if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_HOURS, &crlhours))
crlhours = 0;
+ ERR_clear_error();
}
if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
{
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
- else if (strcmp(*argv,"-non-fips-allow") == 0)
- non_fips_allow=1;
else if (!strcmp(*argv,"-fips-fingerprint"))
hmac_key = "etaonrishdlcupfm";
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow=1;
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
goto end;
}
#endif
+ ERR_print_errors(bio_err);
BIO_printf(bio_err,"Error, DSA key generation failed\n");
goto end;
}
assert(need_rand);
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
- if (!DSA_generate_key(dsakey)) goto end;
+ if (!DSA_generate_key(dsakey))
+ {
+ ERR_print_errors(bio_err);
+ DSA_free(dsakey);
+ goto end;
+ }
if (outformat == FORMAT_ASN1)
i=i2d_DSAPrivateKey_bio(out,dsakey);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
+ DSA_free(dsakey);
goto end;
}
DSA_free(dsakey);
/* If we are using DSA, we can copy the parameters from
* the private key */
-
-
+
+
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -status - request certificate status from server\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
+# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
# endif
#endif
ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
return SSL_TLSEXT_ERR_OK;
}
-# endif
+# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
#endif
enum
{
if (--argc < 1) goto bad;
srp_verifier_file = *(++argv);
- meth=TLSv1_server_method();
+ meth = TLSv1_server_method();
}
else if (strcmp(*argv, "-srpuserseed") == 0)
{
if (--argc < 1) goto bad;
srpuserseed = *(++argv);
- meth=TLSv1_server_method();
+ meth = TLSv1_server_method();
}
#endif
else if (strcmp(*argv,"-www") == 0)
}
#endif
- if (!set_cert_key_stuff(ctx,s_cert,s_key))
+ if (!set_cert_key_stuff(ctx, s_cert, s_key))
goto end;
#ifndef OPENSSL_NO_TLSEXT
if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
#endif
if (s_dcert != NULL)
{
- if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
+ if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
goto end;
}
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
if (next_proto_neg)
}
BIO_puts(io,"\n");
+ BIO_printf(io,
+ "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ?
+ "" : " NOT");
+
/* The following is evil and should not really
* be done */
BIO_printf(io,"Ciphers supported in s_server binary\n");
"aes-128 cbc","aes-192 cbc","aes-256 cbc",
"camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
"evp","sha256","sha512","whirlpool",
- "aes-128 ige","aes-192 ige","aes-256 ige","ghash"};
+ "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
#ifndef OPENSSL_NO_RSA
#if defined(_WIN32)
#if !defined(SIGALRM)
-#define SIGALRM
+# define SIGALRM
#endif
static unsigned int lapse,schlock;
static void alarm_win32(unsigned int secs) { lapse = secs*1000; }
if (type == DB_SRP_INDEX)
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
- if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
+ pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
+ if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
return i;
}
else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+ pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
return i;
if (indx >= 0 && verbose)
{
int j;
- char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx);
+ char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
for (j = 0; j < DB_NUMBER; j++)
{
{
if (verbose > 0)
{
- char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
if (pp[DB_srptype][0] != 'I')
{
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+ pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX)
{
if (gNindex >= 0)
{
- gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
- print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ;
+ gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
+ print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
}
else if (maxgN > 0 && !SRP_get_default_gN(gN))
{
if (userindex >= 0)
{
/* reactivation of a new user */
- char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
row[DB_srptype][0] = 'V';
else
{
- char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
char type = row[DB_srptype][0];
if (type == 'v')
{
if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
{
- BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
- errors++;
- goto err;
+ BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
