FFFTPのソースコードです。
Revision | f1ac14827ed5a93c697cda209f5adc67103d3e2c (tree) |
---|---|
Time | 2015-12-05 19:50:28 |
Author | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.0.2e.
@@ -81,7 +81,7 @@ | ||
81 | 81 | // ソフトウェア自動更新 |
82 | 82 | // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする |
83 | 83 | // 2014年7月31日中の30個目のリリースは2014073129 |
84 | -#define RELEASE_VERSION_NUM 2015113002 /* リリースバージョン */ | |
84 | +#define RELEASE_VERSION_NUM 2015120500 /* リリースバージョン */ | |
85 | 85 | |
86 | 86 | |
87 | 87 | // SourceForge.JPによるフォーク |
@@ -2,6 +2,64 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] | |
6 | + | |
7 | + *) BN_mod_exp may produce incorrect results on x86_64 | |
8 | + | |
9 | + There is a carry propagating bug in the x86_64 Montgomery squaring | |
10 | + procedure. No EC algorithms are affected. Analysis suggests that attacks | |
11 | + against RSA and DSA as a result of this defect would be very difficult to | |
12 | + perform and are not believed likely. Attacks against DH are considered just | |
13 | + feasible (although very difficult) because most of the work necessary to | |
14 | + deduce information about a private key may be performed offline. The amount | |
15 | + of resources required for such an attack would be very significant and | |
16 | + likely only accessible to a limited number of attackers. An attacker would | |
17 | + additionally need online access to an unpatched system using the target | |
18 | + private key in a scenario with persistent DH parameters and a private | |
19 | + key that is shared between multiple clients. For example this can occur by | |
20 | + default in OpenSSL DHE based SSL/TLS ciphersuites. | |
21 | + | |
22 | + This issue was reported to OpenSSL by Hanno B旦ck. | |
23 | + (CVE-2015-3193) | |
24 | + [Andy Polyakov] | |
25 | + | |
26 | + *) Certificate verify crash with missing PSS parameter | |
27 | + | |
28 | + The signature verification routines will crash with a NULL pointer | |
29 | + dereference if presented with an ASN.1 signature using the RSA PSS | |
30 | + algorithm and absent mask generation function parameter. Since these | |
31 | + routines are used to verify certificate signature algorithms this can be | |
32 | + used to crash any certificate verification operation and exploited in a | |
33 | + DoS attack. Any application which performs certificate verification is | |
34 | + vulnerable including OpenSSL clients and servers which enable client | |
35 | + authentication. | |
36 | + | |
37 | + This issue was reported to OpenSSL by Lo誰c Jonas Etienne (Qnective AG). | |
38 | + (CVE-2015-3194) | |
39 | + [Stephen Henson] | |
40 | + | |
41 | + *) X509_ATTRIBUTE memory leak | |
42 | + | |
43 | + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak | |
44 | + memory. This structure is used by the PKCS#7 and CMS routines so any | |
45 | + application which reads PKCS#7 or CMS data from untrusted sources is | |
46 | + affected. SSL/TLS is not affected. | |
47 | + | |
48 | + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using | |
49 | + libFuzzer. | |
50 | + (CVE-2015-3195) | |
51 | + [Stephen Henson] | |
52 | + | |
53 | + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. | |
54 | + This changes the decoding behaviour for some invalid messages, | |
55 | + though the change is mostly in the more lenient direction, and | |
56 | + legacy behaviour is preserved as much as possible. | |
57 | + [Emilia K辰sper] | |
58 | + | |
59 | + *) In DSA_generate_parameters_ex, if the provided seed is too short, | |
60 | + return an error | |
61 | + [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>] | |
62 | + | |
5 | 63 | Changes between 1.0.2c and 1.0.2d [9 Jul 2015] |
6 | 64 | |
7 | 65 | *) Alternate chains certificate forgery |
@@ -15,8 +73,18 @@ | ||
15 | 73 | |
16 | 74 | This issue was reported to OpenSSL by Adam Langley/David Benjamin |
17 | 75 | (Google/BoringSSL). |
76 | + (CVE-2015-1793) | |
18 | 77 | [Matt Caswell] |
19 | 78 | |
79 | + *) Race condition handling PSK identify hint | |
80 | + | |
81 | + If PSK identity hints are received by a multi-threaded client then | |
82 | + the values are wrongly updated in the parent SSL_CTX structure. This can | |
83 | + result in a race condition potentially leading to a double free of the | |
84 | + identify hint data. | |
85 | + (CVE-2015-3196) | |
86 | + [Stephen Henson] | |
87 | + | |
20 | 88 | Changes between 1.0.2b and 1.0.2c [12 Jun 2015] |
21 | 89 | |
22 | 90 | *) Fix HMAC ABI incompatibility. The previous version introduced an ABI |
@@ -55,9 +123,9 @@ | ||
55 | 123 | callbacks. |
56 | 124 | |
57 | 125 | This issue was reported to OpenSSL by Robert Swiecki (Google), and |
58 | - independently by Hanno B?k. | |
126 | + independently by Hanno B旦ck. | |
59 | 127 | (CVE-2015-1789) |
60 | - [Emilia K?per] | |
128 | + [Emilia K辰sper] | |
61 | 129 | |
62 | 130 | *) PKCS7 crash with missing EnvelopedContent |
63 | 131 |
@@ -71,7 +139,7 @@ | ||
71 | 139 | |
72 | 140 | This issue was reported to OpenSSL by Michal Zalewski (Google). |
73 | 141 | (CVE-2015-1790) |
74 | - [Emilia K?per] | |
142 | + [Emilia K辰sper] | |
75 | 143 | |
76 | 144 | *) CMS verify infinite loop with unknown hash function |
77 | 145 |
@@ -201,7 +269,7 @@ | ||
201 | 269 | |
202 | 270 | This issue was reported to OpenSSL by Michal Zalewski (Google). |
203 | 271 | (CVE-2015-0289) |
204 | - [Emilia K?per] | |
272 | + [Emilia K辰sper] | |
205 | 273 | |
206 | 274 | *) DoS via reachable assert in SSLv2 servers fix |
207 | 275 |
@@ -209,10 +277,10 @@ | ||
209 | 277 | servers that both support SSLv2 and enable export cipher suites by sending |
210 | 278 | a specially crafted SSLv2 CLIENT-MASTER-KEY message. |
211 | 279 | |
212 | - This issue was discovered by Sean Burford (Google) and Emilia K?per | |
280 | + This issue was discovered by Sean Burford (Google) and Emilia K辰sper | |
213 | 281 | (OpenSSL development team). |
214 | 282 | (CVE-2015-0293) |
215 | - [Emilia K?per] | |
283 | + [Emilia K辰sper] | |
216 | 284 | |
217 | 285 | *) Empty CKE with client auth and DHE fix |
218 | 286 |
@@ -272,6 +340,10 @@ | ||
272 | 340 | |
273 | 341 | Changes between 1.0.1l and 1.0.2 [22 Jan 2015] |
274 | 342 | |
343 | + *) Change RSA and DH/DSA key generation apps to generate 2048-bit | |
344 | + keys by default. | |
345 | + [Kurt Roeckx] | |
346 | + | |
275 | 347 | *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. |
276 | 348 | ARMv5 through ARMv8, as opposite to "locking" it to single one. |
277 | 349 | So far those who have to target multiple plaforms would compromise |
@@ -717,12 +789,12 @@ | ||
717 | 789 | version does not match the session's version. Resuming with a different |
718 | 790 | version, while not strictly forbidden by the RFC, is of questionable |
719 | 791 | sanity and breaks all known clients. |
720 | - [David Benjamin, Emilia K?per] | |
792 | + [David Benjamin, Emilia K辰sper] | |
721 | 793 | |
722 | 794 | *) Tighten handling of the ChangeCipherSpec (CCS) message: reject |
723 | 795 | early CCS messages during renegotiation. (Note that because |
724 | 796 | renegotiation is encrypted, this early CCS was not exploitable.) |
725 | - [Emilia K?per] | |
797 | + [Emilia K辰sper] | |
726 | 798 | |
727 | 799 | *) Tighten client-side session ticket handling during renegotiation: |
728 | 800 | ensure that the client only accepts a session ticket if the server sends |
@@ -733,7 +805,7 @@ | ||
733 | 805 | Similarly, ensure that the client requires a session ticket if one |
734 | 806 | was advertised in the ServerHello. Previously, a TLS client would |
735 | 807 | ignore a missing NewSessionTicket message. |
736 | - [Emilia K?per] | |
808 | + [Emilia K辰sper] | |
737 | 809 | |
738 | 810 | Changes between 1.0.1i and 1.0.1j [15 Oct 2014] |
739 | 811 |
@@ -813,10 +885,10 @@ | ||
813 | 885 | with a null pointer dereference (read) by specifying an anonymous (EC)DH |
814 | 886 | ciphersuite and sending carefully crafted handshake messages. |
815 | 887 | |
816 | - Thanks to Felix Gr?ert (Google) for discovering and researching this | |
888 | + Thanks to Felix Gr旦bert (Google) for discovering and researching this | |
817 | 889 | issue. |
818 | 890 | (CVE-2014-3510) |
819 | - [Emilia K?per] | |
891 | + [Emilia K辰sper] | |
820 | 892 | |
821 | 893 | *) By sending carefully crafted DTLS packets an attacker could cause openssl |
822 | 894 | to leak memory. This can be exploited through a Denial of Service attack. |
@@ -853,7 +925,7 @@ | ||
853 | 925 | properly negotiated with the client. This can be exploited through a |
854 | 926 | Denial of Service attack. |
855 | 927 | |
856 | - Thanks to Joonas Kuorilehto and Riku Hietam?i (Codenomicon) for | |
928 | + Thanks to Joonas Kuorilehto and Riku Hietam辰ki (Codenomicon) for | |
857 | 929 | discovering and researching this issue. |
858 | 930 | (CVE-2014-5139) |
859 | 931 | [Steve Henson] |
@@ -865,7 +937,7 @@ | ||
865 | 937 | |
866 | 938 | Thanks to Ivan Fratric (Google) for discovering this issue. |
867 | 939 | (CVE-2014-3508) |
868 | - [Emilia K?per, and Steve Henson] | |
940 | + [Emilia K辰sper, and Steve Henson] | |
869 | 941 | |
870 | 942 | *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) |
871 | 943 | for corner cases. (Certain input points at infinity could lead to |
@@ -895,22 +967,22 @@ | ||
895 | 967 | client or server. This is potentially exploitable to run arbitrary |
896 | 968 | code on a vulnerable client or server. |
897 | 969 | |
898 | - Thanks to J?i Aedla for reporting this issue. (CVE-2014-0195) | |
899 | - [J?i Aedla, Steve Henson] | |
970 | + Thanks to J端ri Aedla for reporting this issue. (CVE-2014-0195) | |
971 | + [J端ri Aedla, Steve Henson] | |
900 | 972 | |
901 | 973 | *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites |
902 | 974 | are subject to a denial of service attack. |
903 | 975 | |
904 | - Thanks to Felix Gr?ert and Ivan Fratric at Google for discovering | |
976 | + Thanks to Felix Gr旦bert and Ivan Fratric at Google for discovering | |
905 | 977 | this issue. (CVE-2014-3470) |
906 | - [Felix Gr?ert, Ivan Fratric, Steve Henson] | |
978 | + [Felix Gr旦bert, Ivan Fratric, Steve Henson] | |
907 | 979 | |
908 | 980 | *) Harmonize version and its documentation. -f flag is used to display |
909 | 981 | compilation flags. |
910 | 982 | [mancha <mancha1@zoho.com>] |
911 | 983 | |
912 | 984 | *) Fix eckey_priv_encode so it immediately returns an error upon a failure |
913 | - in i2d_ECPrivateKey. | |
985 | + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. | |
914 | 986 | [mancha <mancha1@zoho.com>] |
915 | 987 | |
916 | 988 | *) Fix some double frees. These are not thought to be exploitable. |
@@ -982,9 +1054,9 @@ | ||
982 | 1054 | Thanks go to Nadhem Alfardan and Kenny Paterson of the Information |
983 | 1055 | Security Group at Royal Holloway, University of London |
984 | 1056 | (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and |
985 | - Emilia K?per for the initial patch. | |
1057 | + Emilia K辰sper for the initial patch. | |
986 | 1058 | (CVE-2013-0169) |
987 | - [Emilia K?per, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] | |
1059 | + [Emilia K辰sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] | |
988 | 1060 | |
989 | 1061 | *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode |
990 | 1062 | ciphersuites which can be exploited in a denial of service attack. |
@@ -1159,7 +1231,7 @@ | ||
1159 | 1231 | EC_GROUP_new_by_curve_name() will automatically use these (while |
1160 | 1232 | EC_GROUP_new_curve_GFp() currently prefers the more flexible |
1161 | 1233 | implementations). |
1162 | - [Emilia K?per, Adam Langley, Bodo Moeller (Google)] | |
1234 | + [Emilia K辰sper, Adam Langley, Bodo Moeller (Google)] | |
1163 | 1235 | |
1164 | 1236 | *) Use type ossl_ssize_t instad of ssize_t which isn't available on |
1165 | 1237 | all platforms. Move ssize_t definition from e_os.h to the public |
@@ -1435,7 +1507,7 @@ | ||
1435 | 1507 | [Adam Langley (Google)] |
1436 | 1508 | |
1437 | 1509 | *) Fix spurious failures in ecdsatest.c. |
1438 | - [Emilia K?per (Google)] | |
1510 | + [Emilia K辰sper (Google)] | |
1439 | 1511 | |
1440 | 1512 | *) Fix the BIO_f_buffer() implementation (which was mixing different |
1441 | 1513 | interpretations of the '..._len' fields). |
@@ -1449,7 +1521,7 @@ | ||
1449 | 1521 | lock to call BN_BLINDING_invert_ex, and avoids one use of |
1450 | 1522 | BN_BLINDING_update for each BN_BLINDING structure (previously, |
1451 | 1523 | the last update always remained unused). |
1452 | - [Emilia K?per (Google)] | |
1524 | + [Emilia K辰sper (Google)] | |
1453 | 1525 | |
1454 | 1526 | *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. |
1455 | 1527 | [Bob Buckholz (Google)] |
@@ -2258,7 +2330,7 @@ | ||
2258 | 2330 | |
2259 | 2331 | *) Add RFC 3161 compliant time stamp request creation, response generation |
2260 | 2332 | and response verification functionality. |
2261 | - [Zolt? Gl?ik <zglozik@opentsa.org>, The OpenTSA Project] | |
2333 | + [Zolt叩n Gl坦zik <zglozik@opentsa.org>, The OpenTSA Project] | |
2262 | 2334 | |
2263 | 2335 | *) Add initial support for TLS extensions, specifically for the server_name |
2264 | 2336 | extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now |
@@ -3426,7 +3498,7 @@ | ||
3426 | 3498 | |
3427 | 3499 | *) BN_CTX_get() should return zero-valued bignums, providing the same |
3428 | 3500 | initialised value as BN_new(). |
3429 | - [Geoff Thorpe, suggested by Ulf M?ler] | |
3501 | + [Geoff Thorpe, suggested by Ulf M旦ller] | |
3430 | 3502 | |
3431 | 3503 | *) Support for inhibitAnyPolicy certificate extension. |
3432 | 3504 | [Steve Henson] |
@@ -3445,7 +3517,7 @@ | ||
3445 | 3517 | some point, these tighter rules will become openssl's default to improve |
3446 | 3518 | maintainability, though the assert()s and other overheads will remain only |
3447 | 3519 | in debugging configurations. See bn.h for more details. |
3448 | - [Geoff Thorpe, Nils Larsch, Ulf M?ler] | |
3520 | + [Geoff Thorpe, Nils Larsch, Ulf M旦ller] | |
3449 | 3521 | |
3450 | 3522 | *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure |
3451 | 3523 | that can only be obtained through BN_CTX_new() (which implicitly |
@@ -3512,7 +3584,7 @@ | ||
3512 | 3584 | [Douglas Stebila (Sun Microsystems Laboratories)] |
3513 | 3585 | |
3514 | 3586 | *) Add the possibility to load symbols globally with DSO. |
3515 | - [G?z Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] | |
3587 | + [G旦tz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] | |
3516 | 3588 | |
3517 | 3589 | *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better |
3518 | 3590 | control of the error stack. |
@@ -4227,7 +4299,7 @@ | ||
4227 | 4299 | [Steve Henson] |
4228 | 4300 | |
4229 | 4301 | *) Undo Cygwin change. |
4230 | - [Ulf M?ler] | |
4302 | + [Ulf M旦ller] | |
4231 | 4303 | |
4232 | 4304 | *) Added support for proxy certificates according to RFC 3820. |
4233 | 4305 | Because they may be a security thread to unaware applications, |
@@ -4260,11 +4332,11 @@ | ||
4260 | 4332 | [Stephen Henson, reported by UK NISCC] |
4261 | 4333 | |
4262 | 4334 | *) Use Windows randomness collection on Cygwin. |
4263 | - [Ulf M?ler] | |
4335 | + [Ulf M旦ller] | |
4264 | 4336 | |
4265 | 4337 | *) Fix hang in EGD/PRNGD query when communication socket is closed |
4266 | 4338 | prematurely by EGD/PRNGD. |
4267 | - [Darren Tucker <dtucker@zip.com.au> via Lutz J?icke, resolves #1014] | |
4339 | + [Darren Tucker <dtucker@zip.com.au> via Lutz J辰nicke, resolves #1014] | |
4268 | 4340 | |
4269 | 4341 | *) Prompt for pass phrases when appropriate for PKCS12 input format. |
4270 | 4342 | [Steve Henson] |
@@ -4726,7 +4798,7 @@ | ||
4726 | 4798 | pointers passed to them whenever necessary. Otherwise it is possible |
4727 | 4799 | the caller may have overwritten (or deallocated) the original string |
4728 | 4800 | data when a later ENGINE operation tries to use the stored values. |
4729 | - [G?z Babin-Ebell <babinebell@trustcenter.de>] | |
4801 | + [G旦tz Babin-Ebell <babinebell@trustcenter.de>] | |
4730 | 4802 | |
4731 | 4803 | *) Improve diagnostics in file reading and command-line digests. |
4732 | 4804 | [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>] |
@@ -6831,7 +6903,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
6831 | 6903 | [Bodo Moeller] |
6832 | 6904 | |
6833 | 6905 | *) BN_sqr() bug fix. |
6834 | - [Ulf M?ler, reported by Jim Ellis <jim.ellis@cavium.com>] | |
6906 | + [Ulf M旦ller, reported by Jim Ellis <jim.ellis@cavium.com>] | |
6835 | 6907 | |
6836 | 6908 | *) Rabin-Miller test analyses assume uniformly distributed witnesses, |
6837 | 6909 | so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() |
