * subinterCA and subinterCA (ss) have the same subject name and keys + * + * interCA (but not rootCA) and subinterCA (ss) are in the trusted store + * (roots.pem) + * leaf and subinterCA are in the untrusted list (untrusted.pem) + * bad is the certificate being verified (bad.pem) + * + * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has + * CA=FALSE, and will therefore incorrectly verify bad + * + */ +static int test_alt_chains_cert_forgery(void) +{ + int ret = 0; + int i; + X509 *x = NULL; + STACK_OF(X509) *untrusted = NULL; + BIO *bio = NULL; + X509_STORE_CTX *sctx = NULL; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + store = X509_STORE_new(); + if (store == NULL) + goto err; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto err; + if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM)) + goto err; + + untrusted = load_certs_from_file("certs/untrusted.pem"); + + if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL) + goto err; + + if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + goto err; + + sctx = X509_STORE_CTX_new(); + if (sctx == NULL) + goto err; + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + /* This is the result we were expecting: Test passed */ + ret = 1; + } + err: + X509_STORE_CTX_free(sctx); + X509_free(x); + BIO_free(bio); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_free(store); + if (ret != 1) + ERR_print_errors_fp(stderr); + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + + if (!test_alt_chains_cert_forgery()) { + fprintf(stderr, "Test alt chains cert forgery failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/util/libeay.num b/util/libeay.num index 9933499..4d3642f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4587,3 +4587,4 @@ CRYPTO_secure_free 4945 EXIST::FUNCTION: BIO_s_secmem 4946 EXIST::FUNCTION: CRYPTO_get_secure_mem_ex_functions 4947 EXIST::FUNCTION: CRYPTO_set_secure_mem_functions 4948 EXIST::FUNCTION: +X509_STORE_CTX_get_num_untrusted 4949 EXIST::FUNCTION: From matt at openssl.org Thu Jul 9 13:01:29 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2015 13:01:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436446889.728446.32018.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via a7ef1e907276a899fbfeee642810caccb03fc07c (commit) via 33dd08320648ac71d7d9d732be774ed3818dccc5 (commit) via 5627e0f77d333b3d6d2f87b0cc616a062cf54aeb (commit) via 9dee5244e1d879ee94b203e618202be91936ff71 (commit) via 692f07c3e0c04180b56febc2feb57cd94395a7a2 (commit) via f404943bcab4898d18f3ac1b36479d1d7bbbb9e6 (commit) via 21376d8ae310cf0455ca2b73c8e9f77cafeb28dd (commit) from c0b674b7cbd9146982850523293c74b9131b26d5 (commit) - Log ----------------------------------------------------------------- commit a7ef1e907276a899fbfeee642810caccb03fc07c Author: Matt Caswell Date: Thu Jul 9 13:18:51 2015 +0100 Prepare for 1.0.2e-dev Reviewed-by: Stephen Henson commit 33dd08320648ac71d7d9d732be774ed3818dccc5 Author: Matt Caswell Date: Thu Jul 9 13:03:09 2015 +0100 Prepare for 1.0.2d release Reviewed-by: Stephen Henson commit 5627e0f77d333b3d6d2f87b0cc616a062cf54aeb Author: Matt Caswell Date: Thu Jul 2 15:38:32 2015 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Stephen Henson commit 9dee5244e1d879ee94b203e618202be91936ff71 Author: Matt Caswell Date: Thu Jun 25 12:34:38 2015 +0100 Add documentation for some missing verify options Fills in a couple of verify options that were lacking documentation. Reviewed-by: Rich Salz (cherry picked from commit 79a55b1f2796bf6471360e8b6ab131cdedca256e) Conflicts: doc/apps/verify.pod commit 692f07c3e0c04180b56febc2feb57cd94395a7a2 Author: Matt Caswell Date: Thu Jun 25 09:47:15 2015 +0100 Reject calls to X509_verify_cert that have not been reinitialised The function X509_verify_cert checks the value of |ctx->chain| at the beginning, and if it is NULL then it initialises it, along with the value of ctx->untrusted. The normal way to use X509_verify_cert() is to first call X509_STORE_CTX_init(); then set up various parameters etc; then call X509_verify_cert(); then check the results; and finally call X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets |ctx->chain| to NULL. The only place in the OpenSSL codebase where |ctx->chain| is set to anything other than a non NULL value is in X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be non NULL on entry to X509_verify_cert is if one of the following occurs: 1) An application calls X509_verify_cert() twice without re-initialising in between. 2) An application reaches inside the X509_STORE_CTX structure and changes the value of |ctx->chain| directly. With regards to the second of these, we should discount this - it should not be supported to allow this. With regards to the first of these, the documentation is not exactly crystal clear, but the implication is that you must call X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail to do this then, at best, the results would be undefined. Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is likely to have unexpected results, and could be dangerous. This commit changes the behaviour of X509_verify_cert() so that it causes an error if |ctx->chain| is anything other than NULL (because this indicates that we have not been initialised properly). It also clarifies the associated documentation. This is a follow up commit to CVE-2015-1793. Reviewed-by: Stephen Henson commit f404943bcab4898d18f3ac1b36479d1d7bbbb9e6 Author: Matt Caswell Date: Thu Jul 2 00:15:56 2015 +0100 Add test for CVE-2015-1793 This adds a test for CVE-2015-1793. This adds a new test file verify_extra_test.c, which could form the basis for additional verification tests. Reviewed-by: Stephen Henson commit 21376d8ae310cf0455ca2b73c8e9f77cafeb28dd Author: Matt Caswell Date: Wed Jun 24 15:55:36 2015 +0100 Fix alternate chains certificate forgery issue During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This occurs where at least one cert is added to the first chain from the trust store, but that chain still ends up being untrusted. In that case ctx->last_untrusted is decremented in error. Patch provided by the BoringSSL project. CVE-2015-1793 Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 17 +++- NEWS | 6 +- README | 2 +- crypto/opensslv.h | 6 +- crypto/x509/Makefile | 2 +- crypto/x509/verify_extra_test.c | 208 ++++++++++++++++++++++++++++++++++++++ crypto/x509/x509_vfy.c | 24 +++-- doc/apps/verify.pod | 11 ++ doc/crypto/X509_STORE_CTX_new.pod | 13 ++- doc/crypto/X509_verify_cert.pod | 3 +- openssl.spec | 2 +- test/Makefile | 31 +++++- test/certs/bad.key | 27 +++++ test/certs/bad.pem | 21 ++++ test/certs/interCA.key | 27 +++++ test/certs/interCA.pem | 21 ++++ test/certs/leaf.key | 27 +++++ test/certs/leaf.pem | 21 ++++ test/certs/rootCA.key | 27 +++++ test/certs/rootCA.pem | 21 ++++ test/certs/roots.pem | 42 ++++++++ test/certs/subinterCA-ss.pem | 21 ++++ test/certs/subinterCA.key | 27 +++++ test/certs/subinterCA.pem | 21 ++++ test/certs/untrusted.pem | 42 ++++++++ 25 files changed, 644 insertions(+), 26 deletions(-) create mode 100644 crypto/x509/verify_extra_test.c create mode 100644 test/certs/bad.key create mode 100644 test/certs/bad.pem create mode 100644 test/certs/interCA.key create mode 100644 test/certs/interCA.pem create mode 100644 test/certs/leaf.key create mode 100644 test/certs/leaf.pem create mode 100644 test/certs/rootCA.key create mode 100644 test/certs/rootCA.pem create mode 100644 test/certs/roots.pem create mode 100644 test/certs/subinterCA-ss.pem create mode 100644 test/certs/subinterCA.key create mode 100644 test/certs/subinterCA.pem create mode 100644 test/certs/untrusted.pem diff --git a/CHANGES b/CHANGES index 5aff3e1..11ef03e 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,25 @@ OpenSSL CHANGES _______________ - Changes between 1.0.2c and 1.0.2d [xx XXX xxxx] + Changes between 1.0.2d and 1.0.2e [xx XXX xxxx] *) + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI diff --git a/NEWS b/NEWS index f87f926..cb5674b 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [under development] + Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [under development] o + Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] + + o Alternate chains certificate forgery (CVE-2015-1793) + Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] o Fix HMAC ABI incompatibility diff --git a/README b/README index 5f76493..ae17fb4 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2d-dev + OpenSSL 1.0.2e-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/opensslv.h b/crypto/opensslv.h index b33edf3..faaf63f 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10002040L +# define OPENSSL_VERSION_NUMBER 0x10002050L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index 01aa3bf..bf197a1 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -13,7 +13,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README -TEST= +TEST=verify_extra_test.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/crypto/x509/verify_extra_test.c b/crypto/x509/verify_extra_test.c new file mode 100644 index 0000000..08509f0 --- /dev/null +++ b/crypto/x509/verify_extra_test.c @@ -0,0 +1,208 @@ +/* + * Written by Matt Caswell for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include + +static STACK_OF(X509) *load_certs_from_file(const char *filename) +{ + STACK_OF(X509) *certs; + BIO *bio; + X509 *x; + + bio = BIO_new_file(filename, "r"); + + if (bio == NULL) { + return NULL; + } + + certs = sk_X509_new_null(); + if (certs == NULL) { + BIO_free(bio); + return NULL; + } + + ERR_set_mark(); + do { + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x != NULL && !sk_X509_push(certs, x)) { + sk_X509_pop_free(certs, X509_free); + BIO_free(bio); + return NULL; + } else if (x == NULL) { + /* + * We probably just ran out of certs, so ignore any errors + * generated + */ + ERR_pop_to_mark(); + } + } while (x != NULL); + + BIO_free(bio); + + return certs; +} + +/* + * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) + * + * Chain is as follows: + * + * rootCA (self-signed) + * | + * interCA + * | + * subinterCA subinterCA (self-signed) + * | | + * leaf ------------------ + * | + * bad + * + * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE + * leaf and bad have CA=FALSE + * + * subinterCA and subinterCA (ss) have the same subject name and keys + * + * interCA (but not rootCA) and subinterCA (ss) are in the trusted store + * (roots.pem) + * leaf and subinterCA are in the untrusted list (untrusted.pem) + * bad is the certificate being verified (bad.pem) + * + * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has + * CA=FALSE, and will therefore incorrectly verify bad + * + */ +static int test_alt_chains_cert_forgery(void) +{ + int ret = 0; + int i; + X509 *x = NULL; + STACK_OF(X509) *untrusted = NULL; + BIO *bio = NULL; + X509_STORE_CTX *sctx = NULL; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + store = X509_STORE_new(); + if (store == NULL) + goto err; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto err; + if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM)) + goto err; + + untrusted = load_certs_from_file("certs/untrusted.pem"); + + if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL) + goto err; + + if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + goto err; + + sctx = X509_STORE_CTX_new(); + if (sctx == NULL) + goto err; + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + /* This is the result we were expecting: Test passed */ + ret = 1; + } + err: + X509_STORE_CTX_free(sctx); + X509_free(x); + BIO_free(bio); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_free(store); + if (ret != 1) + ERR_print_errors_fp(stderr); + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + + if (!test_alt_chains_cert_forgery()) { + fprintf(stderr, "Test alt chains cert forgery failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8ce41f9..a2f1dbe 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -198,6 +198,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; } + if (ctx->chain != NULL) { + /* + * This X509_STORE_CTX has already been used to verify a cert. We + * cannot do another one. + */ + X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } cb = ctx->verify_cb; @@ -205,15 +213,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (ctx->chain == NULL) { - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); - ctx->last_untrusted = 1; + if (((ctx->chain = sk_X509_new_null()) == NULL) || + (!sk_X509_push(ctx->chain, ctx->cert))) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + goto end; } + CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); + ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL @@ -389,8 +395,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) xtmp = sk_X509_pop(ctx->chain); X509_free(xtmp); num--; - ctx->last_untrusted--; } + ctx->last_untrusted = sk_X509_num(ctx->chain); retry = 1; break; } diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index df1b86d..bffa6c0 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -15,6 +15,7 @@ B B [B<-attime timestamp>] [B<-check_ss_sig>] [B<-crlfile file>] +[B<-crl_download>] [B<-crl_check>] [B<-crl_check_all>] [B<-policy_check>] @@ -29,6 +30,7 @@ B B [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] +[B<-trusted file>] [B<-verbose>] [B<->] [certificates] @@ -69,6 +71,10 @@ because it doesn't add any security. File containing one or more CRL's (in PEM format) to load. +=item B<-crl_download> + +Attempt to download CRL information for this certificate. + =item B<-crl_check> Checks end entity certificate validity by attempting to look up a valid CRL. @@ -133,6 +139,11 @@ be found that is trusted. With this option that behaviour is suppressed so that only the first chain found is ever used. Using this option will force the behaviour to match that of previous OpenSSL versions. +=item B<-trusted file> + +A file of additional trusted certificates. The file should contain multiple +certificates in PEM format concatenated together. + =item B<-policy_print> Print out diagnostics related to policy processing. diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index b17888f..eb38b0a 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -39,10 +39,15 @@ X509_STORE_CTX_free() completely frees up B. After this call B is no longer valid. X509_STORE_CTX_init() sets up B for a subsequent verification operation. -The trusted certificate store is set to B, the end entity certificate -to be verified is set to B and a set of additional certificates (which -will be untrusted but may be used to build the chain) in B. Any or -all of the B, B and B parameters can be B. +It must be called before each call to X509_verify_cert(), i.e. a B is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same B then you must call X509_XTORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to B, the end +entity certificate to be verified is set to B and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +B. Any or all of the B, B and B parameters can be +B. X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B to B. This is an alternative way of specifying trusted certificates diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod index 5253bdc..a22e441 100644 --- a/doc/crypto/X509_verify_cert.pod +++ b/doc/crypto/X509_verify_cert.pod @@ -32,7 +32,8 @@ OpenSSL internally for certificate validation, in both the S/MIME and SSL/TLS code. The negative return value from X509_verify_cert() can only occur if no -certificate is set in B (due to a programming error) or if a retry +certificate is set in B (due to a programming error); if X509_verify_cert() +twice without reinitialising B in between; or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). It is however recommended that application check for <= 0 return value on error. diff --git a/openssl.spec b/openssl.spec index b721d65..45e737a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2d +Version: 1.0.2e Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/test/Makefile b/test/Makefile index a570fad..e695073 100644 --- a/test/Makefile +++ b/test/Makefile @@ -68,6 +68,7 @@ V3NAMETEST= v3nametest ASN1TEST= asn1test HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test +VERIFYEXTRATEST= verify_extra_test TESTS= alltests @@ -80,7 +81,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ - $(CONSTTIMETEST)$(EXE_EXT) + $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -93,7 +94,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ - $(HEARTBEATTEST).o $(CONSTTIMETEST).o + $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -103,7 +104,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ - $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c + $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c EXHEADER= HEADER= testutil.h $(EXHEADER) @@ -147,7 +148,7 @@ alltests: \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ - test_constant_time + test_constant_time test_verify_extra test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -348,6 +349,10 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) @echo "Test constant time utilites" ../util/shlib_wrap.sh ./$(CONSTTIMETEST) +test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -519,6 +524,9 @@ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o @target=$(CONSTTIMETEST) $(BUILD_CMD) +$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o + @target=$(VERIFYEXTRATEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -822,6 +830,21 @@ v3nametest.o: ../include/openssl/sha.h ../include/openssl/stack.h v3nametest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h v3nametest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h v3nametest.o: v3nametest.c +verify_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +verify_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +verify_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +verify_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +verify_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +verify_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +verify_extra_test.o: ../include/openssl/objects.h +verify_extra_test.o: ../include/openssl/opensslconf.h +verify_extra_test.o: ../include/openssl/opensslv.h +verify_extra_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify_extra_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +verify_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify_extra_test.o: verify_extra_test.c wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/test/certs/bad.key b/test/certs/bad.key new file mode 100644 index 0000000..4708495 --- /dev/null +++ b/test/certs/bad.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi +HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL +fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ +n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh +7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6 +y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R +452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO ++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/ +rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9 +ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr +5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF +XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr +YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC +PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw +MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ +AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR +Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf +pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP +kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH ++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur +WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi +njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR +R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR +8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP +RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA= +-----END RSA PRIVATE KEY----- diff --git a/test/certs/bad.pem b/test/certs/bad.pem new file mode 100644 index 0000000..8769231 --- /dev/null +++ b/test/certs/bad.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN +MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 +ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi +YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8 +nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp +bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh +twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB +cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb +Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm +ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4 +9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht +OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H +pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR +VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ +ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ +O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE +-----END CERTIFICATE----- diff --git a/test/certs/interCA.key b/test/certs/interCA.key new file mode 100644 index 0000000..c32fe26 --- /dev/null +++ b/test/certs/interCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q +xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl +oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ +vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj +m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ +T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC +cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww +CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V +PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676 +X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO +674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ +Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW +EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L +/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w +Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay +ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm +R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af +N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F +kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr +fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc +YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu +DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U +fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT ++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe +nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa +-----END RSA PRIVATE KEY----- diff --git a/test/certs/interCA.pem b/test/certs/interCA.pem new file mode 100644 index 0000000..35568ab --- /dev/null +++ b/test/certs/interCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/test/certs/leaf.key b/test/certs/leaf.key new file mode 100644 index 0000000..a1b1721 --- /dev/null +++ b/test/certs/leaf.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1 +sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs +0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR +yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2 +QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F +auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT +uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX +aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4 +m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn +q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd +vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5 +BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE +L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd +v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86 +Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D +lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG +UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz +1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu +z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt +nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ +C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF +RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O +IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ +IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh +t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/leaf.pem b/test/certs/leaf.pem new file mode 100644 index 0000000..bb94d12 --- /dev/null +++ b/test/certs/leaf.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/test/certs/rootCA.key b/test/certs/rootCA.key new file mode 100644 index 0000000..527f3ad --- /dev/null +++ b/test/certs/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/ +m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD +Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7 +w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM +uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV +ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE +qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL +GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH +g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM +VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj +/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH +bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+ +LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz +YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6 +Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ +iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1 +uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude +8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP +Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh +Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5 +VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ +f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH +mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T +xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g +AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/rootCA.pem b/test/certs/rootCA.pem new file mode 100644 index 0000000..ef73d00 --- /dev/null +++ b/test/certs/rootCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/test/certs/roots.pem b/test/certs/roots.pem new file mode 100644 index 0000000..0bc6912 --- /dev/null +++ b/test/certs/roots.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/test/certs/subinterCA-ss.pem b/test/certs/subinterCA-ss.pem new file mode 100644 index 0000000..a436b4b --- /dev/null +++ b/test/certs/subinterCA-ss.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/test/certs/subinterCA.key b/test/certs/subinterCA.key new file mode 100644 index 0000000..c867af9 --- /dev/null +++ b/test/certs/subinterCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb +2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n +JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C +pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy +wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF +HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg +nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO +ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd +SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5 +P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH +VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX +lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh +ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z +uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g +5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im +S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4 +hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS +zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc +cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7 +M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1 +sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW +aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s +5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu +ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S +zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c= +-----END RSA PRIVATE KEY----- diff --git a/test/certs/subinterCA.pem b/test/certs/subinterCA.pem new file mode 100644 index 0000000..2cdf480 --- /dev/null +++ b/test/certs/subinterCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- diff --git a/test/certs/untrusted.pem b/test/certs/untrusted.pem new file mode 100644 index 0000000..d93d312 --- /dev/null +++ b/test/certs/untrusted.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- From matt at openssl.org Thu Jul 9 13:01:46 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2015 13:01:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436446906.119933.1171.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 7c17c20a56a76c219dcf35d4956026f021cdee52 (commit) via 5ab53da9fbc96b9740a48b318aab845d6616eee4 (commit) via 245daa2b733d66233450bab6880cd0afcddb61de (commit) via cb22d2ae5a5b6069dbf66dbcce07223ac15a16de (commit) via b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0 (commit) via d42d1004332f40c1098946b0804791fd3da3e378 (commit) via 9a0db453ba017ebcaccbee933ee6511a9ae4d1c8 (commit) from cb6e0ed17a61ae3711d385f517d61be2b4c33a55 (commit) - Log ----------------------------------------------------------------- commit 7c17c20a56a76c219dcf35d4956026f021cdee52 Author: Matt Caswell Date: Thu Jul 9 13:29:59 2015 +0100 Prepare for 1.0.1q-dev Reviewed-by: Stephen Henson commit 5ab53da9fbc96b9740a48b318aab845d6616eee4 Author: Matt Caswell Date: Thu Jul 9 13:22:23 2015 +0100 Prepare for 1.0.1p release Reviewed-by: Stephen Henson commit 245daa2b733d66233450bab6880cd0afcddb61de Author: Matt Caswell Date: Thu Jul 2 15:38:32 2015 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Stephen Henson commit cb22d2ae5a5b6069dbf66dbcce07223ac15a16de Author: Matt Caswell Date: Wed Jun 24 00:12:38 2015 +0100 Fix alt chains bug This is a follow up to the alternate chains certificate forgery issue (CVE-2015-1793). That issue is exacerbated in 1.0.1 by a related bug which means that we *always* check for an alternative chain, even if we have already found a chain. The code is supposed to stop as soon as it has found one (and does do in master and 1.0.2). Reviewed-by: Stephen Henson commit b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0 Author: Matt Caswell Date: Thu Jun 25 09:47:15 2015 +0100 Reject calls to X509_verify_cert that have not been reinitialised The function X509_verify_cert checks the value of |ctx->chain| at the beginning, and if it is NULL then it initialises it, along with the value of ctx->untrusted. The normal way to use X509_verify_cert() is to first call X509_STORE_CTX_init(); then set up various parameters etc; then call X509_verify_cert(); then check the results; and finally call X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets |ctx->chain| to NULL. The only place in the OpenSSL codebase where |ctx->chain| is set to anything other than a non NULL value is in X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be non NULL on entry to X509_verify_cert is if one of the following occurs: 1) An application calls X509_verify_cert() twice without re-initialising in between. 2) An application reaches inside the X509_STORE_CTX structure and changes the value of |ctx->chain| directly. With regards to the second of these, we should discount this - it should not be supported to allow this. With regards to the first of these, the documentation is not exactly crystal clear, but the implication is that you must call X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail to do this then, at best, the results would be undefined. Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is likely to have unexpected results, and could be dangerous. This commit changes the behaviour of X509_verify_cert() so that it causes an error if |ctx->chain| is anything other than NULL (because this indicates that we have not been initialised properly). It also clarifies the associated documentation. This is a follow up commit to CVE-2015-1793. Reviewed-by: Stephen Henson commit d42d1004332f40c1098946b0804791fd3da3e378 Author: Matt Caswell Date: Thu Jul 2 00:15:56 2015 +0100 Add test for CVE-2015-1793 This adds a test for CVE-2015-1793. This adds a new test file verify_extra_test.c, which could form the basis for additional verification tests. Reviewed-by: Stephen Henson Conflicts: test/Makefile commit 9a0db453ba017ebcaccbee933ee6511a9ae4d1c8 Author: Matt Caswell Date: Wed Jun 24 15:55:36 2015 +0100 Fix alternate chains certificate forgery issue During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This occurs where at least one cert is added to the first chain from the trust store, but that chain still ends up being untrusted. In that case ctx->last_untrusted is decremented in error. Patch provided by the BoringSSL project. CVE-2015-1793 Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 17 +++- NEWS | 6 +- README | 2 +- crypto/opensslv.h | 6 +- crypto/x509/Makefile | 2 +- crypto/x509/verify_extra_test.c | 209 ++++++++++++++++++++++++++++++++++++++ crypto/x509/x509_vfy.c | 26 +++-- doc/crypto/X509_STORE_CTX_new.pod | 13 ++- doc/crypto/X509_verify_cert.pod | 3 +- openssl.spec | 2 +- test/Makefile | 31 +++++- test/certs/bad.key | 27 +++++ test/certs/bad.pem | 21 ++++ test/certs/interCA.key | 27 +++++ test/certs/interCA.pem | 21 ++++ test/certs/leaf.key | 27 +++++ test/certs/leaf.pem | 21 ++++ test/certs/rootCA.key | 27 +++++ test/certs/rootCA.pem | 21 ++++ test/certs/roots.pem | 42 ++++++++ test/certs/subinterCA-ss.pem | 21 ++++ test/certs/subinterCA.key | 27 +++++ test/certs/subinterCA.pem | 21 ++++ test/certs/untrusted.pem | 42 ++++++++ 24 files changed, 635 insertions(+), 27 deletions(-) create mode 100644 crypto/x509/verify_extra_test.c create mode 100644 test/certs/bad.key create mode 100644 test/certs/bad.pem create mode 100644 test/certs/interCA.key create mode 100644 test/certs/interCA.pem create mode 100644 test/certs/leaf.key create mode 100644 test/certs/leaf.pem create mode 100644 test/certs/rootCA.key create mode 100644 test/certs/rootCA.pem create mode 100644 test/certs/roots.pem create mode 100644 test/certs/subinterCA-ss.pem create mode 100644 test/certs/subinterCA.key create mode 100644 test/certs/subinterCA.pem create mode 100644 test/certs/untrusted.pem diff --git a/CHANGES b/CHANGES index af27f3f..38ae89f 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,25 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1o and 1.0.1p [xx XXX xxxx] + Changes between 1.0.1p and 1.0.1q [xx XXX xxxx] *) + Changes between 1.0.1o and 1.0.1p [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI diff --git a/NEWS b/NEWS index 1d81d4c..ea0c716 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [under development] + Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [under development] o + Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] + + o Alternate chains certificate forgery (CVE-2015-1793) + Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] o Fix HMAC ABI incompatibility diff --git a/README b/README index 7b9ff6e..c3db93a 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1p-dev + OpenSSL 1.0.1q-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/opensslv.h b/crypto/opensslv.h index f86e324..78eef03 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10001100L +# define OPENSSL_VERSION_NUMBER 0x10001110L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index af3c255..aac3ece 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -13,7 +13,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README -TEST= +TEST=verify_extra_test.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/crypto/x509/verify_extra_test.c b/crypto/x509/verify_extra_test.c new file mode 100644 index 0000000..a1e41f2 --- /dev/null +++ b/crypto/x509/verify_extra_test.c @@ -0,0 +1,209 @@ +/* + * Written by Matt Caswell for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include + +static STACK_OF(X509) *load_certs_from_file(const char *filename) +{ + STACK_OF(X509) *certs; + BIO *bio; + X509 *x; + + bio = BIO_new_file(filename, "r"); + + if (bio == NULL) { + return NULL; + } + + certs = sk_X509_new_null(); + if (certs == NULL) { + BIO_free(bio); + return NULL; + } + + ERR_set_mark(); + do { + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x != NULL && !sk_X509_push(certs, x)) { + sk_X509_pop_free(certs, X509_free); + BIO_free(bio); + return NULL; + } else if (x == NULL) { + /* + * We probably just ran out of certs, so ignore any errors + * generated + */ + ERR_pop_to_mark(); + } + } while (x != NULL); + + BIO_free(bio); + + return certs; +} + +/* + * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) + * + * Chain is as follows: + * + * rootCA (self-signed) + * | + * interCA + * | + * subinterCA subinterCA (self-signed) + * | | + * leaf ------------------ + * | + * bad + * + * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE + * leaf and bad have CA=FALSE + * + * subinterCA and subinterCA (ss) have the same subject name and keys + * + * interCA (but not rootCA) and subinterCA (ss) are in the trusted store + * (roots.pem) + * leaf and subinterCA are in the untrusted list (untrusted.pem) + * bad is the certificate being verified (bad.pem) + * + * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has + * CA=FALSE, and will therefore incorrectly verify bad + * + */ +static int test_alt_chains_cert_forgery(void) +{ + int ret = 0; + int i; + X509 *x = NULL; + STACK_OF(X509) *untrusted = NULL; + BIO *bio = NULL; + X509_STORE_CTX *sctx = NULL; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + store = X509_STORE_new(); + if (store == NULL) + goto err; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto err; + if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM)) + goto err; + + untrusted = load_certs_from_file("certs/untrusted.pem"); + + if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL) + goto err; + + if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + goto err; + + sctx = X509_STORE_CTX_new(); + if (sctx == NULL) + goto err; + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if(i == 0 && X509_STORE_CTX_get_error(sctx) + == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) { + /* This is the result we were expecting: Test passed */ + ret = 1; + } + err: + X509_STORE_CTX_free(sctx); + X509_free(x); + BIO_free(bio); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_free(store); + if (ret != 1) + ERR_print_errors_fp(stderr); + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + + if (!test_alt_chains_cert_forgery()) { + fprintf(stderr, "Test alt chains cert forgery failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 16db4c0..7009ae6 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -162,6 +162,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; } + if (ctx->chain != NULL) { + /* + * This X509_STORE_CTX has already been used to verify a cert. We + * cannot do another one. + */ + X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } cb = ctx->verify_cb; @@ -169,15 +177,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (ctx->chain == NULL) { - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); - ctx->last_untrusted = 1; + if (((ctx->chain = sk_X509_new_null()) == NULL) || + (!sk_X509_push(ctx->chain, ctx->cert))) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + goto end; } + CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); + ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL @@ -306,7 +312,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) * if the user hasn't switched off alternate chain checking */ retry = 0; - if (j == ctx->last_untrusted && + if (num == ctx->last_untrusted && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { while (j-- > 1) { xtmp2 = sk_X509_value(ctx->chain, j - 1); @@ -328,8 +334,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) xtmp = sk_X509_pop(ctx->chain); X509_free(xtmp); num--; - ctx->last_untrusted--; } + ctx->last_untrusted = sk_X509_num(ctx->chain); retry = 1; break; } diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index b17888f..eb38b0a 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -39,10 +39,15 @@ X509_STORE_CTX_free() completely frees up B. After this call B is no longer valid. X509_STORE_CTX_init() sets up B for a subsequent verification operation. -The trusted certificate store is set to B, the end entity certificate -to be verified is set to B and a set of additional certificates (which -will be untrusted but may be used to build the chain) in B. Any or -all of the B, B and B parameters can be B. +It must be called before each call to X509_verify_cert(), i.e. a B is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same B then you must call X509_XTORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to B, the end +entity certificate to be verified is set to B and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +B. Any or all of the B, B and B parameters can be +B. X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B to B. This is an alternative way of specifying trusted certificates diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod index 5253bdc..a22e441 100644 --- a/doc/crypto/X509_verify_cert.pod +++ b/doc/crypto/X509_verify_cert.pod @@ -32,7 +32,8 @@ OpenSSL internally for certificate validation, in both the S/MIME and SSL/TLS code. The negative return value from X509_verify_cert() can only occur if no -certificate is set in B (due to a programming error) or if a retry +certificate is set in B (due to a programming error); if X509_verify_cert() +twice without reinitialising B in between; or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). It is however recommended that application check for <= 0 return value on error. diff --git a/openssl.spec b/openssl.spec index 67a6074..7ceb322 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl #Version: %{libmaj}.%{libmin}.%{librel} -Version: 1.0.1p +Version: 1.0.1q Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/test/Makefile b/test/Makefile index 0ee4ec2..eca1400 100644 --- a/test/Makefile +++ b/test/Makefile @@ -66,6 +66,7 @@ SRPTEST= srptest ASN1TEST= asn1test HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test +VERIFYEXTRATEST= verify_extra_test TESTS= alltests @@ -77,7 +78,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ - $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) + $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -90,7 +91,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \ - $(HEARTBEATTEST).o $(CONSTTIMETEST).o + $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -100,7 +101,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ - $(HEARTBEATTEST).c $(CONSTTIMETEST).c + $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c EXHEADER= HEADER= $(EXHEADER) @@ -143,7 +144,7 @@ alltests: \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ - test_jpake test_srp test_cms test_heartbeat test_constant_time + test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -334,6 +335,10 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) @echo "Test constant time utilites" ../util/shlib_wrap.sh ./$(CONSTTIMETEST) +test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -502,6 +507,9 @@ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o @target=$(CONSTTIMETEST) $(BUILD_CMD) +$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o + @target=$(VERIFYEXTRATEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -792,6 +800,21 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.o: ../include/openssl/x509v3.h ssltest.c +verify_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +verify_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +verify_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +verify_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +verify_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +verify_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +verify_extra_test.o: ../include/openssl/objects.h +verify_extra_test.o: ../include/openssl/opensslconf.h +verify_extra_test.o: ../include/openssl/opensslv.h +verify_extra_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify_extra_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +verify_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify_extra_test.o: verify_extra_test.c wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/test/certs/bad.key b/test/certs/bad.key new file mode 100644 index 0000000..4708495 --- /dev/null +++ b/test/certs/bad.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi +HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL +fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ +n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh +7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6 +y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R +452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO ++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/ +rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9 +ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr +5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF +XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr +YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC +PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw +MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ +AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR +Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf +pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP +kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH ++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur +WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi +njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR +R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR +8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP +RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA= +-----END RSA PRIVATE KEY----- diff --git a/test/certs/bad.pem b/test/certs/bad.pem new file mode 100644 index 0000000..8769231 --- /dev/null +++ b/test/certs/bad.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN +MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 +ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi +YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8 +nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp +bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh +twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB +cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb +Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm +ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4 +9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht +OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H +pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR +VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ +ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ +O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE +-----END CERTIFICATE----- diff --git a/test/certs/interCA.key b/test/certs/interCA.key new file mode 100644 index 0000000..c32fe26 --- /dev/null +++ b/test/certs/interCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q +xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl +oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ +vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj +m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ +T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC +cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww +CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V +PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676 +X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO +674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ +Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW +EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L +/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w +Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay +ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm +R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af +N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F +kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr +fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc +YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu +DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U +fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT ++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe +nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa +-----END RSA PRIVATE KEY----- diff --git a/test/certs/interCA.pem b/test/certs/interCA.pem new file mode 100644 index 0000000..35568ab --- /dev/null +++ b/test/certs/interCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/test/certs/leaf.key b/test/certs/leaf.key new file mode 100644 index 0000000..a1b1721 --- /dev/null +++ b/test/certs/leaf.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1 +sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs +0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR +yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2 +QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F +auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT +uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX +aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4 +m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn +q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd +vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5 +BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE +L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd +v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86 +Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D +lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG +UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz +1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu +z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt +nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ +C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF +RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O +IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ +IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh +t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/leaf.pem b/test/certs/leaf.pem new file mode 100644 index 0000000..bb94d12 --- /dev/null +++ b/test/certs/leaf.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/test/certs/rootCA.key b/test/certs/rootCA.key new file mode 100644 index 0000000..527f3ad --- /dev/null +++ b/test/certs/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/ +m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD +Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7 +w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM +uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV +ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE +qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL +GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH +g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM +VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj +/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH +bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+ +LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz +YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6 +Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ +iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1 +uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude +8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP +Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh +Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5 +VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ +f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH +mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T +xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g +AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ== +-----END RSA PRIVATE KEY----- diff --git a/test/certs/rootCA.pem b/test/certs/rootCA.pem new file mode 100644 index 0000000..ef73d00 --- /dev/null +++ b/test/certs/rootCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/test/certs/roots.pem b/test/certs/roots.pem new file mode 100644 index 0000000..0bc6912 --- /dev/null +++ b/test/certs/roots.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/test/certs/subinterCA-ss.pem b/test/certs/subinterCA-ss.pem new file mode 100644 index 0000000..a436b4b --- /dev/null +++ b/test/certs/subinterCA-ss.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/test/certs/subinterCA.key b/test/certs/subinterCA.key new file mode 100644 index 0000000..c867af9 --- /dev/null +++ b/test/certs/subinterCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb +2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n +JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C +pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy +wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF +HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg +nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO +ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd +SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5 +P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH +VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX +lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh +ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z +uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g +5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im +S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4 +hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS +zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc +cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7 +M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1 +sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW +aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s +5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu +ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S +zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c= +-----END RSA PRIVATE KEY----- diff --git a/test/certs/subinterCA.pem b/test/certs/subinterCA.pem new file mode 100644 index 0000000..2cdf480 --- /dev/null +++ b/test/certs/subinterCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- diff --git a/test/certs/untrusted.pem b/test/certs/untrusted.pem new file mode 100644 index 0000000..d93d312 --- /dev/null +++ b/test/certs/untrusted.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- From matt at openssl.org Thu Jul 9 13:02:11 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2015 13:02:11 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2d create Message-ID: <1436446931.169469.3868.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2d has been created at 8d5882ee027abc7e271b20f8868bd76569814b6c (tag) tagging 33dd08320648ac71d7d9d732be774ed3818dccc5 (commit) replaces OpenSSL_1_0_2c tagged by Matt Caswell on Thu Jul 9 13:03:09 2015 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.0.2d release tag Dr. Stephen Henson (7): typo: should be OPENSSL_free Add docs for ssl verification parameter functions. Don't output bogus errors in PKCS12_parse Check for errors with SRP Fix PSK handling. document -2 return value Relax CCM tag check. Matt Caswell (7): Prepare for 1.0.2d-dev Fix alternate chains certificate forgery issue Add test for CVE-2015-1793 Reject calls to X509_verify_cert that have not been reinitialised Add documentation for some missing verify options Update CHANGES and NEWS for the new release Prepare for 1.0.2d release Rich Salz (5): RT1688: Add dependencies for parallel make RT3917: add cleanup on an error path RT3907: avoid "local" in testssl script RT3907-fix RT3682: Avoid double-free on OCSP parse error Richard Levitte (13): Remove one extraneous parenthesis Make preprocessor error into real preprocessor error Cleanup mttest.c : remove MS_CALLBACK Cleanup mttest.c : modernise the threads setup Cleanup mttest.c : modernise output Cleanup mttest.c : more output changes Cleanup mttest.c : make ssl_method a pointer to const Cleanup mttest.c : better error reporting when certs are missing Cleanup mttest.c : do not try to output reference counts when threads are done Add -ldl to the build of mttest.c Cleanup mttest.c : because we no longer use stdio here, don't include it Rearrange rsaz make update Russell Webb (1): RT3856: Fix memory leaks in test code Vitezslav Cizek (1): GH297: Fix NAME section of SSL_CTX_use_serverinfo.pod ----------------------------------------------------------------------- From matt at openssl.org Thu Jul 9 13:02:11 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 09 Jul 2015 13:02:11 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1p create Message-ID: <1436446931.047586.3842.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1p has been created at 1cc64152dce07a7310c19f0e0ed38359e0aadfb7 (tag) tagging 5ab53da9fbc96b9740a48b318aab845d6616eee4 (commit) replaces OpenSSL_1_0_1o tagged by Matt Caswell on Thu Jul 9 13:22:23 2015 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.0.1p release tag Dr. Stephen Henson (5): Don't output bogus errors in PKCS12_parse Check for errors with SRP Fix PSK handling. document -2 return value Relax CCM tag check. Matt Caswell (7): Prepare for 1.0.1p-dev Fix alternate chains certificate forgery issue Add test for CVE-2015-1793 Reject calls to X509_verify_cert that have not been reinitialised Fix alt chains bug Update CHANGES and NEWS for the new release Prepare for 1.0.1p release Rich Salz (3): RT1688: Add dependencies for parallel make RT3907: avoid "local" in testssl script RT3907-fix Richard Levitte (11): Remove one extraneous parenthesis Make preprocessor error into real preprocessor error Cleanup mttest.c : remove MS_CALLBACK Cleanup mttest.c : modernise the threads setup Cleanup mttest.c : modernise output Cleanup mttest.c : more output changes Cleanup mttest.c : make ssl_method a pointer to const Cleanup mttest.c : better error reporting when certs are missing Cleanup mttest.c : do not try to output reference counts when threads are done Add -ldl to the build of mttest.c Cleanup mttest.c : because we no longer use stdio here, don't include it ----------------------------------------------------------------------- From levitte at openssl.org Thu Jul 9 13:47:06 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 09 Jul 2015 13:47:06 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436449626.220789.15167.nullmailer@dev.openssl.org> The branch master has been updated via 1fdfb3c1a661e4e041936ff156aa3cc55ee5d554 (commit) from bc096d567c828f6b5e7ec89dbfbe3d20bb5874d8 (commit) - Log ----------------------------------------------------------------- commit 1fdfb3c1a661e4e041936ff156aa3cc55ee5d554 Author: Richard Levitte Date: Thu Jul 9 15:46:47 2015 +0200 Add links to SHA256 checksum files ----------------------------------------------------------------------- Summary of changes: openssl.wml | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl.wml b/openssl.wml index 6369cb0..2adc21b 100644 --- a/openssl.wml +++ b/openssl.wml @@ -366,6 +366,7 @@ foreach $l (@L) { my $r = "$f"; if (-f "$f.md5") { $r .= " (MD5)"; } if (-f "$f.sha1") { $r .= " (SHA1)"; } + if (-f "$f.sha256") { $r .= " (SHA256)"; } if (-f "$f.asc") { $r .= " (PGP sign)"; } $l = $h.$r.$t; } From steve at openssl.org Thu Jul 9 15:40:51 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 09 Jul 2015 15:40:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436456451.310617.8122.nullmailer@dev.openssl.org> The branch master has been updated via 851fdda1a1952e482fc3f5f1c7c3acdff132bbae (commit) via 88f4f91260653865a5cf668dac95156b37192352 (commit) from 040b93353e8b48cfc0e2429d96eb3a27f259512d (commit) - Log ----------------------------------------------------------------- commit 851fdda1a1952e482fc3f5f1c7c3acdff132bbae Author: Dr. Stephen Henson Date: Thu Jul 9 12:45:22 2015 +0100 make stacks Reviewed-by: Rich Salz commit 88f4f91260653865a5cf668dac95156b37192352 Author: Dr. Stephen Henson Date: Thu Jul 9 12:44:46 2015 +0100 Sort @sstacklst correctly. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: include/openssl/safestack.h | 50 ++++++++++++++++++++++----------------------- util/mkstack.pl | 2 +- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index 388f409..e138bfc 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -2068,31 +2068,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_void_sort(st) SKM_sk_sort(void, (st)) # define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) -# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) -# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) -# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) -# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) -# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) -# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ - ((int (*)(const char * const *,const char * const *)) \ - sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) -# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) -# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) - # define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) # define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) # define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) @@ -2143,6 +2118,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) # define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) +# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) +# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) + # define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) # define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) # define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) diff --git a/util/mkstack.pl b/util/mkstack.pl index 0739027..8daa1f8 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -283,7 +283,7 @@ foreach $type_thing (sort @stacklst) { EOF } -foreach $type_thing (sort @sstacklst) { +foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) { my $t1 = $type_thing->[0]; my $t2 = $type_thing->[1]; $new_stackfile .= < The branch OpenSSL_1_0_2-stable has been updated via 2a7059c56f885a3fa0842e886f5178def8e5481d (commit) from a7ef1e907276a899fbfeee642810caccb03fc07c (commit) - Log ----------------------------------------------------------------- commit 2a7059c56f885a3fa0842e886f5178def8e5481d Author: Dr. Stephen Henson Date: Thu Jul 9 16:56:45 2015 +0100 Sort @sstacklst correctly. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: util/mkstack.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkstack.pl b/util/mkstack.pl index 2bd96cd..f4520d4 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -98,7 +98,7 @@ while() { EOF } - foreach $type_thing (sort @sstacklst) { + foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) { my $t1 = $type_thing->[0]; my $t2 = $type_thing->[1]; $new_stackfile .= < The branch OpenSSL_1_0_0-stable has been updated via 14cf669af13be931c7367bd3d85f344e24647cfd (commit) from 18c5ead86e781ba27c9108ab1854f0b2843238ec (commit) - Log ----------------------------------------------------------------- commit 14cf669af13be931c7367bd3d85f344e24647cfd Author: Dr. Stephen Henson Date: Thu Jul 9 16:56:45 2015 +0100 Sort @sstacklst correctly. Reviewed-by: Rich Salz (cherry picked from commit 2a7059c56f885a3fa0842e886f5178def8e5481d) ----------------------------------------------------------------------- Summary of changes: util/mkstack.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkstack.pl b/util/mkstack.pl index f708610..a86d91f 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -97,7 +97,7 @@ while() { EOF } - foreach $type_thing (sort @sstacklst) { + foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) { my $t1 = $type_thing->[0]; my $t2 = $type_thing->[1]; $new_stackfile .= < The branch OpenSSL_1_0_1-stable has been updated via a15ba3cca394d69dc57b4321902adbe2651bc6f0 (commit) from 7c17c20a56a76c219dcf35d4956026f021cdee52 (commit) - Log ----------------------------------------------------------------- commit a15ba3cca394d69dc57b4321902adbe2651bc6f0 Author: Dr. Stephen Henson Date: Thu Jul 9 16:56:45 2015 +0100 Sort @sstacklst correctly. Reviewed-by: Rich Salz (cherry picked from commit 2a7059c56f885a3fa0842e886f5178def8e5481d) ----------------------------------------------------------------------- Summary of changes: util/mkstack.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkstack.pl b/util/mkstack.pl index f708610..a86d91f 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -97,7 +97,7 @@ while() { EOF } - foreach $type_thing (sort @sstacklst) { + foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) { my $t1 = $type_thing->[0]; my $t2 = $type_thing->[1]; $new_stackfile .= < The branch master has been updated via 99dcd88035330d59ab40b5bc0f551aca7020cd30 (commit) from 851fdda1a1952e482fc3f5f1c7c3acdff132bbae (commit) - Log ----------------------------------------------------------------- commit 99dcd88035330d59ab40b5bc0f551aca7020cd30 Author: Peter Waltenberg Date: Thu Jul 9 14:57:30 2015 -0400 Exit on error in ecparam Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/ecparam.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c index a0781c5..8464c88 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -326,8 +326,9 @@ int ecparam_main(int argc, char **argv) if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); - } else - BIO_printf(bio_err, "ok\n"); + goto end; + } + BIO_printf(bio_err, "ok\n"); } From rsalz at openssl.org Thu Jul 9 19:43:29 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 09 Jul 2015 19:43:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436471009.316286.27831.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via fdd6d00952f00fe7e658b342a359e556d1526c65 (commit) from 2a7059c56f885a3fa0842e886f5178def8e5481d (commit) - Log ----------------------------------------------------------------- commit fdd6d00952f00fe7e658b342a359e556d1526c65 Author: Peter Waltenberg Date: Thu Jul 9 14:57:30 2015 -0400 Exit on error in ecparam Reviewed-by: Tim Hudson (cherry picked from commit 99dcd88035330d59ab40b5bc0f551aca7020cd30) ----------------------------------------------------------------------- Summary of changes: apps/ecparam.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c index 06ac77b..f09c802 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -422,8 +422,9 @@ int MAIN(int argc, char **argv) if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); - } else - BIO_printf(bio_err, "ok\n"); + goto end; + } + BIO_printf(bio_err, "ok\n"); } From rsalz at openssl.org Thu Jul 9 19:43:40 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 09 Jul 2015 19:43:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436471020.337824.28078.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via b5e972fdd3e777c777f45f59bb65f62673412ade (commit) from a15ba3cca394d69dc57b4321902adbe2651bc6f0 (commit) - Log ----------------------------------------------------------------- commit b5e972fdd3e777c777f45f59bb65f62673412ade Author: Peter Waltenberg Date: Thu Jul 9 14:57:30 2015 -0400 Exit on error in ecparam Reviewed-by: Tim Hudson (cherry picked from commit 99dcd88035330d59ab40b5bc0f551aca7020cd30) ----------------------------------------------------------------------- Summary of changes: apps/ecparam.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c index 1f340a9..88ecbc0 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -419,8 +419,9 @@ int MAIN(int argc, char **argv) if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); - } else - BIO_printf(bio_err, "ok\n"); + goto end; + } + BIO_printf(bio_err, "ok\n"); } From levitte at openssl.org Thu Jul 9 20:12:37 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 09 Jul 2015 20:12:37 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436472757.325941.10731.nullmailer@dev.openssl.org> The branch master has been updated via bd2dd9e5f5521fae2631f8a54f7b9947a352ce2f (commit) from 1fdfb3c1a661e4e041936ff156aa3cc55ee5d554 (commit) - Log ----------------------------------------------------------------- commit bd2dd9e5f5521fae2631f8a54f7b9947a352ce2f Author: Richard Levitte Date: Thu Jul 9 22:12:29 2015 +0200 Don't display 'latest' symlinks ----------------------------------------------------------------------- Summary of changes: source/index.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/index.wml b/source/index.wml index 59c571a..59dfd46 100644 --- a/source/index.wml +++ b/source/index.wml @@ -27,7 +27,7 @@ We also maintain a clone at GitHub,