+ errors++;
+ goto err;
}
row[DB_srptype][0] = 'v';
}
else
{
- char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
xpp[DB_srptype][0] = 'R';
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+ pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
if (pp[DB_srptype][0] == 'v')
{
BIO_printf(bio_err," [-engine e]");
#endif
BIO_printf(bio_err," cert1 cert2 ...\n");
+
BIO_printf(bio_err,"recognized usages:\n");
- for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+ for(i = 0; i < X509_PURPOSE_get_count(); i++)
+ {
X509_PURPOSE *ptmp;
ptmp = X509_PURPOSE_get0(i);
- BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
- X509_PURPOSE_get0_name(ptmp));
- }
+ BIO_printf(bio_err, "\t%-10s\t%s\n",
+ X509_PURPOSE_get0_sname(ptmp),
+ X509_PURPOSE_get0_name(ptmp));
+ }
}
if (vpm) X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
days=atoi(*(++argv));
if (days == 0)
{
- BIO_printf(STDout,"bad number of days\n");
+ BIO_printf(bio_err,"bad number of days\n");
goto bad;
}
}
}
else if (text == i)
{
- X509_print_ex(out,x,nmflag, certflag);
+ X509_print_ex(STDout,x,nmflag, certflag);
}
else if (startdate == i)
{
*/
#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
#include <openssl/aes.h>
#include "aes_locl.h"
#define IP_MTU 14 /* linux is lame */
#endif
+#ifdef __FreeBSD__
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a) \
+ (((a)->s6_addr32[0] == 0) && \
+ ((a)->s6_addr32[1] == 0) && \
+ ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+
#ifdef WATT32
#define sock_write SockWrite /* Watt-32 uses same names */
#define sock_read SockRead
*
* <appro@fy.chalmers.se>
*/
+#undef bn_div_words
# define bn_div_words(n0,n1,d0) \
({ asm volatile ( \
"divl %4" \
* Same story here, but it's 128-bit by 64-bit division. Wow!
* <appro@fy.chalmers.se>
*/
+# undef bn_div_words
# define bn_div_words(n0,n1,d0) \
({ asm volatile ( \
"divq %4" \
/* solves ax == 1 (mod n) */
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
BIGNUM *BN_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
*/
#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
#include <openssl/camellia.h>
#include "cmll_locl.h"
* [including the GNU Public Licence.]
*/
-#include <openssl/crypto.h>
#include <openssl/cast.h>
#include "cast_lcl.h"
#include "cast_s.h"
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
unsigned char *tkey = NULL;
- size_t tkeylen;
+ size_t tkeylen = 0;
int ok = 0;
* algorithm OID instead of digest.
*/
|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
- {
return EVP_MD_CTX_copy_ex(mctx, mtmp);
- }
chain = BIO_next(chain);
}
}
}
else
vec = OPENSSL_ia32_cpuid();
+
/*
* |(1<<10) sets a reserved bit to signal that variable
* was initialized already... This is to avoid interference
void OPENSSL_cpuid_setup(void);
extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *,...);
+void OPENSSL_showfatal(const char *fmta,...);
void *OPENSSL_stderr(void);
extern int OPENSSL_NONPIC_relocated;
long (**go)(void));
void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
void *CRYPTO_malloc(int num, const char *file, int line);
char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
int line);
* 1.1 added norm_expand_bits
* 1.0 First working version
*/
-#include "des_locl.h"
-
#include <openssl/crypto.h>
+#include "des_locl.h"
OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0) /* defaults to false */
* [including the GNU Public Licence.]
*/
-#include "des_locl.h"
#include <openssl/crypto.h>
+#include "des_locl.h"
void DES_string_to_key(const char *str, DES_cblock *key)
{
void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
size_t EC_GROUP_get_seed_len(const EC_GROUP *);
size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
*/
int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
* \param group underlying EC_GROUP object
int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
/* functions to set/get method specific data */
-void *EC_KEY_get_key_method_data(EC_KEY *,
+void *EC_KEY_get_key_method_data(EC_KEY *key,
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
/* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
/** Creates a table of pre-computed multiples of the generator to
* accelerate further EC_KEY operations.
pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
- /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is
+ /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
* not an error, the result is truncated.
