Import OpenSSL 1.0.2s
This commit is contained in:
Steve Dower
44
CHANGES
44
CHANGES
@@ -7,6 +7,50 @@
|
||||
https://github.com/openssl/openssl/commits/ and pick the appropriate
|
||||
release branch.
|
||||
|
||||
Changes between 1.0.2r and 1.0.2s [28 May 2019]
|
||||
|
||||
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
|
||||
This changes the size when using the genpkey app when no size is given. It
|
||||
fixes an omission in earlier changes that changed all RSA, DSA and DH
|
||||
generation apps to use 2048 bits by default.
|
||||
[Kurt Roeckx]
|
||||
|
||||
*) Add FIPS support for Android Arm 64-bit
|
||||
|
||||
Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
|
||||
Module in Version 2.0.10. For some reason, the corresponding target
|
||||
'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be
|
||||
built with FIPS support on Android Arm 64-bit. This omission has been
|
||||
fixed.
|
||||
[Matthias St. Pierre]
|
||||
|
||||
Changes between 1.0.2q and 1.0.2r [26 Feb 2019]
|
||||
|
||||
*) 0-byte record padding oracle
|
||||
|
||||
If an application encounters a fatal protocol error and then calls
|
||||
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
|
||||
then OpenSSL can respond differently to the calling application if a 0 byte
|
||||
record is received with invalid padding compared to if a 0 byte record is
|
||||
received with an invalid MAC. If the application then behaves differently
|
||||
based on that in a way that is detectable to the remote peer, then this
|
||||
amounts to a padding oracle that could be used to decrypt data.
|
||||
|
||||
In order for this to be exploitable "non-stitched" ciphersuites must be in
|
||||
use. Stitched ciphersuites are optimised implementations of certain
|
||||
commonly used ciphersuites. Also the application must call SSL_shutdown()
|
||||
twice even if a protocol error has occurred (applications should not do
|
||||
this but some do anyway).
|
||||
|
||||
This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod
|
||||
Aviram, with additional investigation by Steven Collison and Andrew
|
||||
Hourselt. It was reported to OpenSSL on 10th December 2018.
|
||||
(CVE-2019-1559)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
|
||||
[Richard Levitte]
|
||||
|
||||
Changes between 1.0.2p and 1.0.2q [20 Nov 2018]
|
||||
|
||||
*) Microarchitecture timing vulnerability in ECC scalar multiplication
|
||||
|
||||
@@ -475,6 +475,7 @@ my %table=(
|
||||
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
#### *BSD [do see comment about ${BSDthreads} above!]
|
||||
"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
8
MINFO
8
MINFO
@@ -53,7 +53,7 @@ MANSUFFIX=
|
||||
MD5_ASM_OBJ=md5-586.o
|
||||
MINOR=0.2
|
||||
MODES_ASM_OBJ=ghash-x86.o
|
||||
NAME=openssl-1.0.2q
|
||||
NAME=openssl-1.0.2s
|
||||
NM=nm
|
||||
ONEDIRS=out tmp
|
||||
OPENSSLDIR=/usr/local/ssl
|
||||
@@ -85,12 +85,12 @@ SHLIB_TARGET=
|
||||
SHLIB_VERSION_HISTORY=
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
TAR=tar
|
||||
TARFILE=../openssl-1.0.2q.tar
|
||||
TARFILE=../openssl-1.0.2s.tar
|
||||
TARFLAGS=--no-recursion
|
||||
TAR_COMMAND=tar --no-recursion --files-from ../openssl-1.0.2q.tar.list --owner 0 --group 0 --transform 's|^|openssl-1.0.2q/|' -cvf -
|
||||
TAR_COMMAND=tar --no-recursion --files-from ../openssl-1.0.2s.tar.list --owner 0 --group 0 --transform 's|^|openssl-1.0.2s/|' -cvf -
|
||||
TESTS=alltests
|
||||
TOP=.
|
||||
VERSION=1.0.2q
|
||||
VERSION=1.0.2s
|
||||
WDIRS=windows
|
||||
WP_ASM_OBJ=wp_block.o wp-mmx.o
|
||||
ZLIB_INCLUDE=
|
||||
|
||||
4
Makefile
4
Makefile
@@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=1.0.2q
|
||||
VERSION=1.0.2s
|
||||
MAJOR=1
|
||||
MINOR=0.2
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
@@ -521,7 +521,7 @@ $(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
\! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
|
||||
tar: $(TARFILE).list
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=1.0.2q
|
||||
VERSION=1.0.2s
|
||||
MAJOR=1
|
||||
MINOR=0.2
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
@@ -521,7 +521,7 @@ $(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
\! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
|
||||
tar: $(TARFILE).list
|
||||
|
||||
@@ -519,7 +519,7 @@ $(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
\! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
|
||||
tar: $(TARFILE).list
|
||||
|
||||
4
NEWS
4
NEWS
@@ -5,6 +5,10 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
|
||||
|
||||
o 0-byte record padding oracle (CVE-2019-1559)
|
||||
|
||||
Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018]
|
||||
|
||||
o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
|
||||
|
||||
4
README
4
README
@@ -1,7 +1,7 @@
|
||||
|
||||
OpenSSL 1.0.2q 20 Nov 2018
|
||||
OpenSSL 1.0.2s 28 May 2019
|
||||
|
||||
Copyright (c) 1998-2018 The OpenSSL Project
|
||||
Copyright (c) 1998-2019 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
All rights reserved.
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/usr/bin/perl
|
||||
#!/usr/local/bin/perl
|
||||
#
|
||||
# CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
# some setup stuff to be done before you can use it and this makes
|
||||
|
||||
188
apps/CA.pl.bak
188
apps/CA.pl.bak
@@ -1,188 +0,0 @@
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
# some setup stuff to be done before you can use it and this makes
|
||||
# things easier between now and when Eric is convinced to fix it :-)
|
||||
#
|
||||
# CA -newca ... will setup the right stuff
|
||||
# CA -newreq[-nodes] ... will generate a certificate request
|
||||
# CA -sign ... will sign the generated request and output
|
||||
#
|
||||
# At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
# and the other the certificate) and cat them together and that is what
|
||||
# you want/need ... I'll make even this a little cleaner later.
|
||||
#
|
||||
#
|
||||
# 12-Jan-96 tjh Added more things ... including CA -signcert which
|
||||
# converts a certificate to a request and then signs it.
|
||||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
|
||||
# environment variable so this can be driven from
|
||||
# a script.
|
||||
# 25-Jul-96 eay Cleaned up filenames some more.
|
||||
# 11-Jun-96 eay Fixed a few filename missmatches.
|
||||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
|
||||
# 18-Apr-96 tjh Original hacking
|
||||
#
|
||||
# Tim Hudson
|
||||
# tjh@cryptsoft.com
|
||||
#
|
||||
|
||||
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
|
||||
#
|
||||
#
|
||||
# Steve Henson
|
||||
# shenson@bigfoot.com
|
||||
|
||||
# default openssl.cnf file has setup as per the following
|
||||
# demoCA ... where everything is stored
|
||||
|
||||
my $openssl;
|
||||
if(defined $ENV{OPENSSL}) {
|
||||
$openssl = $ENV{OPENSSL};
|
||||
} else {
|
||||
$openssl = "openssl";
|
||||
$ENV{OPENSSL} = $openssl;
|
||||
}
|
||||
|
||||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
|
||||
$DAYS="-days 365"; # 1 year
|
||||
$CADAYS="-days 1095"; # 3 years
|
||||
$REQ="$openssl req $SSLEAY_CONFIG";
|
||||
$CA="$openssl ca $SSLEAY_CONFIG";
|
||||
$VERIFY="$openssl verify";
|
||||
$X509="$openssl x509";
|
||||
$PKCS12="$openssl pkcs12";
|
||||
|
||||
$CATOP="./demoCA";
|
||||
$CAKEY="cakey.pem";
|
||||
$CAREQ="careq.pem";
|
||||
$CACERT="cacert.pem";
|
||||
|
||||
$DIRMODE = 0777;
|
||||
|
||||
$RET = 0;
|
||||
|
||||
foreach (@ARGV) {
|
||||
if ( /^(-\?|-h|-help)$/ ) {
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
|
||||
exit 0;
|
||||
} elsif (/^-newcert$/) {
|
||||
# create a certificate
|
||||
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
|
||||
} elsif (/^-newreq$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request is in newreq.pem, private key is in newkey.pem\n";
|
||||
} elsif (/^-newreq-nodes$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request is in newreq.pem, private key is in newkey.pem\n";
|
||||
} elsif (/^-newca$/) {
|
||||
# if explicitly asked for or it doesn't exist then setup the
|
||||
# directory structure that Eric likes to manage things
|
||||
$NEW="1";
|
||||
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
|
||||
# create the directory hierarchy
|
||||
mkdir $CATOP, $DIRMODE;
|
||||
mkdir "${CATOP}/certs", $DIRMODE;
|
||||
mkdir "${CATOP}/crl", $DIRMODE ;
|
||||
mkdir "${CATOP}/newcerts", $DIRMODE;
|
||||
mkdir "${CATOP}/private", $DIRMODE;
|
||||
open OUT, ">${CATOP}/index.txt";
|
||||
close OUT;
|
||||
open OUT, ">${CATOP}/crlnumber";
|
||||
print OUT "01\n";
|
||||
close OUT;
|
||||
}
|
||||
if ( ! -f "${CATOP}/private/$CAKEY" ) {
|
||||
print "CA certificate filename (or enter to create)\n";
|
||||
$FILE = <STDIN>;
|
||||
|
||||
chop $FILE;
|
||||
|
||||
# ask user for existing CA certificate
|
||||
if ($FILE) {
|
||||
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
|
||||
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
|
||||
$RET=$?;
|
||||
} else {
|
||||
print "Making CA certificate ...\n";
|
||||
system ("$REQ -new -keyout " .
|
||||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
|
||||
system ("$CA -create_serial " .
|
||||
"-out ${CATOP}/$CACERT $CADAYS -batch " .
|
||||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
|
||||
"-extensions v3_ca " .
|
||||
"-infiles ${CATOP}/$CAREQ ");
|
||||
$RET=$?;
|
||||
}
|
||||
}
|
||||
} elsif (/^-pkcs12$/) {
|
||||
my $cname = $ARGV[1];
|
||||
$cname = "My Certificate" unless defined $cname;
|
||||
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
|
||||
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
|
||||
"-export -name \"$cname\"");
|
||||
$RET=$?;
|
||||
print "PKCS #12 file is in newcert.p12\n";
|
||||
exit $RET;
|
||||
} elsif (/^-xsign$/) {
|
||||
system ("$CA -policy policy_anything -infiles newreq.pem");
|
||||
$RET=$?;
|
||||
} elsif (/^(-sign|-signreq)$/) {
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-infiles newreq.pem");
|
||||
$RET=$?;
|
||||
print "Signed certificate is in newcert.pem\n";
|
||||
} elsif (/^(-signCA)$/) {
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-extensions v3_ca -infiles newreq.pem");
|
||||
$RET=$?;
|
||||
print "Signed CA certificate is in newcert.pem\n";
|
||||
} elsif (/^-signcert$/) {
|
||||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
|
||||
"-out tmp.pem");
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-infiles tmp.pem");
|
||||
$RET = $?;
|
||||
print "Signed certificate is in newcert.pem\n";
|
||||
} elsif (/^-verify$/) {
|
||||
if (shift) {
|
||||
foreach $j (@ARGV) {
|
||||
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
|
||||
$RET=$? if ($? != 0);
|
||||
}
|
||||
exit $RET;
|
||||
} else {
|
||||
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
|
||||
$RET=$?;
|
||||
exit 0;
|
||||
}
|
||||
} else {
|
||||
print STDERR "Unknown arg $_\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 1;
|
||||
}
|
||||
}
|
||||
|
||||
exit $RET;
|
||||
|
||||
sub cp_pem {
|
||||
my ($infile, $outfile, $bound) = @_;
|
||||
open IN, $infile;
|
||||
open OUT, ">$outfile";
|
||||
my $flag = 0;
|
||||
while (<IN>) {
|
||||
$flag = 1 if (/^-----BEGIN.*$bound/) ;
|
||||
print OUT $_ if ($flag);
|
||||
if (/^-----END.*$bound/) {
|
||||
close IN;
|
||||
close OUT;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
1
config
1
config
@@ -871,6 +871,7 @@ case "$GUESSOS" in
|
||||
*-*-qnx6) OUT="QNX6" ;;
|
||||
x86-*-android|i?86-*-android) OUT="android-x86" ;;
|
||||
armv[7-9]*-*-android) OUT="android-armv7" ;;
|
||||
aarch64-*-android) OUT="android64-aarch64" ;;
|
||||
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
|
||||
esac
|
||||
|
||||
|
||||
@@ -234,6 +234,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
|
||||
|
||||
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
|
||||
{
|
||||
/*
|
||||
* One of the following must be true:
|
||||
*
|
||||
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
|
||||
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
|
||||
*
|
||||
* Anything else is an error and may lead to a corrupt ASN1 method table
|
||||
*/
|
||||
if (!((ameth->pem_str == NULL
|
||||
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
|
||||
|| (ameth->pem_str != NULL
|
||||
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (app_methods == NULL) {
|
||||
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
|
||||
if (!app_methods)
|
||||
@@ -305,18 +320,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
|
||||
} else
|
||||
ameth->info = NULL;
|
||||
|
||||
/*
|
||||
* One of the following must be true:
|
||||
*
|
||||
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
|
||||
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
|
||||
*
|
||||
* Anything else is an error and may lead to a corrupt ASN1 method table
|
||||
*/
|
||||
if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
|
||||
|| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
|
||||
goto err;
|
||||
|
||||
if (pem_str) {
|
||||
ameth->pem_str = BUF_strdup(pem_str);
|
||||
if (!ameth->pem_str)
|
||||
|
||||
@@ -361,12 +361,16 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
} else
|
||||
_setmode(fd, _O_BINARY);
|
||||
}
|
||||
# elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
|
||||
# elif defined(OPENSSL_SYS_OS2)
|
||||
int fd = fileno((FILE *)ptr);
|
||||
if (num & BIO_FP_TEXT)
|
||||
setmode(fd, O_TEXT);
|
||||
else
|
||||
setmode(fd, O_BINARY);
|
||||
# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
|
||||
int fd = fileno((FILE *)ptr);
|
||||
if (!(num & BIO_FP_TEXT))
|
||||
setmode(fd, O_BINARY);
|
||||
# endif
|
||||
}
|
||||
break;
|
||||
@@ -389,11 +393,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
|
||||
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2)
|
||||
if (!(num & BIO_FP_TEXT))
|
||||
strcat(p, "b");
|
||||
else
|
||||
strcat(p, "t");
|
||||
# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
|
||||
if (!(num & BIO_FP_TEXT))
|
||||
strcat(p, "b");
|
||||
# endif
|
||||
# if defined(OPENSSL_SYS_NETWARE)
|
||||
if (!(num & BIO_FP_TEXT))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
/* crypto/bn/bn_ctx.c */
|
||||
/* Written by Ulf Moeller for the OpenSSL project. */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -299,6 +299,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
|
||||
}
|
||||
/* OK, make sure the returned bignum is "zero" */
|
||||
BN_zero(ret);
|
||||
/* clear BN_FLG_CONSTTIME if leaked from previous frames */
|
||||
ret->flags &= (~BN_FLG_CONSTTIME);
|
||||
ctx->used++;
|
||||
CTXDBG_RET(ctx, ret);
|
||||
return ret;
|
||||
|
||||
@@ -836,6 +836,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
|
||||
int i;
|
||||
BN_ULONG aa, bb;
|
||||
|
||||
if (n == 0)
|
||||
return 0;
|
||||
|
||||
aa = a[n - 1];
|
||||
bb = b[n - 1];
|
||||
if (aa != bb)
|
||||
|
||||
@@ -89,6 +89,10 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#ifndef OSSL_NELEM
|
||||
# define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0]))
|
||||
#endif
|
||||
|
||||
const int num0 = 100; /* number of tests */
|
||||
const int num1 = 50; /* additional tests for some functions */
|
||||
const int num2 = 5; /* number of tests for slow functions */
|
||||
@@ -123,6 +127,7 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
|
||||
int test_kron(BIO *bp, BN_CTX *ctx);
|
||||
int test_sqrt(BIO *bp, BN_CTX *ctx);
|
||||
int rand_neg(void);
|
||||
static int test_ctx_consttime_flag(void);
|
||||
static int results = 0;
|
||||
|
||||
static unsigned char lst[] =
|
||||
@@ -330,6 +335,15 @@ int main(int argc, char *argv[])
|
||||
goto err;
|
||||
(void)BIO_flush(out);
|
||||
#endif
|
||||
|
||||
/* silently flush any pre-existing error on the stack */
|
||||
ERR_clear_error();
|
||||
|
||||
message(out, "BN_CTX_get BN_FLG_CONSTTIME");
|
||||
if (!test_ctx_consttime_flag())
|
||||
goto err;
|
||||
(void)BIO_flush(out);
|
||||
|
||||
BN_CTX_free(ctx);
|
||||
BIO_free(out);
|
||||
|
||||
@@ -2158,3 +2172,90 @@ int rand_neg(void)
|
||||
|
||||
return (sign[(neg++) % 8]);
|
||||
}
|
||||
|
||||
static int test_ctx_set_ct_flag(BN_CTX *c)
|
||||
{
|
||||
int st = 0;
|
||||
size_t i;
|
||||
BIGNUM *b[15];
|
||||
|
||||
BN_CTX_start(c);
|
||||
for (i = 0; i < OSSL_NELEM(b); i++) {
|
||||
if (NULL == (b[i] = BN_CTX_get(c))) {
|
||||
fprintf(stderr, "ERROR: BN_CTX_get() failed.\n");
|
||||
goto err;
|
||||
}
|
||||
if (i % 2 == 1)
|
||||
BN_set_flags(b[i], BN_FLG_CONSTTIME);
|
||||
}
|
||||
|
||||
st = 1;
|
||||
err:
|
||||
BN_CTX_end(c);
|
||||
return st;
|
||||
}
|
||||
|
||||
static int test_ctx_check_ct_flag(BN_CTX *c)
|
||||
{
|
||||
int st = 0;
|
||||
size_t i;
|
||||
BIGNUM *b[30];
|
||||
|
||||
BN_CTX_start(c);
|
||||
for (i = 0; i < OSSL_NELEM(b); i++) {
|
||||
if (NULL == (b[i] = BN_CTX_get(c))) {
|
||||
fprintf(stderr, "ERROR: BN_CTX_get() failed.\n");
|
||||
goto err;
|
||||
}
|
||||
if (BN_get_flags(b[i], BN_FLG_CONSTTIME) != 0) {
|
||||
fprintf(stderr, "ERROR: BN_FLG_CONSTTIME should not be set.\n");
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
st = 1;
|
||||
err:
|
||||
BN_CTX_end(c);
|
||||
return st;
|
||||
}
|
||||
|
||||
static int test_ctx_consttime_flag(void)
|
||||
{
|
||||
/*-
|
||||
* The constant-time flag should not "leak" among BN_CTX frames:
|
||||
*
|
||||
* - test_ctx_set_ct_flag() starts a frame in the given BN_CTX and
|
||||
* sets the BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained
|
||||
* from the frame before ending it.