@@ -6991,7 +7063,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
6991 | 7063 | [Bodo Moeller] |
6992 | 7064 | |
6993 | 7065 | *) Fix OAEP check. |
6994 | - [Ulf M?ler, Bodo M?ler] | |
7066 | + [Ulf M旦ller, Bodo M旦ller] | |
6995 | 7067 | |
6996 | 7068 | *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 |
6997 | 7069 | RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 |
@@ -7253,10 +7325,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
7253 | 7325 | [Bodo Moeller] |
7254 | 7326 | |
7255 | 7327 | *) Use better test patterns in bntest. |
7256 | - [Ulf M?ler] | |
7328 | + [Ulf M旦ller] | |
7257 | 7329 | |
7258 | 7330 | *) rand_win.c fix for Borland C. |
7259 | - [Ulf M?ler] | |
7331 | + [Ulf M旦ller] | |
7260 | 7332 | |
7261 | 7333 | *) BN_rshift bugfix for n == 0. |
7262 | 7334 | [Bodo Moeller] |
@@ -7401,14 +7473,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
7401 | 7473 | |
7402 | 7474 | *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR |
7403 | 7475 | BIO_ctrl (for BIO pairs). |
7404 | - [Bodo M?ler] | |
7476 | + [Bodo M旦ller] | |
7405 | 7477 | |
7406 | 7478 | *) Add DSO method for VMS. |
7407 | 7479 | [Richard Levitte] |
7408 | 7480 | |
7409 | 7481 | *) Bug fix: Montgomery multiplication could produce results with the |
7410 | 7482 | wrong sign. |
7411 | - [Ulf M?ler] | |
7483 | + [Ulf M旦ller] | |
7412 | 7484 | |
7413 | 7485 | *) Add RPM specification openssl.spec and modify it to build three |
7414 | 7486 | packages. The default package contains applications, application |
@@ -7426,7 +7498,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
7426 | 7498 | |
7427 | 7499 | *) Don't set the two most significant bits to one when generating a |
7428 | 7500 | random number < q in the DSA library. |
7429 | - [Ulf M?ler] | |
7501 | + [Ulf M旦ller] | |
7430 | 7502 | |
7431 | 7503 | *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default |
7432 | 7504 | behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if |
@@ -7692,7 +7764,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
7692 | 7764 | *) Randomness polling function for Win9x, as described in: |
7693 | 7765 | Peter Gutmann, Software Generation of Practically Strong |
7694 | 7766 | Random Numbers. |
7695 | - [Ulf M?ler] | |
7767 | + [Ulf M旦ller] | |
7696 | 7768 | |
7697 | 7769 | *) Fix so PRNG is seeded in req if using an already existing |
7698 | 7770 | DSA key. |
@@ -7912,7 +7984,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
7912 | 7984 | [Steve Henson] |
7913 | 7985 | |
7914 | 7986 | *) Eliminate non-ANSI declarations in crypto.h and stack.h. |
7915 | - [Ulf M?ler] | |
7987 | + [Ulf M旦ller] | |
7916 | 7988 | |
7917 | 7989 | *) Fix for SSL server purpose checking. Server checking was |
7918 | 7990 | rejecting certificates which had extended key usage present |
@@ -7944,7 +8016,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
7944 | 8016 | [Bodo Moeller] |
7945 | 8017 | |
7946 | 8018 | *) Bugfix for linux-elf makefile.one. |
7947 | - [Ulf M?ler] | |
8019 | + [Ulf M旦ller] | |
7948 | 8020 | |
7949 | 8021 | *) RSA_get_default_method() will now cause a default |
7950 | 8022 | RSA_METHOD to be chosen if one doesn't exist already. |
@@ -8033,7 +8105,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8033 | 8105 | [Steve Henson] |
8034 | 8106 | |
8035 | 8107 | *) des_quad_cksum() byte order bug fix. |
8036 | - [Ulf M?ler, using the problem description in krb4-0.9.7, where | |
8108 | + [Ulf M旦ller, using the problem description in krb4-0.9.7, where | |
8037 | 8109 | the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>] |
8038 | 8110 | |
8039 | 8111 | *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly |
@@ -8134,7 +8206,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8134 | 8206 | [Rolf Haberrecker <rolf@suse.de>] |
8135 | 8207 | |
8136 | 8208 | *) Assembler module support for Mingw32. |
8137 | - [Ulf M?ler] | |
8209 | + [Ulf M旦ller] | |
8138 | 8210 | |
8139 | 8211 | *) Shared library support for HPUX (in shlib/). |
8140 | 8212 | [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous] |
@@ -8153,7 +8225,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8153 | 8225 | |
8154 | 8226 | *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] |
8155 | 8227 | case was implemented. This caused BN_div_recp() to fail occasionally. |
8156 | - [Ulf M?ler] | |
8228 | + [Ulf M旦ller] | |
8157 | 8229 | |
8158 | 8230 | *) Add an optional second argument to the set_label() in the perl |
8159 | 8231 | assembly language builder. If this argument exists and is set |
@@ -8183,14 +8255,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8183 | 8255 | [Steve Henson] |
8184 | 8256 | |
8185 | 8257 | *) Fix potential buffer overrun problem in BIO_printf(). |
8186 | - [Ulf M?ler, using public domain code by Patrick Powell; problem | |
8258 | + [Ulf M旦ller, using public domain code by Patrick Powell; problem | |
8187 | 8259 | pointed out by David Sacerdote <das33@cornell.edu>] |
8188 | 8260 | |
8189 | 8261 | *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions |
8190 | 8262 | RAND_egd() and RAND_status(). In the command line application, |
8191 | 8263 | the EGD socket can be specified like a seed file using RANDFILE |
8192 | 8264 | or -rand. |
8193 | - [Ulf M?ler] | |
8265 | + [Ulf M旦ller] | |
8194 | 8266 | |
8195 | 8267 | *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. |
8196 | 8268 | Some CAs (e.g. Verisign) distribute certificates in this form. |
@@ -8223,7 +8295,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8223 | 8295 | #define OPENSSL_ALGORITHM_DEFINES |
8224 | 8296 | #include <openssl/opensslconf.h> |
8225 | 8297 | defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc. |
8226 | - [Richard Levitte, Ulf and Bodo M?ler] | |
8298 | + [Richard Levitte, Ulf and Bodo M旦ller] | |
8227 | 8299 | |
8228 | 8300 | *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS |
8229 | 8301 | record layer. |
@@ -8274,17 +8346,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8274 | 8346 | |
8275 | 8347 | *) Bug fix for BN_div_recp() for numerators with an even number of |
8276 | 8348 | bits. |
8277 | - [Ulf M?ler] | |
8349 | + [Ulf M旦ller] | |
8278 | 8350 | |
8279 | 8351 | *) More tests in bntest.c, and changed test_bn output. |
8280 | - [Ulf M?ler] | |
8352 | + [Ulf M旦ller] | |
8281 | 8353 | |
8282 | 8354 | *) ./config recognizes MacOS X now. |
8283 | 8355 | [Andy Polyakov] |
8284 | 8356 | |
8285 | 8357 | *) Bug fix for BN_div() when the first words of num and divsor are |
8286 | 8358 | equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). |
8287 | - [Ulf M?ler] | |
8359 | + [Ulf M旦ller] | |
8288 | 8360 | |
8289 | 8361 | *) Add support for various broken PKCS#8 formats, and command line |
8290 | 8362 | options to produce them. |
@@ -8292,11 +8364,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8292 | 8364 | |
8293 | 8365 | *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to |
8294 | 8366 | get temporary BIGNUMs from a BN_CTX. |
8295 | - [Ulf M?ler] | |
8367 | + [Ulf M旦ller] | |
8296 | 8368 | |
8297 | 8369 | *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() |
8298 | 8370 | for p == 0. |
8299 | - [Ulf M?ler] | |
8371 | + [Ulf M旦ller] | |
8300 | 8372 | |
8301 | 8373 | *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and |
8302 | 8374 | include a #define from the old name to the new. The original intent |
@@ -8320,7 +8392,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8320 | 8392 | |
8321 | 8393 | *) Source code cleanups: use const where appropriate, eliminate casts, |
8322 | 8394 | use void * instead of char * in lhash. |
8323 | - [Ulf M?ler] | |
8395 | + [Ulf M旦ller] | |
8324 | 8396 | |
8325 | 8397 | *) Bugfix: ssl3_send_server_key_exchange was not restartable |
8326 | 8398 | (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of |
@@ -8365,13 +8437,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8365 | 8437 | [Steve Henson] |
8366 | 8438 | |
8367 | 8439 | *) New function BN_pseudo_rand(). |
8368 | - [Ulf M?ler] | |
8440 | + [Ulf M旦ller] | |
8369 | 8441 | |
8370 | 8442 | *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) |
8371 | 8443 | bignum version of BN_from_montgomery() with the working code from |
8372 | 8444 | SSLeay 0.9.0 (the word based version is faster anyway), and clean up |
8373 | 8445 | the comments. |
8374 | - [Ulf M?ler] | |
8446 | + [Ulf M旦ller] | |
8375 | 8447 | |
8376 | 8448 | *) Avoid a race condition in s2_clnt.c (function get_server_hello) that |
8377 | 8449 | made it impossible to use the same SSL_SESSION data structure in |
@@ -8381,25 +8453,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8381 | 8453 | *) The return value of RAND_load_file() no longer counts bytes obtained |
8382 | 8454 | by stat(). RAND_load_file(..., -1) is new and uses the complete file |
8383 | 8455 | to seed the PRNG (previously an explicit byte count was required). |
8384 | - [Ulf M?ler, Bodo M?ler] | |
8456 | + [Ulf M旦ller, Bodo M旦ller] | |
8385 | 8457 | |
8386 | 8458 | *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes |
8387 | 8459 | used (char *) instead of (void *) and had casts all over the place. |
8388 | 8460 | [Steve Henson] |
8389 | 8461 | |
8390 | 8462 | *) Make BN_generate_prime() return NULL on error if ret!=NULL. |
8391 | - [Ulf M?ler] | |
8463 | + [Ulf M旦ller] | |
8392 | 8464 | |
8393 | 8465 | *) Retain source code compatibility for BN_prime_checks macro: |
8394 | 8466 | BN_is_prime(..., BN_prime_checks, ...) now uses |
8395 | 8467 | BN_prime_checks_for_size to determine the appropriate number of |
8396 | 8468 | Rabin-Miller iterations. |
8397 | - [Ulf M?ler] | |
8469 | + [Ulf M旦ller] | |
8398 | 8470 | |
8399 | 8471 | *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to |
8400 | 8472 | DH_CHECK_P_NOT_SAFE_PRIME. |
8401 | 8473 | (Check if this is true? OpenPGP calls them "strong".) |
8402 | - [Ulf M?ler] | |
8474 | + [Ulf M旦ller] | |
8403 | 8475 | |
8404 | 8476 | *) Merge the functionality of "dh" and "gendh" programs into a new program |
8405 | 8477 | "dhparam". The old programs are retained for now but will handle DH keys |
@@ -8455,7 +8527,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8455 | 8527 | *) Add missing #ifndefs that caused missing symbols when building libssl |
8456 | 8528 | as a shared library without RSA. Use #ifndef NO_SSL2 instead of |
8457 | 8529 | NO_RSA in ssl/s2*.c. |
8458 | - [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf M?ler] | |
8530 | + [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf M旦ller] | |
8459 | 8531 | |
8460 | 8532 | *) Precautions against using the PRNG uninitialized: RAND_bytes() now |
8461 | 8533 | has a return value which indicates the quality of the random data |
@@ -8464,7 +8536,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8464 | 8536 | guaranteed to be unique but not unpredictable. RAND_add is like |
8465 | 8537 | RAND_seed, but takes an extra argument for an entropy estimate |
8466 | 8538 | (RAND_seed always assumes full entropy). |
8467 | - [Ulf M?ler] | |
8539 | + [Ulf M旦ller] | |
8468 | 8540 | |
8469 | 8541 | *) Do more iterations of Rabin-Miller probable prime test (specifically, |
8470 | 8542 | 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes |
@@ -8494,7 +8566,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
8494 | 8566 | [Steve Henson] |
8495 | 8567 | |
8496 | 8568 | *) Honor the no-xxx Configure options when creating .DEF files. |
8497 | - [Ulf M?ler] | |
8569 | + [Ulf M旦ller] | |
8498 | 8570 | |
8499 | 8571 | *) Add PKCS#10 attributes to field table: challengePassword, |
8500 | 8572 | unstructuredName and unstructuredAddress. These are taken from |
@@ -9328,7 +9400,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9328 | 9400 | |
9329 | 9401 | *) More DES library cleanups: remove references to srand/rand and |
9330 | 9402 | delete an unused file. |
9331 | - [Ulf M?ler] | |
9403 | + [Ulf M旦ller] | |
9332 | 9404 | |
9333 | 9405 | *) Add support for the the free Netwide assembler (NASM) under Win32, |
9334 | 9406 | since not many people have MASM (ml) and it can be hard to obtain. |
@@ -9417,7 +9489,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9417 | 9489 | worked. |
9418 | 9490 | |
9419 | 9491 | *) Fix problems with no-hmac etc. |
9420 | - [Ulf M?ler, pointed out by Brian Wellington <bwelling@tislabs.com>] | |
9492 | + [Ulf M旦ller, pointed out by Brian Wellington <bwelling@tislabs.com>] | |
9421 | 9493 | |
9422 | 9494 | *) New functions RSA_get_default_method(), RSA_set_method() and |
9423 | 9495 | RSA_get_method(). These allows replacement of RSA_METHODs without having |
@@ -9534,7 +9606,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9534 | 9606 | [Ben Laurie] |
9535 | 9607 | |
9536 | 9608 | *) DES library cleanups. |
9537 | - [Ulf M?ler] | |
9609 | + [Ulf M旦ller] | |
9538 | 9610 | |
9539 | 9611 | *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be |
9540 | 9612 | used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit |
@@ -9577,7 +9649,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9577 | 9649 | [Christian Forster <fo@hawo.stw.uni-erlangen.de>] |
9578 | 9650 | |
9579 | 9651 | *) config now generates no-xxx options for missing ciphers. |
9580 | - [Ulf M?ler] | |
9652 | + [Ulf M旦ller] | |
9581 | 9653 | |
9582 | 9654 | *) Support the EBCDIC character set (work in progress). |
9583 | 9655 | File ebcdic.c not yet included because it has a different license. |
@@ -9690,7 +9762,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9690 | 9762 | [Bodo Moeller] |
9691 | 9763 | |
9692 | 9764 | *) Move openssl.cnf out of lib/. |
9693 | - [Ulf M?ler] | |
9765 | + [Ulf M旦ller] | |
9694 | 9766 | |
9695 | 9767 | *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall |
9696 | 9768 | -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes |
@@ -9747,10 +9819,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9747 | 9819 | [Ben Laurie] |
9748 | 9820 | |
9749 | 9821 | *) Support Borland C++ builder. |
9750 | - [Janez Jere <jj@void.si>, modified by Ulf M?ler] | |
9822 | + [Janez Jere <jj@void.si>, modified by Ulf M旦ller] | |
9751 | 9823 | |
9752 | 9824 | *) Support Mingw32. |
9753 | - [Ulf M?ler] | |
9825 | + [Ulf M旦ller] | |
9754 | 9826 | |
9755 | 9827 | *) SHA-1 cleanups and performance enhancements. |
9756 | 9828 | [Andy Polyakov <appro@fy.chalmers.se>] |
@@ -9759,7 +9831,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9759 | 9831 | [Andy Polyakov <appro@fy.chalmers.se>] |
9760 | 9832 | |
9761 | 9833 | *) Accept any -xxx and +xxx compiler options in Configure. |
9762 | - [Ulf M?ler] | |
9834 | + [Ulf M旦ller] | |
9763 | 9835 | |
9764 | 9836 | *) Update HPUX configuration. |
9765 | 9837 | [Anonymous] |
@@ -9792,7 +9864,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9792 | 9864 | [Bodo Moeller] |
9793 | 9865 | |
9794 | 9866 | *) OAEP decoding bug fix. |
9795 | - [Ulf M?ler] | |
9867 | + [Ulf M旦ller] | |
9796 | 9868 | |
9797 | 9869 | *) Support INSTALL_PREFIX for package builders, as proposed by |
9798 | 9870 | David Harris. |
@@ -9815,21 +9887,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9815 | 9887 | [Niels Poppe <niels@netbox.org>] |
9816 | 9888 | |
9817 | 9889 | *) New Configure option no-<cipher> (rsa, idea, rc5, ...). |
9818 | - [Ulf M?ler] | |
9890 | + [Ulf M旦ller] | |
9819 | 9891 | |
9820 | 9892 | *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for |
9821 | 9893 | extension adding in x509 utility. |
9822 | 9894 | [Steve Henson] |
9823 | 9895 | |
9824 | 9896 | *) Remove NOPROTO sections and error code comments. |
9825 | - [Ulf M?ler] | |
9897 | + [Ulf M旦ller] | |
9826 | 9898 | |
9827 | 9899 | *) Partial rewrite of the DEF file generator to now parse the ANSI |
9828 | 9900 | prototypes. |
9829 | 9901 | [Steve Henson] |
9830 | 9902 | |
9831 | 9903 | *) New Configure options --prefix=DIR and --openssldir=DIR. |
9832 | - [Ulf M?ler] | |
9904 | + [Ulf M旦ller] | |
9833 | 9905 | |
9834 | 9906 | *) Complete rewrite of the error code script(s). It is all now handled |
9835 | 9907 | by one script at the top level which handles error code gathering, |
@@ -9858,7 +9930,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9858 | 9930 | [Steve Henson] |
9859 | 9931 | |
9860 | 9932 | *) Move the autogenerated header file parts to crypto/opensslconf.h. |
9861 | - [Ulf M?ler] | |
9933 | + [Ulf M旦ller] | |
9862 | 9934 | |
9863 | 9935 | *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of |
9864 | 9936 | 8 of keying material. Merlin has also confirmed interop with this fix |
@@ -9876,13 +9948,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9876 | 9948 | [Andy Polyakov <appro@fy.chalmers.se>] |
9877 | 9949 | |