- +
Legalities
From steve at openssl.org Thu Jul 9 20:23:03 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 09 Jul 2015 20:23:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436473383.377095.20380.nullmailer@dev.openssl.org> The branch master has been updated via 2fc52c912a79eefe8610984bac5eed3a2589ee85 (commit) from 99dcd88035330d59ab40b5bc0f551aca7020cd30 (commit) - Log ----------------------------------------------------------------- commit 2fc52c912a79eefe8610984bac5eed3a2589ee85 Author: Dr. Stephen Henson Date: Thu Jul 9 19:32:36 2015 +0100 correct example Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CTX_get0_param.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CTX_get0_param.pod b/doc/ssl/SSL_CTX_get0_param.pod index 332f181..ba16b50 100644 --- a/doc/ssl/SSL_CTX_get0_param.pod +++ b/doc/ssl/SSL_CTX_get0_param.pod @@ -34,7 +34,7 @@ them to suit its needs: for example to add a hostname check. Check hostname matches "www.foo.com" in peer certificate: X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); - X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com"); + X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); =head1 RETURN VALUES From steve at openssl.org Thu Jul 9 20:23:49 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 09 Jul 2015 20:23:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436473429.443852.27016.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ded7eee8c238fd814173517fdffb6a58c0758d81 (commit) from fdd6d00952f00fe7e658b342a359e556d1526c65 (commit) - Log ----------------------------------------------------------------- commit ded7eee8c238fd814173517fdffb6a58c0758d81 Author: Dr. Stephen Henson Date: Thu Jul 9 19:32:36 2015 +0100 correct example Reviewed-by: Rich Salz (cherry picked from commit 2fc52c912a79eefe8610984bac5eed3a2589ee85) ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CTX_get0_param.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CTX_get0_param.pod b/doc/ssl/SSL_CTX_get0_param.pod index 332f181..ba16b50 100644 --- a/doc/ssl/SSL_CTX_get0_param.pod +++ b/doc/ssl/SSL_CTX_get0_param.pod @@ -34,7 +34,7 @@ them to suit its needs: for example to add a hostname check. Check hostname matches "www.foo.com" in peer certificate: X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); - X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com"); + X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); =head1 RETURN VALUES From levitte at openssl.org Thu Jul 9 21:38:50 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 09 Jul 2015 21:38:50 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436477930.872070.16416.nullmailer@dev.openssl.org> The branch master has been updated via 46d1ed4f31a316a870bf319a5ba61cb08b2cb294 (commit) from bd2dd9e5f5521fae2631f8a54f7b9947a352ce2f (commit) - Log ----------------------------------------------------------------- commit 46d1ed4f31a316a870bf319a5ba61cb08b2cb294 Author: Richard Levitte Date: Thu Jul 9 23:34:17 2015 +0200 Rewrite the source/.htaccess hack source/.htaccess only had a redirection for latest.tar.gz, we then had series specific URLs via symlinks. This changes does away with all that places all of those redirects in source/.htaccess. This is, btw, some cool use of wml. ----------------------------------------------------------------------- Summary of changes: Makefile | 5 +---- source/{.htaccess.in => .htaccess.wml} | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 7 deletions(-) rename source/{.htaccess.in => .htaccess.wml} (52%) diff --git a/Makefile b/Makefile index 3f2f4d5..ddb9619 100644 --- a/Makefile +++ b/Makefile @@ -27,10 +27,7 @@ simple: rebuild hack-source_htaccess rebuild: wmk $(FORCE) -I $(SNAP) -a $(DIRS) index.wml hack-source_htaccess: - latest=`grep '' < source/index.html | \ - sed -e 's|^.*||' -e 's|.*$$||'`; \ - sed -e "s|%%LATEST%%|$$latest|" \ - < source/.htaccess.in > source/.htaccess + ( cd source && wml -o .htaccess .htaccess.wml ) manpages: sh ./run-pod2html.sh $(PODSHOME) diff --git a/source/.htaccess.in b/source/.htaccess.wml similarity index 52% rename from source/.htaccess.in rename to source/.htaccess.wml index ee5c94e..9b79140 100644 --- a/source/.htaccess.in +++ b/source/.htaccess.wml @@ -1,4 +1,4 @@ -## +## ## .htaccess -- Apache per-dir config ## @@ -30,5 +30,22 @@ RewriteRule openssl-(fips.*) old/fips/openssl-$1 [L] RemoveEncoding .gz -RewriteBase /source -RewriteRule ^latest\.tar\.gz$ %%LATEST%% [R=302,NC] +RewriteBase /source +<:{ + my @tarballs = + sort grep /openssl-\d+\.\d+\.\d+[a-z]*\.tar\.gz$/, glob("openssl-*.tar.gz"); + my %series = (); + foreach(@tarballs) { + my ($version, $serie) = /^openssl-((\d+\.\d+\.\d+)[a-z]*)\./; + $series{$serie} = $_; + } + + my $latest = $series{ (reverse sort keys %series)[0] }; + print "RewriteRule ^latest\\.tar\\.gz\$ $latest [R=302,NC]\n"; + + foreach (sort keys %series) { + my $rule = "openssl-$_-latest.tar.gz"; $rule =~ s|\.|\\.|g; + my $target = $series{$_}; + print "RewriteRule ^$rule\$ $target [R=302,NC]\n"; + } +}:> From levitte at openssl.org Thu Jul 9 22:41:08 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 09 Jul 2015 22:41:08 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436481668.241620.31283.nullmailer@dev.openssl.org> The branch master has been updated via 90d48d5e7c0d4785eae7d490351234613526fc1a (commit) from 46d1ed4f31a316a870bf319a5ba61cb08b2cb294 (commit) - Log ----------------------------------------------------------------- commit 90d48d5e7c0d4785eae7d490351234613526fc1a Author: Richard Levitte Date: Fri Jul 10 00:41:00 2015 +0200 Move up the processing of 'latest' URLs If this isn't done first, the old distros rules will take them first. ----------------------------------------------------------------------- Summary of changes: source/.htaccess.wml | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/source/.htaccess.wml b/source/.htaccess.wml index 9b79140..23ccfd7 100644 --- a/source/.htaccess.wml +++ b/source/.htaccess.wml @@ -4,18 +4,40 @@ RewriteEngine on +RewriteBase /source + +# First, rewrite all the 'latest' URLs +<:{ + my @tarballs = + sort grep /openssl-\d+\.\d+\.\d+[a-z]*\.tar\.gz$/, glob("openssl-*.tar.gz"); + my %series = (); + foreach(@tarballs) { + my ($version, $serie) = /^openssl-((\d+\.\d+\.\d+)[a-z]*)\./; + $series{$serie} = $_; + } + + my $latest = $series{ (reverse sort keys %series)[0] }; + print "RewriteRule ^latest\\.tar\\.gz\$ $latest [L,R=302,NC]\n"; + + foreach (sort keys %series) { + my $rule = "openssl-$_-latest.tar.gz"; $rule =~ s|\.|\\.|g; + my $target = $series{$_}; + print "RewriteRule ^$rule\$ $target [L,R=302,NC]\n"; + } +}:> + # Old distro's are in subdirs. RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule (openssl-0.9.8.*) old/0.9.x/$1 [L] +RewriteRule (openssl-0\.9\.8.*) old/0.9.x/$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule openssl-(1.0.0.*) old/1.0.0/openssl-$1 [L] +RewriteRule openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule openssl-(1.0.1.*) old/1.0.1/openssl-$1 [L] +RewriteRule openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule openssl-(1.0.2.*) old/1.0.1/openssl-$1 [L] +RewriteRule openssl-(1\.0\.2.*) old/1.0.1/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule openssl-(fips.*) old/fips/openssl-$1 [L] @@ -29,23 +51,4 @@ RewriteRule openssl-(fips.*) old/fips/openssl-$1 [L] RemoveEncoding .gz - -RewriteBase /source -<:{ - my @tarballs = - sort grep /openssl-\d+\.\d+\.\d+[a-z]*\.tar\.gz$/, glob("openssl-*.tar.gz"); - my %series = (); - foreach(@tarballs) { - my ($version, $serie) = /^openssl-((\d+\.\d+\.\d+)[a-z]*)\./; - $series{$serie} = $_; - } - - my $latest = $series{ (reverse sort keys %series)[0] }; - print "RewriteRule ^latest\\.tar\\.gz\$ $latest [R=302,NC]\n"; - - foreach (sort keys %series) { - my $rule = "openssl-$_-latest.tar.gz"; $rule =~ s|\.|\\.|g; - my $target = $series{$_}; - print "RewriteRule ^$rule\$ $target [R=302,NC]\n"; - } -}:> + From levitte at openssl.org Thu Jul 9 22:47:33 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 09 Jul 2015 22:47:33 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436482053.230595.7117.nullmailer@dev.openssl.org> The branch master has been updated via 24c7ddaa4783a7f9c27a591614bbf9786440b35f (commit) from 90d48d5e7c0d4785eae7d490351234613526fc1a (commit) - Log ----------------------------------------------------------------- commit 24c7ddaa4783a7f9c27a591614bbf9786440b35f Author: Richard Levitte Date: Fri Jul 10 00:46:19 2015 +0200 Revert "Don't display 'latest' symlinks" The symlinks are no longer needed since the source/.htaccess now rewrites those URLs. This reverts commit bd2dd9e5f5521fae2631f8a54f7b9947a352ce2f. ----------------------------------------------------------------------- Summary of changes: source/index.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/index.wml b/source/index.wml index 59dfd46..59c571a 100644 --- a/source/index.wml +++ b/source/index.wml @@ -27,7 +27,7 @@ We also maintain a clone at GitHub,
- +
Legalities
From levitte at openssl.org Fri Jul 10 15:25:28 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 15:25:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436541928.420169.16462.nullmailer@dev.openssl.org> The branch master has been updated via 27f98436b9a84b94fbdd8e32960504634ae44cc0 (commit) from 2fc52c912a79eefe8610984bac5eed3a2589ee85 (commit) - Log ----------------------------------------------------------------- commit 27f98436b9a84b94fbdd8e32960504634ae44cc0 Author: Richard Levitte Date: Fri Jul 10 15:40:53 2015 +0200 Stop using tardy Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/Makefile.org b/Makefile.org index e9b49d9..10da644 100644 --- a/Makefile.org +++ b/Makefile.org @@ -481,25 +481,28 @@ TABLE: Configure Configurations/*.conf # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl --group openssl \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: From levitte at openssl.org Fri Jul 10 15:33:51 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 15:33:51 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1436542431.083061.21353.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 0ede4e2e46ec3e093b07c981fa88d3cb5bd3c54b (commit) from 9b914c7f9147c49a569108ab7f524ebaeb92eaaa (commit) - Log ----------------------------------------------------------------- commit 0ede4e2e46ec3e093b07c981fa88d3cb5bd3c54b Author: Richard Levitte Date: Fri Jul 10 15:40:53 2015 +0200 Stop using tardy Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by: Rich Salz (cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0) Conflicts: Makefile.org ----------------------------------------------------------------------- Summary of changes: Makefile.org | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/Makefile.org b/Makefile.org index 0e4fa94..2aad295 100644 --- a/Makefile.org +++ b/Makefile.org @@ -585,25 +585,28 @@ update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h a # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl --group openssl \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: From levitte at openssl.org Fri Jul 10 15:33:58 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 15:33:58 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1436542438.356237.21735.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 00e651b8469e06c8c92ea06e346e1ed780417eda (commit) from 14cf669af13be931c7367bd3d85f344e24647cfd (commit) - Log ----------------------------------------------------------------- commit 00e651b8469e06c8c92ea06e346e1ed780417eda Author: Richard Levitte Date: Fri Jul 10 15:40:53 2015 +0200 Stop using tardy Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by: Rich Salz (cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0) Conflicts: Makefile.org ----------------------------------------------------------------------- Summary of changes: Makefile.org | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/Makefile.org b/Makefile.org index 13ffc15..c8934e1 100644 --- a/Makefile.org +++ b/Makefile.org @@ -452,25 +452,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl --group openssl \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: From levitte at openssl.org Fri Jul 10 15:34:03 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 15:34:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436542443.732914.22020.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via be856204195fe57089ba14e6d1c9068994345234 (commit) from b5e972fdd3e777c777f45f59bb65f62673412ade (commit) - Log ----------------------------------------------------------------- commit be856204195fe57089ba14e6d1c9068994345234 Author: Richard Levitte Date: Fri Jul 10 15:40:53 2015 +0200 Stop using tardy Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by: Rich Salz (cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0) Conflicts: Makefile.org ----------------------------------------------------------------------- Summary of changes: Makefile.org | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/Makefile.org b/Makefile.org index 55a3700..2a5f45c 100644 --- a/Makefile.org +++ b/Makefile.org @@ -499,25 +499,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl --group openssl \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: From levitte at openssl.org Fri Jul 10 15:34:04 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 15:34:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436542444.254019.22139.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via efb1a50f371359e34bd4de48d1e9be4b5030977b (commit) from ded7eee8c238fd814173517fdffb6a58c0758d81 (commit) - Log ----------------------------------------------------------------- commit efb1a50f371359e34bd4de48d1e9be4b5030977b Author: Richard Levitte Date: Fri Jul 10 15:40:53 2015 +0200 Stop using tardy Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by: Rich Salz (cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0) Conflicts: Makefile.org ----------------------------------------------------------------------- Summary of changes: Makefile.org | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/Makefile.org b/Makefile.org index d77e264..4844276 100644 --- a/Makefile.org +++ b/Makefile.org @@ -497,25 +497,28 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -tar: +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ + --owner openssl --group openssl \ + --transform 's|^|openssl-$(VERSION)/|' \ + -cvf - + +../$(TARFILE).list: + find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ + \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ + \! -name '*test' \! -name '.#*' \! -name '*~' \ + | sort > ../$(TARFILE).list + +tar: ../$(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ + $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz + rm -f ../$(TARFILE).list ls -l ../$(TARFILE).gz -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ +tar-snap: ../$(TARFILE).list + $(TAR_COMMAND) > ../$(TARFILE) + rm -f ../$(TARFILE).list ls -l ../$(TARFILE) dist: From levitte at openssl.org Fri Jul 10 18:30:36 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 18:30:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436553036.676360.7633.nullmailer@dev.openssl.org> The branch master has been updated via da24e6f8a05ea657684094e04c1a54efa04c2962 (commit) from 27f98436b9a84b94fbdd8e32960504634ae44cc0 (commit) - Log ----------------------------------------------------------------- commit da24e6f8a05ea657684094e04c1a54efa04c2962 Author: Richard Levitte Date: Fri Jul 10 18:29:17 2015 +0200 Set numeric IDs for tar as well Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 10da644..3e326c0 100644 --- a/Makefile.org +++ b/Makefile.org @@ -482,7 +482,7 @@ TABLE: Configure Configurations/*.conf # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ - --owner openssl --group openssl \ + --owner openssl:0 --group openssl:0 \ --transform 's|^|openssl-$(VERSION)/|' \ -cvf - From levitte at openssl.org Fri Jul 10 18:32:09 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 18:32:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436553129.919347.8917.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0ed08a7a985e35e2a2b18da3b8d7dfed9f126a80 (commit) from efb1a50f371359e34bd4de48d1e9be4b5030977b (commit) - Log ----------------------------------------------------------------- commit 0ed08a7a985e35e2a2b18da3b8d7dfed9f126a80 Author: Richard Levitte Date: Fri Jul 10 18:29:17 2015 +0200 Set numeric IDs for tar as well Reviewed-by: Matt Caswell (cherry picked from commit da24e6f8a05ea657684094e04c1a54efa04c2962) ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 4844276..48469c5 100644 --- a/Makefile.org +++ b/Makefile.org @@ -498,7 +498,7 @@ TABLE: Configure # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ - --owner openssl --group openssl \ + --owner openssl:0 --group openssl:0 \ --transform 's|^|openssl-$(VERSION)/|' \ -cvf - From levitte at openssl.org Fri Jul 10 18:32:16 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 18:32:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436553136.331634.9160.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 2035e2db681ae3b3b3502892bced0f54d1a2c8c0 (commit) from be856204195fe57089ba14e6d1c9068994345234 (commit) - Log ----------------------------------------------------------------- commit 2035e2db681ae3b3b3502892bced0f54d1a2c8c0 Author: Richard Levitte Date: Fri Jul 10 18:29:17 2015 +0200 Set numeric IDs for tar as well Reviewed-by: Matt Caswell (cherry picked from commit da24e6f8a05ea657684094e04c1a54efa04c2962) ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 2a5f45c..aa8776e 100644 --- a/Makefile.org +++ b/Makefile.org @@ -500,7 +500,7 @@ TABLE: Configure # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ - --owner openssl --group openssl \ + --owner openssl:0 --group openssl:0 \ --transform 's|^|openssl-$(VERSION)/|' \ -cvf - From levitte at openssl.org Fri Jul 10 18:32:18 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 18:32:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1436553138.448089.9385.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 916aaef14a520b1e055c8825e4520f0e972b018c (commit) from 00e651b8469e06c8c92ea06e346e1ed780417eda (commit) - Log ----------------------------------------------------------------- commit 916aaef14a520b1e055c8825e4520f0e972b018c Author: Richard Levitte Date: Fri Jul 10 18:29:17 2015 +0200 Set numeric IDs for tar as well Reviewed-by: Matt Caswell (cherry picked from commit da24e6f8a05ea657684094e04c1a54efa04c2962) ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index c8934e1..1e0897e 100644 --- a/Makefile.org +++ b/Makefile.org @@ -453,7 +453,7 @@ TABLE: Configure # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ - --owner openssl --group openssl \ + --owner openssl:0 --group openssl:0 \ --transform 's|^|openssl-$(VERSION)/|' \ -cvf - From levitte at openssl.org Fri Jul 10 18:32:21 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 10 Jul 2015 18:32:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1436553141.640102.9617.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 1ac4693c38bc39de8656470413d2cd53cf453de3 (commit) from 0ede4e2e46ec3e093b07c981fa88d3cb5bd3c54b (commit) - Log ----------------------------------------------------------------- commit 1ac4693c38bc39de8656470413d2cd53cf453de3 Author: Richard Levitte Date: Fri Jul 10 18:29:17 2015 +0200 Set numeric IDs for tar as well Reviewed-by: Matt Caswell (cherry picked from commit da24e6f8a05ea657684094e04c1a54efa04c2962) ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 2aad295..098d68a 100644 --- a/Makefile.org +++ b/Makefile.org @@ -586,7 +586,7 @@ update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h a # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ - --owner openssl --group openssl \ + --owner openssl:0 --group openssl:0 \ --transform 's|^|openssl-$(VERSION)/|' \ -cvf - From levitte at openssl.org Mon Jul 13 15:01:17 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 13 Jul 2015 15:01:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436799677.362877.17135.nullmailer@dev.openssl.org> The branch master has been updated via eeb97bce751296b2e04a92d00c0d0a792ba61834 (commit) from da24e6f8a05ea657684094e04c1a54efa04c2962 (commit) - Log ----------------------------------------------------------------- commit eeb97bce751296b2e04a92d00c0d0a792ba61834 Author: Richard Levitte Date: Mon Jul 13 15:48:57 2015 +0200 Remove extra '; \' in apps/Makefile Fixes GH#330 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/Makefile b/apps/Makefile index bf554ab..d0c5b8c 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -128,7 +128,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new From levitte at openssl.org Mon Jul 13 15:14:55 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 13 Jul 2015 15:14:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436800495.680605.24720.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8a1dbda755f7fa4dc3e9637b95ea2df04f0c7e4f (commit) from 0ed08a7a985e35e2a2b18da3b8d7dfed9f126a80 (commit) - Log ----------------------------------------------------------------- commit 8a1dbda755f7fa4dc3e9637b95ea2df04f0c7e4f Author: Richard Levitte Date: Mon Jul 13 15:48:57 2015 +0200 Remove extra '; \' in apps/Makefile Fixes GH#330 Reviewed-by: Rich Salz (cherry picked from commit eeb97bce751296b2e04a92d00c0d0a792ba61834) Conflicts: apps/Makefile ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/Makefile b/apps/Makefile index cafe554..8c3297e 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new From levitte at openssl.org Mon Jul 13 15:16:28 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 13 Jul 2015 15:16:28 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1436800588.542949.25483.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 1fb21ac4a9c45000de32b44463b3fbdff8e06bc6 (commit) from 916aaef14a520b1e055c8825e4520f0e972b018c (commit) - Log ----------------------------------------------------------------- commit 1fb21ac4a9c45000de32b44463b3fbdff8e06bc6 Author: Richard Levitte Date: Mon Jul 13 15:48:57 2015 +0200 Remove extra '; \' in apps/Makefile Fixes GH#330 Reviewed-by: Rich Salz (cherry picked from commit eeb97bce751296b2e04a92d00c0d0a792ba61834) Conflicts: apps/Makefile ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/Makefile b/apps/Makefile index 636f2eb..f94eccf 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new From levitte at openssl.org Mon Jul 13 15:16:37 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 13 Jul 2015 15:16:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436800597.769805.25786.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 2794dec7b21f4faf5095008d3dd9743f41cc19ad (commit) from 2035e2db681ae3b3b3502892bced0f54d1a2c8c0 (commit) - Log ----------------------------------------------------------------- commit 2794dec7b21f4faf5095008d3dd9743f41cc19ad Author: Richard Levitte Date: Mon Jul 13 15:48:57 2015 +0200 Remove extra '; \' in apps/Makefile Fixes GH#330 Reviewed-by: Rich Salz (cherry picked from commit eeb97bce751296b2e04a92d00c0d0a792ba61834) Conflicts: apps/Makefile ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/Makefile b/apps/Makefile index cafe554..8c3297e 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new From rsalz at openssl.org Mon Jul 13 18:57:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 13 Jul 2015 18:57:19 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436813839.739345.10806.nullmailer@dev.openssl.org> The branch master has been updated via 48f11fd3ec9f218c9c82bc65873fec707cbed0f6 (commit) from 24c7ddaa4783a7f9c27a591614bbf9786440b35f (commit) - Log ----------------------------------------------------------------- commit 48f11fd3ec9f218c9c82bc65873fec707cbed0f6 Author: Rich Salz Date: Mon Jul 13 14:56:58 2015 -0400 RT3941: state.sml is out of date ----------------------------------------------------------------------- Summary of changes: news/state.wml | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/news/state.wml b/news/state.wml index 59f6dd4..73b93ea 100644 --- a/news/state.wml +++ b/news/state.wml @@ -6,17 +6,25 @@
Project State
Here is a short summary of the current development and release state -of the OpenSSL project. +of the OpenSSL project as of July, 2015. +The latest releases can always be found at +https://www.openssl.org/source.
-
On 6 August 2014, we released OpenSSL -0.9.8zb, 1.0.0n and 1.0.1i with security fixes. -See the security advisory for details.
+
On July 9, we released version 1.0.2d. This is the most +recent security fixes for the current major release branch. +We also released version 1.0.1p which has the same fixes for +that branch. +
-
Next proposed FEATURE release: OpenSSL 1.0.2, currently in beta-test.
+
We declared 1.0.0 and 0.9.8 to be end of life, with +all updates ending at the end of 2015. +
-
Next proposed MAJOR release: OpenSSL 1.1.0, currently in development.
- The release date is yet to be set. -
+
Our next major release is 1.1.0. It is currently in development. +It is the master branch, available at +https://github.com/openssl/openssl (as are all other release branches). +
+
From levitte at openssl.org Mon Jul 13 23:10:41 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 13 Jul 2015 23:10:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436829041.536863.23097.nullmailer@dev.openssl.org> The branch master has been updated via 053fa39af62f5b3543ebec8592e4592965b18e26 (commit) via f608b4064d58ca4dfdfdfc921308b51cb96205e2 (commit) from eeb97bce751296b2e04a92d00c0d0a792ba61834 (commit) - Log ----------------------------------------------------------------- commit 053fa39af62f5b3543ebec8592e4592965b18e26 Author: Richard Levitte Date: Mon Jul 13 16:53:37 2015 +0200 Conversion to UTF-8 where needed This leaves behind files with names ending with '.iso-8859-1'. These should be safe to remove. If something went wrong when re-encoding, there will be some files with names ending with '.utf8' left behind. Reviewed-by: Rich Salz commit f608b4064d58ca4dfdfdfc921308b51cb96205e2 Author: Richard Levitte Date: Mon Jul 13 16:50:16 2015 +0200 Small script to re-encode files that need it to UTF-8 This requires 'iconv' and that 'file' can take the options '-b' and '-i'. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 172 ++++++++++++++++++------------------- crypto/aes/asm/aes-586.pl | 6 +- crypto/aes/asm/aes-c64xplus.pl | 12 +-- crypto/bn/asm/armv4-gf2m.pl | 10 +-- crypto/bn/asm/c64xplus-gf2m.pl | 12 +-- crypto/bn/asm/ia64.S | 2 +- crypto/bn/asm/s390x-gf2m.pl | 6 +- crypto/bn/asm/x86-gf2m.pl | 16 ++-- crypto/bn/asm/x86_64-gcc.c | 2 +- crypto/bn/asm/x86_64-gf2m.pl | 16 ++-- crypto/modes/asm/ghash-armv4.pl | 8 +- crypto/modes/asm/ghash-c64xplus.pl | 4 +- crypto/modes/asm/ghash-sparcv9.pl | 18 ++-- crypto/modes/asm/ghash-x86.pl | 2 +- crypto/modes/asm/ghash-x86_64.pl | 8 +- crypto/modes/asm/ghashp8-ppc.pl | 12 +-- crypto/modes/asm/ghashv8-armx.pl | 22 ++--- crypto/rc4/asm/rc4-586.pl | 2 +- crypto/rc4/asm/rc4-x86_64.pl | 2 +- crypto/sha/asm/sha1-586.pl | 4 +- crypto/sha/asm/sha256-586.pl | 2 +- crypto/sha/asm/sha512-586.pl | 2 +- crypto/sparccpuid.S | 2 +- crypto/whrlpool/asm/wp-mmx.pl | 2 +- crypto/x509v3/v3_pci.c | 2 +- crypto/x509v3/v3_pcia.c | 2 +- demos/easy_tls/README | 2 +- util/mkrc.pl | 2 +- util/toutf8.sh | 17 ++++ 29 files changed, 193 insertions(+), 176 deletions(-) create mode 100644 util/toutf8.sh diff --git a/CHANGES b/CHANGES index 4f0749d..a06b1e4 100644 --- a/CHANGES +++ b/CHANGES @@ -10,7 +10,7 @@ *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're not aware of clients that still exhibit this bug, and the workaround hasn't been working properly for a while. - [Emilia K?sper] + [Emilia K??sper] *) The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has @@ -401,7 +401,7 @@ This parameter will be set to 1 or 0 depending on the ciphersuite selected by the SSL/TLS server library, indicating whether it can provide forward security. - [Emilia K?sper (Google)] + [Emilia K??sper (Google)] *) New -verify_name option in command line utilities to set verification parameters by name. @@ -488,9 +488,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno B?ck. + independently by Hanno B??ck. (CVE-2015-1789) - [Emilia K?sper] + [Emilia K??sper] *) PKCS7 crash with missing EnvelopedContent @@ -504,7 +504,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia K?sper] + [Emilia K??sper] *) CMS verify infinite loop with unknown hash function @@ -623,7 +623,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia K?sper] + [Emilia K??sper] *) DoS via reachable assert in SSLv2 servers fix @@ -631,10 +631,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia K?sper + This issue was discovered by Sean Burford (Google) and Emilia K??sper (OpenSSL development team). (CVE-2015-0293) - [Emilia K?sper] + [Emilia K??sper] *) Empty CKE with client auth and DHE fix @@ -1139,12 +1139,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia K?sper] + [David Benjamin, Emilia K??sper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia K?sper] + [Emilia K??sper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -1155,7 +1155,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia K?sper] + [Emilia K??sper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -1235,10 +1235,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gr?bert (Google) for discovering and researching this + Thanks to Felix Gr??bert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia K?sper] + [Emilia K??sper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -1275,7 +1275,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietam?ki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietam??ki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -1287,7 +1287,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia K?sper, and Steve Henson] + [Emilia K??sper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -1317,15 +1317,15 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to J?ri Aedla for reporting this issue. (CVE-2014-0195) - [J?ri Aedla, Steve Henson] + Thanks to J??ri Aedla for reporting this issue. (CVE-2014-0195) + [J??ri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gr?bert and Ivan Fratric at Google for discovering + Thanks to Felix Gr??bert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gr?bert, Ivan Fratric, Steve Henson] + [Felix Gr??bert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. @@ -1404,9 +1404,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia K?sper for the initial patch. + Emilia K??sper for the initial patch. (CVE-2013-0169) - [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia K??sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -1581,7 +1581,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia K?sper, Adam Langley, Bodo Moeller (Google)] + [Emilia K??sper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1857,7 +1857,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia K?sper (Google)] + [Emilia K??sper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1871,7 +1871,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia K?sper (Google)] + [Emilia K??sper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -2680,7 +2680,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zolt?n Gl?zik , The OpenTSA Project] + [Zolt??n Gl??zik , The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -3848,7 +3848,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf M?ller] + [Geoff Thorpe, suggested by Ulf M??ller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3867,7 +3867,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf M?ller] + [Geoff Thorpe, Nils Larsch, Ulf M??ller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3934,7 +3934,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [G?tz Babin-Ebell via Richard Levitte] + [G??tz Babin-Ebell via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -4649,7 +4649,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf M?ller] + [Ulf M??ller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -4682,11 +4682,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf M?ller] + [Ulf M??ller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker via Lutz J?nicke, resolves #1014] + [Darren Tucker via Lutz J??nicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -5148,7 +5148,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [G?tz Babin-Ebell ] + [G??tz Babin-Ebell ] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer ] @@ -7253,7 +7253,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf M?ller, reported by Jim Ellis ] + [Ulf M??ller, reported by Jim Ellis ] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -7413,7 +7413,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Fix OAEP check. - [Ulf M?ller, Bodo M?ller] + [Ulf M??ller, Bodo M??ller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -7675,10 +7675,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf M?ller] + [Ulf M??ller] *) rand_win.c fix for Borland C. - [Ulf M?ller] + [Ulf M??ller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -7823,14 +7823,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo M?ller] + [Bodo M??ller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf M?ller] + [Ulf M??ller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -7848,7 +7848,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf M?ller] + [Ulf M??ller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -8114,7 +8114,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf M?ller] + [Ulf M??ller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -8334,7 +8334,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf M?ller] + [Ulf M??ller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -8366,7 +8366,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf M?ller] + [Ulf M??ller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -8455,7 +8455,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf M?ller, using the problem description in krb4-0.9.7, where + [Ulf M??ller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear ] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -8556,7 +8556,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Rolf Haberrecker ] *) Assembler module support for Mingw32. - [Ulf M?ller] + [Ulf M??ller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke and Anonymous] @@ -8575,7 +8575,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf M?ller] + [Ulf M??ller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -8605,14 +8605,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf M?ller, using public domain code by Patrick Powell; problem + [Ulf M??ller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote ] *) Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf M?ller] + [Ulf M??ller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -8645,7 +8645,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k #define OPENSSL_ALGORITHM_DEFINES #include defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo M?ller] + [Richard Levitte, Ulf and Bodo M??ller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -8696,17 +8696,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf M?ller] + [Ulf M??ller] *) More tests in bntest.c, and changed test_bn output. - [Ulf M?ller] + [Ulf M??ller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf M?ller] + [Ulf M??ller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -8714,11 +8714,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf M?ller] + [Ulf M??ller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf M?ller] + [Ulf M??ller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -8742,7 +8742,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf M?ller] + [Ulf M??ller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -8787,13 +8787,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf M?ller] + [Ulf M??ller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf M?ller] + [Ulf M??ller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -8803,25 +8803,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf M?ller, Bodo M?ller] + [Ulf M??ller, Bodo M??ller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf M?ller] + [Ulf M??ller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf M?ller] + [Ulf M??ller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf M?ller] + [Ulf M??ller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8877,7 +8877,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway , modified by Ulf M?ller] + [Kris Kennaway , modified by Ulf M??ller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8886,7 +8886,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf M?ller] + [Ulf M??ller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8916,7 +8916,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf M?ller] + [Ulf M??ller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -9750,7 +9750,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf M?ller] + [Ulf M??ller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -9839,7 +9839,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k worked. *) Fix problems with no-hmac etc. - [Ulf M?ller, pointed out by Brian Wellington ] + [Ulf M??ller, pointed out by Brian Wellington ] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9956,7 +9956,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) DES library cleanups. - [Ulf M?ller] + [Ulf M??ller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9999,7 +9999,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Christian Forster ] *) config now generates no-xxx options for missing ciphers. - [Ulf M?ller] + [Ulf M??ller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -10112,7 +10112,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf M?ller] + [Ulf M??ller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -10169,10 +10169,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere , modified by Ulf M?ller] + [Janez Jere , modified by Ulf M??ller] *) Support Mingw32. - [Ulf M?ller] + [Ulf M??ller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov ] @@ -10181,7 +10181,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf M?ller] + [Ulf M??ller] *) Update HPUX configuration. [Anonymous] @@ -10214,7 +10214,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf M?ller] + [Ulf M??ller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -10237,21 +10237,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Niels Poppe ] *) New Configure option no- (rsa, idea, rc5, ...). - [Ulf M?ller] + [Ulf M??ller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf M?ller] + [Ulf M??ller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf M?ller] + [Ulf M??ller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -10280,7 +10280,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf M?ller] + [Ulf M??ller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -10298,13 +10298,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Change functions to ANSI C. - [Ulf M?ller] + [Ulf M??ller] *) Fix typos in error codes. - [Martin Kraemer , Ulf M?ller] + [Martin Kraemer , Ulf M??ller] *) Remove defunct assembler files from Configure. - [Ulf M?ller] + [Ulf M??ller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov ] @@ -10341,7 +10341,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New Configure option "rsaref". - [Ulf M?ller] + [Ulf M??ller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -10389,7 +10389,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf M?ller] + [Ulf M??ller] *) Tweaks to Configure [Niels Poppe ] @@ -10399,11 +10399,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf M?ller] + [Ulf M??ller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf M?ller] + [Ulf M??ller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10942,7 +10942,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Hagino ] *) File was opened incorrectly in randfile.c. - [Ulf M?ller ] + [Ulf M??ller ] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10952,7 +10952,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf M?ller ] + [Ulf M??ller ] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous ] @@ -11099,7 +11099,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf M?ller ] + [Ben Laurie - pointed out by Ulf M??ller ] *) Autodetect FreeBSD3. [Ben Laurie] diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl index 1c1e23e..767f204 100755 --- a/crypto/aes/asm/aes-586.pl +++ b/crypto/aes/asm/aes-586.pl @@ -45,7 +45,7 @@ # the undertaken effort was that it appeared that in tight IA-32 # register window little-endian flavor could achieve slightly higher # Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent ?-archs... +# better performance on most recent ??-archs... # # Third version adds AES_cbc_encrypt implementation, which resulted in # up to 40% performance imrovement of CBC benchmark results. 40% was @@ -224,7 +224,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } $speed_limit=512; # chunks smaller than $speed_limit are # processed with compact routine in CBC mode $small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent ?-archs], but ~5 times smaller! + # recent ??-archs], but ~5 times smaller! # I favor compact code to minimize cache # contention and in hope to "collect" 5% back # in real-life applications... @@ -565,7 +565,7 @@ sub enctransform() # Performance is not actually extraordinary in comparison to pure # x86 code. In particular encrypt performance is virtually the same. # Decrypt performance on the other hand is 15-20% better on newer -# ?-archs [but we're thankful for *any* improvement here], and ~50% +# ??-archs [but we're thankful for *any* improvement here], and ~50% # better on PIII:-) And additionally on the pros side this code # eliminates redundant references to stack and thus relieves/ # minimizes the pressure on the memory bus. diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl index 24b2ba4..5bbc2ac 100644 --- a/crypto/aes/asm/aes-c64xplus.pl +++ b/crypto/aes/asm/aes-c64xplus.pl @@ -891,7 +891,7 @@ ret?: ; B0 holds rounds or zero MVC B0,ILC || SUB B0,1,B0 - GMPY4 $K[0],A24,$Kx9[0] ; ?0x09 + GMPY4 $K[0],A24,$Kx9[0] ; ??0x09 || GMPY4 $K[1],A24,$Kx9[1] || MVK 0x00000D0D,A25 || MVK 0x00000E0E,B25 @@ -900,14 +900,14 @@ ret?: ; B0 holds rounds or zero || MVKH 0x0D0D0000,A25 || MVKH 0x0E0E0000,B25 - GMPY4 $K[0],B24,$KxB[0] ; ?0x0B + GMPY4 $K[0],B24,$KxB[0] ; ??0x0B || GMPY4 $K[1],B24,$KxB[1] GMPY4 $K[2],B24,$KxB[2] || GMPY4 $K[3],B24,$KxB[3] SPLOOP 11 ; InvMixColumns ;;==================================================================== - GMPY4 $K[0],A25,$KxD[0] ; ?0x0D + GMPY4 $K[0],A25,$KxD[0] ; ??0x0D || GMPY4 $K[1],A25,$KxD[1] || SWAP2 $Kx9[0],$Kx9[0] ; rotate by 16 || SWAP2 $Kx9[1],$Kx9[1] @@ -924,7 +924,7 @@ ret?: ; B0 holds rounds or zero || [B0] LDW *${KPA}[6],$K[2] || [B0] LDW *${KPB}[7],$K[3] - GMPY4 $s[0],B25,$KxE[0] ; ?0x0E + GMPY4 $s[0],B25,$KxE[0] ; ??0x0E || GMPY4 $s[1],B25,$KxE[1] || XOR $Kx9[0],$KxB[0],$KxB[0] || XOR $Kx9[1],$KxB[1],$KxB[1] @@ -944,7 +944,7 @@ ret?: ; B0 holds rounds or zero XOR $KxE[0],$KxD[0],$KxE[0] || XOR $KxE[1],$KxD[1],$KxE[1] -|| [B0] GMPY4 $K[0],A24,$Kx9[0] ; ?0x09 +|| [B0] GMPY4 $K[0],A24,$Kx9[0] ; ??0x09 || [B0] GMPY4 $K[1],A24,$Kx9[1] || ADDAW $KPA,4,$KPA XOR $KxE[2],$KxD[2],$KxE[2] @@ -955,7 +955,7 @@ ret?: ; B0 holds rounds or zero XOR $KxB[0],$KxE[0],$KxE[0] || XOR $KxB[1],$KxE[1],$KxE[1] -|| [B0] GMPY4 $K[0],B24,$KxB[0] ; ?0x0B +|| [B0] GMPY4 $K[0],B24,$KxB[0] ; ??0x0B || [B0] GMPY4 $K[1],B24,$KxB[1] XOR $KxB[2],$KxE[2],$KxE[2] || XOR $KxB[3],$KxE[3],$KxE[3] diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index f05461a..a0b018c 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -27,7 +27,7 @@ # referred below, which improves ECDH and ECDSA verify benchmarks # by 18-40%. # -# C?mara, D.; Gouv?a, C. P. L.; L?pez, J. & Dahab, R.: Fast Software +# C??mara, D.; Gouv??a, C. P. L.; L??pez, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf @@ -148,7 +148,7 @@ ___ ################ # void bn_GF2m_mul_2x2(BN_ULONG *r, # BN_ULONG a1,BN_ULONG a0, -# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0?b1b0 +# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0??b1b0 { $code.=<<___; .global bn_GF2m_mul_2x2 @@ -171,7 +171,7 @@ $code.=<<___; mov $mask,#7<<2 sub sp,sp,#32 @ allocate tab[8] - bl mul_1x1_ialu @ a1?b1 + bl mul_1x1_ialu @ a1??b1 str $lo,[$ret,#8] str $hi,[$ret,#12] @@ -181,13 +181,13 @@ $code.=<<___; eor r2,r2,$a eor $b,$b,r3 eor $a,$a,r2 - bl mul_1x1_ialu @ a0?b0 + bl mul_1x1_ialu @ a0??b0 str $lo,[$ret] str $hi,[$ret,#4] eor $a,$a,r2 eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)?(b1+b0) + bl mul_1x1_ialu @ (a1+a0)??(b1+b0) ___ @r=map("r$_",(6..9)); $code.=<<___; diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl index e4aa4e4..c79f46f 100644 --- a/crypto/bn/asm/c64xplus-gf2m.pl +++ b/crypto/bn/asm/c64xplus-gf2m.pl @@ -120,26 +120,26 @@ _bn_GF2m_mul_2x2: .asmfunc MVK 0xFF,$xFF ___ - &mul_1x1_upper($a0,$b0); # a0?b0 + &mul_1x1_upper($a0,$b0); # a0??b0 $code.=<<___; || MV $b1,$B MV $a1,$A ___ - &mul_1x1_merged("A28","B28",$A,$B); # a0?b0/a1?b1 + &mul_1x1_merged("A28","B28",$A,$B); # a0??b0/a1??b1 $code.=<<___; || XOR $b0,$b1,$B XOR $a0,$a1,$A ___ - &mul_1x1_merged("A31","B31",$A,$B); # a1?b1/(a0+a1)?(b0+b1) + &mul_1x1_merged("A31","B31",$A,$B); # a1??b1/(a0+a1)??(b0+b1) $code.=<<___; XOR A28,A31,A29 -|| XOR B28,B31,B29 ; a0?b0+a1?b1 +|| XOR B28,B31,B29 ; a0??b0+a1??b1 ___ - &mul_1x1_lower("A30","B30"); # (a0+a1)?(b0+b1) + &mul_1x1_lower("A30","B30"); # (a0+a1)??(b0+b1) $code.=<<___; || BNOP B3 XOR A29,A30,A30 -|| XOR B29,B30,B30 ; (a0+a1)?(b0+b1)-a0?b0-a1?b1 +|| XOR B29,B30,B30 ; (a0+a1)??(b0+b1)-a0??b0-a1??b1 XOR B28,A30,A30 || STW A28,*${rp}[0] XOR B30,A31,A31 diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S index 951abc5..c0cee82 100644 --- a/crypto/bn/asm/ia64.S +++ b/crypto/bn/asm/ia64.S @@ -568,7 +568,7 @@ bn_sqr_comba8: // I've estimated this routine to run in ~120 ticks, but in reality // (i.e. according to ar.itc) it takes ~160 ticks. Are those extra // cycles consumed for instructions fetch? Or did I misinterpret some -// clause in Itanium ?-architecture manual? Comments are welcomed and +// clause in Itanium ??-architecture manual? Comments are welcomed and // highly appreciated. // // On Itanium 2 it takes ~190 ticks. This is because of stalls on diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl index cd9f13e..9d18d40 100644 --- a/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/bn/asm/s390x-gf2m.pl @@ -172,19 +172,19 @@ ___ if ($SIZE_T==8) { my @r=map("%r$_",(6..9)); $code.=<<___; - bras $ra,_mul_1x1 # a1?b1 + bras $ra,_mul_1x1 # a1??b1 stmg $lo,$hi,16($rp) lg $a,`$stdframe+128+4*$SIZE_T`($sp) lg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # a0?b0 + bras $ra,_mul_1x1 # a0??b0 stmg $lo,$hi,0($rp) lg $a,`$stdframe+128+3*$SIZE_T`($sp) lg $b,`$stdframe+128+5*$SIZE_T`($sp) xg $a,`$stdframe+128+4*$SIZE_T`($sp) xg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # (a0+a1)?(b0+b1) + bras $ra,_mul_1x1 # (a0+a1)??(b0+b1) lmg @r[0], at r[3],0($rp) xgr $lo,$hi diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl index 808a1e5..b579530 100644 --- a/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/bn/asm/x86-gf2m.pl @@ -14,7 +14,7 @@ # the time being... Except that it has three code paths: pure integer # code suitable for any x86 CPU, MMX code suitable for PIII and later # and PCLMULQDQ suitable for Westmere and later. Improvement varies -# from one benchmark and ?-arch to another. Below are interval values +# from one benchmark and ??-arch to another. Below are interval values # for 163- and 571-bit ECDH benchmarks relative to compiler-generated # code: # @@ -226,22 +226,22 @@ if ($sse2) { &push ("edi"); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_mmx"); # a1?b1 + &call ("_mul_1x1_mmx"); # a1??b1 &movq ("mm7",$R); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # a0?b0 + &call ("_mul_1x1_mmx"); # a0??b0 &movq ("mm6",$R); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # (a0+a1)?(b0+b1) + &call ("_mul_1x1_mmx"); # (a0+a1)??(b0+b1) &pxor ($R,"mm7"); &mov ($a,&wparam(0)); - &pxor ($R,"mm6"); # (a0+a1)?(b0+b1)-a1?b1-a0?b0 + &pxor ($R,"mm6"); # (a0+a1)??(b0+b1)-a1??b1-a0??b0 &movq ($A,$R); &psllq ($R,32); @@ -266,13 +266,13 @@ if ($sse2) { &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_ialu"); # a1?b1 + &call ("_mul_1x1_ialu"); # a1??b1 &mov (&DWP(8,"esp"),$lo); &mov (&DWP(12,"esp"),$hi); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # a0?b0 + &call ("_mul_1x1_ialu"); # a0??b0 &mov (&DWP(0,"esp"),$lo); &mov (&DWP(4,"esp"),$hi); @@ -280,7 +280,7 @@ if ($sse2) { &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # (a0+a1)?(b0+b1) + &call ("_mul_1x1_ialu"); # (a0+a1)??(b0+b1) &mov ("ebp",&wparam(0)); @r=("ebx","ecx","edi","esi"); diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index d548886..d77dc43 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -65,7 +65,7 @@ # undef mul_add /*- - * "m"(a), "+m"(r) is the way to favor DirectPath ?-code; + * "m"(a), "+m"(r) is the way to favor DirectPath ??-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; */ diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl index 226c66c..42bbec2 100644 --- a/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/bn/asm/x86_64-gf2m.pl @@ -13,7 +13,7 @@ # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for # the time being... Except that it has two code paths: code suitable # for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and -# later. Improvement varies from one benchmark and ?-arch to another. +# later. Improvement varies from one benchmark and ??-arch to another. # Vanilla code path is at most 20% faster than compiler-generated code # [not very impressive], while PCLMULQDQ - whole 85%-160% better on # 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that @@ -184,13 +184,13 @@ ___ $code.=<<___; movdqa %xmm0,%xmm4 movdqa %xmm1,%xmm5 - pclmulqdq \$0,%xmm1,%xmm0 # a1?b1 + pclmulqdq \$0,%xmm1,%xmm0 # a1??b1 pxor %xmm2,%xmm4 pxor %xmm3,%xmm5 - pclmulqdq \$0,%xmm3,%xmm2 # a0?b0 - pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)?(b0+b1) + pclmulqdq \$0,%xmm3,%xmm2 # a0??b0 + pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)??(b0+b1) xorps %xmm0,%xmm4 - xorps %xmm2,%xmm4 # (a0+a1)?(b0+b1)-a0?b0-a1?b1 + xorps %xmm2,%xmm4 # (a0+a1)??(b0+b1)-a0??b0-a1??b1 movdqa %xmm4,%xmm5 pslldq \$8,%xmm4 psrldq \$8,%xmm5 @@ -225,13 +225,13 @@ $code.=<<___; mov \$0xf,$mask mov $a1,$a mov $b1,$b - call _mul_1x1 # a1?b1 + call _mul_1x1 # a1??b1 mov $lo,16(%rsp) mov $hi,24(%rsp) mov 48(%rsp),$a mov 64(%rsp),$b - call _mul_1x1 # a0?b0 + call _mul_1x1 # a0??b0 mov $lo,0(%rsp) mov $hi,8(%rsp) @@ -239,7 +239,7 @@ $code.=<<___; mov 56(%rsp),$b xor 48(%rsp),$a xor 64(%rsp),$b - call _mul_1x1 # (a0+a1)?(b0+b1) + call _mul_1x1 # (a0+a1)??(b0+b1) ___ @r=("%rbx","%rcx","%rdi","%rsi"); $code.=<<___; diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 7311ad2..2d225cf 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -45,7 +45,7 @@ # processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63, # Snapdragon S4 - in 9.33. # -# C?mara, D.; Gouv?a, C. P. L.; L?pez, J. & Dahab, R.: Fast Software +# C??mara, D.; Gouv??a, C. P. L.; L??pez, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf @@ -449,12 +449,12 @@ gcm_ghash_neon: veor $IN,$Xl @ inp^=Xi .Lgmult_neon: ___ - &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo?Xi.lo + &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo??Xi.lo $code.=<<___; veor $IN#lo,$IN#lo,$IN#hi @ Karatsuba pre-processing ___ - &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)?(Xi.lo+Xi.hi) - &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi?Xi.hi + &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)??(Xi.lo+Xi.hi) + &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi??Xi.hi $code.=<<___; veor $Xm,$Xm,$Xl @ Karatsuba post-processing veor $Xm,$Xm,$Xh diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl index a465b42..93f6985 100644 --- a/crypto/modes/asm/ghash-c64xplus.pl +++ b/crypto/modes/asm/ghash-c64xplus.pl @@ -153,7 +153,7 @@ ___ # 8/2 S1 L1x S2 | .... #####... ................|............ $code.=<<___; - XORMPY $H0,$xia,$H0x ; 0 ; H?(Xi[i]<<1) + XORMPY $H0,$xia,$H0x ; 0 ; H??(Xi[i]<<1) || XORMPY $H01u,$xib,$H01y || [A0] LDBU *--${xip},$x0 XORMPY $H1,$xia,$H1x ; 1 @@ -162,7 +162,7 @@ $code.=<<___; XORMPY $H3,$xia,$H3x ; 3 || XORMPY $H3u,$xib,$H3y ||[!A0] MVK.D 15,A0 ; *--${xip} counter - XOR.L $H0x,$Z0,$Z0 ; 4 ; Z^=H?(Xi[i]<<1) + XOR.L $H0x,$Z0,$Z0 ; 4 ; Z^=H??(Xi[i]<<1) || [A0] SUB.S A0,1,A0 XOR.L $H1x,$Z1,$Z1 ; 5 || AND.D $H01y,$FF000000,$H0z diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl index c1074ed..e928c42 100644 --- a/crypto/modes/asm/ghash-sparcv9.pl +++ b/crypto/modes/asm/ghash-sparcv9.pl @@ -379,7 +379,7 @@ gcm_init_vis3: or $V,%lo(0xA0406080),$V or %l0,%lo(0x20C0E000),%l0 sllx $V,32,$V - or %l0,$V,$V ! (0xE0?i)&0xff=0xA040608020C0E000 + or %l0,$V,$V ! (0xE0??i)&0xff=0xA040608020C0E000 stx $V,[%i0+16] ret @@ -399,7 +399,7 @@ gcm_gmult_vis3: mov 0xE1,%l7 sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0?i)&0xff=0xA040608020C0E000 + ldx [$Htable+16],$V ! (0xE0??i)&0xff=0xA040608020C0E000 xor $Hhi,$Hlo,$Hhl ! Karatsuba pre-processing xmulx $Xlo,$Hlo,$C0 @@ -411,9 +411,9 @@ gcm_gmult_vis3: xmulx $Xhi,$Hhi,$Xhi sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ?0xE0 [implicit &(7<<3)] + srlx $V,$sqr,$sqr ! ??0xE0 [implicit &(7<<3)] xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0?0xE1)<<1<<56 [implicit &0x7f] + sllx $sqr,57,$sqr ! ($C0??0xE1)<<1<<56 [implicit &0x7f] xor $C0,$C1,$C1 ! Karatsuba post-processing xor $Xlo,$C2,$C2 @@ -423,7 +423,7 @@ gcm_gmult_vis3: xor $Xhi,$C2,$C2 xor $Xhi,$C1,$C1 - xmulxhi $C0,$xE1,$Xlo ! ?0xE1<<1<<56 + xmulxhi $C0,$xE1,$Xlo ! ??0xE1<<1<<56 xor $C0,$C2,$C2 xmulx $C1,$xE1,$C0 xor $C1,$C3,$C3 @@ -453,7 +453,7 @@ gcm_ghash_vis3: mov 0xE1,%l7 sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0?i)&0xff=0xA040608020C0E000 + ldx [$Htable+16],$V ! (0xE0??i)&0xff=0xA040608020C0E000 and $inp,7,$shl andn $inp,7,$inp @@ -490,9 +490,9 @@ gcm_ghash_vis3: xmulx $Xhi,$Hhi,$Xhi sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ?0xE0 [implicit &(7<<3)] + srlx $V,$sqr,$sqr ! ??0xE0 [implicit &(7<<3)] xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0?0xE1)<<1<<56 [implicit &0x7f] + sllx $sqr,57,$sqr ! ($C0??0xE1)<<1<<56 [implicit &0x7f] xor $C0,$C1,$C1 ! Karatsuba post-processing xor $Xlo,$C2,$C2 @@ -502,7 +502,7 @@ gcm_ghash_vis3: xor $Xhi,$C2,$C2 xor $Xhi,$C1,$C1 - xmulxhi $C0,$xE1,$Xlo ! ?0xE1<<1<<56 + xmulxhi $C0,$xE1,$Xlo ! ??0xE1<<1<<56 xor $C0,$C2,$C2 xmulx $C1,$xE1,$C0 xor $C1,$C3,$C3 diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl index 23a5527..0269169 100644 --- a/crypto/modes/asm/ghash-x86.pl +++ b/crypto/modes/asm/ghash-x86.pl @@ -358,7 +358,7 @@ $S=12; # shift factor for rem_4bit # effective address calculation and finally merge of value to Z.hi. # Reference to rem_4bit is scheduled so late that I had to >>4 # rem_4bit elements. This resulted in 20-45% procent improvement -# on contemporary ?-archs. +# on contemporary ??-archs. { my $cnt; my $rem_4bit = "eax"; diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index 6e656ca..5a7ce39 100644 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -576,15 +576,15 @@ $code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0)); # experimental alternative. special thing about is that there # no dependency between the two multiplications... mov \$`0xE1<<1`,%eax - mov \$0xA040608020C0E000,%r10 # ((7..0)?0xE0)&0xff + mov \$0xA040608020C0E000,%r10 # ((7..0)??0xE0)&0xff mov \$0x07,%r11d movq %rax,$T1 movq %r10,$T2 movq %r11,$T3 # borrow $T3 pand $Xi,$T3 - pshufb $T3,$T2 # ($Xi&7)?0xE0 + pshufb $T3,$T2 # ($Xi&7)??0xE0 movq %rax,$T3 - pclmulqdq \$0x00,$Xi,$T1 # ?(0xE1<<1) + pclmulqdq \$0x00,$Xi,$T1 # ??(0xE1<<1) pxor $Xi,$T2 pslldq \$15,$T2 paddd $T2,$T2 # <<(64+56+1) @@ -657,7 +657,7 @@ $code.=<<___; je .Lskip4x sub \$0x30,$len - mov \$0xA040608020C0E000,%rax # ((7..0)?0xE0)&0xff + mov \$0xA040608020C0E000,%rax # ((7..0)??0xE0)&0xff movdqu 0x30($Htbl),$Hkey3 movdqu 0x40($Htbl),$Hkey4 diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index e76a58c..71457cf 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -118,9 +118,9 @@ $code=<<___; le?vperm $IN,$IN,$IN,$lemask vxor $zero,$zero,$zero - vpmsumd $Xl,$IN,$Hl # H.lo?Xi.lo - vpmsumd $Xm,$IN,$H # H.hi?Xi.lo+H.lo?Xi.hi - vpmsumd $Xh,$IN,$Hh # H.hi?Xi.hi + vpmsumd $Xl,$IN,$Hl # H.lo??Xi.lo + vpmsumd $Xm,$IN,$H # H.hi??Xi.lo+H.lo??Xi.hi + vpmsumd $Xh,$IN,$Hh # H.hi??Xi.hi vpmsumd $t2,$Xl,$xC2 # 1st phase @@ -178,11 +178,11 @@ $code=<<___; .align 5 Loop: subic $len,$len,16 - vpmsumd $Xl,$IN,$Hl # H.lo?Xi.lo + vpmsumd $Xl,$IN,$Hl # H.lo??Xi.lo subfe. r0,r0,r0 # borrow?-1:0 - vpmsumd $Xm,$IN,$H # H.hi?Xi.lo+H.lo?Xi.hi + vpmsumd $Xm,$IN,$H # H.hi??Xi.lo+H.lo??Xi.hi and r0,r0,$len - vpmsumd $Xh,$IN,$Hh # H.hi?Xi.hi + vpmsumd $Xh,$IN,$Hh # H.hi??Xi.hi add $inp,$inp,r0 vpmsumd $t2,$Xl,$xC2 # 1st phase diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 3750d25..fe3a34d 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -144,10 +144,10 @@ gcm_gmult_v8: #endif vext.8 $IN,$t1,$t1,#8 - vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo??Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi??Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)??(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh @@ -235,7 +235,7 @@ $code.=<<___; #endif vext.8 $In,$t1,$t1,#8 veor $IN,$IN,$Xl @ I[i]^=Xi - vpmull.p64 $Xln,$H,$In @ H?Ii+1 + vpmull.p64 $Xln,$H,$In @ H??Ii+1 veor $t1,$t1,$In @ Karatsuba pre-processing vpmull2.p64 $Xhn,$H,$In b .Loop_mod2x_v8 @@ -244,14 +244,14 @@ $code.=<<___; .Loop_mod2x_v8: vext.8 $t2,$IN,$IN,#8 subs $len,$len,#32 @ is there more data? - vpmull.p64 $Xl,$H2,$IN @ H^2.lo?Xi.lo + vpmull.p64 $Xl,$H2,$IN @ H^2.lo??Xi.lo cclr $inc,lo @ is it time to zero $inc? vpmull.p64 $Xmn,$Hhl,$t1 veor $t2,$t2,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H2,$IN @ H^2.hi?Xi.hi + vpmull2.p64 $Xh,$H2,$IN @ H^2.hi??Xi.hi veor $Xl,$Xl,$Xln @ accumulate - vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)?(Xi.lo+Xi.hi) + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)??(Xi.lo+Xi.hi) vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i+2] veor $Xh,$Xh,$Xhn @@ -276,7 +276,7 @@ $code.=<<___; vext.8 $In,$t1,$t1,#8 vext.8 $IN,$t0,$t0,#8 veor $Xl,$Xm,$t2 - vpmull.p64 $Xln,$H,$In @ H?Ii+1 + vpmull.p64 $Xln,$H,$In @ H??Ii+1 veor $IN,$IN,$Xh @ accumulate $IN early vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction @@ -300,10 +300,10 @@ $code.=<<___; veor $IN,$IN,$Xl @ inp^=Xi veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi - vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo??Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi??Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)??(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl index f906e09..d04e177 100644 --- a/crypto/rc4/asm/rc4-586.pl +++ b/crypto/rc4/asm/rc4-586.pl @@ -44,7 +44,7 @@ # Sandy Bridge 5.0/+8% # Atom 12.6/+6% # VIA Nano 6.4/+9% -# Ivy Bridge 4.9/?0% +# Ivy Bridge 4.9/??0% # Bulldozer 4.9/+15% # # (*) PIII can actually deliver 6.6 cycles per byte with MMX code, diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index fa22763..4675106 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -56,7 +56,7 @@ # achieves respectful 432MBps on 2.8GHz processor now. For reference. # If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than # RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU ?-arch detection +# slower than the RC4_INT one [meaning that if CPU ??-arch detection # is not implemented, then this final RC4_CHAR code-path should be # preferred, as it provides better *all-round* performance]. diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 4895eb3..e0b5d83 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -66,9 +66,9 @@ # switch to AVX alone improves performance by as little as 4% in # comparison to SSSE3 code path. But below result doesn't look like # 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as -# pair of ?-ops, and it's the additional ?-ops, two per round, that +# pair of ??-ops, and it's the additional ??-ops, two per round, that # make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded -# as single ?-op by Sandy Bridge and it's replacing 'ro[rl]' with +# as single ??-op by Sandy Bridge and it's replacing 'ro[rl]' with # equivalent 'sh[rl]d' that is responsible for the impressive 5.1 # cycles per processed byte. But 'sh[rl]d' is not something that used # to be fast, nor does it appear to be fast in upcoming Bulldozer diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index 6462e45..e907714 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -10,7 +10,7 @@ # SHA256 block transform for x86. September 2007. # # Performance improvement over compiler generated code varies from -# 10% to 40% [see below]. Not very impressive on some ?-archs, but +# 10% to 40% [see below]. Not very impressive on some ??-archs, but # it's 5 times smaller and optimizies amount of writes. # # May 2012. diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl index e96ec00..2f6a202 100644 --- a/crypto/sha/asm/sha512-586.pl +++ b/crypto/sha/asm/sha512-586.pl @@ -37,7 +37,7 @@ # # IALU code-path is optimized for elder Pentiums. On vanilla Pentium # performance improvement over compiler generated code reaches ~60%, -# while on PIII - ~35%. On newer ?-archs improvement varies from 15% +# while on PIII - ~35%. On newer ??-archs improvement varies from 15% # to 50%, but it's less important as they are expected to execute SSE2 # code-path, which is commonly ~2-3x faster [than compiler generated # code]. SSE2 code-path is as fast as original sha512-sse2.pl, even diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S index 9b6744f..72c7adf 100644 --- a/crypto/sparccpuid.S +++ b/crypto/sparccpuid.S @@ -127,7 +127,7 @@ OPENSSL_wipe_cpu: fmovs %f1,%f3 fmovs %f0,%f2 - add %fp,BIAS,%i0 ! return pointer to caller?s top of stack + add %fp,BIAS,%i0 ! return pointer to caller??s top of stack ret restore diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl index c584e5b..7725951 100644 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/whrlpool/asm/wp-mmx.pl @@ -16,7 +16,7 @@ # table]. I stick to value of 2 for two reasons: 1. smaller table # minimizes cache trashing and thus mitigates the hazard of side- # channel leakage similar to AES cache-timing one; 2. performance -# gap among different ?-archs is smaller. +# gap among different ??-archs is smaller. # # Performance table lists rounded amounts of CPU cycles spent by # whirlpool_block_mmx routine on single 64 byte input block, i.e. diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index c39acd7..ef105dc 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard at levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska H?gskolan +/* Copyright (c) 2004 Kungliga Tekniska H??gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c index 350b398..43fd362 100644 --- a/crypto/x509v3/v3_pcia.c +++ b/crypto/x509v3/v3_pcia.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard at levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska H?gskolan +/* Copyright (c) 2004 Kungliga Tekniska H??gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/demos/easy_tls/README b/demos/easy_tls/README index 816a580..ee89dfb 100644 --- a/demos/easy_tls/README +++ b/demos/easy_tls/README @@ -62,4 +62,4 @@ As noted above, easy_tls.c will be changed to become a library one day, which means that future revisions will not be fully compatible to the current version. -Bodo M?ller +Bodo M??ller diff --git a/util/mkrc.pl b/util/mkrc.pl index 0ceadcf..83ee6a4 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -57,7 +57,7 @@ BEGIN VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright ? 1998-2006 The OpenSSL Project. Copyright ? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright ?? 1998-2006 The OpenSSL Project. Copyright ?? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" diff --git a/util/toutf8.sh b/util/toutf8.sh new file mode 100644 index 0000000..8a4254b --- /dev/null +++ b/util/toutf8.sh @@ -0,0 +1,17 @@ +#! /bin/sh +# +# Very simple script to detect and convert files that we want to re-encode to UTF8 + +git ls-tree -r --name-only HEAD | \ + while read F; do + charset=`file -bi "$F" | sed -e 's|.