|
||||
* - test_ctx_check_ct_flag() then starts a new frame and gets a
|
||||
* number of BIGNUMs from it. In absence of leaks, none of the
|
||||
* BIGNUMs in the new frame should have BN_FLG_CONSTTIME set.
|
||||
*
|
||||
* In actual BN_CTX usage inside libcrypto the leak could happen at
|
||||
* any depth level in the BN_CTX stack, with varying results
|
||||
* depending on the patterns of sibling trees of nested function
|
||||
* calls sharing the same BN_CTX object, and the effect of
|
||||
* unintended BN_FLG_CONSTTIME on the called BN_* functions.
|
||||
*
|
||||
* This simple unit test abstracts away this complexity and verifies
|
||||
* that the leak does not happen between two sibling functions
|
||||
* sharing the same BN_CTX object at the same level of nesting.
|
||||
*
|
||||
*/
|
||||
BN_CTX *c = NULL;
|
||||
int st = 0;
|
||||
|
||||
if (NULL == (c = BN_CTX_new())) {
|
||||
fprintf(stderr, "ERROR: BN_CTX_new() failed.\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!test_ctx_set_ct_flag(c)
|
||||
|| !test_ctx_check_ct_flag(c))
|
||||
goto err;
|
||||
|
||||
st = 1;
|
||||
err:
|
||||
BN_CTX_free(c);
|
||||
return st;
|
||||
}
|
||||
|
||||
@@ -9,11 +9,11 @@
|
||||
/* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
|
||||
#define CFLAGS "compiler: cl /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE "
|
||||
#define PLATFORM "VC-WIN32"
|
||||
#define DATE "Fri Dec 7 19:08:23 2018"
|
||||
#define DATE "Mon Jun 17 15:40:00 2019"
|
||||
#endif
|
||||
#ifdef MK1MF_PLATFORM_BC_NT
|
||||
/* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
|
||||
#define CFLAGS "compiler: bcc32 -DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -O2 -ff -fp -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_DYNAMIC_ENGINE "
|
||||
#define PLATFORM "BC-NT"
|
||||
#define DATE "Fri Dec 7 19:08:23 2018"
|
||||
#define DATE "Mon Jun 17 15:40:00 2019"
|
||||
#endif
|
||||
|
||||
@@ -204,6 +204,12 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b)
|
||||
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
|
||||
}
|
||||
|
||||
/*
|
||||
* Expected usage pattern is to unconditionally set error and then
|
||||
* wipe it if there was no actual error. |clear| is 1 or 0.
|
||||
*/
|
||||
void err_clear_last_constant_time(int clear);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* 2006.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 2006-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -101,7 +101,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
|
||||
dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
|
||||
if (!dctx)
|
||||
return 0;
|
||||
dctx->prime_len = 1024;
|
||||
dctx->prime_len = 2048;
|
||||
dctx->subprime_len = -1;
|
||||
dctx->generator = 2;
|
||||
dctx->use_dsa = 0;
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* 2006.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 2006-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -69,8 +69,8 @@
|
||||
|
||||
typedef struct {
|
||||
/* Parameter gen parameters */
|
||||
int nbits; /* size of p in bits (default: 1024) */
|
||||
int qbits; /* size of q in bits (default: 160) */
|
||||
int nbits; /* size of p in bits (default: 2048) */
|
||||
int qbits; /* size of q in bits (default: 224) */
|
||||
const EVP_MD *pmd; /* MD for parameter generation */
|
||||
/* Keygen callback info */
|
||||
int gentmp[2];
|
||||
@@ -84,8 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
|
||||
dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
|
||||
if (!dctx)
|
||||
return 0;
|
||||
dctx->nbits = 1024;
|
||||
dctx->qbits = 160;
|
||||
dctx->nbits = 2048;
|
||||
dctx->qbits = 224;
|
||||
dctx->pmd = NULL;
|
||||
dctx->md = NULL;
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -299,7 +299,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
point_conversion_form_t form;
|
||||
int y_bit;
|
||||
int y_bit, m;
|
||||
BN_CTX *new_ctx = NULL;
|
||||
BIGNUM *x, *y, *yxi;
|
||||
size_t field_len, enc_len;
|
||||
@@ -332,7 +332,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
return EC_POINT_set_to_infinity(group, point);
|
||||
}
|
||||
|
||||
field_len = (EC_GROUP_get_degree(group) + 7) / 8;
|
||||
m = EC_GROUP_get_degree(group);
|
||||
field_len = (m + 7) / 8;
|
||||
enc_len =
|
||||
(form ==
|
||||
POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
|
||||
@@ -357,7 +358,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
|
||||
if (!BN_bin2bn(buf + 1, field_len, x))
|
||||
goto err;
|
||||
if (BN_ucmp(x, &group->field) >= 0) {
|
||||
if (BN_num_bits(x) > m) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
|
||||
goto err;
|
||||
}
|
||||
@@ -369,7 +370,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
} else {
|
||||
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
|
||||
goto err;
|
||||
if (BN_ucmp(y, &group->field) >= 0) {
|
||||
if (BN_num_bits(y) > m) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
|
||||
goto err;
|
||||
}
|
||||
@@ -382,16 +383,14 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* EC_POINT_set_affine_coordinates_GF2m is responsible for checking that
|
||||
* the point is on the curve.
|
||||
*/
|
||||
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
|
||||
@@ -601,7 +601,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
|
||||
|
||||
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
|
||||
*(int *)arg2 = NID_sha256;
|
||||
return 2;
|
||||
return 1;
|
||||
|
||||
default:
|
||||
return -2;
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* Originally written by Bodo Moeller for the OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -872,7 +872,15 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
|
||||
EC_R_INCOMPATIBLE_OBJECTS);
|
||||
return 0;
|
||||
}
|
||||
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
|
||||
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
|
||||
return 0;
|
||||
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
|
||||
EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
@@ -890,7 +898,15 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
|
||||
EC_R_INCOMPATIBLE_OBJECTS);
|
||||
return 0;
|
||||
}
|
||||
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
|
||||
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
|
||||
return 0;
|
||||
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
|
||||
EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -519,7 +519,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
EC_POINT_free(s);
|
||||
EC_POINT_clear_free(s);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
|
||||
|
||||
@@ -356,10 +356,15 @@ static void felem_diff64(felem out, const felem in)
|
||||
static void felem_diff_128_64(largefelem out, const felem in)
|
||||
{
|
||||
/*
|
||||
* In order to prevent underflow, we add 0 mod p before subtracting.
|
||||
* In order to prevent underflow, we add 64p mod p (which is equivalent
|
||||
* to 0 mod p) before subtracting. p is 2^521 - 1, i.e. in binary a 521
|
||||
* digit number with all bits set to 1. See "The representation of field
|
||||
* elements" comment above for a description of how limbs are used to
|
||||
* represent a number. 64p is represented with 8 limbs containing a number
|
||||
* with 58 bits set and one limb with a number with 57 bits set.
|
||||
*/
|
||||
static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
|
||||
static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);
|
||||
static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6);
|
||||
static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5);
|
||||
|
||||
out[0] += two63m6 - in[0];
|
||||
out[1] += two63m5 - in[1];
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -408,16 +408,14 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* EC_POINT_set_affine_coordinates_GFp is responsible for checking that
|
||||
* the point is on the curve.
|
||||
*/
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
* Originally written by Bodo Moeller for the OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -325,7 +325,7 @@ static void prime_field_tests(void)
|
||||
EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
|
||||
NULL, *P_384 = NULL, *P_521 = NULL;
|
||||
EC_POINT *P, *Q, *R;
|
||||
BIGNUM *x, *y, *z;
|
||||
BIGNUM *x, *y, *z, *yplusone;
|
||||
unsigned char buf[100];
|
||||
size_t i, len;
|
||||
int k;
|
||||
@@ -405,7 +405,8 @@ static void prime_field_tests(void)
|
||||
x = BN_new();
|
||||
y = BN_new();
|
||||
z = BN_new();
|
||||
if (!x || !y || !z)
|
||||
yplusone = BN_new();
|
||||
if (x == NULL || y == NULL || z == NULL || yplusone == NULL)
|
||||
ABORT;
|
||||
|
||||
if (!BN_hex2bn(&x, "D"))
|
||||
@@ -542,6 +543,14 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
|
||||
ABORT;
|
||||
if (!BN_add(yplusone, y, BN_value_one()))
|
||||
ABORT;
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
|
||||
ABORT;
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
@@ -613,6 +622,15 @@ static void prime_field_tests(void)
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
if (!BN_add(yplusone, y, BN_value_one()))
|
||||
ABORT;
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 192)
|
||||
ABORT;
|
||||
@@ -668,6 +686,15 @@ static void prime_field_tests(void)
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
if (!BN_add(yplusone, y, BN_value_one()))
|
||||
ABORT;
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 224)
|
||||
ABORT;
|
||||
@@ -728,6 +755,15 @@ static void prime_field_tests(void)
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
if (!BN_add(yplusone, y, BN_value_one()))
|
||||
ABORT;
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 256)
|
||||
ABORT;
|
||||
@@ -783,6 +819,15 @@ static void prime_field_tests(void)
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
if (!BN_add(yplusone, y, BN_value_one()))
|
||||
ABORT;
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 384)
|
||||
ABORT;
|
||||
@@ -844,6 +889,15 @@ static void prime_field_tests(void)
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
if (!BN_add(yplusone, y, BN_value_one()))
|
||||
ABORT;
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 521)
|
||||
ABORT;
|
||||
@@ -858,6 +912,10 @@ static void prime_field_tests(void)
|
||||
|
||||
/* more tests using the last curve */
|
||||
|
||||
/* Restore the point that got mangled in the (x, y + 1) test. */
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
|
||||
ABORT;
|
||||
|
||||
if (!EC_POINT_copy(Q, P))
|
||||
ABORT;
|
||||
if (EC_POINT_is_at_infinity(group, Q))
|
||||
@@ -987,6 +1045,7 @@ static void prime_field_tests(void)
|
||||
BN_free(x);
|
||||
BN_free(y);
|
||||
BN_free(z);
|
||||
BN_free(yplusone);
|
||||
|
||||
if (P_160)
|
||||
EC_GROUP_free(P_160);
|
||||
@@ -1007,6 +1066,13 @@ static void prime_field_tests(void)
|
||||
# ifdef OPENSSL_EC_BIN_PT_COMP
|
||||
# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
|
||||
if (!BN_hex2bn(&x, _x)) ABORT; \
|
||||
if (!BN_hex2bn(&y, _y)) ABORT; \
|
||||
if (!BN_add(yplusone, y, BN_value_one())) ABORT; \
|
||||
/* \
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
|
||||
* and therefore setting the coordinates should fail. \
|
||||
*/ \
|
||||
if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
|
||||
if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
|
||||
if (!BN_hex2bn(&z, _order)) ABORT; \
|
||||
@@ -1025,6 +1091,12 @@ static void prime_field_tests(void)
|
||||
# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
|
||||
if (!BN_hex2bn(&x, _x)) ABORT; \
|
||||
if (!BN_hex2bn(&y, _y)) ABORT; \
|
||||
if (!BN_add(yplusone, y, BN_value_one())) ABORT; \
|
||||
/* \
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \
|
||||
* and therefore setting the coordinates should fail. \
|
||||
*/ \
|
||||
if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \
|
||||
if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
|
||||
if (!BN_hex2bn(&z, _order)) ABORT; \
|
||||
@@ -1062,7 +1134,7 @@ static void char2_field_tests(void)
|
||||
EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
|
||||
NULL, *C2_B571 = NULL;
|
||||
EC_POINT *P, *Q, *R;
|
||||
BIGNUM *x, *y, *z, *cof;
|
||||
BIGNUM *x, *y, *z, *cof, *yplusone;
|
||||
unsigned char buf[100];
|
||||
size_t i, len;
|
||||
int k;
|
||||
@@ -1076,7 +1148,7 @@ static void char2_field_tests(void)
|
||||
p = BN_new();
|
||||
a = BN_new();
|
||||
b = BN_new();
|
||||
if (!p || !a || !b)
|
||||
if (p == NULL || a == NULL || b == NULL)
|
||||
ABORT;
|
||||
|
||||
if (!BN_hex2bn(&p, "13"))
|
||||
@@ -1142,7 +1214,8 @@ static void char2_field_tests(void)
|
||||
y = BN_new();
|
||||
z = BN_new();
|
||||
cof = BN_new();
|
||||
if (!x || !y || !z || !cof)
|
||||
yplusone = BN_new();
|
||||
if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL)
|
||||
ABORT;
|
||||
|
||||
if (!BN_hex2bn(&x, "6"))
|
||||
@@ -1504,6 +1577,7 @@ static void char2_field_tests(void)
|
||||
BN_free(y);
|
||||
BN_free(z);
|
||||
BN_free(cof);
|
||||
BN_free(yplusone);
|
||||
|
||||
if (C2_K163)
|
||||
EC_GROUP_free(C2_K163);
|
||||
@@ -1672,7 +1746,7 @@ static const struct nistp_test_params nistp_tests_params[] = {
|
||||
static void nistp_single_test(const struct nistp_test_params *test)
|
||||
{
|
||||
BN_CTX *ctx;
|
||||
BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
|
||||
BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone;
|
||||
EC_GROUP *NISTP;
|
||||
EC_POINT *G, *P, *Q, *Q_CHECK;
|
||||
|
||||
@@ -1687,6 +1761,7 @@ static void nistp_single_test(const struct nistp_test_params *test)
|
||||
m = BN_new();
|
||||
n = BN_new();
|
||||
order = BN_new();
|
||||
yplusone = BN_new();
|
||||
|
||||
NISTP = EC_GROUP_new(test->meth());
|
||||
if (!NISTP)
|
||||
@@ -1709,6 +1784,14 @@ static void nistp_single_test(const struct nistp_test_params *test)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&y, test->Qy))
|
||||
ABORT;
|
||||
if (!BN_add(yplusone, y, BN_value_one()))
|
||||
ABORT;
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&x, test->Gx))
|
||||
@@ -1811,6 +1894,7 @@ static void nistp_single_test(const struct nistp_test_params *test)
|
||||
BN_free(x);
|
||||
BN_free(y);
|
||||
BN_free(order);
|
||||
BN_free(yplusone);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -207,7 +207,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
|
||||
|
||||
err:
|
||||
if (tmp)
|
||||
EC_POINT_free(tmp);
|
||||
EC_POINT_clear_free(tmp);
|
||||
if (ctx)
|
||||
BN_CTX_end(ctx);
|
||||
if (ctx)
|
||||
|
||||
@@ -82,7 +82,7 @@ err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||
err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||
err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
err.o: ../cryptlib.h err.c
|
||||
err.o: ../constant_time_locl.h ../cryptlib.h err.c
|
||||
err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -118,6 +118,7 @@
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include "constant_time_locl.h"
|
||||
|
||||
DECLARE_LHASH_OF(ERR_STRING_DATA);
|
||||
DECLARE_LHASH_OF(ERR_STATE);
|
||||
@@ -826,8 +827,24 @@ static unsigned long get_error_values(int inc, int top, const char **file,
|
||||
return ERR_R_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
while (es->bottom != es->top) {
|
||||
if (es->err_flags[es->top] & ERR_FLAG_CLEAR) {
|
||||
err_clear(es, es->top);
|
||||
es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1;
|
||||
continue;
|
||||
}
|
||||
i = (es->bottom + 1) % ERR_NUM_ERRORS;
|
||||
if (es->err_flags[i] & ERR_FLAG_CLEAR) {
|
||||
es->bottom = i;
|
||||
err_clear(es, es->bottom);
|
||||
continue;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (es->bottom == es->top)
|
||||
return 0;
|
||||
|
||||
if (top)
|
||||
i = es->top; /* last error */
|
||||
else
|
||||
@@ -1156,3 +1173,23 @@ int ERR_pop_to_mark(void)
|
||||
es->err_flags[es->top] &= ~ERR_FLAG_MARK;
|
||||
return 1;
|
||||
}
|
||||
|
||||
void err_clear_last_constant_time(int clear)
|
||||
{
|
||||
ERR_STATE *es;
|
||||
int top;
|
||||
|
||||
es = ERR_get_state();
|
||||
if (es == NULL)
|
||||
return;
|
||||
|
||||
top = es->top;
|
||||
|
||||
/*
|
||||
* Flag error as cleared but remove it elsewhere to avoid two errors
|
||||
* accessing the same error stack location, revealing timing information.
