0 | |
diff --git a/CHANGES b/CHANGES
|
1 | |
index d161eca..53b6c6f 100644
|
2 | |
--- a/CHANGES
|
3 | |
+++ b/CHANGES
|
4 | |
@@ -2,6 +2,10 @@
|
5 | |
OpenSSL CHANGES
|
6 | |
_______________
|
7 | |
|
8 | |
+ Changes between 1.0.1h and 1.0.1i [xx XXX xxxx]
|
9 | |
+
|
10 | |
+ *)
|
11 | |
+
|
12 | |
Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
|
13 | |
|
14 | |
*) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
|
15 | |
diff --git a/NEWS b/NEWS
|
16 | |
index d062041..58ce8fa 100644
|
17 | |
--- a/NEWS
|
18 | |
+++ b/NEWS
|
19 | |
@@ -5,6 +5,15 @@
|
20 | |
This file gives a brief overview of the major changes between each OpenSSL
|
21 | |
release. For more details please read the CHANGES file.
|
22 | |
|
23 | |
+ Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [under development]
|
24 | |
+
|
25 | |
+ o
|
26 | |
+
|
27 | |
+ Known issues in OpenSSL 1.0.1h:
|
28 | |
+
|
29 | |
+ o EAP-FAST and other applications using tls_session_secret_cb
|
30 | |
+ wont resume sessions. Fixed in 1.0.1i-dev
|
31 | |
+
|
32 | |
Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
|
33 | |
|
34 | |
o Fix for CVE-2014-0224
|
35 | |
diff --git a/README b/README
|
36 | |
index 95c5cd2..37dbb3b 100644
|
37 | |
--- a/README
|
38 | |
+++ b/README
|
39 | |
@@ -1,5 +1,5 @@
|
40 | |
|
41 | |
- OpenSSL 1.0.1h 5 Jun 2014
|
42 | |
+ OpenSSL 1.0.1i-dev
|
43 | |
|
44 | |
Copyright (c) 1998-2011 The OpenSSL Project
|
45 | |
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
46 | |
diff --git a/apps/enc.c b/apps/enc.c
|
47 | |
index 19ea3df..c6a211b 100644
|
48 | |
--- a/apps/enc.c
|
49 | |
+++ b/apps/enc.c
|
50 | |
@@ -67,7 +67,9 @@
|
51 | |
#include <openssl/x509.h>
|
52 | |
#include <openssl/rand.h>
|
53 | |
#include <openssl/pem.h>
|
54 | |
+#ifndef OPENSSL_NO_COMP
|
55 | |
#include <openssl/comp.h>
|
56 | |
+#endif
|
57 | |
#include <ctype.h>
|
58 | |
|
59 | |
int set_hex(char *in,unsigned char *out,int size);
|
60 | |
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
|
61 | |
index af5fc16..b4126ad 100644
|
62 | |
--- a/crypto/ocsp/ocsp_ht.c
|
63 | |
+++ b/crypto/ocsp/ocsp_ht.c
|
64 | |
@@ -490,6 +490,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
|
65 | |
|
66 | |
ctx = OCSP_sendreq_new(b, path, req, -1);
|
67 | |
|
68 | |
+ if (!ctx)
|
69 | |
+ return NULL;
|
70 | |
+
|
71 | |
do
|
72 | |
{
|
73 | |
rv = OCSP_sendreq_nbio(&resp, ctx);
|
74 | |
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
|
75 | |
index c3b6ace..a59982e 100644
|
76 | |
--- a/crypto/opensslv.h
|
77 | |
+++ b/crypto/opensslv.h
|
78 | |
@@ -25,11 +25,11 @@
|
79 | |
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
80 | |
* major minor fix final patch/beta)
|
81 | |
*/
|
82 | |
-#define OPENSSL_VERSION_NUMBER 0x1000108fL
|
83 | |
+#define OPENSSL_VERSION_NUMBER 0x10001090L
|
84 | |
#ifdef OPENSSL_FIPS
|
85 | |
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014"
|
86 | |
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips-dev xx XXX xxxx"
|
87 | |
#else
|
88 | |
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014"
|
89 | |
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-dev xx XXX xxxx"
|
90 | |
#endif
|
91 | |
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
92 | |
|
93 | |
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
|
94 | |
index 7f14280..14ba69d 100644
|
95 | |
--- a/crypto/rand/randfile.c
|
96 | |
+++ b/crypto/rand/randfile.c
|
97 | |
@@ -79,6 +79,7 @@
|
98 | |
#endif
|
99 | |
#ifndef OPENSSL_NO_POSIX_IO
|
100 | |
# include <sys/stat.h>
|
101 | |
+# include <fcntl.h>
|
102 | |
#endif
|
103 | |
|
104 | |
#ifdef _WIN32
|
105 | |
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
|
106 | |
index f44aa00..6086d0a 100644
|
107 | |
--- a/doc/apps/ciphers.pod
|
108 | |
+++ b/doc/apps/ciphers.pod
|
109 | |
@@ -36,7 +36,7 @@ SSL v2 and for SSL v3/TLS v1.
