mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-14 10:09:48 +00:00
Code Issues Releases Activity

This commit was generated by cvs2svn to compensate for changes in r72613,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Kris Kennaway 2001-02-18 03:17:36 +00:00
commit a991678294
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=72614
147 changed files with 5416 additions and 286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
crypto/openssl/CHANGES
View File

@ -2,6 +2,142 @@
OpenSSL CHANGES
_______________
Changes between 0.9.6 and 0.9.6a [xx XXX 2001]
*) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
Bleichenbacher's DSA attack.
[Ulf Moeller]
*) In the NCONF_...-based implementations for CONF_... queries
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
a temporary CONF structure with the data component set to NULL
(which gives segmentation faults in lh_retrieve).
Instead, use NULL for the CONF pointer in CONF_get_string and
CONF_get_number (which may use environment variables) and directly
return NULL from CONF_get_section.
[Bodo Moeller]
*) Fix potential buffer overrun for EBCDIC.
[Ulf Moeller]
*) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
keyUsage if basicConstraints absent for a CA.
[Steve Henson]
*) Make SMIME_write_PKCS7() write mail header values with a format that
is more generally accepted (no spaces before the semicolon), since
some programs can't parse those values properly otherwise. Also make
sure BIO's that break lines after each write do not create invalid
headers.
[Richard Levitte]
*) Make the CRL encoding routines work with empty SEQUENCE OF. The
macros previously used would not encode an empty SEQUENCE OF
and break the signature.
[Steve Henson]
*) Zero the premaster secret after deriving the master secret in
DH ciphersuites.
[Steve Henson]
*) Add some EVP_add_digest_alias registrations (as found in
OpenSSL_add_all_digests()) to SSL_library_init()
aka OpenSSL_add_ssl_algorithms(). This provides improved
compatibility with peers using X.509 certificates
with unconventional AlgorithmIdentifier OIDs.
[Bodo Moeller]
*) Fix for Irix with NO_ASM.
["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
*) ./config script fixes.
[Ulf Moeller, Richard Levitte]
*) Fix 'openssl passwd -1'.
[Bodo Moeller]
*) Change PKCS12_key_gen_asc() so it can cope with non null
terminated strings whose length is passed in the passlen
parameter, for example from PEM callbacks. This was done
by adding an extra length parameter to asc2uni().
[Steve Henson, reported by <oddissey@samsung.co.kr>]
*) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
call failed, free the DSA structure.
[Bodo Moeller]
*) Fix to uni2asc() to cope with zero length Unicode strings.
These are present in some PKCS#12 files.
[Steve Henson]
*) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
when writing a 32767 byte record.
[Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
*) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
(RSA objects have a reference count access to which is protected
by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
so they are meant to be shared between threads.)
[Bodo Moeller, Geoff Thorpe; original patch submitted by
"Reddie, Steven" <Steven.Reddie@ca.com>]
*) Fix a deadlock in CRYPTO_mem_leaks().
[Bodo Moeller]
*) rand_win.c fix for Borland C.
[Ulf Möller]
*) BN_rshift bugfix for n == 0.
[Bodo Moeller]
*) Store verify_result within SSL_SESSION also for client side to
avoid potential security hole. (Re-used sessions on the client side
always resulted in verify_result==X509_V_OK, not using the original
result of the server certificate verification.)
[Lutz Jaenicke]
*) Fix ssl3_pending: If the record in s->s3->rrec is not of type
SSL3_RT_APPLICATION_DATA, return 0.
Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
[Bodo Moeller]
*) Fix SSL_peek:
Both ssl2_peek and ssl3_peek, which were totally broken in earlier
releases, have been re-implemented by renaming the previous
implementations of ssl2_read and ssl3_read to ssl2_read_internal
and ssl3_read_internal, respectively, and adding 'peek' parameters
to them. The new ssl[23]_{read,peek} functions are calls to
ssl[23]_read_internal with the 'peek' flag set appropriately.
A 'peek' parameter has also been added to ssl3_read_bytes, which
does the actual work for ssl3_read_internal.
[Bodo Moeller]
*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
The previous value, 12, was not always sufficient for BN_mod_exp().
[Bodo Moeller]
*) Fix typo in get_cert_by_subject() in by_dir.c
[Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
*) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
and not in SSL_clear because the latter is also used by the
accept/connect functions; previously, the settings made by
SSL_set_read_ahead would be lost during the handshake.
[Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
*) Correct util/mkdef.pl to be selective about disabled algorithms.
Previously, it would create entries for disableed algorithms no
matter what.
[Richard Levitte]
*) Added several new manual pages for SSL_* function.
[Lutz Jaenicke]
Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
*) In ssl23_get_client_hello, generate an error message when faced

9
crypto/openssl/Configure
View File

@ -280,8 +280,8 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC",
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
@ -297,6 +297,7 @@ my %table=(
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
@ -719,6 +720,10 @@ if ($shared_cflag ne "")
$shared_mark2 = ".shlib.";
}
}
else
{
$no_shared = 1;
}
#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;

2
crypto/openssl/LICENSE
View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

3
crypto/openssl/Makefile.org
View File

@ -462,7 +462,8 @@ install: all install_docs
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
(echo $$i | grep '\\.a$$' > /dev/null 2>&1) \
&& $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi \
done

92
crypto/openssl/STATUS Normal file
View File

@ -0,0 +1,92 @@
OpenSSL STATUS Last modified at
______________ $Date: 2000/09/24 15:42:34 $
DEVELOPMENT STATE
o OpenSSL 0.9.6: Released on September 24th, 2000
o OpenSSL 0.9.5a: Released on April 1st, 2000
o OpenSSL 0.9.5: Released on February 28th, 2000
o OpenSSL 0.9.4: Released on August 09th, 1999
o OpenSSL 0.9.3a: Released on May 29th, 1999
o OpenSSL 0.9.3: Released on May 25th, 1999
o OpenSSL 0.9.2b: Released on March 22th, 1999
o OpenSSL 0.9.1c: Released on December 23th, 1998
RELEASE SHOWSTOPPERS
AVAILABLE PATCHES
o CA.pl patch (Damien Miller)
IN PROGRESS
o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
EVP cipher enhancement.
Proper (or at least usable) certificate chain verification.
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
UTIL (a new set of library functions to support some higher level
functionality that is currently missing).
Dynamic thread-lock support.
Shared library support for VMS.
NEEDS PATCH
o non-blocking socket on AIX
o $(PERL) in */Makefile.ssl
o "Sign the certificate?" - "n" creates empty certificate file
OPEN ISSUES
o internal_verify doesn't know about X509.v3 (basicConstraints
CA flag ...)
o The Makefile hierarchy and build mechanism is still not a round thing:
1. The config vs. Configure scripts
It's the same nasty situation as for Apache with APACI vs.
src/Configure. It confuses.
Suggestion: Merge Configure and config into a single configure
script with a Autoconf style interface ;-) and remove
Configure and config. Or even let us use GNU Autoconf
itself. Then we can avoid a lot of those platform checks
which are currently in Configure.
o Support for Shared Libraries has to be added at least
for the major Unix platforms. The details we can rip from the stuff
Ralf has done for the Apache src/Configure script. Ben wants the
solution to be really simple.
Status: Ralf will look how we can easily incorporate the
compiler PIC and linker DSO flags from Apache
into the OpenSSL Configure script.
Ulf: +1 for using GNU autoconf and libtool (but not automake,
which apparently is not flexible enough to generate
libcrypto)
o The perl/ stuff needs a major overhaul. Currently it's
totally obsolete. Either we clean it up and enhance it to be up-to-date
with the C code or we also could replace it with the really nice
Net::SSLeay package we can find under
http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
longer time and it works fine and is a nice Perl module. Best would be
to convince the author to work for the OpenSSL project and create a
Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
us.
Status: Ralf thinks we should both contact the author of Net::SSLeay
and look how much effort it is to bring Eric's perl/ stuff up
to date.
Paul +1
WISHES
o

