提交 ef236ec3 编写于 作者: D Dr. Stephen Henson

Merge from 1.0.0-stable branch.

上级 8711efb4
......@@ -573,7 +573,7 @@ my %table=(
my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
VC-NT VC-CE VC-WIN32
BC-32 OS2-EMX
BC-32
netware-clib netware-clib-bsdsock
netware-libc netware-libc-bsdsock);
......@@ -918,6 +918,11 @@ if (defined($disabled{"tls1"}))
$disabled{"tlsext"} = "forced";
}
if (defined($disabled{"ec"}))
{
$disabled{"gost"} = "forced";
}
if ($target eq "TABLE") {
foreach $target (sort keys %table) {
print_table_entry($target);
......@@ -1432,6 +1437,7 @@ while (<IN>)
}
$sdirs = 0 unless /\\$/;
s/engines // if (/^DIRS=/ && $disabled{"engine"});
s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
......
......@@ -109,6 +109,7 @@ ZLIB_INCLUDE=
LIBZLIB=
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
......@@ -179,7 +180,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
CROSS_COMPILE_PREFIX='$(CROSS_COMPILE_PREFIX)' \
PERL='$(PERL)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
......
......@@ -11,7 +11,7 @@
o RFC3280 path validation: sufficient to process PKITS tests.
o Integrated support for PVK files and keyblobs.
o Change default private key format to PKCS#8.
o CMS support: able to process all examples in RFCXXXX
o CMS support: able to process all examples in RFC4134
o Streaming ASN1 encode support for PKCS#7 and CMS.
o Multiple signer and signer add support for PKCS#7 and CMS.
o ASN1 printing support.
......
......@@ -3691,7 +3691,7 @@ $multilib = 64
*** mingw
$cc = gcc
$cflags = -mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall
$cflags = -mno-cygwin -DL_ENDIAN -DOPENSSL_NO_CAPIENG -fomit-frame-pointer -O3 -march=i486 -Wall
$unistd =
$thread_cflag =
$sys_id = MINGW32
......
......@@ -400,4 +400,10 @@ end:
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_EC */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif
......@@ -725,4 +725,10 @@ static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
BIO_printf(out, "\n\t};\n\n");
return 1;
}
#else /* !OPENSSL_NO_EC */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif
......@@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
......@@ -264,7 +264,7 @@ basicConstraints = CA:true
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
......@@ -297,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
......
......@@ -1129,6 +1129,14 @@ int MAIN(int argc, char **argv)
rsa_doit[i]=1;
for (i=0; i<DSA_NUM; i++)
dsa_doit[i]=1;
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++)
ecdsa_doit[i]=1;
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
ecdh_doit[i]=1;
#endif
}
for (i=0; i<ALGOR_NUM; i++)
if (doit[i]) pr_header++;
......
......@@ -59,7 +59,6 @@
#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
......
......@@ -335,9 +335,11 @@ void ENGINE_load_nuron(void);
void ENGINE_load_sureware(void);
void ENGINE_load_ubsec(void);
void ENGINE_load_padlock(void);
#ifdef OPENSSL_SYS_WIN32
#ifndef OPENSSL_NO_CAPIENG
void ENGINE_load_capi(void);
#endif
#endif
#ifndef OPENSSL_NO_GMP
void ENGINE_load_gmp(void);
#endif
......
......@@ -80,7 +80,9 @@ static const EVP_PKEY_METHOD *standard_methods[] =
&rsa_pkey_meth,
&dh_pkey_meth,
&dsa_pkey_meth,
#ifndef OPENSSL_NO_EC
&ec_pkey_meth,
#endif
&hmac_pkey_meth,
};
......
......@@ -78,8 +78,10 @@ typedef struct _CPUUTIL {
ULONG ulIntrHigh; /* High 32 bits of interrupt time */
} CPUUTIL;
#ifndef __KLIBC__
APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
#endif
HMODULE hDoscalls = 0;
int RAND_poll(void)
......@@ -91,6 +93,7 @@ int RAND_poll(void)
if (hDoscalls == 0) {
ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
#ifndef __KLIBC__
if (rc == 0) {
rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
......@@ -102,6 +105,7 @@ int RAND_poll(void)
if (rc)
DosQuerySysState = NULL;
}
#endif
}
/* Sample the hi-res timer, runs at around 1.1 MHz */
......@@ -122,7 +126,9 @@ int RAND_poll(void)
RAND_add(&util, sizeof(util), 10);
}
else {
#ifndef __KLIBC__
DosPerfSysCall = NULL;
#endif
}
}
......
此差异已折叠。
......@@ -9,9 +9,9 @@ INCLUDES= -I../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
EDIRS= ccgost
ENGDIRS= ccgost
RECURSIVE_MAKE= [ -n "$(EDIRS)" ] && for i in $(EDIRS) ; do \
RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \
$(MAKE) -e TOP=../.. DIR=$$i $$target ) || exit 1; \
done;
......
......@@ -969,7 +969,7 @@ dtls1_retransmit_buffered_messages(SSL *s)
{
frag = (hm_fragment *)item->data;
if ( dtls1_retransmit_message(s,
dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
(unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
0, &found) <= 0 && found)
{
fprintf(stderr, "dtls1_retransmit_message() failed\n");
......