|
110 | |
|
111 | |
=item B<-V>
|
112 | |
|
113 | |
-Like B<-V>, but include cipher suite codes in output (hex format).
|
114 | |
+Like B<-v>, but include cipher suite codes in output (hex format).
|
115 | |
|
116 | |
=item B<-ssl3>
|
117 | |
|
118 | |
@@ -116,8 +116,8 @@ specified.
|
119 | |
=item B<COMPLEMENTOFDEFAULT>
|
120 | |
|
121 | |
the ciphers included in B<ALL>, but not enabled by default. Currently
|
122 | |
-this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
|
123 | |
-not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
|
124 | |
+this is B<ADH> and B<AECDH>. Note that this rule does not cover B<eNULL>,
|
125 | |
+which is not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
|
126 | |
|
127 | |
=item B<ALL>
|
128 | |
|
129 | |
@@ -165,21 +165,58 @@ included.
|
130 | |
=item B<aNULL>
|
131 | |
|
132 | |
the cipher suites offering no authentication. This is currently the anonymous
|
133 | |
-DH algorithms. These cipher suites are vulnerable to a "man in the middle"
|
134 | |
-attack and so their use is normally discouraged.
|
135 | |
+DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
|
136 | |
+to a "man in the middle" attack and so their use is normally discouraged.
|
137 | |
|
138 | |
=item B<kRSA>, B<RSA>
|
139 | |
|
140 | |
cipher suites using RSA key exchange.
|
141 | |
|
142 | |
+=item B<kDHr>, B<kDHd>, B<kDH>
|
143 | |
+
|
144 | |
+cipher suites using DH key agreement and DH certificates signed by CAs with RSA
|
145 | |
+and DSS keys or either respectively. Not implemented.
|
146 | |
+
|
147 | |
=item B<kEDH>
|
148 | |
|
149 | |
-cipher suites using ephemeral DH key agreement.
|
150 | |
+cipher suites using ephemeral DH key agreement, including anonymous cipher
|
151 | |
+suites.
|
152 | |
|
153 | |
-=item B<kDHr>, B<kDHd>
|
154 | |
+=item B<EDH>
|
155 | |
|
156 | |
-cipher suites using DH key agreement and DH certificates signed by CAs with RSA
|
157 | |
-and DSS keys respectively. Not implemented.
|
158 | |
+cipher suites using authenticated ephemeral DH key agreement.
|
159 | |
+
|
160 | |
+=item B<ADH>
|
161 | |
+
|
162 | |
+anonymous DH cipher suites, note that this does not include anonymous Elliptic
|
163 | |
+Curve DH (ECDH) cipher suites.
|
164 | |
+
|
165 | |
+=item B<DH>
|
166 | |
+
|
167 | |
+cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH.
|
168 | |
+
|
169 | |
+=item B<kECDHr>, B<kECDHe>, B<kECDH>
|
170 | |
+
|
171 | |
+cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA
|
172 | |
+keys or either respectively.
|
173 | |
+
|
174 | |
+=item B<kEECDH>
|
175 | |
+
|
176 | |
+cipher suites using ephemeral ECDH key agreement, including anonymous
|
177 | |
+cipher suites.
|
178 | |
+
|
179 | |
+=item B<EECDHE>
|
180 | |
+
|
181 | |
+cipher suites using authenticated ephemeral ECDH key agreement.
|
182 | |
+
|
183 | |
+=item B<AECDH>
|
184 | |
+
|
185 | |
+anonymous Elliptic Curve Diffie Hellman cipher suites.
|
186 | |
+
|
187 | |
+=item B<ECDH>
|
188 | |
+
|
189 | |
+cipher suites using ECDH key exchange, including anonymous, ephemeral and
|
190 | |
+fixed ECDH.
|
191 | |
|
192 | |
=item B<aRSA>
|
193 | |
|
194 | |
@@ -194,30 +231,39 @@ cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
|
195 | |
cipher suites effectively using DH authentication, i.e. the certificates carry
|
196 | |
DH keys. Not implemented.
|
197 | |
|
198 | |
+=item B<aECDH>
|
199 | |
+
|
200 | |
+cipher suites effectively using ECDH authentication, i.e. the certificates
|
201 | |
+carry ECDH keys.