2301
crypto/openssl/TABLE Normal file
View File

File diff suppressed because it is too large Load Diff

6
crypto/openssl/apps/app_rand.c
View File

@ -177,8 +177,10 @@ long app_RAND_load_files(char *name)
if (*n == '\0') break;
egd=RAND_egd(n);
if (egd > 0) tot+=egd;
tot+=RAND_load_file(n,-1);
if (egd > 0)
tot+=egd;
else
tot+=RAND_load_file(n,-1);
if (last) break;
}
if (tot > 512)

2
crypto/openssl/apps/ca-cert.srl
View File

@ -1 +1 @@
05
07

2
crypto/openssl/apps/dsaparam.c
View File

@ -311,7 +311,7 @@ int MAIN(int argc, char **argv)
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
bits_p,bits_p);
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
printf("\t\treturn(NULL);\n");
printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\treturn(dsa);\n\t}\n");
}

2
crypto/openssl/apps/passwd.c
View File

@ -315,7 +315,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8);
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 6;
salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
assert(salt_len <= 8);

2
crypto/openssl/apps/pca-cert.srl
View File

@ -1 +1 @@
01
07

9
crypto/openssl/apps/req.c
View File

@ -685,16 +685,15 @@ int MAIN(int argc, char **argv)
if (newreq || x509)
{
#ifndef NO_DSA
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
if (pkey == NULL)
{
BIO_printf(bio_err,"you need to specify a private key\n");
goto end;
}
#ifndef NO_DSA
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
if (req == NULL)
{
req=X509_REQ_new();

4
crypto/openssl/apps/rsautl.c
View File

@ -55,6 +55,9 @@
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef NO_RSA
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
@ -288,3 +291,4 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
}
#endif

16
crypto/openssl/apps/server.pem
View File

@ -1,17 +1,17 @@
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
-----BEGIN CERTIFICATE-----
MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
FUGcPZf9ND22Etc+AQ==
Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
itAE+OjGF+PFKbwX8Q==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

19
crypto/openssl/certs/expired/rsa-ssca.pem Normal file
View File

@ -0,0 +1,19 @@
subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
notBefore=941109235417Z
notAfter =991231235417Z
-----BEGIN X509 CERTIFICATE-----
MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
-----END X509 CERTIFICATE-----

13
crypto/openssl/config
View File

@ -168,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
;;
NetBSD:*:*:*386*)
echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
;;
NetBSD:*)
@ -394,7 +394,7 @@ case "$GUESSOS" in
mips4-sgi-irix64)
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configre irix64-mips4-$CC' *manually*."
echo " Type Ctrl-C if you don't want to continue."
echo " Type return if you want to continue, Ctrl-C to abort."
read waste < /dev/tty
options="$options -mips4"
OUT="irix-mips3-$CC"
@ -423,11 +423,11 @@ case "$GUESSOS" in
#till 64-bit glibc for SPARC is operational:-(
#echo "WARNING! If you wish to build 64-bit library, then you have to"
#echo " invoke './Configure linux64-sparcv9' *manually*."
#echo " Type Ctrl-C if you don't want to continue."
#echo " Type return if you want to continue, Ctrl-C to abort."
#read waste < /dev/tty
OUT="linux-sparcv9" ;;
sparc-*-linux2)
KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
case ${KARCH:-sun4} in
sun4u*) OUT="linux-sparcv9" ;;
sun4m) OUT="linux-sparcv8" ;;
@ -435,6 +435,7 @@ case "$GUESSOS" in
*) OUT="linux-sparcv7" ;;
esac ;;
arm*-*-linux2) OUT="linux-elf-arm" ;;
s390-*-linux2) OUT="linux-s390" ;;
*-*-linux2) OUT="linux-elf" ;;
*-*-linux1) OUT="linux-aout" ;;
sun4u*-*-solaris2)
@ -442,7 +443,7 @@ case "$GUESSOS" in
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
echo " Type Ctrl-C if you don't want to continue."
echo " Type return if you want to continue, Ctrl-C to abort."
read waste < /dev/tty
fi
OUT="solaris-sparcv9-$CC" ;;
@ -557,7 +558,7 @@ OUT="$PREFIX$OUT"
$PERL ./Configure LIST | grep "$OUT" > /dev/null
if [ $? = "0" ]; then
#echo Configuring for $OUT
echo Configuring for $OUT
if [ "$TEST" = "true" ]; then
echo $PERL ./Configure $OUT $options

3
crypto/openssl/crypto/Makefile.ssl
View File

@ -90,7 +90,8 @@ links:
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
libs:

3
crypto/openssl/crypto/asn1/Makefile.ssl
View File

@ -75,7 +75,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

2
crypto/openssl/crypto/asn1/a_strnid.c
View File

@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
if(tbl) {
mask = tbl->mask;
if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
tbl->minsize, tbl->maxsize);
} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
if(ret <= 0) return NULL;