*/
ec_GFp_mont_field_decode,
ec_GFp_mont_field_set_to_one };
-
return &ret;
#endif
}
}
static void prime_field_tests(void)
- {
+ {
BN_CTX *ctx = NULL;
BIGNUM *p, *a, *b;
EC_GROUP *group;
*/
#include "ech_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
EC_KEY *eckey,
#include <openssl/ui.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
#include <openssl/ts.h>
#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif
#include <openssl/comp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
void ERR_load_crypto_strings(void)
{
#ifndef OPENSSL_NO_ERR
#endif
ERR_load_OCSP_strings();
ERR_load_UI_strings();
+#ifdef OPENSSL_FIPS
+ ERR_load_FIPS_strings();
+#endif
#ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings();
#endif
ERR_load_JPAKE_strings();
#endif
ERR_load_COMP_strings();
-#endif
-#ifdef OPENSSL_FIPS
- ERR_load_FIPS_strings();
#endif
}
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- cp $(TESTDATA) ../../test
+ [ ! -f $(TESTDATA) ] || cp $(TESTDATA) ../../test
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
return FIPS_digestfinal(ctx, md, size);
#else
int ret;
+
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
if (size != NULL)
#include <openssl/objects.h>
#include <openssl/aes.h>
#include <openssl/sha.h>
-#include "evp_locl.h"
#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
#ifndef OPENSSL_NO_RC4
#include <openssl/evp.h>
-#include "evp_locl.h"
#include <openssl/objects.h>
#include <openssl/rc4.h>
/* Length of tag for TLS */
#define EVP_GCM_TLS_TAG_LEN 16
-
typedef struct evp_cipher_info_st
{
const EVP_CIPHER *cipher;
# define EVP_aes_128_cfb EVP_aes_128_cfb128
const EVP_CIPHER *EVP_aes_128_ofb(void);
const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
const EVP_CIPHER *EVP_aes_128_xts(void);
const EVP_CIPHER *EVP_aes_192_ecb(void);
const EVP_CIPHER *EVP_aes_192_cbc(void);
# define EVP_aes_192_cfb EVP_aes_192_cfb128
const EVP_CIPHER *EVP_aes_192_ofb(void);
const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb1(void);
# define EVP_aes_256_cfb EVP_aes_256_cfb128
const EVP_CIPHER *EVP_aes_256_ofb(void);
const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
const EVP_CIPHER *EVP_aes_256_xts(void);
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#include <openssl/evp.h>
#include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#include <openssl/rsa.h>
#endif
-#include "evp_locl.h"
-
static int init(EVP_MD_CTX *ctx)
{ return MD4_Init(ctx->md_data); }
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
-#include "evp_locl.h"
static int init(EVP_MD_CTX *ctx)
{ return MD5_Init(ctx->md_data); }
#include <openssl/rsa.h>
#endif
-#include "evp_locl.h"
-
static int init(EVP_MD_CTX *ctx)
{ return MDC2_Init(ctx->md_data); }
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
-#include "evp_locl.h"
static int init(EVP_MD_CTX *ctx)
{ return RIPEMD160_Init(ctx->md_data); }
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
-#include "evp_locl.h"
static int init(EVP_MD_CTX *ctx)
{ return SHA_Init(ctx->md_data); }
#include <openssl/evp.h>
#include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/whrlpool.h>
-#include "evp_locl.h"
static int init(EVP_MD_CTX *ctx)
{ return WHIRLPOOL_Init(ctx->md_data); }
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
- int i=0,ok=0,v;
+ int i = 0,ok = 0,v;
EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL;
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
- int i=-1,ok=0,v;
+ int i = 0,ok = 0,v;
EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL;
* [including the GNU Public Licence.]
