rhodes 3.3.5 → 3.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1678) hide show
  1. data/CHANGELOG +3 -1
  2. data/CREDITS +5 -0
  3. data/Rakefile +173 -17
  4. data/doc/build.txt +71 -27
  5. data/doc/configuration.txt +2 -0
  6. data/doc/device-caps.txt +103 -27
  7. data/doc/extensions.txt +49 -33
  8. data/doc/install.txt +15 -12
  9. data/doc/introduction.txt +1 -1
  10. data/doc/nfc.txt +3 -2
  11. data/doc/rhom.txt +22 -1
  12. data/doc/{rhostudio-eclipse.txt → rhostudio-eclipse_outdated.txt} +0 -0
  13. data/doc/rhostudio-test-plan.txt +79 -22
  14. data/doc/simulator.txt +19 -52
  15. data/doc/standard-css.txt +1 -1
  16. data/doc/synchronization.txt +2 -0
  17. data/doc/test-log-debug.txt +149 -1
  18. data/doc/ui.txt +57 -0
  19. data/lib/build/jake.rb +33 -22
  20. data/lib/extensions/barcode/ext/barcode/platform/iphone/Barcode.xcodeproj/project.pbxproj +4 -10
  21. data/lib/extensions/debugger/debugger.rb +18 -5
  22. data/lib/extensions/digest-md5/digest/md5.rb +0 -0
  23. data/lib/extensions/digest-md5/ext/iphone/Dmd5.xcodeproj/project.pbxproj +4 -10
  24. data/lib/extensions/digest-sha1/digest/sha1.rb +0 -0
  25. data/lib/extensions/digest-sha1/ext/iphone/Dsha1.xcodeproj/project.pbxproj +4 -10
  26. data/lib/extensions/digest-sha2/digest/sha2.rb +0 -0
  27. data/lib/extensions/digest-sha2/ext.yml +2 -0
  28. data/lib/extensions/digest-sha2/ext/Rakefile +128 -0
  29. data/lib/extensions/digest-sha2/ext/build +12 -0
  30. data/lib/extensions/digest-sha2/ext/build.bat +1 -0
  31. data/lib/extensions/digest-sha2/ext/depend +6 -0
  32. data/lib/extensions/digest-sha2/ext/digest-sha2.sln +44 -0
  33. data/lib/extensions/digest-sha2/ext/digest-sha2.vcproj +666 -0
  34. data/lib/extensions/digest-sha2/ext/extconf.rb +27 -0
  35. data/lib/extensions/digest-sha2/ext/iphone/Dsha2.xcodeproj/project.pbxproj +272 -0
  36. data/lib/extensions/digest-sha2/ext/iphone/Dsha2_Prefix.pch +7 -0
  37. data/lib/extensions/digest-sha2/ext/iphone/Rakefile +79 -0
  38. data/lib/extensions/digest-sha2/ext/sha2.c +1070 -0
  39. data/lib/extensions/digest-sha2/ext/sha2.h +225 -0
  40. data/lib/extensions/digest-sha2/ext/sha2.rb +1 -0
  41. data/lib/extensions/digest-sha2/ext/sha2init.c +56 -0
  42. data/lib/extensions/digest-sha2/ext/sha2ossl.c +11 -0
  43. data/lib/extensions/digest-sha2/ext/sha2ossl.h +17 -0
  44. data/lib/extensions/digest-sha2/sha2/sha2.rb +74 -0
  45. data/lib/extensions/digest/digest.so.rb +0 -0
  46. data/lib/extensions/digest/ext/iphone/Digest.xcodeproj/project.pbxproj +4 -10
  47. data/lib/extensions/esri/ext/esri/platform/iphone/ESRI.xcodeproj/project.pbxproj +4 -10
  48. data/lib/extensions/ezcrypto/ext/CHANGELOG +85 -0
  49. data/lib/extensions/ezcrypto/ext/MIT-LICENSE +21 -0
  50. data/lib/extensions/ezcrypto/ext/README.rdoc +152 -0
  51. data/lib/extensions/ezcrypto/ext/README_ACTIVE_CRYPTO +122 -0
  52. data/lib/extensions/ezcrypto/ext/README_DIGITAL_SIGNATURES +55 -0
  53. data/lib/extensions/ezcrypto/ext/rakefile +200 -0
  54. data/lib/extensions/ezcrypto/ext/test/active_crypto_test.rb +211 -0
  55. data/lib/extensions/ezcrypto/ext/test/agree2.com.cert +31 -0
  56. data/lib/extensions/ezcrypto/ext/test/association_key_holder_test.rb +38 -0
  57. data/lib/extensions/ezcrypto/ext/test/database.yml +18 -0
  58. data/lib/extensions/ezcrypto/ext/test/digest_test.rb +51 -0
  59. data/lib/extensions/ezcrypto/ext/test/dsakey.pem +12 -0
  60. data/lib/extensions/ezcrypto/ext/test/dsapubkey.pem +12 -0
  61. data/lib/extensions/ezcrypto/ext/test/dsig_test.rb +288 -0
  62. data/lib/extensions/ezcrypto/ext/test/encrypt_test.rb +41 -0
  63. data/lib/extensions/ezcrypto/ext/test/ezcrypto_test.rb +212 -0
  64. data/lib/extensions/ezcrypto/ext/test/key_holder_test.rb +44 -0
  65. data/lib/extensions/ezcrypto/ext/test/protectedsigner.pem +12 -0
  66. data/lib/extensions/ezcrypto/ext/test/sf-class2-root.crt +24 -0
  67. data/lib/extensions/ezcrypto/ext/test/sf_intermediate.crt +29 -0
  68. data/lib/extensions/ezcrypto/ext/test/test_helper.rb +35 -0
  69. data/lib/extensions/ezcrypto/ext/test/testchild.pem +15 -0
  70. data/lib/extensions/ezcrypto/ext/test/testchild.req +12 -0
  71. data/lib/extensions/ezcrypto/ext/test/testpub.pem +4 -0
  72. data/lib/extensions/ezcrypto/ext/test/testsigner.cert +20 -0
  73. data/lib/extensions/ezcrypto/ext/test/testsigner.pem +9 -0
  74. data/lib/extensions/ezcrypto/ext/test/valicert_class2_root.crt +18 -0
  75. data/lib/extensions/ezcrypto/ezcrypto.rb +1 -0
  76. data/lib/extensions/ezcrypto/ezcrypto/ezcrypto.rb +612 -0
  77. data/lib/extensions/ezcrypto/ezcrypto/ezsig.rb +535 -0
  78. data/lib/extensions/ezcrypto/ezcrypto/trusted.pem +2363 -0
  79. data/lib/extensions/fcntl/ext/iphone/Fcntl.xcodeproj/project.pbxproj +4 -10
  80. data/lib/extensions/fcntl/fcntl.rb +0 -0
  81. data/lib/extensions/nfc/ext/nfc/platform/android/src/com/rhomobile/nfc/Nfc.java +9 -22
  82. data/lib/extensions/openssl.so.src/ext.yml +2 -0
  83. data/lib/extensions/openssl.so.src/ext/Rakefile +107 -0
  84. data/lib/extensions/openssl.so.src/ext/build +12 -0
  85. data/lib/extensions/openssl.so.src/ext/build.bat +1 -0
  86. data/lib/extensions/openssl.so/ext.yml +9 -0
  87. data/lib/extensions/openssl.so/ext/Rakefile +139 -0