23
crypto/openssl/crypto/asn1/asn1_mac.h
View File

@ -196,6 +196,9 @@ err:\
if ((a != NULL) && (sk_##type##_num(a) != 0)) \
M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
if ((c.slen != 0) && \
(M_ASN1_next == \
@ -389,6 +392,9 @@ err:\
if ((a != NULL) && (sk_##type##_num(a) != 0)) \
M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
@ -452,6 +458,15 @@ err:\
ret+=ASN1_object_size(1,v,mtag); \
}
#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
if (a)\
{ \
v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
V_ASN1_UNIVERSAL, \
IS_SEQUENCE); \
ret+=ASN1_object_size(1,v,mtag); \
}
/* Put Macros */
#define M_ASN1_I2D_put(a,f) f(a,&p)
@ -536,6 +551,14 @@ err:\
IS_SEQUENCE); \
}
#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
if (a) \
{ \
ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
IS_SEQUENCE); \
}
#define M_ASN1_I2D_seq_total() \
r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
if (pp == NULL) return(r); \

10
crypto/openssl/crypto/asn1/x_crl.c
View File

@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION);
M_ASN1_I2D_finish();
@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
i2d_X509_REVOKED);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION,0,
V_ASN1_SEQUENCE,v1);
@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
i2d_X509_REVOKED);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION,0,
V_ASN1_SEQUENCE,v1);
@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
ret->nextUpdate=NULL;
M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
ret->extensions = NULL;
sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
return(ret);
M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);

3
crypto/openssl/crypto/bf/Makefile.ssl
View File

@ -44,7 +44,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

3
crypto/openssl/crypto/bio/Makefile.ssl
View File

@ -49,7 +49,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

14
crypto/openssl/crypto/bio/b_sock.c
View File

@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
/* At this point, we have something that is most probably correct
in some way, so let's init the socket. */
if (!BIO_sock_init())
return(0); /* don't generate another error code here */
if (BIO_sock_init() != 1)
return 0; /* don't generate another error code here */
/* If the string actually contained an IP address, we need not do
anything more */
@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode)
{
int ret=0;
struct sockaddr_in server,client;
int s= -1,cs;
int s=INVALID_SOCKET,cs;
unsigned char ip[4];
unsigned short port;
char *str,*e;
char *str=NULL,*e;
const char *h,*p;
unsigned long l;
int err_num;
if (!BIO_sock_init()) return(INVALID_SOCKET);
if (BIO_sock_init() != 1) return(INVALID_SOCKET);
if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
h="*";
}
if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
if (!BIO_get_port(p,&port)) goto err;
memset((char *)&server,0,sizeof(server));
server.sin_family=AF_INET;
@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
server.sin_addr.s_addr=INADDR_ANY;
else
{
if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
l=(unsigned long)
((unsigned long)ip[0]<<24L)|
((unsigned long)ip[1]<<16L)|

3
crypto/openssl/crypto/bn/Makefile.ssl
View File

@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

2
crypto/openssl/crypto/bn/asm/pa-risc2.s
View File

@ -1611,7 +1611,7 @@ bn_mul_comba4
.IMPORT $global$,DATA
.SPACE $TEXT$
.SUBSPA $CODE$
.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
.SUBSPA $LIT$,ACCESS=0x2c
C$7
.ALIGN 8
.STRINGZ "Division would overflow (%d)\n"

2
crypto/openssl/crypto/bn/asm/pa-risc2W.s
View File

@ -1598,7 +1598,7 @@ bn_mul_comba4
.IMPORT $global$,DATA
.SPACE $TEXT$
.SUBSPA $CODE$
.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
.SUBSPA $LIT$,ACCESS=0x2c
C$4
.ALIGN 8
.STRINGZ "Division would overflow (%d)\n"

6
crypto/openssl/crypto/bn/bn.h
View File

@ -239,7 +239,7 @@ typedef struct bignum_st
} BIGNUM;
/* Used for temp variables */
#define BN_CTX_NUM 12
#define BN_CTX_NUM 16
#define BN_CTX_NUM_POS 12
typedef struct bignum_ctx
{
@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
@ -493,16 +494,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
#define BN_F_BN_MPI2BN 112
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
#define BN_F_BN_RAND_RANGE 122
#define BN_F_BN_USUB 115
/* Reason codes. */
#define BN_R_ARG2_LT_ARG3 100
#define BN_R_BAD_RECIPROCAL 101
#define BN_R_BIGNUM_TOO_LONG 114
#define BN_R_CALLED_WITH_EVEN_MODULUS 102
#define BN_R_DIV_BY_ZERO 103
#define BN_R_ENCODING_ERROR 104
#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
#define BN_R_INVALID_LENGTH 106
#define BN_R_INVALID_RANGE 115
#define BN_R_NOT_INITIALIZED 107
#define BN_R_NO_INVERSE 108
#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109

6
crypto/openssl/crypto/bn/bn_div.c
View File

@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
BN_CTX_start(ctx);
tmp=BN_CTX_get(ctx);
tmp->neg=0;
snum=BN_CTX_get(ctx);
sdiv=BN_CTX_get(ctx);
if (dv == NULL)
res=BN_CTX_get(ctx);
else res=dv;
if (res == NULL) goto err;
if (sdiv==NULL || res == NULL) goto err;
tmp->neg=0;
/* First we normalise the numbers */
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@ -237,7 +237,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
for (i=0; i<loop-1; i++)
{
BN_ULONG q,l0;
#ifdef BN_DIV3W
#if defined(BN_DIV3W) && !defined(NO_ASM)
q=bn_div_3_words(wnump,d1,d0);
#else
BN_ULONG n0,n1,rem=0;

3
crypto/openssl/crypto/bn/bn_err.c
View File

@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]=
{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"},
{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"},
{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"},
{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"},
{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"},
{0,NULL}
};
@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]=
{
{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"},
{BN_R_BAD_RECIPROCAL ,"bad reciprocal"},
{BN_R_BIGNUM_TOO_LONG ,"bignum too long"},
{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"},
{BN_R_DIV_BY_ZERO ,"div by zero"},
{BN_R_ENCODING_ERROR ,"encoding error"},
{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"},
{BN_R_INVALID_LENGTH ,"invalid length"},
{BN_R_INVALID_RANGE ,"invalid range"},
{BN_R_NOT_INITIALIZED ,"not initialized"},
{BN_R_NO_INVERSE ,"no inverse"},
{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},

7
crypto/openssl/crypto/bn/bn_lib.c
View File

@ -62,6 +62,7 @@
#endif
#include <assert.h>
#include <limits.h>
#include <stdio.h>
#include "cryptlib.h"
#include "bn_lcl.h"
@ -319,6 +320,12 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
if (words > b->dmax)
{
if (words > (INT_MAX/(4*BN_BITS2)))
{
BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
return NULL;
}
bn_check_top(b);
if (BN_get_flags(b,BN_FLG_STATIC_DATA))
{