......@@ -115,6 +115,9 @@
#include <stdio.h>
#include "ssl_locl.h"
#ifndef OPENSSL_NO_KRB5
#include "kssl_lcl.h"
#endif
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
......@@ -791,7 +794,7 @@ int dtls1_send_client_key_exchange(SSL *s)
krb5_data *enc_ticket;
krb5_data authenticator, *authp = NULL;
EVP_CIPHER_CTX ciph_ctx;
EVP_CIPHER *enc = NULL;
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
......@@ -892,7 +895,7 @@ int dtls1_send_client_key_exchange(SSL *s)
sizeof tmp_buf);
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl;
if (outl > sizeof epms)
if (outl > (int)sizeof epms)
{
SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
......
......@@ -1067,7 +1067,7 @@ start:
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
{
struct ccs_header_st ccs_hdr;
int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
dtls1_get_ccs_header(rr->data, &ccs_hdr);
......
......@@ -76,6 +76,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/krb5_asn.h>
#include "kssl_lcl.h"
#ifndef OPENSSL_NO_KRB5
......@@ -839,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype)
** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
** xx and yy are possibly multi-byte length fields.
*/
int kssl_test_confound(unsigned char *p)
static int kssl_test_confound(unsigned char *p)
{
int len = 2;
int xx = 0, yy = 0;
......@@ -874,7 +875,7 @@ int kssl_test_confound(unsigned char *p)
** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
*/
size_t *populate_cksumlens(void)
static size_t *populate_cksumlens(void)
{
int i, j, n;
static size_t *cklens = NULL;
......@@ -1025,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
/* Display contents of krb5_principal_data struct, for debugging
** (krb5_principal is typedef'd == krb5_principal_data *)
*/
void
static void
print_krb5_princ(char *label, krb5_principal_data *princ)
{
int i, ui, uj;
......@@ -1224,7 +1225,7 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
** code here. This tkt should alloc/free just
** like the real thing.
*/
krb5_error_code
static krb5_error_code
kssl_TKT2tkt( /* IN */ krb5_context krb5context,
/* IN */ KRB5_TKTBODY *asn1ticket,
/* OUT */ krb5_ticket **krb5ticket,
......@@ -1899,7 +1900,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
** Return pointer to the (partially) filled in struct tm on success,
** return NULL on failure.
*/
struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
{
char c, *p;
......@@ -1925,7 +1926,7 @@ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
** So we try to sneek the clockskew out through the replay cache.
** If that fails just return a likely default (300 seconds).
*/
krb5_deltat get_rc_clockskew(krb5_context context)
static krb5_deltat get_rc_clockskew(krb5_context context)
{
krb5_rcache rc;
krb5_deltat clockskew;
......@@ -2121,7 +2122,7 @@ krb5_error_code kssl_check_authent(
tm_g = gmtime(&now); tg = mktime(tm_g);
tz_offset = tg - tl;
*atimep = tr - tz_offset;
*atimep = (krb5_timestamp)(tr - tz_offset);
}
#ifdef KSSL_DEBUG
......
......@@ -75,7 +75,7 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
char *kstring(char *string);
char *knumber(int len, krb5_octet *contents);
EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
......
......@@ -2034,7 +2034,7 @@ int ssl3_send_client_key_exchange(SSL *s)
krb5_data *enc_ticket;
krb5_data authenticator, *authp = NULL;
EVP_CIPHER_CTX ciph_ctx;
EVP_CIPHER *enc = NULL;
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
......@@ -2137,7 +2137,7 @@ int ssl3_send_client_key_exchange(SSL *s)
sizeof tmp_buf);
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl;
if (outl > sizeof epms)
if (outl > (int)sizeof epms)
{
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
......
......@@ -2821,13 +2821,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
SSL_CIPHER *c,*ret=NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i,ii,ok;
#ifndef OPENSSL_NO_TLSEXT
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
unsigned int j;
#ifndef OPENSSL_NO_EC
int ec_ok, ec_nid;
unsigned char ec_search1 = 0, ec_search2 = 0;
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
#endif
CERT *cert;
unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
......
......@@ -2065,7 +2065,7 @@ int ssl3_get_client_key_exchange(SSL *s)
krb5_data enc_pms;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
EVP_CIPHER_CTX ciph_ctx;
EVP_CIPHER *enc = NULL;
const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
+ EVP_MAX_BLOCK_LENGTH];
......@@ -2080,7 +2080,7 @@ int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i);
enc_ticket.length = i;
if (n < enc_ticket.length + 6)
if (n < (long)(enc_ticket.length + 6))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
......@@ -2093,7 +2093,7 @@ int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i);
authenticator.length = i;
if (n < enc_ticket.length + authenticator.length + 6)
if (n < (long)(enc_ticket.length + authenticator.length + 6))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
......
......@@ -1966,6 +1966,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
#ifndef OPENSSL_NO_EC
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
{
unsigned long alg_k, alg_a;
......@@ -2037,6 +2039,8 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
return 1; /* all checks are ok */
}
#endif
/* THIS NEEDS CLEANING UP */
X509 *ssl_get_server_send_cert(SSL *s)
{
......
......@@ -31,6 +31,7 @@ if(! -x $openssl) {
foreach (split /$path_delim/, $ENV{PATH}) {
if(-x "$_/$openssl") {
$found = 1;
$openssl = "$_/$openssl";
last;
}
}
......
......@@ -3657,7 +3657,7 @@ ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE
ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE
ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE
ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE
ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE,STATIC_ENGINE
ENGINE_load_capi 4047 EXIST:WIN32:FUNCTION:CAPIENG,ENGINE,STATIC_ENGINE
OPENSSL_isservice 4048 NOEXIST::FUNCTION:
FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION:
EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册