9878 | 9950 | *) Change functions to ANSI C. |
9879 | - [Ulf M?ler] | |
9951 | + [Ulf M旦ller] | |
9880 | 9952 | |
9881 | 9953 | *) Fix typos in error codes. |
9882 | - [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf M?ler] | |
9954 | + [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf M旦ller] | |
9883 | 9955 | |
9884 | 9956 | *) Remove defunct assembler files from Configure. |
9885 | - [Ulf M?ler] | |
9957 | + [Ulf M旦ller] | |
9886 | 9958 | |
9887 | 9959 | *) SPARC v8 assembler BIGNUM implementation. |
9888 | 9960 | [Andy Polyakov <appro@fy.chalmers.se>] |
@@ -9919,7 +9991,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9919 | 9991 | [Steve Henson] |
9920 | 9992 | |
9921 | 9993 | *) New Configure option "rsaref". |
9922 | - [Ulf M?ler] | |
9994 | + [Ulf M旦ller] | |
9923 | 9995 | |
9924 | 9996 | *) Don't auto-generate pem.h. |
9925 | 9997 | [Bodo Moeller] |
@@ -9967,7 +10039,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9967 | 10039 | |
9968 | 10040 | *) New functions DSA_do_sign and DSA_do_verify to provide access to |
9969 | 10041 | the raw DSA values prior to ASN.1 encoding. |
9970 | - [Ulf M?ler] | |
10042 | + [Ulf M旦ller] | |
9971 | 10043 | |
9972 | 10044 | *) Tweaks to Configure |
9973 | 10045 | [Niels Poppe <niels@netbox.org>] |
@@ -9977,11 +10049,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
9977 | 10049 | [Steve Henson] |
9978 | 10050 | |
9979 | 10051 | *) New variables $(RANLIB) and $(PERL) in the Makefiles. |
9980 | - [Ulf M?ler] | |
10052 | + [Ulf M旦ller] | |
9981 | 10053 | |
9982 | 10054 | *) New config option to avoid instructions that are illegal on the 80386. |
9983 | 10055 | The default code is faster, but requires at least a 486. |
9984 | - [Ulf M?ler] | |
10056 | + [Ulf M旦ller] | |
9985 | 10057 | |
9986 | 10058 | *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and |
9987 | 10059 | SSL2_SERVER_VERSION (not used at all) macros, which are now the |
@@ -10520,7 +10592,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
10520 | 10592 | Hagino <itojun@kame.net>] |
10521 | 10593 | |
10522 | 10594 | *) File was opened incorrectly in randfile.c. |
10523 | - [Ulf M?ler <ulf@fitug.de>] | |
10595 | + [Ulf M旦ller <ulf@fitug.de>] | |
10524 | 10596 | |
10525 | 10597 | *) Beginning of support for GeneralizedTime. d2i, i2d, check and print |
10526 | 10598 | functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or |
@@ -10530,7 +10602,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
10530 | 10602 | [Steve Henson] |
10531 | 10603 | |
10532 | 10604 | *) Correct Linux 1 recognition in config. |
10533 | - [Ulf M?ler <ulf@fitug.de>] | |
10605 | + [Ulf M旦ller <ulf@fitug.de>] | |
10534 | 10606 | |
10535 | 10607 | *) Remove pointless MD5 hash when using DSA keys in ca. |
10536 | 10608 | [Anonymous <nobody@replay.com>] |
@@ -10677,7 +10749,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | ||
10677 | 10749 | |
10678 | 10750 | *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but |
10679 | 10751 | was already fixed by Eric for 0.9.1 it seems. |
10680 | - [Ben Laurie - pointed out by Ulf M?ler <ulf@fitug.de>] | |
10752 | + [Ben Laurie - pointed out by Ulf M旦ller <ulf@fitug.de>] | |
10681 | 10753 | |
10682 | 10754 | *) Autodetect FreeBSD3. |
10683 | 10755 | [Ben Laurie] |
@@ -1,1053 +1,2 @@ | ||
1 | -OpenSSL - Frequently Asked Questions | |
2 | --------------------------------------- | |
3 | - | |
4 | -[MISC] Miscellaneous questions | |
5 | - | |
6 | -* Which is the current version of OpenSSL? | |
7 | -* Where is the documentation? | |
8 | -* How can I contact the OpenSSL developers? | |
9 | -* Where can I get a compiled version of OpenSSL? | |
10 | -* Why aren't tools like 'autoconf' and 'libtool' used? | |
11 | -* What is an 'engine' version? | |
12 | -* How do I check the authenticity of the OpenSSL distribution? | |
13 | -* How does the versioning scheme work? | |
14 | - | |
15 | -[LEGAL] Legal questions | |
16 | - | |
17 | -* Do I need patent licenses to use OpenSSL? | |
18 | -* Can I use OpenSSL with GPL software? | |
19 | - | |
20 | -[USER] Questions on using the OpenSSL applications | |
21 | - | |
22 | -* Why do I get a "PRNG not seeded" error message? | |
23 | -* Why do I get an "unable to write 'random state'" error message? | |
24 | -* How do I create certificates or certificate requests? | |
25 | -* Why can't I create certificate requests? | |
26 | -* Why does <SSL program> fail with a certificate verify error? | |
27 | -* Why can I only use weak ciphers when I connect to a server using OpenSSL? | |
28 | -* How can I create DSA certificates? | |
29 | -* Why can't I make an SSL connection using a DSA certificate? | |
30 | -* How can I remove the passphrase on a private key? | |
31 | -* Why can't I use OpenSSL certificates with SSL client authentication? | |
32 | -* Why does my browser give a warning about a mismatched hostname? | |
33 | -* How do I install a CA certificate into a browser? | |
34 | -* Why is OpenSSL x509 DN output not conformant to RFC2253? | |
35 | -* What is a "128 bit certificate"? Can I create one with OpenSSL? | |
36 | -* Why does OpenSSL set the authority key identifier extension incorrectly? | |
37 | -* How can I set up a bundle of commercial root CA certificates? | |
38 | - | |
39 | -[BUILD] Questions about building and testing OpenSSL | |
40 | - | |
41 | -* Why does the linker complain about undefined symbols? | |
42 | -* Why does the OpenSSL test fail with "bc: command not found"? | |
43 | -* Why does the OpenSSL test fail with "bc: 1 no implemented"? | |
44 | -* Why does the OpenSSL test fail with "bc: stack empty"? | |
45 | -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? | |
46 | -* Why does the OpenSSL compilation fail with "ar: command not found"? | |
47 | -* Why does the OpenSSL compilation fail on Win32 with VC++? | |
48 | -* What is special about OpenSSL on Redhat? | |
49 | -* Why does the OpenSSL compilation fail on MacOS X? | |
50 | -* Why does the OpenSSL test suite fail on MacOS X? | |
51 | -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? | |
52 | -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? | |
53 | -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? | |
54 | -* Why does compiler fail to compile sha512.c? | |
55 | -* Test suite still fails, what to do? | |
56 | -* I think I've found a bug, what should I do? | |
57 | -* I'm SURE I've found a bug, how do I report it? | |
58 | -* I've found a security issue, how do I report it? | |
59 | - | |
60 | -[PROG] Questions about programming with OpenSSL | |
61 | - | |
62 | -* Is OpenSSL thread-safe? | |
63 | -* I've compiled a program under Windows and it crashes: why? | |
64 | -* How do I read or write a DER encoded buffer using the ASN1 functions? | |
65 | -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? | |
66 | -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? | |
67 | -* I've called <some function> and it fails, why? | |
68 | -* I just get a load of numbers for the error output, what do they mean? | |
69 | -* Why do I get errors about unknown algorithms? | |
70 | -* Why can't the OpenSSH configure script detect OpenSSL? | |
71 | -* Can I use OpenSSL's SSL library with non-blocking I/O? | |
72 | -* Why doesn't my server application receive a client certificate? | |
73 | -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? | |
74 | -* I think I've detected a memory leak, is this a bug? | |
75 | -* Why does Valgrind complain about the use of uninitialized data? | |
76 | -* Why doesn't a memory BIO work when a file does? | |
77 | -* Where are the declarations and implementations of d2i_X509() etc? | |
78 | - | |
79 | -=============================================================================== | |
80 | - | |
81 | -[MISC] ======================================================================== | |
82 | - | |
83 | -* Which is the current version of OpenSSL? | |
84 | - | |
85 | -The current version is available from <URL: http://www.openssl.org>. | |
86 | -OpenSSL 1.0.1a was released on Apr 19th, 2012. | |
87 | - | |
88 | -In addition to the current stable release, you can also access daily | |
89 | -snapshots of the OpenSSL development version at <URL: | |
90 | -ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. | |
91 | - | |
92 | - | |
93 | -* Where is the documentation? | |
94 | - | |
95 | -OpenSSL is a library that provides cryptographic functionality to | |
96 | -applications such as secure web servers. Be sure to read the | |
97 | -documentation of the application you want to use. The INSTALL file | |
98 | -explains how to install this library. | |
99 | - | |
100 | -OpenSSL includes a command line utility that can be used to perform a | |
101 | -variety of cryptographic functions. It is described in the openssl(1) | |
102 | -manpage. Documentation for developers is currently being written. Many | |
103 | -manual pages are available; overviews over libcrypto and | |
104 | -libssl are given in the crypto(3) and ssl(3) manpages. | |
105 | - | |
106 | -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a | |
107 | -different directory if you specified one as described in INSTALL). | |
108 | -In addition, you can read the most current versions at | |
109 | -<URL: http://www.openssl.org/docs/>. Note that the online documents refer | |
110 | -to the very latest development versions of OpenSSL and may include features | |
111 | -not present in released versions. If in doubt refer to the documentation | |
112 | -that came with the version of OpenSSL you are using. The pod format | |
113 | -documentation is included in each OpenSSL distribution under the docs | |
114 | -directory. | |
115 | - | |
116 | -There is some documentation about certificate extensions and PKCS#12 | |
117 | -in doc/openssl.txt | |
118 | - | |
119 | -The original SSLeay documentation is included in OpenSSL as | |
120 | -doc/ssleay.txt. It may be useful when none of the other resources | |
121 | -help, but please note that it reflects the obsolete version SSLeay | |
122 | -0.6.6. | |
123 | - | |
124 | - | |
125 | -* How can I contact the OpenSSL developers? | |
126 | - | |
127 | -The README file describes how to submit bug reports and patches to | |
128 | -OpenSSL. Information on the OpenSSL mailing lists is available from | |
129 | -<URL: http://www.openssl.org>. | |
130 | - | |
131 | - | |
132 | -* Where can I get a compiled version of OpenSSL? | |
133 | - | |
134 | -You can finder pointers to binary distributions in | |
135 | -<URL: http://www.openssl.org/related/binaries.html> . | |
136 | - | |
137 | -Some applications that use OpenSSL are distributed in binary form. | |
138 | -When using such an application, you don't need to install OpenSSL | |
139 | -yourself; the application will include the required parts (e.g. DLLs). | |
140 | - | |
141 | -If you want to build OpenSSL on a Windows system and you don't have | |
142 | -a C compiler, read the "Mingw32" section of INSTALL.W32 for information | |
143 | -on how to obtain and install the free GNU C compiler. | |
144 | - | |
145 | -A number of Linux and *BSD distributions include OpenSSL. | |
146 | - | |
147 | - | |
148 | -* Why aren't tools like 'autoconf' and 'libtool' used? | |
149 | - | |
150 | -autoconf will probably be used in future OpenSSL versions. If it was | |
151 | -less Unix-centric, it might have been used much earlier. | |
152 | - | |
153 | -* What is an 'engine' version? | |
154 | - | |
155 | -With version 0.9.6 OpenSSL was extended to interface to external crypto | |
156 | -hardware. This was realized in a special release '0.9.6-engine'. With | |
157 | -version 0.9.7 the changes were merged into the main development line, | |
158 | -so that the special release is no longer necessary. | |
159 | - | |
160 | -* How do I check the authenticity of the OpenSSL distribution? | |
161 | - | |
162 | -We provide MD5 digests and ASC signatures of each tarball. | |
163 | -Use MD5 to check that a tarball from a mirror site is identical: | |
164 | - | |
165 | - md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 | |
166 | - | |
167 | -You can check authenticity using pgp or gpg. You need the OpenSSL team | |
168 | -member public key used to sign it (download it from a key server, see a | |
169 | -list of keys at <URL: http://www.openssl.org/about/>). Then | |
170 | -just do: | |
171 | - | |
172 | - pgp TARBALL.asc | |
173 | - | |
174 | -* How does the versioning scheme work? | |
175 | - | |
176 | -After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter | |
177 | -releases (e.g. 1.0.1a) can only contain bug and security fixes and no | |
178 | -new features. Minor releases change the last number (e.g. 1.0.2) and | |
179 | -can contain new features that retain binary compatibility. Changes to | |
180 | -the middle number are considered major releases and neither source nor | |
181 | -binary compatibility is guaranteed. | |
182 | - | |
183 | -Therefore the answer to the common question "when will feature X be | |
184 | -backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear | |
185 | -in the next minor release. | |
186 | - | |
187 | -* What happens when the letter release reaches z? | |
188 | - | |
189 | -It was decided after the release of OpenSSL 0.9.8y the next version should | |
190 | -be 0.9.8za then 0.9.8zb and so on. | |
191 | - | |
192 | - | |
193 | -[LEGAL] ======================================================================= | |
194 | - | |
195 | -* Do I need patent licenses to use OpenSSL? | |
196 | - | |
197 | -For information on intellectual property rights, please consult a lawyer. | |
198 | -The OpenSSL team does not offer legal advice. | |
199 | - | |
200 | -You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using | |
201 | - ./config no-idea no-mdc2 no-rc5 | |
202 | - | |
203 | - | |
204 | -* Can I use OpenSSL with GPL software? | |
205 | - | |
206 | -On many systems including the major Linux and BSD distributions, yes (the | |
207 | -GPL does not place restrictions on using libraries that are part of the | |
208 | -normal operating system distribution). | |
209 | - | |
210 | -On other systems, the situation is less clear. Some GPL software copyright | |
211 | -holders claim that you infringe on their rights if you use OpenSSL with | |
212 | -their software on operating systems that don't normally include OpenSSL. | |
213 | - | |
214 | -If you develop open source software that uses OpenSSL, you may find it | |
215 | -useful to choose an other license than the GPL, or state explicitly that | |
216 | -"This program is released under the GPL with the additional exemption that | |
217 | -compiling, linking, and/or using OpenSSL is allowed." If you are using | |
218 | -GPL software developed by others, you may want to ask the copyright holder | |
219 | -for permission to use their software with OpenSSL. | |
220 | - | |
221 | - | |
222 | -[USER] ======================================================================== | |
223 | - | |
224 | -* Why do I get a "PRNG not seeded" error message? | |
225 | - | |
226 | -Cryptographic software needs a source of unpredictable data to work | |
227 | -correctly. Many open source operating systems provide a "randomness | |
228 | -device" (/dev/urandom or /dev/random) that serves this purpose. | |
229 | -All OpenSSL versions try to use /dev/urandom by default; starting with | |
230 | -version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not | |
231 | -available. | |
232 | - | |
233 | -On other systems, applications have to call the RAND_add() or | |
234 | -RAND_seed() function with appropriate data before generating keys or | |
235 | -performing public key encryption. (These functions initialize the | |
236 | -pseudo-random number generator, PRNG.) Some broken applications do | |
237 | -not do this. As of version 0.9.5, the OpenSSL functions that need | |
238 | -randomness report an error if the random number generator has not been | |
239 | -seeded with at least 128 bits of randomness. If this error occurs and | |
240 | -is not discussed in the documentation of the application you are | |
241 | -using, please contact the author of that application; it is likely | |
242 | -that it never worked correctly. OpenSSL 0.9.5 and later make the | |
243 | -error visible by refusing to perform potentially insecure encryption. | |
244 | - | |
245 | -If you are using Solaris 8, you can add /dev/urandom and /dev/random | |
246 | -devices by installing patch 112438 (Sparc) or 112439 (x86), which are | |
247 | -available via the Patchfinder at <URL: http://sunsolve.sun.com> | |
248 | -(Solaris 9 includes these devices by default). For /dev/random support | |