|
||||
*/
|
||||
clear = constant_time_select_int(constant_time_eq_int(clear, 0),
|
||||
0, ERR_FLAG_CLEAR);
|
||||
es->err_flags[top] |= clear;
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -143,6 +143,7 @@ extern "C" {
|
||||
# define ERR_TXT_STRING 0x02
|
||||
|
||||
# define ERR_FLAG_MARK 0x01
|
||||
# define ERR_FLAG_CLEAR 0x02
|
||||
|
||||
# define ERR_NUM_ERRORS 16
|
||||
typedef struct err_state_st {
|
||||
|
||||
@@ -1489,8 +1489,10 @@ void ERR_load_EVP_strings(void);
|
||||
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
|
||||
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
|
||||
# define EVP_F_EVP_DECRYPTFINAL_EX 101
|
||||
# define EVP_F_EVP_DECRYPTUPDATE 181
|
||||
# define EVP_F_EVP_DIGESTINIT_EX 128
|
||||
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
|
||||
# define EVP_F_EVP_ENCRYPTUPDATE 180
|
||||
# define EVP_F_EVP_MD_CTX_COPY_EX 110
|
||||
# define EVP_F_EVP_MD_SIZE 162
|
||||
# define EVP_F_EVP_OPENINIT 102
|
||||
|
||||
@@ -317,7 +317,8 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
||||
return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
|
||||
}
|
||||
|
||||
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
|
||||
unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
int i, j, bl;
|
||||
@@ -380,6 +381,18 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
/* Prevent accidental use of decryption context when encrypting */
|
||||
if (!ctx->encrypt) {
|
||||
EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
|
||||
}
|
||||
|
||||
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
||||
{
|
||||
int ret;
|
||||
@@ -392,6 +405,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
||||
int n, ret;
|
||||
unsigned int i, b, bl;
|
||||
|
||||
/* Prevent accidental use of decryption context when encrypting */
|
||||
if (!ctx->encrypt) {
|
||||
EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
||||
ret = M_do_cipher(ctx, out, NULL, 0);
|
||||
if (ret < 0)
|
||||
@@ -435,6 +454,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
int fix_len;
|
||||
unsigned int b;
|
||||
|
||||
/* Prevent accidental use of encryption context when decrypting */
|
||||
if (ctx->encrypt) {
|
||||
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
||||
fix_len = M_do_cipher(ctx, out, in, inl);
|
||||
if (fix_len < 0) {
|
||||
@@ -451,7 +476,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
}
|
||||
|
||||
if (ctx->flags & EVP_CIPH_NO_PADDING)
|
||||
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
|
||||
return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
|
||||
|
||||
b = ctx->cipher->block_size;
|
||||
OPENSSL_assert(b <= sizeof(ctx->final));
|
||||
@@ -463,7 +488,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
} else
|
||||
fix_len = 0;
|
||||
|
||||
if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
|
||||
if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
|
||||
return 0;
|
||||
|
||||
/*
|
||||
@@ -494,6 +519,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
||||
{
|
||||
int i, n;
|
||||
unsigned int b;
|
||||
|
||||
/* Prevent accidental use of encryption context when decrypting */
|
||||
if (ctx->encrypt) {
|
||||
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
|
||||
return 0;
|
||||
}
|
||||
|
||||
*outl = 0;
|
||||
|
||||
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/* crypto/evp/evp_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -92,8 +92,10 @@ static ERR_STRING_DATA EVP_str_functs[] = {
|
||||
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
|
||||
"EVP_CIPHER_CTX_set_key_length"},
|
||||
{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
|
||||
{ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
|
||||
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
|
||||
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
|
||||
{ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
|
||||
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
|
||||
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
|
||||
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/* Written by Ben Laurie, 2001 */
|
||||
/*
|
||||
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 2001-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -327,7 +327,7 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
|
||||
ERR_print_errors_fp(stderr);
|
||||
test1_exit(12);
|
||||
}
|
||||
if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) {
|
||||
if (an && !EVP_DecryptUpdate(&ctx, NULL, &outl, aad, an)) {
|
||||
fprintf(stderr, "AAD set failed\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
test1_exit(13);
|
||||
|
||||
@@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000211fL
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000213fL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-fips 20 Nov 2018"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2s-fips 28 May 2019"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q 20 Nov 2018"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2s 28 May 2019"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -153,7 +153,8 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
|
||||
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h rsa_eay.c
|
||||
rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h
|
||||
rsa_eay.o: ../cryptlib.h rsa_eay.c
|
||||
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||
@@ -299,7 +300,8 @@ rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||
rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
|
||||
rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||
rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
|
||||
rsa_ssl.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
|
||||
rsa_ssl.o: ../cryptlib.h rsa_ssl.c
|
||||
rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
|
||||
rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||
rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -115,6 +115,7 @@
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "bn_int.h"
|
||||
#include "constant_time_locl.h"
|
||||
|
||||
#ifndef RSA_NULL
|
||||
|
||||
@@ -397,6 +398,11 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
|
||||
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA,
|
||||
rsa->n, ctx))
|
||||
goto err;
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
|
||||
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL) {
|
||||
@@ -431,11 +437,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
||||
} else
|
||||
d = rsa->d;
|
||||
|
||||
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
|
||||
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA,
|
||||
rsa->n, ctx))
|
||||
goto err;
|
||||
|
||||
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
|
||||
rsa->_method_mod_n))
|
||||
goto err;
|
||||
@@ -587,8 +588,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
|
||||
goto err;
|
||||
}
|
||||
if (r < 0)
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
|
||||
err_clear_last_constant_time(1 & ~constant_time_msb(r));
|
||||
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
|
||||
@@ -121,7 +121,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
const EVP_MD *mgf1md)
|
||||
{
|
||||
int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
|
||||
unsigned int good, found_one_byte;
|
||||
unsigned int good = 0, found_one_byte, mask;
|
||||
const unsigned char *maskedseed, *maskeddb;
|
||||
/*
|
||||
* |em| is the encoded message, zero-padded to exactly |num| bytes: em =
|
||||
@@ -144,12 +144,15 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
* |num| is the length of the modulus; |flen| is the length of the
|
||||
* encoded message. Therefore, for any |from| that was obtained by
|
||||
* decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
|
||||
* num < 2 * mdlen + 2 must hold for the modulus irrespective of
|
||||
* |num| >= 2 * |mdlen| + 2 must hold for the modulus irrespective of
|
||||
* the ciphertext, see PKCS #1 v2.2, section 7.1.2.
|
||||
* This does not leak any side-channel information.
|
||||
*/
|
||||
if (num < flen || num < 2 * mdlen + 2)
|
||||
goto decoding_err;
|
||||
if (num < flen || num < 2 * mdlen + 2) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
|
||||
RSA_R_OAEP_DECODING_ERROR);
|
||||
return -1;
|
||||
}
|
||||
|
||||
dblen = num - mdlen - 1;
|
||||
db = OPENSSL_malloc(dblen);
|
||||
@@ -158,7 +161,6 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (flen != num) {
|
||||
em = OPENSSL_malloc(num);
|
||||
if (em == NULL) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
|
||||
@@ -168,15 +170,15 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
|
||||
/*
|
||||
* Caller is encouraged to pass zero-padded message created with
|
||||
* BN_bn2binpad, but if it doesn't, we do this zero-padding copy
|
||||
* to avoid leaking that information. The copy still leaks some
|
||||
* side-channel information, but it's impossible to have a fixed
|
||||
* memory access pattern since we can't read out of the bounds of
|
||||
* |from|.
|
||||
* BN_bn2binpad. Trouble is that since we can't read out of |from|'s
|
||||
* bounds, it's impossible to have an invariant memory access pattern
|
||||
* in case |from| was not zero-padded in advance.
|
||||
*/
|
||||
memset(em, 0, num);
|
||||
memcpy(em + num - flen, from, flen);
|
||||
from = em;
|
||||
for (from += flen, em += num, i = 0; i < num; i++) {
|
||||
mask = ~constant_time_is_zero(flen);
|
||||
flen -= 1 & mask;
|
||||
from -= 1 & mask;
|
||||
*--em = *from & mask;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -184,10 +186,10 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
* true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
|
||||
* Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
|
||||
*/
|
||||
good = constant_time_is_zero(from[0]);
|
||||
good = constant_time_is_zero(em[0]);
|
||||
|
||||
maskedseed = from + 1;
|
||||
maskeddb = from + 1 + mdlen;
|
||||
maskedseed = em + 1;
|
||||
maskeddb = em + 1 + mdlen;
|
||||
|
||||
if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
|
||||
goto cleanup;
|
||||
@@ -224,37 +226,51 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
* so plaintext-awareness ensures timing side-channels are no longer a
|
||||
* concern.
|
||||
*/
|
||||
if (!good)
|
||||
goto decoding_err;
|
||||
|
||||
msg_index = one_index + 1;
|
||||
mlen = dblen - msg_index;
|
||||
|
||||
if (tlen < mlen) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_DATA_TOO_LARGE);
|
||||
mlen = -1;
|
||||
} else {
|
||||
memcpy(to, db + msg_index, mlen);
|
||||
goto cleanup;
|
||||
/*
|
||||
* For good measure, do this check in constant time as well.
|
||||
*/
|
||||
good &= constant_time_ge(tlen, mlen);
|
||||
|
||||
/*
|
||||
* Move the result in-place by |dblen|-|mdlen|-1-|mlen| bytes to the left.
|
||||
* Then if |good| move |mlen| bytes from |db|+|mdlen|+1 to |to|.
|
||||
* Otherwise leave |to| unchanged.
|
||||
* Copy the memory back in a way that does not reveal the size of
|
||||
* the data being copied via a timing side channel. This requires copying
|
||||
* parts of the buffer multiple times based on the bits set in the real
|
||||
* length. Clear bits do a non-copy with identical access pattern.
|
||||
* The loop below has overall complexity of O(N*log(N)).
|
||||
*/
|
||||
tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen),
|
||||
dblen - mdlen - 1, tlen);
|
||||
for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) {
|
||||
mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0);
|
||||
for (i = mdlen + 1; i < dblen - msg_index; i++)
|
||||
db[i] = constant_time_select_8(mask, db[i + msg_index], db[i]);
|
||||
}
|
||||
for (i = 0; i < tlen; i++) {
|
||||
mask = good & constant_time_lt(i, mlen);
|
||||
to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]);
|
||||
}
|
||||
|
||||
decoding_err:
|
||||
/*
|
||||
* To avoid chosen ciphertext attacks, the error message should not
|
||||
* reveal which kind of decoding error happened.
|
||||
*/
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
|
||||
RSA_R_OAEP_DECODING_ERROR);
|
||||
err_clear_last_constant_time(1 & good);
|
||||
cleanup:
|
||||
if (db != NULL) {
|
||||
OPENSSL_cleanse(seed, sizeof(seed));
|
||||
OPENSSL_cleanse(db, dblen);
|
||||
OPENSSL_free(db);
|
||||
}
|
||||
if (em != NULL) {
|
||||
OPENSSL_cleanse(em, num);
|
||||
OPENSSL_free(em);
|
||||
}
|
||||
return mlen;
|
||||
|
||||
return constant_time_select_int(good, mlen, -1);
|
||||
}
|
||||
|
||||
int PKCS1_MGF1(unsigned char *mask, long len,
|
||||
|
||||
@@ -207,7 +207,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
int i;
|
||||
/* |em| is the encoded message, zero-padded to exactly |num| bytes */
|
||||
unsigned char *em = NULL;
|
||||
unsigned int good, found_zero_byte;
|
||||
unsigned int good, found_zero_byte, mask;
|
||||
int zero_index = 0, msg_index, mlen = -1;
|
||||
|
||||
if (tlen < 0 || flen < 0)
|
||||
@@ -218,13 +218,12 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
* section 7.2.2.