*charset=||'` + if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then + iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \ + ( cmp -s "$F" "$F.utf8" || \ + ( echo "$F" + mv "$F" "$F.iso-8859-1" + mv "$F.utf8" "$F" + ) + ) + fi + done From levitte at openssl.org Mon Jul 13 23:19:11 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 13 Jul 2015 23:19:11 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436829551.119077.639.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 9f0b86c68bb96d49301bbd6473c8235ca05ca06b (commit) via 5a3ce86e21715a683ff0d32421ed5c6d5e84234d (commit) from 8a1dbda755f7fa4dc3e9637b95ea2df04f0c7e4f (commit) - Log ----------------------------------------------------------------- commit 9f0b86c68bb96d49301bbd6473c8235ca05ca06b Author: Richard Levitte Date: Tue Jul 14 01:15:49 2015 +0200 Conversion to UTF-8 where needed This leaves behind files with names ending with '.iso-8859-1'. These should be safe to remove. If something went wrong when re-encoding, there will be some files with names ending with '.utf8' left behind. Reviewed-by: Rich Salz commit 5a3ce86e21715a683ff0d32421ed5c6d5e84234d Author: Richard Levitte Date: Mon Jul 13 16:50:16 2015 +0200 Small script to re-encode files that need it to UTF-8 This requires 'iconv' and that 'file' can take the options '-b' and '-i'. Reviewed-by: Rich Salz (cherry picked from commit f608b4064d58ca4dfdfdfc921308b51cb96205e2) ----------------------------------------------------------------------- Summary of changes: CHANGES | 168 +++++++++++++++++++------------------- crypto/aes/asm/aes-586.pl | 6 +- crypto/bn/asm/armv4-gf2m.pl | 10 +-- crypto/bn/asm/ia64.S | 2 +- crypto/bn/asm/s390x-gf2m.pl | 6 +- crypto/bn/asm/x86-gf2m.pl | 16 ++-- crypto/bn/asm/x86_64-gcc.c | 2 +- crypto/bn/asm/x86_64-gf2m.pl | 16 ++-- crypto/modes/asm/ghash-armv4.pl | 8 +- crypto/modes/asm/ghash-sparcv9.pl | 18 ++-- crypto/modes/asm/ghash-x86.pl | 2 +- crypto/modes/asm/ghash-x86_64.pl | 8 +- crypto/modes/asm/ghashp8-ppc.pl | 12 +-- crypto/modes/asm/ghashv8-armx.pl | 22 ++--- crypto/rc4/asm/rc4-x86_64.pl | 2 +- crypto/sha/asm/sha1-586.pl | 4 +- crypto/sha/asm/sha256-586.pl | 2 +- crypto/sha/asm/sha512-586.pl | 2 +- crypto/sparccpuid.S | 2 +- crypto/whrlpool/asm/wp-mmx.pl | 2 +- crypto/x509v3/v3_pci.c | 2 +- crypto/x509v3/v3_pcia.c | 2 +- demos/easy_tls/README | 2 +- util/mkrc.pl | 2 +- util/toutf8.sh | 17 ++++ 25 files changed, 176 insertions(+), 159 deletions(-) create mode 100644 util/toutf8.sh diff --git a/CHANGES b/CHANGES index 11ef03e..27cf65e 100644 --- a/CHANGES +++ b/CHANGES @@ -59,9 +59,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno B?ck. + independently by Hanno B??ck. (CVE-2015-1789) - [Emilia K?sper] + [Emilia K??sper] *) PKCS7 crash with missing EnvelopedContent @@ -75,7 +75,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia K?sper] + [Emilia K??sper] *) CMS verify infinite loop with unknown hash function @@ -205,7 +205,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia K?sper] + [Emilia K??sper] *) DoS via reachable assert in SSLv2 servers fix @@ -213,10 +213,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia K?sper + This issue was discovered by Sean Burford (Google) and Emilia K??sper (OpenSSL development team). (CVE-2015-0293) - [Emilia K?sper] + [Emilia K??sper] *) Empty CKE with client auth and DHE fix @@ -721,12 +721,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia K?sper] + [David Benjamin, Emilia K??sper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia K?sper] + [Emilia K??sper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -737,7 +737,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia K?sper] + [Emilia K??sper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -817,10 +817,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gr?bert (Google) for discovering and researching this + Thanks to Felix Gr??bert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia K?sper] + [Emilia K??sper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -857,7 +857,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietam?ki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietam??ki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -869,7 +869,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia K?sper, and Steve Henson] + [Emilia K??sper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -899,15 +899,15 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to J?ri Aedla for reporting this issue. (CVE-2014-0195) - [J?ri Aedla, Steve Henson] + Thanks to J??ri Aedla for reporting this issue. (CVE-2014-0195) + [J??ri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gr?bert and Ivan Fratric at Google for discovering + Thanks to Felix Gr??bert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gr?bert, Ivan Fratric, Steve Henson] + [Felix Gr??bert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. @@ -986,9 +986,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia K?sper for the initial patch. + Emilia K??sper for the initial patch. (CVE-2013-0169) - [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia K??sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -1163,7 +1163,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia K?sper, Adam Langley, Bodo Moeller (Google)] + [Emilia K??sper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1439,7 +1439,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia K?sper (Google)] + [Emilia K??sper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1453,7 +1453,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia K?sper (Google)] + [Emilia K??sper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -2262,7 +2262,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zolt?n Gl?zik , The OpenTSA Project] + [Zolt??n Gl??zik , The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -3430,7 +3430,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf M?ller] + [Geoff Thorpe, suggested by Ulf M??ller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3449,7 +3449,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf M?ller] + [Geoff Thorpe, Nils Larsch, Ulf M??ller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3516,7 +3516,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [G?tz Babin-Ebell via Richard Levitte] + [G??tz Babin-Ebell via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -4231,7 +4231,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf M?ller] + [Ulf M??ller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -4264,11 +4264,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf M?ller] + [Ulf M??ller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker via Lutz J?nicke, resolves #1014] + [Darren Tucker via Lutz J??nicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -4730,7 +4730,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [G?tz Babin-Ebell ] + [G??tz Babin-Ebell ] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer ] @@ -6835,7 +6835,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf M?ller, reported by Jim Ellis ] + [Ulf M??ller, reported by Jim Ellis ] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -6995,7 +6995,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Fix OAEP check. - [Ulf M?ller, Bodo M?ller] + [Ulf M??ller, Bodo M??ller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -7257,10 +7257,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf M?ller] + [Ulf M??ller] *) rand_win.c fix for Borland C. - [Ulf M?ller] + [Ulf M??ller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -7405,14 +7405,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo M?ller] + [Bodo M??ller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf M?ller] + [Ulf M??ller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -7430,7 +7430,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf M?ller] + [Ulf M??ller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -7696,7 +7696,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf M?ller] + [Ulf M??ller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -7916,7 +7916,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf M?ller] + [Ulf M??ller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -7948,7 +7948,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf M?ller] + [Ulf M??ller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -8037,7 +8037,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf M?ller, using the problem description in krb4-0.9.7, where + [Ulf M??ller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear ] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -8138,7 +8138,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Rolf Haberrecker ] *) Assembler module support for Mingw32. - [Ulf M?ller] + [Ulf M??ller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke and Anonymous] @@ -8157,7 +8157,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf M?ller] + [Ulf M??ller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -8187,14 +8187,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf M?ller, using public domain code by Patrick Powell; problem + [Ulf M??ller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote ] *) Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf M?ller] + [Ulf M??ller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -8227,7 +8227,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k #define OPENSSL_ALGORITHM_DEFINES #include defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo M?ller] + [Richard Levitte, Ulf and Bodo M??ller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -8278,17 +8278,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf M?ller] + [Ulf M??ller] *) More tests in bntest.c, and changed test_bn output. - [Ulf M?ller] + [Ulf M??ller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf M?ller] + [Ulf M??ller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -8296,11 +8296,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf M?ller] + [Ulf M??ller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf M?ller] + [Ulf M??ller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -8324,7 +8324,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf M?ller] + [Ulf M??ller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -8369,13 +8369,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf M?ller] + [Ulf M??ller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf M?ller] + [Ulf M??ller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -8385,25 +8385,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf M?ller, Bodo M?ller] + [Ulf M??ller, Bodo M??ller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf M?ller] + [Ulf M??ller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf M?ller] + [Ulf M??ller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf M?ller] + [Ulf M??ller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8459,7 +8459,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway , modified by Ulf M?ller] + [Kris Kennaway , modified by Ulf M??ller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8468,7 +8468,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf M?ller] + [Ulf M??ller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8498,7 +8498,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf M?ller] + [Ulf M??ller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -9332,7 +9332,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf M?ller] + [Ulf M??ller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -9421,7 +9421,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k worked. *) Fix problems with no-hmac etc. - [Ulf M?ller, pointed out by Brian Wellington ] + [Ulf M??ller, pointed out by Brian Wellington ] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9538,7 +9538,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) DES library cleanups. - [Ulf M?ller] + [Ulf M??ller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9581,7 +9581,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Christian Forster ] *) config now generates no-xxx options for missing ciphers. - [Ulf M?ller] + [Ulf M??ller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -9694,7 +9694,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf M?ller] + [Ulf M??ller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -9751,10 +9751,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere , modified by Ulf M?ller] + [Janez Jere , modified by Ulf M??ller] *) Support Mingw32. - [Ulf M?ller] + [Ulf M??ller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov ] @@ -9763,7 +9763,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf M?ller] + [Ulf M??ller] *) Update HPUX configuration. [Anonymous] @@ -9796,7 +9796,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf M?ller] + [Ulf M??ller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -9819,21 +9819,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Niels Poppe ] *) New Configure option no- (rsa, idea, rc5, ...). - [Ulf M?ller] + [Ulf M??ller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf M?ller] + [Ulf M??ller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf M?ller] + [Ulf M??ller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -9862,7 +9862,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf M?ller] + [Ulf M??ller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -9880,13 +9880,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Change functions to ANSI C. - [Ulf M?ller] + [Ulf M??ller] *) Fix typos in error codes. - [Martin Kraemer , Ulf M?ller] + [Martin Kraemer , Ulf M??ller] *) Remove defunct assembler files from Configure. - [Ulf M?ller] + [Ulf M??ller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov ] @@ -9923,7 +9923,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New Configure option "rsaref". - [Ulf M?ller] + [Ulf M??ller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -9971,7 +9971,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf M?ller] + [Ulf M??ller] *) Tweaks to Configure [Niels Poppe ] @@ -9981,11 +9981,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf M?ller] + [Ulf M??ller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf M?ller] + [Ulf M??ller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10524,7 +10524,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Hagino ] *) File was opened incorrectly in randfile.c. - [Ulf M?ller ] + [Ulf M??ller ] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10534,7 +10534,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf M?ller ] + [Ulf M??ller ] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous ] @@ -10681,7 +10681,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf M?ller ] + [Ben Laurie - pointed out by Ulf M??ller ] *) Autodetect FreeBSD3. [Ben Laurie] diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl index 451d0e0..60286ec 100755 --- a/crypto/aes/asm/aes-586.pl +++ b/crypto/aes/asm/aes-586.pl @@ -45,7 +45,7 @@ # the undertaken effort was that it appeared that in tight IA-32 # register window little-endian flavor could achieve slightly higher # Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent ?-archs... +# better performance on most recent ??-archs... # # Third version adds AES_cbc_encrypt implementation, which resulted in # up to 40% performance imrovement of CBC benchmark results. 40% was @@ -224,7 +224,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } $speed_limit=512; # chunks smaller than $speed_limit are # processed with compact routine in CBC mode $small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent ?-archs], but ~5 times smaller! + # recent ??-archs], but ~5 times smaller! # I favor compact code to minimize cache # contention and in hope to "collect" 5% back # in real-life applications... @@ -565,7 +565,7 @@ sub enctransform() # Performance is not actually extraordinary in comparison to pure # x86 code. In particular encrypt performance is virtually the same. # Decrypt performance on the other hand is 15-20% better on newer -# ?-archs [but we're thankful for *any* improvement here], and ~50% +# ??-archs [but we're thankful for *any* improvement here], and ~50% # better on PIII:-) And additionally on the pros side this code # eliminates redundant references to stack and thus relieves/ # minimizes the pressure on the memory bus. diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index 8f529c9..72381a7 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -27,7 +27,7 @@ # referred below, which improves ECDH and ECDSA verify benchmarks # by 18-40%. # -# C?mara, D.; Gouv?a, C. P. L.; L?pez, J. & Dahab, R.: Fast Software +# C??mara, D.; Gouv??a, C. P. L.; L??pez, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf @@ -136,7 +136,7 @@ ___ ################ # void bn_GF2m_mul_2x2(BN_ULONG *r, # BN_ULONG a1,BN_ULONG a0, -# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0?b1b0 +# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0??b1b0 { $code.=<<___; .global bn_GF2m_mul_2x2 @@ -159,7 +159,7 @@ $code.=<<___; mov $mask,#7<<2 sub sp,sp,#32 @ allocate tab[8] - bl mul_1x1_ialu @ a1?b1 + bl mul_1x1_ialu @ a1??b1 str $lo,[$ret,#8] str $hi,[$ret,#12] @@ -169,13 +169,13 @@ $code.=<<___; eor r2,r2,$a eor $b,$b,r3 eor $a,$a,r2 - bl mul_1x1_ialu @ a0?b0 + bl mul_1x1_ialu @ a0??b0 str $lo,[$ret] str $hi,[$ret,#4] eor $a,$a,r2 eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)?(b1+b0) + bl mul_1x1_ialu @ (a1+a0)??(b1+b0) ___ @r=map("r$_",(6..9)); $code.=<<___; diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S index 951abc5..c0cee82 100644 --- a/crypto/bn/asm/ia64.S +++ b/crypto/bn/asm/ia64.S @@ -568,7 +568,7 @@ bn_sqr_comba8: // I've estimated this routine to run in ~120 ticks, but in reality // (i.e. according to ar.itc) it takes ~160 ticks. Are those extra // cycles consumed for instructions fetch? Or did I misinterpret some -// clause in Itanium ?-architecture manual? Comments are welcomed and +// clause in Itanium ??-architecture manual? Comments are welcomed and // highly appreciated. // // On Itanium 2 it takes ~190 ticks. This is because of stalls on diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl index cd9f13e..9d18d40 100644 --- a/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/bn/asm/s390x-gf2m.pl @@ -172,19 +172,19 @@ ___ if ($SIZE_T==8) { my @r=map("%r$_",(6..9)); $code.=<<___; - bras $ra,_mul_1x1 # a1?b1 + bras $ra,_mul_1x1 # a1??b1 stmg $lo,$hi,16($rp) lg $a,`$stdframe+128+4*$SIZE_T`($sp) lg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # a0?b0 + bras $ra,_mul_1x1 # a0??b0 stmg $lo,$hi,0($rp) lg $a,`$stdframe+128+3*$SIZE_T`($sp) lg $b,`$stdframe+128+5*$SIZE_T`($sp) xg $a,`$stdframe+128+4*$SIZE_T`($sp) xg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # (a0+a1)?(b0+b1) + bras $ra,_mul_1x1 # (a0+a1)??(b0+b1) lmg @r[0], at r[3],0($rp) xgr $lo,$hi diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl index 808a1e5..b579530 100644 --- a/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/bn/asm/x86-gf2m.pl @@ -14,7 +14,7 @@ # the time being... Except that it has three code paths: pure integer # code suitable for any x86 CPU, MMX code suitable for PIII and later # and PCLMULQDQ suitable for Westmere and later. Improvement varies -# from one benchmark and ?-arch to another. Below are interval values +# from one benchmark and ??-arch to another. Below are interval values # for 163- and 571-bit ECDH benchmarks relative to compiler-generated # code: # @@ -226,22 +226,22 @@ if ($sse2) { &push ("edi"); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_mmx"); # a1?b1 + &call ("_mul_1x1_mmx"); # a1??b1 &movq ("mm7",$R); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # a0?b0 + &call ("_mul_1x1_mmx"); # a0??b0 &movq ("mm6",$R); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # (a0+a1)?(b0+b1) + &call ("_mul_1x1_mmx"); # (a0+a1)??(b0+b1) &pxor ($R,"mm7"); &mov ($a,&wparam(0)); - &pxor ($R,"mm6"); # (a0+a1)?(b0+b1)-a1?b1-a0?b0 + &pxor ($R,"mm6"); # (a0+a1)??(b0+b1)-a1??b1-a0??b0 &movq ($A,$R); &psllq ($R,32); @@ -266,13 +266,13 @@ if ($sse2) { &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_ialu"); # a1?b1 + &call ("_mul_1x1_ialu"); # a1??b1 &mov (&DWP(8,"esp"),$lo); &mov (&DWP(12,"esp"),$hi); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # a0?b0 + &call ("_mul_1x1_ialu"); # a0??b0 &mov (&DWP(0,"esp"),$lo); &mov (&DWP(4,"esp"),$hi); @@ -280,7 +280,7 @@ if ($sse2) { &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # (a0+a1)?(b0+b1) + &call ("_mul_1x1_ialu"); # (a0+a1)??(b0+b1) &mov ("ebp",&wparam(0)); @r=("ebx","ecx","edi","esi"); diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index d548886..d77dc43 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -65,7 +65,7 @@ # undef mul_add /*- - * "m"(a), "+m"(r) is the way to favor DirectPath ?-code; + * "m"(a), "+m"(r) is the way to favor DirectPath ??-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; */ diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl index 226c66c..42bbec2 100644 --- a/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/bn/asm/x86_64-gf2m.pl @@ -13,7 +13,7 @@ # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for # the time being... Except that it has two code paths: code suitable # for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and -# later. Improvement varies from one benchmark and ?-arch to another. +# later. Improvement varies from one benchmark and ??-arch to another. # Vanilla code path is at most 20% faster than compiler-generated code # [not very impressive], while PCLMULQDQ - whole 85%-160% better on # 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that @@ -184,13 +184,13 @@ ___ $code.=<<___; movdqa %xmm0,%xmm4 movdqa %xmm1,%xmm5 - pclmulqdq \$0,%xmm1,%xmm0 # a1?b1 + pclmulqdq \$0,%xmm1,%xmm0 # a1??b1 pxor %xmm2,%xmm4 pxor %xmm3,%xmm5 - pclmulqdq \$0,%xmm3,%xmm2 # a0?b0 - pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)?(b0+b1) + pclmulqdq \$0,%xmm3,%xmm2 # a0??b0 + pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)??(b0+b1) xorps %xmm0,%xmm4 - xorps %xmm2,%xmm4 # (a0+a1)?(b0+b1)-a0?b0-a1?b1 + xorps %xmm2,%xmm4 # (a0+a1)??(b0+b1)-a0??b0-a1??b1 movdqa %xmm4,%xmm5 pslldq \$8,%xmm4 psrldq \$8,%xmm5 @@ -225,13 +225,13 @@ $code.=<<___; mov \$0xf,$mask mov $a1,$a mov $b1,$b - call _mul_1x1 # a1?b1 + call _mul_1x1 # a1??b1 mov $lo,16(%rsp) mov $hi,24(%rsp) mov 48(%rsp),$a mov 64(%rsp),$b - call _mul_1x1 # a0?b0 + call _mul_1x1 # a0??b0 mov $lo,0(%rsp) mov $hi,8(%rsp) @@ -239,7 +239,7 @@ $code.=<<___; mov 56(%rsp),$b xor 48(%rsp),$a xor 64(%rsp),$b - call _mul_1x1 # (a0+a1)?(b0+b1) + call _mul_1x1 # (a0+a1)??(b0+b1) ___ @r=("%rbx","%rcx","%rdi","%rsi"); $code.=<<___; diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 77fbf34..21f877a 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -45,7 +45,7 @@ # processes one byte in 8.45 cycles, A9 - in 10.2, Snapdragon S4 - # in 9.33. # -# C?mara, D.; Gouv?a, C. P. L.; L?pez, J. & Dahab, R.: Fast Software +# C??mara, D.; Gouv??a, C. P. L.; L??pez, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf @@ -432,12 +432,12 @@ gcm_ghash_neon: veor $IN,$Xl @ inp^=Xi .Lgmult_neon: ___ - &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo?Xi.lo + &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo??Xi.lo $code.=<<___; veor $IN#lo,$IN#lo,$IN#hi @ Karatsuba pre-processing ___ - &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)?(Xi.lo+Xi.hi) - &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi?Xi.hi + &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)??(Xi.lo+Xi.hi) + &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi??Xi.hi $code.=<<___; veor $Xm,$Xm,$Xl @ Karatsuba post-processing veor $Xm,$Xm,$Xh diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl index 0365e0f..5bc2870 100644 --- a/crypto/modes/asm/ghash-sparcv9.pl +++ b/crypto/modes/asm/ghash-sparcv9.pl @@ -379,7 +379,7 @@ gcm_init_vis3: or $V,%lo(0xA0406080),$V or %l0,%lo(0x20C0E000),%l0 sllx $V,32,$V - or %l0,$V,$V ! (0xE0?i)&0xff=0xA040608020C0E000 + or %l0,$V,$V ! (0xE0??i)&0xff=0xA040608020C0E000 stx $V,[%i0+16] ret @@ -399,7 +399,7 @@ gcm_gmult_vis3: mov 0xE1,%l7 sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0?i)&0xff=0xA040608020C0E000 + ldx [$Htable+16],$V ! (0xE0??i)&0xff=0xA040608020C0E000 xor $Hhi,$Hlo,$Hhl ! Karatsuba pre-processing xmulx $Xlo,$Hlo,$C0 @@ -411,9 +411,9 @@ gcm_gmult_vis3: xmulx $Xhi,$Hhi,$Xhi sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ?0xE0 [implicit &(7<<3)] + srlx $V,$sqr,$sqr ! ??0xE0 [implicit &(7<<3)] xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0?0xE1)<<1<<56 [implicit &0x7f] + sllx $sqr,57,$sqr ! ($C0??0xE1)<<1<<56 [implicit &0x7f] xor $C0,$C1,$C1 ! Karatsuba post-processing xor $Xlo,$C2,$C2 @@ -423,7 +423,7 @@ gcm_gmult_vis3: xor $Xhi,$C2,$C2 xor $Xhi,$C1,$C1 - xmulxhi $C0,$xE1,$Xlo ! ?0xE1<<1<<56 + xmulxhi $C0,$xE1,$Xlo ! ??0xE1<<1<<56 xor $C0,$C2,$C2 xmulx $C1,$xE1,$C0 xor $C1,$C3,$C3 @@ -453,7 +453,7 @@ gcm_ghash_vis3: mov 0xE1,%l7 sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0?i)&0xff=0xA040608020C0E000 + ldx [$Htable+16],$V ! (0xE0??i)&0xff=0xA040608020C0E000 and $inp,7,$shl andn $inp,7,$inp @@ -490,9 +490,9 @@ gcm_ghash_vis3: xmulx $Xhi,$Hhi,$Xhi sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ?0xE0 [implicit &(7<<3)] + srlx $V,$sqr,$sqr ! ??0xE0 [implicit &(7<<3)] xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0?0xE1)<<1<<56 [implicit &0x7f] + sllx $sqr,57,$sqr ! ($C0??0xE1)<<1<<56 [implicit &0x7f] xor $C0,$C1,$C1 ! Karatsuba post-processing xor $Xlo,$C2,$C2 @@ -502,7 +502,7 @@ gcm_ghash_vis3: xor $Xhi,$C2,$C2 xor $Xhi,$C1,$C1 - xmulxhi $C0,$xE1,$Xlo ! ?0xE1<<1<<56 + xmulxhi $C0,$xE1,$Xlo ! ??0xE1<<1<<56 xor $C0,$C2,$C2 xmulx $C1,$xE1,$C0 xor $C1,$C3,$C3 diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl index 23a5527..0269169 100644 --- a/crypto/modes/asm/ghash-x86.pl +++ b/crypto/modes/asm/ghash-x86.pl @@ -358,7 +358,7 @@ $S=12; # shift factor for rem_4bit # effective address calculation and finally merge of value to Z.hi. # Reference to rem_4bit is scheduled so late that I had to >>4 # rem_4bit elements. This resulted in 20-45% procent improvement -# on contemporary ?-archs. +# on contemporary ??-archs. { my $cnt; my $rem_4bit = "eax"; diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index 6e656ca..5a7ce39 100644 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -576,15 +576,15 @@ $code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0)); # experimental alternative. special thing about is that there # no dependency between the two multiplications... mov \$`0xE1<<1`,%eax - mov \$0xA040608020C0E000,%r10 # ((7..0)?0xE0)&0xff + mov \$0xA040608020C0E000,%r10 # ((7..0)??0xE0)&0xff mov \$0x07,%r11d movq %rax,$T1 movq %r10,$T2 movq %r11,$T3 # borrow $T3 pand $Xi,$T3 - pshufb $T3,$T2 # ($Xi&7)?0xE0 + pshufb $T3,$T2 # ($Xi&7)??0xE0 movq %rax,$T3 - pclmulqdq \$0x00,$Xi,$T1 # ?(0xE1<<1) + pclmulqdq \$0x00,$Xi,$T1 # ??(0xE1<<1) pxor $Xi,$T2 pslldq \$15,$T2 paddd $T2,$T2 # <<(64+56+1) @@ -657,7 +657,7 @@ $code.=<<___; je .Lskip4x sub \$0x30,$len - mov \$0xA040608020C0E000,%rax # ((7..0)?0xE0)&0xff + mov \$0xA040608020C0E000,%rax # ((7..0)??0xE0)&0xff movdqu 0x30($Htbl),$Hkey3 movdqu 0x40($Htbl),$Hkey4 diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index e76a58c..71457cf 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -118,9 +118,9 @@ $code=<<___; le?vperm $IN,$IN,$IN,$lemask vxor $zero,$zero,$zero - vpmsumd $Xl,$IN,$Hl # H.lo?Xi.lo - vpmsumd $Xm,$IN,$H # H.hi?Xi.lo+H.lo?Xi.hi - vpmsumd $Xh,$IN,$Hh # H.hi?Xi.hi + vpmsumd $Xl,$IN,$Hl # H.lo??Xi.lo + vpmsumd $Xm,$IN,$H # H.hi??Xi.lo+H.lo??Xi.hi + vpmsumd $Xh,$IN,$Hh # H.hi??Xi.hi vpmsumd $t2,$Xl,$xC2 # 1st phase @@ -178,11 +178,11 @@ $code=<<___; .align 5 Loop: subic $len,$len,16 - vpmsumd $Xl,$IN,$Hl # H.lo?Xi.lo + vpmsumd $Xl,$IN,$Hl # H.lo??Xi.lo subfe. r0,r0,r0 # borrow?-1:0 - vpmsumd $Xm,$IN,$H # H.hi?Xi.lo+H.lo?Xi.hi + vpmsumd $Xm,$IN,$H # H.hi??Xi.lo+H.lo??Xi.hi and r0,r0,$len - vpmsumd $Xh,$IN,$Hh # H.hi?Xi.hi + vpmsumd $Xh,$IN,$Hh # H.hi??Xi.hi add $inp,$inp,r0 vpmsumd $t2,$Xl,$xC2 # 1st phase diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 0b9cd73..0886d21 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -135,10 +135,10 @@ gcm_gmult_v8: #endif vext.8 $IN,$t1,$t1,#8 - vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo??Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi??Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)??(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh @@ -226,7 +226,7 @@ $code.=<<___; #endif vext.8 $In,$t1,$t1,#8 veor $IN,$IN,$Xl @ I[i]^=Xi - vpmull.p64 $Xln,$H,$In @ H?Ii+1 + vpmull.p64 $Xln,$H,$In @ H??Ii+1 veor $t1,$t1,$In @ Karatsuba pre-processing vpmull2.p64 $Xhn,$H,$In b .Loop_mod2x_v8 @@ -235,14 +235,14 @@ $code.=<<___; .Loop_mod2x_v8: vext.8 $t2,$IN,$IN,#8 subs $len,$len,#32 @ is there more data? - vpmull.p64 $Xl,$H2,$IN @ H^2.lo?Xi.lo + vpmull.p64 $Xl,$H2,$IN @ H^2.lo??Xi.lo cclr $inc,lo @ is it time to zero $inc? vpmull.p64 $Xmn,$Hhl,$t1 veor $t2,$t2,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H2,$IN @ H^2.hi?Xi.hi + vpmull2.p64 $Xh,$H2,$IN @ H^2.hi??Xi.hi veor $Xl,$Xl,$Xln @ accumulate - vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)?(Xi.lo+Xi.hi) + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)??(Xi.lo+Xi.hi) vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i+2] veor $Xh,$Xh,$Xhn @@ -267,7 +267,7 @@ $code.=<<___; vext.8 $In,$t1,$t1,#8 vext.8 $IN,$t0,$t0,#8 veor $Xl,$Xm,$t2 - vpmull.p64 $Xln,$H,$In @ H?Ii+1 + vpmull.p64 $Xln,$H,$In @ H??Ii+1 veor $IN,$IN,$Xh @ accumulate $IN early vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction @@ -291,10 +291,10 @@ $code.=<<___; veor $IN,$IN,$Xl @ inp^=Xi veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi - vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo??Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi??Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)??(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 75750db..20722d3 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -56,7 +56,7 @@ # achieves respectful 432MBps on 2.8GHz processor now. For reference. # If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than # RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU ?-arch detection +# slower than the RC4_INT one [meaning that if CPU ??-arch detection # is not implemented, then this final RC4_CHAR code-path should be # preferred, as it provides better *all-round* performance]. diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 4895eb3..e0b5d83 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -66,9 +66,9 @@ # switch to AVX alone improves performance by as little as 4% in # comparison to SSSE3 code path. But below result doesn't look like # 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as -# pair of ?-ops, and it's the additional ?-ops, two per round, that +# pair of ??-ops, and it's the additional ??-ops, two per round, that # make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded -# as single ?-op by Sandy Bridge and it's replacing 'ro[rl]' with +# as single ??-op by Sandy Bridge and it's replacing 'ro[rl]' with # equivalent 'sh[rl]d' that is responsible for the impressive 5.1 # cycles per processed byte. But 'sh[rl]d' is not something that used # to be fast, nor does it appear to be fast in upcoming Bulldozer diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index 6462e45..e907714 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -10,7 +10,7 @@ # SHA256 block transform for x86. September 2007. # # Performance improvement over compiler generated code varies from -# 10% to 40% [see below]. Not very impressive on some ?-archs, but +# 10% to 40% [see below]. Not very impressive on some ??-archs, but # it's 5 times smaller and optimizies amount of writes. # # May 2012. diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl index e96ec00..2f6a202 100644 --- a/crypto/sha/asm/sha512-586.pl +++ b/crypto/sha/asm/sha512-586.pl @@ -37,7 +37,7 @@ # # IALU code-path is optimized for elder Pentiums. On vanilla Pentium # performance improvement over compiler generated code reaches ~60%, -# while on PIII - ~35%. On newer ?-archs improvement varies from 15% +# while on PIII - ~35%. On newer ??-archs improvement varies from 15% # to 50%, but it's less important as they are expected to execute SSE2 # code-path, which is commonly ~2-3x faster [than compiler generated # code]. SSE2 code-path is as fast as original sha512-sse2.pl, even diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S index eea2006..7b12ec2 100644 --- a/crypto/sparccpuid.S +++ b/crypto/sparccpuid.S @@ -123,7 +123,7 @@ OPENSSL_wipe_cpu: fmovs %f1,%f3 fmovs %f0,%f2 - add %fp,BIAS,%i0 ! return pointer to caller?s top of stack + add %fp,BIAS,%i0 ! return pointer to caller??s top of stack ret restore diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl index c584e5b..7725951 100644 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/whrlpool/asm/wp-mmx.pl @@ -16,7 +16,7 @@ # table]. I stick to value of 2 for two reasons: 1. smaller table # minimizes cache trashing and thus mitigates the hazard of side- # channel leakage similar to AES cache-timing one; 2. performance -# gap among different ?-archs is smaller. +# gap among different ??-archs is smaller. # # Performance table lists rounded amounts of CPU cycles spent by # whirlpool_block_mmx routine on single 64 byte input block, i.e. diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index fe0d806..48ac095 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard at levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska H?gskolan +/* Copyright (c) 2004 Kungliga Tekniska H??gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c index 350b398..43fd362 100644 --- a/crypto/x509v3/v3_pcia.c +++ b/crypto/x509v3/v3_pcia.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard at levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska H?gskolan +/* Copyright (c) 2004 Kungliga Tekniska H??gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/demos/easy_tls/README b/demos/easy_tls/README index 816a580..ee89dfb 100644 --- a/demos/easy_tls/README +++ b/demos/easy_tls/README @@ -62,4 +62,4 @@ As noted above, easy_tls.c will be changed to become a library one day, which means that future revisions will not be fully compatible to the current version. -Bodo M?ller +Bodo M??ller diff --git a/util/mkrc.pl b/util/mkrc.pl index 0ceadcf..83ee6a4 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -57,7 +57,7 @@ BEGIN VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright ? 1998-2006 The OpenSSL Project. Copyright ? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright ?? 1998-2006 The OpenSSL Project. Copyright ?? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" diff --git a/util/toutf8.sh b/util/toutf8.sh new file mode 100644 index 0000000..8a4254b --- /dev/null +++ b/util/toutf8.sh @@ -0,0 +1,17 @@ +#! /bin/sh +# +# Very simple script to detect and convert files that we want to re-encode to UTF8 + +git ls-tree -r --name-only HEAD | \ + while read F; do + charset=`file -bi "$F" | sed -e 's|.*charset=||'` + if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then + iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \ + ( cmp -s "$F" "$F.utf8" || \ + ( echo "$F" + mv "$F" "$F.iso-8859-1" + mv "$F.utf8" "$F" + ) + ) + fi + done From levitte at openssl.org Mon Jul 13 23:19:17 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 13 Jul 2015 23:19:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436829557.359772.883.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via a027bba22a095c9a71d1e8b55a786bd0d483f581 (commit) via 13e742a4393a7353437926db03e09f23766311dc (commit) from 2794dec7b21f4faf5095008d3dd9743f41cc19ad (commit) - Log ----------------------------------------------------------------- commit a027bba22a095c9a71d1e8b55a786bd0d483f581 Author: Richard Levitte Date: Tue Jul 14 01:16:17 2015 +0200 Conversion to UTF-8 where needed This leaves behind files with names ending with '.iso-8859-1'. These should be safe to remove. If something went wrong when re-encoding, there will be some files with names ending with '.utf8' left behind. Reviewed-by: Rich Salz commit 13e742a4393a7353437926db03e09f23766311dc Author: Richard Levitte Date: Mon Jul 13 16:50:16 2015 +0200 Small script to re-encode files that need it to UTF-8 This requires 'iconv' and that 'file' can take the options '-b' and '-i'. Reviewed-by: Rich Salz (cherry picked from commit f608b4064d58ca4dfdfdfc921308b51cb96205e2) ----------------------------------------------------------------------- Summary of changes: CHANGES | 168 ++++++++++++++++++++-------------------- crypto/aes/asm/aes-586.pl | 6 +- crypto/bn/asm/armv4-gf2m.pl | 24 +++--- crypto/bn/asm/ia64.S | 2 +- crypto/bn/asm/s390x-gf2m.pl | 6 +- crypto/bn/asm/x86-gf2m.pl | 16 ++-- crypto/bn/asm/x86_64-gcc.c | 2 +- crypto/bn/asm/x86_64-gf2m.pl | 16 ++-- crypto/modes/asm/ghash-armv4.pl | 6 +- crypto/modes/asm/ghash-x86.pl | 2 +- crypto/rc4/asm/rc4-x86_64.pl | 2 +- crypto/sha/asm/sha1-586.pl | 4 +- crypto/sha/asm/sha256-586.pl | 2 +- crypto/sha/asm/sha512-586.pl | 2 +- crypto/sparccpuid.S | 2 +- crypto/whrlpool/asm/wp-mmx.pl | 2 +- crypto/x509v3/v3_pci.c | 2 +- crypto/x509v3/v3_pcia.c | 2 +- demos/easy_tls/README | 2 +- util/mkrc.pl | 2 +- util/toutf8.sh | 17 ++++ 21 files changed, 152 insertions(+), 135 deletions(-) create mode 100644 util/toutf8.sh diff --git a/CHANGES b/CHANGES index 38ae89f..c2aba4b 100644 --- a/CHANGES +++ b/CHANGES @@ -59,9 +59,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno B?ck. + independently by Hanno B??ck. (CVE-2015-1789) - [Emilia K?sper] + [Emilia K??sper] *) PKCS7 crash with missing EnvelopedContent @@ -75,7 +75,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia K?sper] + [Emilia K??sper] *) CMS verify infinite loop with unknown hash function @@ -136,7 +136,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia K?sper] + [Emilia K??sper] *) DoS via reachable assert in SSLv2 servers fix @@ -144,10 +144,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia K?sper + This issue was discovered by Sean Burford (Google) and Emilia K??sper (OpenSSL development team). (CVE-2015-0293) - [Emilia K?sper] + [Emilia K??sper] *) Use After Free following d2i_ECPrivatekey error fix @@ -292,12 +292,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia K?sper] + [David Benjamin, Emilia K??sper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia K?sper] + [Emilia K??sper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -308,7 +308,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia K?sper] + [Emilia K??sper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -388,10 +388,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gr?bert (Google) for discovering and researching this + Thanks to Felix Gr??bert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia K?sper] + [Emilia K??sper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -428,7 +428,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietam?ki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietam??ki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -440,7 +440,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia K?sper, and Steve Henson] + [Emilia K??sper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -470,15 +470,15 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to J?ri Aedla for reporting this issue. (CVE-2014-0195) - [J?ri Aedla, Steve Henson] + Thanks to J??ri Aedla for reporting this issue. (CVE-2014-0195) + [J??ri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gr?bert and Ivan Fratric at Google for discovering + Thanks to Felix Gr??bert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gr?bert, Ivan Fratric, Steve Henson] + [Felix Gr??bert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. @@ -557,9 +557,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia K?sper for the initial patch. + Emilia K??sper for the initial patch. (CVE-2013-0169) - [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia K??sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -734,7 +734,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia K?sper, Adam Langley, Bodo Moeller (Google)] + [Emilia K??sper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1010,7 +1010,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia K?sper (Google)] + [Emilia K??sper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1024,7 +1024,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia K?sper (Google)] + [Emilia K??sper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -1833,7 +1833,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zolt?n Gl?zik , The OpenTSA Project] + [Zolt??n Gl??zik , The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -3001,7 +3001,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf M?ller] + [Geoff Thorpe, suggested by Ulf M??ller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3020,7 +3020,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf M?ller] + [Geoff Thorpe, Nils Larsch, Ulf M??ller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3087,7 +3087,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [G?tz Babin-Ebell via Richard Levitte] + [G??tz Babin-Ebell via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -3802,7 +3802,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf M?ller] + [Ulf M??ller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -3835,11 +3835,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf M?ller] + [Ulf M??ller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker via Lutz J?nicke, resolves #1014] + [Darren Tucker via Lutz J??nicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -4301,7 +4301,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [G?tz Babin-Ebell ] + [G??tz Babin-Ebell ] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer ] @@ -6406,7 +6406,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf M?ller, reported by Jim Ellis ] + [Ulf M??ller, reported by Jim Ellis ] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -6566,7 +6566,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Fix OAEP check. - [Ulf M?ller, Bodo M?ller] + [Ulf M??ller, Bodo M??ller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -6828,10 +6828,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf M?ller] + [Ulf M??ller] *) rand_win.c fix for Borland C. - [Ulf M?ller] + [Ulf M??ller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -6976,14 +6976,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo M?ller] + [Bodo M??ller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf M?ller] + [Ulf M??ller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -7001,7 +7001,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf M?ller] + [Ulf M??ller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -7267,7 +7267,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf M?ller] + [Ulf M??ller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -7487,7 +7487,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf M?ller] + [Ulf M??ller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -7519,7 +7519,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf M?ller] + [Ulf M??ller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -7608,7 +7608,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf M?ller, using the problem description in krb4-0.9.7, where + [Ulf M??ller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear ] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -7709,7 +7709,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Rolf Haberrecker ] *) Assembler module support for Mingw32. - [Ulf M?ller] + [Ulf M??ller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke and Anonymous] @@ -7728,7 +7728,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf M?ller] + [Ulf M??ller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -7758,14 +7758,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf M?ller, using public domain code by Patrick Powell; problem + [Ulf M??ller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote ] *) Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf M?ller] + [Ulf M??ller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -7798,7 +7798,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k #define OPENSSL_ALGORITHM_DEFINES #include defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo M?ller] + [Richard Levitte, Ulf and Bodo M??ller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -7849,17 +7849,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf M?ller] + [Ulf M??ller] *) More tests in bntest.c, and changed test_bn output. - [Ulf M?ller] + [Ulf M??ller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf M?ller] + [Ulf M??ller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -7867,11 +7867,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf M?ller] + [Ulf M??ller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf M?ller] + [Ulf M??ller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -7895,7 +7895,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf M?ller] + [Ulf M??ller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -7940,13 +7940,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf M?ller] + [Ulf M??ller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf M?ller] + [Ulf M??ller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -7956,25 +7956,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf M?ller, Bodo M?ller] + [Ulf M??ller, Bodo M??ller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf M?ller] + [Ulf M??ller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf M?ller] + [Ulf M??ller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf M?ller] + [Ulf M??ller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8030,7 +8030,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway , modified by Ulf M?ller] + [Kris Kennaway , modified by Ulf M??ller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8039,7 +8039,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf M?ller] + [Ulf M??ller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8069,7 +8069,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf M?ller] + [Ulf M??ller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -8903,7 +8903,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf M?ller] + [Ulf M??ller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -8992,7 +8992,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k worked. *) Fix problems with no-hmac etc. - [Ulf M?ller, pointed out by Brian Wellington ] + [Ulf M??ller, pointed out by Brian Wellington ] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9109,7 +9109,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) DES library cleanups. - [Ulf M?ller] + [Ulf M??ller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9152,7 +9152,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Christian Forster ] *) config now generates no-xxx options for missing ciphers. - [Ulf M?ller] + [Ulf M??ller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -9265,7 +9265,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf M?ller] + [Ulf M??ller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -9322,10 +9322,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere , modified by Ulf M?ller] + [Janez Jere , modified by Ulf M??ller] *) Support Mingw32. - [Ulf M?ller] + [Ulf M??ller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov ] @@ -9334,7 +9334,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf M?ller] + [Ulf M??ller] *) Update HPUX configuration. [Anonymous] @@ -9367,7 +9367,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf M?ller] + [Ulf M??ller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -9390,21 +9390,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Niels Poppe ] *) New Configure option no- (rsa, idea, rc5, ...). - [Ulf M?ller] + [Ulf M??ller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf M?ller] + [Ulf M??ller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf M?ller] + [Ulf M??ller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -9433,7 +9433,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf M?ller] + [Ulf M??ller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -9451,13 +9451,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Change functions to ANSI C. - [Ulf M?ller] + [Ulf M??ller] *) Fix typos in error codes. - [Martin Kraemer , Ulf M?ller] + [Martin Kraemer , Ulf M??ller] *) Remove defunct assembler files from Configure. - [Ulf M?ller] + [Ulf M??ller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov ] @@ -9494,7 +9494,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New Configure option "rsaref". - [Ulf M?ller] + [Ulf M??ller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -9542,7 +9542,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf M?ller] + [Ulf M??ller] *) Tweaks to Configure [Niels Poppe ] @@ -9552,11 +9552,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf M?ller] + [Ulf M??ller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf M?ller] + [Ulf M??ller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10095,7 +10095,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Hagino ] *) File was opened incorrectly in randfile.c. - [Ulf M?ller ] + [Ulf M??ller ] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10105,7 +10105,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf M?ller ] + [Ulf M??ller ] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous ] @@ -10252,7 +10252,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf M?ller ] + [Ben Laurie - pointed out by Ulf M??ller ] *) Autodetect FreeBSD3. [Ben Laurie] diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl index 687ed81..51b500d 100755 --- a/crypto/aes/asm/aes-586.pl +++ b/crypto/aes/asm/aes-586.pl @@ -45,7 +45,7 @@ # the undertaken effort was that it appeared that in tight IA-32 # register window little-endian flavor could achieve slightly higher # Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent ?-archs... +# better performance on most recent ??-archs... # # Third version adds AES_cbc_encrypt implementation, which resulted in # up to 40% performance imrovement of CBC benchmark results. 40% was @@ -223,7 +223,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } $speed_limit=512; # chunks smaller than $speed_limit are # processed with compact routine in CBC mode $small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent ?-archs], but ~5 times smaller! + # recent ??-archs], but ~5 times smaller! # I favor compact code to minimize cache # contention and in hope to "collect" 5% back # in real-life applications... @@ -562,7 +562,7 @@ sub enctransform() # Performance is not actually extraordinary in comparison to pure # x86 code. In particular encrypt performance is virtually the same. # Decrypt performance on the other hand is 15-20% better on newer -# ?-archs [but we're thankful for *any* improvement here], and ~50% +# ??-archs [but we're thankful for *any* improvement here], and ~50% # better on PIII:-) And additionally on the pros side this code # eliminates redundant references to stack and thus relieves/ # minimizes the pressure on the memory bus. diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index c52e0b7..22ad1f8 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -41,13 +41,13 @@ $code=<<___; .align 5 mul_1x1_neon: vshl.u64 `&Dlo("q1")`,d16,#8 @ q1-q3 are slided $a - vmull.p8 `&Q("d0")`,d16,d17 @ a?bb + vmull.p8 `&Q("d0")`,d16,d17 @ a??bb vshl.u64 `&Dlo("q2")`,d16,#16 - vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8?bb + vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8??bb vshl.u64 `&Dlo("q3")`,d16,#24 - vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16?bb + vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16??bb vshr.u64 `&Dlo("q1")`,#8 - vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24?bb + vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24??bb vshl.u64 `&Dhi("q1")`,#24 veor d0,`&Dlo("q1")` vshr.u64 `&Dlo("q2")`,#16 @@ -158,7 +158,7 @@ ___ ################ # void bn_GF2m_mul_2x2(BN_ULONG *r, # BN_ULONG a1,BN_ULONG a0, -# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0?b1b0 +# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0??b1b0 ($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23)); @@ -184,20 +184,20 @@ bn_GF2m_mul_2x2: vmov d16,$A1 vmov d17,$B1 - bl mul_1x1_neon @ a1?b1 + bl mul_1x1_neon @ a1??b1 vmov $A1B1,d0 vmov d16,$A0 vmov d17,$B0 - bl mul_1x1_neon @ a0?b0 + bl mul_1x1_neon @ a0??b0 vmov $A0B0,d0 veor d16,$A0,$A1 veor d17,$B0,$B1 veor $A0,$A0B0,$A1B1 - bl mul_1x1_neon @ (a0+a1)?(b0+b1) + bl mul_1x1_neon @ (a0+a1)??(b0+b1) - veor d0,$A0 @ (a0+a1)?(b0+b1)-a0?b0-a1?b1 + veor d0,$A0 @ (a0+a1)??(b0+b1)-a0??b0-a1??b1 vshl.u64 d1,d0,#32 vshr.u64 d0,d0,#32 veor $A0B0,d1 @@ -220,7 +220,7 @@ $code.=<<___; mov $mask,#7<<2 sub sp,sp,#32 @ allocate tab[8] - bl mul_1x1_ialu @ a1?b1 + bl mul_1x1_ialu @ a1??b1 str $lo,[$ret,#8] str $hi,[$ret,#12] @@ -230,13 +230,13 @@ $code.=<<___; eor r2,r2,$a eor $b,$b,r3 eor $a,$a,r2 - bl mul_1x1_ialu @ a0?b0 + bl mul_1x1_ialu @ a0??b0 str $lo,[$ret] str $hi,[$ret,#4] eor $a,$a,r2 eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)?(b1+b0) + bl mul_1x1_ialu @ (a1+a0)??(b1+b0) ___ @r=map("r$_",(6..9)); $code.=<<___; diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S index 951abc5..c0cee82 100644 --- a/crypto/bn/asm/ia64.S +++ b/crypto/bn/asm/ia64.S @@ -568,7 +568,7 @@ bn_sqr_comba8: // I've estimated this routine to run in ~120 ticks, but in reality // (i.e. according to ar.itc) it takes ~160 ticks. Are those extra // cycles consumed for instructions fetch? Or did I misinterpret some -// clause in Itanium ?-architecture manual? Comments are welcomed and +// clause in Itanium ??-architecture manual? Comments are welcomed and // highly appreciated. // // On Itanium 2 it takes ~190 ticks. This is because of stalls on diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl index cd9f13e..9d18d40 100644 --- a/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/bn/asm/s390x-gf2m.pl @@ -172,19 +172,19 @@ ___ if ($SIZE_T==8) { my @r=map("%r$_",(6..9)); $code.=<<___; - bras $ra,_mul_1x1 # a1?b1 + bras $ra,_mul_1x1 # a1??b1 stmg $lo,$hi,16($rp) lg $a,`$stdframe+128+4*$SIZE_T`($sp) lg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # a0?b0 + bras $ra,_mul_1x1 # a0??b0 stmg $lo,$hi,0($rp) lg $a,`$stdframe+128+3*$SIZE_T`($sp) lg $b,`$stdframe+128+5*$SIZE_T`($sp) xg $a,`$stdframe+128+4*$SIZE_T`($sp) xg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # (a0+a1)?(b0+b1) + bras $ra,_mul_1x1 # (a0+a1)??(b0+b1) lmg @r[0], at r[3],0($rp) xgr $lo,$hi diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl index 808a1e5..b579530 100644 --- a/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/bn/asm/x86-gf2m.pl @@ -14,7 +14,7 @@ # the time being... Except that it has three code paths: pure integer # code suitable for any x86 CPU, MMX code suitable for PIII and later # and PCLMULQDQ suitable for Westmere and later. Improvement varies -# from one benchmark and ?-arch to another. Below are interval values +# from one benchmark and ??-arch to another. Below are interval values # for 163- and 571-bit ECDH benchmarks relative to compiler-generated # code: # @@ -226,22 +226,22 @@ if ($sse2) { &push ("edi"); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_mmx"); # a1?b1 + &call ("_mul_1x1_mmx"); # a1??b1 &movq ("mm7",$R); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # a0?b0 + &call ("_mul_1x1_mmx"); # a0??b0 &movq ("mm6",$R); &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # (a0+a1)?(b0+b1) + &call ("_mul_1x1_mmx"); # (a0+a1)??(b0+b1) &pxor ($R,"mm7"); &mov ($a,&wparam(0)); - &pxor ($R,"mm6"); # (a0+a1)?(b0+b1)-a1?b1-a0?b0 + &pxor ($R,"mm6"); # (a0+a1)??(b0+b1)-a1??b1-a0??b0 &movq ($A,$R); &psllq ($R,32); @@ -266,13 +266,13 @@ if ($sse2) { &mov ($a,&wparam(1)); &mov ($b,&wparam(3)); - &call ("_mul_1x1_ialu"); # a1?b1 + &call ("_mul_1x1_ialu"); # a1??b1 &mov (&DWP(8,"esp"),$lo); &mov (&DWP(12,"esp"),$hi); &mov ($a,&wparam(2)); &mov ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # a0?b0 + &call ("_mul_1x1_ialu"); # a0??b0 &mov (&DWP(0,"esp"),$lo); &mov (&DWP(4,"esp"),$hi); @@ -280,7 +280,7 @@ if ($sse2) { &mov ($b,&wparam(3)); &xor ($a,&wparam(2)); &xor ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # (a0+a1)?(b0+b1) + &call ("_mul_1x1_ialu"); # (a0+a1)??(b0+b1) &mov ("ebp",&wparam(0)); @r=("ebx","ecx","edi","esi"); diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 9c5074b..0a5bb28 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -66,7 +66,7 @@ # undef sqr /*- - * "m"(a), "+m"(r) is the way to favor DirectPath ?-code; + * "m"(a), "+m"(r) is the way to favor DirectPath ??-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; */ diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl index 226c66c..42bbec2 100644 --- a/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/bn/asm/x86_64-gf2m.pl @@ -13,7 +13,7 @@ # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for # the time being... Except that it has two code paths: code suitable # for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and -# later. Improvement varies from one benchmark and ?-arch to another. +# later. Improvement varies from one benchmark and ??-arch to another. # Vanilla code path is at most 20% faster than compiler-generated code # [not very impressive], while PCLMULQDQ - whole 85%-160% better on # 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that @@ -184,13 +184,13 @@ ___ $code.=<<___; movdqa %xmm0,%xmm4 movdqa %xmm1,%xmm5 - pclmulqdq \$0,%xmm1,%xmm0 # a1?b1 + pclmulqdq \$0,%xmm1,%xmm0 # a1??b1 pxor %xmm2,%xmm4 pxor %xmm3,%xmm5 - pclmulqdq \$0,%xmm3,%xmm2 # a0?b0 - pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)?(b0+b1) + pclmulqdq \$0,%xmm3,%xmm2 # a0??b0 + pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)??(b0+b1) xorps %xmm0,%xmm4 - xorps %xmm2,%xmm4 # (a0+a1)?(b0+b1)-a0?b0-a1?b1 + xorps %xmm2,%xmm4 # (a0+a1)??(b0+b1)-a0??b0-a1??b1 movdqa %xmm4,%xmm5 pslldq \$8,%xmm4 psrldq \$8,%xmm5 @@ -225,13 +225,13 @@ $code.=<<___; mov \$0xf,$mask mov $a1,$a mov $b1,$b - call _mul_1x1 # a1?b1 + call _mul_1x1 # a1??b1 mov $lo,16(%rsp) mov $hi,24(%rsp) mov 48(%rsp),$a mov 64(%rsp),$b - call _mul_1x1 # a0?b0 + call _mul_1x1 # a0??b0 mov $lo,0(%rsp) mov $hi,8(%rsp) @@ -239,7 +239,7 @@ $code.=<<___; mov 56(%rsp),$b xor 48(%rsp),$a xor 64(%rsp),$b - call _mul_1x1 # (a0+a1)?(b0+b1) + call _mul_1x1 # (a0+a1)??(b0+b1) ___ @r=("%rbx","%rcx","%rdi","%rsi"); $code.=<<___; diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index d91586e..e46f8e3 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -374,8 +374,8 @@ gcm_ghash_neon: vdup.8 $xi,`&Dlo("$IN")`[0] @ broadcast lowest byte .Linner_neon: subs $cnt,$cnt,#1 - vmull.p8 $Qlo,$Hlo,$xi @ H.lo?Xi[i] - vmull.p8 $Qhi,$Hhi,$xi @ H.hi?Xi[i] + vmull.p8 $Qlo,$Hlo,$xi @ H.lo??Xi[i] + vmull.p8 $Qhi,$Hhi,$xi @ H.hi??Xi[i] vext.8 $IN,$zero,#1 @ IN>>=8 veor $Z,$Qpost @ modulo-scheduled part @@ -388,7 +388,7 @@ gcm_ghash_neon: vsli.8 $Zo,$T,#1 @ compose the "carry" byte vext.8 $Z,$zero,#1 @ Z>>=8 - vmull.p8 $R,$Zo,$mod @ "carry"?0xe1 + vmull.p8 $R,$Zo,$mod @ "carry"??0xe1 vshr.u8 $Zo,$T,#7 @ save Z's bottom bit vext.8 $Qpost,$Qlo,$zero,#1 @ Qlo>>=8 veor $Z,$Qhi diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl index 83c727e..2426cd0 100644 --- a/crypto/modes/asm/ghash-x86.pl +++ b/crypto/modes/asm/ghash-x86.pl @@ -346,7 +346,7 @@ $S=12; # shift factor for rem_4bit # effective address calculation and finally merge of value to Z.hi. # Reference to rem_4bit is scheduled so late that I had to >>4 # rem_4bit elements. This resulted in 20-45% procent improvement -# on contemporary ?-archs. +# on contemporary ??-archs. { my $cnt; my $rem_4bit = "eax"; diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 75750db..20722d3 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -56,7 +56,7 @@ # achieves respectful 432MBps on 2.8GHz processor now. For reference. # If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than # RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU ?-arch detection +# slower than the RC4_INT one [meaning that if CPU ??-arch detection # is not implemented, then this final RC4_CHAR code-path should be # preferred, as it provides better *all-round* performance]. diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 1084d22..2b119ff 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -66,9 +66,9 @@ # switch to AVX alone improves performance by as little as 4% in # comparison to SSSE3 code path. But below result doesn't look like # 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as -# pair of ?-ops, and it's the additional ?-ops, two per round, that +# pair of ??-ops, and it's the additional ??-ops, two per round, that # make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded -# as single ?-op by Sandy Bridge and it's replacing 'ro[rl]' with +# as single ??-op by Sandy Bridge and it's replacing 'ro[rl]' with # equivalent 'sh[rl]d' that is responsible for the impressive 5.1 # cycles per processed byte. But 'sh[rl]d' is not something that used # to be fast, nor does it appear to be fast in upcoming Bulldozer diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index 928ec53..52a7c7f 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -21,7 +21,7 @@ # purposes. # # Performance improvement over compiler generated code varies from -# 10% to 40% [see above]. Not very impressive on some ?-archs, but +# 10% to 40% [see above]. Not very impressive on some ??-archs, but # it's 5 times smaller and optimizies amount of writes. $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl index 7eab6a5..9f8c51e 100644 --- a/crypto/sha/asm/sha512-586.pl +++ b/crypto/sha/asm/sha512-586.pl @@ -23,7 +23,7 @@ # # IALU code-path is optimized for elder Pentiums. On vanilla Pentium # performance improvement over compiler generated code reaches ~60%, -# while on PIII - ~35%. On newer ?-archs improvement varies from 15% +# while on PIII - ~35%. On newer ??-archs improvement varies from 15% # to 50%, but it's less important as they are expected to execute SSE2 # code-path, which is commonly ~2-3x faster [than compiler generated # code]. SSE2 code-path is as fast as original sha512-sse2.pl, even diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S index 0cc247e..c63d5da 100644 --- a/crypto/sparccpuid.S +++ b/crypto/sparccpuid.S @@ -123,7 +123,7 @@ OPENSSL_wipe_cpu: fmovs %f1,%f3 fmovs %f0,%f2 - add %fp,BIAS,%i0 ! return pointer to caller?s top of stack + add %fp,BIAS,%i0 ! return pointer to caller??s top of stack ret restore diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl index cb2381c..90c2eca 100644 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/whrlpool/asm/wp-mmx.pl @@ -16,7 +16,7 @@ # table]. I stick to value of 2 for two reasons: 1. smaller table # minimizes cache trashing and thus mitigates the hazard of side- # channel leakage similar to AES cache-timing one; 2. performance -# gap among different ?-archs is smaller. +# gap among different ??-archs is smaller. # # Performance table lists rounded amounts of CPU cycles spent by # whirlpool_block_mmx routine on single 64 byte input block, i.e. diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index fe0d806..48ac095 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard at levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska H?gskolan +/* Copyright (c) 2004 Kungliga Tekniska H??gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c index 350b398..43fd362 100644 --- a/crypto/x509v3/v3_pcia.c +++ b/crypto/x509v3/v3_pcia.c @@ -3,7 +3,7 @@ * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard at levitte.org) */ -/* Copyright (c) 2004 Kungliga Tekniska H?gskolan +/* Copyright (c) 2004 Kungliga Tekniska H??gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/demos/easy_tls/README b/demos/easy_tls/README index 816a580..ee89dfb 100644 --- a/demos/easy_tls/README +++ b/demos/easy_tls/README @@ -62,4 +62,4 @@ As noted above, easy_tls.c will be changed to become a library one day, which means that future revisions will not be fully compatible to the current version. -Bodo M?ller +Bodo M??ller diff --git a/util/mkrc.pl b/util/mkrc.pl index 0ceadcf..83ee6a4 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -57,7 +57,7 @@ BEGIN VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright ? 1998-2006 The OpenSSL Project. Copyright ? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright ?? 1998-2006 The OpenSSL Project. Copyright ?? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" diff --git a/util/toutf8.sh b/util/toutf8.sh new file mode 100644 index 0000000..8a4254b --- /dev/null +++ b/util/toutf8.sh @@ -0,0 +1,17 @@ +#! /bin/sh +# +# Very simple script to detect and convert files that we want to re-encode to UTF8 + +git ls-tree -r --name-only HEAD | \ + while read F; do + charset=`file -bi "$F" | sed -e 's|.*charset=||'` + if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then + iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \ + ( cmp -s "$F" "$F.utf8" || \ + ( echo "$F" + mv "$F" "$F.iso-8859-1" + mv "$F.utf8" "$F" + ) + ) + fi + done From rsalz at openssl.org Tue Jul 14 04:57:21 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 14 Jul 2015 04:57:21 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436849841.703678.24308.nullmailer@dev.openssl.org> The branch master has been updated via 0aa090920e4b36e3225c7f4d95be499c166d9785 (commit) from 48f11fd3ec9f218c9c82bc65873fec707cbed0f6 (commit) - Log ----------------------------------------------------------------- commit 0aa090920e4b36e3225c7f4d95be499c166d9785 Author: Rich Salz Date: Tue Jul 14 00:57:00 2015 -0400 Add date-posted to EOL notices. ----------------------------------------------------------------------- Summary of changes: news/state.wml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/news/state.wml b/news/state.wml index 73b93ea..9ae6860 100644 --- a/news/state.wml +++ b/news/state.wml @@ -18,8 +18,9 @@ We also released version 1.0.1p which has the same fixes for that branch.
-
We declared 1.0.0 and 0.9.8 to be end of life, with -all updates ending at the end of 2015. +
In 2014, we declared 1.0.0 and 0.9.8 to be end of life, with +all updates ending at the end of 2015. Until then, only security fixes will +be released for those branches.