*/
-#include <openssl/crypto.h>
#include <openssl/idea.h>
#include "idea_lcl.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <openssl/crypto.h>
#include <openssl/des.h>
#include <openssl/mdc2.h>
-#include <openssl/crypto.h>
#undef c2l
#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
static long (*get_debug_options_func)(void) = NULL;
#endif
-
int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
void (*f)(void *))
{
+ /* Dummy call just to ensure OPENSSL_init() gets linked in */
OPENSSL_init();
if (!allow_customize)
return 0;
{ my @lo = ("mm0","mm1","mm2");
my @hi = ("mm3","mm4","mm5");
my @tmp = ("mm6","mm7");
- my $off1=0,$off2=0,$i;
+ my ($off1,$off2,$i) = (0,0,);
&add ($Htbl,128); # optimize for size
&lea ("edi",&DWP(16+128,"esp"));
my ($Xhi,$Xi) = @_;
# 1st phase
- &movdqa ($T1,$Xi) #
+ &movdqa ($T1,$Xi); #
&psllq ($Xi,1);
&pxor ($Xi,$T1); #
&psllq ($Xi,5); #
&movdqa ($Xhn,$Xn);
&pxor ($Xhi,$T1); # "Ii+Xi", consume early
- &movdqa ($T1,$Xi) #&reduction_alg9($Xhi,$Xi); 1st phase
+ &movdqa ($T1,$Xi); #&reduction_alg9($Xhi,$Xi); 1st phase
&psllq ($Xi,1);
&pxor ($Xi,$T1); #
&psllq ($Xi,5); #
# endif
gcm_init_4bit(ctx->Htable,ctx->H.u);
# if defined(GHASH_ASM_X86) /* x86 only */
-# if defined(OPENSSL_IA32_SSE2)
+# if defined(OPENSSL_IA32_SSE2)
if (OPENSSL_ia32cap_P[0]&(1<<25)) { /* check SSE bit */
# else
if (OPENSSL_ia32cap_P[0]&(1<<23)) { /* check MMX bit */
goto err;
/* The 'iv' is used as the iv and as a salt. It is
* NOT taken from the BytesToKey function */
- EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+ if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+ goto err;
if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
/* k=strlen(buf); */
EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
- EVP_EncryptUpdate(&ctx,data,&j,data,i);
- EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+ ret = 1;
+ if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
+ || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+ || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+ ret = 0;
EVP_CIPHER_CTX_cleanup(&ctx);
+ if (ret == 0)
+ goto err;
i+=j;
- ret=1;
}
else
{
ebcdic2ascii(buf, buf, klen);
#endif
- EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
- (unsigned char *)buf,klen,1,key,NULL);
+ if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+ (unsigned char *)buf,klen,1,key,NULL))
+ return 0;
j=(int)len;
EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
- EVP_DecryptUpdate(&ctx,data,&i,data,j);
- o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+ o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+ if (o)
+ o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+ if (o)
+ o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
OPENSSL_cleanse((char *)buf,sizeof(buf));
OPENSSL_cleanse((char *)key,sizeof(key));
EVP_EncodeInit(&ctx->encode);
EVP_MD_CTX_init(&ctx->md);
- EVP_SignInit(&ctx->md,md_type);
+ if (!EVP_SignInit(&ctx->md,md_type))
+ goto err;
EVP_CIPHER_CTX_init(&ctx->cipher);
ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
goto err;
}
- EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+ if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
+ goto err;
EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
*outl=j;
out+=j;
&set_label("PIC_point");
&blindpop("edx");
&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
- &mov($count,&DWP(0,"ecx",$count,4))
+ &mov($count,&DWP(0,"ecx",$count,4));
&add($count,"edx");
&xor("ecx","ecx");
&xor("edx","edx");
sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
sub ::call_ptr { &::emit("call",@_); }
sub ::jmp_ptr { &::emit("jmp",@_); }
+sub ::lock { &::data_byte(0xf0); }
sub get_mem
{ my($size,$addr,$reg1,$reg2,$idx)=@_;
out += u;
for (j = 0; j < v; j++) B[j] = Ai[j % u];
/* Work out B + 1 first then can use B as tmp space */
- if (!BN_bin2bn (B, v, Bpl1)) goto err;
- if (!BN_add_word (Bpl1, 1)) goto err;
+ if (!BN_bin2bn (B, v, Bpl1))
+ goto err;
+ if (!BN_add_word (Bpl1, 1))
+ goto err;
for (j = 0; j < Ilen ; j+=v) {
- if (!BN_bin2bn (I + j, v, Ij)) goto err;
- if (!BN_add (Ij, Ij, Bpl1)) goto err;
- BN_bn2bin (Ij, B);