|
||||
*/
|
||||
|
||||
if (flen > num)
|
||||
goto err;
|
||||
if (flen > num || num < 11) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
|
||||
RSA_R_PKCS_DECODING_ERROR);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (num < 11)
|
||||
goto err;
|
||||
|
||||
if (flen != num) {
|
||||
em = OPENSSL_malloc(num);
|
||||
if (em == NULL) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
|
||||
@@ -232,35 +231,36 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
}
|
||||
/*
|
||||
* Caller is encouraged to pass zero-padded message created with
|
||||
* BN_bn2binpad, but if it doesn't, we do this zero-padding copy
|
||||
* to avoid leaking that information. The copy still leaks some
|
||||
* side-channel information, but it's impossible to have a fixed
|
||||
* memory access pattern since we can't read out of the bounds of
|
||||
* |from|.
|
||||
* BN_bn2binpad. Trouble is that since we can't read out of |from|'s
|
||||
* bounds, it's impossible to have an invariant memory access pattern
|
||||
* in case |from| was not zero-padded in advance.
|
||||
*/
|
||||
memset(em, 0, num);
|
||||
memcpy(em + num - flen, from, flen);
|
||||
from = em;
|
||||
for (from += flen, em += num, i = 0; i < num; i++) {
|
||||
mask = ~constant_time_is_zero(flen);
|
||||
flen -= 1 & mask;
|
||||
from -= 1 & mask;
|
||||
*--em = *from & mask;
|
||||
}
|
||||
|
||||
good = constant_time_is_zero(from[0]);
|
||||
good &= constant_time_eq(from[1], 2);
|
||||
good = constant_time_is_zero(em[0]);
|
||||
good &= constant_time_eq(em[1], 2);
|
||||
|
||||
/* scan over padding data */
|
||||
found_zero_byte = 0;
|
||||
for (i = 2; i < num; i++) {
|
||||
unsigned int equals0 = constant_time_is_zero(from[i]);
|
||||
zero_index =
|
||||
constant_time_select_int(~found_zero_byte & equals0, i,
|
||||
zero_index);
|
||||
unsigned int equals0 = constant_time_is_zero(em[i]);
|
||||
|
||||
zero_index = constant_time_select_int(~found_zero_byte & equals0,
|
||||
i, zero_index);
|
||||
found_zero_byte |= equals0;
|
||||
}
|
||||
|
||||
/*
|
||||
* PS must be at least 8 bytes long, and it starts two bytes into |from|.
|
||||
* PS must be at least 8 bytes long, and it starts two bytes into |em|.
|
||||
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
||||
* also fails.
|
||||
*/
|
||||
good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
|
||||
good &= constant_time_ge(zero_index, 2 + 8);
|
||||
|
||||
/*
|
||||
* Skip the zero byte. This is incorrect if we never found a zero-byte
|
||||
@@ -270,30 +270,36 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
mlen = num - msg_index;
|
||||
|
||||
/*
|
||||
* For good measure, do this check in constant time as well; it could
|
||||
* leak something if |tlen| was assuming valid padding.
|
||||
* For good measure, do this check in constant time as well.
|
||||
*/
|
||||
good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
|
||||
good &= constant_time_ge(tlen, mlen);
|
||||
|
||||
/*
|
||||
* We can't continue in constant-time because we need to copy the result
|
||||
* and we cannot fake its length. This unavoidably leaks timing
|
||||
* information at the API boundary.
|
||||
* Move the result in-place by |num|-11-|mlen| bytes to the left.
|
||||
* Then if |good| move |mlen| bytes from |em|+11 to |to|.
|
||||
* Otherwise leave |to| unchanged.
|
||||
* Copy the memory back in a way that does not reveal the size of
|
||||
* the data being copied via a timing side channel. This requires copying
|
||||
* parts of the buffer multiple times based on the bits set in the real
|
||||
* length. Clear bits do a non-copy with identical access pattern.
|
||||
* The loop below has overall complexity of O(N*log(N)).
|
||||
*/
|
||||
if (!good) {
|
||||
mlen = -1;
|
||||
goto err;
|
||||
tlen = constant_time_select_int(constant_time_lt(num - 11, tlen),
|
||||
num - 11, tlen);
|
||||
for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) {
|
||||
mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0);
|
||||
for (i = 11; i < num - msg_index; i++)
|
||||
em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
|
||||
}
|
||||
for (i = 0; i < tlen; i++) {
|
||||
mask = good & constant_time_lt(i, mlen);
|
||||
to[i] = constant_time_select_8(mask, em[i + 11], to[i]);
|
||||
}
|
||||
|
||||
memcpy(to, from + msg_index, mlen);
|
||||
|
||||
err:
|
||||
if (em != NULL) {
|
||||
OPENSSL_cleanse(em, num);
|
||||
OPENSSL_free(em);
|
||||
}
|
||||
if (mlen == -1)
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
|
||||
RSA_R_PKCS_DECODING_ERROR);
|
||||
return mlen;
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
|
||||
err_clear_last_constant_time(1 & good);
|
||||
|
||||
return constant_time_select_int(good, mlen, -1);
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* 2006.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 2006-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -103,7 +103,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
|
||||
rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
|
||||
if (!rctx)
|
||||
return 0;
|
||||
rctx->nbits = 1024;
|
||||
rctx->nbits = 2048;
|
||||
rctx->pub_exp = NULL;
|
||||
rctx->pad_mode = RSA_PKCS1_PADDING;
|
||||
rctx->md = NULL;
|
||||
|
||||
@@ -61,6 +61,7 @@
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "constant_time_locl.h"
|
||||
|
||||
int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
|
||||
const unsigned char *from, int flen)
|
||||
@@ -101,57 +102,119 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
|
||||
return (1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
|
||||
* if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also
|
||||
* preserves error code reporting for backward compatibility.
|
||||
*/
|
||||
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
||||
const unsigned char *from, int flen, int num)
|
||||
{
|
||||
int i, j, k;
|
||||
const unsigned char *p;
|
||||
int i;
|
||||
/* |em| is the encoded message, zero-padded to exactly |num| bytes */
|
||||
unsigned char *em = NULL;
|
||||
unsigned int good, found_zero_byte, mask, threes_in_row;
|
||||
int zero_index = 0, msg_index, mlen = -1, err;
|
||||
|
||||
p = from;
|
||||
if (flen < 10) {
|
||||
if (tlen <= 0 || flen <= 0)
|
||||
return -1;
|
||||
|
||||
if (flen > num || num < 11) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
|
||||
return (-1);
|
||||
}
|
||||
/* Accept even zero-padded input */
|
||||
if (flen == num) {
|
||||
if (*(p++) != 0) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
|
||||
|
||||
em = OPENSSL_malloc(num);
|
||||
if (em == NULL) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
flen--;
|
||||
}
|
||||
if ((num != (flen + 1)) || (*(p++) != 02)) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
|
||||
return (-1);
|
||||
/*
|
||||
* Caller is encouraged to pass zero-padded message created with
|
||||
* BN_bn2binpad. Trouble is that since we can't read out of |from|'s
|
||||
* bounds, it's impossible to have an invariant memory access pattern
|
||||
* in case |from| was not zero-padded in advance.
|
||||
*/
|
||||
for (from += flen, em += num, i = 0; i < num; i++) {
|
||||
mask = ~constant_time_is_zero(flen);
|
||||
flen -= 1 & mask;
|
||||
from -= 1 & mask;
|
||||
*--em = *from & mask;
|
||||
}
|
||||
|
||||
good = constant_time_is_zero(em[0]);
|
||||
good &= constant_time_eq(em[1], 2);
|
||||
err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02);
|
||||
mask = ~good;
|
||||
|
||||
/* scan over padding data */
|
||||
j = flen - 1; /* one for type */
|
||||
for (i = 0; i < j; i++)
|
||||
if (*(p++) == 0)
|
||||
break;
|
||||
found_zero_byte = 0;
|
||||
threes_in_row = 0;
|
||||
for (i = 2; i < num; i++) {
|
||||
unsigned int equals0 = constant_time_is_zero(em[i]);
|
||||
|
||||
if ((i == j) || (i < 8)) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
|
||||
zero_index = constant_time_select_int(~found_zero_byte & equals0,
|
||||
i, zero_index);
|
||||
found_zero_byte |= equals0;
|
||||
|
||||
threes_in_row += 1 & ~found_zero_byte;
|
||||
threes_in_row &= found_zero_byte | constant_time_eq(em[i], 3);
|
||||
}
|
||||
|
||||
/*
|
||||
* PS must be at least 8 bytes long, and it starts two bytes into |em|.
|
||||
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
||||
* also fails.
|
||||
*/
|
||||
good &= constant_time_ge(zero_index, 2 + 8);
|
||||
err = constant_time_select_int(mask | good, err,
|
||||
RSA_R_NULL_BEFORE_BLOCK_MISSING);
|
||||
return (-1);
|
||||
mask = ~good;
|
||||
|
||||
good &= constant_time_ge(threes_in_row, 8);
|
||||
err = constant_time_select_int(mask | good, err,
|
||||
RSA_R_SSLV3_ROLLBACK_ATTACK);
|
||||
mask = ~good;
|
||||
|
||||
/*
|
||||
* Skip the zero byte. This is incorrect if we never found a zero-byte
|
||||
* but in this case we also do not copy the message out.
|
||||
*/
|
||||
msg_index = zero_index + 1;
|
||||
mlen = num - msg_index;
|
||||
|
||||
/*
|
||||
* For good measure, do this check in constant time as well.
|
||||
*/
|
||||
good &= constant_time_ge(tlen, mlen);
|
||||
err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE);
|
||||
|
||||
/*
|
||||
* Move the result in-place by |num|-11-|mlen| bytes to the left.
|
||||
* Then if |good| move |mlen| bytes from |em|+11 to |to|.
|
||||
* Otherwise leave |to| unchanged.
|
||||
* Copy the memory back in a way that does not reveal the size of
|
||||
* the data being copied via a timing side channel. This requires copying
|
||||
* parts of the buffer multiple times based on the bits set in the real
|
||||
* length. Clear bits do a non-copy with identical access pattern.
|
||||
* The loop below has overall complexity of O(N*log(N)).
|
||||
*/
|
||||
tlen = constant_time_select_int(constant_time_lt(num - 11, tlen),
|
||||
num - 11, tlen);
|
||||
for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) {
|
||||
mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0);
|
||||
for (i = 11; i < num - msg_index; i++)
|
||||
em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
|
||||
}
|
||||
for (k = -9; k < -1; k++) {
|
||||
if (p[k] != 0x03)
|
||||
break;
|
||||
}
|
||||
if (k == -1) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
|
||||
return (-1);
|
||||
for (i = 0; i < tlen; i++) {
|
||||
mask = good & constant_time_lt(i, mlen);
|
||||
to[i] = constant_time_select_8(mask, em[i + 11], to[i]);
|
||||
}
|
||||
|
||||
i++; /* Skip over the '\0' */
|
||||
j -= i;
|
||||
if (j > tlen) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
|
||||
return (-1);
|
||||
}
|
||||
memcpy(to, p, (unsigned int)j);
|
||||
OPENSSL_cleanse(em, num);
|
||||
OPENSSL_free(em);
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, err);
|
||||
err_clear_last_constant_time(1 & good);
|
||||
|
||||
return (j);
|
||||
return constant_time_select_int(good, mlen, -1);
|
||||
}
|
||||
|
||||
@@ -214,7 +214,7 @@ the section of the configuration file containing certificate extensions
|
||||
to be added when a certificate is issued (defaults to B<x509_extensions>
|
||||
unless the B<-extfile> option is used). If no extension section is
|
||||
present then, a V1 certificate is created. If the extension section
|
||||
is present (even if it is empty), then a V3 certificate is created. See the:w
|
||||
is present (even if it is empty), then a V3 certificate is created. See the
|
||||
L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
|
||||
extension section format.
|
||||
|
||||
|
||||
@@ -111,7 +111,7 @@ below.
|
||||
|
||||
=item B<rsa_keygen_bits:numbits>
|
||||
|
||||
The number of bits in the generated key. If not specified 1024 is used.
|
||||
The number of bits in the generated key. If not specified 2048 is used.
|
||||
|
||||
=item B<rsa_keygen_pubexp:value>
|
||||
|
||||
@@ -149,12 +149,12 @@ below.
|
||||
|
||||
=item B<dsa_paramgen_bits:numbits>
|
||||
|
||||
The number of bits in the generated prime. If not specified 1024 is used.
|
||||
The number of bits in the generated prime. If not specified 2048 is used.
|
||||
|
||||
=item B<dsa_paramgen_q_bits:numbits>
|
||||
|
||||
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
|
||||
specified 160 is used.
|
||||
specified 224 is used.
|
||||
|
||||
=item B<dsa_paramgen_md:digest>
|
||||
|
||||
@@ -173,7 +173,7 @@ or B<sha256> if it is 256.
|
||||
|
||||
=item B<dh_paramgen_prime_len:numbits>
|
||||
|
||||
The number of bits in the prime parameter B<p>. The default is 1024.
|
||||
The number of bits in the prime parameter B<p>. The default is 2048.
|
||||
|
||||
=item B<dh_paramgen_subprime_len:numbits>
|
||||
|
||||
|
||||
@@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure
|
||||
|
||||
#include <openssl/pkcs12.h>
|
||||
|
||||
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
|
||||
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
||||
STACK_OF(X509) **ca);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
||||
@@ -109,7 +109,12 @@ L<ERR_get_error(3)|ERR_get_error(3)>.
|
||||
The RSA_padding_check_PKCS1_type_2() padding check leaks timing
|
||||
information which can potentially be used to mount a Bleichenbacher
|
||||
padding oracle attack. This is an inherent weakness in the PKCS #1
|
||||
v1.5 padding design. Prefer PKCS1_OAEP padding.
|
||||
v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can
|
||||
be recommended to pass zero-padded B<f>, so that B<fl> equals to
|
||||
B<rsa_len>, and if fixed by protocol, B<tlen> being set to the
|
||||
expected length. In such case leakage would be minimal, it would
|
||||
take attacker's ability to observe memory access pattern with byte
|
||||
granilarity as it occurs, post-factum timing analysis won't do.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
|
||||
@@ -44,9 +44,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
|
||||
used to examine an B<X509_NAME_ENTRY> function as returned by
|
||||
X509_NAME_get_entry() for example.
|
||||
|
||||
X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
|
||||
and X509_NAME_ENTRY_create_by_OBJ() create and return an
|
||||
|
||||
X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
|
||||
X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
|
||||
are seldom used in practice because B<X509_NAME_ENTRY> structures
|
||||
|
||||
@@ -29,7 +29,7 @@ B<cmp_time>, and 1 otherwise. It returns 0 on error.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
@@ -90,14 +90,17 @@ Details depend on the application.
|
||||
|
||||
=item SSL_ERROR_SYSCALL
|
||||
|
||||
Some non-recoverable I/O error occurred.
|
||||
The OpenSSL error queue may contain more information on the error.
|
||||
For socket I/O on Unix systems, consult B<errno> for details.
|
||||
Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
|
||||
contain more information on the error. For socket I/O on Unix systems, consult
|
||||
B<errno> for details. If this error occurs then no further I/O operations should
|
||||
be performed on the connection and SSL_shutdown() must not be called.
|
||||
|
||||
=item SSL_ERROR_SSL
|
||||
|
||||
A failure in the SSL library occurred, usually a protocol error. The
|
||||
OpenSSL error queue contains more information on the error.
|
||||
A non-recoverable, fatal error in the SSL library occurred, usually a protocol
|
||||
error. The OpenSSL error queue contains more information on the error. If this
|
||||
error occurs then no further I/O operations should be performed on the
|
||||
connection and SSL_shutdown() must not be called.