52
crypto/openssl/crypto/bn/bn_rand.c
View File

@ -140,3 +140,55 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(1, rnd, bits, top, bottom);
}
/* random number r: 0 <= r < range */
int BN_rand_range(BIGNUM *r, BIGNUM *range)
{
int n;
if (range->neg || BN_is_zero(range))
{
BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
return 0;
}
n = BN_num_bits(range); /* n > 0 */
if (n == 1)
{
if (!BN_zero(r)) return 0;
}
else if (BN_is_bit_set(range, n - 2))
{
do
{
/* range = 11..._2, so each iteration succeeds with probability >= .75 */
if (!BN_rand(r, n, 0, 0)) return 0;
}
while (BN_cmp(r, range) >= 0);
}
else
{
/* range = 10..._2,
* so 3*range (= 11..._2) is exactly one bit longer than range */
do
{
if (!BN_rand(r, n + 1, 0, 0)) return 0;
/* If r < 3*range, use r := r MOD range
* (which is either r, r - range, or r - 2*range).
* Otherwise, iterate once more.
* Since 3*range = 11..._2, each iteration succeeds with
* probability >= .75. */
if (BN_cmp(r ,range) >= 0)
{
if (!BN_sub(r, r, range)) return 0;
if (BN_cmp(r, range) >= 0)
if (!BN_sub(r, r, range)) return 0;
}
}
while (BN_cmp(r, range) >= 0);
}
return 1;
}

5
crypto/openssl/crypto/bn/bn_shift.c
View File

@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
r->neg=a->neg;
if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
}
else
{
if (n == 0)
return 1; /* or the copying loop will go berserk */
}
f= &(a->d[nw]);
t=r->d;

2
crypto/openssl/crypto/bn/bntest.c
View File

@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think
static void message(BIO *out, char *m)
{
fprintf(stderr, "test %s\n", m);
#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
BIO_puts(out, "print \"test ");
BIO_puts(out, m);
BIO_puts(out, "\\n\"\n");
#endif
}
int main(int argc, char *argv[])

3
crypto/openssl/crypto/buffer/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/cast/Makefile.ssl
View File

@ -47,7 +47,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

3
crypto/openssl/crypto/comp/Makefile.ssl
View File

@ -42,7 +42,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/conf/Makefile.ssl
View File

@ -40,7 +40,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

2
crypto/openssl/crypto/conf/conf.h
View File

@ -167,6 +167,8 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
#define CONF_R_MISSING_EQUAL_SIGN 101
#define CONF_R_NO_CLOSE_BRACE 102
#define CONF_R_NO_CONF 105
#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106
#define CONF_R_NO_SECTION 107
#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103
#define CONF_R_VARIABLE_HAS_NO_VALUE 104

2
crypto/openssl/crypto/conf/conf_err.c
View File

@ -87,6 +87,8 @@ static ERR_STRING_DATA CONF_str_reasons[]=
{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"},
{CONF_R_NO_CLOSE_BRACE ,"no close brace"},
{CONF_R_NO_CONF ,"no conf"},
{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"},
{CONF_R_NO_SECTION ,"no section"},
{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"},
{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"},
{0,NULL}

84
crypto/openssl/crypto/conf/conf_lib.c
View File

@ -131,38 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
{
CONF ctmp;
if (conf == NULL)
{
return NULL;
}
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
return NCONF_get_section(&ctmp, section);
default_CONF_method->init(&ctmp);
ctmp.data = conf;
return NCONF_get_section(&ctmp, section);
}
}
char *CONF_get_string(LHASH *conf,char *group,char *name)
{
CONF ctmp;
if (conf == NULL)
{
return NCONF_get_string(NULL, group, name);
}
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
return NCONF_get_string(&ctmp, group, name);
default_CONF_method->init(&ctmp);
ctmp.data = conf;
return NCONF_get_string(&ctmp, group, name);
}
}
long CONF_get_number(LHASH *conf,char *group,char *name)
{
CONF ctmp;
if (conf == NULL)
{
return NCONF_get_number(NULL, group, name);
}
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
return NCONF_get_number(&ctmp, group, name);
default_CONF_method->init(&ctmp);
ctmp.data = conf;
return NCONF_get_number(&ctmp, group, name);
}
}
void CONF_free(LHASH *conf)
@ -299,27 +320,46 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
return NULL;
}
if (section == NULL)
{
CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
return NULL;
}
return _CONF_get_section_values(conf, section);
}
char *NCONF_get_string(CONF *conf,char *group,char *name)
{
char *s = _CONF_get_string(conf, group, name);
/* Since we may get a value from an environment variable even
if conf is NULL, let's check the value first */
if (s) return s;
if (conf == NULL)
{
CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF);
CONFerr(CONF_F_NCONF_GET_STRING,
CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
return NULL;
}
return _CONF_get_string(conf, group, name);
return NULL;
}
long NCONF_get_number(CONF *conf,char *group,char *name)
{
#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
an environment variable with a suitable name. Unfortunately, there's
no way with the current API to see if we found one or not...
The meaning of this is that if a number is not found anywhere, it
will always default to 0. */
if (conf == NULL)
{
CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF);
CONFerr(CONF_F_NCONF_GET_NUMBER,
CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
return 0;
}
#endif
return _CONF_get_number(conf, group, name);
}

3
crypto/openssl/crypto/des/Makefile.ssl
View File

@ -57,7 +57,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
des: des.o cbc3_enc.o lib

3
crypto/openssl/crypto/dh/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/dsa/Makefile.ssl
View File

@ -41,7 +41,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

10
crypto/openssl/crypto/dsa/dsa_ossl.c
View File

@ -179,13 +179,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
kinv=NULL;
/* Get random k */
for (;;)
{
if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
if (BN_cmp(&k,dsa->q) >= 0)
BN_sub(&k,&k,dsa->q);
if (!BN_is_zero(&k)) break;
}
do
if (!BN_rand_range(&k, dsa->q)) goto err;
while (BN_is_zero(&k));
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{

3
crypto/openssl/crypto/dso/Makefile.ssl
View File

@ -41,7 +41,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

4
crypto/openssl/crypto/dso/dso_dl.c
View File

@ -187,7 +187,7 @@ static void *dl_bind_var(DSO *dso, const char *symname)
DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
return(NULL);
}
if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
{
DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
return(NULL);
@ -216,7 +216,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
return(NULL);
}
if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
{
DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
return(NULL);

3
crypto/openssl/crypto/err/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/evp/Makefile.ssl
View File

@ -58,7 +58,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

2
crypto/openssl/crypto/ex_data.c
View File

@ -101,7 +101,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long
ret=idx;
err:
MemCheck_on();
return(idx);
return(ret);
}
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)

3
crypto/openssl/crypto/hmac/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/lhash/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/md2/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/md4/Makefile.ssl
View File

@ -40,7 +40,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/md5/Makefile.ssl
View File