249 | -for earlier Solaris versions, see Sun's statement at | |
250 | -<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski> | |
251 | -(the SUNWski package is available in patch 105710). | |
252 | - | |
253 | -On systems without /dev/urandom and /dev/random, it is a good idea to | |
254 | -use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for | |
255 | -details. Starting with version 0.9.7, OpenSSL will automatically look | |
256 | -for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and | |
257 | -/etc/entropy. | |
258 | - | |
259 | -Most components of the openssl command line utility automatically try | |
260 | -to seed the random number generator from a file. The name of the | |
261 | -default seeding file is determined as follows: If environment variable | |
262 | -RANDFILE is set, then it names the seeding file. Otherwise if | |
263 | -environment variable HOME is set, then the seeding file is $HOME/.rnd. | |
264 | -If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will | |
265 | -use file .rnd in the current directory while OpenSSL 0.9.6a uses no | |
266 | -default seeding file at all. OpenSSL 0.9.6b and later will behave | |
267 | -similarly to 0.9.6a, but will use a default of "C:\" for HOME on | |
268 | -Windows systems if the environment variable has not been set. | |
269 | - | |
270 | -If the default seeding file does not exist or is too short, the "PRNG | |
271 | -not seeded" error message may occur. | |
272 | - | |
273 | -The openssl command line utility will write back a new state to the | |
274 | -default seeding file (and create this file if necessary) unless | |
275 | -there was no sufficient seeding. | |
276 | - | |
277 | -Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. | |
278 | -Use the "-rand" option of the OpenSSL command line tools instead. | |
279 | -The $RANDFILE environment variable and $HOME/.rnd are only used by the | |
280 | -OpenSSL command line tools. Applications using the OpenSSL library | |
281 | -provide their own configuration options to specify the entropy source, | |
282 | -please check out the documentation coming the with application. | |
283 | - | |
284 | - | |
285 | -* Why do I get an "unable to write 'random state'" error message? | |
286 | - | |
287 | - | |
288 | -Sometimes the openssl command line utility does not abort with | |
289 | -a "PRNG not seeded" error message, but complains that it is | |
290 | -"unable to write 'random state'". This message refers to the | |
291 | -default seeding file (see previous answer). A possible reason | |
292 | -is that no default filename is known because neither RANDFILE | |
293 | -nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the | |
294 | -current directory in this case, but this has changed with 0.9.6a.) | |
295 | - | |
296 | - | |
297 | -* How do I create certificates or certificate requests? | |
298 | - | |
299 | -Check out the CA.pl(1) manual page. This provides a simple wrapper round | |
300 | -the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check | |
301 | -out the manual pages for the individual utilities and the certificate | |
302 | -extensions documentation (in ca(1), req(1), x509v3_config(5) ) | |
303 | - | |
304 | - | |
305 | -* Why can't I create certificate requests? | |
306 | - | |
307 | -You typically get the error: | |
308 | - | |
309 | - unable to find 'distinguished_name' in config | |
310 | - problems making Certificate Request | |
311 | - | |
312 | -This is because it can't find the configuration file. Check out the | |
313 | -DIAGNOSTICS section of req(1) for more information. | |
314 | - | |
315 | - | |
316 | -* Why does <SSL program> fail with a certificate verify error? | |
317 | - | |
318 | -This problem is usually indicated by log messages saying something like | |
319 | -"unable to get local issuer certificate" or "self signed certificate". | |
320 | -When a certificate is verified its root CA must be "trusted" by OpenSSL | |
321 | -this typically means that the CA certificate must be placed in a directory | |
322 | -or file and the relevant program configured to read it. The OpenSSL program | |
323 | -'verify' behaves in a similar way and issues similar error messages: check | |
324 | -the verify(1) program manual page for more information. | |
325 | - | |
326 | - | |
327 | -* Why can I only use weak ciphers when I connect to a server using OpenSSL? | |
328 | - | |
329 | -This is almost certainly because you are using an old "export grade" browser | |
330 | -which only supports weak encryption. Upgrade your browser to support 128 bit | |
331 | -ciphers. | |
332 | - | |
333 | - | |
334 | -* How can I create DSA certificates? | |
335 | - | |
336 | -Check the CA.pl(1) manual page for a DSA certificate example. | |
337 | - | |
338 | - | |
339 | -* Why can't I make an SSL connection to a server using a DSA certificate? | |
340 | - | |
341 | -Typically you'll see a message saying there are no shared ciphers when | |
342 | -the same setup works fine with an RSA certificate. There are two possible | |
343 | -causes. The client may not support connections to DSA servers most web | |
344 | -browsers (including Netscape and MSIE) only support connections to servers | |
345 | -supporting RSA cipher suites. The other cause is that a set of DH parameters | |
346 | -has not been supplied to the server. DH parameters can be created with the | |
347 | -dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: | |
348 | -check the source to s_server in apps/s_server.c for an example. | |
349 | - | |
350 | - | |
351 | -* How can I remove the passphrase on a private key? | |
352 | - | |
353 | -Firstly you should be really *really* sure you want to do this. Leaving | |
354 | -a private key unencrypted is a major security risk. If you decide that | |
355 | -you do have to do this check the EXAMPLES sections of the rsa(1) and | |
356 | -dsa(1) manual pages. | |
357 | - | |
358 | - | |
359 | -* Why can't I use OpenSSL certificates with SSL client authentication? | |
360 | - | |
361 | -What will typically happen is that when a server requests authentication | |
362 | -it will either not include your certificate or tell you that you have | |
363 | -no client certificates (Netscape) or present you with an empty list box | |
364 | -(MSIE). The reason for this is that when a server requests a client | |
365 | -certificate it includes a list of CAs names which it will accept. Browsers | |
366 | -will only let you select certificates from the list on the grounds that | |
367 | -there is little point presenting a certificate which the server will | |
368 | -reject. | |
369 | - | |
370 | -The solution is to add the relevant CA certificate to your servers "trusted | |
371 | -CA list". How you do this depends on the server software in uses. You can | |
372 | -print out the servers list of acceptable CAs using the OpenSSL s_client tool: | |
373 | - | |
374 | -openssl s_client -connect www.some.host:443 -prexit | |
375 | - | |
376 | -If your server only requests certificates on certain URLs then you may need | |
377 | -to manually issue an HTTP GET command to get the list when s_client connects: | |
378 | - | |
379 | -GET /some/page/needing/a/certificate.html | |
380 | - | |
381 | -If your CA does not appear in the list then this confirms the problem. | |
382 | - | |
383 | - | |
384 | -* Why does my browser give a warning about a mismatched hostname? | |
385 | - | |
386 | -Browsers expect the server's hostname to match the value in the commonName | |
387 | -(CN) field of the certificate. If it does not then you get a warning. | |
388 | - | |
389 | - | |
390 | -* How do I install a CA certificate into a browser? | |
391 | - | |
392 | -The usual way is to send the DER encoded certificate to the browser as | |
393 | -MIME type application/x-x509-ca-cert, for example by clicking on an appropriate | |
394 | -link. On MSIE certain extensions such as .der or .cacert may also work, or you | |
395 | -can import the certificate using the certificate import wizard. | |
396 | - | |
397 | -You can convert a certificate to DER form using the command: | |
398 | - | |
399 | -openssl x509 -in ca.pem -outform DER -out ca.der | |
400 | - | |
401 | -Occasionally someone suggests using a command such as: | |
402 | - | |
403 | -openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem | |
404 | - | |
405 | -DO NOT DO THIS! This command will give away your CAs private key and | |
406 | -reduces its security to zero: allowing anyone to forge certificates in | |
407 | -whatever name they choose. | |
408 | - | |
409 | -* Why is OpenSSL x509 DN output not conformant to RFC2253? | |
410 | - | |
411 | -The ways to print out the oneline format of the DN (Distinguished Name) have | |
412 | -been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() | |
413 | -interface, the "-nameopt" option could be introduded. See the manual | |
414 | -page of the "openssl x509" commandline tool for details. The old behaviour | |
415 | -has however been left as default for the sake of compatibility. | |
416 | - | |
417 | -* What is a "128 bit certificate"? Can I create one with OpenSSL? | |
418 | - | |
419 | -The term "128 bit certificate" is a highly misleading marketing term. It does | |
420 | -*not* refer to the size of the public key in the certificate! A certificate | |
421 | -containing a 128 bit RSA key would have negligible security. | |
422 | - | |
423 | -There were various other names such as "magic certificates", "SGC | |
424 | -certificates", "step up certificates" etc. | |
425 | - | |
426 | -You can't generally create such a certificate using OpenSSL but there is no | |
427 | -need to any more. Nowadays web browsers using unrestricted strong encryption | |
428 | -are generally available. | |
429 | - | |
430 | -When there were tight restrictions on the export of strong encryption | |
431 | -software from the US only weak encryption algorithms could be freely exported | |
432 | -(initially 40 bit and then 56 bit). It was widely recognised that this was | |
433 | -inadequate. A relaxation of the rules allowed the use of strong encryption but | |
434 | -only to an authorised server. | |
435 | - | |
436 | -Two slighly different techniques were developed to support this, one used by | |
437 | -Netscape was called "step up", the other used by MSIE was called "Server Gated | |
438 | -Cryptography" (SGC). When a browser initially connected to a server it would | |
439 | -check to see if the certificate contained certain extensions and was issued by | |
440 | -an authorised authority. If these test succeeded it would reconnect using | |
441 | -strong encryption. | |
442 | - | |
443 | -Only certain (initially one) certificate authorities could issue the | |
444 | -certificates and they generally cost more than ordinary certificates. | |
445 | - | |
446 | -Although OpenSSL can create certificates containing the appropriate extensions | |
447 | -the certificate would not come from a permitted authority and so would not | |
448 | -be recognized. | |
449 | - | |
450 | -The export laws were later changed to allow almost unrestricted use of strong | |
451 | -encryption so these certificates are now obsolete. | |
452 | - | |
453 | - | |
454 | -* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? | |
455 | - | |
456 | -It doesn't: this extension is often the cause of confusion. | |
457 | - | |
458 | -Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose | |
459 | -certificate C contains AKID. | |
460 | - | |
461 | -The purpose of this extension is to identify the authority certificate B. This | |
462 | -can be done either by including the subject key identifier of B or its issuer | |
463 | -name and serial number. | |
464 | - | |
465 | -In this latter case because it is identifying certifcate B it must contain the | |
466 | -issuer name and serial number of B. | |
467 | - | |
468 | -It is often wrongly assumed that it should contain the subject name of B. If it | |
469 | -did this would be redundant information because it would duplicate the issuer | |
470 | -name of C. | |
471 | - | |
472 | - | |
473 | -* How can I set up a bundle of commercial root CA certificates? | |
474 | - | |
475 | -The OpenSSL software is shipped without any root CA certificate as the | |
476 | -OpenSSL project does not have any policy on including or excluding | |
477 | -any specific CA and does not intend to set up such a policy. Deciding | |
478 | -about which CAs to support is up to application developers or | |
479 | -administrators. | |
480 | - | |
481 | -Other projects do have other policies so you can for example extract the CA | |
482 | -bundle used by Mozilla and/or modssl as described in this article: | |
483 | - | |
484 | - <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html> | |
485 | - | |
486 | - | |
487 | -[BUILD] ======================================================================= | |
488 | - | |
489 | -* Why does the linker complain about undefined symbols? | |
490 | - | |
491 | -Maybe the compilation was interrupted, and make doesn't notice that | |
492 | -something is missing. Run "make clean; make". | |
493 | - | |
494 | -If you used ./Configure instead of ./config, make sure that you | |
495 | -selected the right target. File formats may differ slightly between | |
496 | -OS versions (for example sparcv8/sparcv9, or a.out/elf). | |
497 | - | |
498 | -In case you get errors about the following symbols, use the config | |
499 | -option "no-asm", as described in INSTALL: | |
500 | - | |
501 | - BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, | |
502 | - CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, | |
503 | - RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, | |
504 | - bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, | |
505 | - bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, | |
506 | - des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, | |
507 | - des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order | |
508 | - | |
509 | -If none of these helps, you may want to try using the current snapshot. | |
510 | -If the problem persists, please submit a bug report. | |
511 | - | |
512 | - | |
513 | -* Why does the OpenSSL test fail with "bc: command not found"? | |
514 | - | |
515 | -You didn't install "bc", the Unix calculator. If you want to run the | |
516 | -tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. | |
517 | - | |
518 | - | |
519 | -* Why does the OpenSSL test fail with "bc: 1 no implemented"? | |
520 | - | |
521 | -On some SCO installations or versions, bc has a bug that gets triggered | |
522 | -when you run the test suite (using "make test"). The message returned is | |
523 | -"bc: 1 not implemented". | |
524 | - | |
525 | -The best way to deal with this is to find another implementation of bc | |
526 | -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> | |
527 | -for download instructions) can be safely used, for example. | |
528 | - | |
529 | - | |
530 | -* Why does the OpenSSL test fail with "bc: stack empty"? | |
531 | - | |
532 | -On some DG/ux versions, bc seems to have a too small stack for calculations | |
533 | -that the OpenSSL bntest throws at it. This gets triggered when you run the | |
534 | -test suite (using "make test"). The message returned is "bc: stack empty". | |
535 | - | |
536 | -The best way to deal with this is to find another implementation of bc | |
537 | -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html> | |
538 | -for download instructions) can be safely used, for example. | |
539 | - | |
540 | - | |
541 | -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? | |
542 | - | |
543 | -On some Alpha installations running Tru64 Unix and Compaq C, the compilation | |
544 | -of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual | |
545 | -memory to continue compilation.' As far as the tests have shown, this may be | |
546 | -a compiler bug. What happens is that it eats up a lot of resident memory | |
547 | -to build something, probably a table. The problem is clearly in the | |
548 | -optimization code, because if one eliminates optimization completely (-O0), | |
549 | -the compilation goes through (and the compiler consumes about 2MB of resident | |
550 | -memory instead of 240MB or whatever one's limit is currently). | |
551 | - | |
552 | -There are three options to solve this problem: | |
553 | - | |
554 | -1. set your current data segment size soft limit higher. Experience shows | |
555 | -that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do | |
556 | -this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of | |