|
||||
|
||||
=back
|
||||
|
||||
|
||||
@@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
|
||||
a currently open session is considered closed and good and will be kept in the
|
||||
session cache for further reuse.
|
||||
|
||||
Note that SSL_shutdown() must not be called if a previous fatal error has
|
||||
occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
|
||||
or SSL_ERROR_SSL.
|
||||
|
||||
The shutdown procedure consists of 2 steps: the sending of the "close notify"
|
||||
shutdown alert and the reception of the peer's "close notify" shutdown
|
||||
alert. According to the TLS standard, it is acceptable for an application
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -143,6 +143,7 @@ extern "C" {
|
||||
# define ERR_TXT_STRING 0x02
|
||||
|
||||
# define ERR_FLAG_MARK 0x01
|
||||
# define ERR_FLAG_CLEAR 0x02
|
||||
|
||||
# define ERR_NUM_ERRORS 16
|
||||
typedef struct err_state_st {
|
||||
|
||||
@@ -1489,8 +1489,10 @@ void ERR_load_EVP_strings(void);
|
||||
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
|
||||
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
|
||||
# define EVP_F_EVP_DECRYPTFINAL_EX 101
|
||||
# define EVP_F_EVP_DECRYPTUPDATE 181
|
||||
# define EVP_F_EVP_DIGESTINIT_EX 128
|
||||
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
|
||||
# define EVP_F_EVP_ENCRYPTUPDATE 180
|
||||
# define EVP_F_EVP_MD_CTX_COPY_EX 110
|
||||
# define EVP_F_EVP_MD_SIZE 162
|
||||
# define EVP_F_EVP_OPENINIT 102
|
||||
|
||||
@@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000211fL
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000213fL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-fips 20 Nov 2018"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2s-fips 28 May 2019"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q 20 Nov 2018"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2s 28 May 2019"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -143,6 +143,7 @@ extern "C" {
|
||||
# define ERR_TXT_STRING 0x02
|
||||
|
||||
# define ERR_FLAG_MARK 0x01
|
||||
# define ERR_FLAG_CLEAR 0x02
|
||||
|
||||
# define ERR_NUM_ERRORS 16
|
||||
typedef struct err_state_st {
|
||||
|
||||
@@ -1489,8 +1489,10 @@ void ERR_load_EVP_strings(void);
|
||||
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
|
||||
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
|
||||
# define EVP_F_EVP_DECRYPTFINAL_EX 101
|
||||
# define EVP_F_EVP_DECRYPTUPDATE 181
|
||||
# define EVP_F_EVP_DIGESTINIT_EX 128
|
||||
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
|
||||
# define EVP_F_EVP_ENCRYPTUPDATE 180
|
||||
# define EVP_F_EVP_MD_CTX_COPY_EX 110
|
||||
# define EVP_F_EVP_MD_SIZE 162
|
||||
# define EVP_F_EVP_OPENINIT 102
|
||||
|
||||
@@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000211fL
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000213fL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q-fips 20 Nov 2018"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2s-fips 28 May 2019"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2q 20 Nov 2018"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2s 28 May 2019"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
338
ms/bcb.mak
338
ms/bcb.mak
@@ -197,6 +197,25 @@ E_OBJ=$(OBJ_D)\verify.obj \
|
||||
$(OBJ_D)\ocsp.obj $(OBJ_D)\prime.obj $(OBJ_D)\ts.obj \
|
||||
$(OBJ_D)\srp.obj $(OBJ_D)\openssl.obj
|
||||
|
||||
SSLOBJ=$(OBJ_D)\s2_meth.obj \
|
||||
$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
|
||||
$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
|
||||
$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
|
||||
$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
|
||||
$(OBJ_D)\s3_cbc.obj $(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj \
|
||||
$(OBJ_D)\s23_clnt.obj $(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj \
|
||||
$(OBJ_D)\t1_meth.obj $(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj \
|
||||
$(OBJ_D)\t1_lib.obj $(OBJ_D)\t1_enc.obj $(OBJ_D)\t1_ext.obj \
|
||||
$(OBJ_D)\d1_meth.obj $(OBJ_D)\d1_srvr.obj $(OBJ_D)\d1_clnt.obj \
|
||||
$(OBJ_D)\d1_lib.obj $(OBJ_D)\d1_pkt.obj $(OBJ_D)\d1_both.obj \
|
||||
$(OBJ_D)\d1_srtp.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
|
||||
$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
|
||||
$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
|
||||
$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\ssl_conf.obj \
|
||||
$(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj $(OBJ_D)\kssl.obj \
|
||||
$(OBJ_D)\t1_reneg.obj $(OBJ_D)\tls_srp.obj $(OBJ_D)\t1_trce.obj \
|
||||
$(OBJ_D)\ssl_utst.obj
|
||||
|
||||
CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
|
||||
$(OBJ_D)\mem.obj $(OBJ_D)\mem_dbg.obj $(OBJ_D)\cversion.obj \
|
||||
$(OBJ_D)\ex_data.obj $(OBJ_D)\cpt_err.obj $(OBJ_D)\ebcdic.obj \
|
||||
@@ -404,25 +423,6 @@ CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
|
||||
$(OBJ_D)\gost_keywrap.obj $(OBJ_D)\gost_md.obj $(OBJ_D)\gost_params.obj \
|
||||
$(OBJ_D)\gost_pmeth.obj $(OBJ_D)\gost_sign.obj
|
||||
|
||||
SSLOBJ=$(OBJ_D)\s2_meth.obj \
|
||||
$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
|
||||
$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
|
||||
$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
|
||||
$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
|
||||
$(OBJ_D)\s3_cbc.obj $(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj \
|
||||
$(OBJ_D)\s23_clnt.obj $(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj \
|
||||
$(OBJ_D)\t1_meth.obj $(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj \
|
||||
$(OBJ_D)\t1_lib.obj $(OBJ_D)\t1_enc.obj $(OBJ_D)\t1_ext.obj \
|
||||
$(OBJ_D)\d1_meth.obj $(OBJ_D)\d1_srvr.obj $(OBJ_D)\d1_clnt.obj \
|
||||
$(OBJ_D)\d1_lib.obj $(OBJ_D)\d1_pkt.obj $(OBJ_D)\d1_both.obj \
|
||||
$(OBJ_D)\d1_srtp.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
|
||||
$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
|
||||
$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
|
||||
$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\ssl_conf.obj \
|
||||
$(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj $(OBJ_D)\kssl.obj \
|
||||
$(OBJ_D)\t1_reneg.obj $(OBJ_D)\tls_srp.obj $(OBJ_D)\t1_trce.obj \
|
||||
$(OBJ_D)\ssl_utst.obj
|
||||
|
||||
T_EXE=$(TEST_D)\constant_time_test.exe \
|
||||
$(TEST_D)\md4test.exe $(TEST_D)\md5test.exe $(TEST_D)\shatest.exe \
|
||||
$(TEST_D)\sha1test.exe $(TEST_D)\sha256t.exe $(TEST_D)\sha512t.exe \
|
||||
@@ -1218,6 +1218,156 @@ $(OBJ_D)\srp.obj: $(SRC_D)\apps\srp.c
|
||||
$(OBJ_D)\openssl.obj: $(SRC_D)\apps\openssl.c
|
||||
$(CC) -o$(OBJ_D)\openssl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\openssl.c
|
||||
|
||||
$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
|
||||
$(CC) -o$(OBJ_D)\s2_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
|
||||
|
||||
$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
|
||||
$(CC) -o$(OBJ_D)\s2_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
|
||||
|
||||
$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
|
||||
$(CC) -o$(OBJ_D)\s2_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
|
||||
|
||||
$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
|
||||
$(CC) -o$(OBJ_D)\s2_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
|
||||
|
||||
$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
|
||||
$(CC) -o$(OBJ_D)\s2_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
|
||||
|
||||
$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
|
||||
$(CC) -o$(OBJ_D)\s2_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
|
||||
$(CC) -o$(OBJ_D)\s3_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
|
||||
|
||||
$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
|
||||
$(CC) -o$(OBJ_D)\s3_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
|
||||
|
||||
$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
|
||||
$(CC) -o$(OBJ_D)\s3_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
|
||||
|
||||
$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
|
||||
$(CC) -o$(OBJ_D)\s3_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
|
||||
|
||||
$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
|
||||
$(CC) -o$(OBJ_D)\s3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
|
||||
|
||||
$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
|
||||
$(CC) -o$(OBJ_D)\s3_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
|
||||
$(CC) -o$(OBJ_D)\s3_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
|
||||
|
||||
$(OBJ_D)\s3_cbc.obj: $(SRC_D)\ssl\s3_cbc.c
|
||||
$(CC) -o$(OBJ_D)\s3_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_cbc.c
|
||||
|
||||
$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
|
||||
$(CC) -o$(OBJ_D)\s23_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
|
||||
|
||||
$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
|
||||
$(CC) -o$(OBJ_D)\s23_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
|
||||
|
||||
$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
|
||||
$(CC) -o$(OBJ_D)\s23_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
|
||||
|
||||
$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
|
||||
$(CC) -o$(OBJ_D)\s23_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
|
||||
|
||||
$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
|
||||
$(CC) -o$(OBJ_D)\s23_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
|
||||
|
||||
$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
|
||||
$(CC) -o$(OBJ_D)\t1_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
|
||||
|
||||
$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
|
||||
$(CC) -o$(OBJ_D)\t1_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
|
||||
|
||||
$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
|
||||
$(CC) -o$(OBJ_D)\t1_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
|
||||
|
||||
$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
|
||||
$(CC) -o$(OBJ_D)\t1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
|
||||
|
||||
$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
|
||||
$(CC) -o$(OBJ_D)\t1_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
|
||||
|
||||
$(OBJ_D)\t1_ext.obj: $(SRC_D)\ssl\t1_ext.c
|
||||
$(CC) -o$(OBJ_D)\t1_ext.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_ext.c
|
||||
|
||||
$(OBJ_D)\d1_meth.obj: $(SRC_D)\ssl\d1_meth.c
|
||||
$(CC) -o$(OBJ_D)\d1_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_meth.c
|
||||
|
||||
$(OBJ_D)\d1_srvr.obj: $(SRC_D)\ssl\d1_srvr.c
|
||||
$(CC) -o$(OBJ_D)\d1_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_srvr.c
|
||||
|
||||
$(OBJ_D)\d1_clnt.obj: $(SRC_D)\ssl\d1_clnt.c
|
||||
$(CC) -o$(OBJ_D)\d1_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_clnt.c
|
||||
|
||||
$(OBJ_D)\d1_lib.obj: $(SRC_D)\ssl\d1_lib.c
|
||||
$(CC) -o$(OBJ_D)\d1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_lib.c
|
||||
|
||||
$(OBJ_D)\d1_pkt.obj: $(SRC_D)\ssl\d1_pkt.c
|
||||
$(CC) -o$(OBJ_D)\d1_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_pkt.c
|
||||
|
||||
$(OBJ_D)\d1_both.obj: $(SRC_D)\ssl\d1_both.c
|
||||
$(CC) -o$(OBJ_D)\d1_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_both.c
|
||||
|
||||
$(OBJ_D)\d1_srtp.obj: $(SRC_D)\ssl\d1_srtp.c
|
||||
$(CC) -o$(OBJ_D)\d1_srtp.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_srtp.c
|
||||
|
||||
$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
|
||||
$(CC) -o$(OBJ_D)\ssl_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
|
||||
|
||||
$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
|
||||
$(CC) -o$(OBJ_D)\ssl_err2.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
|
||||
|
||||
$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
|
||||
$(CC) -o$(OBJ_D)\ssl_cert.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
|
||||
|
||||
$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
|
||||
$(CC) -o$(OBJ_D)\ssl_sess.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
|
||||
|
||||
$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
|
||||
$(CC) -o$(OBJ_D)\ssl_ciph.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
|
||||
|
||||
$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
|
||||
$(CC) -o$(OBJ_D)\ssl_stat.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
|
||||
|
||||
$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
|
||||
$(CC) -o$(OBJ_D)\ssl_rsa.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
|
||||
|
||||
$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
|
||||
$(CC) -o$(OBJ_D)\ssl_asn1.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
|
||||
|
||||
$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
|
||||
$(CC) -o$(OBJ_D)\ssl_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
|
||||
|
||||
$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
|
||||
$(CC) -o$(OBJ_D)\ssl_algs.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
|
||||
|
||||
$(OBJ_D)\ssl_conf.obj: $(SRC_D)\ssl\ssl_conf.c
|
||||
$(CC) -o$(OBJ_D)\ssl_conf.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_conf.c
|
||||
|
||||
$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
|
||||
$(CC) -o$(OBJ_D)\bio_ssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
|
||||
|
||||
$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
|
||||
$(CC) -o$(OBJ_D)\ssl_err.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
|
||||
|
||||
$(OBJ_D)\kssl.obj: $(SRC_D)\ssl\kssl.c
|
||||
$(CC) -o$(OBJ_D)\kssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\kssl.c
|
||||
|
||||
$(OBJ_D)\t1_reneg.obj: $(SRC_D)\ssl\t1_reneg.c
|
||||
$(CC) -o$(OBJ_D)\t1_reneg.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_reneg.c
|
||||
|
||||
$(OBJ_D)\tls_srp.obj: $(SRC_D)\ssl\tls_srp.c
|
||||
$(CC) -o$(OBJ_D)\tls_srp.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\tls_srp.c
|
||||
|
||||
$(OBJ_D)\t1_trce.obj: $(SRC_D)\ssl\t1_trce.c
|
||||
$(CC) -o$(OBJ_D)\t1_trce.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_trce.c
|
||||
|
||||
$(OBJ_D)\ssl_utst.obj: $(SRC_D)\ssl\ssl_utst.c
|
||||
$(CC) -o$(OBJ_D)\ssl_utst.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_utst.c
|
||||
|
||||
$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
|
||||
$(CC) -o$(OBJ_D)\cryptlib.obj $(LIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
|
||||
|
||||
@@ -3126,156 +3276,6 @@ $(OBJ_D)\gost_pmeth.obj: $(SRC_D)\engines\ccgost\gost_pmeth.c
|
||||
$(OBJ_D)\gost_sign.obj: $(SRC_D)\engines\ccgost\gost_sign.c
|
||||
$(CC) -o$(OBJ_D)\gost_sign.obj $(LIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_sign.c
|
||||
|
||||
$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
|
||||
$(CC) -o$(OBJ_D)\s2_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
|
||||
|
||||
$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
|
||||
$(CC) -o$(OBJ_D)\s2_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
|
||||
|
||||
$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
|
||||
$(CC) -o$(OBJ_D)\s2_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
|
||||
|
||||
$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
|
||||
$(CC) -o$(OBJ_D)\s2_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
|
||||
|
||||
$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
|
||||
$(CC) -o$(OBJ_D)\s2_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
|
||||
|
||||
$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
|
||||
$(CC) -o$(OBJ_D)\s2_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
|
||||
$(CC) -o$(OBJ_D)\s3_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
|
||||
|
||||
$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
|
||||
$(CC) -o$(OBJ_D)\s3_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
|
||||
|
||||
$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
|
||||
$(CC) -o$(OBJ_D)\s3_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
|
||||
|
||||
$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
|
||||
$(CC) -o$(OBJ_D)\s3_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
|
||||
|
||||
$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
|
||||
$(CC) -o$(OBJ_D)\s3_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
|
||||
|
||||
$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
|
||||
$(CC) -o$(OBJ_D)\s3_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
|
||||
$(CC) -o$(OBJ_D)\s3_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
|
||||
|
||||
$(OBJ_D)\s3_cbc.obj: $(SRC_D)\ssl\s3_cbc.c
|
||||
$(CC) -o$(OBJ_D)\s3_cbc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s3_cbc.c
|
||||
|
||||
$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
|
||||
$(CC) -o$(OBJ_D)\s23_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
|
||||
|
||||
$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
|
||||
$(CC) -o$(OBJ_D)\s23_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