@ -50,7 +50,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

3
crypto/openssl/crypto/mdc2/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

10
crypto/openssl/crypto/mem_dbg.c
View File

@ -671,7 +671,15 @@ void CRYPTO_mem_leaks(BIO *b)
* void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
* Otherwise the code police will come and get us.)
*/
int old_mh_mode;
CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
/* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
* which uses CRYPTO_is_mem_check_on */
old_mh_mode = mh_mode;
mh_mode = CRYPTO_MEM_CHECK_OFF;
if (mh != NULL)
{
lh_free(mh);
@ -685,6 +693,8 @@ void CRYPTO_mem_leaks(BIO *b)
amih = NULL;
}
}
mh_mode = old_mh_mode;
CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
}
MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */

3
crypto/openssl/crypto/objects/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: obj_dat.h lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

4
crypto/openssl/crypto/opensslv.h
View File

@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x0090600fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 24 Sep 2000"
#define OPENSSL_VERSION_NUMBER 0x00906010L
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a-dev XX xxx XXXX"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

3
crypto/openssl/crypto/pem/Makefile.ssl
View File

@ -40,7 +40,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

2
crypto/openssl/crypto/pem/pem_info.c
View File

@ -305,7 +305,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
{
if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
{
/* copy from wierdo names into more normal things */
/* copy from weirdo names into more normal things */
iv=xi->enc_cipher.iv;
data=(unsigned char *)xi->enc_data;
i=xi->enc_len;

3
crypto/openssl/crypto/pkcs12/Makefile.ssl
View File

@ -45,7 +45,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

2
crypto/openssl/crypto/pkcs12/p12_attr.c
View File

@ -151,7 +151,7 @@ int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name,
{
unsigned char *uniname;
int ret, unilen;
if (!asc2uni(name, &uniname, &unilen)) {
if (!asc2uni(name, namelen, &uniname, &unilen)) {
PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,
ERR_R_MALLOC_FAILURE);
return 0;

2
crypto/openssl/crypto/pkcs12/p12_key.c
View File

@ -84,7 +84,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
if(!pass) {
unipass = NULL;
uniplen = 0;
} else if (!asc2uni(pass, &unipass, &uniplen)) {
} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
return 0;
}

18
crypto/openssl/crypto/pkcs12/p12_utl.c
View File

@ -62,30 +62,34 @@
/* Cheap and nasty Unicode stuff */
unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen)
unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
{
int ulen, i;
unsigned char *unitmp;
ulen = strlen(asc)*2 + 2;
if (!(unitmp = OPENSSL_malloc (ulen))) return NULL;
for (i = 0; i < ulen; i+=2) {
if (asclen == -1) asclen = strlen(asc);
ulen = asclen*2 + 2;
if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
for (i = 0; i < ulen - 2; i+=2) {
unitmp[i] = 0;
unitmp[i + 1] = asc[i>>1];
}
/* Make result double null terminated */
unitmp[ulen - 2] = 0;
unitmp[ulen - 1] = 0;
if (unilen) *unilen = ulen;
if (uni) *uni = unitmp;
return unitmp;
}
char *uni2asc (unsigned char *uni, int unilen)
char *uni2asc(unsigned char *uni, int unilen)
{
int asclen, i;
char *asctmp;
asclen = unilen / 2;
/* If no terminating zero allow for one */
if (uni[unilen - 1]) asclen++;
if (!unilen || uni[unilen - 1]) asclen++;
uni++;
if (!(asctmp = OPENSSL_malloc (asclen))) return NULL;
if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
asctmp[asclen - 1] = 0;
return asctmp;

2
crypto/openssl/crypto/pkcs12/pkcs12.h
View File

@ -247,7 +247,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
EVP_MD *md_type);
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
int saltlen, EVP_MD *md_type);
unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen);
unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
char *uni2asc(unsigned char *uni, int unilen);
int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp);
PKCS12_BAGS *PKCS12_BAGS_new(void);

3
crypto/openssl/crypto/pkcs7/Makefile.ssl
View File

@ -58,7 +58,8 @@ verify: verify.o example.o lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

6
crypto/openssl/crypto/pkcs7/pk7_mime.c
View File

@ -165,9 +165,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
}
bound[32] = 0;
BIO_printf(bio, "MIME-Version: 1.0\n");
BIO_printf(bio, "Content-Type: multipart/signed ; ");
BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
BIO_printf(bio, "Content-Type: multipart/signed;");
BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
BIO_printf(bio, "This is an S/MIME signed message\n\n");
/* Now write out the first part */
BIO_printf(bio, "------%s\n", bound);

3
crypto/openssl/crypto/rand/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

2
crypto/openssl/crypto/rand/rand_win.c
View File

@ -570,7 +570,7 @@ static void readtimer(void)
DWORD w;
LARGE_INTEGER l;
static int have_perfc = 1;
#ifndef __GNUC__
#ifdef _MSC_VER
static int have_tsc = 1;
DWORD cyclecount;

5
crypto/openssl/crypto/rand/randfile.c
View File

@ -83,6 +83,9 @@
/* #define RFILE ".rnd" - defined in ../../e_os.h */
/* Note that these functions are intended for seed files only.
* Entropy devices and EGD sockets are handled in rand_unix.c */
int RAND_load_file(const char *file, long bytes)
{
/* If bytes >= 0, read up to 'bytes' bytes.
@ -117,7 +120,7 @@ int RAND_load_file(const char *file, long bytes)
if (bytes > 0)
{
bytes-=n;
if (bytes == 0) break;
if (bytes <= 0) break;
}
}
fclose(in);

3
crypto/openssl/crypto/rc2/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/rc4/Makefile.ssl
View File

@ -47,7 +47,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

3
crypto/openssl/crypto/rc5/Makefile.ssl
View File

@ -44,7 +44,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

3
crypto/openssl/crypto/ripemd/Makefile.ssl
View File

@ -42,7 +42,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

3
crypto/openssl/crypto/rsa/Makefile.ssl
View File

@ -41,7 +41,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/sha/Makefile.ssl
View File

@ -42,7 +42,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
# elf

12
crypto/openssl/crypto/sha/asm/sha1-586.pl
View File

@ -317,7 +317,7 @@ sub BODY_60_79
sub sha1_block_host
{
local($name)=@_;
local($name, $sclabel)=@_;
&function_begin_B($name,"");
@ -352,7 +352,7 @@ sub sha1_block_host
&mov(&swtmp($i+0),$A);
&mov(&swtmp($i+1),$B);
}
&jmp(&label("shortcut"));
&jmp($sclabel);
&function_end_B($name);
}
@ -529,10 +529,12 @@ sub sha1_block_data
&pop("esi");
&ret();
# it has to reside within sha1_block_asm_host_order body
# because it calls &jmp(&label("shortcut"));
&sha1_block_host("sha1_block_asm_host_order");
# keep a note of shortcut label so it can be used outside
# block.
my $sclabel = &label("shortcut");
&function_end_B($name);
# Putting this here avoids problems with MASM in debugging mode
&sha1_block_host("sha1_block_asm_host_order", $sclabel);
}