|
202 | |
+
|
203 | |
+=item B<aECDSA>, B<ECDSA>
|
204 | |
+
|
205 | |
+cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
|
206 | |
+keys.
|
207 | |
+
|
208 | |
=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
|
209 | |
|
210 | |
ciphers suites using FORTEZZA key exchange, authentication, encryption or all
|
211 | |
FORTEZZA algorithms. Not implemented.
|
212 | |
|
213 | |
-=item B<TLSv1>, B<SSLv3>, B<SSLv2>
|
214 | |
-
|
215 | |
-TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
|
216 | |
+=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2>
|
217 | |
|
218 | |
-=item B<DH>
|
219 | |
-
|
220 | |
-cipher suites using DH, including anonymous DH.
|
221 | |
+TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note:
|
222 | |
+there are no ciphersuites specific to TLS v1.1.
|
223 | |
|
224 | |
-=item B<ADH>
|
225 | |
+=item B<AES128>, B<AES256>, B<AES>
|
226 | |
|
227 | |
-anonymous DH cipher suites.
|
228 | |
+cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
|
229 | |
|
230 | |
-=item B<AES>
|
231 | |
+=item B<AESGCM>
|
232 | |
|
233 | |
-cipher suites using AES.
|
234 | |
+AES in Galois Counter Mode (GCM): these ciphersuites are only supported
|
235 | |
+in TLS v1.2.
|
236 | |
|
237 | |
-=item B<CAMELLIA>
|
238 | |
+=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
|
239 | |
|
240 | |
-cipher suites using Camellia.
|
241 | |
+cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
|
242 | |
+CAMELLIA.
|
243 | |
|
244 | |
=item B<3DES>
|
245 | |
|
246 | |
@@ -251,6 +297,10 @@ cipher suites using MD5.
|
247 | |
|
248 | |
cipher suites using SHA1.
|
249 | |
|
250 | |
+=item B<SHA256>, B<SHA384>
|
251 | |
+
|
252 | |
+ciphersuites using SHA256 or SHA384.
|
253 | |
+
|
254 | |
=item B<aGOST>
|
255 | |
|
256 | |
cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
|
257 | |
@@ -277,6 +327,9 @@ cipher suites, using HMAC based on GOST R 34.11-94.
|
258 | |
|
259 | |
cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
|
260 | |
|
261 | |
+=item B<PSK>
|
262 | |
+
|
263 | |
+cipher suites using pre-shared keys (PSK).
|
264 | |
|
265 | |
=back
|
266 | |
|
267 | |
@@ -423,7 +476,100 @@ Note: these ciphers can also be used in SSL v3.
|
268 | |
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
|
269 | |
TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
|
270 | |
|
271 | |
-=head2 SSL v2.0 cipher suites.
|
272 | |
+=head2 Elliptic curve cipher suites.
|
273 | |
+
|
274 | |
+ TLS_ECDH_RSA_WITH_NULL_SHA ECDH-RSA-NULL-SHA
|
275 | |
+ TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA
|
276 | |
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA
|
277 | |
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA
|
278 | |
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA
|
279 | |
+
|
280 | |
+ TLS_ECDH_ECDSA_WITH_NULL_SHA ECDH-ECDSA-NULL-SHA
|
281 | |
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA
|
282 | |
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA
|
283 | |
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA
|
284 | |
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA
|
285 | |
+
|
286 | |
+ TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA
|
287 | |
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA
|
288 | |
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
|
289 | |
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
|
290 | |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
|
291 | |
+
|
292 | |
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA
|
293 | |
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA
|
294 | |
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA
|
295 | |
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
|
296 | |
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
|
297 | |
+
|
298 | |
+ TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA
|
299 | |
+ TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA
|
300 | |
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA
|
301 | |
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA
|
302 | |
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA
|
303 | |
+
|
304 | |
+=head2 TLS v1.2 cipher suites
|
305 | |
+
|
306 | |
+ TLS_RSA_WITH_NULL_SHA256 NULL-SHA256
|
307 | |
+
|
308 | |
+ TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
|
309 | |
+ TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
|
310 | |
+ TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
|
311 | |
+ TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384
|
312 | |
+
|
313 | |
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256 Not implemented.
|
314 | |
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256 Not implemented.
|
315 | |
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256 Not implemented.
|
316 | |
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384 Not implemented.
|
317 | |
+
|
318 | |
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256 Not implemented.
|
319 | |
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256 Not implemented.
|
320 | |
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256 Not implemented.
|
321 | |
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384 Not implemented.