Our next major release is 1.1.0. It is currently in development. From rsalz at openssl.org Tue Jul 14 05:33:03 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 14 Jul 2015 05:33:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436851983.603491.4044.nullmailer@dev.openssl.org> The branch master has been updated via e5c0bc6cc49a23b50a272801c4bd53639c25fca4 (commit) from 053fa39af62f5b3543ebec8592e4592965b18e26 (commit) - Log ----------------------------------------------------------------- commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4 Author: GitHub User Date: Thu Jul 9 15:02:29 2015 -0400 Missing perldoc markup around < literal Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_rand.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index bd6bc86..b3aec96 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -33,7 +33,7 @@ non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. BN_rand_range() generates a cryptographically strong pseudo-random -number B in the range 0 = B E B. +number B in the range 0 E= B E B. BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(), and hence numbers generated by it are not necessarily unpredictable. From rsalz at openssl.org Tue Jul 14 05:33:22 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 14 Jul 2015 05:33:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436852002.335310.6521.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 9e56a32e398efe2da58c65fecea52cf4886e3c3d (commit) from 9f0b86c68bb96d49301bbd6473c8235ca05ca06b (commit) - Log ----------------------------------------------------------------- commit 9e56a32e398efe2da58c65fecea52cf4886e3c3d Author: GitHub User Date: Thu Jul 9 15:02:29 2015 -0400 Missing perldoc markup around < literal Reviewed-by: Richard Levitte (cherry picked from commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_rand.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index bd6bc86..b3aec96 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -33,7 +33,7 @@ non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. BN_rand_range() generates a cryptographically strong pseudo-random -number B in the range 0 = B E B. +number B in the range 0 E= B E B. BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(), and hence numbers generated by it are not necessarily unpredictable. From rsalz at openssl.org Tue Jul 14 05:33:37 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 14 Jul 2015 05:33:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436852017.344419.8413.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 432785095c6605b70ac97df2add1594e9217939c (commit) from a027bba22a095c9a71d1e8b55a786bd0d483f581 (commit) - Log ----------------------------------------------------------------- commit 432785095c6605b70ac97df2add1594e9217939c Author: GitHub User Date: Thu Jul 9 15:02:29 2015 -0400 Missing perldoc markup around < literal Reviewed-by: Richard Levitte (cherry picked from commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_rand.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 3b2796c..b91231c 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -33,7 +33,7 @@ non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. BN_rand_range() generates a cryptographically strong pseudo-random -number B in the range 0 = B E B. +number B in the range 0 E= B E B. BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(), and hence numbers generated by it are not necessarily unpredictable. From rsalz at openssl.org Tue Jul 14 11:46:41 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 14 Jul 2015 11:46:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436874401.258587.16728.nullmailer@dev.openssl.org> The branch master has been updated via 5b89036c41a009a76cd0e1595dde5001ae157972 (commit) from e5c0bc6cc49a23b50a272801c4bd53639c25fca4 (commit) - Log ----------------------------------------------------------------- commit 5b89036c41a009a76cd0e1595dde5001ae157972 Author: Rich Salz Date: Thu Jul 9 14:54:13 2015 -0400 Can't use -trusted with -CA{path,file} Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: apps/verify.c | 8 +++++++- doc/apps/verify.pod | 12 ++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/apps/verify.c b/apps/verify.c index a823d58..7fcd32a 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -88,7 +88,7 @@ OPTIONS verify_options[] = { {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"}, {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"}, {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"}, - {"trusted", OPT_TRUSTED, '<', "A file of additional trusted certificates"}, + {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"}, {"CRLfile", OPT_CRLFILE, '<', "File containing one or more CRL's (in PEM format) to load"}, {"crl_download", OPT_CRL_DOWNLOAD, '-', @@ -180,6 +180,12 @@ int verify_main(int argc, char **argv) } argc = opt_num_rest(); argv = opt_rest(); + if (trustfile && (CAfile || CApath)) { + BIO_printf(bio_err, + "%s: Cannot use -trusted with -CAfile or -CApath\n", + prog); + goto end; + } if (!app_load_modules(NULL)) goto end; diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 9cc7fcb..b1253da 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -182,13 +182,17 @@ behaviour to match that of OpenSSL versions prior to 1.1.0. =item B<-untrusted file> -A file of untrusted certificates. The file should contain multiple certificates -in PEM format concatenated together. +A file of untrusted certificates. The file should contain one or more +certificates in PEM format. =item B<-trusted file> -A file of additional trusted certificates. The file should contain multiple -certificates in PEM format concatenated together. +A file of trusted certificates. The file contain one or more +certificates in PEM format. +With this option, no additional (e.g., default) certificate lists +are consulted. That is, the only trusted issuers are those listed +in B. +This option cannot be used with the B<-CAfile> or B<-CApath> options. =item B<-use_deltas> From levitte at openssl.org Tue Jul 14 19:08:19 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 14 Jul 2015 19:08:19 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1436900899.539256.22781.nullmailer@dev.openssl.org> The branch master has been updated via 10c638d6934c96d52236740fb4f0be12f9a68482 (commit) from 0aa090920e4b36e3225c7f4d95be499c166d9785 (commit) - Log ----------------------------------------------------------------- commit 10c638d6934c96d52236740fb4f0be12f9a68482 Author: Richard Levitte Date: Tue Jul 14 21:07:47 2015 +0200 Don't allow anyone to access any .git folder through the web ----------------------------------------------------------------------- Summary of changes: .htaccess | 1 + 1 file changed, 1 insertion(+) diff --git a/.htaccess b/.htaccess index 5d5d473..92b86ae 100644 --- a/.htaccess +++ b/.htaccess @@ -1,3 +1,4 @@ +RedirectMatch 404 .*/\.git/.* RewriteEngine on From viktor at openssl.org Wed Jul 15 05:46:24 2015 From: viktor at openssl.org (Viktor Dukhovni) Date: Wed, 15 Jul 2015 05:46:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436939184.854581.3160.nullmailer@dev.openssl.org> The branch master has been updated via 0dc41520f2af4bf5493879864303c858feac4573 (commit) from 5b89036c41a009a76cd0e1595dde5001ae157972 (commit) - Log ----------------------------------------------------------------- commit 0dc41520f2af4bf5493879864303c858feac4573 Author: Viktor Dukhovni Date: Tue Jul 14 21:26:31 2015 -0400 Maintain backwards-compatible SSLv23_method macros Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 3027617..c394191 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1546,11 +1546,9 @@ __owur const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ __owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ # endif -#ifdef OPENSSL_USE_DEPRECATED #define SSLv23_method TLS_method #define SSLv23_server_method TLS_server_method #define SSLv23_client_method TLS_client_method -#endif /* Negotiate highest available SSL/TLS version */ __owur const SSL_METHOD *TLS_method(void); From rsalz at openssl.org Wed Jul 15 07:32:36 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 15 Jul 2015 07:32:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436945556.895793.7310.nullmailer@dev.openssl.org> The branch master has been updated via ad282e638b6824325fb83ecf7cde2e7996f52b79 (commit) from 0dc41520f2af4bf5493879864303c858feac4573 (commit) - Log ----------------------------------------------------------------- commit ad282e638b6824325fb83ecf7cde2e7996f52b79 Author: Ernie Hershey Date: Tue Jul 14 23:08:44 2015 -0400 GH322: Fix typo in generated comment. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: util/mk1mf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 5161c17..6091a69 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -612,7 +612,7 @@ $defs= <<"EOF"; # N.B. You MUST use -j on FreeBSD. # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and -# by default leave the 'intertesting' output files in .${o}out and the stuff +# by default leave the 'interesting' output files in .${o}out and the stuff # that needs deleting in .${o}tmp. # The file was generated by running 'make makefile.one', which # does a 'make files', which writes all the environment variables from all From rsalz at openssl.org Wed Jul 15 07:32:57 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 15 Jul 2015 07:32:57 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436945577.659087.8130.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 033b558181680de69ecefe95ba05b76a0db2e253 (commit) from 9e56a32e398efe2da58c65fecea52cf4886e3c3d (commit) - Log ----------------------------------------------------------------- commit 033b558181680de69ecefe95ba05b76a0db2e253 Author: Ernie Hershey Date: Tue Jul 14 23:08:44 2015 -0400 GH322: Fix typo in generated comment. Reviewed-by: Viktor Dukhovni (cherry picked from commit ad282e638b6824325fb83ecf7cde2e7996f52b79) ----------------------------------------------------------------------- Summary of changes: util/mk1mf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 9b8abc0..99652af 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -447,7 +447,7 @@ $defs= <<"EOF"; # N.B. You MUST use -j on FreeBSD. # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and -# by default leave the 'intertesting' output files in .${o}out and the stuff +# by default leave the 'interesting' output files in .${o}out and the stuff # that needs deleting in .${o}tmp. # The file was generated by running 'make makefile.one', which # does a 'make files', which writes all the environment variables from all From rsalz at openssl.org Wed Jul 15 07:33:32 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 15 Jul 2015 07:33:32 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436945612.876953.8416.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 2507d846e187f35cdf9dbb07611fbe9a161d0f1b (commit) from 432785095c6605b70ac97df2add1594e9217939c (commit) - Log ----------------------------------------------------------------- commit 2507d846e187f35cdf9dbb07611fbe9a161d0f1b Author: Ernie Hershey Date: Tue Jul 14 23:08:44 2015 -0400 GH322: Fix typo in generated comment. Reviewed-by: Viktor Dukhovni (cherry picked from commit ad282e638b6824325fb83ecf7cde2e7996f52b79) ----------------------------------------------------------------------- Summary of changes: util/mk1mf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 1eee7aa..5b86aa7 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -424,7 +424,7 @@ EOF $defs= <<"EOF"; # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and -# by default leave the 'intertesting' output files in .${o}out and the stuff +# by default leave the 'interesting' output files in .${o}out and the stuff # that needs deleting in .${o}tmp. # The file was generated by running 'make makefile.one', which # does a 'make files', which writes all the environment variables from all From rsalz at openssl.org Wed Jul 15 10:49:10 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 15 Jul 2015 10:49:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1436957350.475610.16025.nullmailer@dev.openssl.org> The branch master has been updated via 31d6c0b2b043bad5c63b797a327109eb26ff8d2a (commit) via 9e2e7b34eb5db71247403ecd641f580d83da944a (commit) from ad282e638b6824325fb83ecf7cde2e7996f52b79 (commit) - Log ----------------------------------------------------------------- commit 31d6c0b2b043bad5c63b797a327109eb26ff8d2a Author: mancha Date: Wed Jul 15 04:54:28 2015 -0400 Fix author credit for e5c0bc6 Reviewed-by: Richard Levitte commit 9e2e7b34eb5db71247403ecd641f580d83da944a Author: Rich Salz Date: Wed Jul 15 04:52:51 2015 -0400 Revert "Missing perldoc markup around < literal" This reverts commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: From rsalz at openssl.org Wed Jul 15 10:50:03 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 15 Jul 2015 10:50:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1436957403.211261.22225.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via fd9631bbbda626af0407d5c8c188b05c86a25e3d (commit) via 405f43bc2a52860d70bfc73bf09cdce74fe7d5b2 (commit) from 033b558181680de69ecefe95ba05b76a0db2e253 (commit) - Log ----------------------------------------------------------------- commit fd9631bbbda626af0407d5c8c188b05c86a25e3d Author: mancha Date: Wed Jul 15 04:54:28 2015 -0400 Fix author credit for e5c0bc6 Reviewed-by: Richard Levitte commit 405f43bc2a52860d70bfc73bf09cdce74fe7d5b2 Author: Rich Salz Date: Wed Jul 15 04:52:51 2015 -0400 Revert "Missing perldoc markup around < literal" This reverts commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: From rsalz at openssl.org Wed Jul 15 10:50:18 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 15 Jul 2015 10:50:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1436957418.443088.23934.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 396a2dc07177a14284dba194cb6dfda4f3785681 (commit) via 001c957676232d19af4309d877dedb43ef00ac20 (commit) from 2507d846e187f35cdf9dbb07611fbe9a161d0f1b (commit) - Log ----------------------------------------------------------------- commit 396a2dc07177a14284dba194cb6dfda4f3785681 Author: mancha Date: Wed Jul 15 04:54:28 2015 -0400 Fix author credit for e5c0bc6 Reviewed-by: Richard Levitte commit 001c957676232d19af4309d877dedb43ef00ac20 Author: Rich Salz Date: Wed Jul 15 04:52:51 2015 -0400 Revert "Missing perldoc markup around < literal" This reverts commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: From rsalz at openssl.org Thu Jul 16 05:07:13 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 16 Jul 2015 05:07:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437023233.880565.2249.nullmailer@dev.openssl.org> The branch master has been updated via 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a (commit) from 31d6c0b2b043bad5c63b797a327109eb26ff8d2a (commit) - Log ----------------------------------------------------------------- commit 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a Author: Rich Salz Date: Thu Jul 2 08:49:54 2015 -0400 Remove obsolete key formats. Remove support for RSA_NET and Netscape key format (-keyform n). Also removed documentation of SGC. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 72 +------------- apps/apps.h | 1 - apps/opt.c | 14 +-- apps/rsa.c | 13 --- apps/x509.c | 10 -- crypto/asn1/Makefile | 16 +--- crypto/asn1/asn1_err.c | 3 - crypto/asn1/n_pkey.c | 231 --------------------------------------------- crypto/asn1/x_nx509.c | 72 -------------- crypto/crypto-lib.com | 2 +- doc/apps/x509v3_config.pod | 4 +- include/openssl/asn1.h | 10 -- include/openssl/rsa.h | 16 ---- test/tx509 | 18 ---- util/libeay.num | 20 ++-- 15 files changed, 20 insertions(+), 482 deletions(-) delete mode 100644 crypto/asn1/x_nx509.c diff --git a/apps/apps.c b/apps/apps.c index 3f2c049..80e7777 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -163,12 +163,6 @@ static int set_table_opts(unsigned long *flags, const char *arg, static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -/* Looks like this stuff is worth moving into separate function */ -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format); -#endif - int app_init(long mesgwin); int chopup_args(ARGS *arg, char *buf) @@ -695,22 +689,7 @@ X509 *load_cert(const char *file, int format, if (format == FORMAT_ASN1) x = d2i_X509_bio(cert, NULL); - else if (format == FORMAT_NETSCAPE) { - NETSCAPE_X509 *nx; - nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL); - if (nx == NULL) - goto end; - - if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data, - nx->header->length) != 0)) { - NETSCAPE_X509_free(nx); - BIO_printf(bio_err, "Error reading header on certificate\n"); - goto end; - } - x = nx->cert; - nx->cert = NULL; - NETSCAPE_X509_free(nx); - } else if (format == FORMAT_PEM) + else if (format == FORMAT_PEM) x = PEM_read_bio_X509_AUX(cert, NULL, (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { @@ -803,10 +782,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif else if (format == FORMAT_PKCS12) { if (!load_pkcs12(key, key_descrip, (pem_password_cb *)password_callback, &cb_data, @@ -903,10 +878,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) else if (format == FORMAT_MSBLOB) pkey = b2i_PublicKey_bio(key); @@ -918,47 +889,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, return (pkey); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format) -{ - EVP_PKEY *pkey; - BUF_MEM *buf; - RSA *rsa; - const unsigned char *p; - int size, i; - - buf = BUF_MEM_new(); - pkey = EVP_PKEY_new(); - size = 0; - if (buf == NULL || pkey == NULL) - goto error; - for (;;) { - if (!BUF_MEM_grow_clean(buf, size + 1024 * 10)) - goto error; - i = BIO_read(key, &(buf->data[size]), 1024 * 10); - size += i; - if (i == 0) - break; - if (i < 0) { - BIO_printf(bio_err, "Error reading %s %s", key_descrip, file); - goto error; - } - } - p = (unsigned char *)buf->data; - rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0); - if (rsa == NULL) - goto error; - BUF_MEM_free(buf); - EVP_PKEY_set1_RSA(pkey, rsa); - return pkey; - error: - BUF_MEM_free(buf); - EVP_PKEY_free(pkey); - return NULL; -} -#endif /* ndef OPENSSL_NO_RC4 */ - static int load_certs_crls(const char *file, int format, const char *pass, ENGINE *e, const char *desc, STACK_OF(X509) **pcerts, diff --git a/apps/apps.h b/apps/apps.h index b83d4b2..2823cbc 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -532,7 +532,6 @@ void store_setup_crl_download(X509_STORE *st); # define FORMAT_ASN1 1 # define FORMAT_TEXT 2 # define FORMAT_PEM 3 -# define FORMAT_NETSCAPE 4 # define FORMAT_PKCS12 5 # define FORMAT_SMIME 6 # define FORMAT_ENGINE 7 diff --git a/apps/opt.c b/apps/opt.c index b81cec4..bfb039e 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -256,15 +256,11 @@ int opt_format(const char *s, unsigned long flags, int *result) break; case 'N': case 'n': - if (strcmp(s, "NSS") == 0 || strcmp(s, "nss") == 0) { - if ((flags & OPT_FMT_NSS) == 0) - return opt_format_error(s, flags); - *result = FORMAT_NSS; - } else { - if ((flags & OPT_FMT_NETSCAPE) == 0) - return opt_format_error(s, flags); - *result = FORMAT_NETSCAPE; - } + if ((flags & OPT_FMT_NSS) == 0) + return opt_format_error(s, flags); + if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0) + return opt_format_error(s, flags); + *result = FORMAT_NSS; break; case 'S': case 's': diff --git a/apps/rsa.c b/apps/rsa.c index f6961d9..c7ad44b 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -352,19 +352,6 @@ int rsa_main(int argc, char **argv) i = i2d_RSAPrivateKey_bio(out, rsa); } } -# ifndef OPENSSL_NO_RC4 - else if (outformat == FORMAT_NETSCAPE) { - unsigned char *p, *save; - int size = i2d_RSA_NET(rsa, NULL, NULL, 0); - - save = p = app_malloc(size, "RSA i2d buffer"); - assert(private); - i2d_RSA_NET(rsa, &p, NULL, 0); - BIO_write(out, (char *)save, size); - OPENSSL_free(save); - i = 1; - } -# endif else if (outformat == FORMAT_PEM) { if (pubout || pubin) { if (pubout == 2) diff --git a/apps/x509.c b/apps/x509.c index 18e13e7..2fd92f4 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -913,16 +913,6 @@ int x509_main(int argc, char **argv) i = PEM_write_bio_X509_AUX(out, x); else i = PEM_write_bio_X509(out, x); - } else if (outformat == FORMAT_NETSCAPE) { - NETSCAPE_X509 nx; - ASN1_OCTET_STRING hdr; - - hdr.data = (unsigned char *)NETSCAPE_CERT_HDR; - hdr.length = strlen(NETSCAPE_CERT_HDR); - nx.header = &hdr; - nx.cert = x; - - i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx); } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 66b0ef2..a566dfa 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -20,7 +20,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \ x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ tasn_prn.c tasn_scn.c ameth_lib.c \ @@ -34,7 +34,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \ x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ + d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ tasn_prn.o tasn_scn.o ameth_lib.o \ @@ -793,18 +793,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_long.o: ../include/internal/cryptlib.h x_long.c -x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index b7fbd9d..5dfd21b 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -169,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, - {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, - {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, @@ -182,7 +180,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, - {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 1b8c4c0..0c9c4c4 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -102,237 +102,6 @@ DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify)) -{ - return i2d_RSA_NET(a, pp, cb, 0); -} - -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - int i, j, ret = 0; - int rsalen, pkeylen, olen; - NETSCAPE_PKEY *pkey = NULL; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - unsigned char buf[256], *zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - if (a == NULL) - return (0); - - if ((pkey = NETSCAPE_PKEY_new()) == NULL) - goto err; - if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) - goto err; - pkey->version = 0; - - pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); - if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) - goto err; - pkey->algor->parameter->type = V_ASN1_NULL; - - rsalen = i2d_RSAPrivateKey(a, NULL); - - /* - * Fake some octet strings just for the initial length calculation. - */ - - pkey->private_key->length = rsalen; - - pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); - - enckey->enckey->digest->length = pkeylen; - - enckey->os->length = 11; /* "private-key" */ - - enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); - if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) - goto err; - enckey->enckey->algor->parameter->type = V_ASN1_NULL; - - if (pp == NULL) { - olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); - NETSCAPE_PKEY_free(pkey); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return olen; - } - - /* Since its RC4 encrypted length is actual length */ - if ((zz = OPENSSL_malloc(rsalen)) == NULL) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - - pkey->private_key->data = zz; - /* Write out private key encoding */ - i2d_RSAPrivateKey(a, &zz); - - if ((zz = OPENSSL_malloc(pkeylen)) == NULL) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - enckey->enckey->digest->data = zz; - i2d_NETSCAPE_PKEY(pkey, &zz); - - /* Wipe the private key encoding */ - OPENSSL_cleanse(pkey->private_key->data, rsalen); - - if (cb == NULL) - cb = EVP_read_pw_string; - i = cb((char *)buf, 256, "Enter Private Key password:", 1); - if (i != 0) { - ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); - goto err; - } - i = strlen((char *)buf); - /* If the key is used for SGC the algorithm is modified a little. */ - if (sgckey) { - if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) - goto err; - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) - goto err; - OPENSSL_cleanse(buf, 256); - - /* Encrypt private key in place */ - zz = enckey->enckey->digest->data; - if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) - goto err; - if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen)) - goto err; - if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j)) - goto err; - - ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); - err: - EVP_CIPHER_CTX_cleanup(&ctx); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - NETSCAPE_PKEY_free(pkey); - return (ret); -} - -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify)) -{ - return d2i_RSA_NET(a, pp, length, cb, 0); -} - -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - RSA *ret = NULL; - const unsigned char *p; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - - p = *pp; - - enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); - if (!enckey) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR); - return NULL; - } - - if ((enckey->os->length != 11) || (strncmp("private-key", - (char *)enckey->os->data, - 11) != 0)) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return NULL; - } - if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); - goto err; - } - if (cb == NULL) - cb = EVP_read_pw_string; - if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) - goto err; - - *pp = p; - - err: - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return ret; - -} - -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - NETSCAPE_PKEY *pkey = NULL; - RSA *ret = NULL; - int i, j; - unsigned char buf[256]; - const unsigned char *zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - i = cb((char *)buf, 256, "Enter Private Key password:", 0); - if (i != 0) { - ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); - goto err; - } - - i = strlen((char *)buf); - if (sgckey) { - if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) - goto err; - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) - goto err; - OPENSSL_cleanse(buf, 256); - - if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) - goto err; - if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length)) - goto err; - if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j)) - goto err; - os->length = i + j; - - zz = os->data; - - if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { - ASN1err(ASN1_F_D2I_RSA_NET_2, - ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); - goto err; - } - - zz = pkey->private_key->data; - if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) { - ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY); - goto err; - } - err: - EVP_CIPHER_CTX_cleanup(&ctx); - NETSCAPE_PKEY_free(pkey); - return (ret); -} - # endif /* OPENSSL_NO_RC4 */ #else /* !OPENSSL_NO_RSA */ diff --git a/crypto/asn1/x_nx509.c b/crypto/asn1/x_nx509.c deleted file mode 100644 index 5aa0ed5..0000000 --- a/crypto/asn1/x_nx509.c +++ /dev/null @@ -1,72 +0,0 @@ -/* x_nx509.c */ -/* - * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project - * 2005. - */ -/* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#include -#include -#include -#include - -/* Old netscape certificate wrapper format */ - -ASN1_SEQUENCE(NETSCAPE_X509) = { - ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING), - ASN1_OPT(NETSCAPE_X509, cert, X509) -} ASN1_SEQUENCE_END(NETSCAPE_X509) - -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 5a2694d..f668c1c 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -308,7 +308,7 @@ $ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ - "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ - - "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr" + "d2i_pu,d2i_pr,i2d_pu,i2d_pr" $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - "tasn_prn,tasn_scn,ameth_lib,"+ - diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index 26b327c..d1e6788 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -118,14 +118,12 @@ following PKIX, NS and MS values are meaningful: msCodeInd Microsoft Individual Code Signing (authenticode) msCodeCom Microsoft Commercial Code Signing (authenticode) msCTLSign Microsoft Trust List Signing - msSGC Microsoft Server Gated Crypto msEFS Microsoft Encrypted File System - nsSGC Netscape Server Gated Crypto Examples: extendedKeyUsage=critical,codeSigning,1.2.3.4 - extendedKeyUsage=nsSGC,msSGC + extendedKeyUsage=serverAuth,clientAuth =head2 Subject Key Identifier. diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 06ee036..5b3b7d3 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -509,11 +509,6 @@ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) -typedef struct NETSCAPE_X509_st { - ASN1_OCTET_STRING *header; - X509 *cert; -} NETSCAPE_X509; - /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { int bitnum; @@ -797,8 +792,6 @@ const char *ASN1_tag2str(int tag); /* Used to load and write netscape format cert */ -DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); @@ -1014,8 +1007,6 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_NETSCAPE_RSA_2 153 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 -# define ASN1_F_D2I_RSA_NET 200 -# define ASN1_F_D2I_RSA_NET_2 201 # define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_PKEY 159 @@ -1027,7 +1018,6 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_I2D_EC_PUBKEY 181 # define ASN1_F_I2D_PRIVATEKEY 163 # define ASN1_F_I2D_PUBLICKEY 164 -# define ASN1_F_I2D_RSA_NET 162 # define ASN1_F_I2D_RSA_PUBKEY 165 # define ASN1_F_LONG_C2I 166 # define ASN1_F_OID_MODULE_INIT 174 diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 727b9df..9abb2a1 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -396,22 +396,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset); int RSA_print(BIO *bp, const RSA *r, int offset); -# ifndef OPENSSL_NO_RC4 -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify)); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify)); -# endif - /* * The following 2 functions sign and verify a X509_SIG ASN1 object inside * PKCS#1 padded RSA encryption diff --git a/test/tx509 b/test/tx509 index 3185ce1..dc9abc6 100644 --- a/test/tx509 +++ b/test/tx509 @@ -13,42 +13,24 @@ cp $t x509-fff.p echo "p -> d" $cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1 -echo "p -> n" -$cmd -in x509-fff.p -inform p -outform n >x509-f.n || exit 1 echo "p -> p" $cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1 echo "d -> d" $cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1 -echo "n -> d" -$cmd -in x509-f.n -inform n -outform d >x509-ff.d2 || exit 1 echo "p -> d" $cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1 -echo "d -> n" -$cmd -in x509-f.d -inform d -outform n >x509-ff.n1 || exit 1 -echo "n -> n" -$cmd -in x509-f.n -inform n -outform n >x509-ff.n2 || exit 1 -echo "p -> n" -$cmd -in x509-f.p -inform p -outform n >x509-ff.n3 || exit 1 - echo "d -> p" $cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1 -echo "n -> p" -$cmd -in x509-f.n -inform n -outform p >x509-ff.p2 || exit 1 echo "p -> p" $cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1 cmp x509-fff.p x509-f.p || exit 1 cmp x509-fff.p x509-ff.p1 || exit 1 -cmp x509-fff.p x509-ff.p2 || exit 1 cmp x509-fff.p x509-ff.p3 || exit 1 -cmp x509-f.n x509-ff.n1 || exit 1 -cmp x509-f.n x509-ff.n2 || exit 1 -cmp x509-f.n x509-ff.n3 || exit 1 cmp x509-f.p x509-ff.p1 || exit 1 -cmp x509-f.p x509-ff.p2 || exit 1 cmp x509-f.p x509-ff.p3 || exit 1 /bin/rm -f x509-f.* x509-ff.* x509-fff.* diff --git a/util/libeay.num b/util/libeay.num index 4d3642f..731db22 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA d2i_DSAparams 732 EXIST::FUNCTION:DSA d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION: -d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA +d2i_Netscape_RSA 735 NOEXIST::FUNCTION: d2i_PKCS7 736 EXIST::FUNCTION: d2i_PKCS7_DIGEST 737 EXIST::FUNCTION: d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION: @@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA i2d_DSAparams 835 EXIST::FUNCTION:DSA i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION: -i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA +i2d_Netscape_RSA 838 NOEXIST::FUNCTION: i2d_PKCS7 839 EXIST::FUNCTION: i2d_PKCS7_DIGEST 840 EXIST::FUNCTION: i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION: @@ -1816,9 +1816,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION: X509_REQ_get1_email 2403 EXIST::FUNCTION: X509_get1_email 2404 EXIST::FUNCTION: X509_email_free 2405 EXIST::FUNCTION: -i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA +i2d_RSA_NET 2406 NOEXIST::FUNCTION: d2i_RSA_NET_2 2407 NOEXIST::FUNCTION: -d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA +d2i_RSA_NET 2408 NOEXIST::FUNCTION: DSO_bind_func 2409 EXIST::FUNCTION: CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION: sk_new_null 2411 EXIST::FUNCTION: @@ -3796,7 +3796,7 @@ CRYPTO_THREADID_cmp 4176 EXIST::FUNCTION: TS_REQ_ext_free 4177 EXIST::FUNCTION: EVP_PKEY_asn1_set_free 4178 EXIST::FUNCTION: EVP_PKEY_get0_asn1 4179 EXIST::FUNCTION: -d2i_NETSCAPE_X509 4180 EXIST::FUNCTION: +d2i_NETSCAPE_X509 4180 NOEXIST::FUNCTION: EVP_PKEY_verify_recover_init 4181 EXIST::FUNCTION: EVP_PKEY_CTX_set_data 4182 EXIST::FUNCTION: EVP_PKEY_keygen_init 4183 EXIST::FUNCTION: @@ -3864,7 +3864,7 @@ ASN1_PCTX_get_nm_flags 4242 EXIST::FUNCTION: EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION: CRYPTO_THREADID_current 4244 EXIST::FUNCTION: EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION: -NETSCAPE_X509_free 4246 EXIST::FUNCTION: +NETSCAPE_X509_free 4246 NOEXIST::FUNCTION: i2b_PVK_bio 4247 EXIST::FUNCTION:RC4 EVP_PKEY_print_private 4248 EXIST::FUNCTION: GENERAL_NAME_get0_value 4249 EXIST::FUNCTION: @@ -3994,8 +3994,8 @@ WHIRLPOOL_Final 4370 EXIST::FUNCTION:WHIRLPOOL X509_CRL_METHOD_new 4371 EXIST::FUNCTION: EVP_DigestSignFinal 4372 EXIST::FUNCTION: TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION: -NETSCAPE_X509_it 4374 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_X509_it 4374 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NETSCAPE_X509_it 4374 NOEXIST::FUNCTION: +NETSCAPE_X509_it 4374 NOEXIST::FUNCTION: TS_RESP_create_response 4375 EXIST::FUNCTION: PKCS7_SIGNER_INFO_get0_algs 4376 EXIST::FUNCTION: TS_TST_INFO_get_nonce 4377 EXIST::FUNCTION: @@ -4046,7 +4046,7 @@ TS_REQ_get_ext_d2i 4420 EXIST::FUNCTION: GENERAL_NAME_set0_othername 4421 EXIST::FUNCTION: TS_TST_INFO_get_ext_count 4422 EXIST::FUNCTION: TS_RESP_CTX_get_request 4423 EXIST::FUNCTION: -i2d_NETSCAPE_X509 4424 EXIST::FUNCTION: +i2d_NETSCAPE_X509 4424 NOEXIST::FUNCTION: ENGINE_get_pkey_meth_engine 4425 EXIST::FUNCTION:ENGINE EVP_PKEY_meth_set_signctx 4426 EXIST::FUNCTION: EVP_PKEY_asn1_copy 4427 EXIST::FUNCTION: @@ -4109,7 +4109,7 @@ PKCS7_stream 4481 EXIST::FUNCTION: TS_RESP_CTX_set_certs 4482 EXIST::FUNCTION: TS_CONF_set_def_policy 4483 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_adj 4484 EXIST::FUNCTION: -NETSCAPE_X509_new 4485 EXIST::FUNCTION: +NETSCAPE_X509_new 4485 NOEXIST::FUNCTION: TS_ACCURACY_free 4486 EXIST::FUNCTION: TS_RESP_get_tst_info 4487 EXIST::FUNCTION: EVP_PKEY_derive_set_peer 4488 EXIST::FUNCTION: From steve at openssl.org Sat Jul 18 13:07:47 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 18 Jul 2015 13:07:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437224867.643264.2817.nullmailer@dev.openssl.org> The branch master has been updated via f7d5348710ad4f26a97458b102f0c2854e4a0520 (commit) from 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a (commit) - Log ----------------------------------------------------------------- commit f7d5348710ad4f26a97458b102f0c2854e4a0520 Author: Dr. Stephen Henson Date: Tue Jul 14 23:19:11 2015 +0100 Use uint32_t consistently for flags. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/ssl_conf.c | 4 ++-- ssl/ssl_lib.c | 2 +- ssl/ssl_locl.h | 26 +++++++++++++------------- ssl/t1_lib.c | 4 ++-- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 65ff021..819e730 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -124,11 +124,11 @@ struct ssl_conf_ctx_st { SSL_CTX *ctx; SSL *ssl; /* Pointer to SSL or SSL_CTX options field or NULL if none */ - unsigned long *poptions; + uint32_t *poptions; /* Certificate filenames for each type */ char *cert_filename[SSL_PKEY_NUM]; /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */ - unsigned int *pcert_flags; + uint32_t *pcert_flags; /* Current flag table being worked on */ const ssl_flag_tbl *tbl; /* Size of table */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ceba30f..d20d95b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1937,7 +1937,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; CERT *c = s->cert; - int *pvalid = s->s3->tmp.valid_flags; + uint32_t *pvalid = s->s3->tmp.valid_flags; int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; int rsa_enc_export, dh_rsa_export, dh_dsa_export; int rsa_tmp_export, dh_tmp_export, kl; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 3507d9a..2672918 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -662,7 +662,7 @@ struct ssl_session_st { # ifndef OPENSSL_NO_SRP char *srp_username; # endif - long flags; + uint32_t flags; }; /* Extended master secret support */ @@ -720,7 +720,7 @@ struct ssl_ctx_st { * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which * means only SSL_accept which cache SSL_SESSIONS. */ - int session_cache_mode; + uint32_t session_cache_mode; /* * If timeout is not 0, it is the default timeout value set when * SSL_new() is called. This has been put in to make life easier to set @@ -806,8 +806,8 @@ struct ssl_ctx_st { * SSL_new) */ - unsigned long options; - unsigned long mode; + uint32_t options; + uint32_t mode; long max_cert_list; struct cert_st /* CERT */ *cert; @@ -818,7 +818,7 @@ struct ssl_ctx_st { const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; - int verify_mode; + uint32_t verify_mode; unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* called 'verify_callback' in the SSL */ @@ -1019,7 +1019,7 @@ struct ssl_st { * These are the ones being used, the ones in SSL_SESSION are the ones to * be 'copied' into these ones */ - int mac_flags; + uint32_t mac_flags; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ EVP_MD_CTX *read_hash; /* used for mac generation */ COMP_CTX *compress; /* compression */ @@ -1045,7 +1045,7 @@ struct ssl_st { * 0 don't care about verify failure. * 1 fail if verify fails */ - int verify_mode; + uint32_t verify_mode; /* fail if callback returns 0 */ int (*verify_callback) (int ok, X509_STORE_CTX *ctx); /* optional informational callback */ @@ -1077,9 +1077,9 @@ struct ssl_st { STACK_OF(X509_NAME) *client_CA; int references; /* protocol behaviour */ - unsigned long options; + uint32_t options; /* API behaviour */ - unsigned long mode; + uint32_t mode; long max_cert_list; int first_packet; /* what was passed, used for SSLv3/TLS rollback check */ @@ -1287,7 +1287,7 @@ typedef struct ssl3_state_st { * SSL session: e.g. appropriate curve, signature algorithms etc. * If zero it can't be used at all. */ - int valid_flags[SSL_PKEY_NUM]; + uint32_t valid_flags[SSL_PKEY_NUM]; /* * For servers the following masks are for the key and auth algorithms * that are supported by the certs below. For clients they are masks of @@ -1475,7 +1475,7 @@ typedef struct { * Per-connection flags relating to this extension type: not used if * part of an SSL_CTX structure. */ - unsigned short ext_flags; + uint32_t ext_flags; custom_ext_add_cb add_cb; custom_ext_free_cb free_cb; void *add_arg; @@ -1526,7 +1526,7 @@ typedef struct cert_st { int ecdh_tmp_auto; # endif /* Flags related to certificates */ - unsigned int cert_flags; + uint32_t cert_flags; CERT_PKEY pkeys[SSL_PKEY_NUM]; /* * Certificate types (received or sent) in certificate request message. @@ -1656,7 +1656,7 @@ typedef struct ssl3_enc_method { const unsigned char *, size_t, int use_context); /* Various flags indicating protocol version requirements */ - unsigned int enc_flags; + uint32_t enc_flags; /* Handshake header length */ unsigned int hhlen; /* Set the handshake header */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 402047a..f08eb84 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3459,7 +3459,7 @@ int tls1_process_sigalgs(SSL *s) size_t i; const EVP_MD *md; const EVP_MD **pmd = s->s3->tmp.md; - int *pvalid = s->s3->tmp.valid_flags; + uint32_t *pvalid = s->s3->tmp.valid_flags; CERT *c = s->cert; TLS_SIGALGS *sigptr; if (!tls1_set_shared_sigalgs(s)) @@ -3890,7 +3890,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int check_flags = 0, strict_mode; CERT_PKEY *cpk = NULL; CERT *c = s->cert; - int *pvalid; + uint32_t *pvalid; unsigned int suiteb_flags = tls1_suiteb(s); /* idx == -1 means checking server chains */ if (idx != -1) { From rsalz at openssl.org Mon Jul 20 05:20:08 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 20 Jul 2015 05:20:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437369608.473983.5201.nullmailer@dev.openssl.org> The branch master has been updated via 7e5363abe3c00d9db037f464f3c121e194bb5bb6 (commit) from f7d5348710ad4f26a97458b102f0c2854e4a0520 (commit) - Log ----------------------------------------------------------------- commit 7e5363abe3c00d9db037f464f3c121e194bb5bb6 Author: Rich Salz Date: Fri Apr 24 16:33:34 2015 -0400 Rewrite crypto/ex_data Removed ability to set ex_data impl at runtime. This removed these three functions: const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); int CRYPTO_ex_data_new_class(void); It is no longer possible to change the ex_data implementation at runtime. (Luckily those functions were never documented :) Also removed the ability to add new exdata "classes." We don't believe this received much (if any) use, since you can't add it to OpenSSL objects, and there are probably better (native) methods for developers to add their own extensible data, if they really need that. Replaced the internal hash table (of per-"class" stacks) with a simple indexed array. Reserved an index for "app" application. Each API used to take the lock twice; now it only locks once. Use local stack storage for function pointers, rather than malloc, if possible (i.e., number of ex_data items is under a dozen). Make CRYPTO_EX_DATA_FUNCS opaque/internal. Also fixes RT3710; index zero is reserved. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/cpt_err.c | 5 +- crypto/engine/eng_dyn.c | 1 - crypto/ex_data.c | 541 +++++++++++++------------------------------- include/openssl/crypto.h | 45 +--- include/openssl/engine.h | 3 - include/openssl/safestack.h | 18 -- include/openssl/symhacks.h | 6 - util/libeay.num | 10 +- 8 files changed, 172 insertions(+), 457 deletions(-) diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index a513838..1f9a824 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -1,6 +1,6 @@ /* crypto/cpt_err.c */ /* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,9 +70,12 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) static ERR_STRING_DATA CRYPTO_str_functs[] = { + {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"}, + {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"}, {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, + {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"}, {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 06a7018..ae7d1d0 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -512,7 +512,6 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * would also increase opaqueness. */ fns.static_state = ENGINE_get_static_state(); - fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb); fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); diff --git a/crypto/ex_data.c b/crypto/ex_data.c index bf5cf29..62d03bb 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -1,33 +1,3 @@ -/* crypto/ex_data.c */ - -/* - * Overhaul notes; - * - * This code is now *mostly* thread-safe. It is now easier to understand in what - * ways it is safe and in what ways it is not, which is an improvement. Firstly, - * all per-class stacks and index-counters for ex_data are stored in the same - * global LHASH table (keyed by class). This hash table uses locking for all - * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be - * called when no other threads can possibly race against it (even if it was - * locked, the race would mean it's possible the hash table might have been - * recreated after the cleanup). As classes can only be added to the hash table, - * and within each class, the stack of methods can only be incremented, the - * locking mechanics are simpler than they would otherwise be. For example, the - * new/dup/free ex_data functions will lock the hash table, copy the method - * pointers it needs from the relevant class, then unlock the hash table before - * actually applying those method pointers to the task of the new/dup/free - * operations. As they can't be removed from the method-stack, only - * supplemented, there's no race conditions associated with using them outside - * the lock. The get/set_ex_data functions are not locked because they do not - * involve this global state at all - they operate directly with a previously - * obtained per-class method index and a particular "ex_data" variable. These - * variables are usually instantiated per-context (eg. each RSA structure has - * one) so locking on read/write access to that variable can be locked locally - * if required (eg. using the "RSA" lock to synchronise access to a - * per-RSA-structure ex_data variable if required). - * [Geoff] - */ - /* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) * All rights reserved. * @@ -141,300 +111,150 @@ #include "internal/cryptlib.h" #include -/* What an "implementation of ex_data functionality" looks like */ -struct st_CRYPTO_EX_DATA_IMPL { - /*********************/ - /* GLOBAL OPERATIONS */ - /* Return a new class index */ - int (*cb_new_class) (void); - /* Cleanup all state used by the implementation */ - void (*cb_cleanup) (void); - /************************/ - /* PER-CLASS OPERATIONS */ - /* Get a new method index within a class */ - int (*cb_get_new_index) (int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - /* Initialise a new CRYPTO_EX_DATA of a given class */ - int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); - /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ - int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from); - /* Cleanup a CRYPTO_EX_DATA of a given class */ - void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); -}; - -/* The implementation we use at run-time */ -static const CRYPTO_EX_DATA_IMPL *impl = NULL; -/* - * To call "impl" functions, use this macro rather than referring to 'impl' - * directly, eg. EX_IMPL(get_new_index)(...); - */ -#define EX_IMPL(a) impl->cb_##a - -/* Predeclare the "default" ex_data implementation */ -static int int_new_class(void); -static void int_cleanup(void); -static int int_get_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); -static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); -static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from); -static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); -static CRYPTO_EX_DATA_IMPL impl_default = { - int_new_class, - int_cleanup, - int_get_new_index, - int_new_ex_data, - int_dup_ex_data, - int_free_ex_data -}; +typedef struct { + long argl; /* Arbitary long */ + void *argp; /* Arbitary void * */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; +} CRYPTO_EX_DATA_FUNCS; -/* - * Internal function that checks whether "impl" is set and if not, sets it to - * the default. - */ -static void impl_check(void) -{ - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if (!impl) - impl = &impl_default; - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); -} +DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) /* - * A macro wrapper for impl_check that first uses a non-locked test before - * invoking the function (which checks again inside a lock). + * State for each class; could just be a typedef, but this allows future + * changes. */ -#define IMPL_CHECK if(!impl) impl_check(); - -/* API functions to get/set the "ex_data" implementation */ -const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) -{ - IMPL_CHECK return impl; -} - -int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) -{ - int toret = 0; - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if (!impl) { - impl = i; - toret = 1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return toret; -} - -/****************************************************************************/ -/* - * Interal (default) implementation of "ex_data" support. API functions are - * further down. - */ - -/* - * The type that represents what each "class" used to implement locally. A - * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is - * the global value representing the class that is used to distinguish these - * items. - */ -typedef struct st_ex_class_item { - int class_index; +typedef struct { STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; - int meth_num; } EX_CLASS_ITEM; -/* When assigning new class indexes, this is our counter */ -static int ex_class = CRYPTO_EX_INDEX_USER; - -/* The global hash table of EX_CLASS_ITEM items */ -DECLARE_LHASH_OF(EX_CLASS_ITEM); -static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL; - -/* The callbacks required in the "ex_data" hash table */ -static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a) -{ - return a->class_index; -} - -static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM) - -static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b) -{ - return a->class_index - b->class_index; -} - -static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM) +static EX_CLASS_ITEM ex_data[CRYPTO_EX_INDEX__COUNT]; /* - * Internal functions used by the "impl_default" implementation to access the - * state + * Return the EX_CLASS_ITEM from the "ex_data" array that corresponds to + * a given class. On success, *holds the lock.* */ -static int ex_data_check(void) +static EX_CLASS_ITEM *def_get_class(int class_index) { - int toret = 1; + EX_CLASS_ITEM *ip; + + if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) { + CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); + return NULL; + } + + ip = &ex_data[class_index]; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if (!ex_data && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL) - toret = 0; - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return toret; + if (ip->meth == NULL) { + ip->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); + /* We push an initial value on the stack because the SSL + * "app_data" routines use ex_data index zero. See RT 3710. */ + if (ip->meth == NULL + || !sk_CRYPTO_EX_DATA_FUNCS_push(ip->meth, NULL)) { + CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); + CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); + return NULL; + } + } + return ip; } -/* - * This macros helps reduce the locking from repeated checks because the - * ex_data_check() function checks ex_data again inside a lock. - */ -#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail} - -/* This "inner" callback is used by the callback function that follows it */ -static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) +static void cleanup_cb(CRYPTO_EX_DATA_FUNCS *funcs) { OPENSSL_free(funcs); } /* - * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from - * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't - * do any locking. + * Release all "ex_data" state to prevent memory leaks. This can't be made + * thread-safe without overhauling a lot of stuff, and shouldn't really be + * called under potential race-conditions anyway (it's for program shutdown + * after all). */ -static void def_cleanup_cb(void *a_void) +void CRYPTO_cleanup_all_ex_data(void) { - EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; - sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); - OPENSSL_free(item); -} + int i; -/* - * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to - * a given class. Handles locking. - */ -static EX_CLASS_ITEM *def_get_class(int class_index) -{ - EX_CLASS_ITEM d, *p, *gen; - EX_DATA_CHECK(return NULL;) - d.class_index = class_index; - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); - if (!p) { - gen = OPENSSL_malloc(sizeof(*gen)); - if (gen) { - gen->class_index = class_index; - gen->meth_num = 0; - gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); - if (!gen->meth) - OPENSSL_free(gen); - else { - /* - * Because we're inside the ex_data lock, the return value - * from the insert will be NULL - */ - (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); - p = gen; - } - } + for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) { + EX_CLASS_ITEM *ip = &ex_data[i]; + + sk_CRYPTO_EX_DATA_FUNCS_pop_free(ip->meth, cleanup_cb); + ip->meth = NULL; } - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - if (!p) - CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); - return p; } /* - * Add a new method to the given EX_CLASS_ITEM and return the corresponding - * index (or -1 for error). Handles locking. + * Inside an existing class, get/register a new index. */ -static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) +int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func) { int toret = -1; - CRYPTO_EX_DATA_FUNCS *a = OPENSSL_malloc(sizeof(*a)); - if (!a) { - CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); + CRYPTO_EX_DATA_FUNCS *a; + EX_CLASS_ITEM *ip = def_get_class(class_index); + + if (!ip) return -1; + a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(*a)); + if (!a) { + CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); + goto err; } a->argl = argl; a->argp = argp; a->new_func = new_func; a->dup_func = dup_func; a->free_func = free_func; - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) { - if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) { - CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); - OPENSSL_free(a); - goto err; - } - } - toret = item->meth_num++; - (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); - err: - CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - return toret; -} -/**************************************************************/ -/* The functions in the default CRYPTO_EX_DATA_IMPL structure */ + if (!sk_CRYPTO_EX_DATA_FUNCS_push(ip->meth, NULL)) { + CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); + OPENSSL_free(a); + goto err; + } + toret = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth) - 1; + (void)sk_CRYPTO_EX_DATA_FUNCS_set(ip->meth, toret, a); -static int int_new_class(void) -{ - int toret; - CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - toret = ex_class++; + err: CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return toret; } -static void int_cleanup(void) -{ - EX_DATA_CHECK(return;) - lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb); - lh_EX_CLASS_ITEM_free(ex_data); - ex_data = NULL; - impl = NULL; -} - -static int int_get_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - EX_CLASS_ITEM *item = def_get_class(class_index); - if (!item) - return -1; - return def_add_index(item, argl, argp, new_func, dup_func, free_func); -} - /* + * Initialise a new CRYPTO_EX_DATA for use in a particular class - including + * calling new() callbacks for each index in the class used by this variable * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries - * in the lock, then using them outside the lock. NB: Thread-safety only - * applies to the global "ex_data" state (ie. class definitions), not - * thread-safe on 'ad' itself. + * in the lock, then using them outside the lock. Note this only applies + * to the global "ex_data" state (ie. class definitions), not 'ad' itself. */ -static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) { int mx, i; void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; - EX_CLASS_ITEM *item = def_get_class(class_index); - if (!item) - /* error is already set */ + CRYPTO_EX_DATA_FUNCS *stack[10]; + EX_CLASS_ITEM *ip = def_get_class(class_index); + + if (!ip) return 0; + ad->sk = NULL; - CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); - mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); + + mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth); if (mx > 0) { - storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); - if (!storage) - goto skip; - for (i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); + if (mx < (int)OSSL_NELEM(stack)) + storage = stack; + else + storage = OPENSSL_malloc(sizeof(*storage) * mx); + if (storage) + for (i = 0; i < mx; i++) + storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); } - skip: - CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if ((mx > 0) && !storage) { - CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); + CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); + + if (mx > 0 && storage == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); return 0; } for (i = 0; i < mx; i++) { @@ -444,41 +264,50 @@ static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage[i]->argl, storage[i]->argp); } } - OPENSSL_free(storage); + if (storage != stack) + OPENSSL_free(storage); return 1; } -/* Same thread-safety notes as for "int_new_ex_data" */ -static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from) +/* + * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks + * for each index in the class used by this variable + */ +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + CRYPTO_EX_DATA *from) { int mx, j, i; char *ptr; + CRYPTO_EX_DATA_FUNCS *stack[10]; CRYPTO_EX_DATA_FUNCS **storage = NULL; - EX_CLASS_ITEM *item; - if (!from->sk) - /* 'to' should be "blank" which *is* just like 'from' */ + EX_CLASS_ITEM *ip; + + if (from->sk == NULL) + /* Nothing to copy over */ return 1; - if ((item = def_get_class(class_index)) == NULL) + if ((ip = def_get_class(class_index)) == NULL) return 0; - CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); - mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); + + mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth); j = sk_void_num(from->sk); if (j < mx) mx = j; if (mx > 0) { - storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); - if (!storage) - goto skip; - for (i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); + if (mx < (int)OSSL_NELEM(stack)) + storage = stack; + else + storage = OPENSSL_malloc(sizeof(*storage) * mx); + if (storage) + for (i = 0; i < mx; i++) + storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); } - skip: - CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if ((mx > 0) && !storage) { - CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); + CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); + + if (mx > 0 && storage == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); return 0; } + for (i = 0; i < mx; i++) { ptr = CRYPTO_get_ex_data(from, i); if (storage[i] && storage[i]->dup_func) @@ -486,34 +315,41 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, storage[i]->argl, storage[i]->argp); CRYPTO_set_ex_data(to, i, ptr); } - OPENSSL_free(storage); + if (storage != stack) + OPENSSL_free(storage); return 1; } -/* Same thread-safety notes as for "int_new_ex_data" */ -static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) + +/* + * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for + * each index in the class used by this variable + */ +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) { int mx, i; - EX_CLASS_ITEM *item; + EX_CLASS_ITEM *ip; void *ptr; + CRYPTO_EX_DATA_FUNCS *stack[10]; CRYPTO_EX_DATA_FUNCS **storage = NULL; - if (ex_data == NULL) - return; - if ((item = def_get_class(class_index)) == NULL) + + if ((ip = def_get_class(class_index)) == NULL) return; - CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); - mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); + + mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth); if (mx > 0) { - storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); - if (!storage) - goto skip; - for (i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); + if (mx < (int)OSSL_NELEM(stack)) + storage = stack; + else + storage = OPENSSL_malloc(sizeof(*storage) * mx); + if (storage) + for (i = 0; i < mx; i++) + storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); } - skip: - CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if ((mx > 0) && !storage) { - CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); + CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); + + if (mx > 0 && storage == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); return; } for (i = 0; i < mx; i++) { @@ -523,79 +359,13 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage[i]->argl, storage[i]->argp); } } - OPENSSL_free(storage); + + if (storage != stack) + OPENSSL_free(storage); sk_void_free(ad->sk); ad->sk = NULL; } -/********************************************************************/ -/* - * API functions that defer all "state" operations to the "ex_data" - * implementation we have set. - */ - -/* - * Obtain an index for a new class (not the same as getting a new index - * within an existing class - this is actually getting a new *class*) - */ -int CRYPTO_ex_data_new_class(void) -{ - IMPL_CHECK return EX_IMPL(new_class) (); -} - -/* - * Release all "ex_data" state to prevent memory leaks. This can't be made - * thread-safe without overhauling a lot of stuff, and shouldn't really be - * called under potential race-conditions anyway (it's for program shutdown - * after all). - */ -void CRYPTO_cleanup_all_ex_data(void) -{ - IMPL_CHECK EX_IMPL(cleanup) (); -} - -/* Inside an existing class, get/register a new index. */ -int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - int ret = -1; - - IMPL_CHECK - ret = EX_IMPL(get_new_index) (class_index, - argl, argp, new_func, dup_func, - free_func); - return ret; -} - -/* - * Initialise a new CRYPTO_EX_DATA for use in a particular class - including - * calling new() callbacks for each index in the class used by this variable - */ -int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -{ - IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad); -} - -/* - * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks - * for each index in the class used by this variable - */ -int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from) -{ - IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from); -} - -/* - * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for - * each index in the class used by this variable - */ -void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -{ - IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad); -} - /* * For a given CRYPTO_EX_DATA variable, set the value corresponding to a * particular index in the class used by this variable @@ -607,20 +377,18 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) if (ad->sk == NULL) { if ((ad->sk = sk_void_new_null()) == NULL) { CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } } - i = sk_void_num(ad->sk); - while (i <= idx) { + for (i = sk_void_num(ad->sk); i <= idx; ++i) { if (!sk_void_push(ad->sk, NULL)) { CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } - i++; } sk_void_set(ad->sk, idx, val); - return (1); + return 1; } /* @@ -629,10 +397,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) */ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) { - if (ad->sk == NULL) - return (0); - else if (idx >= sk_void_num(ad->sk)) - return (0); - else - return (sk_void_value(ad->sk, idx)); + if (ad->sk == NULL || idx >= sk_void_num(ad->sk)) + return NULL; + return sk_void_value(ad->sk, idx); } diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 1bda645..faaf1d5 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -284,25 +284,9 @@ struct crypto_ex_data_st { DECLARE_STACK_OF(void) /* - * This stuff is basically class callback functions The current classes are - * SSL_CTX, SSL, SSL_SESSION, and a few more - */ - -typedef struct crypto_ex_data_func_st { - long argl; /* Arbitary long */ - void *argp; /* Arbitary void * */ - CRYPTO_EX_new *new_func; - CRYPTO_EX_free *free_func; - CRYPTO_EX_dup *dup_func; -} CRYPTO_EX_DATA_FUNCS; - -DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) - -/* * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA * entry. */ - # define CRYPTO_EX_INDEX_BIO 0 # define CRYPTO_EX_INDEX_SSL 1 # define CRYPTO_EX_INDEX_SSL_CTX 2 @@ -319,12 +303,8 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) # define CRYPTO_EX_INDEX_ECDH 13 # define CRYPTO_EX_INDEX_COMP 14 # define CRYPTO_EX_INDEX_STORE 15 - -/* - * Dynamically assigned indexes start from this value (don't use directly, - * use via CRYPTO_ex_data_new_class). - */ -# define CRYPTO_EX_INDEX_USER 100 +# define CRYPTO_EX_INDEX_APP 16 +# define CRYPTO_EX_INDEX__COUNT 17 /* * This is the default callbacks, but we can have others as well: this is @@ -386,14 +366,6 @@ unsigned long SSLeay(void); int OPENSSL_issetugid(void); -/* An opaque type representing an implementation of "ex_data" support */ -typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; -/* Return an opaque pointer to the current "ex_data" implementation */ -const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); -/* Sets the "ex_data" implementation to be used (if it's not too late) */ -int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); -/* Get a new "ex_data" class, and return the corresponding "class_index" */ -int CRYPTO_ex_data_new_class(void); /* Within a given class, get/register a new index */ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, @@ -611,6 +583,11 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + /* * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. * It takes an amount of time dependent on |len|, but independent of the @@ -627,17 +604,15 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len); */ void ERR_load_CRYPTO_strings(void); -struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); -int OPENSSL_gmtime_diff(int *pday, int *psec, - const struct tm *from, const struct tm *to); - /* Error codes for the CRYPTO functions. */ /* Function codes. */ +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 # define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 # define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 # define CRYPTO_F_DEF_ADD_INDEX 104 # define CRYPTO_F_DEF_GET_CLASS 105 diff --git a/include/openssl/engine.h b/include/openssl/engine.h index fa1d694..c228487 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -776,7 +776,6 @@ typedef struct st_dynamic_LOCK_fns { /* The top-level structure */ typedef struct st_dynamic_fns { void *static_state; - const CRYPTO_EX_DATA_IMPL *ex_data_fns; dynamic_MEM_fns mem_fns; dynamic_LOCK_fns lock_fns; } dynamic_fns; @@ -834,8 +833,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ - if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ - return 0; \ skip_cbs: \ if(!fn(e,id)) return 0; \ return 1; } diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index e138bfc..785bec6 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -2251,24 +2251,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) # define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) -# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) -# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) -# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) -# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) -# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) -# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) -# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) -# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) -# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) -# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) -# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) -# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ - LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) -# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) - # define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) # define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) # define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h index 9785685..3253df8 100644 --- a/include/openssl/symhacks.h +++ b/include/openssl/symhacks.h @@ -71,12 +71,6 @@ */ # ifdef OPENSSL_SYS_VMS -/* Hack a long name in crypto/ex_data.c */ -# undef CRYPTO_get_ex_data_implementation -# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl -# undef CRYPTO_set_ex_data_implementation -# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl - /* Hack a long name in crypto/asn1/a_mbstr.c */ # undef ASN1_STRING_set_default_mask_asc # define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc diff --git a/util/libeay.num b/util/libeay.num index 731db22..a82db68 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2328,8 +2328,8 @@ X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION: OCSP_BASICRESP_free 2838 EXIST::FUNCTION: OCSP_BASICRESP_add1_ext_i2d 2839 EXIST::FUNCTION: d2i_KRB5_AUTHENTBODY 2840 NOEXIST::FUNCTION: -CRYPTO_set_ex_data_implementation 2841 EXIST:!VMS:FUNCTION: -CRYPTO_set_ex_data_impl 2841 EXIST:VMS:FUNCTION: +CRYPTO_set_ex_data_impl 2841 NOEXIST::FUNCTION: +CRYPTO_set_ex_data_implementation 2841 NOEXIST::FUNCTION: KRB5_ENCDATA_new 2842 NOEXIST::FUNCTION: DSO_up_ref 2843 EXIST::FUNCTION: OCSP_crl_reason_str 2844 EXIST::FUNCTION: @@ -2559,7 +2559,7 @@ AES_encrypt 3033 EXIST::FUNCTION:AES OCSP_REQUEST_new 3034 EXIST::FUNCTION: ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION: +CRYPTO_ex_data_new_class 3036 NOEXIST::FUNCTION: _ossl_old_des_ncbc_encrypt 3037 NOEXIST::FUNCTION: i2d_KRB5_TKTBODY 3038 NOEXIST::FUNCTION: EC_POINT_clear_free 3039 EXIST::FUNCTION:EC @@ -2676,8 +2676,8 @@ USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA USERNOTICE_it 3132 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQINFO_new 3133 EXIST::FUNCTION: OCSP_BASICRESP_get_ext 3134 EXIST::FUNCTION: -CRYPTO_get_ex_data_implementation 3135 EXIST:!VMS:FUNCTION: -CRYPTO_get_ex_data_impl 3135 EXIST:VMS:FUNCTION: +CRYPTO_get_ex_data_impl 3135 NOEXIST::FUNCTION: +CRYPTO_get_ex_data_implementation 3135 NOEXIST::FUNCTION: ASN1_item_pack 3136 EXIST::FUNCTION: i2d_KRB5_ENCDATA 3137 NOEXIST::FUNCTION: X509_PURPOSE_set 3138 EXIST::FUNCTION: From steve at openssl.org Tue Jul 21 13:03:02 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 21 Jul 2015 13:03:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437483782.484824.19443.nullmailer@dev.openssl.org> The branch master has been updated via 3d9ebc373f6c95df1d4b079d73f3ab0194c57621 (commit) via 429261d0d836fa44213eae99abbf19dbb6194daf (commit) from 7e5363abe3c00d9db037f464f3c121e194bb5bb6 (commit) - Log ----------------------------------------------------------------- commit 3d9ebc373f6c95df1d4b079d73f3ab0194c57621 Author: Dr. Stephen Henson Date: Tue Jul 14 14:19:38 2015 +0100 Update demo. Use new SSL_CONF options in demo. Add intermediate and root CAs and update all to use SHA256. Reviewed-by: Viktor Dukhovni commit 429261d0d836fa44213eae99abbf19dbb6194daf Author: Dr. Stephen Henson Date: Tue Jul 14 14:18:37 2015 +0100 SSL_CONF additions. Add support for loading verify and chain stores in SSL_CONF. Commands to set verify mode and client CA names. Add documentation. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: demos/bio/accept.cnf | 6 ++ demos/bio/intca.pem | 23 +++++++ demos/bio/root.pem | 22 +++++++ demos/bio/server.pem | 21 +++---- doc/ssl/SSL_CONF_cmd.pod | 27 ++++++++ ssl/ssl_conf.c | 156 +++++++++++++++++++++++++++++++++++++++++++---- 6 files changed, 232 insertions(+), 23 deletions(-) create mode 100644 demos/bio/intca.pem create mode 100644 demos/bio/root.pem diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf index e4acea7..5a2ef45 100644 --- a/demos/bio/accept.cnf +++ b/demos/bio/accept.cnf @@ -11,3 +11,9 @@ ECDHParameters = Automatic SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 Certificate=server.pem PrivateKey=server.pem +ChainCAFile=root.pem +VerifyCAFile=root.pem + +# Request certificate +VerifyMode=Request +ClientCAFile=root.pem diff --git a/demos/bio/intca.pem b/demos/bio/intca.pem new file mode 100644 index 0000000..3551ea9 --- /dev/null +++ b/demos/bio/intca.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT +VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD +QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL +MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ +VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG +W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL +IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ +GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 +ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds +ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr +VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD +VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz +audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg +j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt +CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR +gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I +RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN +thI= +-----END CERTIFICATE----- diff --git a/demos/bio/root.pem b/demos/bio/root.pem new file mode 100644 index 0000000..3bd0e9b --- /dev/null +++ b/demos/bio/root.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT +VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD +QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL +MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ +VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs +vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H +q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG +juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu +R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r +77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA +AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA +FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn +wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI +/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G +Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN +T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz +9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y +-----END CERTIFICATE----- diff --git a/demos/bio/server.pem b/demos/bio/server.pem index d0fc265..ef0d22a 100644 --- a/demos/bio/server.pem +++ b/demos/bio/server.pem @@ -1,10 +1,10 @@ subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV +MIIDpTCCAo2gAwIBAgIJAK8ArbvjIOQlMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG +ZWRpYXRlIENBMB4XDTE1MDcxNDEzMjIwNVoXDTI1MDUyMjEzMjIwNVowZDELMAkG A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ @@ -13,15 +13,14 @@ R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU 41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R -AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49 -hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK -WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp -yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7 -vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds -xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t -JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA== +AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG ++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B +AQsFAAOCAQEAq8v8dvU3Xskb7q5LKbLXxTIF6owFs5uLk2k2msEAQzX7SrYFZwdE +5e33S71rpDbXiJjyD4Yj0Av5yeRlW0YVFlBZAwgPn29CDCD6+DeQ7AwtXvJhcq9e +llTLpB1EuXC5UCerQmq99wmfTrK0q4hgK7/5c7mcoD7V1iOEvxI2kmG6ukIupbKi +P1TNVVET1kPhRG1dFP9rge7j2ssY3/H+j3jlAJnwQQoYg+YCZ6g0atjOrqvywAy3 +5E2d9LPF3TKw2mf4mAxjU6hPDOk0tiMS6g1xdHyeTftPXfN8Gli0T0LpNpy5a24B +dLPqZEpj0kXT8gTYEROX7tq9gYwpe6FVKw== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index dbdacd1..16b368a 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -195,6 +195,12 @@ context. This option is only supported if certificate operations are permitted. Note: if no B option is set then a private key is not loaded unless the B is set. +=item B, B, B, B + +These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted. + =item B Attempts to use the file B in the "serverinfo" extension using the @@ -306,6 +312,27 @@ B permits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to B. Set by default. +=item B + +The B argument is a comma separated list of flags to set. + +B enables peer verification: for clients only. + +B requests but does not require a certificate from the client. +Servers only. + +B requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only. + +B requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only. + +=item B, B + +A file or directory of certificates in PEM format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted. + =back =head1 SUPPORTED COMMAND TYPES diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 819e730..4160566 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -86,8 +86,14 @@ typedef struct { /* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */ #define SSL_TFLAG_INV 0x1 -/* Flags refers to cert_flags not options */ -#define SSL_TFLAG_CERT 0x2 +/* Mask for type of flag referred to */ +#define SSL_TFLAG_TYPE_MASK 0xf00 +/* Flag is for options */ +#define SSL_TFLAG_OPTION 0x000 +/* Flag is for cert_flags */ +#define SSL_TFLAG_CERT 0x100 +/* Flag is for verify mode */ +#define SSL_TFLAG_VFY 0x200 /* Option can only be used for clients */ #define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT /* Option can only be used for servers */ @@ -107,6 +113,11 @@ typedef struct { #define SSL_FLAG_TBL_CERT(str, flag) \ {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag} +#define SSL_FLAG_VFY_CLI(str, flag) \ + {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag} +#define SSL_FLAG_VFY_SRV(str, flag) \ + {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag} + /* * Opaque structure containing SSL configuration context. */ @@ -129,30 +140,46 @@ struct ssl_conf_ctx_st { char *cert_filename[SSL_PKEY_NUM]; /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */ uint32_t *pcert_flags; + /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */ + uint32_t *pvfy_flags; /* Current flag table being worked on */ const ssl_flag_tbl *tbl; /* Size of table */ size_t ntbl; + /* Client CA names */ + STACK_OF(X509_NAME) *canames; }; static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, unsigned long option_value, int onoff) { + unint32_t *pflags; if (cctx->poptions == NULL) return; if (name_flags & SSL_TFLAG_INV) onoff ^= 1; - if (name_flags & SSL_TFLAG_CERT) { - if (onoff) - *cctx->pcert_flags |= option_value; - else - *cctx->pcert_flags &= ~option_value; - } else { - if (onoff) - *cctx->poptions |= option_value; - else - *cctx->poptions &= ~option_value; + switch (name_flags & SSL_TFLAG_TYPE_MASK) { + + case SSL_TFLAG_CERT: + pflags = cctx->pcert_flags; + break; + + case SSL_TFLAG_VFY: + pflags = cctx->pvfy_flags; + break; + + case SSL_TFLAG_OPTION: + pflags = cctx->poptions; + break; + + default: + return; + } + if (onoff) + *pflags |= option_value; + else + *pflags &= ~option_value; } static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, @@ -335,6 +362,22 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); } +static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value) +{ + static const ssl_flag_tbl ssl_vfy_list[] = { + SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER), + SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER), + SSL_FLAG_VFY_SRV("Require", + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), + SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE) + }; + if (value == NULL) + return -3; + cctx->tbl = ssl_vfy_list; + cctx->ntbl = OSSL_NELEM(ssl_vfy_list); + return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); +} + static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; @@ -378,6 +421,64 @@ static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } +static int do_store(SSL_CONF_CTX *cctx, + const char *CAfile, const char *CApath, int verify_store) +{ + CERT *cert; + X509_STORE **st; + if (cctx->ctx) + cert = cctx->ctx->cert; + else if (cctx->ssl) + cert = cctx->ssl->cert; + else + return 1; + st = verify_store ? &cert->verify_store : &cert->chain_store; + if (*st == NULL) { + *st = X509_STORE_new(); + if (*st == NULL) + return 0; + } + return X509_STORE_load_locations(*st, CAfile, CApath) > 0; +} + +static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value) +{ + return do_store(cctx, NULL, value, 0); +} + +static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value) +{ + return do_store(cctx, value, NULL, 0); +} + +static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value) +{ + return do_store(cctx, NULL, value, 1); +} + +static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value) +{ + return do_store(cctx, value, NULL, 1); +} + +static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) +{ + if (cctx->canames == NULL) + cctx->canames = sk_X509_NAME_new_null(); + if (cctx->canames == NULL) + return 0; + return SSL_add_file_cert_subjects_to_stack(cctx->canames, value); +} + +static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) +{ + if (cctx->canames == NULL) + cctx->canames = sk_X509_NAME_new_null(); + if (cctx->canames == NULL) + return 0; + return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value); +} + #ifndef OPENSSL_NO_DH static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -452,6 +553,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(CipherString, "cipher", 0), SSL_CONF_CMD_STRING(Protocol, NULL, 0), SSL_CONF_CMD_STRING(Options, NULL, 0), + SSL_CONF_CMD_STRING(VerifyMode, NULL, 0), SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE, @@ -459,6 +561,20 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_DIR), + SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_DIR), + SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ClientCAFile, NULL, + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ClientCAPath, NULL, + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_DIR), #ifndef OPENSSL_NO_DH SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, @@ -666,10 +782,12 @@ SSL_CONF_CTX *SSL_CONF_CTX_new(void) ret->ctx = NULL; ret->poptions = NULL; ret->pcert_flags = NULL; + ret->pvfy_flags = NULL; ret->tbl = NULL; ret->ntbl = 0; for (i = 0; i < SSL_PKEY_NUM; i++) ret->cert_filename[i] = NULL; + ret->canames = NULL; } return ret; } @@ -695,6 +813,15 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) } } } + if (cctx->canames) { + if (cctx->ssl) + SSL_set_client_CA_list(cctx->ssl, cctx->canames); + else if (cctx->ctx) + SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames); + else + sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); + cctx->canames = NULL; + } return 1; } @@ -706,6 +833,7 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) OPENSSL_free(cctx->cert_filename[i]); OPENSSL_free(cctx->prefix); OPENSSL_free(cctx); + sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); } } @@ -745,9 +873,11 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl) if (ssl) { cctx->poptions = &ssl->options; cctx->pcert_flags = &ssl->cert->cert_flags; + cctx->pvfy_flags = &ssl->verify_mode; } else { cctx->poptions = NULL; cctx->pcert_flags = NULL; + cctx->pvfy_flags = NULL; } } @@ -758,8 +888,10 @@ void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx) if (ctx) { cctx->poptions = &ctx->options; cctx->pcert_flags = &ctx->cert->cert_flags; + cctx->pvfy_flags = &ctx->verify_mode; } else { cctx->poptions = NULL; cctx->pcert_flags = NULL; + cctx->pvfy_flags = NULL; } } From steve at openssl.org Tue Jul 21 13:35:09 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 21 Jul 2015 13:35:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437485709.969849.31231.nullmailer@dev.openssl.org> The branch master has been updated via 4445704f912495227e9e99835e94219d7e79684c (commit) via 4fdf17a0ec8abe758723b9ff4dac85b8134e9ebf (commit) from 3d9ebc373f6c95df1d4b079d73f3ab0194c57621 (commit) - Log ----------------------------------------------------------------- commit 4445704f912495227e9e99835e94219d7e79684c Author: Dr. Stephen Henson Date: Tue Jul 21 14:27:10 2015 +0100 free names before context Reviewed-by: Kurt Roeckx commit 4fdf17a0ec8abe758723b9ff4dac85b8134e9ebf Author: Dr. Stephen Henson Date: Tue Jul 21 14:16:09 2015 +0100 typo Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: ssl/ssl_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 4160566..5c320cb 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -153,7 +153,7 @@ struct ssl_conf_ctx_st { static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, unsigned long option_value, int onoff) { - unint32_t *pflags; + uint32_t *pflags; if (cctx->poptions == NULL) return; if (name_flags & SSL_TFLAG_INV) @@ -832,8 +832,8 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) for (i = 0; i < SSL_PKEY_NUM; i++) OPENSSL_free(cctx->cert_filename[i]); OPENSSL_free(cctx->prefix); - OPENSSL_free(cctx); sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); + OPENSSL_free(cctx); } } From stevem at openssl.org Wed Jul 22 12:55:35 2015 From: stevem at openssl.org (Steve Marquess) Date: Wed, 22 Jul 2015 12:55:35 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1437569735.274201.2713.nullmailer@dev.openssl.org> The branch master has been updated via ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6 (commit) from 10c638d6934c96d52236740fb4f0be12f9a68482 (commit) - Log ----------------------------------------------------------------- commit ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6 Author: Steve Marquess Date: Wed Jul 22 08:55:17 2015 -0400 Update references to private label validations ----------------------------------------------------------------------- Summary of changes: docs/fips/fipsnotes.wml | 26 +++++++++----------------- docs/fips/privatelabel.wml | 13 ++++++++----- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/docs/fips/fipsnotes.wml b/docs/fips/fipsnotes.wml index 21df9c8..5ce62c8 100644 --- a/docs/fips/fipsnotes.wml +++ b/docs/fips/fipsnotes.wml @@ -53,22 +53,16 @@ The OSF would really prefer to work on open source based validations of benefit to the OpenSSL user community at large, but financial support for that objective is intermittent at best. On the other hand many vendors are interested in private label validations and the OSF will assist in such efforts on a paid basis. We've done enough -of these to be very cost competitive, and for uncomplicated validations we will work -on a fixed price basis. A routine private label validation on a single commodity -platform can cost as little as -US$35,000. -Contact the OSF for more information. +of these to be very cost competitive, and for uncomplicated validations we typically work +on a fixed price basis. +
-Update: In collaboration with an accredited CMVP testing laboratory we were through -December 2012 offering a -cost effective turnkey validation package for routine private label validations. -However, due to some changes in -CMVP requirements -introduced in 2013 the current OpenSSL FIPS Object Module -code base can no longer be readily be validated. We are still adding new +Update: As of 2015 we are no longer performing +private label validations. +We are still adding new platforms to the #1747 -validation. +or related validations.
Current Validations
@@ -84,10 +78,8 @@ And did we mention the User Guide? Important Note: -Due to changes in the FIPS 140-2 validation requirements the current v1.2 Module is -no longer be a suitable model for private label validations in its current form past the year 2010. See the NIST Notices, -discussion paper and -SP 800-131. +Due to changes in the FIPS 140-2 validation requirements the current v2.0 Module is +no longer a suitable model for private label validations in its current form past the year 2014.