+ if (!BN_bin2bn(I + j, v, Ij))
+ goto err;
+ if (!BN_add(Ij, Ij, Bpl1))
+ goto err;
+ if (!BN_bn2bin(Ij, B))
+ goto err;
Ijlen = BN_num_bytes (Ij);
/* If more than 2^(v*8) - 1 cut off MSB */
if (Ijlen > v) {
- BN_bn2bin (Ij, B);
+ if (!BN_bn2bin (Ij, B))
+ goto err;
memcpy (I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
/* If less than v bytes pad with zeroes */
} else if (Ijlen < v) {
memset(I + j, 0, v - Ijlen);
- BN_bn2bin(Ij, I + j + v - Ijlen);
+ if (!BN_bn2bin(Ij, I + j + v - Ijlen))
+ goto err;
#endif
- } else BN_bn2bin (Ij, I + j);
+ } else if (!BN_bn2bin (Ij, I + j))
+ goto err;
}
}
#include <openssl/pkcs7.h>
#include <openssl/bio.h>
-#ifndef OPENSSL_SYSNAME_NETWARE
+#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS)
#include <memory.h>
#endif
#include <stdio.h>
#include "e_os.h"
+#include <openssl/crypto.h>
#include <openssl/rand.h>
#include "rand_lcl.h"
-#include <openssl/crypto.h>
#include <openssl/err.h>
#ifdef BN_DEBUG
static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
double entropy)
{
- RAND_SSLeay()->add(in, inlen, entropy);
- return 1;
+ return RAND_SSLeay()->add(in, inlen, entropy);
}
static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
{
- RAND_SSLeay()->seed(in, inlen);
- return 1;
+ return RAND_SSLeay()->seed(in, inlen);
}
#ifndef OPENSSL_DRBG_DEFAULT_TYPE
*/
/* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#if !defined(OPENSSL_SYS_VXWORKS)
#define _XOPEN_SOURCE 500
+#endif
#include <errno.h>
#include <stdio.h>
* [including the GNU Public Licence.]
*/
-#include <openssl/crypto.h>
#include <openssl/rc2.h>
#include "rc2_locl.h"
RSA * RSA_new(void);
RSA * RSA_new_method(ENGINE *engine);
-int RSA_size(const RSA *);
+int RSA_size(const RSA *rsa);
/* Deprecated version */
#ifndef OPENSSL_NO_DEPRECATED
if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
/* If p < q it is occasionally possible for the correction of
- * adding 'p' if r0 is negative above to leave the result still
+ * adding 'p' if r0 is negative above to leave the result still
* negative. This can break the private key operations: the following
* second correction should *always* correct this rare occurrence.
* This will *never* happen with OpenSSL generated keys because
- * they ensure p > q [steve]
- */
+ * they ensure p > q [steve]
+ */
if (BN_is_negative(r0))
if (!BN_add(r0,r0,rsa->p)) goto err;
if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
#include <memory.h>
#endif
-#include <openssl/crypto.h>
#include <openssl/seed.h>
#include "seed_locl.h"
___
-{ my $i,@V=($A,$B,$C,$D,$E);
+{ my $i;
+ my @V=($A,$B,$C,$D,$E);
for($i=0;$i<16;$i++) { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
for(;$i<20;$i++) { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {
my ($mnemonic,$rs1,$rs2,$rd)=@_;
-my $ref,$opf;
+my ($ref,$opf);
my %visopf = ( "fmul8ulx16" => 0x037,
"faligndata" => 0x048,
"fpadd32" => 0x052,
&mov ("edx",$Ehi);
&mov ("esi","ecx");
- &shr ("ecx",9) # lo>>9
+ &shr ("ecx",9); # lo>>9
&mov ("edi","edx");
- &shr ("edx",9) # hi>>9
+ &shr ("edx",9); # hi>>9
&mov ("ebx","ecx");
&shl ("esi",14); # lo<<14
&mov ("eax","edx");
&mov ($Dhi,"ebx");
&mov ("esi","ecx");
- &shr ("ecx",2) # lo>>2
+ &shr ("ecx",2); # lo>>2
&mov ("edi","edx");
- &shr ("edx",2) # hi>>2
+ &shr ("edx",2); # hi>>2
&mov ("ebx","ecx");
&shl ("esi",4); # lo<<4
&mov ("eax","edx");
&mov ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
&mov ("esi","ecx");
- &shr ("ecx",1) # lo>>1
+ &shr ("ecx",1); # lo>>1
&mov ("edi","edx");
- &shr ("edx",1) # hi>>1
+ &shr ("edx",1); # hi>>1
&mov ("eax","ecx");
&shl ("esi",24); # lo<<24
&mov ("ebx","edx");
&mov ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
&mov ("esi","ecx");
- &shr ("ecx",6) # lo>>6
+ &shr ("ecx",6); # lo>>6
&mov ("edi","edx");
- &shr ("edx",6) # hi>>6
+ &shr ("edx",6); # hi>>6
&mov ("eax","ecx");
&shl ("esi",3); # lo<<3
&mov ("ebx","edx");
#include <stdio.h>
#include <string.h>
-#include <openssl/sha.h>
#include <openssl/crypto.h>
+#include <openssl/sha.h>
#ifndef OPENSSL_NO_SHA1
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
* [including the GNU Public Licence.]