|
322 | |
+
|
323 | |
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256
|
324 | |
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256
|
325 | |
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256
|
326 | |
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384
|
327 | |
+
|
328 | |
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256
|
329 | |
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256
|
330 | |
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256
|
331 | |
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384
|
332 | |
+
|
333 | |
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256
|
334 | |
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384
|
335 | |
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256
|
336 | |
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384
|
337 | |
+
|
338 | |
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256
|
339 | |
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384
|
340 | |
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256
|
341 | |
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384
|
342 | |
+
|
343 | |
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
|
344 | |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
|
345 | |
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
|
346 | |
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
|
347 | |
+
|
348 | |
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
|
349 | |
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
|
350 | |
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
|
351 | |
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
|
352 | |
+
|
353 | |
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256
|
354 | |
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256
|
355 | |
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
|
356 | |
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384
|
357 | |
+
|
358 | |
+=head2 Pre shared keying (PSK) cipheruites
|
359 | |
+
|
360 | |
+ TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA
|
361 | |
+ TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
|
362 | |
+ TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
|
363 | |
+ TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
|
364 | |
+
|
365 | |
+=head2 Deprecated SSL v2.0 cipher suites.
|
366 | |
|
367 | |
SSL_CK_RC4_128_WITH_MD5 RC4-MD5
|
368 | |
SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
|
369 | |
@@ -452,6 +598,11 @@ strength:
|
370 | |
|
371 | |
openssl ciphers -v 'ALL:!ADH:@STRENGTH'
|
372 | |
|
373 | |
+Include all ciphers except ones with no encryption (eNULL) or no
|
374 | |
+authentication (aNULL):
|
375 | |
+
|
376 | |
+ openssl ciphers -v 'ALL:!aNULL'
|
377 | |
+
|
378 | |
Include only 3DES ciphers and then place RSA ciphers last:
|
379 | |
|
380 | |
openssl ciphers -v '3DES:+RSA'
|
381 | |
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
|
382 | |
index 367691c..310c65e 100644
|
383 | |
--- a/doc/crypto/EVP_DigestInit.pod
|
384 | |
+++ b/doc/crypto/EVP_DigestInit.pod
|
385 | |
@@ -161,9 +161,8 @@ EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
|
386 | |
EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
|
387 | |
corresponding OBJECT IDENTIFIER or NID_undef if none exists.
|
388 | |
|
389 | |
-EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
|
390 | |
-EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
|
391 | |
-size in bytes.
|
392 | |
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
|
393 | |
+EVP_MD_CTX_block_size() return the digest or block size in bytes.
|
394 | |
|
395 | |
EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
|
396 | |
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
|
397 | |
diff --git a/openssl.spec b/openssl.spec
|
398 | |
index f0f5ea8..a7e2776 100644
|
399 | |
--- a/openssl.spec
|
400 | |
+++ b/openssl.spec
|
401 | |
@@ -7,7 +7,7 @@ Release: 1
|
402 | |
Summary: Secure Sockets Layer and cryptography libraries and tools
|
403 | |
Name: openssl
|
404 | |
#Version: %{libmaj}.%{libmin}.%{librel}
|
405 | |
-Version: 1.0.1h
|
406 | |
+Version: 1.0.1i
|
407 | |
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
408 | |
License: OpenSSL
|
409 | |
Group: System Environment/Libraries
|
410 | |
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
|
411 | |
index 04aa231..c1eb970 100644
|
412 | |
--- a/ssl/d1_both.c
|
413 | |
+++ b/ssl/d1_both.c
|
414 | |
@@ -1180,6 +1180,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
|
415 | |
OPENSSL_assert(s->init_off == 0);
|
416 | |
|
417 | |
frag = dtls1_hm_fragment_new(s->init_num, 0);
|
418 | |