557 | -kbytes to set the limit to. | |
558 | - | |
559 | -2. If you have a hard limit that is lower than what you need and you can't | |
560 | -get it changed, you can compile all of OpenSSL with -O0 as optimization | |
561 | -level. This is however not a very nice thing to do for those who expect to | |
562 | -get the best result from OpenSSL. A bit more complicated solution is the | |
563 | -following: | |
564 | - | |
565 | ------ snip:start ----- | |
566 | - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ | |
567 | - sed -e 's/ -O[0-9] / -O0 /'`" | |
568 | - rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` | |
569 | - make | |
570 | ------ snip:end ----- | |
571 | - | |
572 | -This will only compile sha_dgst.c with -O0, the rest with the optimization | |
573 | -level chosen by the configuration process. When the above is done, do the | |
574 | -test and installation and you're set. | |
575 | - | |
576 | -3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It | |
577 | -should not be used and is not used in SSL/TLS nor any other recognized | |
578 | -protocol in either case. | |
579 | - | |
580 | - | |
581 | -* Why does the OpenSSL compilation fail with "ar: command not found"? | |
582 | - | |
583 | -Getting this message is quite usual on Solaris 2, because Sun has hidden | |
584 | -away 'ar' and other development commands in directories that aren't in | |
585 | -$PATH by default. One of those directories is '/usr/ccs/bin'. The | |
586 | -quickest way to fix this is to do the following (it assumes you use sh | |
587 | -or any sh-compatible shell): | |
588 | - | |
589 | ------ snip:start ----- | |
590 | - PATH=${PATH}:/usr/ccs/bin; export PATH | |
591 | ------ snip:end ----- | |
592 | - | |
593 | -and then redo the compilation. What you should really do is make sure | |
594 | -'/usr/ccs/bin' is permanently in your $PATH, for example through your | |
595 | -'.profile' (again, assuming you use a sh-compatible shell). | |
596 | - | |
597 | - | |
598 | -* Why does the OpenSSL compilation fail on Win32 with VC++? | |
599 | - | |
600 | -Sometimes, you may get reports from VC++ command line (cl) that it | |
601 | -can't find standard include files like stdio.h and other weirdnesses. | |
602 | -One possible cause is that the environment isn't correctly set up. | |
603 | -To solve that problem for VC++ versions up to 6, one should run | |
604 | -VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ | |
605 | -installation directory (somewhere under 'Program Files'). For VC++ | |
606 | -version 7 (and up?), which is also called VS.NET, the file is called | |
607 | -VSVARS32.BAT instead. | |
608 | -This needs to be done prior to running NMAKE, and the changes are only | |
609 | -valid for the current DOS session. | |
610 | - | |
611 | - | |
612 | -* What is special about OpenSSL on Redhat? | |
613 | - | |
614 | -Red Hat Linux (release 7.0 and later) include a preinstalled limited | |
615 | -version of OpenSSL. Red Hat has chosen to disable support for IDEA, RC5 and | |
616 | -MDC2 in this version. The same may apply to other Linux distributions. | |
617 | -Users may therefore wish to install more or all of the features left out. | |
618 | - | |
619 | -To do this you MUST ensure that you do not overwrite the openssl that is in | |
620 | -/usr/bin on your Red Hat machine. Several packages depend on this file, | |
621 | -including sendmail and ssh. /usr/local/bin is a good alternative choice. The | |
622 | -libraries that come with Red Hat 7.0 onwards have different names and so are | |
623 | -not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and | |
624 | -/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and | |
625 | -/lib/libcrypto.so.2 respectively). | |
626 | - | |
627 | -Please note that we have been advised by Red Hat attempting to recompile the | |
628 | -openssl rpm with all the cryptography enabled will not work. All other | |
629 | -packages depend on the original Red Hat supplied openssl package. It is also | |
630 | -worth noting that due to the way Red Hat supplies its packages, updates to | |
631 | -openssl on each distribution never change the package version, only the | |
632 | -build number. For example, on Red Hat 7.1, the latest openssl package has | |
633 | -version number 0.9.6 and build number 9 even though it contains all the | |
634 | -relevant updates in packages up to and including 0.9.6b. | |
635 | - | |
636 | -A possible way around this is to persuade Red Hat to produce a non-US | |
637 | -version of Red Hat Linux. | |
638 | - | |
639 | - | |
640 | -* Why does the OpenSSL compilation fail on MacOS X? | |
641 | - | |
642 | -If the failure happens when trying to build the "openssl" binary, with | |
643 | -a large number of undefined symbols, it's very probable that you have | |
644 | -OpenSSL 0.9.6b delivered with the operating system (you can find out by | |
645 | -running '/usr/bin/openssl version') and that you were trying to build | |
646 | -OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in | |
647 | -MacOS X has a misfeature that's quite difficult to go around. | |
648 | -Look in the file PROBLEMS for a more detailed explanation and for possible | |
649 | -solutions. | |
650 | - | |
651 | - | |
652 | -* Why does the OpenSSL test suite fail on MacOS X? | |
653 | - | |
654 | -If the failure happens when running 'make test' and the RC4 test fails, | |
655 | -it's very probable that you have OpenSSL 0.9.6b delivered with the | |
656 | -operating system (you can find out by running '/usr/bin/openssl version') | |
657 | -and that you were trying to build OpenSSL 0.9.6d. The problem is that | |
658 | -the loader ('ld') in MacOS X has a misfeature that's quite difficult to | |
659 | -go around and has linked the programs "openssl" and the test programs | |
660 | -with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the | |
661 | -libraries you just built. | |
662 | -Look in the file PROBLEMS for a more detailed explanation and for possible | |
663 | -solutions. | |
664 | - | |
665 | -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? | |
666 | - | |
667 | -Failure in BN_sqr test is most likely caused by a failure to configure the | |
668 | -toolkit for current platform or lack of support for the platform in question. | |
669 | -Run './config -t' and './apps/openssl version -p'. Do these platform | |
670 | -identifiers match? If they don't, then you most likely failed to run | |
671 | -./config and you're hereby advised to do so before filing a bug report. | |
672 | -If ./config itself fails to run, then it's most likely problem with your | |
673 | -local environment and you should turn to your system administrator (or | |
674 | -similar). If identifiers match (and/or no alternative identifier is | |
675 | -suggested by ./config script), then the platform is unsupported. There might | |
676 | -or might not be a workaround. Most notably on SPARC64 platforms with GNU | |
677 | -C compiler you should be able to produce a working build by running | |
678 | -'./config -m32'. I understand that -m32 might not be what you want/need, | |
679 | -but the build should be operational. For further details turn to | |
680 | -<openssl-dev@openssl.org>. | |
681 | - | |
682 | -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? | |
683 | - | |
684 | -As of 0.9.7 assembler routines were overhauled for position independence | |
685 | -of the machine code, which is essential for shared library support. For | |
686 | -some reason OpenBSD is equipped with an out-of-date GNU assembler which | |
687 | -finds the new code offensive. To work around the problem, configure with | |
688 | -no-asm (and sacrifice a great deal of performance) or patch your assembler | |
689 | -according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>. | |
690 | -For your convenience a pre-compiled replacement binary is provided at | |
691 | -<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>. | |
692 | -Reportedly elder *BSD a.out platforms also suffer from this problem and | |
693 | -remedy should be same. Provided binary is statically linked and should be | |
694 | -working across wider range of *BSD branches, not just OpenBSD. | |
695 | - | |
696 | -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? | |
697 | - | |
698 | -If the test program in question fails withs SIGILL, Illegal Instruction | |
699 | -exception, then you more than likely to run SSE2-capable CPU, such as | |
700 | -Intel P4, under control of kernel which does not support SSE2 | |
701 | -instruction extentions. See accompanying INSTALL file and | |
702 | -OPENSSL_ia32cap(3) documentation page for further information. | |
703 | - | |
704 | -* Why does compiler fail to compile sha512.c? | |
705 | - | |
706 | -OpenSSL SHA-512 implementation depends on compiler support for 64-bit | |
707 | -integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a | |
708 | -couple] lack support for this and therefore are incapable of compiling | |
709 | -the module in question. The recommendation is to disable SHA-512 by | |
710 | -adding no-sha512 to ./config [or ./Configure] command line. Another | |
711 | -possible alternative might be to switch to GCC. | |
712 | - | |
713 | -* Test suite still fails, what to do? | |
714 | - | |
715 | -Another common reason for failure to complete some particular test is | |
716 | -simply bad code generated by a buggy component in toolchain or deficiency | |
717 | -in run-time environment. There are few cases documented in PROBLEMS file, | |
718 | -consult it for possible workaround before you beat the drum. Even if you | |
719 | -don't find solution or even mention there, do reserve for possibility of | |
720 | -a compiler bug. Compiler bugs might appear in rather bizarre ways, they | |
721 | -never make sense, and tend to emerge when you least expect them. In order | |
722 | -to identify one, drop optimization level, e.g. by editing CFLAG line in | |
723 | -top-level Makefile, recompile and re-run the test. | |
724 | - | |
725 | -* I think I've found a bug, what should I do? | |
726 | - | |
727 | -If you are a new user then it is quite likely you haven't found a bug and | |
728 | -something is happening you aren't familiar with. Check this FAQ, the associated | |
729 | -documentation and the mailing lists for similar queries. If you are still | |
730 | -unsure whether it is a bug or not submit a query to the openssl-users mailing | |
731 | -list. | |
732 | - | |
733 | - | |
734 | -* I'm SURE I've found a bug, how do I report it? | |
735 | - | |
736 | -Bug reports with no security implications should be sent to the request | |
737 | -tracker. This can be done by mailing the report to <rt@openssl.org> (or its | |
738 | -alias <openssl-bugs@openssl.org>), please note that messages sent to the | |
739 | -request tracker also appear in the public openssl-dev mailing list. | |
740 | - | |
741 | -The report should be in plain text. Any patches should be sent as | |
742 | -plain text attachments because some mailers corrupt patches sent inline. | |
743 | -If your issue affects multiple versions of OpenSSL check any patches apply | |
744 | -cleanly and, if possible include patches to each affected version. | |
745 | - | |
746 | -The report should be given a meaningful subject line briefly summarising the | |
747 | -issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. | |
748 | - | |
749 | -By sending reports to the request tracker the bug can then be given a priority | |
750 | -and assigned to the appropriate maintainer. The history of discussions can be | |
751 | -accessed and if the issue has been addressed or a reason why not. If patches | |
752 | -are only sent to openssl-dev they can be mislaid if a team member has to | |
753 | -wade through months of old messages to review the discussion. | |
754 | - | |
755 | -See also <URL: http://www.openssl.org/support/rt.html> | |
756 | - | |
757 | - | |
758 | -* I've found a security issue, how do I report it? | |
759 | - | |
760 | -If you think your bug has security implications then please send it to | |
761 | -openssl-security@openssl.org if you don't get a prompt reply at least | |
762 | -acknowledging receipt then resend or mail it directly to one of the | |
763 | -more active team members (e.g. Steve). | |
764 | - | |
765 | -Note that bugs only present in the openssl utility are not in general | |
766 | -considered to be security issues. | |
767 | - | |
768 | -[PROG] ======================================================================== | |
769 | - | |
770 | -* Is OpenSSL thread-safe? | |
771 | - | |
772 | -Yes (with limitations: an SSL connection may not concurrently be used | |
773 | -by multiple threads). On Windows and many Unix systems, OpenSSL | |
774 | -automatically uses the multi-threaded versions of the standard | |
775 | -libraries. If your platform is not one of these, consult the INSTALL | |
776 | -file. | |
777 | - | |
778 | -Multi-threaded applications must provide two callback functions to | |
779 | -OpenSSL by calling CRYPTO_set_locking_callback() and | |
780 | -CRYPTO_set_id_callback(), for all versions of OpenSSL up to and | |
781 | -including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() | |
782 | -and associated APIs are deprecated by CRYPTO_THREADID_set_callback() | |
783 | -and friends. This is described in the threads(3) manpage. | |
784 | - | |
785 | -* I've compiled a program under Windows and it crashes: why? | |
786 | - | |
787 | -This is usually because you've missed the comment in INSTALL.W32. | |
788 | -Your application must link against the same version of the Win32 | |
789 | -C-Runtime against which your openssl libraries were linked. The | |
790 | -default version for OpenSSL is /MD - "Multithreaded DLL". | |
791 | - | |
792 | -If you are using Microsoft Visual C++'s IDE (Visual Studio), in | |
793 | -many cases, your new project most likely defaulted to "Debug | |
794 | -Singlethreaded" - /ML. This is NOT interchangeable with /MD and your | |
795 | -program will crash, typically on the first BIO related read or write | |
796 | -operation. | |
797 | - | |
798 | -For each of the six possible link stage configurations within Win32, | |
799 | -your application must link against the same by which OpenSSL was | |
800 | -built. If you are using MS Visual C++ (Studio) this can be changed | |
801 | -by: | |
802 | - | |
803 | - 1. Select Settings... from the Project Menu. | |
804 | - 2. Select the C/C++ Tab. | |
805 | - 3. Select "Code Generation from the "Category" drop down list box | |
806 | - 4. Select the Appropriate library (see table below) from the "Use | |
807 | - run-time library" drop down list box. Perform this step for both | |
808 | - your debug and release versions of your application (look at the | |
809 | - top left of the settings panel to change between the two) | |
810 | - | |
811 | - Single Threaded /ML - MS VC++ often defaults to | |
812 | - this for the release | |
813 | - version of a new project. | |
814 | - Debug Single Threaded /MLd - MS VC++ often defaults to | |
815 | - this for the debug version | |
816 | - of a new project. | |
817 | - Multithreaded /MT | |
818 | - Debug Multithreaded /MTd | |
819 | - Multithreaded DLL /MD - OpenSSL defaults to this. | |
820 | - Debug Multithreaded DLL /MDd | |
821 | - | |
822 | -Note that debug and release libraries are NOT interchangeable. If you | |
823 | -built OpenSSL with /MD your application must use /MD and cannot use /MDd. | |
824 | - | |
825 | -As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL | |
826 | -.DLLs compiled with some specific run-time option [we insist on the | |
827 | -default /MD] can be deployed with application compiled with different | |
828 | -option or even different compiler. But there is a catch! Instead of | |
829 | -re-compiling OpenSSL toolkit, as you would have to with prior versions, | |
830 | -you have to compile small C snippet with compiler and/or options of | |
831 | -your choice. The snippet gets installed as | |
832 | -<install-root>/include/openssl/applink.c and should be either added to | |
833 | -your application project or simply #include-d in one [and only one] | |
834 | -of your application source files. Failure to link this shim module | |
835 | -into your application manifests itself as fatal "no OPENSSL_Applink" | |
836 | -run-time error. An explicit reminder is due that in this situation | |
837 | -[mixing compiler options] it is as important to add CRYPTO_malloc_init | |
838 | -prior first call to OpenSSL. | |
839 | - | |
840 | -* How do I read or write a DER encoded buffer using the ASN1 functions? | |
841 | - | |