*/
-#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
#undef SHA_0
* [including the GNU Public Licence.]
*/
-#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
#undef SHA_1
}
for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i);
+ pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i);
if (pp[DB_srptype][0] == DB_SRP_INDEX)
{
/*we add this couple in the internal Stack */
if (*salt == NULL)
{
char *tmp_salt;
- if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+
+ if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
{
OPENSSL_free(vf);
goto err;
* sigaction and fileno included. -pedantic would be more appropriate for
* the intended purposes, but we can't prevent users from adding -ansi.
*/
+#if defined(OPENSSL_SYSNAME_VXWORKS)
+#include <sys/types.h>
+#endif
+
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 2
#endif
+#endif
#include <signal.h>
#include <stdio.h>
#include <string.h>
&mov ("eax",&DWP(0,"esp"));
&mov ("ebx",&DWP(4,"esp"));
for($i=0;$i<8;$i++) {
- my $func = ($i==0)? movq : pxor;
+ my $func = ($i==0)? \&movq : \&pxor;
&movb (&LB("ecx"),&LB("eax"));
&movb (&LB("edx"),&HB("eax"));
&scale ("esi","ecx");
EVP_MD_CTX_init(&ctx);
f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
- ret=strlen(f);
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
goto err;
- if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+ if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
goto err;
OPENSSL_free(f);
if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
i2d_X509_NAME(x,NULL);
EVP_MD_CTX_init(&md_ctx);
EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
- EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
- EVP_DigestFinal_ex(&md_ctx,md,NULL);
+ if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+ && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+ && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+ ret=(((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
+ ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+ )&0xffffffffL;
EVP_MD_CTX_cleanup(&md_ctx);
- ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
- ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
- )&0xffffffffL;
return(ret);
}
#endif
&jnz (&label("nohalt")); # not enough privileges
&pushf ();
- &pop ("eax")
+ &pop ("eax");
&bt ("eax",9);
&jnc (&label("nohalt")); # interrupts are disabled
# arguments is 1 or 2!
&function_begin_B("OPENSSL_indirect_call");
{
- my $i,$max=7; # $max has to be chosen as 4*n-1
+ my ($max,$i)=(7,); # $max has to be chosen as 4*n-1
# in order to preserve eventual
# stack alignment
&push ("ebp");
*
*/
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H
#include <openssl/buffer.h>
#include <openssl/pqueue.h>
#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
#include <sys/timeval.h>
#else
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else
#include <sys/time.h>
#endif
+#endif
#ifdef __cplusplus
extern "C" {
EVP_PKEY *pkey=NULL;
EVP_MD_CTX_init(&ctx);
- EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
- EVP_VerifyUpdate(&ctx,s->s2->key_material,
- s->s2->key_material_length);
- EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+ if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL)
+ || !EVP_VerifyUpdate(&ctx,s->s2->key_material,
+ s->s2->key_material_length)
+ || !EVP_VerifyUpdate(&ctx,ccd,
+ SSL2_MIN_CERT_CHALLENGE_LENGTH))
+ goto msg_end;
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
buf2=OPENSSL_malloc((unsigned int)i);
}
p2=buf2;
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
- EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
+ if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i))
+ {
+ OPENSSL_free(buf2);
+ goto msg_end;
+ }
OPENSSL_free(buf2);
pkey=X509_get_pubkey(x509);
#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
-static void ssl3_take_mac(SSL *s) {
+static void ssl3_take_mac(SSL *s)
+ {
const char *sender;
int slen;
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.peer_finish_md);
-}
+ }
#endif
int ssl3_get_finished(SSL *s, int a, int b)
unsigned char *p;
#ifdef OPENSSL_NO_NEXTPROTONEG
- /* the mac has already been generated when we received the change
- * cipher spec message and is in s->s3->tmp.peer_finish_md. */
+ /* the mac has already been generated when we received the
+ * change cipher spec message and is in s->s3->tmp.peer_finish_md.