+ if (!frag)
|
419 | |
+ return 0;
|
420 | |
|
421 | |
memcpy(frag->fragment, s->init_buf->data, s->init_num);
|
422 | |
|
423 | |
diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c
|
424 | |
index d8cc559..a0a3690 100644
|
425 | |
--- a/ssl/heartbeat_test.c
|
426 | |
+++ b/ssl/heartbeat_test.c
|
427 | |
@@ -38,6 +38,7 @@
|
428 | |
* http://mike-bland.com/tags/heartbleed.html
|
429 | |
*/
|
430 | |
|
431 | |
+#include "../test/testutil.h"
|
432 | |
#include "../ssl/ssl_locl.h"
|
433 | |
#include <ctype.h>
|
434 | |
#include <stdio.h>
|
435 | |
@@ -263,13 +264,10 @@ static int honest_payload_size(unsigned char payload_buf[])
|
436 | |
}
|
437 | |
|
438 | |
#define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
|
439 | |
- HEARTBEAT_TEST_FIXTURE fixture = set_up_##type(__func__);\
|
440 | |
- int result = 0
|
441 | |
+ SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type)
|
442 | |
|
443 | |
#define EXECUTE_HEARTBEAT_TEST()\
|
444 | |
- if (execute_heartbeat(fixture) != 0) result = 1;\
|
445 | |
- tear_down(fixture);\
|
446 | |
- return result
|
447 | |
+ EXECUTE_TEST(execute_heartbeat, tear_down)
|
448 | |
|
449 | |
static int test_dtls1_not_bleeding()
|
450 | |
{
|
451 | |
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
|
452 | |
index 9914604..c0bdae5 100644
|
453 | |
--- a/ssl/s2_lib.c
|
454 | |
+++ b/ssl/s2_lib.c
|
455 | |
@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
|
456 | |
SSL_SSLV2,
|
457 | |
SSL_NOT_EXP|SSL_HIGH,
|
458 | |
0,
|
459 | |
- 168,
|
460 | |
+ 112,
|
461 | |
168,
|
462 | |
},
|
463 | |
|
464 | |
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
|
465 | |
index 0457af8..2afb892 100644
|
466 | |
--- a/ssl/s3_clnt.c
|
467 | |
+++ b/ssl/s3_clnt.c
|
468 | |
@@ -510,6 +510,7 @@ int ssl3_connect(SSL *s)
|
469 | |
s->method->ssl3_enc->client_finished_label,
|
470 | |
s->method->ssl3_enc->client_finished_label_len);
|
471 | |
if (ret <= 0) goto end;
|
472 | |
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
473 | |
s->state=SSL3_ST_CW_FLUSH;
|
474 | |
|
475 | |
/* clear flags */
|
476 | |
@@ -901,6 +902,7 @@ int ssl3_get_server_hello(SSL *s)
|
477 | |
{
|
478 | |
s->session->cipher = pref_cipher ?
|
479 | |
pref_cipher : ssl_get_cipher_by_char(s, p+j);
|
480 | |
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
481 | |
}
|
482 | |
}
|
483 | |
#endif /* OPENSSL_NO_TLSEXT */
|
484 | |
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
|
485 | |
index e3cd4f0..9962677 100644
|
486 | |
--- a/ssl/s3_enc.c
|
487 | |
+++ b/ssl/s3_enc.c
|
488 | |
@@ -642,10 +642,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
|
489 | |
int ssl3_final_finish_mac(SSL *s,
|
490 | |
const char *sender, int len, unsigned char *p)
|
491 | |
{
|
492 | |
- int ret;
|
493 | |
+ int ret, sha1len;
|
494 | |
ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
|
495 | |
+ if(ret == 0)
|
496 | |
+ return 0;
|
497 | |
+
|
498 | |
p+=ret;
|
499 | |
- ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
|
500 | |
+
|
501 | |
+ sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
|
502 | |
+ if(sha1len == 0)
|
503 | |
+ return 0;
|
504 | |
+
|
505 | |
+ ret+=sha1len;
|
506 | |
return(ret);
|
507 | |
}
|
508 | |
static int ssl3_handshake_mac(SSL *s, int md_nid,
|
509 | |
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
|
510 | |
index c4ef273..4835bef 100644
|
511 | |
--- a/ssl/s3_lib.c
|
512 | |
+++ b/ssl/s3_lib.c
|
513 | |
@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
514 | |
SSL_SSLV3,
|
515 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
516 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
517 | |
- 168,
|
518 | |
+ 112,
|
519 | |
168,
|
520 | |
},
|
521 | |
|
522 | |
@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
523 | |
SSL_SSLV3,
|
524 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
525 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
526 | |
- 168,
|
527 | |
+ 112,
|
528 | |
168,
|
529 | |
},
|
530 | |
|
531 | |
@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
532 | |
SSL_SSLV3,
|
533 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
534 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
535 | |
- 168,
|
536 | |
+ 112,
|
537 | |
168,
|
538 | |
},
|
539 | |
|
540 | |
@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
541 | |
SSL_SSLV3,
|
542 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
543 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
544 | |
- 168,
|
545 | |
+ 112,
|
546 | |
168,
|
547 | |
},
|
548 | |
|
549 | |
@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
550 | |
SSL_SSLV3,
|
551 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