Upcoming Validations
diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml index 9d8a9b9..fa32d81 100644 --- a/docs/fips/privatelabel.wml +++ b/docs/fips/privatelabel.wml @@ -8,11 +8,14 @@ If you haven't already, please read our FIPS 140-2 Notes page.
-IMPORTANT NOTE: The recent addition of -new formal requirements has potentially -complicated new private label validations, but as of August 2013 it appears such validations -are again feasible. We'll be more certain of this once we've actually obtained a validation under -the new rules. +IMPORTANT NOTE: The addition of +multiple new formal requirements since the #1747 validation was first approved in 2012, and +recent unfavorable experiences with increasingly unpredictable outcomes from the validation process, have increased +to the point where private label validations are no longer economically feasible for a small +organization of limited means; the risk doesn't justify the substantial investment of time and money required +to pursue new validations. As of 2015 we are no longer performing any private label validations. +
+The rest of this page is of historical interest only.
What It Is
From stevem at openssl.org Wed Jul 22 14:56:47 2015 From: stevem at openssl.org (Steve Marquess) Date: Wed, 22 Jul 2015 14:56:47 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1437577007.388920.21126.nullmailer@dev.openssl.org> The branch master has been updated via 4d8018b9656624bd4afdb7afa0db6ff1ed62fcca (commit) from ecd59b75a820b416eb5fcf8a0b06e4eb1aea01e6 (commit) - Log ----------------------------------------------------------------- commit 4d8018b9656624bd4afdb7afa0db6ff1ed62fcca Author: Steve Marquess Date: Wed Jul 22 10:56:14 2015 -0400 Note change letter updates are still possible. ----------------------------------------------------------------------- Summary of changes: docs/fips/privatelabel.wml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml index fa32d81..81d2e0c 100644 --- a/docs/fips/privatelabel.wml +++ b/docs/fips/privatelabel.wml @@ -13,7 +13,9 @@ multiple new formal requirements since the #1747 validation was first approved i recent unfavorable experiences with increasingly unpredictable outcomes from the validation process, have increased to the point where private label validations are no longer economically feasible for a small organization of limited means; the risk doesn't justify the substantial investment of time and money required -to pursue new validations. As of 2015 we are no longer performing any private label validations. +to pursue new validations. As of 2015 we are no longer performing any private label validations. The addition of +new platforms to the existing #1747 or comparable validations +is still possible and those validation actions are still being performed.
The rest of this page is of historical interest only. From rsalz at openssl.org Wed Jul 22 18:43:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 22 Jul 2015 18:43:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437590595.462610.18071.nullmailer@dev.openssl.org> The branch master has been updated via 9f040d6decca7930e978784c917f731e5c45e8f0 (commit) from 4445704f912495227e9e99835e94219d7e79684c (commit) - Log ----------------------------------------------------------------- commit 9f040d6decca7930e978784c917f731e5c45e8f0 Author: Rich Salz Date: Wed Jul 22 06:44:50 2015 -0400 Some cleanups for crypto/bn Create bn_free_d utility routine and use it. Fix RT3950 Also a missing cleanse, from Loganaden Velvindron (loganaden at gmail.com), who noticed it in a Cloudflare patch. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_add.c | 3 ++- crypto/bn/bn_lib.c | 32 +++++++++++++++----------------- crypto/bn/bn_mont.c | 4 +++- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index a446686..0bfc3cc 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -222,7 +222,8 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) break; } } - memcpy(rp, ap, sizeof(*rp) * dif); + if (dif) + memcpy(rp, ap, sizeof(*rp) * dif); r->top = max; r->neg = 0; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index b5f827a..f10f44a 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -223,6 +223,15 @@ int BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } +static void bn_free_d(BIGNUM *a) +{ + if (BN_get_flags(a,BN_FLG_SECURE)) + OPENSSL_secure_free(a->d); + else + OPENSSL_free(a->d); +} + + void BN_clear_free(BIGNUM *a) { int i; @@ -232,15 +241,11 @@ void BN_clear_free(BIGNUM *a) bn_check_top(a); if (a->d != NULL) { OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) { - if (BN_get_flags(a,BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); - else - OPENSSL_free(a->d); - } + if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) + bn_free_d(a); } i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(BIGNUM)); + OPENSSL_cleanse(a, sizeof(*a)); if (i) OPENSSL_free(a); } @@ -251,12 +256,7 @@ void BN_free(BIGNUM *a) return; bn_check_top(a); if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) { - if (BN_get_flags(a, BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); - else - OPENSSL_free(a->d); - } + bn_free_d(a); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); else { @@ -399,10 +399,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) if (!a) return NULL; if (b->d) { - if (BN_get_flags(b,BN_FLG_SECURE)) - OPENSSL_secure_free(b->d); - else - OPENSSL_free(b->d); + OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); + bn_free_d(b); } b->d = a; b->dmax = words; diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index c869101..e3955fe 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -196,7 +196,9 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp = r->d; /* clear the top words of T */ - memset(&rp[r->top], 0, sizeof(*rp) * (max - r->top)); + i = max - r->top; + if (i) + memset(&rp[r->top], 0, sizeof(*rp) * i); r->top = max; n0 = mont->n0[0]; From steve at openssl.org Thu Jul 23 01:52:53 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 23 Jul 2015 01:52:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437616373.458383.1281.nullmailer@dev.openssl.org> The branch master has been updated via 8a00dbd83e24b00f24429ae57f56102916c8704f (commit) from 9f040d6decca7930e978784c917f731e5c45e8f0 (commit) - Log ----------------------------------------------------------------- commit 8a00dbd83e24b00f24429ae57f56102916c8704f Author: Dr. Stephen Henson Date: Wed Jul 22 16:11:55 2015 +0100 Document shared sigalgs functions. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_get_shared_sigalgs.pod | 77 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 doc/ssl/SSL_get_shared_sigalgs.pod diff --git a/doc/ssl/SSL_get_shared_sigalgs.pod b/doc/ssl/SSL_get_shared_sigalgs.pod new file mode 100644 index 0000000..16f7d48 --- /dev/null +++ b/doc/ssl/SSL_get_shared_sigalgs.pod @@ -0,0 +1,77 @@ +=pod + +=head1 NAME + +SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms + +=head1 SYNOPSIS + + #include + + int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignhash, + unsigned char *rsig, unsigned char *rhash); + + int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignhash, + unsigned char *rsig, unsigned char *rhash); + +=head1 DESCRIPTION + +SSL_get_shared_sigalgs() returns information about the shared signature +algorithms supported by peer B. The parameter B indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm NID is written to B<*psign>, the hash NID to B<*phash> and the +sign and hash NID to B<*psignhash>. The raw signature and hash values +are written to B<*rsig> and B<*rhash>. + +SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns +information about all signature algorithms supported by B in the order +they were sent by the peer. + +=head1 RETURN VALUES + +SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of +signature algorithms or B<0> if the B parameter is out of range. + +=head1 NOTES + +These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them. + +If an application is only interested in the highest preference shared +signature algorithm it can just set B to zero. + +Any or all of the parameters B, B, B, B or +B can be set to B if the value is not required. By setting +them all to B and setting B to zero the total number of +signature algorithms can be determined: which can be zero. + +These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback. + +Only TLS 1.2 and DTLS 1.2 currently support signature algorithms. If these +functions are called on an earlier version of TLS or DTLS zero is returned. + +The shared signature algorithms returned by SSL_get_shared_sigalgs() are +ordered according to configuration and peer preferences. + +The raw values correspond to the on the wire form as defined by RFC5246 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and +rsa(1) then B<*rhash> would be 4, B<*rsign> 1, B<*phash> NID_sha256, B<*psig> +NID_rsaEncryption and B<*psighash> NID_sha256WithRSAEncryption. + +If a signature algorithm is not recognised the corresponsing NIDs +will be set to B. This may be because the value is not supported +or is not an appropriate combination (for example MD5 and DSA). + +=head1 SEE ALSO + +L, +L + +=cut From emilia at openssl.org Thu Jul 23 12:24:48 2015 From: emilia at openssl.org (Emilia Kasper) Date: Thu, 23 Jul 2015 12:24:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1437654288.573655.23366.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 4102d1a5034aea9cf3b070534bc97f5cee2f2296 (commit) from fd9631bbbda626af0407d5c8c188b05c86a25e3d (commit) - Log ----------------------------------------------------------------- commit 4102d1a5034aea9cf3b070534bc97f5cee2f2296 Author: Emilia Kasper Date: Thu Jul 23 13:20:21 2015 +0200 rsaz_exp.h: align license with the rest of the contribution Reviewed-by: Rich Salz (cherry picked from commit f4ee22be03bb8318b1e0f00e116be231ba12fdef) ----------------------------------------------------------------------- Summary of changes: crypto/bn/rsaz_exp.h | 68 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 28 deletions(-) diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index 33361de..229e181 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -1,32 +1,44 @@ -/****************************************************************************** -* Copyright(c) 2012, Intel Corp. -* Developers and authors: -* Shay Gueron (1, 2), and Vlad Krasnov (1) -* (1) Intel Corporation, Israel Development Center, Haifa, Israel -* (2) University of Haifa, Israel +/***************************************************************************** +* * +* Copyright (c) 2012, Intel Corporation * +* * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions are * +* met: * +* * +* * Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* * +* * Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the * +* distribution. * +* * +* * Neither the name of the Intel Corporation nor the names of its * +* contributors may be used to endorse or promote products derived from * +* this software without specific prior written permission. * +* * +* * +* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * +* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * +* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * +* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * +* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * +* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +* * ****************************************************************************** -* LICENSE: -* This submission to OpenSSL is to be made available under the OpenSSL -* license, and only to the OpenSSL project, in order to allow integration -* into the publicly distributed code. -* The use of this code, or portions of this code, or concepts embedded in -* this code, or modification of this code and/or algorithm(s) in it, or the -* use of this code for any other purpose than stated above, requires special -* licensing. -****************************************************************************** -* DISCLAIMER: -* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AND THE COPYRIGHT OWNERS -* ``AS IS''. ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS OR THE COPYRIGHT -* OWNERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -* POSSIBILITY OF SUCH DAMAGE. -******************************************************************************/ +* Developers and authors: * +* Shay Gueron (1, 2), and Vlad Krasnov (1) * +* (1) Intel Corporation, Israel Development Center, Haifa, Israel * +* (2) University of Haifa, Israel * +*****************************************************************************/ #ifndef RSAZ_EXP_H # define RSAZ_EXP_H From emilia at openssl.org Thu Jul 23 12:24:48 2015 From: emilia at openssl.org (Emilia Kasper) Date: Thu, 23 Jul 2015 12:24:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1437654288.663064.23388.nullmailer@dev.openssl.org> The branch master has been updated via f4ee22be03bb8318b1e0f00e116be231ba12fdef (commit) from 8a00dbd83e24b00f24429ae57f56102916c8704f (commit) - Log ----------------------------------------------------------------- commit f4ee22be03bb8318b1e0f00e116be231ba12fdef Author: Emilia Kasper Date: Thu Jul 23 13:20:21 2015 +0200 rsaz_exp.h: align license with the rest of the contribution Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/bn/rsaz_exp.h | 68 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 28 deletions(-) diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index 33361de..229e181 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -1,32 +1,44 @@ -/****************************************************************************** -* Copyright(c) 2012, Intel Corp. -* Developers and authors: -* Shay Gueron (1, 2), and Vlad Krasnov (1) -* (1) Intel Corporation, Israel Development Center, Haifa, Israel -* (2) University of Haifa, Israel +/***************************************************************************** +* * +* Copyright (c) 2012, Intel Corporation * +* * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions are * +* met: * +* * +* * Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* * +* * Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the * +* distribution. * +* * +* * Neither the name of the Intel Corporation nor the names of its * +* contributors may be used to endorse or promote products derived from * +* this software without specific prior written permission. * +* * +* * +* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * +* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * +* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * +* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * +* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * +* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +* * ****************************************************************************** -* LICENSE: -* This submission to OpenSSL is to be made available under the OpenSSL -* license, and only to the OpenSSL project, in order to allow integration -* into the publicly distributed code. -* The use of this code, or portions of this code, or concepts embedded in -* this code, or modification of this code and/or algorithm(s) in it, or the -* use of this code for any other purpose than stated above, requires special -* licensing. -****************************************************************************** -* DISCLAIMER: -* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AND THE COPYRIGHT OWNERS -* ``AS IS''. ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS OR THE COPYRIGHT -* OWNERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -* POSSIBILITY OF SUCH DAMAGE. -******************************************************************************/ +* Developers and authors: * +* Shay Gueron (1, 2), and Vlad Krasnov (1) * +* (1) Intel Corporation, Israel Development Center, Haifa, Israel * +* (2) University of Haifa, Israel * +*****************************************************************************/ #ifndef RSAZ_EXP_H # define RSAZ_EXP_H From stevem at openssl.org Fri Jul 24 16:25:10 2015 From: stevem at openssl.org (Steve Marquess) Date: Fri, 24 Jul 2015 16:25:10 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1437755110.223293.16198.nullmailer@dev.openssl.org> The branch master has been updated via 67bec773be58e202d6e725174526cb7aa03f5e01 (commit) from 4d8018b9656624bd4afdb7afa0db6ff1ed62fcca (commit) - Log ----------------------------------------------------------------- commit 67bec773be58e202d6e725174526cb7aa03f5e01 Author: Steve Marquess Date: Fri Jul 24 12:24:49 2015 -0400 Fix typos ----------------------------------------------------------------------- Summary of changes: about/binaries.wml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/about/binaries.wml b/about/binaries.wml index 0f55b0f..21b745f 100644 --- a/about/binaries.wml +++ b/about/binaries.wml @@ -7,7 +7,7 @@
Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the -link is stable and can provide continues support for OpenSSL for a while.
+link is stable and can provide continued support for OpenSSL for a while.

Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and @@ -25,7 +25,7 @@ packages.

From kurt at openssl.org Fri Jul 24 17:57:22 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Fri, 24 Jul 2015 17:57:22 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1437760642.606710.7862.nullmailer@dev.openssl.org> The branch master has been updated via c21a779e67328ae7b1e5037631f82bb91a532887 (commit) from 67bec773be58e202d6e725174526cb7aa03f5e01 (commit) - Log ----------------------------------------------------------------- commit c21a779e67328ae7b1e5037631f82bb91a532887 Author: Kurt Roeckx Date: Fri Jul 24 19:56:34 2015 +0200 Fix CVE-2014-3569 affected versions (again) ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 52 ------------------------------------------------ 1 file changed, 52 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 49d0038..9a41b1e 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -1163,60 +1163,8 @@ the certificate key is invalid. This function is rarely used in practice. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From matt at openssl.org Mon Jul 27 14:05:18 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 27 Jul 2015 14:05:18 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438005918.791085.25938.nullmailer@dev.openssl.org> The branch master has been updated via 57787ac81444938a876f185cdd73875c8f53e208 (commit) from f4ee22be03bb8318b1e0f00e116be231ba12fdef (commit) - Log ----------------------------------------------------------------- commit 57787ac81444938a876f185cdd73875c8f53e208 Author: Matt Caswell Date: Tue Jul 21 00:02:39 2015 +0100 Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED This flag was not set anywhere within the codebase (only read). It could only be set by an app reaching directly into s->s3->flags and setting it directly. However that method became impossible when libssl was opaquified. Even in 1.0.2/1.0.1 if an app set the flag directly it is only relevant to ssl3_connect(), which calls SSL_clear() during initialisation that clears any flag settings. Therefore it could take effect if the app set the flag after the handshake has started but before it completed. It seems quite unlikely that any apps really do this (especially as it is completely undocumented). The purpose of the flag is suppress flushing of the write bio on the client side at the end of the handshake after the client has written the Finished message whilst resuming a session. This enables the client to send application data as part of the same flight as the Finished message. This flag also controls the setting of a second flag SSL3_FLAGS_POP_BUFFER. There is an interesting comment in the code about this second flag in the implementation of ssl3_write: /* This is an experimental flag that sends the * last handshake message in the same packet as the first * use data - used to see if it helps the TCP protocol during * session-id reuse */ It seems the experiment did not work because as far as I can tell nothing is using this code. The above comment has been in the code since SSLeay. This commit removes support for SSL3_FLAGS_DELAY_CLIENT_FINISHED, as well as the associated SSL3_FLAGS_POP_BUFFER. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++++ include/openssl/ssl3.h | 4 ++-- ssl/d1_clnt.c | 22 ++-------------------- ssl/s3_clnt.c | 16 ++-------------- ssl/s3_lib.c | 44 +------------------------------------------- ssl/ssl_locl.h | 1 - 6 files changed, 13 insertions(+), 80 deletions(-) diff --git a/CHANGES b/CHANGES index a06b1e4..1526aec 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,12 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay + era flag was never set throughout the codebase (only read). Also removed + SSL3_FLAGS_POP_BUFFER which was only used if + SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set. + [Matt Caswell] + *) Changed the default name options in the "ca", "crl", "req" and "x509" to be "oneline" instead of "compat". [Richard Levitte] diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index d56105e..43df925 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -360,10 +360,10 @@ extern "C" { # define SSL3_CT_NUMBER 9 # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -# define SSL3_FLAGS_POP_BUFFER 0x0004 + /* Removed from OpenSSL 1.1.0 */ # define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + # define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 /* * Set when the handshake is ready to process peer's ChangeCipherSpec message. diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 8940abc..fde0def 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -604,8 +604,6 @@ int dtls1_connect(SSL *s) goto end; s->state = SSL3_ST_CW_FLUSH; - /* clear flags */ - s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; if (s->hit) { s->s3->tmp.next_state = SSL_ST_OK; #ifndef OPENSSL_NO_SCTP @@ -614,17 +612,6 @@ int dtls1_connect(SSL *s) s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK; } #endif - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - s->state = SSL_ST_OK; -#ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { - s->d1->next_state = SSL_ST_OK; - s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK; - } -#endif - s->s3->flags |= SSL3_FLAGS_POP_BUFFER; - s->s3->delay_buf_pop_ret = 0; - } } else { #ifndef OPENSSL_NO_SCTP /* @@ -711,13 +698,8 @@ int dtls1_connect(SSL *s) /* clean a few things up */ ssl3_cleanup_key_block(s); - /* - * If we are not 'joining' the last two packets, remove the - * buffering now - */ - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) - ssl_free_wbio_buffer(s); - /* else do it later in ssl3_write */ + /* Remove the buffering */ + ssl_free_wbio_buffer(s); s->init_num = 0; s->renegotiate = 0; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1a925a7..04af851 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -518,15 +518,8 @@ int ssl3_connect(SSL *s) goto end; s->state = SSL3_ST_CW_FLUSH; - /* clear flags */ - s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; if (s->hit) { s->s3->tmp.next_state = SSL_ST_OK; - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - s->state = SSL_ST_OK; - s->s3->flags |= SSL3_FLAGS_POP_BUFFER; - s->s3->delay_buf_pop_ret = 0; - } } else { /* * Allow NewSessionTicket if ticket expected @@ -589,13 +582,8 @@ int ssl3_connect(SSL *s) BUF_MEM_free(s->init_buf); s->init_buf = NULL; - /* - * If we are not 'joining' the last two packets, remove the - * buffering now - */ - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) - ssl_free_wbio_buffer(s); - /* else do it later in ssl3_write */ + /* remove the buffering */ + ssl_free_wbio_buffer(s); s->init_num = 0; s->renegotiate = 0; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 54c902d..8b7c52a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4131,54 +4131,12 @@ int ssl3_shutdown(SSL *s) int ssl3_write(SSL *s, const void *buf, int len) { - int ret, n; - -#if 0 - if (s->shutdown & SSL_SEND_SHUTDOWN) { - s->rwstate = SSL_NOTHING; - return (0); - } -#endif clear_sys_error(); if (s->s3->renegotiate) ssl3_renegotiate_check(s); - /* - * This is an experimental flag that sends the last handshake message in - * the same packet as the first use data - used to see if it helps the - * TCP protocol during session-id reuse - */ - /* The second test is because the buffer may have been removed */ - if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { - /* First time through, we write into the buffer */ - if (s->s3->delay_buf_pop_ret == 0) { - ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); - if (ret <= 0) - return (ret); - - s->s3->delay_buf_pop_ret = ret; - } - - s->rwstate = SSL_WRITING; - n = BIO_flush(s->wbio); - if (n <= 0) - return (n); - s->rwstate = SSL_NOTHING; - - /* We have flushed the buffer, so remove it */ - ssl_free_wbio_buffer(s); - s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; - - ret = s->s3->delay_buf_pop_ret; - s->s3->delay_buf_pop_ret = 0; - } else { - ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); - if (ret <= 0) - return (ret); - } - - return (ret); } static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 2672918..1cdcb8b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1184,7 +1184,6 @@ struct ssl_st { typedef struct ssl3_state_st { long flags; - int delay_buf_pop_ret; int read_mac_secret_size; unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; int write_mac_secret_size; From matt at openssl.org Mon Jul 27 15:59:03 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 27 Jul 2015 15:59:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1438012743.299998.25846.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 728432aed0f8e0c8b86df0724c9fde76659bc54b (commit) via 8e75dcf58705dbf29f37bfa9725ef6cde49c0c8a (commit) from 396a2dc07177a14284dba194cb6dfda4f3785681 (commit) - Log ----------------------------------------------------------------- commit 728432aed0f8e0c8b86df0724c9fde76659bc54b Author: Matt Caswell Date: Mon Jul 27 13:30:43 2015 +0100 Fix SSL_set_session_ticket_ext when used with SSLv23_method The function SSL_set_session_ticket_ext can be used to set custom session ticket data passed in the initial ClientHello. This can be particularly useful for EAP-FAST. However, when using SSLv23_method, the session does not get created until the ServerHello has been received. The extension code will only add the SessionTicket data to the ClientHello if a session already exists. Therefore SSL_set_session_ticket_ext has no impact when used in conjunction with SSLv23_method. The solution is to simply create the session during creation of the ClientHello instead of waiting for the ServerHello. This commit fixes the test failure introduced by the previous commit. Reviewed-by: Viktor Dukhovni commit 8e75dcf58705dbf29f37bfa9725ef6cde49c0c8a Author: Matt Caswell Date: Mon Jul 27 12:04:47 2015 +0100 Add test for SSL_set_session_ticket_ext The function SSL_set_session_ticket_ext sets the ticket data to be sent in the ClientHello. This is useful for EAP-FAST. This commit adds a test to ensure that when this function is called the expected ticket data actually appears in the ClientHello. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: ssl/Makefile | 2 +- ssl/clienthellotest.c | 218 ++++++++++++++++++++++++++++++++++++++++++++++++++ ssl/s23_clnt.c | 19 ++--- ssl/ssl3.h | 2 + test/Makefile | 39 ++++++++- 5 files changed, 261 insertions(+), 19 deletions(-) create mode 100644 ssl/clienthellotest.c diff --git a/ssl/Makefile b/ssl/Makefile index 29d9e45..ad14abb 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -15,7 +15,7 @@ KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README ssl-lib.com install.com -TEST=ssltest.c heartbeat_test.c +TEST=ssltest.c heartbeat_test.c clienthellotest.c APPS= LIB=$(TOP)/libssl.a diff --git a/ssl/clienthellotest.c b/ssl/clienthellotest.c new file mode 100644 index 0000000..a00a7ea --- /dev/null +++ b/ssl/clienthellotest.c @@ -0,0 +1,218 @@ +/* Written by Matt Caswell for the OpenSSL Project */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include +#include + + +#define CLIENT_VERSION_LEN 2 +#define SESSION_ID_LEN_LEN 1 +#define CIPHERS_LEN_LEN 2 +#define COMPRESSION_LEN_LEN 1 +#define EXTENSIONS_LEN_LEN 2 +#define EXTENSION_TYPE_LEN 2 +#define EXTENSION_SIZE_LEN 2 + + +#define TOTAL_NUM_TESTS 2 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for TLS1.2 + */ +#define TEST_SET_SESSION_TICK_DATA_TLS_1_2 0 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for a negotiated SSL/TLS version + */ +#define TEST_SET_SESSION_TICK_DATA_VER_NEG 1 + +int main(int argc, char *argv[]) +{ + SSL_CTX *ctx; + SSL *con; + BIO *rbio; + BIO *wbio; + BIO *err; + long len; + unsigned char *data; + unsigned char *dataend; + char *dummytick = "Hello World!"; + unsigned int tmplen; + unsigned int type; + unsigned int size; + int testresult = 0; + int currtest = 0; + + SSL_library_init(); + SSL_load_error_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + /* + * For each test set up an SSL_CTX and SSL and see what ClientHello gets + * produced when we try to connect + */ + for (; currtest < TOTAL_NUM_TESTS; currtest++) { + testresult = 0; + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) { + ctx = SSL_CTX_new(TLSv1_2_method()); + } else { + ctx = SSL_CTX_new(SSLv23_method()); + } + con = SSL_new(ctx); + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick))) + goto end; + } + + if (SSL_connect(con) > 0) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + len = BIO_get_mem_data(wbio, (char **)&data); + dataend = data + len; + + /* Skip the record header */ + data += SSL3_RT_HEADER_LENGTH; + /* Skip the handshake message header */ + data += SSL3_HM_HEADER_LENGTH; + /* Skip client version and random */ + data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE; + if (data + SESSION_ID_LEN_LEN > dataend) + goto end; + /* Skip session id */ + tmplen = *data; + data += SESSION_ID_LEN_LEN + tmplen; + if (data + CIPHERS_LEN_LEN > dataend) + goto end; + /* Skip ciphers */ + tmplen = ((*data) << 8) | *(data + 1); + data += CIPHERS_LEN_LEN + tmplen; + if (data + COMPRESSION_LEN_LEN > dataend) + goto end; + /* Skip compression */ + tmplen = *data; + data += COMPRESSION_LEN_LEN + tmplen; + if (data + EXTENSIONS_LEN_LEN > dataend) + goto end; + /* Extensions len */ + tmplen = ((*data) << 8) | *(data + 1); + data += EXTENSIONS_LEN_LEN; + if (data + tmplen > dataend) + goto end; + + /* Loop through all extensions */ + while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) { + type = ((*data) << 8) | *(data + 1); + data += EXTENSION_TYPE_LEN; + size = ((*data) << 8) | *(data + 1); + data += EXTENSION_SIZE_LEN; + if (data + size > dataend) + goto end; + + if (type == TLSEXT_TYPE_session_ticket) { + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (size == strlen(dummytick) + && memcmp(data, dummytick, size) == 0) { + /* Ticket data is as we expected */ + testresult = 1; + } else { + printf("Received session ticket is not as expected\n"); + } + break; + } + } + + tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size; + data += size; + } + + end: + SSL_free(con); + SSL_CTX_free(ctx); + if (!testresult) { + printf("ClientHello test: FAILED (Test %d)\n", currtest); + break; + } + } + + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + CRYPTO_mem_leaks(err); + + return testresult?0:1; +} diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 3766567..fc344b9 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -373,12 +373,13 @@ static int ssl23_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { -#if 0 - /* don't reuse session-id's */ + /* + * Since we're sending s23 client hello, we're not reusing a session, as + * we'd be using the method from the saved session instead + */ if (!ssl_get_new_session(s, 0)) { - return (-1); + return -1; } -#endif p = s->s3->client_random; if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) @@ -439,9 +440,6 @@ static int ssl23_client_hello(SSL *s) /* * put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length = 0; -#endif s2n(0, d); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) @@ -784,13 +782,6 @@ static int ssl23_get_server_hello(SSL *s) } s->init_num = 0; - /* - * Since, if we are sending a ssl23 client hello, we are not reusing a - * session-id - */ - if (!ssl_get_new_session(s, 0)) - goto err; - return (SSL_connect(s)); err: return (-1); diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 2dd5462..e9b1170 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -263,6 +263,8 @@ extern "C" { # define SSL3_SESSION_ID_SIZE 32 # define SSL3_RT_HEADER_LENGTH 5 +# define SSL3_HM_HEADER_LENGTH 4 + # ifndef SSL3_ALIGN_PAYLOAD /* * Some will argue that this increases memory footprint, but it's not diff --git a/test/Makefile b/test/Makefile index eca1400..522af50 100644 --- a/test/Makefile +++ b/test/Makefile @@ -67,6 +67,7 @@ ASN1TEST= asn1test HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test VERIFYEXTRATEST= verify_extra_test +CLIENTHELLOTEST= clienthellotest TESTS= alltests @@ -78,7 +79,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ - $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) + $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ + $(CLIENTHELLOTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -91,7 +93,8 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \ - $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o + $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \ + $(CLIENTHELLOTEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -101,7 +104,8 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ - $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c + $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \ + $(CLIENTHELLOTEST).c EXHEADER= HEADER= $(EXHEADER) @@ -144,7 +148,8 @@ alltests: \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ - test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra + test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra \ + test_clienthello test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -339,6 +344,10 @@ test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) +test_clienthello: $(CLIENTHELLOTEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(CLIENTHELLOTEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -510,6 +519,9 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o @target=$(VERIFYEXTRATEST) $(BUILD_CMD) +$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o + @target=$(CLIENTHELLOTEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -555,6 +567,25 @@ bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c +clienthellotest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h +clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +clienthellotest.o: ../include/openssl/evp.h ../include/openssl/hmac.h +clienthellotest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +clienthellotest.o: ../include/openssl/opensslconf.h +clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +clienthellotest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +clienthellotest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +clienthellotest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +clienthellotest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +clienthellotest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +clienthellotest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +clienthellotest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +clienthellotest.o: clienthellotest.c constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h constant_time_test.o: ../include/openssl/e_os2.h constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c From matt at openssl.org Mon Jul 27 15:59:15 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 27 Jul 2015 15:59:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438012755.329282.26115.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f0348c842e75a77f643e7d34cb88609145b2d320 (commit) via 09368c044b4a0dfe694e4905cb13e9a293efd78d (commit) from 4102d1a5034aea9cf3b070534bc97f5cee2f2296 (commit) - Log ----------------------------------------------------------------- commit f0348c842e75a77f643e7d34cb88609145b2d320 Author: Matt Caswell Date: Mon Jul 27 13:30:43 2015 +0100 Fix SSL_set_session_ticket_ext when used with SSLv23_method The function SSL_set_session_ticket_ext can be used to set custom session ticket data passed in the initial ClientHello. This can be particularly useful for EAP-FAST. However, when using SSLv23_method, the session does not get created until the ServerHello has been received. The extension code will only add the SessionTicket data to the ClientHello if a session already exists. Therefore SSL_set_session_ticket_ext has no impact when used in conjunction with SSLv23_method. The solution is to simply create the session during creation of the ClientHello instead of waiting for the ServerHello. This commit fixes the test failure introduced by the previous commit. Reviewed-by: Viktor Dukhovni commit 09368c044b4a0dfe694e4905cb13e9a293efd78d Author: Matt Caswell Date: Mon Jul 27 12:04:47 2015 +0100 Add test for SSL_set_session_ticket_ext The function SSL_set_session_ticket_ext sets the ticket data to be sent in the ClientHello. This is useful for EAP-FAST. This commit adds a test to ensure that when this function is called the expected ticket data actually appears in the ClientHello. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: ssl/Makefile | 2 +- ssl/clienthellotest.c | 218 ++++++++++++++++++++++++++++++++++++++++++++++++++ ssl/s23_clnt.c | 19 ++--- test/Makefile | 38 ++++++++- 4 files changed, 258 insertions(+), 19 deletions(-) create mode 100644 ssl/clienthellotest.c diff --git a/ssl/Makefile b/ssl/Makefile index 42f1af5..7b90fb0 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -15,7 +15,7 @@ KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README ssl-lib.com install.com -TEST=ssltest.c heartbeat_test.c +TEST=ssltest.c heartbeat_test.c clienthellotest.c APPS= LIB=$(TOP)/libssl.a diff --git a/ssl/clienthellotest.c b/ssl/clienthellotest.c new file mode 100644 index 0000000..a00a7ea --- /dev/null +++ b/ssl/clienthellotest.c @@ -0,0 +1,218 @@ +/* Written by Matt Caswell for the OpenSSL Project */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include +#include + + +#define CLIENT_VERSION_LEN 2 +#define SESSION_ID_LEN_LEN 1 +#define CIPHERS_LEN_LEN 2 +#define COMPRESSION_LEN_LEN 1 +#define EXTENSIONS_LEN_LEN 2 +#define EXTENSION_TYPE_LEN 2 +#define EXTENSION_SIZE_LEN 2 + + +#define TOTAL_NUM_TESTS 2 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for TLS1.2 + */ +#define TEST_SET_SESSION_TICK_DATA_TLS_1_2 0 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for a negotiated SSL/TLS version + */ +#define TEST_SET_SESSION_TICK_DATA_VER_NEG 1 + +int main(int argc, char *argv[]) +{ + SSL_CTX *ctx; + SSL *con; + BIO *rbio; + BIO *wbio; + BIO *err; + long len; + unsigned char *data; + unsigned char *dataend; + char *dummytick = "Hello World!"; + unsigned int tmplen; + unsigned int type; + unsigned int size; + int testresult = 0; + int currtest = 0; + + SSL_library_init(); + SSL_load_error_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + /* + * For each test set up an SSL_CTX and SSL and see what ClientHello gets + * produced when we try to connect + */ + for (; currtest < TOTAL_NUM_TESTS; currtest++) { + testresult = 0; + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) { + ctx = SSL_CTX_new(TLSv1_2_method()); + } else { + ctx = SSL_CTX_new(SSLv23_method()); + } + con = SSL_new(ctx); + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick))) + goto end; + } + + if (SSL_connect(con) > 0) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + len = BIO_get_mem_data(wbio, (char **)&data); + dataend = data + len; + + /* Skip the record header */ + data += SSL3_RT_HEADER_LENGTH; + /* Skip the handshake message header */ + data += SSL3_HM_HEADER_LENGTH; + /* Skip client version and random */ + data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE; + if (data + SESSION_ID_LEN_LEN > dataend) + goto end; + /* Skip session id */ + tmplen = *data; + data += SESSION_ID_LEN_LEN + tmplen; + if (data + CIPHERS_LEN_LEN > dataend) + goto end; + /* Skip ciphers */ + tmplen = ((*data) << 8) | *(data + 1); + data += CIPHERS_LEN_LEN + tmplen; + if (data + COMPRESSION_LEN_LEN > dataend) + goto end; + /* Skip compression */ + tmplen = *data; + data += COMPRESSION_LEN_LEN + tmplen; + if (data + EXTENSIONS_LEN_LEN > dataend) + goto end; + /* Extensions len */ + tmplen = ((*data) << 8) | *(data + 1); + data += EXTENSIONS_LEN_LEN; + if (data + tmplen > dataend) + goto end; + + /* Loop through all extensions */ + while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) { + type = ((*data) << 8) | *(data + 1); + data += EXTENSION_TYPE_LEN; + size = ((*data) << 8) | *(data + 1); + data += EXTENSION_SIZE_LEN; + if (data + size > dataend) + goto end; + + if (type == TLSEXT_TYPE_session_ticket) { + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (size == strlen(dummytick) + && memcmp(data, dummytick, size) == 0) { + /* Ticket data is as we expected */ + testresult = 1; + } else { + printf("Received session ticket is not as expected\n"); + } + break; + } + } + + tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size; + data += size; + } + + end: + SSL_free(con); + SSL_CTX_free(ctx); + if (!testresult) { + printf("ClientHello test: FAILED (Test %d)\n", currtest); + break; + } + } + + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + CRYPTO_mem_leaks(err); + + return testresult?0:1; +} diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index e4e707c..acbbe31 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -375,12 +375,13 @@ static int ssl23_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { -#if 0 - /* don't reuse session-id's */ + /* + * Since we're sending s23 client hello, we're not reusing a session, as + * we'd be using the method from the saved session instead + */ if (!ssl_get_new_session(s, 0)) { - return (-1); + return -1; } -#endif p = s->s3->client_random; if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) @@ -445,9 +446,6 @@ static int ssl23_client_hello(SSL *s) /* * put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length = 0; -#endif s2n(0, d); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) @@ -796,13 +794,6 @@ static int ssl23_get_server_hello(SSL *s) } s->init_num = 0; - /* - * Since, if we are sending a ssl23 client hello, we are not reusing a - * session-id - */ - if (!ssl_get_new_session(s, 0)) - goto err; - return (SSL_connect(s)); err: return (-1); diff --git a/test/Makefile b/test/Makefile index e695073..80aeccf 100644 --- a/test/Makefile +++ b/test/Makefile @@ -69,6 +69,7 @@ ASN1TEST= asn1test HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test VERIFYEXTRATEST= verify_extra_test +CLIENTHELLOTEST= clienthellotest TESTS= alltests @@ -81,7 +82,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ - $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) + $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ + $(CLIENTHELLOTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -94,7 +96,8 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ - $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o + $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \ + $(CLIENTHELLOTEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -104,7 +107,8 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ - $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c + $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \ + $(CLIENTHELLOTEST).c EXHEADER= HEADER= testutil.h $(EXHEADER) @@ -148,7 +152,7 @@ alltests: \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ - test_constant_time test_verify_extra + test_constant_time test_verify_extra test_clienthello test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -353,6 +357,10 @@ test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) +test_clienthello: $(CLIENTHELLOTEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(CLIENTHELLOTEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -527,6 +535,9 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o @target=$(VERIFYEXTRATEST) $(BUILD_CMD) +$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o + @target=$(CLIENTHELLOTEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -572,6 +583,25 @@ bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c +clienthellotest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h +clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +clienthellotest.o: ../include/openssl/evp.h ../include/openssl/hmac.h +clienthellotest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +clienthellotest.o: ../include/openssl/opensslconf.h +clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +clienthellotest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +clienthellotest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +clienthellotest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +clienthellotest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +clienthellotest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +clienthellotest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +clienthellotest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +clienthellotest.o: clienthellotest.c constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h constant_time_test.o: ../include/openssl/e_os2.h constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c From matt at openssl.org Mon Jul 27 15:59:24 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 27 Jul 2015 15:59:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438012764.299072.26378.nullmailer@dev.openssl.org> The branch master has been updated via 3b848c642cdbca17c686c95b8fd655e5b1f5df2a (commit) from 57787ac81444938a876f185cdd73875c8f53e208 (commit) - Log ----------------------------------------------------------------- commit 3b848c642cdbca17c686c95b8fd655e5b1f5df2a Author: Matt Caswell Date: Mon Jul 27 12:04:47 2015 +0100 Add test for SSL_set_session_ticket_ext The function SSL_set_session_ticket_ext sets the ticket data to be sent in the ClientHello. This is useful for EAP-FAST. This commit adds a test to ensure that when this function is called the expected ticket data actually appears in the ClientHello. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: test/Makefile | 35 +++++++- test/clienthellotest.c | 218 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 249 insertions(+), 4 deletions(-) create mode 100644 test/clienthellotest.c diff --git a/test/Makefile b/test/Makefile index d9aa750..2e699dc 100644 --- a/test/Makefile +++ b/test/Makefile @@ -69,6 +69,7 @@ V3NAMETEST= v3nametest HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test VERIFYEXTRATEST= verify_extra_test +CLIENTHELLOTEST= clienthellotest TESTS= alltests @@ -85,7 +86,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(JPAKETEST)$(EXE_EXT) $(SECMEMTEST)$(EXE_EXT) \ $(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \ $(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \ - $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) + $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ + $(CLIENTHELLOTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -99,7 +101,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \ $(GOST2814789TEST).o $(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \ - $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o testutil.o + $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o testutil.o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -110,7 +112,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \ $(GOST2814789TEST).c $(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \ - $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c testutil.c + $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c $(CLIENTHELLOTEST).c testutil.c HEADER= testutil.h @@ -151,7 +153,7 @@ alltests: \ test_ige test_jpake test_secmem \ test_srp test_cms test_v3name test_ocsp \ test_gost2814789 test_heartbeat test_p5_crpt2 \ - test_constant_time test_verify_extra + test_constant_time test_verify_extra test_clienthello test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt @echo $(START) $@ @@ -404,6 +406,10 @@ test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) +test_clienthello: $(CLIENTHELLOTEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(CLIENTHELLOTEST) + update: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @@ -594,6 +600,9 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o @target=$(VERIFYEXTRATEST) $(BUILD_CMD) +$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o + @target=$(CLIENTHELLOTEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -627,6 +636,24 @@ bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h bntest.o: ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c +clienthellotest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h +clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +clienthellotest.o: ../include/openssl/err.h ../include/openssl/evp.h +clienthellotest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +clienthellotest.o: ../include/openssl/opensslconf.h +clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +clienthellotest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +clienthellotest.o: ../include/openssl/sha.h ../include/openssl/srtp.h +clienthellotest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +clienthellotest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +clienthellotest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +clienthellotest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +clienthellotest.o: clienthellotest.c constant_time_test.o: ../e_os.h ../include/internal/constant_time_locl.h constant_time_test.o: ../include/openssl/e_os2.h constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c diff --git a/test/clienthellotest.c b/test/clienthellotest.c new file mode 100644 index 0000000..acc56f8 --- /dev/null +++ b/test/clienthellotest.c @@ -0,0 +1,218 @@ +/* Written by Matt Caswell for the OpenSSL Project */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include +#include + + +#define CLIENT_VERSION_LEN 2 +#define SESSION_ID_LEN_LEN 1 +#define CIPHERS_LEN_LEN 2 +#define COMPRESSION_LEN_LEN 1 +#define EXTENSIONS_LEN_LEN 2 +#define EXTENSION_TYPE_LEN 2 +#define EXTENSION_SIZE_LEN 2 + + +#define TOTAL_NUM_TESTS 2 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for TLS1.2 + */ +#define TEST_SET_SESSION_TICK_DATA_TLS_1_2 0 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for a negotiated SSL/TLS version + */ +#define TEST_SET_SESSION_TICK_DATA_VER_NEG 1 + +int main(int argc, char *argv[]) +{ + SSL_CTX *ctx; + SSL *con; + BIO *rbio; + BIO *wbio; + BIO *err; + long len; + unsigned char *data; + unsigned char *dataend; + char *dummytick = "Hello World!"; + unsigned int tmplen; + unsigned int type; + unsigned int size; + int testresult = 0; + int currtest = 0; + + SSL_library_init(); + SSL_load_error_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + /* + * For each test set up an SSL_CTX and SSL and see what ClientHello gets + * produced when we try to connect + */ + for (; currtest < TOTAL_NUM_TESTS; currtest++) { + testresult = 0; + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2) { + ctx = SSL_CTX_new(TLSv1_2_method()); + } else { + ctx = SSL_CTX_new(TLS_method()); + } + con = SSL_new(ctx); + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick))) + goto end; + } + + if (SSL_connect(con) > 0) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + len = BIO_get_mem_data(wbio, (char **)&data); + dataend = data + len; + + /* Skip the record header */ + data += SSL3_RT_HEADER_LENGTH; + /* Skip the handshake message header */ + data += SSL3_HM_HEADER_LENGTH; + /* Skip client version and random */ + data += CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE; + if (data + SESSION_ID_LEN_LEN > dataend) + goto end; + /* Skip session id */ + tmplen = *data; + data += SESSION_ID_LEN_LEN + tmplen; + if (data + CIPHERS_LEN_LEN > dataend) + goto end; + /* Skip ciphers */ + tmplen = ((*data) << 8) | *(data + 1); + data += CIPHERS_LEN_LEN + tmplen; + if (data + COMPRESSION_LEN_LEN > dataend) + goto end; + /* Skip compression */ + tmplen = *data; + data += COMPRESSION_LEN_LEN + tmplen; + if (data + EXTENSIONS_LEN_LEN > dataend) + goto end; + /* Extensions len */ + tmplen = ((*data) << 8) | *(data + 1); + data += EXTENSIONS_LEN_LEN; + if (data + tmplen > dataend) + goto end; + + /* Loop through all extensions */ + while (tmplen > EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN) { + type = ((*data) << 8) | *(data + 1); + data += EXTENSION_TYPE_LEN; + size = ((*data) << 8) | *(data + 1); + data += EXTENSION_SIZE_LEN; + if (data + size > dataend) + goto end; + + if (type == TLSEXT_TYPE_session_ticket) { + if (currtest == TEST_SET_SESSION_TICK_DATA_TLS_1_2 + || currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (size == strlen(dummytick) + && memcmp(data, dummytick, size) == 0) { + /* Ticket data is as we expected */ + testresult = 1; + } else { + printf("Received session ticket is not as expected\n"); + } + break; + } + } + + tmplen -= EXTENSION_TYPE_LEN + EXTENSION_SIZE_LEN + size; + data += size; + } + + end: + SSL_free(con); + SSL_CTX_free(ctx); + if (!testresult) { + printf("ClientHello test: FAILED (Test %d)\n", currtest); + break; + } + } + + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + CRYPTO_mem_leaks(err); + + return testresult?0:1; +} From steve at openssl.org Tue Jul 28 15:56:58 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 28 Jul 2015 15:56:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438099018.796978.10998.nullmailer@dev.openssl.org> The branch master has been updated via 14815a99d5fc625a5b8d730b05528f1f7b5d9ef7 (commit) via 797a89a15aff6af1a3bb458987cce7fbddef1ff0 (commit) via 431f458dfc41874b64ebe6145c9ed5358c9f505c (commit) from 3b848c642cdbca17c686c95b8fd655e5b1f5df2a (commit) - Log ----------------------------------------------------------------- commit 14815a99d5fc625a5b8d730b05528f1f7b5d9ef7 Author: Dr. Stephen Henson Date: Thu Jul 23 13:30:32 2015 +0100 Document signature algorithm setting functions. Reviewed-by: Matt Caswell commit 797a89a15aff6af1a3bb458987cce7fbddef1ff0 Author: Dr. Stephen Henson Date: Sat Jun 21 20:13:37 2014 +0100 Add some OCSP documentation. Reviewed-by: Matt Caswell commit 431f458dfc41874b64ebe6145c9ed5358c9f505c Author: Dr. Stephen Henson Date: Thu Jul 23 14:57:42 2015 +0100 Allow any order for signature algorithm string. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/crypto/OCSP_REQUEST_new.pod | 107 +++++++++++++++++++++++++++++ doc/crypto/OCSP_cert_to_id.pod | 78 +++++++++++++++++++++ doc/crypto/OCSP_request_add1_nonce.pod | 73 ++++++++++++++++++++ doc/crypto/OCSP_response_find_status.pod | 104 ++++++++++++++++++++++++++++ doc/crypto/OCSP_response_status.pod | 57 ++++++++++++++++ doc/crypto/OCSP_sendreq_new.pod | 113 +++++++++++++++++++++++++++++++ doc/ssl/SSL_CTX_set1_sigalgs.pod | 104 ++++++++++++++++++++++++++++ ssl/t1_lib.c | 32 +++++---- 8 files changed, 655 insertions(+), 13 deletions(-) create mode 100644 doc/crypto/OCSP_REQUEST_new.pod create mode 100644 doc/crypto/OCSP_cert_to_id.pod create mode 100644 doc/crypto/OCSP_request_add1_nonce.pod create mode 100644 doc/crypto/OCSP_response_find_status.pod create mode 100644 doc/crypto/OCSP_response_status.pod create mode 100644 doc/crypto/OCSP_sendreq_new.pod create mode 100644 doc/ssl/SSL_CTX_set1_sigalgs.pod diff --git a/doc/crypto/OCSP_REQUEST_new.pod b/doc/crypto/OCSP_REQUEST_new.pod new file mode 100644 index 0000000..563fed3 --- /dev/null +++ b/doc/crypto/OCSP_REQUEST_new.pod @@ -0,0 +1,107 @@ +=pod + +OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, +OCSP_request_add1_cert, OCSP_request_onereq_count, +OCSP_request_onereq_get0 - OCSP request functions. + +=head1 SYNOPSIS + + #include + + OCSP_REQUEST *OCSP_REQUEST_new(void); + void OCSP_REQUEST_free(OCSP_REQUEST *req); + + OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + + int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + + int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + + int OCSP_request_onereq_count(OCSP_REQUEST *req); + OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); + +=head1 DESCRIPTION + +OCSP_REQUEST_new() allocates and returns an empty B structure. + +OCSP_REQUEST_free() frees up the request structure B. + +OCSP_request_add0_id() adds certificate ID B to B. It returns +the B structure added so an application can add additional +extensions to the request. The B parameter B be freed up after +the operation. + +OCSP_request_sign() signs OCSP request B using certificate +B, private key B, digest B and additional certificates +B. If the B option B is set then no certificates +will be included in the request. + +OCSP_request_add1_cert() adds certificate B to request B. The +application is responsible for freeing up B after use. + +OCSP_request_onereq_count() returns the total number of B +structures in B. + +OCSP_request_onereq_get0() returns an internal pointer to the B +contained in B of index B. The index value B runs from 0 to +OCSP_request_onereq_count(req) - 1. + +=head1 RETURN VALUES + +OCSP_REQUEST_new() returns an empty B structure or B if +an error occurred. + +OCSP_request_add0_id() returns the B structure containing B +or B if an error occurred. + +OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0 +for failure. + +OCSP_request_onereq_count() returns the total number of B +structures in B. + +OCSP_request_onereq_get0() returns a pointer to an B structure +or B if the index value is out or range. + +=head1 NOTES + +An OCSP request structure contains one or more B structures +corresponding to each certificate. + +OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by +OCSP responders. + +=head1 EXAMPLE + +Create an B structure for certificate B with issuer +B: + + OCSP_REQUEST *req; + OCSP_ID *cid; + + req = OCSP_REQUEST_new(); + if (req == NULL) + /* error */ + cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); + if (cid == NULL) + /* error */ + + if (OCSP_REQUEST_add0_id(req, cid) == NULL) + /* error */ + + /* Do something with req, e.g. query responder */ + + OCSP_REQUEST_free(req); + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=cut diff --git a/doc/crypto/OCSP_cert_to_id.pod b/doc/crypto/OCSP_cert_to_id.pod new file mode 100644 index 0000000..2eab1d3 --- /dev/null +++ b/doc/crypto/OCSP_cert_to_id.pod @@ -0,0 +1,78 @@ +=pod + +OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, +OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions. + +=head1 SYNOPSIS + + #include + + OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, + X509 *subject, X509 *issuer); + + OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + X509_NAME *issuerName, + ASN1_BIT_STRING *issuerKey, + ASN1_INTEGER *serialNumber); + + void OCSP_CERTID_free(OCSP_CERTID *id); + + int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + + int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); + + +=head1 DESCRIPTION + +OCSP_cert_to_id() creates and returns a new B structure using +message digest B for certificate B with issuer B. If +B is B then SHA1 is used. + +OCSP_cert_id_new() creates and returns a new B using B and +issuer name B, issuer key hash B and serial number +B. + +OCSP_CERTID_free() frees up B. + +OCSP_id_cmp() compares B B and B. + +OCSP_id_issuer_cmp() compares only the issuer name of B B and B. + +OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and +serial number contained in B. If any of the values are not required the +corresponding parameter can be set to B. + +=head1 RETURN VALUES + +OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid +B structure or B if an error occurred. + +OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero +otherwise. + +OCSP_CERTID_free() does not return a value. + +OCSP_id_get0_info() returns 1 for sucess and 0 for failure. + +=head1 NOTES + +OCSP clients will typically only use OCSP_cert_to_id() or OCSP_cert_id_new(): +the other functions are used by responder applications. + +The values returned by OCSP_id_get0_info() are internal pointers and B be freed up by an application: they will be freed when the corresponding +B structure is freed. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=cut diff --git a/doc/crypto/OCSP_request_add1_nonce.pod b/doc/crypto/OCSP_request_add1_nonce.pod new file mode 100644 index 0000000..8fe3197 --- /dev/null +++ b/doc/crypto/OCSP_request_add1_nonce.pod @@ -0,0 +1,73 @@ +=pod + +OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions. + +=head1 SYNOPSIS + + #include + + int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); + int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); + int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); + +=head1 DESCRIPTION + +OCSP_request_add1_nonce() adds a nonce of value B and length B to +OCSP request B. If B is B a random nonce is used. If B +is zero or negative a default length will be used (currently 16 bytes). + +OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except +it adds a nonce to OCSP basic response B. + +OCSP_check_nonce() compares the nonce value in B and B. + +OCSP_copy_nonce() copys any nonce value present in B to B. + +=head1 RETURN VALUES + +OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success +and 0 for failure. + +OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce +was present in B and 0 if an error occurred. + +OCSP_check_nonce() returns the result of the nonce comparison between B +and B. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then -1 is returned. + +=head1 NOTES + +For most purposes the nonce value in a request is set to a random value so +the B parameter in OCSP_request_add1_nonce() is usually NULL. + +An OCSP nonce is typically added to an OCSP request to thwart replay attacks +by checking the same nonce value appears in the response. + +Some responders may include a nonce in all responses even if one is not +supplied. + +Some responders cache OCSP responses and do not sign each response for +performance reasons. As a result they do not support nonces. + +The return values of OCSP_check_nonce() can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A non-zero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=cut diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_response_find_status.pod new file mode 100644 index 0000000..1f4666a --- /dev/null +++ b/doc/crypto/OCSP_response_find_status.pod @@ -0,0 +1,104 @@ +=pod + +OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP reponse utility functions. + +=head1 SYNOPSIS + + #include + + int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); + + int OCSP_resp_count(OCSP_BASICRESP *bs); + OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); + int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); + + int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, + long sec, long maxsec); + +=head1 DESCRIPTION + +OCSP_resp_find_status() searches B for an OCSP response for B. If it is +successful the fields of the response are returned in B<*status>, B<*reason>, +B<*revtime>, B<*thisupd> and B<*nextupd>. The B<*status> value will be one of +B, B or +B. The B<*reason> and B<*revtime> fields are only +set if the status is B. If set the B<*reason> field +will be set to the revocation reason which will be one of +B, B, +B, B, +B, B, +B, +B or B. + +OCSP_resp_count() returns the number of B structures in B. + +OCSP_resp_get0() returns the B structure in B +corresponding to index B. Where B runs from 0 to +OCSP_resp_count(bs) - 1. + +OCSP_resp_find() searches B for B and returns the index of the first +matching entry after B or starting from the beginning if B is -1. + +OCSP_single_get0_status() extracts the fields of B in B<*reason>, +B<*revtime>, B<*thisupd> and B<*nextupd>. + +OCSP_check_validity() checks the validity of B and B values +which will be typically obtained from OCSP_resp_find_status() or +OCSP_single_get0_status(). If B is non-zero it indicates how many seconds +leeway should be allowed in the check. If B is positive it indicates +the maximum age of B in seconds. + +=head1 RETURN VALUES + +OCSP_resp_find_status() returns 1 if B is found in B and 0 otherwise. + +OCSP_resp_count() returns the total number of B fields in +B. + +OCSP_resp_get0() returns a pointer to an B structure or +B if B is out of range. + +OCSP_resp_find() returns the index of B in B (which may be 0) or -1 if +B was not found. + +OCSP_single_get0_status() returns the status of B or -1 if an error +occurred. + +=head1 NOTES + +Applications will typically call OCSP_resp_find_status() using the certificate +ID of interest and then check its validity using OCSP_check_validity(). They +can then take appropriate action based on the status of the certificate. + +An OCSP response for a certificate contains B and B +fields. Normally the current time should be between these two values. To +account for clock skew the B field can be set to non-zero in +OCSP_check_validity(). Some responders do not set the B field, this +would otherwise mean an ancient response would be considered valid: the +B parameter to OCSP_check_validity() can be used to limit the permitted +age of responses. + +The values written to B<*revtime>, B<*thisupd> and B<*nextupd> by +OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers +which B be freed up by the calling application. Any or all of these +parameters can be set to NULL if their value is not required. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=cut diff --git a/doc/crypto/OCSP_response_status.pod b/doc/crypto/OCSP_response_status.pod new file mode 100644 index 0000000..7121872 --- /dev/null +++ b/doc/crypto/OCSP_response_status.pod @@ -0,0 +1,57 @@ +=pod + +OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, +OCSP_RESPONSE_free - OCSP response functions. + +=head1 SYNOPSIS + + #include + + int OCSP_response_status(OCSP_RESPONSE *resp); + OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); + void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); + +=head1 DESCRIPTION + +OCSP_response_status() returns the OCSP response status of B. It returns +one of the values: B, +B, +B, B +B, or B. + +OCSP_response_get1_basic() decodes and returns the B structure +contained in B. + +OCSP_response_create() creates and returns an B structure for +B and optionally including basic response B. + +OCSP_RESPONSE_free() frees up OCSP reponse B. + +=head1 RETURN VALUES + +OCSP_RESPONSE_status() returns a status value. + +OCSP_response_get1_basic() returns an B structure pointer or +B if an error occurred. + +OCSP_response_create() returns an B structure pointer or B +if an error occurred. + +OCSP_RESPONSE_free() does not return a value. + +=head1 NOTES + +OCSP_response_get1_basic() is only called if the status of a response is +B. + +=head1 SEE ALSO + +L +L +L +L +L +L + +=cut diff --git a/doc/crypto/OCSP_sendreq_new.pod b/doc/crypto/OCSP_sendreq_new.pod new file mode 100644 index 0000000..cab11f7 --- /dev/null +++ b/doc/crypto/OCSP_sendreq_new.pod @@ -0,0 +1,113 @@ +=pod + +=head1 NAME + +OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, +OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions + +=head1 SYNOPSIS + + #include + + OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); + + int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); + + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); + + void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); + + int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + + int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); + + OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); + +=head1 DESCRIPTION + +The function OCSP_sendreq_new() returns an B structure using the +responder B, the URL path B, the OCSP request B and with a +response header maximum line length of B. If B is zero a +default value of 4k is used. The OCSP request B may be set to B +and provided later if required. + +OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context +B. When the operation is complete it returns the response in B<*presp>. + +OCSP_REQ_CTX_free() frees up the OCSP context B. + +OCSP_set_max_response_length() sets the maximum reponse length for B +to B. If the response exceeds this length an error occurs. If not +set a default value of 100k is used. + +OCSP_REQ_CTX_add1_header() adds header B with value B to the +context B. It can be called more than once to add multiple headers. +It B be called before any calls to OCSP_sendreq_nbio(). The B +parameter in the initial to OCSP_sendreq_new() call MUST be set to B if +additional headers are set. + +OCSP_REQ_CTX_set1_req() sets the OCSP request in B to B. This +function should be called after any calls to OCSP_REQ_CTX_add1_header(). + +OCSP_sendreq_bio() performs an OCSP request using the responder B, the URL +path B, the OCSP request B and with a response header maximum line +length of B. If B is zero a default value of 4k is used. + +=head1 RETURN VALUES + +OCSP_sendreq_new() returns a valid B structure or B if +an error occurred. + +OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully, +B<-1> if the operation should be retried and B<0> if an error occurred. + +OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success +and B<0> for failure. + +OCSP_sendreq_bio() returns the B structure sent by the +responder or B if an error occurred. + +OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values. + +=head1 NOTES + +These functions only perform a minimal HTTP query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete HTTP library. + +Currently only HTTP POST queries to responders are supported. + +The arguments to OCSP_sendreq_new() correspond to the components of the URL. +For example if the responder URL is B the BIO +B should be connected to host B on port 80 and B +should be set to B<"/ocspreq"> + +The headers added with OCSP_REQ_CTX_add1_header() are of the form +"B: B" or just "B" if B is B. So to add +a Host header for B you would call: + + OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); + +If OCSP_sendreq_nbio() indicates an operation should be retried the +corresponding BIO can be examined to determine which operation (read or +write) should be retried and appropriate action taken (for example a select() +call on the underlying socket). + +OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking +I/O efficiently. It is retained for compatibility and its use in new +applications is not recommended. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=cut diff --git a/doc/ssl/SSL_CTX_set1_sigalgs.pod b/doc/ssl/SSL_CTX_set1_sigalgs.pod new file mode 100644 index 0000000..b263160 --- /dev/null +++ b/doc/ssl/SSL_CTX_set1_sigalgs.pod @@ -0,0 +1,104 @@ +=pod + +=head1 NAME + +SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, +SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, +SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, +SSL_set1_client_sigalgs_list - set supported signature algorithms + +=head1 SYNOPSIS + + #include + + long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); + long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); + long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); + long SSL_set1_sigalgs_list(SSL *ssl, const char *str); + + long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); + long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); + long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); + long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); + +=head1 DESCRIPTION + +SSL_CTX_set1_sigalgs() and SSL_set1_sigalgs() set the supported signature +algorithms for B or B. The array B of length B +must consist of pairs of NIDs corresponding to digest and public key +algorithms. + +SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported +signature algorithms for B or B. The B parameter +must be a null terminated string consisting or a colon separated list of +public key algorithms and digests separated by B<+>. + +SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), +SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set +signature algorithms related to client authentication, otherwise they are +identical to SSL_CTX_set1_sigalgs(), SSL_set1_sigalgs(), +SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list(). + +All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary. + +=head1 NOTES + +If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible SSL_CONF API instead. + +The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message. + +The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE) +their order. + +The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused. + +Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms. + +Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example SHA1 if the security level is 4 or more). + +Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. + +The short or long name values for digests can be used in a string (for +example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and +the public key algorithm strings "RSA", "DSA" or "ECDSA". + +The use of MD5 as a digest is strongly discouraged due to security weaknesses. + +=head1 EXAMPLES + +Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA +using an array: + + const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; + + SSL_CTX_set1_sigalgs(ctx, slist, 4); + +Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA +using a string: + + SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); + +=head1 RETURN VALUES + +All these functions return 1 for success and 0 for failure. + +=head1 SEE ALSO + +L, L, +L + +=cut diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f08eb84..e593654 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3739,12 +3739,27 @@ typedef struct { int sigalgs[MAX_SIGALGLEN]; } sig_cb_st; +static void get_sigorhash(int *psig, int *phash, const char *str) +{ + if (strcmp(str, "RSA") == 0) { + *psig = EVP_PKEY_RSA; + } else if (strcmp(str, "DSA") == 0) { + *psig = EVP_PKEY_DSA; + } else if (strcmp(str, "ECDSA") == 0) { + *psig = EVP_PKEY_EC; + } else { + *phash = OBJ_sn2nid(str); + if (*phash == NID_undef) + *phash = OBJ_ln2nid(str); + } +} + static int sig_cb(const char *elem, int len, void *arg) { sig_cb_st *sarg = arg; size_t i; char etmp[20], *p; - int sig_alg, hash_alg; + int sig_alg = NID_undef, hash_alg = NID_undef; if (elem == NULL) return 0; if (sarg->sigalgcnt == MAX_SIGALGLEN) @@ -3761,19 +3776,10 @@ static int sig_cb(const char *elem, int len, void *arg) if (!*p) return 0; - if (strcmp(etmp, "RSA") == 0) - sig_alg = EVP_PKEY_RSA; - else if (strcmp(etmp, "DSA") == 0) - sig_alg = EVP_PKEY_DSA; - else if (strcmp(etmp, "ECDSA") == 0) - sig_alg = EVP_PKEY_EC; - else - return 0; + get_sigorhash(&sig_alg, &hash_alg, etmp); + get_sigorhash(&sig_alg, &hash_alg, p); - hash_alg = OBJ_sn2nid(p); - if (hash_alg == NID_undef) - hash_alg = OBJ_ln2nid(p); - if (hash_alg == NID_undef) + if (sig_alg == NID_undef || hash_alg == NID_undef) return 0; for (i = 0; i < sarg->sigalgcnt; i += 2) { From rsalz at openssl.org Wed Jul 29 14:38:10 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 29 Jul 2015 14:38:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438180690.944258.8869.nullmailer@dev.openssl.org> The branch master has been updated via 932af1617e277904bcca6e47729a420bba39785b (commit) from 14815a99d5fc625a5b8d730b05528f1f7b5d9ef7 (commit) - Log ----------------------------------------------------------------- commit 932af1617e277904bcca6e47729a420bba39785b Author: Rich Salz Date: Tue Jul 28 12:41:36 2015 -0400 Tweak README about rt and bug reporting. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: README | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/README b/README index 6e7bc73..40c2e83 100644 --- a/README +++ b/README @@ -137,17 +137,23 @@ Email the report to: - openssl-bugs at openssl.org + rt at openssl.org - Note that the request tracker should NOT be used for general assistance - or support queries. Just because something doesn't work the way you expect - does not mean it is necessarily a bug in OpenSSL. + In order to avoid spam, this is a moderated mailing list, and it might + take a day for the ticket to show up. (We also scan posts to make sure + that security disclosures aren't publically posted by mistake.) Mail to + this address is recorded in the public RT (request tracker) database (see + https://www.openssl.org/support/rt.html for details) and also forwarded + the public openssl-dev mailing list. Confidential mail may be sent to + openssl-security at openssl.org (PGP key available from the key servers). - Note that mail to openssl-bugs at openssl.org is recorded in the public - request tracker database (see https://www.openssl.org/support/rt.html - for details) and also forwarded to a public mailing list. Confidential - mail may be sent to openssl-security at openssl.org (PGP key available from - the key servers). + Please do NOT use this for general assistance or support queries. + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. + + You can also make GitHub pull requests. If you do this, please also send + mail to rt at openssl.org with a link to the PR so that we can more easily + keep track of it. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- @@ -164,11 +170,10 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow the coding style of - OpenSSL and compile without warnings. Some of the core team developer targets - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL - compiles on many varied platforms: try to ensure you only use portable - features. + current Git or the last snapshot. They should follow our coding style + (see http://openssl.org/about/codingstyle.txt) and compile without + warnings using the --strict-warnings flag. OpenSSL compiles on many + varied platforms: try to ensure you only use portable features. Note: For legal reasons, contributions from the US can be accepted only if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov From rsalz at openssl.org Wed Jul 29 14:38:30 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 29 Jul 2015 14:38:30 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438180710.569623.9710.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 6b7d872e819449a19ea428386f25e90e5eaedc29 (commit) from f0348c842e75a77f643e7d34cb88609145b2d320 (commit) - Log ----------------------------------------------------------------- commit 6b7d872e819449a19ea428386f25e90e5eaedc29 Author: Rich Salz Date: Tue Jul 28 12:41:36 2015 -0400 Tweak README about rt and bug reporting. Reviewed-by: Matt Caswell (cherry picked from commit 932af1617e277904bcca6e47729a420bba39785b) ----------------------------------------------------------------------- Summary of changes: README | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/README b/README index ae17fb4..b6ffe9b 100644 --- a/README +++ b/README @@ -137,17 +137,23 @@ Email the report to: - openssl-bugs at openssl.org + rt at openssl.org - Note that the request tracker should NOT be used for general assistance - or support queries. Just because something doesn't work the way you expect - does not mean it is necessarily a bug in OpenSSL. + In order to avoid spam, this is a moderated mailing list, and it might + take a day for the ticket to show up. (We also scan posts to make sure + that security disclosures aren't publically posted by mistake.) Mail to + this address is recorded in the public RT (request tracker) database (see + https://www.openssl.org/support/rt.html for details) and also forwarded + the public openssl-dev mailing list. Confidential mail may be sent to + openssl-security at openssl.org (PGP key available from the key servers). - Note that mail to openssl-bugs at openssl.org is recorded in the public - request tracker database (see https://www.openssl.org/support/rt.html - for details) and also forwarded to a public mailing list. Confidential - mail may be sent to openssl-security at openssl.org (PGP key available from - the key servers). + Please do NOT use this for general assistance or support queries. + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. + + You can also make GitHub pull requests. If you do this, please also send + mail to rt at openssl.org with a link to the PR so that we can more easily + keep track of it. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- @@ -164,11 +170,10 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow the coding style of - OpenSSL and compile without warnings. Some of the core team developer targets - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL - compiles on many varied platforms: try to ensure you only use portable - features. + current Git or the last snapshot. They should follow our coding style + (see http://openssl.org/about/codingstyle.txt) and compile without + warnings using the --strict-warnings flag. OpenSSL compiles on many + varied platforms: try to ensure you only use portable features. Note: For legal reasons, contributions from the US can be accepted only if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov From rsalz at openssl.org Wed Jul 29 14:39:21 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 29 Jul 2015 14:39:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1438180761.847259.10098.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 372e74903e8e0553f507215cea544ff6805fdda3 (commit) from 728432aed0f8e0c8b86df0724c9fde76659bc54b (commit) - Log ----------------------------------------------------------------- commit 372e74903e8e0553f507215cea544ff6805fdda3 Author: Rich Salz Date: Tue Jul 28 12:41:36 2015 -0400 Tweak README about rt and bug reporting. Reviewed-by: Matt Caswell (cherry picked from commit 932af1617e277904bcca6e47729a420bba39785b) ----------------------------------------------------------------------- Summary of changes: README | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/README b/README index c3db93a..e851aff 100644 --- a/README +++ b/README @@ -164,16 +164,23 @@ Report the bug to the OpenSSL project via the Request Tracker (http://www.openssl.org/support/rt.html) by mail to: - openssl-bugs at openssl.org + rt at openssl.org - Note that the request tracker should NOT be used for general assistance - or support queries. Just because something doesn't work the way you expect - does not mean it is necessarily a bug in OpenSSL. + In order to avoid spam, this is a moderated mailing list, and it might + take a day for the ticket to show up. (We also scan posts to make sure + that security disclosures aren't publically posted by mistake.) Mail to + this address is recorded in the public RT (request tracker) database (see + https://www.openssl.org/support/rt.html for details) and also forwarded + the public openssl-dev mailing list. Confidential mail may be sent to + openssl-security at openssl.org (PGP key available from the key servers). - Note that mail to openssl-bugs at openssl.org is recorded in the publicly - readable request tracker database and is forwarded to a public - mailing list. Confidential mail may be sent to openssl-security at openssl.org - (PGP key available from the key servers). + Please do NOT use this for general assistance or support queries. + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. + + You can also make GitHub pull requests. If you do this, please also send + mail to rt at openssl.org with a link to the PR so that we can more easily + keep track of it. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- @@ -190,11 +197,10 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow the coding style of - OpenSSL and compile without warnings. Some of the core team developer targets - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL - compiles on many varied platforms: try to ensure you only use portable - features. + current Git or the last snapshot. They should follow our coding style + (see http://openssl.org/about/codingstyle.txt) and compile without + warnings using the --strict-warnings flag. OpenSSL compiles on many + varied platforms: try to ensure you only use portable features. Note: For legal reasons, contributions from the US can be accepted only if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov From rsalz at openssl.org Wed Jul 29 14:40:21 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 29 Jul 2015 14:40:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1438180821.921408.10406.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 9e2b04b677243b49d53cb008b0011f92bdd8d665 (commit) from 1fb21ac4a9c45000de32b44463b3fbdff8e06bc6 (commit) - Log ----------------------------------------------------------------- commit 9e2b04b677243b49d53cb008b0011f92bdd8d665 Author: Rich Salz Date: Tue Jul 28 12:41:36 2015 -0400 Tweak README about rt and bug reporting. Reviewed-by: Matt Caswell (cherry picked from commit 932af1617e277904bcca6e47729a420bba39785b) ----------------------------------------------------------------------- Summary of changes: README | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/README b/README index 2556b8c..1a70b7f 100644 --- a/README +++ b/README @@ -164,16 +164,23 @@ Report the bug to the OpenSSL project via the Request Tracker (http://www.openssl.org/support/rt.html) by mail to: - openssl-bugs at openssl.org + rt at openssl.org - Note that the request tracker should NOT be used for general assistance - or support queries. Just because something doesn't work the way you expect - does not mean it is necessarily a bug in OpenSSL. + In order to avoid spam, this is a moderated mailing list, and it might + take a day for the ticket to show up. (We also scan posts to make sure + that security disclosures aren't publically posted by mistake.) Mail to + this address is recorded in the public RT (request tracker) database (see + https://www.openssl.org/support/rt.html for details) and also forwarded + the public openssl-dev mailing list. Confidential mail may be sent to + openssl-security at openssl.org (PGP key available from the key servers). - Note that mail to openssl-bugs at openssl.org is recorded in the publicly - readable request tracker database and is forwarded to a public - mailing list. Confidential mail may be sent to openssl-security at openssl.org - (PGP key available from the key servers). + Please do NOT use this for general assistance or support queries. + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. + + You can also make GitHub pull requests. If you do this, please also send + mail to rt at openssl.org with a link to the PR so that we can more easily + keep track of it. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- @@ -190,11 +197,10 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow the coding style of - OpenSSL and compile without warnings. Some of the core team developer targets - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL - compiles on many varied platforms: try to ensure you only use portable - features. + current Git or the last snapshot. They should follow our coding style + (see http://openssl.org/about/codingstyle.txt) and compile without + warnings using the --strict-warnings flag. OpenSSL compiles on many + varied platforms: try to ensure you only use portable features. Note: For legal reasons, contributions from the US can be accepted only if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov From rsalz at openssl.org Wed Jul 29 14:40:49 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 29 Jul 2015 14:40:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1438180849.306818.10695.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via a95168889f5e9fc67aa946b95510cb712761d841 (commit) from 1ac4693c38bc39de8656470413d2cd53cf453de3 (commit) - Log ----------------------------------------------------------------- commit a95168889f5e9fc67aa946b95510cb712761d841 Author: Rich Salz Date: Tue Jul 28 12:41:36 2015 -0400 Tweak README about rt and bug reporting. Reviewed-by: Matt Caswell (cherry picked from commit 932af1617e277904bcca6e47729a420bba39785b) ----------------------------------------------------------------------- Summary of changes: README | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/README b/README index 5ca30cf..4827753 100644 --- a/README +++ b/README @@ -164,16 +164,23 @@ Report the bug to the OpenSSL project via the Request Tracker (http://www.openssl.org/support/rt.html) by mail to: - openssl-bugs at openssl.org + rt at openssl.org - Note that the request tracker should NOT be used for general assistance - or support queries. Just because something doesn't work the way you expect - does not mean it is necessarily a bug in OpenSSL. + In order to avoid spam, this is a moderated mailing list, and it might + take a day for the ticket to show up. (We also scan posts to make sure + that security disclosures aren't publically posted by mistake.) Mail to + this address is recorded in the public RT (request tracker) database (see + https://www.openssl.org/support/rt.html for details) and also forwarded + the public openssl-dev mailing list. Confidential mail may be sent to + openssl-security at openssl.org (PGP key available from the key servers). - Note that mail to openssl-bugs at openssl.org is recorded in the publicly - readable request tracker database and is forwarded to a public - mailing list. Confidential mail may be sent to openssl-security at openssl.org - (PGP key available from the key servers). + Please do NOT use this for general assistance or support queries. + Just because something doesn't work the way you expect does not mean it + is necessarily a bug in OpenSSL. + + You can also make GitHub pull requests. If you do this, please also send + mail to rt at openssl.org with a link to the PR so that we can more easily + keep track of it. HOW TO CONTRIBUTE TO OpenSSL ---------------------------- @@ -190,11 +197,10 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow the coding style of - OpenSSL and compile without warnings. Some of the core team developer targets - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL - compiles on many varied platforms: try to ensure you only use portable - features. + current Git or the last snapshot. They should follow our coding style + (see http://openssl.org/about/codingstyle.txt) and compile without + warnings using the --strict-warnings flag. OpenSSL compiles on many + varied platforms: try to ensure you only use portable features. Note: For legal reasons, contributions from the US can be accepted only if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov From rsalz at openssl.org Wed Jul 29 20:13:49 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 29 Jul 2015 20:13:49 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1438200829.412835.15349.nullmailer@dev.openssl.org> The branch master has been updated via 7396e9b0e72bece0d79baa53e1459e8bdeb5cb76 (commit) from c21a779e67328ae7b1e5037631f82bb91a532887 (commit) - Log ----------------------------------------------------------------- commit 7396e9b0e72bece0d79baa53e1459e8bdeb5cb76 Author: Rich Salz Date: Wed Jul 29 16:13:35 2015 -0400 update RT/bug email stuff ----------------------------------------------------------------------- Summary of changes: support/rt.wml | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/support/rt.wml b/support/rt.wml index a10d09d..c3a705c 100644 --- a/support/rt.wml +++ b/support/rt.wml @@ -5,15 +5,13 @@
OpenSSL Request Tracker
-The OpenSSL project has set up a request tracker at +We have set up a request tracker at http://rt.openssl.org/ offering read-only access using the account guest with the password guest. -The username and password can also be specified in the URL for example: -http://rt.openssl.org/?user=guest&pass=guest. - -A link to a specific bug can be created using for example: +The username and password can also be specified in the URL, as can a link +to a specific bug. For example: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1 @@ -25,17 +23,20 @@ of new or open bugs and requests.
Sending a Request
-New requests must be sent by email to +To create a new bug or enhancement request, send email to rt at openssl.org, clearly indicating the type of request (bug report, patch, contribution, enhancement request, ...) the operating system and version of OpenSSL affected. +If you have a patch or diff, please send it as an attachment, and not +inline in the message body. The easiest way to respond to an existing request is to reply to the relevant -message in openssl-dev at openssl.org and making sure you include -rt at openssl.org in the list of recipients. - -If you do not have a copy of the existing request then you can create a new -email including the ID in the subject line. For example to reply to ID #9999 +message in openssl-dev at openssl.org. To help avoid duplicate copies, +edit the recipient list so that only +rt at openssl.org is listed and remove any quoted material. +You can also create a new email by having the subject line start with a +special prefix. +For example to reply to ID #9999 you'd send a message to rt at openssl.org including [openssl.org #9999] in the subject.
Gateways
@@ -44,10 +45,11 @@ Incoming requests are added to the request tracker. The request tracker automatically forwards incoming requests to the openssl-dev at openssl.org mailing list for information of the community and public discussion. -Replys sent to rt at openssl.org keeping the ticket in the +Replies sent to rt at openssl.org keeping the ticket in the subject line unchanged will be recorded and added to the ticket by the request tracker, then forwarded to openssl-dev at openssl.org.
Request Tracker Software