|
||||
|
||||
$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
|
||||
$(CC) -o$(OBJ_D)\s23_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
|
||||
|
||||
$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
|
||||
$(CC) -o$(OBJ_D)\s23_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
|
||||
|
||||
$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
|
||||
$(CC) -o$(OBJ_D)\s23_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
|
||||
|
||||
$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
|
||||
$(CC) -o$(OBJ_D)\t1_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
|
||||
|
||||
$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
|
||||
$(CC) -o$(OBJ_D)\t1_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
|
||||
|
||||
$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
|
||||
$(CC) -o$(OBJ_D)\t1_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
|
||||
|
||||
$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
|
||||
$(CC) -o$(OBJ_D)\t1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
|
||||
|
||||
$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
|
||||
$(CC) -o$(OBJ_D)\t1_enc.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
|
||||
|
||||
$(OBJ_D)\t1_ext.obj: $(SRC_D)\ssl\t1_ext.c
|
||||
$(CC) -o$(OBJ_D)\t1_ext.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_ext.c
|
||||
|
||||
$(OBJ_D)\d1_meth.obj: $(SRC_D)\ssl\d1_meth.c
|
||||
$(CC) -o$(OBJ_D)\d1_meth.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_meth.c
|
||||
|
||||
$(OBJ_D)\d1_srvr.obj: $(SRC_D)\ssl\d1_srvr.c
|
||||
$(CC) -o$(OBJ_D)\d1_srvr.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_srvr.c
|
||||
|
||||
$(OBJ_D)\d1_clnt.obj: $(SRC_D)\ssl\d1_clnt.c
|
||||
$(CC) -o$(OBJ_D)\d1_clnt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_clnt.c
|
||||
|
||||
$(OBJ_D)\d1_lib.obj: $(SRC_D)\ssl\d1_lib.c
|
||||
$(CC) -o$(OBJ_D)\d1_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_lib.c
|
||||
|
||||
$(OBJ_D)\d1_pkt.obj: $(SRC_D)\ssl\d1_pkt.c
|
||||
$(CC) -o$(OBJ_D)\d1_pkt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_pkt.c
|
||||
|
||||
$(OBJ_D)\d1_both.obj: $(SRC_D)\ssl\d1_both.c
|
||||
$(CC) -o$(OBJ_D)\d1_both.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_both.c
|
||||
|
||||
$(OBJ_D)\d1_srtp.obj: $(SRC_D)\ssl\d1_srtp.c
|
||||
$(CC) -o$(OBJ_D)\d1_srtp.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\d1_srtp.c
|
||||
|
||||
$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
|
||||
$(CC) -o$(OBJ_D)\ssl_lib.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
|
||||
|
||||
$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
|
||||
$(CC) -o$(OBJ_D)\ssl_err2.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
|
||||
|
||||
$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
|
||||
$(CC) -o$(OBJ_D)\ssl_cert.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
|
||||
|
||||
$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
|
||||
$(CC) -o$(OBJ_D)\ssl_sess.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
|
||||
|
||||
$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
|
||||
$(CC) -o$(OBJ_D)\ssl_ciph.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
|
||||
|
||||
$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
|
||||
$(CC) -o$(OBJ_D)\ssl_stat.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
|
||||
|
||||
$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
|
||||
$(CC) -o$(OBJ_D)\ssl_rsa.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
|
||||
|
||||
$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
|
||||
$(CC) -o$(OBJ_D)\ssl_asn1.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
|
||||
|
||||
$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
|
||||
$(CC) -o$(OBJ_D)\ssl_txt.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
|
||||
|
||||
$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
|
||||
$(CC) -o$(OBJ_D)\ssl_algs.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
|
||||
|
||||
$(OBJ_D)\ssl_conf.obj: $(SRC_D)\ssl\ssl_conf.c
|
||||
$(CC) -o$(OBJ_D)\ssl_conf.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_conf.c
|
||||
|
||||
$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
|
||||
$(CC) -o$(OBJ_D)\bio_ssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
|
||||
|
||||
$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
|
||||
$(CC) -o$(OBJ_D)\ssl_err.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
|
||||
|
||||
$(OBJ_D)\kssl.obj: $(SRC_D)\ssl\kssl.c
|
||||
$(CC) -o$(OBJ_D)\kssl.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\kssl.c
|
||||
|
||||
$(OBJ_D)\t1_reneg.obj: $(SRC_D)\ssl\t1_reneg.c
|
||||
$(CC) -o$(OBJ_D)\t1_reneg.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_reneg.c
|
||||
|
||||
$(OBJ_D)\tls_srp.obj: $(SRC_D)\ssl\tls_srp.c
|
||||
$(CC) -o$(OBJ_D)\tls_srp.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\tls_srp.c
|
||||
|
||||
$(OBJ_D)\t1_trce.obj: $(SRC_D)\ssl\t1_trce.c
|
||||
$(CC) -o$(OBJ_D)\t1_trce.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\t1_trce.c
|
||||
|
||||
$(OBJ_D)\ssl_utst.obj: $(SRC_D)\ssl\ssl_utst.c
|
||||
$(CC) -o$(OBJ_D)\ssl_utst.obj $(LIB_CFLAGS) -c $(SRC_D)\ssl\ssl_utst.c
|
||||
|
||||
$(TEST_D)\constant_time_test.exe: $(OBJ_D)\constant_time_test.obj $(LIBS_DEP)
|
||||
$(LINK_CMD) $(LFLAGS) $(OBJ_D)\constant_time_test.obj $(APP_EX_OBJ), $(TEST_D)\constant_time_test.exe,, $(L_LIBS) $(EX_LIBS)
|
||||
|
||||
|
||||
470
ms/ntdll.mak
470
ms/ntdll.mak
@@ -197,6 +197,32 @@ E_OBJ=$(OBJ_D)\verify.obj \
|
||||
$(OBJ_D)\ocsp.obj $(OBJ_D)\prime.obj $(OBJ_D)\ts.obj \
|
||||
$(OBJ_D)\srp.obj $(OBJ_D)\openssl.obj
|
||||
|
||||
SSLOBJ=$(OBJ_D)\s2_meth.obj \
|
||||
$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
|
||||
$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
|
||||
$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
|
||||
$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
|
||||
$(OBJ_D)\s3_cbc.obj $(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj \
|
||||
$(OBJ_D)\s23_clnt.obj $(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj \
|
||||
$(OBJ_D)\t1_meth.obj $(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj \
|
||||
$(OBJ_D)\t1_lib.obj $(OBJ_D)\t1_enc.obj $(OBJ_D)\t1_ext.obj \
|
||||
$(OBJ_D)\d1_meth.obj $(OBJ_D)\d1_srvr.obj $(OBJ_D)\d1_clnt.obj \
|
||||
$(OBJ_D)\d1_lib.obj $(OBJ_D)\d1_pkt.obj $(OBJ_D)\d1_both.obj \
|
||||
$(OBJ_D)\d1_srtp.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
|
||||
$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
|
||||
$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
|
||||
$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\ssl_conf.obj \
|
||||
$(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj $(OBJ_D)\kssl.obj \
|
||||
$(OBJ_D)\t1_reneg.obj $(OBJ_D)\tls_srp.obj $(OBJ_D)\t1_trce.obj \
|
||||
$(OBJ_D)\ssl_utst.obj $(OBJ_D)\$(SSL).res
|
||||
|
||||
GOSTOBJ=$(OBJ_D)\e_gost_err.obj \
|
||||
$(OBJ_D)\gost2001_keyx.obj $(OBJ_D)\gost2001.obj $(OBJ_D)\gost89.obj \
|
||||
$(OBJ_D)\gost94_keyx.obj $(OBJ_D)\gost_ameth.obj $(OBJ_D)\gost_asn1.obj \
|
||||
$(OBJ_D)\gost_crypt.obj $(OBJ_D)\gost_ctl.obj $(OBJ_D)\gost_eng.obj \
|
||||
$(OBJ_D)\gosthash.obj $(OBJ_D)\gost_keywrap.obj $(OBJ_D)\gost_md.obj \
|
||||
$(OBJ_D)\gost_params.obj $(OBJ_D)\gost_pmeth.obj $(OBJ_D)\gost_sign.obj
|
||||
|
||||
CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
|
||||
$(OBJ_D)\mem.obj $(OBJ_D)\mem_dbg.obj $(OBJ_D)\cversion.obj \
|
||||
$(OBJ_D)\ex_data.obj $(OBJ_D)\cpt_err.obj $(OBJ_D)\ebcdic.obj \
|
||||
@@ -395,32 +421,6 @@ CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
|
||||
$(OBJ_D)\ts_lib.obj $(OBJ_D)\ts_conf.obj $(OBJ_D)\ts_asn1.obj \
|
||||
$(OBJ_D)\srp_lib.obj $(OBJ_D)\srp_vfy.obj $(OBJ_D)\$(CRYPTO).res
|
||||
|
||||
SSLOBJ=$(OBJ_D)\s2_meth.obj \
|
||||
$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
|
||||
$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
|
||||
$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
|
||||
$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
|
||||
$(OBJ_D)\s3_cbc.obj $(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj \
|
||||
$(OBJ_D)\s23_clnt.obj $(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj \
|
||||
$(OBJ_D)\t1_meth.obj $(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj \
|
||||
$(OBJ_D)\t1_lib.obj $(OBJ_D)\t1_enc.obj $(OBJ_D)\t1_ext.obj \
|
||||
$(OBJ_D)\d1_meth.obj $(OBJ_D)\d1_srvr.obj $(OBJ_D)\d1_clnt.obj \
|
||||
$(OBJ_D)\d1_lib.obj $(OBJ_D)\d1_pkt.obj $(OBJ_D)\d1_both.obj \
|
||||
$(OBJ_D)\d1_srtp.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
|
||||
$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
|
||||
$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
|
||||
$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\ssl_conf.obj \
|
||||
$(OBJ_D)\bio_ssl.obj $(OBJ_D)\ssl_err.obj $(OBJ_D)\kssl.obj \
|
||||
$(OBJ_D)\t1_reneg.obj $(OBJ_D)\tls_srp.obj $(OBJ_D)\t1_trce.obj \
|
||||
$(OBJ_D)\ssl_utst.obj $(OBJ_D)\$(SSL).res
|
||||
|
||||
GOSTOBJ=$(OBJ_D)\e_gost_err.obj \
|
||||
$(OBJ_D)\gost2001_keyx.obj $(OBJ_D)\gost2001.obj $(OBJ_D)\gost89.obj \
|
||||
$(OBJ_D)\gost94_keyx.obj $(OBJ_D)\gost_ameth.obj $(OBJ_D)\gost_asn1.obj \
|
||||
$(OBJ_D)\gost_crypt.obj $(OBJ_D)\gost_ctl.obj $(OBJ_D)\gost_eng.obj \
|
||||
$(OBJ_D)\gosthash.obj $(OBJ_D)\gost_keywrap.obj $(OBJ_D)\gost_md.obj \
|
||||
$(OBJ_D)\gost_params.obj $(OBJ_D)\gost_pmeth.obj $(OBJ_D)\gost_sign.obj
|
||||
|
||||
T_EXE=$(TEST_D)\constant_time_test.exe \
|
||||
$(TEST_D)\md4test.exe $(TEST_D)\md5test.exe $(TEST_D)\shatest.exe \
|
||||
$(TEST_D)\sha1test.exe $(TEST_D)\sha256t.exe $(TEST_D)\sha512t.exe \
|
||||
@@ -1237,6 +1237,204 @@ $(OBJ_D)\srp.obj: $(SRC_D)\apps\srp.c
|
||||
$(OBJ_D)\openssl.obj: $(SRC_D)\apps\openssl.c
|
||||
$(CC) /Fo$(OBJ_D)\openssl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\openssl.c
|
||||
|
||||
$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_meth.c
|
||||
|
||||
$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_srvr.c
|
||||
|
||||
$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_clnt.c
|
||||
|
||||
$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_lib.c
|
||||
|
||||
$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_enc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_enc.c
|
||||
|
||||
$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_meth.c
|
||||
|
||||
$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_srvr.c
|
||||
|
||||
$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_clnt.c
|
||||
|
||||
$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_lib.c
|
||||
|
||||
$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_enc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_enc.c
|
||||
|
||||
$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_both.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_both.c
|
||||
|
||||
$(OBJ_D)\s3_cbc.obj: $(SRC_D)\ssl\s3_cbc.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_cbc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_cbc.c
|
||||
|
||||
$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_meth.c
|
||||
|
||||
$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_srvr.c
|
||||
|
||||
$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_clnt.c
|
||||
|
||||
$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_lib.c
|
||||
|
||||
$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_pkt.c
|
||||
|
||||
$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_meth.c
|
||||
|
||||
$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_srvr.c
|
||||
|
||||
$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_clnt.c
|
||||
|
||||
$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_lib.c
|
||||
|
||||
$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_enc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_enc.c
|
||||
|
||||
$(OBJ_D)\t1_ext.obj: $(SRC_D)\ssl\t1_ext.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_ext.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_ext.c
|
||||
|
||||
$(OBJ_D)\d1_meth.obj: $(SRC_D)\ssl\d1_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_meth.c
|
||||
|
||||
$(OBJ_D)\d1_srvr.obj: $(SRC_D)\ssl\d1_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_srvr.c
|
||||
|
||||
$(OBJ_D)\d1_clnt.obj: $(SRC_D)\ssl\d1_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_clnt.c
|
||||
|
||||
$(OBJ_D)\d1_lib.obj: $(SRC_D)\ssl\d1_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_lib.c
|
||||
|
||||
$(OBJ_D)\d1_pkt.obj: $(SRC_D)\ssl\d1_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_pkt.c
|
||||
|
||||
$(OBJ_D)\d1_both.obj: $(SRC_D)\ssl\d1_both.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_both.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_both.c
|
||||
|
||||
$(OBJ_D)\d1_srtp.obj: $(SRC_D)\ssl\d1_srtp.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_srtp.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_srtp.c
|
||||
|
||||
$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_lib.c
|
||||
|
||||
$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_err2.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_err2.c
|
||||
|
||||
$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_cert.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_cert.c
|
||||
|
||||
$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_sess.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_sess.c
|
||||
|
||||
$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_ciph.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_ciph.c
|
||||
|
||||
$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_stat.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_stat.c
|
||||
|
||||
$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_rsa.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_rsa.c
|
||||
|
||||
$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_asn1.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_asn1.c
|
||||
|
||||
$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_txt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_txt.c
|
||||
|
||||
$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_algs.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_algs.c
|
||||
|
||||
$(OBJ_D)\ssl_conf.obj: $(SRC_D)\ssl\ssl_conf.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_conf.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_conf.c
|
||||
|
||||
$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
|
||||
$(CC) /Fo$(OBJ_D)\bio_ssl.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\bio_ssl.c
|
||||
|
||||
$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_err.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_err.c
|
||||
|
||||
$(OBJ_D)\kssl.obj: $(SRC_D)\ssl\kssl.c
|
||||
$(CC) /Fo$(OBJ_D)\kssl.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\kssl.c
|
||||
|
||||
$(OBJ_D)\t1_reneg.obj: $(SRC_D)\ssl\t1_reneg.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_reneg.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_reneg.c
|
||||
|
||||
$(OBJ_D)\tls_srp.obj: $(SRC_D)\ssl\tls_srp.c
|
||||
$(CC) /Fo$(OBJ_D)\tls_srp.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\tls_srp.c
|
||||
|
||||
$(OBJ_D)\t1_trce.obj: $(SRC_D)\ssl\t1_trce.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_trce.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_trce.c
|
||||
|
||||
$(OBJ_D)\ssl_utst.obj: $(SRC_D)\ssl\ssl_utst.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_utst.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_utst.c
|
||||
|
||||
$(OBJ_D)\e_gost_err.obj: $(SRC_D)\engines\ccgost\e_gost_err.c
|
||||
$(CC) /Fo$(OBJ_D)\e_gost_err.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\e_gost_err.c
|
||||
|
||||
$(OBJ_D)\gost2001_keyx.obj: $(SRC_D)\engines\ccgost\gost2001_keyx.c
|
||||
$(CC) /Fo$(OBJ_D)\gost2001_keyx.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost2001_keyx.c
|
||||
|
||||
$(OBJ_D)\gost2001.obj: $(SRC_D)\engines\ccgost\gost2001.c
|
||||
$(CC) /Fo$(OBJ_D)\gost2001.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost2001.c
|
||||
|
||||
$(OBJ_D)\gost89.obj: $(SRC_D)\engines\ccgost\gost89.c
|
||||
$(CC) /Fo$(OBJ_D)\gost89.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost89.c
|
||||
|
||||
$(OBJ_D)\gost94_keyx.obj: $(SRC_D)\engines\ccgost\gost94_keyx.c
|
||||
$(CC) /Fo$(OBJ_D)\gost94_keyx.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost94_keyx.c
|
||||
|
||||
$(OBJ_D)\gost_ameth.obj: $(SRC_D)\engines\ccgost\gost_ameth.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_ameth.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_ameth.c
|
||||
|
||||
$(OBJ_D)\gost_asn1.obj: $(SRC_D)\engines\ccgost\gost_asn1.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_asn1.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_asn1.c