552 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
553 | |
- 168,
|
554 | |
+ 112,
|
555 | |
168,
|
556 | |
},
|
557 | |
|
558 | |
@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
559 | |
SSL_SSLV3,
|
560 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
561 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
562 | |
- 168,
|
563 | |
+ 112,
|
564 | |
168,
|
565 | |
},
|
566 | |
|
567 | |
@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
568 | |
SSL_SSLV3,
|
569 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
570 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
571 | |
- 168,
|
572 | |
+ 112,
|
573 | |
168,
|
574 | |
},
|
575 | |
|
576 | |
@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
577 | |
SSL_SSLV3,
|
578 | |
SSL_NOT_EXP|SSL_HIGH,
|
579 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
580 | |
- 168,
|
581 | |
+ 112,
|
582 | |
168,
|
583 | |
},
|
584 | |
|
585 | |
@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
586 | |
SSL_TLSV1,
|
587 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
588 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
589 | |
- 168,
|
590 | |
+ 112,
|
591 | |
168,
|
592 | |
},
|
593 | |
|
594 | |
@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
595 | |
SSL_TLSV1,
|
596 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
597 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
598 | |
- 168,
|
599 | |
+ 112,
|
600 | |
168,
|
601 | |
},
|
602 | |
|
603 | |
@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
604 | |
SSL_TLSV1,
|
605 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
606 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
607 | |
- 168,
|
608 | |
+ 112,
|
609 | |
168,
|
610 | |
},
|
611 | |
|
612 | |
@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
613 | |
SSL_TLSV1,
|
614 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
615 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
616 | |
- 168,
|
617 | |
+ 112,
|
618 | |
168,
|
619 | |
},
|
620 | |
|
621 | |
@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
622 | |
SSL_TLSV1,
|
623 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
624 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
625 | |
- 168,
|
626 | |
+ 112,
|
627 | |
168,
|
628 | |
},
|
629 | |
|
630 | |
@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
631 | |
SSL_TLSV1,
|
632 | |
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
633 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
634 | |
- 168,
|
635 | |
+ 112,
|
636 | |
168,
|
637 | |
},
|
638 | |
|
639 | |
@@ -2426,13 +2426,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
640 | |
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
|
641 | |
TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
|
642 | |
SSL_kSRP,
|
643 | |
- SSL_aNULL,
|
644 | |
+ SSL_aSRP,
|
645 | |
SSL_3DES,
|
646 | |
SSL_SHA1,
|
647 | |
SSL_TLSV1,
|
648 | |
SSL_NOT_EXP|SSL_HIGH,
|
649 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
650 | |
- 168,
|
651 | |
+ 112,
|
652 | |
168,
|
653 | |
},
|
654 | |
|
655 | |
@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
656 | |
SSL_TLSV1,
|
657 | |
SSL_NOT_EXP|SSL_HIGH,
|
658 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
659 | |
- 168,
|
660 | |
+ 112,
|
661 | |
168,
|
662 | |
},
|
663 | |
|
664 | |
@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
665 | |
SSL_TLSV1,
|
666 | |
SSL_NOT_EXP|SSL_HIGH,
|
667 | |
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
668 | |
- 168,
|
669 | |
+ 112,
|
670 | |
168,
|
671 | |
},
|
672 | |
|
673 | |
@@ -2474,7 +2474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
674 | |
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
|
675 | |
TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
|
676 | |
SSL_kSRP,
|
677 | |
- SSL_aNULL,
|
678 | |
+ SSL_aSRP,
|
679 | |
SSL_AES128,
|
680 | |
SSL_SHA1,
|
681 | |
SSL_TLSV1,
|
682 | |
@@ -2522,7 +2522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
683 | |
TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
|
684 | |
TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
|
685 | |
SSL_kSRP,
|
686 | |
- SSL_aNULL,
|
687 | |
+ SSL_aSRP,
|
688 | |
SSL_AES256,
|
689 | |
SSL_SHA1,
|
690 | |
SSL_TLSV1,
|
691 | |
diff --git a/ssl/ssl.h b/ssl/ssl.h
|
692 | |
index 4c1242c..a9b15d4 100644
|
693 | |
--- a/ssl/ssl.h
|
694 | |
+++ b/ssl/ssl.h
|
695 | |
@@ -264,6 +264,7 @@ extern "C" {
|
696 | |
#define SSL_TXT_aGOST94 "aGOST94"
|
697 | |
#define SSL_TXT_aGOST01 "aGOST01"
|
698 | |
#define SSL_TXT_aGOST "aGOST"
|
699 | |
+#define SSL_TXT_aSRP "aSRP"
|
700 | |
|
701 | |
#define SSL_TXT_DSS "DSS"
|
702 | |