842 | -You have two options. You can either use a memory BIO in conjunction | |
843 | -with the i2d_*_bio() or d2i_*_bio() functions or you can use the | |
844 | -i2d_*(), d2i_*() functions directly. Since these are often the | |
845 | -cause of grief here are some code fragments using PKCS7 as an example: | |
846 | - | |
847 | - unsigned char *buf, *p; | |
848 | - int len; | |
849 | - | |
850 | - len = i2d_PKCS7(p7, NULL); | |
851 | - buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ | |
852 | - p = buf; | |
853 | - i2d_PKCS7(p7, &p); | |
854 | - | |
855 | -At this point buf contains the len bytes of the DER encoding of | |
856 | -p7. | |
857 | - | |
858 | -The opposite assumes we already have len bytes in buf: | |
859 | - | |
860 | - unsigned char *p; | |
861 | - p = buf; | |
862 | - p7 = d2i_PKCS7(NULL, &p, len); | |
863 | - | |
864 | -At this point p7 contains a valid PKCS7 structure or NULL if an error | |
865 | -occurred. If an error occurred ERR_print_errors(bio) should give more | |
866 | -information. | |
867 | - | |
868 | -The reason for the temporary variable 'p' is that the ASN1 functions | |
869 | -increment the passed pointer so it is ready to read or write the next | |
870 | -structure. This is often a cause of problems: without the temporary | |
871 | -variable the buffer pointer is changed to point just after the data | |
872 | -that has been read or written. This may well be uninitialized data | |
873 | -and attempts to free the buffer will have unpredictable results | |
874 | -because it no longer points to the same address. | |
875 | - | |
876 | -Memory allocation and encoding can also be combined in a single | |
877 | -operation by the ASN1 routines: | |
878 | - | |
879 | - unsigned char *buf = NULL; /* mandatory */ | |
880 | - int len; | |
881 | - len = i2d_PKCS7(p7, &buf); | |
882 | - if (len < 0) | |
883 | - /* Error */ | |
884 | - /* Do some things with 'buf' */ | |
885 | - /* Finished with buf: free it */ | |
886 | - OPENSSL_free(buf); | |
887 | - | |
888 | -In this special case the "buf" parameter is *not* incremented, it points | |
889 | -to the start of the encoding. | |
890 | - | |
891 | - | |
892 | -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? | |
893 | - | |
894 | -The short answer is yes, because DER is a special case of BER and OpenSSL | |
895 | -ASN1 decoders can process BER. | |
896 | - | |
897 | -The longer answer is that ASN1 structures can be encoded in a number of | |
898 | -different ways. One set of ways is the Basic Encoding Rules (BER) with various | |
899 | -permissible encodings. A restriction of BER is the Distinguished Encoding | |
900 | -Rules (DER): these uniquely specify how a given structure is encoded. | |
901 | - | |
902 | -Therefore, because DER is a special case of BER, DER is an acceptable encoding | |
903 | -for BER. | |
904 | - | |
905 | - | |
906 | -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? | |
907 | - | |
908 | -This usually happens when you try compiling something using the PKCS#12 | |
909 | -macros with a C++ compiler. There is hardly ever any need to use the | |
910 | -PKCS#12 macros in a program, it is much easier to parse and create | |
911 | -PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions | |
912 | -documented in doc/openssl.txt and with examples in demos/pkcs12. The | |
913 | -'pkcs12' application has to use the macros because it prints out | |
914 | -debugging information. | |
915 | - | |
916 | - | |
917 | -* I've called <some function> and it fails, why? | |
918 | - | |
919 | -Before submitting a report or asking in one of the mailing lists, you | |
920 | -should try to determine the cause. In particular, you should call | |
921 | -ERR_print_errors() or ERR_print_errors_fp() after the failed call | |
922 | -and see if the message helps. Note that the problem may occur earlier | |
923 | -than you think -- you should check for errors after every call where | |
924 | -it is possible, otherwise the actual problem may be hidden because | |
925 | -some OpenSSL functions clear the error state. | |
926 | - | |
927 | - | |
928 | -* I just get a load of numbers for the error output, what do they mean? | |
929 | - | |
930 | -The actual format is described in the ERR_print_errors() manual page. | |
931 | -You should call the function ERR_load_crypto_strings() before hand and | |
932 | -the message will be output in text form. If you can't do this (for example | |
933 | -it is a pre-compiled binary) you can use the errstr utility on the error | |
934 | -code itself (the hex digits after the second colon). | |
935 | - | |
936 | - | |
937 | -* Why do I get errors about unknown algorithms? | |
938 | - | |
939 | -The cause is forgetting to load OpenSSL's table of algorithms with | |
940 | -OpenSSL_add_all_algorithms(). See the manual page for more information. This | |
941 | -can cause several problems such as being unable to read in an encrypted | |
942 | -PEM file, unable to decrypt a PKCS#12 file or signature failure when | |
943 | -verifying certificates. | |
944 | - | |
945 | -* Why can't the OpenSSH configure script detect OpenSSL? | |
946 | - | |
947 | -Several reasons for problems with the automatic detection exist. | |
948 | -OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. | |
949 | -Sometimes the distribution has installed an older version in the system | |
950 | -locations that is detected instead of a new one installed. The OpenSSL | |
951 | -library might have been compiled for another CPU or another mode (32/64 bits). | |
952 | -Permissions might be wrong. | |
953 | - | |
954 | -The general answer is to check the config.log file generated when running | |
955 | -the OpenSSH configure script. It should contain the detailed information | |
956 | -on why the OpenSSL library was not detected or considered incompatible. | |
957 | - | |
958 | - | |
959 | -* Can I use OpenSSL's SSL library with non-blocking I/O? | |
960 | - | |
961 | -Yes; make sure to read the SSL_get_error(3) manual page! | |
962 | - | |
963 | -A pitfall to avoid: Don't assume that SSL_read() will just read from | |
964 | -the underlying transport or that SSL_write() will just write to it -- | |
965 | -it is also possible that SSL_write() cannot do any useful work until | |
966 | -there is data to read, or that SSL_read() cannot do anything until it | |
967 | -is possible to send data. One reason for this is that the peer may | |
968 | -request a new TLS/SSL handshake at any time during the protocol, | |
969 | -requiring a bi-directional message exchange; both SSL_read() and | |
970 | -SSL_write() will try to continue any pending handshake. | |
971 | - | |
972 | - | |
973 | -* Why doesn't my server application receive a client certificate? | |
974 | - | |
975 | -Due to the TLS protocol definition, a client will only send a certificate, | |
976 | -if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the | |
977 | -SSL_CTX_set_verify() function to enable the use of client certificates. | |
978 | - | |
979 | - | |
980 | -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? | |
981 | - | |
982 | -For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier | |
983 | -versions, uniqueIdentifier was incorrectly used for X.509 certificates. | |
984 | -The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. | |
985 | -Change your code to use the new name when compiling against OpenSSL 0.9.7. | |
986 | - | |
987 | - | |
988 | -* I think I've detected a memory leak, is this a bug? | |
989 | - | |
990 | -In most cases the cause of an apparent memory leak is an OpenSSL internal table | |
991 | -that is allocated when an application starts up. Since such tables do not grow | |
992 | -in size over time they are harmless. | |
993 | - | |
994 | -These internal tables can be freed up when an application closes using various | |
995 | -functions. Currently these include following: | |
996 | - | |
997 | -Thread-local cleanup functions: | |
998 | - | |
999 | - ERR_remove_state() | |
1000 | - | |
1001 | -Application-global cleanup functions that are aware of usage (and therefore | |
1002 | -thread-safe): | |
1003 | - | |
1004 | - ENGINE_cleanup() and CONF_modules_unload() | |
1005 | - | |
1006 | -"Brutal" (thread-unsafe) Application-global cleanup functions: | |
1007 | - | |
1008 | - ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). | |
1009 | - | |
1010 | - | |
1011 | -* Why does Valgrind complain about the use of uninitialized data? | |
1012 | - | |
1013 | -When OpenSSL's PRNG routines are called to generate random numbers the supplied | |
1014 | -buffer contents are mixed into the entropy pool: so it technically does not | |
1015 | -matter whether the buffer is initialized at this point or not. Valgrind (and | |
1016 | -other test tools) will complain about this. When using Valgrind, make sure the | |
1017 | -OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) | |
1018 | -to get rid of these warnings. | |
1019 | - | |
1020 | - | |
1021 | -* Why doesn't a memory BIO work when a file does? | |
1022 | - | |
1023 | -This can occur in several cases for example reading an S/MIME email message. | |
1024 | -The reason is that a memory BIO can do one of two things when all the data | |
1025 | -has been read from it. | |
1026 | - | |
1027 | -The default behaviour is to indicate that no more data is available and that | |
1028 | -the call should be retried, this is to allow the application to fill up the BIO | |
1029 | -again if necessary. | |
1030 | - | |
1031 | -Alternatively it can indicate that no more data is available and that EOF has | |
1032 | -been reached. | |
1033 | - | |
1034 | -If a memory BIO is to behave in the same way as a file this second behaviour | |
1035 | -is needed. This must be done by calling: | |
1036 | - | |
1037 | - BIO_set_mem_eof_return(bio, 0); | |
1038 | - | |
1039 | -See the manual pages for more details. | |
1040 | - | |
1041 | - | |
1042 | -* Where are the declarations and implementations of d2i_X509() etc? | |
1043 | - | |
1044 | -These are defined and implemented by macros of the form: | |
1045 | - | |
1046 | - | |
1047 | - DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509) | |
1048 | - | |
1049 | -The implementation passes an ASN1 "template" defining the structure into an | |
1050 | -ASN1 interpreter using generalised functions such as ASN1_item_d2i(). | |
1051 | - | |
1052 | - | |
1053 | -=============================================================================== | |
1 | +The FAQ is now maintained on the web: | |
2 | + https://www.openssl.org/docs/faq.html |
@@ -5,9 +5,19 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] | |
9 | + | |
10 | + o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) | |
11 | + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) | |
12 | + o X509_ATTRIBUTE memory leak (CVE-2015-3195) | |
13 | + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs | |
14 | + o In DSA_generate_parameters_ex, if the provided seed is too short, | |
15 | + return an error | |
16 | + | |
8 | 17 | Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] |
9 | 18 | |
10 | 19 | o Alternate chains certificate forgery (CVE-2015-1793) |
20 | + o Race condition handling PSK identify hint (CVE-2015-3196) | |
11 | 21 | |
12 | 22 | Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] |
13 | 23 |
@@ -1,7 +1,7 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.0.2d 9 Jul 2015 | |
2 | + OpenSSL 1.0.2e 3 Dec 2015 | |
3 | 3 | |
4 | - Copyright (c) 1998-2011 The OpenSSL Project | |
4 | + Copyright (c) 1998-2015 The OpenSSL Project | |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
6 | 6 | All rights reserved. |
7 | 7 |
@@ -10,17 +10,17 @@ | ||
10 | 10 | |
11 | 11 | The OpenSSL Project is a collaborative effort to develop a robust, |
12 | 12 | commercial-grade, fully featured, and Open Source toolkit implementing the |
13 | - Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) | |
14 | - protocols as well as a full-strength general purpose cryptography library. | |
15 | - The project is managed by a worldwide community of volunteers that use the | |
16 | - Internet to communicate, plan, and develop the OpenSSL toolkit and its | |
17 | - related documentation. | |
13 | + Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as | |
14 | + well as a full-strength general purpose cryptograpic library. The project is | |
15 | + managed by a worldwide community of volunteers that use the Internet to | |
16 | + communicate, plan, and develop the OpenSSL toolkit and its related | |
17 | + documentation. | |
18 | 18 | |
19 | - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young | |
19 | + OpenSSL is descended from the SSLeay library developed by Eric A. Young | |
20 | 20 | and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the |
21 | - OpenSSL license plus the SSLeay license) situation, which basically means | |
22 | - that you are free to get and use it for commercial and non-commercial | |
23 | - purposes as long as you fulfill the conditions of both licenses. | |
21 | + OpenSSL license plus the SSLeay license), which means that you are free to | |
22 | + get and use it for commercial and non-commercial purposes as long as you | |
23 | + fulfill the conditions of both licenses. | |
24 | 24 | |
25 | 25 | OVERVIEW |
26 | 26 | -------- |
@@ -28,90 +28,39 @@ | ||
28 | 28 | The OpenSSL toolkit includes: |
29 | 29 | |
30 | 30 | libssl.a: |
31 | - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support | |
32 | - both SSLv2, SSLv3 and TLSv1 in the one server and client. | |
31 | + Provides the client and server-side implementations for SSLv3 and TLS. | |
33 | 32 | |
34 | 33 | libcrypto.a: |
35 | - General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not | |
36 | - actually logically part of it. It includes routines for the following: | |
37 | - | |
38 | - Ciphers | |
39 | - libdes - EAY's libdes DES encryption package which was floating | |
40 | - around the net for a few years, and was then relicensed by | |
41 | - him as part of SSLeay. It includes 15 'modes/variations' | |
42 | - of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; | |
43 | - pcbc and a more general form of cfb and ofb) including desx | |
44 | - in cbc mode, a fast crypt(3), and routines to read | |
45 | - passwords from the keyboard. | |
46 | - RC4 encryption, | |
47 | - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
48 | - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
49 | - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
50 | - | |
51 | - Digests | |
52 | - MD5 and MD2 message digest algorithms, fast implementations, | |
53 | - SHA (SHA-0) and SHA-1 message digest algorithms, | |
54 | - MDC2 message digest. A DES based hash that is popular on smart cards. | |
55 | - | |
56 | - Public Key | |
57 | - RSA encryption/decryption/generation. | |
58 | - There is no limit on the number of bits. | |
59 | - DSA encryption/decryption/generation. | |
60 | - There is no limit on the number of bits. | |
61 | - Diffie-Hellman key-exchange/key generation. | |
62 | - There is no limit on the number of bits. | |
63 | - | |
64 | - X.509v3 certificates | |
65 | - X509 encoding/decoding into/from binary ASN1 and a PEM | |
66 | - based ASCII-binary encoding which supports encryption with a | |
67 | - private key. Program to generate RSA and DSA certificate | |
68 | - requests and to generate RSA and DSA certificates. | |
69 | - | |
70 | - Systems | |
71 | - The normal digital envelope routines and base64 encoding. Higher | |
72 | - level access to ciphers and digests by name. New ciphers can be | |
73 | - loaded at run time. The BIO io system which is a simple non-blocking | |
74 | - IO abstraction. Current methods supported are file descriptors, | |
75 | - sockets, socket accept, socket connect, memory buffer, buffering, SSL | |
76 | - client/server, file pointer, encryption, digest, non-blocking testing | |
77 | - and null. | |
78 | - | |
79 | - Data structures | |
80 | - A dynamically growing hashing system | |
81 | - A simple stack. | |
82 | - A Configuration loader that uses a format similar to MS .ini files. | |
34 | + Provides general cryptographic and X.509 support needed by SSL/TLS but | |
35 | + not logically part of it. | |
83 | 36 | |
84 | 37 | openssl: |
85 | 38 | A command line tool that can be used for: |
86 | - Creation of RSA, DH and DSA key parameters | |
39 | + Creation of key parameters | |
87 | 40 | Creation of X.509 certificates, CSRs and CRLs |
88 | - Calculation of Message Digests | |
89 | - Encryption and Decryption with Ciphers | |
90 | - SSL/TLS Client and Server Tests | |
41 | + Calculation of message digests | |