+ */
#endif
n=s->method->ssl_get_message(s,
s->init_num += i;
n -= i;
}
+
#ifndef OPENSSL_NO_NEXTPROTONEG
/* If receiving Finished, record MAC of prior handshake messages for
* Finished verification. */
if (*s->init_buf->data == SSL3_MT_FINISHED)
ssl3_take_mac(s);
#endif
+
/* Feed this message into MAC computation. */
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
if (s->msg_callback)
SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
if (ret <= 0) goto end;
-
#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
s->state=SSL3_ST_CW_FINISHED_A;
#else
goto f_err;
}
#ifdef SSL_AD_MISSING_SRP_USERNAME
- if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+ else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
return(0);
#endif
}
{
if(s->srp_ctx.login == NULL)
{
- /* There isn't any srp login extension !!! */
+ /* RFC 5054 says SHOULD reject,
+ we do so if There is no srp login name */
ret = SSL3_AL_FATAL;
*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
}
}
}
#endif
+
s->renegotiate = 2;
s->state=SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0;
char *psk_identity_hint;
char *psk_identity;
#endif
+ /* Used to indicate that session resumption is not allowed.
+ * Applications can also set this bit for a new session via
+ * not_resumable_session_cb to disable session caching and tickets. */
int not_resumable;
/* The cert is the certificate used to establish this connection */
#endif /* OPENSSL_NO_EC */
/* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */
- size_t tlsext_ticklen; /* Session ticket length */
+ size_t tlsext_ticklen; /* Session ticket length */
long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
#endif
#ifndef OPENSSL_NO_SRP
/* Callback for status request */
int (*tlsext_status_cb)(SSL *ssl, void *arg);
void *tlsext_status_arg;
+
/* draft-rescorla-tls-opaque-prf-input-00.txt information */
int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
void *tlsext_opaque_prf_input_callback_arg;
#endif
#ifndef OPENSSL_NO_TLSEXT
+
# ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */
/* (for experimental NPN extension). */
#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
+#endif
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
+#endif
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
/* write to client */
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
#define SSL3_MT_FINISHED 20
#define SSL3_MT_CERTIFICATE_STATUS 22
+#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_MT_NEXT_PROTO 67
+#endif
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
return("TLSv1.2");
else if (s->version == TLS1_1_VERSION)
return("TLSv1.1");
- if (s->version == TLS1_VERSION)
+ else if (s->version == TLS1_VERSION)
return("TLSv1");
else if (s->version == SSL3_VERSION)
return("SSLv3");
ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
- in=BIO_new(BIO_s_file_internal());
+ in = BIO_new(BIO_s_file_internal());
if (in == NULL)
{
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
goto end;
}
- x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+ x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
if (x == NULL)
{
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
goto end;
}
- ret=SSL_CTX_use_certificate(ctx,x);
+ ret = SSL_CTX_use_certificate(ctx, x);
+
if (ERR_peek_error() != 0)
ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
if (ret)
int r;
unsigned long err;
- if (ctx->extra_certs != NULL)
+ if (ctx->extra_certs != NULL)
{
sk_X509_pop_free(ctx->extra_certs, X509_free);
ctx->extra_certs = NULL;
}
- while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+ while ((ca = PEM_read_bio_X509(in, NULL,
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata))
!= NULL)
{
r = SSL_CTX_add_extra_chain_cert(ctx, ca);
int comp = 0;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *cm = NULL;
-#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+#endif
int test_cipherlist = 0;
#ifdef OPENSSL_FIPS
int fips_mode=0;
(s->srp_ctx.v == NULL))
return SSL3_AL_FATAL;
- RAND_bytes(b, sizeof(b));
+ if (RAND_bytes(b, sizeof(b)) <= 0)
+ return SSL3_AL_FATAL;
s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL);
OPENSSL_cleanse(b,sizeof(b));
projects / openssl / commitdiff