#define SSL_TXT_DH "DH"
|
703 | |
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
|
704 | |
index 0aba8e0..58f58e0 100644
|
705 | |
--- a/ssl/ssl_ciph.c
|
706 | |
+++ b/ssl/ssl_ciph.c
|
707 | |
@@ -270,6 +270,7 @@ static const SSL_CIPHER cipher_aliases[]={
|
708 | |
{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
|
709 | |
{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
|
710 | |
{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
|
711 | |
+ {0,SSL_TXT_aSRP,0, 0,SSL_aSRP, 0,0,0,0,0,0,0},
|
712 | |
|
713 | |
/* aliases combining key exchange and server authentication */
|
714 | |
{0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
|
715 | |
@@ -562,7 +563,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
716 | |
break;
|
717 | |
}
|
718 | |
|
719 | |
- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
|
720 | |
+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
|
721 | |
*enc=NULL;
|
722 | |
else
|
723 | |
{
|
724 | |
@@ -596,7 +597,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
725 | |
i= -1;
|
726 | |
break;
|
727 | |
}
|
728 | |
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
|
729 | |
+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
|
730 | |
{
|
731 | |
*md=NULL;
|
732 | |
if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
|
733 | |
@@ -1628,6 +1629,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
734 | |
case SSL_aPSK:
|
735 | |
au="PSK";
|
736 | |
break;
|
737 | |
+ case SSL_aSRP:
|
738 | |
+ au="SRP";
|
739 | |
+ break;
|
740 | |
default:
|
741 | |
au="unknown";
|
742 | |
break;
|
743 | |
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
|
744 | |
index e485907..eb4d8f2 100644
|
745 | |
--- a/ssl/ssl_locl.h
|
746 | |
+++ b/ssl/ssl_locl.h
|
747 | |
@@ -311,6 +311,7 @@
|
748 | |
#define SSL_aPSK 0x00000080L /* PSK auth */
|
749 | |
#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
|
750 | |
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
|
751 | |
+#define SSL_aSRP 0x00000400L /* SRP auth */
|
752 | |
|
753 | |
|
754 | |
/* Bits for algorithm_enc (symmetric encryption) */
|
755 | |
diff --git a/test/Makefile b/test/Makefile
|
756 | |
index 005f2e8..3e9f819 100644
|
757 | |
--- a/test/Makefile
|
758 | |
+++ b/test/Makefile
|
759 | |
@@ -370,6 +370,13 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
|
760 | |
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
|
761 | |
link_app.$${shlib_target}
|
762 | |
|
763 | |
+BUILD_CMD_STATIC=shlib_target=; \
|
764 | |
+ LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \
|
765 | |
+ $(MAKE) -f $(TOP)/Makefile.shared -e \
|
766 | |
+ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
|
767 | |
+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
|
768 | |
+ link_app.$${shlib_target}
|
769 | |
+
|
770 | |
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
|
771 | |
@target=$(RSATEST); $(BUILD_CMD)
|
772 | |
|
773 | |
@@ -476,7 +483,7 @@ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
|
774 | |
@target=$(SRPTEST); $(BUILD_CMD)
|
775 | |
|
776 | |
$(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
|
777 | |
- @target=$(HEARTBEATTEST); $(BUILD_CMD)
|
778 | |
+ @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
|
779 | |
|
780 | |
#$(AESTEST).o: $(AESTEST).c
|
781 | |
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
|
782 | |
diff --git a/test/testutil.h b/test/testutil.h
|
783 | |
new file mode 100644
|
784 | |
index 0000000..3e9cb84
|
785 | |
--- /dev/null
|
786 | |
+++ b/test/testutil.h
|
787 | |
@@ -0,0 +1,116 @@
|
788 | |
+/* test/testutil.h */
|
789 | |
+/*
|
790 | |
+ * Utilities for writing OpenSSL unit tests.
|
791 | |
+ *
|
792 | |
+ * More information:
|
793 | |
+ * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL
|
794 | |
+ *
|
795 | |
+ * Author: Mike Bland (mbland@acm.org)
|
796 | |
+ * Date: 2014-06-07
|
797 | |
+ * ====================================================================
|
798 | |
+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
|
799 | |
+ *
|
800 | |
+ * Redistribution and use in source and binary forms, with or without
|
801 | |
+ * modification, are permitted provided that the following conditions
|
802 | |
+ * are met:
|
803 | |
+ *
|
804 | |
+ * 1. Redistributions of source code must retain the above copyright
|
805 | |
+ * notice, this list of conditions and the following disclaimer.
|
806 | |
+ *
|
807 | |
+ * 2. Redistributions in binary form must reproduce the above copyright
|
808 | |
+ * notice, this list of conditions and the following disclaimer in
|
809 | |
+ * the documentation and/or other materials provided with the
|
810 | |
+ * distribution.