|
||||
|
||||
$(OBJ_D)\gost_crypt.obj: $(SRC_D)\engines\ccgost\gost_crypt.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_crypt.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_crypt.c
|
||||
|
||||
$(OBJ_D)\gost_ctl.obj: $(SRC_D)\engines\ccgost\gost_ctl.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_ctl.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_ctl.c
|
||||
|
||||
$(OBJ_D)\gost_eng.obj: $(SRC_D)\engines\ccgost\gost_eng.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_eng.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_eng.c
|
||||
|
||||
$(OBJ_D)\gosthash.obj: $(SRC_D)\engines\ccgost\gosthash.c
|
||||
$(CC) /Fo$(OBJ_D)\gosthash.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gosthash.c
|
||||
|
||||
$(OBJ_D)\gost_keywrap.obj: $(SRC_D)\engines\ccgost\gost_keywrap.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_keywrap.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_keywrap.c
|
||||
|
||||
$(OBJ_D)\gost_md.obj: $(SRC_D)\engines\ccgost\gost_md.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_md.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_md.c
|
||||
|
||||
$(OBJ_D)\gost_params.obj: $(SRC_D)\engines\ccgost\gost_params.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_params.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_params.c
|
||||
|
||||
$(OBJ_D)\gost_pmeth.obj: $(SRC_D)\engines\ccgost\gost_pmeth.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_pmeth.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_pmeth.c
|
||||
|
||||
$(OBJ_D)\gost_sign.obj: $(SRC_D)\engines\ccgost\gost_sign.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_sign.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_sign.c
|
||||
|
||||
$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
|
||||
$(CC) /Fo$(OBJ_D)\cryptlib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\crypto\cryptlib.c
|
||||
|
||||
@@ -3064,204 +3262,6 @@ $(OBJ_D)\srp_lib.obj: $(SRC_D)\crypto\srp\srp_lib.c
|
||||
$(OBJ_D)\srp_vfy.obj: $(SRC_D)\crypto\srp\srp_vfy.c
|
||||
$(CC) /Fo$(OBJ_D)\srp_vfy.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\crypto\srp\srp_vfy.c
|
||||
|
||||
$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_meth.c
|
||||
|
||||
$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_srvr.c
|
||||
|
||||
$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_clnt.c
|
||||
|
||||
$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_lib.c
|
||||
|
||||
$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_enc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_enc.c
|
||||
|
||||
$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\s2_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s2_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_meth.c
|
||||
|
||||
$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_srvr.c
|
||||
|
||||
$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_clnt.c
|
||||
|
||||
$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_lib.c
|
||||
|
||||
$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_enc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_enc.c
|
||||
|
||||
$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_pkt.c
|
||||
|
||||
$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_both.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_both.c
|
||||
|
||||
$(OBJ_D)\s3_cbc.obj: $(SRC_D)\ssl\s3_cbc.c
|
||||
$(CC) /Fo$(OBJ_D)\s3_cbc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s3_cbc.c
|
||||
|
||||
$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_meth.c
|
||||
|
||||
$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_srvr.c
|
||||
|
||||
$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_clnt.c
|
||||
|
||||
$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_lib.c
|
||||
|
||||
$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\s23_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\s23_pkt.c
|
||||
|
||||
$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_meth.c
|
||||
|
||||
$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_srvr.c
|
||||
|
||||
$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_clnt.c
|
||||
|
||||
$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_lib.c
|
||||
|
||||
$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_enc.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_enc.c
|
||||
|
||||
$(OBJ_D)\t1_ext.obj: $(SRC_D)\ssl\t1_ext.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_ext.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_ext.c
|
||||
|
||||
$(OBJ_D)\d1_meth.obj: $(SRC_D)\ssl\d1_meth.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_meth.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_meth.c
|
||||
|
||||
$(OBJ_D)\d1_srvr.obj: $(SRC_D)\ssl\d1_srvr.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_srvr.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_srvr.c
|
||||
|
||||
$(OBJ_D)\d1_clnt.obj: $(SRC_D)\ssl\d1_clnt.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_clnt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_clnt.c
|
||||
|
||||
$(OBJ_D)\d1_lib.obj: $(SRC_D)\ssl\d1_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_lib.c
|
||||
|
||||
$(OBJ_D)\d1_pkt.obj: $(SRC_D)\ssl\d1_pkt.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_pkt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_pkt.c
|
||||
|
||||
$(OBJ_D)\d1_both.obj: $(SRC_D)\ssl\d1_both.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_both.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_both.c
|
||||
|
||||
$(OBJ_D)\d1_srtp.obj: $(SRC_D)\ssl\d1_srtp.c
|
||||
$(CC) /Fo$(OBJ_D)\d1_srtp.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\d1_srtp.c
|
||||
|
||||
$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_lib.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_lib.c
|
||||
|
||||
$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_err2.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_err2.c
|
||||
|
||||
$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_cert.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_cert.c
|
||||
|
||||
$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_sess.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_sess.c
|
||||
|
||||
$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_ciph.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_ciph.c
|
||||
|
||||
$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_stat.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_stat.c
|
||||
|
||||
$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_rsa.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_rsa.c
|
||||
|
||||
$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_asn1.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_asn1.c
|
||||
|
||||
$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_txt.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_txt.c
|
||||
|
||||
$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_algs.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_algs.c
|
||||
|
||||
$(OBJ_D)\ssl_conf.obj: $(SRC_D)\ssl\ssl_conf.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_conf.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_conf.c
|
||||
|
||||
$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
|
||||
$(CC) /Fo$(OBJ_D)\bio_ssl.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\bio_ssl.c
|
||||
|
||||
$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_err.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_err.c
|
||||
|
||||
$(OBJ_D)\kssl.obj: $(SRC_D)\ssl\kssl.c
|
||||
$(CC) /Fo$(OBJ_D)\kssl.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\kssl.c
|
||||
|
||||
$(OBJ_D)\t1_reneg.obj: $(SRC_D)\ssl\t1_reneg.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_reneg.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_reneg.c
|
||||
|
||||
$(OBJ_D)\tls_srp.obj: $(SRC_D)\ssl\tls_srp.c
|
||||
$(CC) /Fo$(OBJ_D)\tls_srp.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\tls_srp.c
|
||||
|
||||
$(OBJ_D)\t1_trce.obj: $(SRC_D)\ssl\t1_trce.c
|
||||
$(CC) /Fo$(OBJ_D)\t1_trce.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\t1_trce.c
|
||||
|
||||
$(OBJ_D)\ssl_utst.obj: $(SRC_D)\ssl\ssl_utst.c
|
||||
$(CC) /Fo$(OBJ_D)\ssl_utst.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBSSL -c $(SRC_D)\ssl\ssl_utst.c
|
||||
|
||||
$(OBJ_D)\e_gost_err.obj: $(SRC_D)\engines\ccgost\e_gost_err.c
|
||||
$(CC) /Fo$(OBJ_D)\e_gost_err.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\e_gost_err.c
|
||||
|
||||
$(OBJ_D)\gost2001_keyx.obj: $(SRC_D)\engines\ccgost\gost2001_keyx.c
|
||||
$(CC) /Fo$(OBJ_D)\gost2001_keyx.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost2001_keyx.c
|
||||
|
||||
$(OBJ_D)\gost2001.obj: $(SRC_D)\engines\ccgost\gost2001.c
|
||||
$(CC) /Fo$(OBJ_D)\gost2001.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost2001.c
|
||||
|
||||
$(OBJ_D)\gost89.obj: $(SRC_D)\engines\ccgost\gost89.c
|
||||
$(CC) /Fo$(OBJ_D)\gost89.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost89.c
|
||||
|
||||
$(OBJ_D)\gost94_keyx.obj: $(SRC_D)\engines\ccgost\gost94_keyx.c
|
||||
$(CC) /Fo$(OBJ_D)\gost94_keyx.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost94_keyx.c
|
||||
|
||||
$(OBJ_D)\gost_ameth.obj: $(SRC_D)\engines\ccgost\gost_ameth.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_ameth.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_ameth.c
|
||||
|
||||
$(OBJ_D)\gost_asn1.obj: $(SRC_D)\engines\ccgost\gost_asn1.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_asn1.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_asn1.c
|
||||
|
||||
$(OBJ_D)\gost_crypt.obj: $(SRC_D)\engines\ccgost\gost_crypt.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_crypt.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_crypt.c
|
||||
|
||||
$(OBJ_D)\gost_ctl.obj: $(SRC_D)\engines\ccgost\gost_ctl.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_ctl.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_ctl.c
|
||||
|
||||
$(OBJ_D)\gost_eng.obj: $(SRC_D)\engines\ccgost\gost_eng.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_eng.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_eng.c
|
||||
|
||||
$(OBJ_D)\gosthash.obj: $(SRC_D)\engines\ccgost\gosthash.c
|
||||
$(CC) /Fo$(OBJ_D)\gosthash.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gosthash.c
|
||||
|
||||
$(OBJ_D)\gost_keywrap.obj: $(SRC_D)\engines\ccgost\gost_keywrap.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_keywrap.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_keywrap.c
|
||||
|
||||
$(OBJ_D)\gost_md.obj: $(SRC_D)\engines\ccgost\gost_md.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_md.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_md.c
|
||||
|
||||
$(OBJ_D)\gost_params.obj: $(SRC_D)\engines\ccgost\gost_params.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_params.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_params.c
|
||||
|
||||
$(OBJ_D)\gost_pmeth.obj: $(SRC_D)\engines\ccgost\gost_pmeth.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_pmeth.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_pmeth.c
|
||||
|
||||
$(OBJ_D)\gost_sign.obj: $(SRC_D)\engines\ccgost\gost_sign.c
|
||||
$(CC) /Fo$(OBJ_D)\gost_sign.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\ccgost\gost_sign.c
|
||||
|
||||
$(OBJ_D)\$(CRYPTO).res: ms\version32.rc
|
||||
$(RSC) /fo"$(OBJ_D)\$(CRYPTO).res" /d CRYPTO ms\version32.rc
|
||||
|
||||
@@ -3497,7 +3497,7 @@ $(TEST_D)\igetest.exe: $(OBJ_D)\igetest.obj $(LIBS_DEP)
|
||||
IF EXIST $@.manifest mt -nologo -manifest $@.manifest -outputresource:$@;1
|
||||
|
||||
$(OBJ_D)\e_4758cca.obj: $(SRC_D)\engines\e_4758cca.c
|
||||
$(CC) /Fo$(OBJ_D)\e_4758cca.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_4758cca.c
|
||||
$(CC) /Fo$(OBJ_D)\e_4758cca.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_4758cca.c
|
||||
|
||||
$(ENG_D)\4758cca.dll: $(OBJ_D)\e_4758cca.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\4758cca.dll @<<
|
||||
@@ -3507,7 +3507,7 @@ $(ENG_D)\4758cca.dll: $(OBJ_D)\e_4758cca.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_aep.obj: $(SRC_D)\engines\e_aep.c
|
||||
$(CC) /Fo$(OBJ_D)\e_aep.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_aep.c
|
||||
$(CC) /Fo$(OBJ_D)\e_aep.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_aep.c
|
||||
|
||||
$(ENG_D)\aep.dll: $(OBJ_D)\e_aep.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\aep.dll @<<
|
||||
@@ -3517,7 +3517,7 @@ $(ENG_D)\aep.dll: $(OBJ_D)\e_aep.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_atalla.obj: $(SRC_D)\engines\e_atalla.c
|
||||
$(CC) /Fo$(OBJ_D)\e_atalla.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_atalla.c
|
||||
$(CC) /Fo$(OBJ_D)\e_atalla.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_atalla.c
|
||||
|
||||
$(ENG_D)\atalla.dll: $(OBJ_D)\e_atalla.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\atalla.dll @<<
|
||||
@@ -3527,7 +3527,7 @@ $(ENG_D)\atalla.dll: $(OBJ_D)\e_atalla.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_cswift.obj: $(SRC_D)\engines\e_cswift.c
|
||||
$(CC) /Fo$(OBJ_D)\e_cswift.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_cswift.c
|
||||
$(CC) /Fo$(OBJ_D)\e_cswift.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_cswift.c
|
||||
|
||||
$(ENG_D)\cswift.dll: $(OBJ_D)\e_cswift.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\cswift.dll @<<
|
||||
@@ -3537,7 +3537,7 @@ $(ENG_D)\cswift.dll: $(OBJ_D)\e_cswift.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_gmp.obj: $(SRC_D)\engines\e_gmp.c
|
||||
$(CC) /Fo$(OBJ_D)\e_gmp.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_gmp.c
|
||||
$(CC) /Fo$(OBJ_D)\e_gmp.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_gmp.c
|
||||
|
||||
$(ENG_D)\gmp.dll: $(OBJ_D)\e_gmp.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\gmp.dll @<<
|
||||
@@ -3547,7 +3547,7 @@ $(ENG_D)\gmp.dll: $(OBJ_D)\e_gmp.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_chil.obj: $(SRC_D)\engines\e_chil.c
|
||||
$(CC) /Fo$(OBJ_D)\e_chil.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_chil.c
|
||||
$(CC) /Fo$(OBJ_D)\e_chil.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_chil.c
|
||||
|
||||
$(ENG_D)\chil.dll: $(OBJ_D)\e_chil.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\chil.dll @<<
|
||||
@@ -3557,7 +3557,7 @@ $(ENG_D)\chil.dll: $(OBJ_D)\e_chil.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_nuron.obj: $(SRC_D)\engines\e_nuron.c
|
||||
$(CC) /Fo$(OBJ_D)\e_nuron.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_nuron.c
|
||||
$(CC) /Fo$(OBJ_D)\e_nuron.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_nuron.c
|
||||
|
||||
$(ENG_D)\nuron.dll: $(OBJ_D)\e_nuron.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\nuron.dll @<<
|
||||
@@ -3567,7 +3567,7 @@ $(ENG_D)\nuron.dll: $(OBJ_D)\e_nuron.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_sureware.obj: $(SRC_D)\engines\e_sureware.c
|
||||
$(CC) /Fo$(OBJ_D)\e_sureware.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_sureware.c
|
||||
$(CC) /Fo$(OBJ_D)\e_sureware.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_sureware.c
|
||||
|
||||
$(ENG_D)\sureware.dll: $(OBJ_D)\e_sureware.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\sureware.dll @<<
|
||||
@@ -3577,7 +3577,7 @@ $(ENG_D)\sureware.dll: $(OBJ_D)\e_sureware.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_ubsec.obj: $(SRC_D)\engines\e_ubsec.c
|
||||
$(CC) /Fo$(OBJ_D)\e_ubsec.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_ubsec.c
|
||||
$(CC) /Fo$(OBJ_D)\e_ubsec.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_ubsec.c
|
||||
|
||||
$(ENG_D)\ubsec.dll: $(OBJ_D)\e_ubsec.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\ubsec.dll @<<
|
||||
@@ -3587,7 +3587,7 @@ $(ENG_D)\ubsec.dll: $(OBJ_D)\e_ubsec.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_padlock.obj: $(SRC_D)\engines\e_padlock.c
|
||||
$(CC) /Fo$(OBJ_D)\e_padlock.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_padlock.c
|
||||
$(CC) /Fo$(OBJ_D)\e_padlock.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_padlock.c
|
||||
|
||||
$(ENG_D)\padlock.dll: $(OBJ_D)\e_padlock.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\padlock.dll @<<
|
||||
@@ -3597,7 +3597,7 @@ $(ENG_D)\padlock.dll: $(OBJ_D)\e_padlock.obj
|
||||
|
||||
|
||||
$(OBJ_D)\e_capi.obj: $(SRC_D)\engines\e_capi.c
|
||||
$(CC) /Fo$(OBJ_D)\e_capi.obj $(SHLIB_CFLAGS) -c $(SRC_D)\engines\e_capi.c
|
||||
$(CC) /Fo$(OBJ_D)\e_capi.obj $(SHLIB_CFLAGS) -DOPENSSL_BUILD_SHLIBCRYPTO -c $(SRC_D)\engines\e_capi.c
|
||||
|
||||
$(ENG_D)\capi.dll: $(OBJ_D)\e_capi.obj
|
||||
$(LINK_CMD) $(MLFLAGS) /out:$(ENG_D)\capi.dll @<<
|
||||
|
||||
BIN
ms/uptable.obj
BIN
ms/uptable.obj
Binary file not shown.