42 | + Encryption and decryption | |
43 | + SSL/TLS client and server tests | |
91 | 44 | Handling of S/MIME signed or encrypted mail |
45 | + And more... | |
92 | 46 | |
93 | 47 | INSTALLATION |
94 | 48 | ------------ |
95 | 49 | |
96 | - To install this package under a Unix derivative, read the INSTALL file. For | |
97 | - a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read | |
98 | - INSTALL.VMS. | |
99 | - | |
100 | - Read the documentation in the doc/ directory. It is quite rough, but it | |
101 | - lists the functions; you will probably have to look at the code to work out | |
102 | - how to use them. Look at the example programs. | |
103 | - | |
104 | - PROBLEMS | |
105 | - -------- | |
106 | - | |
107 | - For some platforms, there are some known problems that may affect the user | |
108 | - or application author. We try to collect those in doc/PROBLEMS, with current | |
109 | - thoughts on how they should be solved in a future of OpenSSL. | |
50 | + See the appropriate file: | |
51 | + INSTALL Linux, Unix, etc. | |
52 | + INSTALL.DJGPP DOS platform with DJGPP | |
53 | + INSTALL.NW Netware | |
54 | + INSTALL.OS2 OS/2 | |
55 | + INSTALL.VMS VMS | |
56 | + INSTALL.W32 Windows (32bit) | |
57 | + INSTALL.W64 Windows (64bit) | |
58 | + INSTALL.WCE Windows CE | |
110 | 59 | |
111 | 60 | SUPPORT |
112 | 61 | ------- |
113 | 62 | |
114 | - See the OpenSSL website www.openssl.org for details of how to obtain | |
63 | + See the OpenSSL website www.openssl.org for details on how to obtain | |
115 | 64 | commercial technical support. |
116 | 65 | |
117 | 66 | If you have any problems with OpenSSL then please take the following steps |
@@ -137,56 +86,33 @@ | ||
137 | 86 | |
138 | 87 | Email the report to: |
139 | 88 | |
140 | - openssl-bugs@openssl.org | |
89 | + rt@openssl.org | |
90 | + | |
91 | + In order to avoid spam, this is a moderated mailing list, and it might | |
92 | + take a day for the ticket to show up. (We also scan posts to make sure | |
93 | + that security disclosures aren't publically posted by mistake.) Mail to | |
94 | + this address is recorded in the public RT (request tracker) database (see | |
95 | + https://www.openssl.org/support/rt.html for details) and also forwarded | |
96 | + the public openssl-dev mailing list. Confidential mail may be sent to | |
97 | + openssl-security@openssl.org (PGP key available from the key servers). | |
141 | 98 | |
142 | - Note that the request tracker should NOT be used for general assistance | |
143 | - or support queries. Just because something doesn't work the way you expect | |
144 | - does not mean it is necessarily a bug in OpenSSL. | |
99 | + Please do NOT use this for general assistance or support queries. | |
100 | + Just because something doesn't work the way you expect does not mean it | |
101 | + is necessarily a bug in OpenSSL. | |
145 | 102 | |
146 | - Note that mail to openssl-bugs@openssl.org is recorded in the public | |
147 | - request tracker database (see https://www.openssl.org/support/rt.html | |
148 | - for details) and also forwarded to a public mailing list. Confidential | |
149 | - mail may be sent to openssl-security@openssl.org (PGP key available from | |
150 | - the key servers). | |
103 | + You can also make GitHub pull requests. If you do this, please also send | |
104 | + mail to rt@openssl.org with a link to the PR so that we can more easily | |
105 | + keep track of it. | |
151 | 106 | |
152 | 107 | HOW TO CONTRIBUTE TO OpenSSL |
153 | 108 | ---------------------------- |
154 | 109 | |
155 | - Development is coordinated on the openssl-dev mailing list (see | |
156 | - http://www.openssl.org for information on subscribing). If you | |
157 | - would like to submit a patch, send it to openssl-bugs@openssl.org with | |
158 | - the string "[PATCH]" in the subject. Please be sure to include a | |
159 | - textual explanation of what your patch does. | |
160 | - | |
161 | - If you are unsure as to whether a feature will be useful for the general | |
162 | - OpenSSL community please discuss it on the openssl-dev mailing list first. | |
163 | - Someone may be already working on the same thing or there may be a good | |
164 | - reason as to why that feature isn't implemented. | |
165 | - | |
166 | - Patches should be as up to date as possible, preferably relative to the | |
167 | - current Git or the last snapshot. They should follow the coding style of | |
168 | - OpenSSL and compile without warnings. Some of the core team developer targets | |
169 | - can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL | |
170 | - compiles on many varied platforms: try to ensure you only use portable | |
171 | - features. | |
172 | - | |
173 | - Note: For legal reasons, contributions from the US can be accepted only | |
174 | - if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov | |
175 | - (formerly BXA) with a copy to the ENC Encryption Request Coordinator; | |
176 | - please take some time to look at | |
177 | - http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] | |
178 | - and | |
179 | - http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) | |
180 | - for the details. If "your encryption source code is too large to serve as | |
181 | - an email attachment", they are glad to receive it by fax instead; hope you | |
182 | - have a cheap long-distance plan. | |
183 | - | |
184 | - Our preferred format for changes is "diff -u" output. You might | |
185 | - generate it like this: | |
186 | - | |
187 | - # cd openssl-work | |
188 | - # [your changes] | |
189 | - # ./Configure dist; make clean | |
190 | - # cd .. | |
191 | - # diff -ur openssl-orig openssl-work > mydiffs.patch | |
110 | + See CONTRIBUTING | |
111 | + | |
112 | + LEGALITIES | |
113 | + ---------- | |
192 | 114 | |
115 | + A number of nations, in particular the U.S., restrict the use or export | |
116 | + of cryptography. If you are potentially subject to such restrictions | |
117 | + you should seek competent professional legal advice before attempting to | |
118 | + develop or distribute cryptographic code. |
@@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len); | ||
86 | 86 | int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); |
87 | 87 | size_t BUF_strnlen(const char *str, size_t maxlen); |
88 | 88 | char *BUF_strdup(const char *str); |
89 | + | |
90 | +/* | |
91 | + * Like strndup, but in addition, explicitly guarantees to never read past the | |
92 | + * first |siz| bytes of |str|. | |
93 | + */ | |
89 | 94 | char *BUF_strndup(const char *str, size_t siz); |
95 | + | |
90 | 96 | void *BUF_memdup(const void *data, size_t siz); |
91 | 97 | void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); |
92 | 98 |
@@ -142,7 +142,7 @@ struct dh_st { | ||
142 | 142 | BIGNUM *p; |
143 | 143 | BIGNUM *g; |
144 | 144 | long length; /* optional */ |
145 | - BIGNUM *pub_key; /* g^x */ | |
145 | + BIGNUM *pub_key; /* g^x % p */ | |
146 | 146 | BIGNUM *priv_key; /* x */ |
147 | 147 | int flags; |
148 | 148 | BN_MONT_CTX *method_mont_p; |
@@ -106,7 +106,7 @@ typedef enum { | ||
106 | 106 | /** the point is encoded as z||x, where the octet z specifies |
107 | 107 | * which solution of the quadratic equation y is */ |
108 | 108 | POINT_CONVERSION_COMPRESSED = 2, |
109 | - /** the point is encoded as z||x||y, where z is the octet 0x02 */ | |
109 | + /** the point is encoded as z||x||y, where z is the octet 0x04 */ | |
110 | 110 | POINT_CONVERSION_UNCOMPRESSED = 4, |
111 | 111 | /** the point is encoded as z||x||y, where the octet z specifies |
112 | 112 | * which solution of the quadratic equation y is */ |
@@ -233,7 +233,7 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx); | ||
233 | 233 | * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred |
234 | 234 | */ |
235 | 235 | |
236 | -ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method); | |
236 | +ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method); | |
237 | 237 | |
238 | 238 | /** frees a ECDSA_METHOD structure |
239 | 239 | * \param ecdsa_method pointer to the ECDSA_METHOD structure |
@@ -1,253 +1,260 @@ | ||
1 | -/* opensslconf.h */ | |
2 | -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ | |
3 | - | |
4 | -#ifdef __cplusplus | |
5 | -extern "C" { | |
6 | -#endif | |
7 | -/* OpenSSL was configured with the following options: */ | |
8 | -#ifndef OPENSSL_DOING_MAKEDEPEND | |
9 | - | |
10 | - | |
11 | -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 | |
12 | -# define OPENSSL_NO_EC_NISTP_64_GCC_128 | |
13 | -#endif | |
14 | -#ifndef OPENSSL_NO_GMP | |
15 | -# define OPENSSL_NO_GMP | |
16 | -#endif | |
17 | -#ifndef OPENSSL_NO_JPAKE | |
18 | -# define OPENSSL_NO_JPAKE | |
19 | -#endif | |
20 | -#ifndef OPENSSL_NO_KRB5 | |
21 | -# define OPENSSL_NO_KRB5 | |
22 | -#endif | |
23 | -#ifndef OPENSSL_NO_LIBUNBOUND | |
24 | -# define OPENSSL_NO_LIBUNBOUND | |
25 | -#endif | |
26 | -#ifndef OPENSSL_NO_MD2 | |
27 | -# define OPENSSL_NO_MD2 | |
28 | -#endif | |
29 | -#ifndef OPENSSL_NO_RC5 | |
30 | -# define OPENSSL_NO_RC5 | |
31 | -#endif | |
32 | -#ifndef OPENSSL_NO_RFC3779 | |
33 | -# define OPENSSL_NO_RFC3779 | |
34 | -#endif | |
35 | -#ifndef OPENSSL_NO_SCTP | |
36 | -# define OPENSSL_NO_SCTP | |
37 | -#endif | |
38 | -#ifndef OPENSSL_NO_SSL_TRACE | |
39 | -# define OPENSSL_NO_SSL_TRACE | |
40 | -#endif | |
41 | -#ifndef OPENSSL_NO_STORE | |
42 | -# define OPENSSL_NO_STORE | |
43 | -#endif | |
44 | -#ifndef OPENSSL_NO_UNIT_TEST | |
45 | -# define OPENSSL_NO_UNIT_TEST | |
46 | -#endif | |
47 | - | |
48 | -#endif /* OPENSSL_DOING_MAKEDEPEND */ | |
49 | - | |
50 | -#ifndef OPENSSL_NO_DYNAMIC_ENGINE | |
51 | -# define OPENSSL_NO_DYNAMIC_ENGINE | |
52 | -#endif | |
53 | - | |
54 | -/* The OPENSSL_NO_* macros are also defined as NO_* if the application | |
55 | - asks for it. This is a transient feature that is provided for those | |
56 | - who haven't had the time to do the appropriate changes in their | |
57 | - applications. */ | |
58 | -#ifdef OPENSSL_ALGORITHM_DEFINES | |
59 | -# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) | |
60 | -# define NO_EC_NISTP_64_GCC_128 | |
61 | -# endif | |
62 | -# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) | |
63 | -# define NO_GMP | |
64 | -# endif | |
65 | -# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) | |
66 | -# define NO_JPAKE | |
67 | -# endif | |
68 | -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) | |
69 | -# define NO_KRB5 | |
70 | -# endif | |
71 | -# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) | |
72 | -# define NO_LIBUNBOUND | |
73 | -# endif | |
74 | -# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) | |
75 | -# define NO_MD2 | |
76 | -# endif | |
77 | -# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) | |
78 | -# define NO_RC5 | |
79 | -# endif | |
80 | -# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) | |
81 | -# define NO_RFC3779 | |
82 | -# endif | |
83 | -# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) | |
84 | -# define NO_SCTP | |
85 | -# endif | |
86 | -# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) | |
87 | -# define NO_SSL_TRACE | |
88 | -# endif | |
89 | -# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) | |
90 | -# define NO_STORE | |
91 | -# endif | |
92 | -# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) | |
93 | -# define NO_UNIT_TEST | |
94 | -# endif | |
95 | -#endif | |
96 | - | |
97 | -/* crypto/opensslconf.h.in */ | |
98 | - | |
99 | -/* Generate 80386 code? */ | |
100 | -#undef I386_ONLY | |
101 | - | |
102 | -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ | |
103 | -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) | |
104 | -#define ENGINESDIR "/usr/local/ssl/lib/engines" | |
105 | -#define OPENSSLDIR "/usr/local/ssl" | |
106 | -#endif | |
107 | -#endif | |
108 | - | |
109 | -#undef OPENSSL_UNISTD | |
110 | -#define OPENSSL_UNISTD <unistd.h> | |
111 | - | |
112 | -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION | |
113 | - | |
114 | -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) | |
115 | -#define IDEA_INT unsigned int | |
116 | -#endif | |
117 | - | |
118 | -#if defined(HEADER_MD2_H) && !defined(MD2_INT) | |
119 | -#define MD2_INT unsigned int | |
120 | -#endif | |
121 | - | |
122 | -#if defined(HEADER_RC2_H) && !defined(RC2_INT) | |
123 | -/* I need to put in a mod for the alpha - eay */ | |
124 | -#define RC2_INT unsigned int | |
125 | -#endif | |
126 | - | |
127 | -#if defined(HEADER_RC4_H) | |
128 | -#if !defined(RC4_INT) | |
129 | -/* using int types make the structure larger but make the code faster | |
130 | - * on most boxes I have tested - up to %20 faster. */ | |
131 | -/* | |
132 | - * I don't know what does "most" mean, but declaring "int" is a must on: | |
133 | - * - Intel P6 because partial register stalls are very expensive; | |
134 | - * - elder Alpha because it lacks byte load/store instructions; | |
135 | - */ | |
136 | -#define RC4_INT unsigned int | |
137 | -#endif | |
138 | -#if !defined(RC4_CHUNK) | |
139 | -/* | |
140 | - * This enables code handling data aligned at natural CPU word | |
141 | - * boundary. See crypto/rc4/rc4_enc.c for further details. | |
142 | - */ | |
143 | -#undef RC4_CHUNK | |
144 | -#endif | |
145 | -#endif | |
146 | - | |
147 | -#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) | |
148 | -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a | |
149 | - * %20 speed up (longs are 8 bytes, int's are 4). */ | |
150 | -#ifndef DES_LONG | |
151 | -#define DES_LONG unsigned long | |
152 | -#endif | |
153 | -#endif | |
154 | - | |
155 | -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) | |
156 | -#define CONFIG_HEADER_BN_H | |
157 | -#undef BN_LLONG | |
158 | - | |
159 | -/* Should we define BN_DIV2W here? */ | |
160 | - | |
161 | -/* Only one for the following should be defined */ | |
162 | -#undef SIXTY_FOUR_BIT_LONG | |
163 | -#undef SIXTY_FOUR_BIT | |
164 | -#define THIRTY_TWO_BIT | |
165 | -#endif | |
166 | - | |
167 | -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) | |
168 | -#define CONFIG_HEADER_RC4_LOCL_H | |
169 | -/* if this is defined data[i] is used instead of *data, this is a %20 | |
170 | - * speedup on x86 */ | |
171 | -#undef RC4_INDEX | |
172 | -#endif | |
173 | - | |
174 | -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) | |
175 | -#define CONFIG_HEADER_BF_LOCL_H | |
176 | -#undef BF_PTR | |
177 | -#endif /* HEADER_BF_LOCL_H */ | |
178 | - | |
179 | -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) | |
180 | -#define CONFIG_HEADER_DES_LOCL_H | |
181 | -#ifndef DES_DEFAULT_OPTIONS | |
182 | -/* the following is tweaked from a config script, that is why it is a | |
183 | - * protected undef/define */ | |
184 | -#ifndef DES_PTR | |
185 | -#undef DES_PTR | |
186 | -#endif | |
187 | - | |
188 | -/* This helps C compiler generate the correct code for multiple functional | |
189 | - * units. It reduces register dependancies at the expense of 2 more | |
190 | - * registers */ | |
191 | -#ifndef DES_RISC1 | |
192 | -#undef DES_RISC1 | |
193 | -#endif | |
194 | - | |
195 | -#ifndef DES_RISC2 | |
196 | -#undef DES_RISC2 | |
197 | -#endif | |
198 | - | |
199 | -#if defined(DES_RISC1) && defined(DES_RISC2) | |
200 | -#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | |
201 | -#endif | |
202 | - | |
203 | -/* Unroll the inner loop, this sometimes helps, sometimes hinders. | |
204 | - * Very mucy CPU dependant */ | |
205 | -#ifndef DES_UNROLL | |
206 | -#undef DES_UNROLL | |
207 | -#endif | |
208 | - | |
209 | -/* These default values were supplied by | |
210 | - * Peter Gutman <pgut001@cs.auckland.ac.nz> | |
211 | - * They are only used if nothing else has been defined */ | |
212 | -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) | |
213 | -/* Special defines which change the way the code is built depending on the | |
214 | - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find | |
215 | - even newer MIPS CPU's, but at the moment one size fits all for | |
216 | - optimization options. Older Sparc's work better with only UNROLL, but | |
217 | - there's no way to tell at compile time what it is you're running on */ | |
218 | - | |
219 | -#if defined( sun ) /* Newer Sparc's */ | |
220 | -# define DES_PTR | |
221 | -# define DES_RISC1 | |
222 | -# define DES_UNROLL | |
223 | -#elif defined( __ultrix ) /* Older MIPS */ | |
224 | -# define DES_PTR | |
225 | -# define DES_RISC2 | |
226 | -# define DES_UNROLL | |
227 | -#elif defined( __osf1__ ) /* Alpha */ | |
228 | -# define DES_PTR | |
229 | -# define DES_RISC2 | |
230 | -#elif defined ( _AIX ) /* RS6000 */ | |
231 | - /* Unknown */ | |