|
811 | |
+ *
|
812 | |
+ * 3. All advertising materials mentioning features or use of this
|
813 | |
+ * software must display the following acknowledgment:
|
814 | |
+ * "This product includes software developed by the OpenSSL Project
|
815 | |
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
816 | |
+ *
|
817 | |
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
818 | |
+ * endorse or promote products derived from this software without
|
819 | |
+ * prior written permission. For written permission, please contact
|
820 | |
+ * licensing@OpenSSL.org.
|
821 | |
+ *
|
822 | |
+ * 5. Products derived from this software may not be called "OpenSSL"
|
823 | |
+ * nor may "OpenSSL" appear in their names without prior written
|
824 | |
+ * permission of the OpenSSL Project.
|
825 | |
+ *
|
826 | |
+ * 6. Redistributions of any form whatsoever must retain the following
|
827 | |
+ * acknowledgment:
|
828 | |
+ * "This product includes software developed by the OpenSSL Project
|
829 | |
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
830 | |
+ *
|
831 | |
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
832 | |
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
833 | |
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
834 | |
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
835 | |
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
836 | |
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
837 | |
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
838 | |
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
839 | |
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
840 | |
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
841 | |
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
842 | |
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
843 | |
+ * ====================================================================
|
844 | |
+ */
|
845 | |
+
|
846 | |
+#ifndef HEADER_TESTUTIL_H
|
847 | |
+#define HEADER_TESTUTIL_H
|
848 | |
+
|
849 | |
+/* SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions.
|
850 | |
+ *
|
851 | |
+ * SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE
|
852 | |
+ * object called "fixture". It will also allocate the "result" variable used
|
853 | |
+ * by EXECUTE_TEST. set_up() should take a const char* specifying the test
|
854 | |
+ * case name and return a TEST_FIXTURE_TYPE by value.
|
855 | |
+ *
|
856 | |
+ * EXECUTE_TEST will pass fixture to execute_func() by value, call
|
857 | |
+ * tear_down(), and return the result of execute_func(). execute_func() should
|
858 | |
+ * take a TEST_FIXTURE_TYPE by value and return zero on success or one on
|
859 | |
+ * failure.
|
860 | |
+ *
|
861 | |
+ * Unit tests can define their own SETUP_TEST_FIXTURE and EXECUTE_TEST
|
862 | |
+ * variations like so:
|
863 | |
+ *
|
864 | |
+ * #define SETUP_FOOBAR_TEST_FIXTURE()\
|
865 | |
+ * SETUP_TEST_FIXTURE(FOOBAR_TEST_FIXTURE, set_up_foobar)
|
866 | |
+ *
|
867 | |
+ * #define EXECUTE_FOOBAR_TEST()\
|
868 | |
+ * EXECUTE_TEST(execute_foobar, tear_down_foobar)
|
869 | |
+ *
|
870 | |
+ * Then test case functions can take the form:
|
871 | |
+ *
|
872 | |
+ * static int test_foobar_feature()
|
873 | |
+ * {
|
874 | |
+ * SETUP_FOOBAR_TEST_FIXTURE();
|
875 | |
+ * [...set individual members of fixture...]
|
876 | |
+ * EXECUTE_FOOBAR_TEST();
|
877 | |
+ * }
|
878 | |
+ */
|
879 | |
+#define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\
|
880 | |
+ TEST_FIXTURE_TYPE fixture = set_up(TEST_CASE_NAME);\
|
881 | |
+ int result = 0
|
882 | |
+
|
883 | |
+#define EXECUTE_TEST(execute_func, tear_down)\
|
884 | |
+ if (execute_func(fixture) != 0) result = 1;\
|
885 | |
+ tear_down(fixture);\
|
886 | |
+ return result
|
887 | |
+
|
888 | |
+/* TEST_CASE_NAME is defined as the name of the test case function where
|
889 | |
+ * possible; otherwise we get by with the file name and line number.
|
890 | |
+ */
|
891 | |
+#if __STDC_VERSION__ < 199901L
|
892 | |
+#if defined(_MSC_VER)
|
893 | |
+#define TEST_CASE_NAME __FUNCTION__
|
894 | |
+#else
|
895 | |
+#define testutil_stringify_helper(s) #s
|
896 | |
+#define testutil_stringify(s) testutil_stringify_helper(s)
|
897 | |
+#define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__)
|
898 | |
+#endif /* _MSC_VER */
|
899 | |
+#else
|
900 | |
+#define TEST_CASE_NAME __func__
|
901 | |
+#endif /* __STDC_VERSION__ */
|
902 | |
+
|
903 | |
+#endif /* HEADER_TESTUTIL_H */
|