+ The request tracker is using the RT software, available from -http://www.fsck.com/projects/rt/. +http://www.bestpractical.com/rt/. From rsalz at openssl.org Wed Jul 29 20:59:07 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 29 Jul 2015 20:59:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438203547.581155.28329.nullmailer@dev.openssl.org> The branch master has been updated via 5bb17d1b3cb1a02d1e48ad0810105f1b501b0532 (commit) from 932af1617e277904bcca6e47729a420bba39785b (commit) - Log ----------------------------------------------------------------- commit 5bb17d1b3cb1a02d1e48ad0810105f1b501b0532 Author: Rich Salz Date: Wed Jul 29 16:55:08 2015 -0400 RT3639: Add -no_comp description to online help Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.h b/apps/apps.h index 2823cbc..f2dc812 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -287,7 +287,7 @@ void unbuffer(FILE *fp); {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \ {"bugs", OPT_S_BUGS, '-' }, \ - {"no_comp", OPT_S_NOCOMP, '-' }, \ + {"no_comp", OPT_S_NOCOMP, '-', "Don't use SSL/TLS-level compression" }, \ {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \ {"no_ticket", OPT_S_NOTICKET, '-' }, \ {"serverpref", OPT_S_SERVERPREF, '-' }, \ From rsalz at openssl.org Thu Jul 30 01:21:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 30 Jul 2015 01:21:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438219275.419041.27465.nullmailer@dev.openssl.org> The branch master has been updated via fa4629b6a2518d202fd051f228c3d8770682b3be (commit) from 5bb17d1b3cb1a02d1e48ad0810105f1b501b0532 (commit) - Log ----------------------------------------------------------------- commit fa4629b6a2518d202fd051f228c3d8770682b3be Author: Martin Vejnar Date: Wed Jul 29 17:28:19 2015 -0400 RT3774: double-free in DSA Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_ameth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 73dd158..0002e08 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -321,6 +321,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_STRING_clear_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) From rsalz at openssl.org Thu Jul 30 01:21:42 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 30 Jul 2015 01:21:42 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438219302.326141.28281.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 374fd385c2347b965c3490aa1c10025e1339d265 (commit) from 6b7d872e819449a19ea428386f25e90e5eaedc29 (commit) - Log ----------------------------------------------------------------- commit 374fd385c2347b965c3490aa1c10025e1339d265 Author: Martin Vejnar Date: Wed Jul 29 17:28:19 2015 -0400 RT3774: double-free in DSA Reviewed-by: Matt Caswell (cherry picked from commit fa4629b6a2518d202fd051f228c3d8770682b3be) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_ameth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 2a5cd71..c40e177 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -318,6 +318,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_STRING_clear_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) From rsalz at openssl.org Thu Jul 30 01:21:53 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 30 Jul 2015 01:21:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1438219313.773847.28528.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 721cbae7e63deb865f7cd8ac01ab5d0e99c2f69e (commit) from 372e74903e8e0553f507215cea544ff6805fdda3 (commit) - Log ----------------------------------------------------------------- commit 721cbae7e63deb865f7cd8ac01ab5d0e99c2f69e Author: Martin Vejnar Date: Wed Jul 29 17:28:19 2015 -0400 RT3774: double-free in DSA Reviewed-by: Matt Caswell (cherry picked from commit fa4629b6a2518d202fd051f228c3d8770682b3be) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_ameth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index a2840ea..6ddef45 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -318,6 +318,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_STRING_clear_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) From rsalz at openssl.org Thu Jul 30 01:22:03 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 30 Jul 2015 01:22:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1438219323.494927.28763.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 86fecb23df64a87dc9833f8d88f7c3f9c704f6b9 (commit) from 9e2b04b677243b49d53cb008b0011f92bdd8d665 (commit) - Log ----------------------------------------------------------------- commit 86fecb23df64a87dc9833f8d88f7c3f9c704f6b9 Author: Martin Vejnar Date: Wed Jul 29 17:28:19 2015 -0400 RT3774: double-free in DSA Reviewed-by: Matt Caswell (cherry picked from commit fa4629b6a2518d202fd051f228c3d8770682b3be) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_ameth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 9fdce81..1dd373d 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -316,6 +316,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_STRING_clear_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) From matt at openssl.org Thu Jul 30 09:23:44 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 30 Jul 2015 09:23:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438248224.976140.31476.nullmailer@dev.openssl.org> The branch master has been updated via 5e8b24dbfb98ed7c5b355cb6a959906a418e264b (commit) from fa4629b6a2518d202fd051f228c3d8770682b3be (commit) - Log ----------------------------------------------------------------- commit 5e8b24dbfb98ed7c5b355cb6a959906a418e264b Author: Matt Caswell Date: Wed Jul 29 23:20:56 2015 +0100 Fix write failure handling in DTLS1.2 The DTLS code is supposed to drop packets if we try to write them out but the underlying BIO write buffers are full. ssl3_write_pending() contains an incorrect test for DTLS that controls this. The test only checks for DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which can later cause an assert to be hit. This commit changes the test to cover all DTLS versions. RT#3967 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_s3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 79d3c21..d6e922c 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -929,7 +929,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, s->rwstate = SSL_NOTHING; return (s->rlayer.wpend_ret); } else if (i <= 0) { - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { /* * For DTLS, just drop it. That's kind of the whole point in * using a datagram service From matt at openssl.org Thu Jul 30 09:24:08 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 30 Jul 2015 09:24:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438248248.083299.32496.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f (commit) from 374fd385c2347b965c3490aa1c10025e1339d265 (commit) - Log ----------------------------------------------------------------- commit 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f Author: Matt Caswell Date: Wed Jul 29 23:20:56 2015 +0100 Fix write failure handling in DTLS1.2 The DTLS code is supposed to drop packets if we try to write them out but the underlying BIO write buffers are full. ssl3_write_pending() contains an incorrect test for DTLS that controls this. The test only checks for DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which can later cause an assert to be hit. This commit changes the test to cover all DTLS versions. RT#3967 Reviewed-by: Tim Hudson (cherry picked from commit 5e8b24dbfb98ed7c5b355cb6a959906a418e264b) ----------------------------------------------------------------------- Summary of changes: ssl/s3_pkt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 603c285..3798902 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1115,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, s->rwstate = SSL_NOTHING; return (s->s3->wpend_ret); } else if (i <= 0) { - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { /* * For DTLS, just drop it. That's kind of the whole point in * using a datagram service From steve at openssl.org Thu Jul 30 13:35:12 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 30 Jul 2015 13:35:12 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438263312.245427.27666.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7 (commit) from 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f (commit) - Log ----------------------------------------------------------------- commit d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7 Author: Dr. Stephen Henson Date: Wed Jul 29 16:16:02 2015 +0100 use X9.31 keygen by default in FIPS mode Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_gen.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 2465fbd..7f7dca3 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -69,6 +69,8 @@ #include #ifdef OPENSSL_FIPS # include +extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, @@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); #ifdef OPENSSL_FIPS if (FIPS_mode()) - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); + return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); #endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } From steve at openssl.org Thu Jul 30 13:37:17 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 30 Jul 2015 13:37:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1438263437.082091.28532.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 5030cc69ffd6137d3d3f2b221c3313042940c1fd (commit) from 721cbae7e63deb865f7cd8ac01ab5d0e99c2f69e (commit) - Log ----------------------------------------------------------------- commit 5030cc69ffd6137d3d3f2b221c3313042940c1fd Author: Dr. Stephen Henson Date: Wed Jul 29 16:16:02 2015 +0100 use X9.31 keygen by default in FIPS mode Reviewed-by: Matt Caswell (cherry picked from commit d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_gen.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 2465fbd..7f7dca3 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -69,6 +69,8 @@ #include #ifdef OPENSSL_FIPS # include +extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, @@ -94,7 +96,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); #ifdef OPENSSL_FIPS if (FIPS_mode()) - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); + return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); #endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } From steve at openssl.org Thu Jul 30 14:37:58 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 30 Jul 2015 14:37:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438267078.198293.16652.nullmailer@dev.openssl.org> The branch master has been updated via 3df16cc2e27f75eac2c0991248b0c294e2c847b5 (commit) via a784665e52735f77a64d01216d7535834278c27c (commit) via a3f7ff2b2d1b1267cdf0bbce2374ebe149ed264a (commit) via 69a3a9f5d9c018eee97b4127c40bc9903c03cce4 (commit) via b2f8ab8681d4c9bba3b516672689e86e83b41e53 (commit) via 23237159f76933a898d4da1ee67de704350e1ca9 (commit) via 5516fcc0c9dad543aee4c9bf849d759bb58a0644 (commit) via ea6114c6d0e31e3d6d8897d753afeadec33ddeee (commit) via f40ecbc37c4be64eb4203792a55b2ecaebe83cf7 (commit) via 2a1a04e131749a6aec280d53dfda86b595de55b3 (commit) via 8a0a12e5bf78e6f2e501d3af86c675498e6c7552 (commit) via 85269210ff39eabd1f898716f1e9bbcd2d0b8be2 (commit) via 7689082b7199b91aa2df5d3e481abcca480e9d7e (commit) via 12053a81c875473355e441d00ac81ed3c501dc9b (commit) via adc5506adf4f4cb2719026354a8512e3a7807f8a (commit) via 13be69f3e67f8b974183e6fff6d12d9a841ee97f (commit) via 526f94ad68345a18559ee334e03d7f31c96f47d6 (commit) via fe5eef3a3b3e6844394d976a182d88225c59ddb5 (commit) via 332a251fd7cca28b1cc34d5ddf26272a352f5299 (commit) via 8baac6a224ec194036b43e47b36b642248257b56 (commit) via dcbd50608a44277f84f2a9323726a84f6f9d68ca (commit) via 0096d8f7e01d2c0616f9a916145b62a2d8d7acdf (commit) via 64651d3984ca24c48538a2a109c446fd684aa248 (commit) from 5e8b24dbfb98ed7c5b355cb6a959906a418e264b (commit) - Log ----------------------------------------------------------------- commit 3df16cc2e27f75eac2c0991248b0c294e2c847b5 Author: Dr. Stephen Henson Date: Tue Jul 28 16:13:29 2015 +0100 cleanse psk_identity on error Reviewed-by: Matt Caswell commit a784665e52735f77a64d01216d7535834278c27c Author: Dr. Stephen Henson Date: Tue Jul 28 16:04:53 2015 +0100 Free and cleanse pms on error Reviewed-by: Matt Caswell commit a3f7ff2b2d1b1267cdf0bbce2374ebe149ed264a Author: Dr. Stephen Henson Date: Sat Jul 11 01:17:36 2015 +0100 Don't request certificates for any PSK ciphersuite Reviewed-by: Matt Caswell commit 69a3a9f5d9c018eee97b4127c40bc9903c03cce4 Author: Dr. Stephen Henson Date: Tue Jun 30 19:14:58 2015 +0100 CAMELLIA PSK ciphersuites from RFC6367 Reviewed-by: Matt Caswell commit b2f8ab8681d4c9bba3b516672689e86e83b41e53 Author: Dr. Stephen Henson Date: Mon Jun 29 14:20:01 2015 +0100 Add PSK ciphersuites to docs Reviewed-by: Matt Caswell commit 23237159f76933a898d4da1ee67de704350e1ca9 Author: Dr. Stephen Henson Date: Mon Jun 29 12:17:21 2015 +0100 Update CHANGES Reviewed-by: Matt Caswell commit 5516fcc0c9dad543aee4c9bf849d759bb58a0644 Author: Dr. Stephen Henson Date: Mon Jun 29 00:44:39 2015 +0100 Add RFC4785 ciphersuites Reviewed-by: Matt Caswell commit ea6114c6d0e31e3d6d8897d753afeadec33ddeee Author: Dr. Stephen Henson Date: Sun Jun 28 17:05:47 2015 +0100 Add RFC4279, RFC5487 and RFC5489 ciphersuites. Note: some of the RFC4279 ciphersuites were originally part of PR#2464. Reviewed-by: Matt Caswell commit f40ecbc37c4be64eb4203792a55b2ecaebe83cf7 Author: Dr. Stephen Henson Date: Sun Jun 28 16:55:00 2015 +0100 Initial new PSK ciphersuite defines Reviewed-by: Matt Caswell commit 2a1a04e131749a6aec280d53dfda86b595de55b3 Author: Dr. Stephen Henson Date: Sun Jun 28 16:50:53 2015 +0100 Add full PSK trace support Reviewed-by: Matt Caswell commit 8a0a12e5bf78e6f2e501d3af86c675498e6c7552 Author: Dr. Stephen Henson Date: Sun Jun 28 16:58:00 2015 +0100 PSK premaster secret derivation. Move PSK premaster secret algorithm to ssl_generate_master secret so existing key exchange code can be used and modified slightly to add the PSK wrapping structure. Reviewed-by: Matt Caswell commit 85269210ff39eabd1f898716f1e9bbcd2d0b8be2 Author: Dr. Stephen Henson Date: Sun Jun 28 17:23:13 2015 +0100 Extended PSK server support. Add support for RSAPSK, DHEPSK and ECDHEPSK server side. Update various checks to ensure certificate and server key exchange messages are only sent when required. Update message handling. PSK server key exchange parsing now include an identity hint prefix for all PSK server key exchange messages. PSK client key exchange message expects PSK identity and requests key for all PSK key exchange ciphersuites. Update flags for RSA, DH and ECDH so they are also used in PSK. Reviewed-by: Matt Caswell commit 7689082b7199b91aa2df5d3e481abcca480e9d7e Author: Dr. Stephen Henson Date: Sun Jun 28 17:15:10 2015 +0100 Extended PSK client support. Add support for RSAPSK, DHEPSK and ECDHEPSK client side. Update various checks to ensure certificate and server key exchange messages are only expected when required. Update message handling. PSK server key exchange parsing now expects an identity hint prefix for all PSK server key exchange messages. PSK client key exchange message requests PSK identity and key for all PSK key exchange ciphersuites and includes identity in message. Update flags for RSA, DH and ECDH so they are also used in PSK. Reviewed-by: Matt Caswell commit 12053a81c875473355e441d00ac81ed3c501dc9b Author: Dr. Stephen Henson Date: Sun Jun 28 23:18:59 2015 +0100 PSK PRF correction. For SHA384 PRF PSK ciphersuites we have to switch to default PRF for TLS < 1.2 Reviewed-by: Matt Caswell commit adc5506adf4f4cb2719026354a8512e3a7807f8a Author: Dr. Stephen Henson Date: Sun Jun 28 17:01:52 2015 +0100 Make auto DH work with DHEPSK Reviewed-by: Matt Caswell commit 13be69f3e67f8b974183e6fff6d12d9a841ee97f Author: Dr. Stephen Henson Date: Tue Jun 30 16:39:41 2015 +0100 Check for kECDH with extensions. Reviewed-by: Matt Caswell commit 526f94ad68345a18559ee334e03d7f31c96f47d6 Author: Dr. Stephen Henson Date: Sun Jun 28 17:02:56 2015 +0100 Enable PSK if corresponding mask set. Reviewed-by: Matt Caswell commit fe5eef3a3b3e6844394d976a182d88225c59ddb5 Author: Dr. Stephen Henson Date: Sun Jun 28 17:01:07 2015 +0100 Disable all PSK if no callback. Reviewed-by: Matt Caswell commit 332a251fd7cca28b1cc34d5ddf26272a352f5299 Author: Dr. Stephen Henson Date: Sun Jun 28 17:09:54 2015 +0100 Disable unsupported PSK algorithms Reviewed-by: Matt Caswell commit 8baac6a224ec194036b43e47b36b642248257b56 Author: Dr. Stephen Henson Date: Sun Jun 28 17:07:41 2015 +0100 new PSK text constants Reviewed-by: Matt Caswell commit dcbd50608a44277f84f2a9323726a84f6f9d68ca Author: Dr. Stephen Henson Date: Sun Jun 28 17:10:27 2015 +0100 New PSK aliases. Reviewed-by: Matt Caswell commit 0096d8f7e01d2c0616f9a916145b62a2d8d7acdf Author: Dr. Stephen Henson Date: Sun Jun 28 16:54:06 2015 +0100 New PSK keyex text constants Reviewed-by: Matt Caswell commit 64651d3984ca24c48538a2a109c446fd684aa248 Author: Dr. Stephen Henson Date: Sun Jun 28 16:52:40 2015 +0100 fields for PSK key, new constants Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 + doc/apps/ciphers.pod | 77 ++++- include/openssl/ssl.h | 3 + include/openssl/tls1.h | 125 +++++++- ssl/s3_clnt.c | 222 ++++++------- ssl/s3_lib.c | 831 ++++++++++++++++++++++++++++++++++++++++++++++--- ssl/s3_srvr.c | 256 ++++++++------- ssl/ssl_ciph.c | 22 +- ssl/ssl_lib.c | 6 + ssl/ssl_locl.h | 13 + ssl/t1_lib.c | 6 +- ssl/t1_trce.c | 49 ++- 12 files changed, 1316 insertions(+), 302 deletions(-) diff --git a/CHANGES b/CHANGES index 1526aec..c5be241 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,14 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + + *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites + from RFC4279, RFC4785, RFC5487, RFC5489. + + Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the + original RSA_PSK patch. + [Steve Henson] + *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay era flag was never set throughout the codebase (only read). Also removed SSL3_FLAGS_POP_BUFFER which was only used if diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index c2d40ac..d7b7bea 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -329,7 +329,16 @@ cipher suites using GOST 28147-89 MAC B HMAC. =item B -cipher suites using pre-shared keys (PSK). +all cipher suites using pre-shared keys (PSK). + +=item B, B, B, B + +cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK. + +=item B + +cipher suites using PSK authentication (currently all PSK modes apart from +RSA_PSK). =item B, B, B @@ -585,10 +594,68 @@ Note: these ciphers can also be used in SSL v3. =head2 Pre shared keying (PSK) ciphersuites - TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA - TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA - TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA - TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + PSK_WITH_NULL_SHA PSK-NULL-SHA + DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA + RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA + + PSK_WITH_RC4_128_SHA PSK-RC4-SHA + PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA + PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + + DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA + DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA + DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + + RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA + RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA + RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + + PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + + PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + PSK_WITH_NULL_SHA256 PSK-NULL-SHA256 + PSK_WITH_NULL_SHA384 PSK-NULL-SHA384 + DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256 + DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384 + RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256 + RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384 + PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + + ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA + ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA + ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256 + ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384 + + PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256 + PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384 + + DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256 + DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384 + + RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256 + RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384 + + ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 =head1 NOTES diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c394191..6b6560d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -204,6 +204,9 @@ extern "C" { # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ # define SSL_TXT_kECDHE "kECDHE" # define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" # define SSL_TXT_kGOST "kGOST" # define SSL_TXT_kSRP "kSRP" diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index a172af3..1eef9cc 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -409,6 +409,45 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C # define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 + +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD + +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 + +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 + +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ + +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + /* AES ciphersuites from RFC3268 */ # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F @@ -480,10 +519,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 # define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 -/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ -# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 -# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 - /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ # define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA # define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB @@ -565,6 +600,21 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 # define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ + +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + /* Camellia-CBC ciphersuites from RFC6367 */ # define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 # define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 @@ -575,6 +625,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 # define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE * ciphers names with "EDH" instead of "DHE". Going forward, we should be @@ -589,6 +648,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + /* AES ciphersuites from RFC3268 */ # define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" @@ -641,6 +704,38 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" # define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + /* SRP ciphersuite from RFC 5054 */ # define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" # define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" @@ -682,6 +777,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" # define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + /* SEED ciphersuites from RFC4162 */ # define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" # define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" @@ -744,6 +848,19 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" # define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + /* Camellia-CBC ciphersuites from RFC6367 */ # define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" # define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 04af851..080dbf0 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -331,10 +331,8 @@ int ssl3_connect(SSL *s) /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ - if (! - (s->s3->tmp. - new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + if (!(s->s3->tmp.new_cipher->algorithm_auth & + (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -1414,7 +1412,7 @@ int ssl3_get_key_exchange(SSL *s) * Can't skip server key exchange if this is an ephemeral * ciphersuite. */ - if (alg_k & (SSL_kDHE | SSL_kECDHE)) { + if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); al = SSL_AD_UNEXPECTED_MESSAGE; goto f_err; @@ -1447,8 +1445,8 @@ int ssl3_get_key_exchange(SSL *s) al = SSL_AD_DECODE_ERROR; #ifndef OPENSSL_NO_PSK - if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1]; + /* PSK ciphersuites are preceded by an identity hint */ + if (alg_k & SSL_PSK) { param_len = 2; if (param_len > n) { @@ -1475,23 +1473,24 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - /* - * If received PSK identity hint contains NULL characters, the hint - * is truncated from the first NULL. p may not be ending with NULL, - * so create a NULL-terminated string. - */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); OPENSSL_free(s->session->psk_identity_hint); - s->session->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->session->psk_identity_hint == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto f_err; + if (i != 0) { + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } + } else { + s->session->psk_identity_hint = NULL; } p += i; n -= param_len; + } + + /* Nothing else to do for plain PSK or RSAPSK */ + if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) { } else #endif /* !OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP @@ -1661,7 +1660,7 @@ int ssl3_get_key_exchange(SSL *s) if (0) ; #endif #ifndef OPENSSL_NO_DH - else if (alg_k & SSL_kDHE) { + else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { if ((dh = DH_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); goto err; @@ -1742,7 +1741,7 @@ int ssl3_get_key_exchange(SSL *s) #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_EC - else if (alg_k & SSL_kECDHE) { + else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) { EC_GROUP *ngroup; const EC_GROUP *group; @@ -1945,8 +1944,8 @@ int ssl3_get_key_exchange(SSL *s) } } } else { - /* aNULL, aSRP or kPSK do not need public keys */ - if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK)) { + /* aNULL, aSRP or PSK do not need public keys */ + if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_PSK)) { /* Might be wrong key type, check it */ if (ssl3_check_cert_and_algorithm(s)) /* Otherwise this shouldn't happen */ @@ -2329,6 +2328,9 @@ int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p; int n; +#ifndef OPENSSL_NO_PSK + size_t pskhdrlen = 0; +#endif unsigned long alg_k; #ifndef OPENSSL_NO_RSA unsigned char *q; @@ -2344,17 +2346,93 @@ int ssl3_send_client_key_exchange(SSL *s) #endif unsigned char *pms = NULL; size_t pmslen = 0; + alg_k = s->s3->tmp.new_cipher->algorithm_mkey; if (s->state == SSL3_ST_CW_KEY_EXCH_A) { p = ssl_handshake_start(s); - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + +#ifndef OPENSSL_NO_PSK + if (alg_k & SSL_PSK) { + int psk_err = 1; + /* + * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a + * \0-terminated identity. The last byte is for us for simulating + * strnlen. + */ + char identity[PSK_MAX_IDENTITY_LEN + 1]; + size_t identitylen; + unsigned char psk[PSK_MAX_PSK_LEN]; + size_t psklen; + + if (s->psk_client_callback == NULL) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_PSK_NO_CLIENT_CB); + goto err; + } + + memset(identity, 0, sizeof(identity)); + + psklen = s->psk_client_callback(s, s->session->psk_identity_hint, + identity, sizeof(identity) - 1, + psk, sizeof(psk)); + + if (psklen > PSK_MAX_PSK_LEN) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto psk_err; + } else if (psklen == 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSL_R_PSK_IDENTITY_NOT_FOUND); + goto psk_err; + } + + OPENSSL_free(s->s3->tmp.psk); + s->s3->tmp.psk = BUF_memdup(psk, psklen); + OPENSSL_cleanse(psk, psklen); + + if (s->s3->tmp.psk == NULL) { + OPENSSL_cleanse(identity, sizeof(identity)); + goto memerr; + } + + s->s3->tmp.psklen = psklen; + + identitylen = strlen(identity); + if (identitylen > PSK_MAX_IDENTITY_LEN) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto psk_err; + } + OPENSSL_free(s->session->psk_identity); + s->session->psk_identity = BUF_strdup(identity); + if (s->session->psk_identity == NULL) { + OPENSSL_cleanse(identity, sizeof(identity)); + goto memerr; + } + + s2n(identitylen, p); + memcpy(p, identity, identitylen); + pskhdrlen = 2 + identitylen; + p += identitylen; + psk_err = 0; + psk_err: + OPENSSL_cleanse(identity, sizeof(identity)); + if (psk_err != 0) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + goto err; + } + } + if (alg_k & SSL_kPSK) { + n = 0; + } else +#endif /* Fool emacs indentation */ if (0) { } #ifndef OPENSSL_NO_RSA - else if (alg_k & SSL_kRSA) { + else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { RSA *rsa; pmslen = SSL_MAX_MASTER_KEY_LENGTH; pms = OPENSSL_malloc(pmslen); @@ -2414,7 +2492,7 @@ int ssl3_send_client_key_exchange(SSL *s) } #endif #ifndef OPENSSL_NO_DH - else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { + else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) { DH *dh_srvr, *dh_clnt; if (s->s3->peer_dh_tmp != NULL) dh_srvr = s->s3->peer_dh_tmp; @@ -2493,7 +2571,7 @@ int ssl3_send_client_key_exchange(SSL *s) #endif #ifndef OPENSSL_NO_EC - else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { + else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; int ecdh_clnt_cert = 0; @@ -2781,88 +2859,16 @@ int ssl3_send_client_key_exchange(SSL *s) } } #endif -#ifndef OPENSSL_NO_PSK - else if (alg_k & SSL_kPSK) { - /* - * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a - * \0-terminated identity. The last byte is for us for simulating - * strnlen. - */ - char identity[PSK_MAX_IDENTITY_LEN + 2]; - size_t identity_len; - unsigned char *t = NULL; - unsigned int psk_len = 0; - int psk_err = 1; - - n = 0; - if (s->psk_client_callback == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_NO_CLIENT_CB); - goto err; - } - - memset(identity, 0, sizeof(identity)); - /* Allocate maximum size buffer */ - pmslen = PSK_MAX_PSK_LEN * 2 + 4; - pms = OPENSSL_malloc(pmslen); - if (!pms) - goto memerr; - - psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, - identity, sizeof(identity) - 1, - pms, pmslen); - if (psk_len > PSK_MAX_PSK_LEN) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto psk_err; - } else if (psk_len == 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_IDENTITY_NOT_FOUND); - goto psk_err; - } - /* Change pmslen to real length */ - pmslen = 2 + psk_len + 2 + psk_len; - identity[PSK_MAX_IDENTITY_LEN + 1] = '\0'; - identity_len = strlen(identity); - if (identity_len > PSK_MAX_IDENTITY_LEN) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto psk_err; - } - /* create PSK pre_master_secret */ - t = pms; - memmove(pms + psk_len + 4, pms, psk_len); - s2n(psk_len, t); - memset(t, 0, psk_len); - t += psk_len; - s2n(psk_len, t); - - OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup(identity); - if (s->session->psk_identity == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto psk_err; - } - - s2n(identity_len, p); - memcpy(p, identity, identity_len); - n = 2 + identity_len; - psk_err = 0; - psk_err: - OPENSSL_cleanse(identity, sizeof(identity)); - if (psk_err != 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - } -#endif else { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } +#ifndef OPENSSL_NO_PSK + n += pskhdrlen; +#endif + if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); @@ -2876,7 +2882,7 @@ int ssl3_send_client_key_exchange(SSL *s) n = ssl_do_write(s); #ifndef OPENSSL_NO_SRP /* Check for SRP */ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { + if (alg_k & SSL_kSRP) { /* * If everything written generate master key: no need to save PMS as * srp_generate_client_master_secret generates it internally. @@ -2900,7 +2906,7 @@ int ssl3_send_client_key_exchange(SSL *s) pms = s->s3->tmp.pms; pmslen = s->s3->tmp.pmslen; } - if (pms == NULL) { + if (pms == NULL && !(alg_k & SSL_kPSK)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto err; @@ -2924,6 +2930,10 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif +#ifndef OPENSSL_NO_PSK + OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); + s->s3->tmp.psk = NULL; +#endif s->state = SSL_ST_ERR; return (-1); } @@ -3261,7 +3271,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_RSA - if (alg_k & SSL_kRSA) { + if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8b7c52a..0fc0881 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -600,6 +600,53 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#ifndef OPENSSL_NO_PSK + /* Cipher 2C */ + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_CK_PSK_WITH_NULL_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + /* Cipher 2D */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA, + TLS1_CK_DHE_PSK_WITH_NULL_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + /* Cipher 2E */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA, + TLS1_CK_RSA_PSK_WITH_NULL_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#endif /* New AES ciphersuites */ /* Cipher 2F */ @@ -1253,6 +1300,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { #endif /* OPENSSL_NO_CAMELLIA */ #ifndef OPENSSL_NO_PSK + /* PSK ciphersuites from RFC 4279 */ /* Cipher 8A */ { 1, @@ -1316,6 +1364,134 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, + + /* Cipher 8E */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher 8F */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + + /* Cipher 90 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher 91 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + + /* Cipher 92 */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, + TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher 93 */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + + /* Cipher 94 */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher 95 */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SEED @@ -1597,55 +1773,312 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 128, }, - /* Cipher A7 */ + /* Cipher A7 */ + { + 1, + TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + SSL_kDHE, + SSL_aNULL, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, +#ifndef OPENSSL_NO_PSK + /* PSK ciphersuites from RFC5487 */ + + /* Cipher A8 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher A9 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + + /* Cipher AA */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher AB */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + + /* Cipher AC */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher AD */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + + /* Cipher AE */ + { + 1, + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher AF */ + { + 1, + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + + /* Cipher B0 */ + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA256, + TLS1_CK_PSK_WITH_NULL_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + + /* Cipher B1 */ + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA384, + TLS1_CK_PSK_WITH_NULL_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + + /* Cipher B2 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher B3 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + + /* Cipher B4 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, + TLS1_CK_DHE_PSK_WITH_NULL_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + + /* Cipher B5 */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, + TLS1_CK_DHE_PSK_WITH_NULL_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + + /* Cipher B6 */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher B7 */ { 1, - TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, - TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, - SSL_kDHE, - SSL_aNULL, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, + TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, }, -#ifndef OPENSSL_NO_PSK - /* Cipher A8 */ + + /* Cipher B8 */ { 1, - TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, - SSL_kPSK, - SSL_aPSK, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, + TLS1_CK_RSA_PSK_WITH_NULL_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, }, - /* Cipher A9 */ + /* Cipher B9 */ { 1, - TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, - TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, - SSL_kPSK, - SSL_aPSK, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, + TLS1_CK_RSA_PSK_WITH_NULL_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, + 0, + 0, }, - -#endif +#endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_CAMELLIA /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ @@ -2669,6 +3102,151 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, + /* PSK ciphersuites from RFC 5489 */ + /* Cipher C033 */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher C034 */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, + }, + + /* Cipher C035 */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher C036 */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, + }, + + /* Cipher C037 */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, + }, + + /* Cipher C038 */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_AES256, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + + /* Cipher C039 */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + + /* Cipher C03A */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + + /* Cipher C03B */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, + TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 0, + 0, + }, + # ifndef OPENSSL_NO_CAMELLIA { /* Cipher C072 */ 1, @@ -2784,6 +3362,120 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { # endif /* OPENSSL_NO_CAMELLIA */ #endif /* OPENSSL_NO_EC */ +#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK) + { /* Cipher C094 */ + 1, + TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128}, + + { /* Cipher C095 */ + 1, + TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256}, + + { /* Cipher C096 */ + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128}, + + { /* Cipher C097 */ + 1, + TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256}, + + { /* Cipher C098 */ + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128}, + + { /* Cipher C099 */ + 1, + TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CAMELLIA256, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256}, + + { /* Cipher C09A */ + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA128, + SSL_SHA256, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128}, + + { /* Cipher C09B */ + 1, + TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CAMELLIA256, + SSL_SHA384, + SSL_TLSV1, + SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256}, +#endif + #ifdef TEMP_GOST_TLS /* Cipher FF00 */ { @@ -3933,7 +4625,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ - if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) + if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) continue; #endif /* OPENSSL_NO_PSK */ @@ -4217,13 +4909,19 @@ int ssl3_renegotiate_check(SSL *s) /* * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and * handshake macs if required. + * + * If PSK and using SHA384 for TLS < 1.2 switch to default. */ long ssl_get_algorithm2(SSL *s) { long alg2 = s->s3->tmp.new_cipher->algorithm2; - if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF - && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { + if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) { + if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384)) + return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; + } return alg2; } @@ -4253,13 +4951,56 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - pms, pmslen); - if (free_pms) - OPENSSL_clear_free(pms, pmslen); - else - OPENSSL_cleanse(pms, pmslen); +#ifndef OPENSSL_NO_PSK + unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + if (alg_k & SSL_PSK) { + unsigned char *pskpms, *t; + size_t psklen = s->s3->tmp.psklen; + size_t pskpmslen; + + /* create PSK premaster_secret */ + + /* For plain PSK "other_secret" is psklen zeroes */ + if (alg_k & SSL_kPSK) + pmslen = psklen; + + pskpmslen = 4 + pmslen + psklen; + pskpms = OPENSSL_malloc(pskpmslen); + if (pskpms == NULL) { + s->session->master_key_length = 0; + goto err; + } + t = pskpms; + s2n(pmslen, t); + if (alg_k & SSL_kPSK) + memset(t, 0, pmslen); + else + memcpy(t, pms, pmslen); + t += pmslen; + s2n(psklen, t); + memcpy(t, s->s3->tmp.psk, psklen); + + OPENSSL_clear_free(s->s3->tmp.psk, psklen); + s->s3->tmp.psk = NULL; + s->session->master_key_length = + s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, + pskpms, pskpmslen); + OPENSSL_clear_free(pskpms, pskpmslen); + } else +#endif + s->session->master_key_length = + s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, + pms, pmslen); + + err: + if (pms) { + if (free_pms) + OPENSSL_clear_free(pms, pmslen); + else + OPENSSL_cleanse(pms, pmslen); + } if (s->server == 0) s->s3->tmp.pms = NULL; return s->session->master_key_length >= 0; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index cbe80eb..72deedc 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -403,10 +403,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ /* normal PSK or SRP */ - if (! - (s->s3->tmp. - new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) -&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + if (!(s->s3->tmp.new_cipher->algorithm_auth & + (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { ret = ssl3_send_server_certificate(s); if (ret <= 0) goto end; @@ -446,7 +444,10 @@ int ssl3_accept(SSL *s) * provided */ #ifndef OPENSSL_NO_PSK - || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) + /* Only send SKE if we have identity hint for plain PSK */ + || ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->ctx->psk_identity_hint) + /* For other PSK always send SKE */ + || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK))) #endif #ifndef OPENSSL_NO_SRP /* SRP: send ServerKeyExchange */ @@ -502,7 +503,7 @@ int ssl3_accept(SSL *s) * With normal PSK Certificates and Certificate Requests * are omitted */ - || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) { /* no cert request */ skip = 1; s->s3->tmp.cert_request = 0; @@ -1722,6 +1723,19 @@ int ssl3_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; +#ifndef OPENSSL_NO_PSK + if (type & SSL_PSK) { + /* + * reserve size for record length and PSK identity hint + */ + n += 2; + if (s->ctx->psk_identity_hint) + n += strlen(s->ctx->psk_identity_hint); + } + /* Plain PSK or RSAPSK nothing to do */ + if (type & (SSL_kPSK | SSL_kRSAPSK)) { + } else +#endif /* !OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_RSA if (type & SSL_kRSA) { rsa = cert->rsa_tmp; @@ -1752,7 +1766,7 @@ int ssl3_send_server_key_exchange(SSL *s) } else #endif #ifndef OPENSSL_NO_DH - if (type & SSL_kDHE) { + if (type & (SSL_kDHE | SSL_kDHEPSK)) { if (s->cert->dh_tmp_auto) { dhp = ssl_get_auto_dh(s); if (dhp == NULL) { @@ -1817,7 +1831,7 @@ int ssl3_send_server_key_exchange(SSL *s) } else #endif #ifndef OPENSSL_NO_EC - if (type & SSL_kECDHE) { + if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { const EC_GROUP *group; ecdhp = cert->ecdh_tmp; @@ -1933,7 +1947,7 @@ int ssl3_send_server_key_exchange(SSL *s) * additional bytes to encode the entire ServerECDHParams * structure. */ - n = 4 + encodedlen; + n += 4 + encodedlen; /* * We'll generate the serverKeyExchange message explicitly so we @@ -1945,14 +1959,6 @@ int ssl3_send_server_key_exchange(SSL *s) r[3] = NULL; } else #endif /* !OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_PSK - if (type & SSL_kPSK) { - /* - * reserve size for record length and PSK identity hint - */ - n += 2 + strlen(s->ctx->psk_identity_hint); - } else -#endif /* !OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP if (type & SSL_kSRP) { if ((s->srp_ctx.N == NULL) || @@ -1984,8 +1990,8 @@ int ssl3_send_server_key_exchange(SSL *s) n += 2 + nr[i]; } - if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) { if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md)) == NULL) { al = SSL_AD_DECODE_ERROR; @@ -2003,6 +2009,20 @@ int ssl3_send_server_key_exchange(SSL *s) } d = p = ssl_handshake_start(s); +#ifndef OPENSSL_NO_PSK + if (type & SSL_PSK) { + /* copy PSK identity hint */ + if (s->ctx->psk_identity_hint) { + s2n(strlen(s->ctx->psk_identity_hint), p); + strncpy((char *)p, s->ctx->psk_identity_hint, + strlen(s->ctx->psk_identity_hint)); + p += strlen(s->ctx->psk_identity_hint); + } else { + s2n(0, p); + } + } +#endif + for (i = 0; i < 4 && r[i] != NULL; i++) { #ifndef OPENSSL_NO_SRP if ((i == 2) && (type & SSL_kSRP)) { @@ -2016,7 +2036,7 @@ int ssl3_send_server_key_exchange(SSL *s) } #ifndef OPENSSL_NO_EC - if (type & SSL_kECDHE) { + if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { /* * XXX: For now, we only support named (not generic) curves. In * this situation, the serverKeyExchange message has: [1 byte @@ -2038,16 +2058,6 @@ int ssl3_send_server_key_exchange(SSL *s) } #endif -#ifndef OPENSSL_NO_PSK - if (type & SSL_kPSK) { - /* copy PSK identity hint */ - s2n(strlen(s->ctx->psk_identity_hint), p); - strncpy((char *)p, s->ctx->psk_identity_hint, - strlen(s->ctx->psk_identity_hint)); - p += strlen(s->ctx->psk_identity_hint); - } -#endif - /* not anonymous */ if (pkey != NULL) { /* @@ -2249,8 +2259,94 @@ int ssl3_get_client_key_exchange(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; +#ifndef OPENSSL_NO_PSK + /* For PSK parse and retrieve identity, obtain PSK key */ + if (alg_k & SSL_PSK) { + unsigned char psk[PSK_MAX_PSK_LEN]; + size_t psklen; + if (n < 2) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + n2s(p, i); + if (i + 2 > n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if (i > PSK_MAX_IDENTITY_LEN) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DATA_LENGTH_TOO_LONG); + goto f_err; + } + if (s->psk_server_callback == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_PSK_NO_SERVER_CB); + goto f_err; + } + + OPENSSL_free(s->session->psk_identity); + s->session->psk_identity = BUF_strndup((char *)p, i); + + if (s->session->psk_identity == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto f_err; + } + + psklen = s->psk_server_callback(s, s->session->psk_identity, + psk, sizeof(psk)); + + if (psklen > PSK_MAX_PSK_LEN) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto f_err; + } else if (psklen == 0) { + /* + * PSK related to the given identity not found + */ + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_PSK_IDENTITY_NOT_FOUND); + al = SSL_AD_UNKNOWN_PSK_IDENTITY; + goto f_err; + } + + OPENSSL_free(s->s3->tmp.psk); + s->s3->tmp.psk = BUF_memdup(psk, psklen); + OPENSSL_cleanse(psk, psklen); + + if (s->s3->tmp.psk == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + s->s3->tmp.psklen = psklen; + + n -= i + 2; + p += i; + } + if (alg_k & SSL_kPSK) { + /* Identity extracted earlier: should be nothing left */ + if (n != 0) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + /* PSK handled by ssl_generate_master_secret */ + if (!ssl_generate_master_secret(s, NULL, 0, 0)) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto f_err; + } + } else +#endif #ifndef OPENSSL_NO_RSA - if (alg_k & SSL_kRSA) { + if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; int decrypt_len; unsigned char decrypt_good, version_good; @@ -2389,13 +2485,13 @@ int ssl3_get_client_key_exchange(SSL *s) } else #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { + if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) { int idx = -1; EVP_PKEY *skey = NULL; if (n > 1) { n2s(p, i); } else { - if (alg_k & SSL_kDHE) { + if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); @@ -2483,7 +2579,7 @@ int ssl3_get_client_key_exchange(SSL *s) #endif #ifndef OPENSSL_NO_EC - if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { + if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) { int ret = 1; int field_size = 0; const EC_KEY *tkey; @@ -2526,7 +2622,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (n == 0L) { /* Client Publickey was in Client Certificate */ - if (alg_k & SSL_kECDHE) { + if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY); @@ -2612,92 +2708,6 @@ int ssl3_get_client_key_exchange(SSL *s) return (ret); } else #endif -#ifndef OPENSSL_NO_PSK - if (alg_k & SSL_kPSK) { - unsigned char *t = NULL; - unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4]; - unsigned int pre_ms_len = 0, psk_len = 0; - int psk_err = 1; - char tmp_id[PSK_MAX_IDENTITY_LEN + 1]; - - al = SSL_AD_HANDSHAKE_FAILURE; - - n2s(p, i); - if (n != i + 2) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); - goto psk_err; - } - if (i > PSK_MAX_IDENTITY_LEN) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto psk_err; - } - if (s->psk_server_callback == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_NO_SERVER_CB); - goto psk_err; - } - - /* - * Create guaranteed NULL-terminated identity string for the callback - */ - memcpy(tmp_id, p, i); - memset(tmp_id + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - psk_len = s->psk_server_callback(s, tmp_id, - psk_or_pre_ms, - sizeof(psk_or_pre_ms)); - OPENSSL_cleanse(tmp_id, sizeof(tmp_id)); - - if (psk_len > PSK_MAX_PSK_LEN) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto psk_err; - } else if (psk_len == 0) { - /* - * PSK related to the given identity not found - */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_PSK_IDENTITY_NOT_FOUND); - al = SSL_AD_UNKNOWN_PSK_IDENTITY; - goto psk_err; - } - - /* create PSK pre_master_secret */ - pre_ms_len = 2 + psk_len + 2 + psk_len; - t = psk_or_pre_ms; - memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); - s2n(psk_len, t); - memset(t, 0, psk_len); - t += psk_len; - s2n(psk_len, t); - - OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); - if (s->session->psk_identity == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto psk_err; - } - - OPENSSL_free(s->session->psk_identity_hint); - s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); - if (s->ctx->psk_identity_hint != NULL && - s->session->psk_identity_hint == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto psk_err; - } - - if (!ssl_generate_master_secret(s, psk_or_pre_ms, pre_ms_len, 0)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto f_err; - } - psk_err = 0; - psk_err: - if (psk_err != 0) { - OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); - goto f_err; - } - } else -#endif #ifndef OPENSSL_NO_SRP if (alg_k & SSL_kSRP) { int param_len; @@ -2820,6 +2830,10 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif +#ifndef OPENSSL_NO_PSK + OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); + s->s3->tmp.psk = NULL; +#endif s->state = SSL_ST_ERR; return (-1); } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 7f932b0..da64301 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -314,6 +314,9 @@ static const SSL_CIPHER cipher_aliases[] = { 0, 0, 0}, {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -342,7 +345,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_PSK, 0, SSL_PSK, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, /* symmetric encryption aliases */ @@ -492,22 +495,22 @@ void ssl_load_ciphers(void) disabled_auth_mask = 0; #ifdef OPENSSL_NO_RSA - disabled_mkey_mask |= SSL_kRSA; + disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; disabled_auth_mask |= SSL_aRSA; #endif #ifdef OPENSSL_NO_DSA disabled_auth_mask |= SSL_aDSS; #endif #ifdef OPENSSL_NO_DH - disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE; + disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE | SSL_kDHEPSK; disabled_auth_mask |= SSL_aDH; #endif #ifdef OPENSSL_NO_EC - disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr; + disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK; disabled_auth_mask |= SSL_aECDSA | SSL_aECDH; #endif #ifdef OPENSSL_NO_PSK - disabled_mkey_mask |= SSL_kPSK; + disabled_mkey_mask |= SSL_PSK; disabled_auth_mask |= SSL_aPSK; #endif #ifdef OPENSSL_NO_SRP @@ -1626,6 +1629,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kPSK: kx = "PSK"; break; + case SSL_kRSAPSK: + kx = "RSAPSK"; + break; + case SSL_kECDHEPSK: + kx = "ECDHEPSK"; + break; + case SSL_kDHEPSK: + kx = "DHEPSK"; + break; case SSL_kSRP: kx = "SRP"; break; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d20d95b..5a0ec8a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2112,6 +2112,12 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) mask_a |= SSL_aPSK; emask_k |= SSL_kPSK; emask_a |= SSL_aPSK; + if (mask_k & SSL_kRSA) + mask_k |= SSL_kRSAPSK; + if (mask_k & SSL_kDHE) + mask_k |= SSL_kDHEPSK; + if (mask_k & SSL_kECDHE) + mask_k |= SSL_kECDHEPSK; #endif s->s3->tmp.mask_k = mask_k; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1cdcb8b..c75219b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -315,6 +315,14 @@ /* SRP */ # define SSL_kSRP 0x00000400L +# define SSL_kRSAPSK 0x00000800L +# define SSL_kECDHEPSK 0x00001000L +# define SSL_kDHEPSK 0x00002000L + +/* all PSK */ + +#define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) + /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ # define SSL_aRSA 0x00000001L @@ -1269,6 +1277,11 @@ typedef struct ssl3_state_st { /* Temporary storage for premaster secret */ unsigned char *pms; size_t pmslen; +#ifndef OPENSSL_NO_PSK + /* Temporary storage for PSK key */ + unsigned char *psk; + size_t psklen; +#endif /* * signature algorithms peer reports: e.g. supported signature * algorithms extension for server or as part of a certificate diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e593654..47abf2b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1111,7 +1111,7 @@ void ssl_set_client_disabled(SSL *s) /* with PSK there must be client callback set */ if (!s->psk_client_callback) { s->s3->tmp.mask_a |= SSL_aPSK; - s->s3->tmp.mask_k |= SSL_kPSK; + s->s3->tmp.mask_k |= SSL_PSK; } #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP @@ -1157,7 +1157,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe) + if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK) || (alg_a & SSL_aECDSA))) { using_ecc = 1; break; @@ -4165,7 +4165,7 @@ DH *ssl_get_auto_dh(SSL *s) int dh_secbits = 80; if (s->cert->dh_tmp_auto == 2) return DH_get_1024_160(); - if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { + if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { if (s->s3->tmp.new_cipher->strength_bits == 256) dh_secbits = 128; else diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 40c5beb..74d157d 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -928,6 +928,18 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) *pname = "PSK"; return SSL_kPSK; } + if (alg_k & SSL_kRSAPSK) { + *pname = "RSAPSK"; + return SSL_kRSAPSK; + } + if (alg_k & SSL_kDHEPSK) { + *pname = "DHEPSK"; + return SSL_kDHEPSK; + } + if (alg_k & SSL_kECDHEPSK) { + *pname = "ECDHEPSK"; + return SSL_kECDHEPSK; + } if (alg_k & SSL_kSRP) { *pname = "SRP"; return SSL_kSRP; @@ -948,9 +960,15 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, id = ssl_get_keyex(&algname, ssl); BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); + if (id & SSL_PSK) { + if (!ssl_print_hexbuf(bio, indent + 2, + "psk_identity", 2, &msg, &msglen)) + return 0; + } switch (id) { case SSL_kRSA: + case SSL_kRSAPSK: if (TLS1_get_version(ssl) == SSL3_VERSION) { ssl_print_hex(bio, indent + 2, "EncyptedPreMasterSecret", msg, msglen); @@ -971,6 +989,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, break; } case SSL_kDHE: + case SSL_kDHEPSK: if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen)) return 0; break; @@ -983,19 +1002,14 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, break; } case SSL_kECDHE: + case SSL_kECDHEPSK: if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen)) return 0; break; - case SSL_kPSK: - if (!ssl_print_hexbuf(bio, indent + 2, - "psk_identity", 2, &msg, &msglen)) - return 0; - break; - } - return 1; + return !msglen; } static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, @@ -1006,6 +1020,11 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, id = ssl_get_keyex(&algname, ssl); BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); + if (id & SSL_PSK) { + if (!ssl_print_hexbuf(bio, indent + 2, + "psk_identity_hint", 2, &msg, &msglen)) + return 0; + } switch (id) { /* Should never happen */ case SSL_kDHd: @@ -1027,6 +1046,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, break; case SSL_kDHE: + case SSL_kDHEPSK: if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen)) return 0; if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen)) @@ -1036,6 +1056,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, break; case SSL_kECDHE: + case SSL_kECDHEPSK: if (msglen < 1) return 0; BIO_indent(bio, indent + 2, 80); @@ -1054,17 +1075,19 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) return 0; + } else { + BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]); + return 0; } break; case SSL_kPSK: - if (!ssl_print_hexbuf(bio, indent + 2, - "psk_identity_hint", 2, &msg, &msglen)) - return 0; - /* No signature */ - return 1; + case SSL_kRSAPSK: + break; } - return ssl_print_signature(bio, indent, ssl, &msg, &msglen); + if (!(id & SSL_PSK)) + ssl_print_signature(bio, indent, ssl, &msg, &msglen); + return !msglen; } static int ssl_print_certificate(BIO *bio, int indent, From rsalz at openssl.org Fri Jul 31 15:07:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 15:07:33 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438355253.645854.22529.nullmailer@dev.openssl.org> The branch master has been updated via 119ab03aea4850297b2a886f067ae74ab3fba86e (commit) from 3df16cc2e27f75eac2c0991248b0c294e2c847b5 (commit) - Log ----------------------------------------------------------------- commit 119ab03aea4850297b2a886f067ae74ab3fba86e Author: Nicholas Cooper Date: Wed Jul 29 21:44:59 2015 -0400 RT3959: Fix misleading comment Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: include/openssl/dh.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/dh.h b/include/openssl/dh.h index e0f4b57..f1de53d 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -142,7 +142,7 @@ struct dh_st { BIGNUM *p; BIGNUM *g; long length; /* optional */ - BIGNUM *pub_key; /* g^x */ + BIGNUM *pub_key; /* g^x % p */ BIGNUM *priv_key; /* x */ int flags; BN_MONT_CTX *method_mont_p; From rsalz at openssl.org Fri Jul 31 15:09:08 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 15:09:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438355348.051278.23549.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 602af7d01da82dc6c45946572f531bcbe9ebbf47 (commit) from d0c9a90640c8902fef3eb74e8ef05227f8e7dcb7 (commit) - Log ----------------------------------------------------------------- commit 602af7d01da82dc6c45946572f531bcbe9ebbf47 Author: Nicholas Cooper Date: Fri Jul 31 11:08:18 2015 -0400 RT3959: Fix misleading comment Manual cherry-pick from main branch, since the header file moved in master. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 0502f1a..b177673 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -142,7 +142,7 @@ struct dh_st { BIGNUM *p; BIGNUM *g; long length; /* optional */ - BIGNUM *pub_key; /* g^x */ + BIGNUM *pub_key; /* g^x % p */ BIGNUM *priv_key; /* x */ int flags; BN_MONT_CTX *method_mont_p; From rsalz at openssl.org Fri Jul 31 15:12:02 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 15:12:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438355522.295386.24585.nullmailer@dev.openssl.org> The branch master has been updated via 902c6b95a3a3dbf7e5e3dd4b11ec58300ccb8a97 (commit) from 119ab03aea4850297b2a886f067ae74ab3fba86e (commit) - Log ----------------------------------------------------------------- commit 902c6b95a3a3dbf7e5e3dd4b11ec58300ccb8a97 Author: Adam Eijdenberg Date: Wed Jul 29 21:42:14 2015 -0400 RT3961: Fix switch/case errors in flag parsing Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/genrsa.c | 1 + apps/pkeyutl.c | 1 + apps/req.c | 1 - 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/genrsa.c b/apps/genrsa.c index bb8437f..1fea351 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -141,6 +141,7 @@ int genrsa_main(int argc, char **argv) break; case OPT_OUT: outfile = opt_arg(); + break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 4c267c1..741dd64 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -200,6 +200,7 @@ int pkeyutl_main(int argc, char **argv) break; case OPT_REV: rev = 1; + break; case OPT_ENCRYPT: pkey_op = EVP_PKEY_OP_ENCRYPT; break; diff --git a/apps/req.c b/apps/req.c index b3220ba..a16febd 100644 --- a/apps/req.c +++ b/apps/req.c @@ -344,7 +344,6 @@ int req_main(int argc, char **argv) case OPT_NO_ASN1_KLUDGE: kludge = 0; break; - multirdn = 1; case OPT_DAYS: days = atoi(opt_arg()); break; From rsalz at openssl.org Fri Jul 31 15:14:04 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 15:14:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438355644.481286.26490.nullmailer@dev.openssl.org> The branch master has been updated via e46bcca25e85a361d3ce8431ec5ccc2382ee5569 (commit) from 902c6b95a3a3dbf7e5e3dd4b11ec58300ccb8a97 (commit) - Log ----------------------------------------------------------------- commit e46bcca25e85a361d3ce8431ec5ccc2382ee5569 Author: Adam Eijdenberg Date: Wed Jul 29 21:38:22 2015 -0400 RT3962: Check accept_count only if not unlimited Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index b6397b8..44f5841 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -666,7 +666,8 @@ int ocsp_main(int argc, char **argv) /* If running as responder don't verify our own response */ if (cbio) { - if (--accept_count <= 0) { + /* If not unlimited, see if we took all we should. */ + if (accept_count != -1 && --accept_count <= 0) { ret = 0; goto end; } From rsalz at openssl.org Fri Jul 31 15:15:49 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 15:15:49 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438355749.322842.27365.nullmailer@dev.openssl.org> The branch master has been updated via be0c03618a53fc539761eb5f0e300d68554f85c9 (commit) from e46bcca25e85a361d3ce8431ec5ccc2382ee5569 (commit) - Log ----------------------------------------------------------------- commit be0c03618a53fc539761eb5f0e300d68554f85c9 Author: Adam Eijdenberg Date: Wed Jul 29 21:34:35 2015 -0400 RT3963: Allow OCSP stapling with -rev and -www Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 3143078..a1fcb6e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1871,6 +1871,14 @@ int s_server_main(int argc, char *argv[]) if (ctx2) SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); } + if (s_tlsextstatus) { + SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); + SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); + if (ctx2) { + SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb); + SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp); + } + } BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); @@ -1989,10 +1997,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (s_tlsextstatus) { - SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); - SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); - } if (context && !SSL_set_session_id_context(con, From rsalz at openssl.org Fri Jul 31 15:19:53 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 15:19:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438355993.351245.28557.nullmailer@dev.openssl.org> The branch master has been updated via 898ea7b855541b5809e25944c8dada7b50775fd3 (commit) from be0c03618a53fc539761eb5f0e300d68554f85c9 (commit) - Log ----------------------------------------------------------------- commit 898ea7b855541b5809e25944c8dada7b50775fd3 Author: Kai Engert Date: Wed Jul 29 17:41:00 2015 -0400 RT3742: Add xmpp_server to s_client. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 9 +++++++-- doc/apps/s_client.pod | 7 ++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 559cf70..a5fddca 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -513,7 +513,8 @@ OPTIONS s_client_options[] = { {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, {"starttls", OPT_STARTTLS, 's', "Use the STARTTLS command before starting TLS"}, - {"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""}, + {"xmpphost", OPT_XMPPHOST, 's', + "Host to use with \"-starttls xmpp[-server]\""}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, @@ -608,6 +609,7 @@ typedef enum PROTOCOL_choice { PROTO_FTP, PROTO_TELNET, PROTO_XMPP, + PROTO_XMPP_SERVER, PROTO_CONNECT } PROTOCOL_CHOICE; @@ -617,6 +619,7 @@ static OPT_PAIR services[] = { {"imap", PROTO_IMAP}, {"ftp", PROTO_FTP}, {"xmpp", PROTO_XMPP}, + {"xmpp-server", PROTO_XMPP_SERVER}, {"telnet", PROTO_TELNET}, {NULL} }; @@ -1548,11 +1551,13 @@ int s_client_main(int argc, char **argv) } break; case PROTO_XMPP: + case PROTO_XMPP_SERVER: { int seen = 0; BIO_printf(sbio, "", + "xmlns='jabber:%s' to='%s' version='1.0'>", + starttls_proto == PROTO_XMPP ? "client" : "server", xmpphost ? xmpphost : host); seen = BIO_read(sbio, mbuf, BUFSIZZ); mbuf[seen] = 0; diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 12a6ef7..e91b9f1 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -288,12 +288,13 @@ command for more information. send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only -supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". +supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", +and "xmpp-server". =item B<-xmpphost hostname> -This option, when used with "-starttls xmpp", specifies the host for the -"to" attribute of the stream element. +This option, when used with "-starttls xmpp" or "-starttls xmpp-server", +specifies the host for the "to" attribute of the stream element. If this option is not specified, then the host specified with "-connect" will be used. From rsalz at openssl.org Fri Jul 31 16:29:47 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 16:29:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438360187.696710.11959.nullmailer@dev.openssl.org> The branch master has been updated via 740ceb5b0c844f1fe9b96983cc175d19795e7aa0 (commit) from 898ea7b855541b5809e25944c8dada7b50775fd3 (commit) - Log ----------------------------------------------------------------- commit 740ceb5b0c844f1fe9b96983cc175d19795e7aa0 Author: Rich Salz Date: Fri Jul 31 11:52:57 2015 -0400 Various doc fixes from GH pull requests Thanks folks: 348 Benjamin Kaduk 317 Christian Brueffer 254 Erik Tews 253 Erik Tews 219 Carl Mehner 155 (ghost) 95 mancha 51 DominikNeubauer Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 +- README | 2 +- apps/s_client.c | 2 +- doc/HOWTO/keys.txt | 5 ++--- doc/apps/pkcs12.pod | 2 +- doc/apps/req.pod | 11 +++++------ doc/crypto/EVP_EncryptInit.pod | 2 +- doc/crypto/EVP_SealInit.pod | 2 +- doc/crypto/engine.pod | 10 +++++----- 9 files changed, 18 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index c5be241..cd75e0b 100644 --- a/CHANGES +++ b/CHANGES @@ -162,7 +162,7 @@ [mancha ] *) Fix eckey_priv_encode so it immediately returns an error upon a failure - in i2d_ECPrivateKey. + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. [mancha ] *) Fix some double frees. These are not thought to be exploitable. diff --git a/README b/README index 40c2e83..13464f2 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ OpenSSL 1.1.0-dev - Copyright (c) 1998-2011 The OpenSSL Project + Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/apps/s_client.c b/apps/s_client.c index a5fddca..f4132c8 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -588,7 +588,7 @@ OPTIONS s_client_options[] = { "SRP username into second ClientHello message"}, {"srp_moregroups", OPT_SRP_MOREGROUPS, '-', "Tolerate other than the known g N values."}, - {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"}, + {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal length in bits for N"}, #endif #ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', diff --git a/doc/HOWTO/keys.txt b/doc/HOWTO/keys.txt index 7ae2a3a..ba0314f 100644 --- a/doc/HOWTO/keys.txt +++ b/doc/HOWTO/keys.txt @@ -40,9 +40,8 @@ consider insecure or to be insecure pretty soon. 3. To generate a DSA key -A DSA key can be used for signing only. This is important to keep -in mind to know what kind of purposes a certificate request with a -DSA key can really be used for. +A DSA key can be used for signing only. It is important to +know what a certificate request with a DSA key can really be used for. Generating a key for the DSA algorithm is a two-step process. First, you have to generate parameters from which to generate the key: diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 8e0d917..7449848 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -216,7 +216,7 @@ key is encrypted using triple DES and the certificate using 40 bit RC2. these options allow the algorithm used to encrypt the private key and certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name -can be used (see B section for more information). If a a cipher name +can be used (see B section for more information). If a cipher name (as output by the B command is specified then it is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only use PKCS#12 algorithms. diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 9e8e1ab..2ce2bca 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -30,7 +30,6 @@ B B [B<-keygen_engine id>] [B<-[digest]>] [B<-config filename>] -[B<-subj arg>] [B<-multivalue-rdn>] [B<-x509>] [B<-days n>] @@ -506,16 +505,16 @@ Examine and verify certificate request: Create a private key and then generate a certificate request from it: - openssl genrsa -out key.pem 1024 + openssl genrsa -out key.pem 2048 openssl req -new -key key.pem -out req.pem The same but just using req: - openssl req -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -newkey rsa:2048 -keyout key.pem -out req.pem Generate a self signed root certificate: - openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem Example of a file pointed to by the B option: @@ -531,7 +530,7 @@ expansion: Sample configuration file prompting for field values: [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes @@ -572,7 +571,7 @@ Sample configuration containing all field values: RANDFILE = $ENV::HOME/.rnd [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 6d897da..3dfc55d 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -114,7 +114,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B. EVP_EncryptInit_ex() sets up cipher context B for encryption with cipher B from ENGINE B. B must be initialized before calling this function. B is normally supplied -by a function such as EVP_des_cbc(). If B is NULL then the +by a function such as EVP_aes_256_cbc(). If B is NULL then the default implementation is used. B is the symmetric key to use and B is the IV to use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. It is possible to set diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 7d793e1..19112a5 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -25,7 +25,7 @@ encrypted using this key. EVP_SealInit() initializes a cipher context B for encryption with cipher B using a random secret key and IV. B is normally -supplied by a function such as EVP_des_cbc(). The secret key is encrypted +supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. B is an array of buffers where the public key encrypted secret key will be written, each buffer diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 5eb065c..7f6cd43 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -192,7 +192,7 @@ to use the pointer value at all, as this kind of reference is a guarantee that the structure can not be deallocated until the reference is released. However, a structural reference provides no guarantee that the ENGINE is -initiliased and able to use any of its cryptographic +initialised and able to use any of its cryptographic implementations. Indeed it's quite possible that most ENGINEs will not initialise at all in typical environments, as ENGINEs are typically used to support specialised hardware. To use an ENGINE's functionality, you need a @@ -201,8 +201,8 @@ specialised form of structural reference, because each functional reference implicitly contains a structural reference as well - however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an -ENGINE, you have a guarantee that the ENGINE has been initialised ready to -perform cryptographic operations and will remain uninitialised +ENGINE, you have a guarantee that the ENGINE has been initialised and +is ready to perform cryptographic operations, and will remain initialised until after you have released your reference. I @@ -370,7 +370,7 @@ I Here we'll assume an application has been configured by its user or admin to want to use the "ACME" ENGINE if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be -used by default for all RSA, DSA, and symmetric cipher operation, otherwise +used by default for all RSA, DSA, and symmetric cipher operations, otherwise OpenSSL should use its builtin software as per usual. The following code illustrates how to approach this; @@ -401,7 +401,7 @@ I Here we'll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by -OpenSSL - if there is an ENGINE that implements it and can be initialise, +OpenSSL - if there is an ENGINE that implements it and can be initialised, it should be used. The following code illustrates how this can work; /* Load all bundled ENGINEs into memory and make them visible */ From rsalz at openssl.org Fri Jul 31 16:35:32 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 16:35:32 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438360532.948036.20003.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via b68fa4d19ee68640f18d8eea4249eb0191a07694 (commit) from 602af7d01da82dc6c45946572f531bcbe9ebbf47 (commit) - Log ----------------------------------------------------------------- commit b68fa4d19ee68640f18d8eea4249eb0191a07694 Author: Rich Salz Date: Fri Jul 31 12:34:24 2015 -0400 Various doc fixes from GH pull requests Thanks, folks! 348 Benjamin Kaduk 317 Christian Brueffer 254 Erik Tews 253 Erik Tews 219 Carl Mehner 155 (ghost) 95 mancha 51 DominikNeubauer (Manually picked from 59c554b36e39256ac2cfc34dca052453e10c6d9c) Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 +- README | 2 +- doc/HOWTO/keys.txt | 5 ++--- doc/apps/pkcs12.pod | 2 +- doc/apps/req.pod | 11 +++++------ doc/crypto/EVP_EncryptInit.pod | 2 +- doc/crypto/EVP_SealInit.pod | 2 +- doc/crypto/engine.pod | 10 +++++----- 8 files changed, 17 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index 27cf65e..2760606 100644 --- a/CHANGES +++ b/CHANGES @@ -914,7 +914,7 @@ [mancha ] *) Fix eckey_priv_encode so it immediately returns an error upon a failure - in i2d_ECPrivateKey. + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. [mancha ] *) Fix some double frees. These are not thought to be exploitable. diff --git a/README b/README index b6ffe9b..2bdbfea 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ OpenSSL 1.0.2e-dev - Copyright (c) 1998-2011 The OpenSSL Project + Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/doc/HOWTO/keys.txt b/doc/HOWTO/keys.txt index 7ae2a3a..ba0314f 100644 --- a/doc/HOWTO/keys.txt +++ b/doc/HOWTO/keys.txt @@ -40,9 +40,8 @@ consider insecure or to be insecure pretty soon. 3. To generate a DSA key -A DSA key can be used for signing only. This is important to keep -in mind to know what kind of purposes a certificate request with a -DSA key can really be used for. +A DSA key can be used for signing only. It is important to +know what a certificate request with a DSA key can really be used for. Generating a key for the DSA algorithm is a two-step process. First, you have to generate parameters from which to generate the key: diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 8e0d917..7449848 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -216,7 +216,7 @@ key is encrypted using triple DES and the certificate using 40 bit RC2. these options allow the algorithm used to encrypt the private key and certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name -can be used (see B section for more information). If a a cipher name +can be used (see B section for more information). If a cipher name (as output by the B command is specified then it is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only use PKCS#12 algorithms. diff --git a/doc/apps/req.pod b/doc/apps/req.pod index df68cb0..cb06b53 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -30,7 +30,6 @@ B B [B<-keygen_engine id>] [B<-[digest]>] [B<-config filename>] -[B<-subj arg>] [B<-multivalue-rdn>] [B<-x509>] [B<-days n>] @@ -506,16 +505,16 @@ Examine and verify certificate request: Create a private key and then generate a certificate request from it: - openssl genrsa -out key.pem 1024 + openssl genrsa -out key.pem 2048 openssl req -new -key key.pem -out req.pem The same but just using req: - openssl req -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -newkey rsa:2048 -keyout key.pem -out req.pem Generate a self signed root certificate: - openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem Example of a file pointed to by the B option: @@ -531,7 +530,7 @@ expansion: Sample configuration file prompting for field values: [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes @@ -572,7 +571,7 @@ Sample configuration containing all field values: RANDFILE = $ENV::HOME/.rnd [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index fb6036f..c69e6a6 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -111,7 +111,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B. EVP_EncryptInit_ex() sets up cipher context B for encryption with cipher B from ENGINE B. B must be initialized before calling this function. B is normally supplied -by a function such as EVP_des_cbc(). If B is NULL then the +by a function such as EVP_aes_256_cbc(). If B is NULL then the default implementation is used. B is the symmetric key to use and B is the IV to use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. It is possible to set diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 7d793e1..19112a5 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -25,7 +25,7 @@ encrypted using this key. EVP_SealInit() initializes a cipher context B for encryption with cipher B using a random secret key and IV. B is normally -supplied by a function such as EVP_des_cbc(). The secret key is encrypted +supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. B is an array of buffers where the public key encrypted secret key will be written, each buffer diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index f5ab1c3..48741ee 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -192,7 +192,7 @@ to use the pointer value at all, as this kind of reference is a guarantee that the structure can not be deallocated until the reference is released. However, a structural reference provides no guarantee that the ENGINE is -initiliased and able to use any of its cryptographic +initialised and able to use any of its cryptographic implementations. Indeed it's quite possible that most ENGINEs will not initialise at all in typical environments, as ENGINEs are typically used to support specialised hardware. To use an ENGINE's functionality, you need a @@ -201,8 +201,8 @@ specialised form of structural reference, because each functional reference implicitly contains a structural reference as well - however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an -ENGINE, you have a guarantee that the ENGINE has been initialised ready to -perform cryptographic operations and will remain uninitialised +ENGINE, you have a guarantee that the ENGINE has been initialised and +is ready to perform cryptographic operations, and will remain initialised until after you have released your reference. I @@ -370,7 +370,7 @@ I Here we'll assume an application has been configured by its user or admin to want to use the "ACME" ENGINE if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be -used by default for all RSA, DSA, and symmetric cipher operation, otherwise +used by default for all RSA, DSA, and symmetric cipher operations, otherwise OpenSSL should use its builtin software as per usual. The following code illustrates how to approach this; @@ -401,7 +401,7 @@ I Here we'll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by -OpenSSL - if there is an ENGINE that implements it and can be initialise, +OpenSSL - if there is an ENGINE that implements it and can be initialised, it should be used. The following code illustrates how this can work; /* Load all bundled ENGINEs into memory and make them visible */ From rsalz at openssl.org Fri Jul 31 17:33:57 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 17:33:57 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1438364037.374366.27039.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via a5e26349f73de74019892eb9e592965e633fe7d5 (commit) from b68fa4d19ee68640f18d8eea4249eb0191a07694 (commit) - Log ----------------------------------------------------------------- commit a5e26349f73de74019892eb9e592965e633fe7d5 Author: Loganaden Velvindron Date: Fri Jul 31 13:20:16 2015 -0400 Clear BN-mont values when free'ing it. From a CloudFlare patch. Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mont.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index aadd5db..aafd1b8 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -361,9 +361,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if (mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) OPENSSL_free(mont); } From rsalz at openssl.org Fri Jul 31 17:38:23 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 17:38:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438364303.365098.27578.nullmailer@dev.openssl.org> The branch master has been updated via 1a586b3942de1c0bd64203d09385d5e74f499d8d (commit) from 740ceb5b0c844f1fe9b96983cc175d19795e7aa0 (commit) - Log ----------------------------------------------------------------- commit 1a586b3942de1c0bd64203d09385d5e74f499d8d Author: Loganaden Velvindron Date: Fri Jul 31 13:20:16 2015 -0400 Clear BN-mont values when free'ing it. From a CloudFlare patch. Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mont.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index e3955fe..1580e97 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -339,9 +339,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if (mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) OPENSSL_free(mont); } From rsalz at openssl.org Fri Jul 31 17:38:53 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 17:38:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1438364333.411315.28350.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1a9a506cfbb3a57215dae72aadab8943b977bcf7 (commit) from 5030cc69ffd6137d3d3f2b221c3313042940c1fd (commit) - Log ----------------------------------------------------------------- commit 1a9a506cfbb3a57215dae72aadab8943b977bcf7 Author: Loganaden Velvindron Date: Fri Jul 31 13:20:16 2015 -0400 Clear BN-mont values when free'ing it. From a CloudFlare patch. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 1a586b3942de1c0bd64203d09385d5e74f499d8d) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mont.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index aadd5db..aafd1b8 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -361,9 +361,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if (mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) OPENSSL_free(mont); } From rsalz at openssl.org Fri Jul 31 17:39:08 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 31 Jul 2015 17:39:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1438364348.504810.28617.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 895c1b79dd7a76caea46d3185c8c2d3a27506b9d (commit) from 86fecb23df64a87dc9833f8d88f7c3f9c704f6b9 (commit) - Log ----------------------------------------------------------------- commit 895c1b79dd7a76caea46d3185c8c2d3a27506b9d Author: Loganaden Velvindron Date: Fri Jul 31 13:20:16 2015 -0400 Clear BN-mont values when free'ing it. From a CloudFlare patch. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 1a586b3942de1c0bd64203d09385d5e74f499d8d) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mont.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index bab8dfe..61c70f0 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -427,9 +427,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if (mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) OPENSSL_free(mont); } From matt at openssl.org Fri Jul 31 19:34:02 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 31 Jul 2015 19:34:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438371242.370052.9917.nullmailer@dev.openssl.org> The branch master has been updated via e1e088ec7f2f33c4c4ad31312d62c536441d4358 (commit) from 1a586b3942de1c0bd64203d09385d5e74f499d8d (commit) - Log ----------------------------------------------------------------- commit e1e088ec7f2f33c4c4ad31312d62c536441d4358 Author: Matt Caswell Date: Thu Jun 25 14:12:25 2015 +0100 Remove erroneous server_random filling Commit e481f9b90b164 removed OPENSSL_NO_TLSEXT from the code. Previously if OPENSSL_NO_TLSEXT *was not* defined then the server random was filled during getting of the ClientHello. If it *was* defined then the server random would be filled in ssl3_send_server_hello(). Unfortunately in commit e481f9b90b164 the OPENSSL_NO_TLSEXT guards were removed but *both* server random fillings were left in. This could cause problems for session ticket callbacks. Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 72deedc..718ca2c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1580,19 +1580,16 @@ int ssl3_send_server_hello(SSL *s) if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf = (unsigned char *)s->init_buf->data; - p = s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { - s->state = SSL_ST_ERR; - return -1; - } - /* Do the message type and length last */ d = p = ssl_handshake_start(s); *(p++) = s->version >> 8; *(p++) = s->version & 0xff; - /* Random stuff */ + /* + * Random stuff. Filling of the server_random takes place in + * ssl3_get_client_hello() + */ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; From ben at openssl.org Fri Jul 31 19:50:40 2015 From: ben at openssl.org (Ben Laurie) Date: Fri, 31 Jul 2015 19:50:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1438372240.211993.12320.nullmailer@dev.openssl.org> The branch master has been updated via 34750dc25d74e3db4c1ba43cd219d3f4825e4c65 (commit) from e1e088ec7f2f33c4c4ad31312d62c536441d4358 (commit) - Log ----------------------------------------------------------------- commit 34750dc25d74e3db4c1ba43cd219d3f4825e4c65 Author: Ben Laurie Date: Fri Jul 31 09:49:20 2015 +0100 Only define PAGE_SIZE if not already defined. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/sec_mem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/sec_mem.c b/crypto/sec_mem.c index 5bf8baa..a630cbc 100644 --- a/crypto/sec_mem.c +++ b/crypto/sec_mem.c @@ -26,7 +26,9 @@ #define LOCK() CRYPTO_w_lock(CRYPTO_LOCK_MALLOC) #define UNLOCK() CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC) #define CLEAR(p, s) OPENSSL_cleanse(p, s) -#define PAGE_SIZE 4096 +#ifndef PAGE_SIZE +# define PAGE_SIZE 4096 +#endif #ifdef IMPLEMENTED size_t secure_mem_used;