3
crypto/openssl/crypto/stack/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/txt_db/Makefile.ssl
View File

@ -39,7 +39,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

3
crypto/openssl/crypto/x509/Makefile.ssl
View File

@ -49,7 +49,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

2
crypto/openssl/crypto/x509/by_dir.c
View File

@ -327,7 +327,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
* it out again */
CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i);
if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
else tmp = NULL;
CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);

3
crypto/openssl/crypto/x509v3/Makefile.ssl
View File

@ -43,7 +43,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

26
crypto/openssl/crypto/x509v3/v3_prn.c
View File

@ -85,9 +85,16 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
else BIO_printf(out, "%s:%s", nval->name, nval->value);
#else
else {
char tmp[10240]; /* 10k is BIO_printf's limit anyway */
ascii2ebcdic(tmp, nval->value, strlen(nval->value)+1);
BIO_printf(out, "%s:%s", nval->name, tmp);
int len;
char *tmp;
len = strlen(nval->value)+1;
tmp = OPENSSL_malloc(len);
if (tmp)
{
ascii2ebcdic(tmp, nval->value, len);
BIO_printf(out, "%s:%s", nval->name, tmp);
OPENSSL_free(tmp);
}
}
#endif
if(ml) BIO_puts(out, "\n");
@ -115,9 +122,16 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
BIO_printf(out, "%*s%s", indent, "", value);
#else
{
char tmp[10240]; /* 10k is BIO_printf's limit anyway */
ascii2ebcdic(tmp, value, strlen(value)+1);
BIO_printf(out, "%*s%s", indent, "", tmp);
int len;
char *tmp;
len = strlen(value)+1;
tmp = OPENSSL_malloc(len);
if (tmp)
{
ascii2ebcdic(tmp, value, len);
BIO_printf(out, "%*s%s", indent, "", tmp);
OPENSSL_free(tmp);
}
}
#endif
} else if(method->i2v) {

6
crypto/openssl/crypto/x509v3/v3_purp.c
View File

@ -362,6 +362,8 @@ static int ca_check(const X509 *x)
else return 0;
} else {
if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
/* If key usage present it must have certSign so tolerate it */
else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
else return 2;
}
}
@ -380,7 +382,7 @@ static int check_ssl_ca(const X509 *x)
if(ca_ret != 2) return ca_ret;
else return 0;
}
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
{
@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c
int ret;
ret = purpose_smime(x, ca);
if(!ret || ca) return ret;
if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0;
if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
return ret;
}

12
crypto/openssl/doc/crypto/BN_rand.pod
View File

@ -12,6 +12,8 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
=head1 DESCRIPTION
BN_rand() generates a cryptographically strong pseudo-random number of
@ -25,11 +27,14 @@ this function are not necessarily unpredictable. They can be used for
non-cryptographic purposes and for certain purposes in cryptographic
protocols, but usually not for key generation etc.
The PRNG must be seeded prior to calling BN_rand().
BN_rand_range() generates a cryptographically strong pseudo-random
number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
=head1 RETURN VALUES
BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error.
The functions return 1 on success, 0 on error.
The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
@ -40,6 +45,7 @@ L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
=head1 HISTORY
BN_rand() is available in all versions of SSLeay and OpenSSL.
BN_pseudo_rand() was added in OpenSSL 0.9.5.
BN_pseudo_rand() was added in OpenSSL 0.9.5, and BN_rand_range()
in OpenSSL 0.9.6a.
=cut

35
crypto/openssl/doc/crypto/RAND_egd.pod
View File

@ -9,10 +9,30 @@ RAND_egd - query entropy gathering daemon
#include <openssl/rand.h>
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path, int bytes);
=head1 DESCRIPTION
RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
RAND_egd_bytes(path, 255);
RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
OpenSSL built-in PRNG.
This function is more flexible than RAND_egd().
When only one secret key must
be generated, it is not necessary to request the full amount 255 bytes from
the EGD socket. This can be advantageous, since the amount of entropy
that can be retrieved from EGD over time is limited.
=head1 NOTES
On systems without /dev/*random devices providing entropy from the kernel,
the EGD entropy gathering daemon can be used to collect entropy. It provides
a socket interface through which entropy can be gathered in chunks up to
255 bytes. Several chunks can be queried during one connection.
EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
Makefile.PL; make; make install> to install). It is run as B<egd>
@ -21,22 +41,27 @@ RAND_egd() is called with that path as an argument, it tries to read
random bytes that EGD has collected. The read is performed in
non-blocking mode.
Alternatively, the EGD-compatible daemon PRNGD can be used. It is
Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
available from
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
PRNGD does employ an internal PRNG itself and can therefore never run
out of entropy.
=head1 RETURN VALUE
RAND_egd() returns the number of bytes read from the daemon on
success, and -1 if the connection failed or the daemon did not return
enough data to fully seed the PRNG.
RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
daemon on success, and -1 if the connection failed or the daemon did not
return enough data to fully seed the PRNG.
=head1 SEE ALSO
L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
L<RAND_cleanup(3)|RAND_cleanup(3)>
=head1 HISTORY
RAND_egd() is available since OpenSSL 0.9.5.
RAND_egd_bytes() is available since OpenSSL 0.9.6.
=cut

1
crypto/openssl/doc/crypto/bn.pod
View File

@ -60,6 +60,7 @@ bn - multiprecision integer arithmetics
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);

2
crypto/openssl/doc/crypto/des.pod
View File

@ -345,7 +345,7 @@ the MIT Kerberos library.
=head1 SEE ALSO
crypt(3), L<des_modes(3)|des_modes(3)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
=head1 HISTORY

2
crypto/openssl/doc/crypto/evp.pod
View File

@ -10,7 +10,7 @@ evp - high-level cryptographic functions
=head1 DESCRIPTION
The EVP library provided a high-level interface to cryptographic
The EVP library provides a high-level interface to cryptographic
functions.
B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption

67
crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
View File

@ -2,8 +2,7 @@
=head1 NAME
SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version,
SSL_CIPHER_description - get SSL_CIPHER properties
SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties
=head1 SYNOPSIS
@ -29,9 +28,10 @@ SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
SSL_CIPHER_description() returns a textual description of the cipher used
into the buffer B<buf> of length B<len> provided. B<len> must be at least
128 bytes, otherwise the string "Buffer too small" is returned. If B<buf>
is NULL, a buffer of 128 bytes is allocated using OPENSSL_malloc(). If the
allocation fails, the string "OPENSSL_malloc Error" is returned.
128 bytes, otherwise a pointer to the the string "Buffer too small" is
returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using
OPENSSL_malloc(). If the allocation fails, a pointer to the string
"OPENSSL_malloc Error" is returned.
=head1 NOTES
@ -40,11 +40,66 @@ export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm
does use the full 128 bits (which would be returned for B<alg_bits>), of
which however 88bits are fixed. The search space is hence only 40 bits.
The string returned by SSL_CIPHER_description() in case of success consists
of cleartext information seperated by one or more blanks in the following
sequence:
=over 4
=item <ciphername>
Textual representation of the cipher name.
=item <protocol version>
Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
=item Kx=<key exchange>
Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or
B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>),
B<DH/RSA>, B<DH/DSS>, B<Fortezza>.
=item Au=<authentication>
Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the
representation of anonymous ciphers.
=item Enc=<symmectric encryption method>
Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>,
B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>,
B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>.
=item Mac=<message authentication code>
Message digest: B<MD5>, B<SHA1>.
=item <export flag>
If the cipher is flagged exportable with respect to old US crypto
regulations, the word "B<export>" is printed.
=back
=head1 EXAMPLES
Some examples for the output of SSL_CIPHER_description():
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
=head1 BUGS
If SSL_CIPHER_description() is called with B<cipher> being NULL, the
library crashes.
If SSL_CIPHER_description() cannot handle a built-in cipher, the according
description of the cipher property is B<unknown>. This case should not
occur.
=head1 RETURN VALUES
See DESCRIPTION
@ -52,6 +107,6 @@ See DESCRIPTION
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>,
L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>
L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)>
=cut

38
crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod Normal file
View File

@ -0,0 +1,38 @@
=pod
=head1 NAME
SSL_CTX_add_extra_chain_cert - add certificate to chain
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
=head1 DESCRIPTION
SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
chain presented together with the certificate. Several certificates
can be added one after the other.
=head1 NOTES
When constructing the certificate chain, the chain will be formed from
these certificates explicitly specified. If no chain is specified,
the library will try to complete the chain from the available CA
certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
=head1 RETURN VALUES
SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
error stack to find out the reason for failure otherwise.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
=cut

65
crypto/openssl/doc/ssl/SSL_CTX_add_session.pod Normal file
View File

@ -0,0 +1,65 @@
=pod
=head1 NAME
SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session - manipulate session cache
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c);
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
=head1 DESCRIPTION
SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The
reference count for session B<c> is incremented by 1. If a session with
the same session id already exists, the old session is removed by calling
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>.
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> is called once for B<c>.
SSL_add_session() and SSL_remove_session() are synonyms for their
SSL_CTX_*() counterparts.
=head1 NOTES
When adding a new session to the internal session cache, it is examined
whether a session with the same session id already exists. In this case
it is assumed that both sessions are identical. If the same session is
stored in a different SSL_SESSION object, The old session is
removed and replaced by the new session. If the session is actually
identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
is a no-op, and the return value is 0.
=head1 RETURN VALUES
The following values are returned by all functions:
=over 4
=item 0
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
=item 1
The operation succeeded.
=back
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
=cut

49
crypto/openssl/doc/ssl/SSL_CTX_flush_sessions.pod Normal file
View File

@ -0,0 +1,49 @@
=pod
=head1 NAME
SSL_CTX_flush_sessions, SSL_flush_sessions - remove expired sessions
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
void SSL_flush_sessions(SSL_CTX *ctx, long tm);
=head1 DESCRIPTION
SSL_CTX_flush_sessions() causes a run through the session cache of
B<ctx> to remove sessions expired at time B<tm>.
SSL_flush_sessions() is a synonym for SSL_CTX_flush_sessions().
=head1 NOTES
If enabled, the internal session cache will collect all sessions established
up to the specified maximum number (see SSL_CTX_sess_set_cache_size()).
As sessions will not be reused ones they are expired, they should be
removed from the cache to save resources. This can either be done
automatically whenever 255 new sessions were established (see
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
or manually by calling SSL_CTX_flush_sessions().
The parameter B<tm> specifies the time which should be used for the
expiration test, in most cases the actual time given by time(0)
will be used.
SSL_CTX_flush_sessions() will only check sessions stored in the internal
cache. When a session is found and removed, the remove_session_cb is however
called to synchronize with the external cache (see
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
=head1 RETURN VALUES
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
=cut

53
crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod Normal file
View File

@ -0,0 +1,53 @@
=pod
=head1 NAME
SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx);
typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int idx, long argl, void *argp);
typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
int idx, long argl, void *argp);
=head1 DESCRIPTION
Several OpenSSL structures can have application specific data attached to them.
These functions are used internally by OpenSSL to manipulate application
specific data attached to a specific structure.
SSL_CTX_get_ex_new_index() is used to register a new index for application
specific data.
SSL_CTX_set_ex_data() is used to store application data at B<arg> for B<idx>
into the B<ctx> object.
SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from
B<ctx>.
A detailed description for the B<*_get_ex_new_index()> functionality
can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
=cut

50
crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod Normal file
View File

@ -0,0 +1,50 @@
=pod
=head1 NAME
SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
int SSL_get_verify_mode(SSL *ssl);
int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
int SSL_get_verify_depth(SSL *ssl);
int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *);
int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *);
=head1 DESCRIPTION
SSL_CTX_get_verify_mode() returns the verification mode currently set in
B<ctx>.
SSL_get_verify_mode() returns the verification mode currently set in
B<ssl>.
SSL_CTX_get_verify_depth() returns the verification depth limit currently set
in B<ctx>. If no limit has been explicitly set, -1 is returned and the
default value will be used.
SSL_get_verify_depth() returns the verification depth limit currently set
in B<ssl>. If no limit has been explicitly set, -1 is returned and the
default value will be used.
SSL_CTX_get_verify_callback() returns a function pointer to the verification
callback currently set in B<ctx>. If no callback was explicitly set, the
NULL pointer is returned and the default callback will be used.
SSL_get_verify_callback() returns a function pointer to the verification
callback currently set in B<ssl>. If no callback was explicitly set, the
NULL pointer is returned and the default callback will be used.
=head1 RETURN VALUES
See DESCRIPTION
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
=cut

124
crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod Normal file
View File