232 | -#elif defined( __hpux ) /* HP-PA */ | |
233 | - /* Unknown */ | |
234 | -#elif defined( __aux ) /* 68K */ | |
235 | - /* Unknown */ | |
236 | -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ | |
237 | -# define DES_UNROLL | |
238 | -#elif defined( __sgi ) /* Newer MIPS */ | |
239 | -# define DES_PTR | |
240 | -# define DES_RISC2 | |
241 | -# define DES_UNROLL | |
242 | -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ | |
243 | -# define DES_PTR | |
244 | -# define DES_RISC1 | |
245 | -# define DES_UNROLL | |
246 | -#endif /* Systems-specific speed defines */ | |
247 | -#endif | |
248 | - | |
249 | -#endif /* DES_DEFAULT_OPTIONS */ | |
250 | -#endif /* HEADER_DES_LOCL_H */ | |
251 | -#ifdef __cplusplus | |
252 | -} | |
253 | -#endif | |
1 | +/* opensslconf.h */ | |
2 | +/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ | |
3 | + | |
4 | +#ifdef __cplusplus | |
5 | +extern "C" { | |
6 | +#endif | |
7 | +/* OpenSSL was configured with the following options: */ | |
8 | +#ifndef OPENSSL_SYSNAME_WIN32 | |
9 | +# define OPENSSL_SYSNAME_WIN32 | |
10 | +#endif | |
11 | +#ifndef OPENSSL_DOING_MAKEDEPEND | |
12 | + | |
13 | + | |
14 | +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 | |
15 | +# define OPENSSL_NO_EC_NISTP_64_GCC_128 | |
16 | +#endif | |
17 | +#ifndef OPENSSL_NO_GMP | |
18 | +# define OPENSSL_NO_GMP | |
19 | +#endif | |
20 | +#ifndef OPENSSL_NO_JPAKE | |
21 | +# define OPENSSL_NO_JPAKE | |
22 | +#endif | |
23 | +#ifndef OPENSSL_NO_KRB5 | |
24 | +# define OPENSSL_NO_KRB5 | |
25 | +#endif | |
26 | +#ifndef OPENSSL_NO_LIBUNBOUND | |
27 | +# define OPENSSL_NO_LIBUNBOUND | |
28 | +#endif | |
29 | +#ifndef OPENSSL_NO_MD2 | |
30 | +# define OPENSSL_NO_MD2 | |
31 | +#endif | |
32 | +#ifndef OPENSSL_NO_RC5 | |
33 | +# define OPENSSL_NO_RC5 | |
34 | +#endif | |
35 | +#ifndef OPENSSL_NO_RFC3779 | |
36 | +# define OPENSSL_NO_RFC3779 | |
37 | +#endif | |
38 | +#ifndef OPENSSL_NO_SCTP | |
39 | +# define OPENSSL_NO_SCTP | |
40 | +#endif | |
41 | +#ifndef OPENSSL_NO_SSL_TRACE | |
42 | +# define OPENSSL_NO_SSL_TRACE | |
43 | +#endif | |
44 | +#ifndef OPENSSL_NO_STORE | |
45 | +# define OPENSSL_NO_STORE | |
46 | +#endif | |
47 | +#ifndef OPENSSL_NO_UNIT_TEST | |
48 | +# define OPENSSL_NO_UNIT_TEST | |
49 | +#endif | |
50 | + | |
51 | +#endif /* OPENSSL_DOING_MAKEDEPEND */ | |
52 | + | |
53 | +#ifndef OPENSSL_THREADS | |
54 | +# define OPENSSL_THREADS | |
55 | +#endif | |
56 | +#ifndef OPENSSL_NO_ASM | |
57 | +# define OPENSSL_NO_ASM | |
58 | +#endif | |
59 | + | |
60 | +/* The OPENSSL_NO_* macros are also defined as NO_* if the application | |
61 | + asks for it. This is a transient feature that is provided for those | |
62 | + who haven't had the time to do the appropriate changes in their | |
63 | + applications. */ | |
64 | +#ifdef OPENSSL_ALGORITHM_DEFINES | |
65 | +# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) | |
66 | +# define NO_EC_NISTP_64_GCC_128 | |
67 | +# endif | |
68 | +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) | |
69 | +# define NO_GMP | |
70 | +# endif | |
71 | +# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) | |
72 | +# define NO_JPAKE | |
73 | +# endif | |
74 | +# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) | |
75 | +# define NO_KRB5 | |
76 | +# endif | |
77 | +# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) | |
78 | +# define NO_LIBUNBOUND | |
79 | +# endif | |
80 | +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) | |
81 | +# define NO_MD2 | |
82 | +# endif | |
83 | +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) | |
84 | +# define NO_RC5 | |
85 | +# endif | |
86 | +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) | |
87 | +# define NO_RFC3779 | |
88 | +# endif | |
89 | +# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) | |
90 | +# define NO_SCTP | |
91 | +# endif | |
92 | +# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) | |
93 | +# define NO_SSL_TRACE | |
94 | +# endif | |
95 | +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) | |
96 | +# define NO_STORE | |
97 | +# endif | |
98 | +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) | |
99 | +# define NO_UNIT_TEST | |
100 | +# endif | |
101 | +#endif | |
102 | + | |
103 | +/* crypto/opensslconf.h.in */ | |
104 | + | |
105 | +/* Generate 80386 code? */ | |
106 | +#undef I386_ONLY | |
107 | + | |
108 | +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ | |
109 | +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) | |
110 | +#define ENGINESDIR "./lib/engines" | |
111 | +#define OPENSSLDIR "././ssl" | |
112 | +#endif | |
113 | +#endif | |
114 | + | |
115 | +#undef OPENSSL_UNISTD | |
116 | +#define OPENSSL_UNISTD <unistd.h> | |
117 | + | |
118 | +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION | |
119 | +#define OPENSSL_EXPORT_VAR_AS_FUNCTION | |
120 | + | |
121 | +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) | |
122 | +#define IDEA_INT unsigned int | |
123 | +#endif | |
124 | + | |
125 | +#if defined(HEADER_MD2_H) && !defined(MD2_INT) | |
126 | +#define MD2_INT unsigned int | |
127 | +#endif | |
128 | + | |
129 | +#if defined(HEADER_RC2_H) && !defined(RC2_INT) | |
130 | +/* I need to put in a mod for the alpha - eay */ | |
131 | +#define RC2_INT unsigned int | |
132 | +#endif | |
133 | + | |
134 | +#if defined(HEADER_RC4_H) | |
135 | +#if !defined(RC4_INT) | |
136 | +/* using int types make the structure larger but make the code faster | |
137 | + * on most boxes I have tested - up to %20 faster. */ | |
138 | +/* | |
139 | + * I don't know what does "most" mean, but declaring "int" is a must on: | |
140 | + * - Intel P6 because partial register stalls are very expensive; | |
141 | + * - elder Alpha because it lacks byte load/store instructions; | |
142 | + */ | |
143 | +#define RC4_INT unsigned int | |
144 | +#endif | |
145 | +#if !defined(RC4_CHUNK) | |
146 | +/* | |
147 | + * This enables code handling data aligned at natural CPU word | |
148 | + * boundary. See crypto/rc4/rc4_enc.c for further details. | |
149 | + */ | |
150 | +#undef RC4_CHUNK | |
151 | +#endif | |
152 | +#endif | |
153 | + | |
154 | +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) | |
155 | +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a | |
156 | + * %20 speed up (longs are 8 bytes, int's are 4). */ | |
157 | +#ifndef DES_LONG | |
158 | +#define DES_LONG unsigned long | |
159 | +#endif | |
160 | +#endif | |
161 | + | |
162 | +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) | |
163 | +#define CONFIG_HEADER_BN_H | |
164 | +#define BN_LLONG | |
165 | + | |
166 | +/* Should we define BN_DIV2W here? */ | |
167 | + | |
168 | +/* Only one for the following should be defined */ | |
169 | +#undef SIXTY_FOUR_BIT_LONG | |
170 | +#undef SIXTY_FOUR_BIT | |
171 | +#define THIRTY_TWO_BIT | |
172 | +#endif | |
173 | + | |
174 | +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) | |
175 | +#define CONFIG_HEADER_RC4_LOCL_H | |
176 | +/* if this is defined data[i] is used instead of *data, this is a %20 | |
177 | + * speedup on x86 */ | |
178 | +#define RC4_INDEX | |
179 | +#endif | |
180 | + | |
181 | +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) | |
182 | +#define CONFIG_HEADER_BF_LOCL_H | |
183 | +#undef BF_PTR | |
184 | +#endif /* HEADER_BF_LOCL_H */ | |
185 | + | |
186 | +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) | |
187 | +#define CONFIG_HEADER_DES_LOCL_H | |
188 | +#ifndef DES_DEFAULT_OPTIONS | |
189 | +/* the following is tweaked from a config script, that is why it is a | |
190 | + * protected undef/define */ | |
191 | +#ifndef DES_PTR | |
192 | +#undef DES_PTR | |
193 | +#endif | |
194 | + | |
195 | +/* This helps C compiler generate the correct code for multiple functional | |
196 | + * units. It reduces register dependancies at the expense of 2 more | |
197 | + * registers */ | |
198 | +#ifndef DES_RISC1 | |
199 | +#undef DES_RISC1 | |
200 | +#endif | |
201 | + | |
202 | +#ifndef DES_RISC2 | |
203 | +#undef DES_RISC2 | |
204 | +#endif | |
205 | + | |
206 | +#if defined(DES_RISC1) && defined(DES_RISC2) | |
207 | +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | |
208 | +#endif | |
209 | + | |
210 | +/* Unroll the inner loop, this sometimes helps, sometimes hinders. | |
211 | + * Very mucy CPU dependant */ | |
212 | +#ifndef DES_UNROLL | |
213 | +#undef DES_UNROLL | |
214 | +#endif | |
215 | + | |
216 | +/* These default values were supplied by | |
217 | + * Peter Gutman <pgut001@cs.auckland.ac.nz> | |
218 | + * They are only used if nothing else has been defined */ | |
219 | +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) | |
220 | +/* Special defines which change the way the code is built depending on the | |
221 | + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find | |
222 | + even newer MIPS CPU's, but at the moment one size fits all for | |
223 | + optimization options. Older Sparc's work better with only UNROLL, but | |
224 | + there's no way to tell at compile time what it is you're running on */ | |
225 | + | |
226 | +#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ | |
227 | +# define DES_PTR | |
228 | +# define DES_RISC1 | |
229 | +# define DES_UNROLL | |
230 | +#elif defined( __ultrix ) /* Older MIPS */ | |
231 | +# define DES_PTR | |
232 | +# define DES_RISC2 | |
233 | +# define DES_UNROLL | |
234 | +#elif defined( __osf1__ ) /* Alpha */ | |
235 | +# define DES_PTR | |
236 | +# define DES_RISC2 | |
237 | +#elif defined ( _AIX ) /* RS6000 */ | |
238 | + /* Unknown */ | |
239 | +#elif defined( __hpux ) /* HP-PA */ | |
240 | + /* Unknown */ | |
241 | +#elif defined( __aux ) /* 68K */ | |
242 | + /* Unknown */ | |
243 | +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ | |
244 | +# define DES_UNROLL | |
245 | +#elif defined( __sgi ) /* Newer MIPS */ | |
246 | +# define DES_PTR | |
247 | +# define DES_RISC2 | |
248 | +# define DES_UNROLL | |
249 | +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ | |
250 | +# define DES_PTR | |
251 | +# define DES_RISC1 | |
252 | +# define DES_UNROLL | |
253 | +#endif /* Systems-specific speed defines */ | |
254 | +#endif | |
255 | + | |
256 | +#endif /* DES_DEFAULT_OPTIONS */ | |
257 | +#endif /* HEADER_DES_LOCL_H */ | |
258 | +#ifdef __cplusplus | |
259 | +} | |
260 | +#endif |
@@ -30,11 +30,11 @@ extern "C" { | ||
30 | 30 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
31 | 31 | * major minor fix final patch/beta) |
32 | 32 | */ |
33 | -# define OPENSSL_VERSION_NUMBER 0x1000204fL | |
33 | +# define OPENSSL_VERSION_NUMBER 0x1000205fL | |
34 | 34 | # ifdef OPENSSL_FIPS |
35 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015" | |
35 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-fips 3 Dec 2015" | |
36 | 36 | # else |
37 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015" | |
37 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e 3 Dec 2015" | |
38 | 38 | # endif |
39 | 39 | # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
40 | 40 |
@@ -2681,6 +2681,7 @@ void ERR_load_SSL_strings(void); | ||
2681 | 2681 | # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 |
2682 | 2682 | # define SSL_F_SSL3_ENC 134 |
2683 | 2683 | # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 |
2684 | +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 | |
2684 | 2685 | # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 |
2685 | 2686 | # define SSL_F_SSL3_GET_CERT_STATUS 289 |
2686 | 2687 | # define SSL_F_SSL3_GET_CERT_VERIFY 136 |
@@ -2846,8 +2847,11 @@ void ERR_load_SSL_strings(void); | ||
2846 | 2847 | # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 |
2847 | 2848 | # define SSL_R_BAD_DECOMPRESSION 107 |
2848 | 2849 | # define SSL_R_BAD_DH_G_LENGTH 108 |
2850 | +# define SSL_R_BAD_DH_G_VALUE 375 | |
2849 | 2851 | # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 |
2852 | +# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 | |
2850 | 2853 | # define SSL_R_BAD_DH_P_LENGTH 110 |
2854 | +# define SSL_R_BAD_DH_P_VALUE 395 | |
2851 | 2855 | # define SSL_R_BAD_DIGEST_LENGTH 111 |
2852 | 2856 | # define SSL_R_BAD_DSA_SIGNATURE 112 |
2853 | 2857 | # define SSL_R_BAD_ECC_CERT 304 |
@@ -231,13 +231,12 @@ extern "C" { | ||
231 | 231 | /* ExtensionType value from RFC5620 */ |
232 | 232 | # define TLSEXT_TYPE_heartbeat 15 |
233 | 233 | |
234 | -/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */ | |
234 | +/* ExtensionType value from RFC7301 */ | |
235 | 235 | # define TLSEXT_TYPE_application_layer_protocol_negotiation 16 |
236 | 236 | |
237 | 237 | /* |
238 | 238 | * ExtensionType value for TLS padding extension. |
239 | - * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml | |
240 | - * http://tools.ietf.org/html/draft-agl-tls-padding-03 | |
239 | + * http://tools.ietf.org/html/draft-agl-tls-padding | |
241 | 240 | */ |
242 | 241 | # define TLSEXT_TYPE_padding 21 |
243 | 242 |
@@ -262,20 +261,19 @@ extern "C" { | ||
262 | 261 | # define TLSEXT_TYPE_next_proto_neg 13172 |
263 | 262 | # endif |
264 | 263 | |
265 | -/* NameType value from RFC 3546 */ | |
264 | +/* NameType value from RFC3546 */ | |
266 | 265 | # define TLSEXT_NAMETYPE_host_name 0 |
267 | -/* status request value from RFC 3546 */ | |
266 | +/* status request value from RFC3546 */ | |
268 | 267 | # define TLSEXT_STATUSTYPE_ocsp 1 |
269 | 268 | |
270 | -/* ECPointFormat values from draft-ietf-tls-ecc-12 */ | |
269 | +/* ECPointFormat values from RFC4492 */ | |
271 | 270 | # define TLSEXT_ECPOINTFORMAT_first 0 |
272 | 271 | # define TLSEXT_ECPOINTFORMAT_uncompressed 0 |
273 | 272 | # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 |
274 | 273 | # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 |
275 | 274 | # define TLSEXT_ECPOINTFORMAT_last 2 |
276 | 275 | |
277 | -/* Signature and hash algorithms from RFC 5246 */ | |
278 | - | |
276 | +/* Signature and hash algorithms from RFC5246 */ | |
279 | 277 | # define TLSEXT_signature_anonymous 0 |
280 | 278 | # define TLSEXT_signature_rsa 1 |
281 | 279 | # define TLSEXT_signature_dsa 2 |
@@ -430,7 +428,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | ||
430 | 428 | # define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 |
431 | 429 | |
432 | 430 | /* AES ciphersuites from RFC3268 */ |
433 | - | |
434 | 431 | # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F |
435 | 432 | # define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 |
436 | 433 | # define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 |
@@ -595,7 +592,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | ||
595 | 592 | # define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" |
596 | 593 | # define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" |
597 | 594 | |
598 | -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ | |
595 | +/* ECC ciphersuites from RFC4492 */ | |
599 | 596 | # define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" |
600 | 597 | # define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" |
601 | 598 | # define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" |
@@ -153,15 +153,15 @@ BOOL LoadOpenSSL() | ||
153 | 153 | #ifdef ENABLE_PROCESS_PROTECTION |
154 | 154 | // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること |
155 | 155 | #if defined(_M_IX86) |
156 | - // ssleay32.dll 1.0.2d | |
157 | - RegisterTrustedModuleSHA1Hash("\x62\x0F\x18\x08\xDC\x7D\x84\xB5\xBF\xFE\x65\xF7\xEB\x02\x87\xF9\xE0\x0B\x9D\x0B"); | |
158 | - // libeay32.dll 1.0.2d | |
159 | - RegisterTrustedModuleSHA1Hash("\x2E\x10\xA6\xD2\x3D\x94\x00\xB8\x87\x17\x6D\x12\xB5\x9A\x68\xE7\xFC\x11\xAC\x14"); | |
156 | + // ssleay32.dll 1.0.2e | |
157 | + RegisterTrustedModuleSHA1Hash("\xE8\xD5\xBE\x7A\xD7\xAC\x17\x7E\x1E\x60\xA7\x6A\xD3\xE6\x14\xC9\x7A\x79\x87\x7C"); | |
158 | + // libeay32.dll 1.0.2e | |
159 | + RegisterTrustedModuleSHA1Hash("\x45\xEC\x0B\xCC\x1E\x5F\xC9\xF4\xDA\x03\xF5\xEE\xAB\x6C\x85\x3A\xD8\x49\x23\xD4"); | |
160 | 160 | #elif defined(_M_AMD64) |
161 | - // ssleay32.dll 1.0.2d | |
162 | - RegisterTrustedModuleSHA1Hash("\xD1\xE2\xC3\xA0\xEB\x28\xD0\x15\x2E\x0E\x9E\x3E\xF5\xF7\x42\x45\x58\xA2\x5E\xD1"); | |
163 | - // libeay32.dll 1.0.2d | |
164 | - RegisterTrustedModuleSHA1Hash("\xE4\x26\xA0\xC7\x95\xA3\x2B\x9A\x9A\x43\x6A\xA6\xEA\x00\x34\xAD\xBC\x63\x68\x46"); | |
161 | + // ssleay32.dll 1.0.2e | |
162 | + RegisterTrustedModuleSHA1Hash("\xCB\x81\x60\x86\x1C\x27\xB8\x6D\x43\xA5\xBF\x34\x9F\x8E\xE0\x81\x2F\xFD\xC9\xA6"); | |
163 | + // libeay32.dll 1.0.2e | |
164 | + RegisterTrustedModuleSHA1Hash("\x4A\xD3\x39\x10\x66\xA7\x89\x17\xCF\x5C\x65\x8C\xDE\x43\x9B\xF1\x64\xAE\x0E\x04"); | |
165 | 165 | #endif |
166 | 166 | #endif |
167 | 167 | g_hOpenSSL = LoadLibrary("ssleay32.dll"); |