Individual Email Location Key ID / Fingerprint

Mark J. Cox mark at openssl.org UK 49A563D9
Mark J. Cox mark at openssl.org UK B00CFE33, 49A563D9 (old key)

Dr. Stephen Henson steve at openssl.org UK FA40E9E2, F295C759 (old key)

Ben Laurie ben at openssl.org UK 2118CF83
Andy Polyakov appro at openssl.org SE 1FE8E023

Individual Email Location Key ID

Matt Caswell matt at openssl.org UK 0E604491
Mark J. Cox mark at openssl.org UK 49A563D9
Mark J. Cox mark at openssl.org UK B00CFE33, 49A563D9 (old key)

Viktor Dukhovni viktor at openssl.org US

Dr. Stephen Henson steve at openssl.org UK FA40E9E2, F295C759 (old key)

Tim Hudson tjh at openssl.org AU 41FBF7DD

Individual	Email	Location	Key ID / Fingerprint

Mark J. Cox	mark at openssl.org	UK	49A563D9
Mark J. Cox	mark at openssl.org	UK	B00CFE33, 49A563D9 (old key)
Dr. Stephen Henson	steve at openssl.org	UK	FA40E9E2, F295C759 (old key)
Ben Laurie	ben at openssl.org	UK	2118CF83
Andy Polyakov	appro at openssl.org	SE	1FE8E023
Individual	Email	Location	Key ID

Matt Caswell	matt at openssl.org	UK	0E604491
Mark J. Cox	mark at openssl.org	UK	49A563D9
Mark J. Cox	mark at openssl.org	UK	B00CFE33, 49A563D9 (old key)
Viktor Dukhovni	viktor at openssl.org	US
Dr. Stephen Henson	steve at openssl.org	UK	FA40E9E2, F295C759 (old key)
Tim Hudson	tjh at openssl.org	AU	41FBF7DD