@ -0,0 +1,124 @@
=pod
=head1 NAME
SSL_CTX_load_verify_locations - set default locations for trusted CA
certificates
=head1 SYNOPSIS
#include <openssl/ssl.h>
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);
=head1 DESCRIPTION
SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
which CA certificates for verification purposes are located. The certificates
available via B<CAfile> and B<CApath> are trusted.
=head1 NOTES
If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
format. The file can contain several CA certificates identified by
-----BEGIN CERTIFICATE-----
... (CA certificate in base64 encoding) ...
-----END CERTIFICATE-----
sequences. Before, between, and after the certificates text is allowed
which can be used e.g. for descriptions of the certificates.
The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
function.
If on an TLS/SSL server no special setting is perfomed using *client_CA_list()
functions, the certificates contained in B<CAfile> are listed to the client
as available CAs during the TLS/SSL handshake.
If B<CApath> is not NULL, it points to a directory containing CA certificates
in PEM format. The files each contain one CA certificate. The files are
looked up by the CA subject name hash value, which must hence be available.
If more than one CA certificate with the same name hash value exist, the
extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
is performed in the ordering of the extension number, regardless of other
properties of the certificates.
Use the B<c_rehash> utility to create the necessary links.
The certificates in B<CApath> are only looked up when required, e.g. when
building the certificate chain or when actually performing the verification
of a peer certificate.
On a server, the certificates in B<CApath> are not listed as available
CA certificates to a client during a TLS/SSL handshake.
When looking up CA certificates, the OpenSSL library will first search the
certificates in B<CAfile>, then those in B<CApath>. Certificate matching
is done based on the subject name, the key identifier (if present), and the
serial number as taken from the certificate to be verified. If these data
do not match, the next certificate will be tried. If a first certificate
matching the parameters is found, the verification process will be performed;
no other certificates for the same parameters will be searched in case of
failure.
When building its own certificate chain, an OpenSSL client/server will
try to fill in missing certificates from B<CAfile>/B<CApath>, if the
certificate chain was not explicitely specified (see
L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>.
=head1 WARNINGS
If several CA certificates matching the name, key identifier, and serial
number condition are available, only the first one will be examined. This
may lead to unexpected results if the same CA certificate is available
with different expiration dates. If a "certificate expired" verification
error occurs, no other certificate will be searched. Make sure to not
have expired certificates mixed with valid ones.
=head1 EXAMPLES
Generate a CA certificate file with descriptive text from the CA certificates
ca1.pem ca2.pem ca3.pem:
#!/bin/sh
rm CAfile.pem
for i in ca1.pem ca2.pem ca3.pem ; do
openssl x509 -in $i -text >> CAfile.pem
done
Prepare the directory /some/where/certs containing several CA certificates
for use as B<CApath>:
cd /some/where/certs
c_rehash .
=head1 RETURN VALUES
The following return values can occur:
=over 4
=item 0
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
=item 1
The operation succeeded.
=back
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
=cut

9
crypto/openssl/doc/ssl/SSL_CTX_new.pod
View File

@ -33,9 +33,9 @@ understand SSLv2 client hello messages.
=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
A TLS/SSL connection established with these methods will only understand the
SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages
and will indicate that it also understands TLSv1. A server will only understand
SSLv3 and TLSv1 client hello messages. This especially means, that it will
SSLv3 protocol. A client will send out SSLv3 client hello messages
and will indicate that it only understands SSLv3. A server will only understand
SSLv3 client hello messages. This especially means, that it will
not understand SSLv2 client hello messages which are widely used for
compatibility reasons, see SSLv23_*_method().
@ -46,7 +46,8 @@ TLSv1 protocol. A client will send out TLSv1 client hello messages
and will indicate that it only understands TLSv1. A server will only understand
TLSv1 client hello messages. This especially means, that it will
not understand SSLv2 client hello messages which are widely used for
compatibility reasons, see SSLv23_*_method().
compatibility reasons, see SSLv23_*_method(). It will also not understand
SSLv3 client hello messages.
=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)

50
crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod Normal file
View File

@ -0,0 +1,50 @@
=pod
=head1 NAME
SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
=head1 DESCRIPTION
SSL_CTX_sess_set_cache_size() sets the size of the internal session cache
of context B<ctx> to B<t>.
SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.
=head1 NOTES
The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,
currently 1024*20, so that up to 20000 sessions can be held. This size
can be modified using the SSL_CTX_sess_set_cache_size() call. A special
case is the size 0, which is used for unlimited size.
When the maximum number of sessions is reached, no more new sessions are
added to the cache. New space may be added by calling
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)> to remove
expired sessions.
If the size of the session cache is reduced and more sessions are already
in the session cache, old session will be removed at the next time a
session shall be added. This removal is not synchronized with the
expiration of sessions.
=head1 RETURN VALUES
SSL_CTX_sess_set_cache_size() returns the previously valid size.
SSL_CTX_sess_get_cache_size() returns the currently valid size.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
=cut

81
crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod Normal file
View File

@ -0,0 +1,81 @@
=pod
=head1 NAME
SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
int (*new_session_cb)(SSL *, SSL_SESSION *));
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *));
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy);
int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
int len, int *copy);
=head1 DESCRIPTION
SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
called whenever a new session was negotiated.
SSL_CTX_sess_set_remove_cb() sets the callback function, which is
automatically called whenever a session is removed by the SSL engine,
because it is considered faulty or the session has become obsolete because
of exceeding the timeout value.
SSL_CTX_sess_set_get_cb() sets the callback function which is called,
whenever a SSL/TLS client proposed to resume a session but the session
could not be found in the internal session cache (see
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
(SSL/TLS server only.)
SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the
provided callback functions. If a callback function has not been set,
the NULL pointer is returned.
=head1 NOTES
In order to allow external session caching, synchronization with the internal
session cache is realized via callback functions. Inside these callback
functions, session can be saved to disk or put into a database using the
L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> interface.
The new_session_cb() is called, whenever a new session has been negotiated
and session caching is enabled (see
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
The new_session_cb() is passed the B<ssl> connection and the ssl session
B<sess>. If the callback returns B<0>, the session will be immediately
removed again.
The remove_session_cb() is called, whenever the SSL engine removes a session
from the internal cache. This happens if the session is removed because
it is expired or when a connection was not shutdown cleanly. The
remove_session_cb() is passed the B<ctx> and the ssl session B<sess>.
It does not provide any feedback.
The get_session_cb() is only called on SSL/TLS servers with the session id
proposed by the client. The get_session_cb() is always called, also when
session caching was disabled. The get_session_cb() is passed the
B<ssl> connection, the session id of length B<length> at the memory location
B<data>. With the parameter B<copy> the callback can require the
SSL engine to increment the reference count of the SSL_SESSION object.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
=cut

Some files were not shown because too many files have changed in this diff Show More