@@ -3,8 +3,8 @@
|
||||
LANGUAGE 0x09,0x01
|
||||
|
||||
1 VERSIONINFO
|
||||
FILEVERSION 1,0,2,17
|
||||
PRODUCTVERSION 1,0,2,17
|
||||
FILEVERSION 1,0,2,19
|
||||
PRODUCTVERSION 1,0,2,19
|
||||
FILEFLAGSMASK 0x3fL
|
||||
#ifdef _DEBUG
|
||||
FILEFLAGS 0x01L
|
||||
@@ -22,7 +22,7 @@ BEGIN
|
||||
// Required:
|
||||
VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\0"
|
||||
VALUE "FileDescription", "OpenSSL Shared Library\0"
|
||||
VALUE "FileVersion", "1.0.2q\0"
|
||||
VALUE "FileVersion", "1.0.2s\0"
|
||||
#if defined(CRYPTO)
|
||||
VALUE "InternalName", "libeay32\0"
|
||||
VALUE "OriginalFilename", "libeay32.dll\0"
|
||||
@@ -31,7 +31,7 @@ BEGIN
|
||||
VALUE "OriginalFilename", "ssleay32.dll\0"
|
||||
#endif
|
||||
VALUE "ProductName", "The OpenSSL Toolkit\0"
|
||||
VALUE "ProductVersion", "1.0.2q\0"
|
||||
VALUE "ProductVersion", "1.0.2s\0"
|
||||
// Optional:
|
||||
//VALUE "Comments", "\0"
|
||||
VALUE "LegalCopyright", "Copyright <20> 1998-2005 The OpenSSL Project. Copyright <20> 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\0"
|
||||
|
||||
@@ -7,7 +7,7 @@ Release: 1
|
||||
|
||||
Summary: Secure Sockets Layer and cryptography libraries and tools
|
||||
Name: openssl
|
||||
Version: 1.0.2q
|
||||
Version: 1.0.2s
|
||||
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
||||
ERR_add_error_data(2, "SSL alert number ", tmp);
|
||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
||||
s->state = SSL_ST_ERR;
|
||||
return (0);
|
||||
} else {
|
||||
al = SSL_AD_ILLEGAL_PARAMETER;
|
||||
|
||||
10
ssl/s3_pkt.c
10
ssl/s3_pkt.c
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
||||
ERR_add_error_data(2, "SSL alert number ", tmp);
|
||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
||||
s->state = SSL_ST_ERR;
|
||||
return (0);
|
||||
} else {
|
||||
al = SSL_AD_ILLEGAL_PARAMETER;
|
||||
@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
|
||||
* protocol_version alerts */
|
||||
if (desc < 0)
|
||||
return -1;
|
||||
/* If a fatal one, remove from cache */
|
||||
if ((level == 2) && (s->session != NULL))
|
||||
/* If a fatal one, remove from cache and go into the error state */
|
||||
if (level == SSL3_AL_FATAL) {
|
||||
if (s->session != NULL)
|
||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
||||
s->state = SSL_ST_ERR;
|
||||
}
|
||||
|
||||
s->s3->alert_dispatch = 1;
|
||||
s->s3->send_alert[0] = level;
|
||||
|
||||
20
ssl/t1_lib.c
20
ssl/t1_lib.c
@@ -3697,6 +3697,12 @@ int tls12_get_sigid(const EVP_PKEY *pk)
|
||||
sizeof(tls12_sig) / sizeof(tls12_lookup));
|
||||
}
|
||||
|
||||
static int tls12_get_hash_nid(unsigned char hash_alg)
|
||||
{
|
||||
return tls12_find_nid(hash_alg, tls12_md,
|
||||
sizeof(tls12_md) / sizeof(tls12_lookup));
|
||||
}
|
||||
|
||||
const EVP_MD *tls12_get_hash(unsigned char hash_alg)
|
||||
{
|
||||
switch (hash_alg) {
|
||||
@@ -3887,6 +3893,8 @@ int tls1_process_sigalgs(SSL *s)
|
||||
const EVP_MD *md;
|
||||
CERT *c = s->cert;
|
||||
TLS_SIGALGS *sigptr;
|
||||
int mandatory_mdnid;
|
||||
|
||||
if (!tls1_set_shared_sigalgs(s))
|
||||
return 0;
|
||||
|
||||
@@ -3918,6 +3926,18 @@ int tls1_process_sigalgs(SSL *s)
|
||||
for (i = 0, sigptr = c->shared_sigalgs;
|
||||
i < c->shared_sigalgslen; i++, sigptr++) {
|
||||
idx = tls12_get_pkey_idx(sigptr->rsign);
|
||||
if (s->cert->pkeys[idx].privatekey) {
|
||||
ERR_set_mark();
|
||||
if (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
|
||||
&mandatory_mdnid) == 2 &&
|
||||
mandatory_mdnid != tls12_get_hash_nid(sigptr->rhash))
|
||||
continue;
|
||||
/*
|
||||
* If EVP_PKEY_get_default_digest_nid() failed, don't pollute
|
||||
* the error stack.
|
||||
*/
|
||||
ERR_pop_to_mark();
|
||||
}
|
||||
if (idx > 0 && c->pkeys[idx].digest == NULL) {
|
||||
md = tls12_get_hash(sigptr->rhash);
|
||||
c->pkeys[idx].digest = md;
|
||||
|
||||
@@ -198,6 +198,7 @@ $ T_D_BAD_DTLS_TEST := [-.ssl]
|
||||
$ T_D_SSLV2CONFTEST := [-.ssl]
|
||||
$ T_D_DTLSTEST := [-.ssl]
|
||||
$ T_D_FATALERRTEST := [-.ssl]
|
||||
$ T_D_X509_TIME_TEST := []
|
||||
$
|
||||
$ EXOBJ_DTLSTEST := SSLTESTLIB
|
||||
$ EXOBJ_FATALERRTEST := SSLTESTLIB
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/usr/bin/perl
|
||||
#!/usr/local/bin/perl
|
||||
|
||||
# Perl c_rehash script, scan all files in a directory
|
||||
# and add symbolic links to their hash values.
|
||||
|
||||
@@ -1,210 +0,0 @@
|
||||
#!/usr/bin/perl
|
||||
|
||||
# Perl c_rehash script, scan all files in a directory
|
||||
# and add symbolic links to their hash values.
|
||||
|
||||
my $dir = "/usr/local/ssl";
|
||||
my $prefix = "/usr/local/ssl";
|
||||
|
||||
my $openssl = $ENV{OPENSSL} || "openssl";
|
||||
my $pwd;
|
||||
my $x509hash = "-subject_hash";
|
||||
my $crlhash = "-hash";
|
||||
my $verbose = 0;
|
||||
my $symlink_exists=eval {symlink("",""); 1};
|
||||
my $removelinks = 1;
|
||||
|
||||
## Parse flags.
|
||||
while ( $ARGV[0] =~ /^-/ ) {
|
||||
my $flag = shift @ARGV;
|
||||
last if ( $flag eq '--');
|
||||
if ( $flag eq '-old') {
|
||||
$x509hash = "-subject_hash_old";
|
||||
$crlhash = "-hash_old";
|
||||
} elsif ( $flag eq '-h') {
|
||||
help();
|
||||
} elsif ( $flag eq '-n' ) {
|
||||
$removelinks = 0;
|
||||
} elsif ( $flag eq '-v' ) {
|
||||
$verbose++;
|
||||
}
|
||||
else {
|
||||
print STDERR "Usage error; try -help.\n";
|
||||
exit 1;
|
||||
}
|
||||
}
|
||||
|
||||
sub help {
|
||||
print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n";
|
||||
print " -old use old-style digest\n";
|
||||
print " -h print this help text\n";
|
||||
print " -v print files removed and linked\n";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
eval "require Cwd";
|
||||
if (defined(&Cwd::getcwd)) {
|
||||
$pwd=Cwd::getcwd();
|
||||
} else {
|
||||
$pwd=`pwd`;
|
||||
chomp($pwd);
|
||||
}
|
||||
|
||||
# DOS/Win32 or Unix delimiter? Prefix our installdir, then search.
|
||||
my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
|
||||
$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
|
||||
|
||||
if(! -x $openssl) {
|
||||
my $found = 0;
|
||||
foreach (split /$path_delim/, $ENV{PATH}) {
|
||||
if(-x "$_/$openssl") {
|
||||
$found = 1;
|
||||
$openssl = "$_/$openssl";
|
||||
last;
|
||||
}
|
||||
}
|
||||
if($found == 0) {
|
||||
print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
|
||||
exit 0;
|
||||
}
|
||||
}
|
||||
|
||||
if(@ARGV) {
|
||||
@dirlist = @ARGV;
|
||||
} elsif($ENV{SSL_CERT_DIR}) {
|
||||
@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
|
||||
} else {
|
||||
$dirlist[0] = "$dir/certs";
|
||||
}
|
||||
|
||||
if (-d $dirlist[0]) {
|
||||
chdir $dirlist[0];
|
||||
$openssl="$pwd/$openssl" if (!-x $openssl);
|
||||
chdir $pwd;
|
||||
}
|
||||
|
||||
foreach (@dirlist) {
|
||||
if(-d $_ and -w $_) {
|
||||
hash_dir($_);
|
||||
}
|
||||
}
|
||||
|
||||
sub hash_dir {
|
||||
my %hashlist;
|
||||
print "Doing $_[0]\n";
|
||||
chdir $_[0];
|
||||
opendir(DIR, ".");
|
||||
my @flist = readdir(DIR);
|
||||
closedir DIR;
|
||||
if ( $removelinks ) {
|
||||
# Delete any existing symbolic links
|
||||
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
||||
if(-l $_) {
|
||||
unlink $_;
|
||||
print "unlink $_" if $verbose;
|
||||
}
|
||||
}
|
||||
}
|
||||
FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
|
||||
# Check to see if certificates and/or CRLs present.
|
||||
my ($cert, $crl) = check_file($fname);
|
||||
if(!$cert && !$crl) {
|
||||
print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
|
||||
next;
|
||||
}
|
||||
link_hash_cert($fname) if($cert);
|
||||
link_hash_crl($fname) if($crl);
|
||||
}
|
||||
}
|
||||
|
||||
sub check_file {
|
||||
my ($is_cert, $is_crl) = (0,0);
|
||||
my $fname = $_[0];
|
||||
open IN, $fname;
|
||||
while(<IN>) {
|
||||
if(/^-----BEGIN (.*)-----/) {
|
||||
my $hdr = $1;
|
||||
if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
||||
$is_cert = 1;
|
||||
last if($is_crl);
|
||||
} elsif($hdr eq "X509 CRL") {
|
||||
$is_crl = 1;
|
||||
last if($is_cert);
|
||||
}
|
||||
}
|
||||
}
|
||||
close IN;
|
||||
return ($is_cert, $is_crl);
|
||||
}
|
||||
|
||||
|
||||
# Link a certificate to its subject name hash value, each hash is of
|
||||
# the form <hash>.<n> where n is an integer. If the hash value already exists
|
||||
# then we need to up the value of n, unless its a duplicate in which
|
||||
# case we skip the link. We check for duplicates by comparing the
|
||||
# certificate fingerprints
|
||||
|
||||
sub link_hash_cert {
|
||||
my $fname = $_[0];
|
||||
$fname =~ s/'/'\\''/g;
|
||||
my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
||||
chomp $hash;
|
||||
chomp $fprint;
|
||||
$fprint =~ s/^.*=//;
|
||||
$fprint =~ tr/://d;
|
||||
my $suffix = 0;
|
||||
# Search for an unused hash filename
|
||||
while(exists $hashlist{"$hash.$suffix"}) {
|
||||
# Hash matches: if fingerprint matches its a duplicate cert
|
||||
if($hashlist{"$hash.$suffix"} eq $fprint) {
|
||||
print STDERR "WARNING: Skipping duplicate certificate $fname\n";
|
||||
return;
|
||||
}
|
||||
$suffix++;
|
||||
}
|
||||
$hash .= ".$suffix";
|
||||
if ($symlink_exists) {
|
||||
symlink $fname, $hash;
|
||||
print "link $fname -> $hash\n" if $verbose;
|
||||
} else {
|
||||
open IN,"<$fname" or die "can't open $fname for read";
|
||||
open OUT,">$hash" or die "can't open $hash for write";
|
||||
print OUT <IN>; # does the job for small text files
|
||||
close OUT;
|
||||
close IN;
|
||||
print "copy $fname -> $hash\n" if $verbose;
|
||||
}
|
||||
$hashlist{$hash} = $fprint;
|
||||
}
|
||||
|
||||
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
|
||||
|
||||
sub link_hash_crl {
|
||||
my $fname = $_[0];
|
||||
$fname =~ s/'/'\\''/g;
|
||||
my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
||||
chomp $hash;
|
||||
chomp $fprint;
|
||||
$fprint =~ s/^.*=//;
|
||||
$fprint =~ tr/://d;
|
||||
my $suffix = 0;
|
||||
# Search for an unused hash filename
|
||||
while(exists $hashlist{"$hash.r$suffix"}) {
|
||||
# Hash matches: if fingerprint matches its a duplicate cert
|
||||
if($hashlist{"$hash.r$suffix"} eq $fprint) {
|
||||
print STDERR "WARNING: Skipping duplicate CRL $fname\n";
|
||||
return;
|
||||
}
|
||||
$suffix++;
|
||||
}
|
||||
$hash .= ".r$suffix";
|
||||
if ($symlink_exists) {
|
||||
symlink $fname, $hash;
|
||||
print "link $fname -> $hash\n" if $verbose;
|
||||
} else {
|
||||
system ("cp", $fname, $hash);
|
||||
print "cp $fname -> $hash\n" if $verbose;
|
||||
}
|
||||
$hashlist{$hash} = $fprint;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user