  88. data/lib/extensions/openssl.so/ext/android/libopenssl.so.a +0 -0
  89. data/lib/extensions/openssl.so/ext/build +12 -0
  90. data/lib/extensions/openssl.so/ext/build.bat +1 -0
  91. data/lib/extensions/openssl.so/ext/iphone/Rakefile +79 -0
  92. data/lib/extensions/openssl.so/ext/iphone/Release-iphoneos/libopenssl.so.a +0 -0
  93. data/lib/extensions/openssl.so/ext/iphone/Release-iphonesimulator/libopenssl.so.a +0 -0
  94. data/lib/extensions/openssl.so/ext/iphone/openssl/openssl.xcodeproj/project.pbxproj +4300 -0
  95. data/lib/extensions/openssl.so/ext/iphone/openssl/openssl/openssl-Prefix.pch +7 -0
  96. data/lib/extensions/openssl.so/ext/sources/apps/apps.h +373 -0
  97. data/lib/extensions/openssl.so/ext/sources/apps/progs.h +366 -0
  98. data/lib/extensions/openssl.so/ext/sources/apps/s_apps.h +176 -0
  99. data/lib/extensions/openssl.so/ext/sources/apps/testdsa.h +217 -0
  100. data/lib/extensions/openssl.so/ext/sources/apps/testrsa.h +518 -0
  101. data/lib/extensions/openssl.so/ext/sources/crypto/LPdir_unix.c +127 -0
  102. data/lib/extensions/openssl.so/ext/sources/crypto/LPdir_win.c +153 -0
  103. data/lib/extensions/openssl.so/ext/sources/crypto/LPdir_win32.c +30 -0
  104. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes.h +147 -0
  105. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_cbc.c +63 -0
  106. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_cfb.c +81 -0
  107. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_core.c +1358 -0
  108. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_ctr.c +61 -0
  109. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_ecb.c +73 -0
  110. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_ige.c +323 -0
  111. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_locl.h +89 -0
  112. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_misc.c +85 -0
  113. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_ofb.c +60 -0
  114. data/lib/extensions/openssl.so/ext/sources/crypto/aes/aes_wrap.c +259 -0
  115. data/lib/extensions/openssl.so/ext/sources/crypto/arm_arch.h +51 -0
  116. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_bitstr.c +248 -0
  117. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_bool.c +114 -0
  118. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_bytes.c +314 -0
  119. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_d2i_fp.c +286 -0
  120. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_digest.c +113 -0
  121. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_dup.c +109 -0
  122. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_enum.c +182 -0
  123. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_gentm.c +263 -0
  124. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_i2d_fp.c +163 -0
  125. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_int.c +458 -0
  126. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_mbstr.c +400 -0
  127. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_object.c +403 -0
  128. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_octet.c +71 -0
  129. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_print.c +127 -0
  130. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_set.c +241 -0
  131. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_sign.c +333 -0
  132. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_strex.c +574 -0
  133. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_strnid.c +290 -0
  134. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_time.c +198 -0
  135. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_type.c +159 -0
  136. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_utctm.c +318 -0
  137. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_utf8.c +211 -0
  138. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/a_verify.c +228 -0
  139. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/ameth_lib.c +460 -0
  140. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1.h +1404 -0
  141. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1_err.c +332 -0
  142. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1_gen.c +854 -0
  143. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1_lib.c +482 -0
  144. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1_locl.h +145 -0
  145. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1_mac.h +578 -0
  146. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1_par.c +437 -0
  147. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn1t.h +960 -0
  148. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn_mime.c +951 -0
  149. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn_moid.c +160 -0
  150. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/asn_pack.c +191 -0
  151. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/bio_asn1.c +495 -0
  152. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/bio_ndef.c +243 -0
  153. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/charmap.h +15 -0
  154. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/d2i_pr.c +170 -0
  155. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/d2i_pu.c +139 -0
  156. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/evp_asn1.c +189 -0
  157. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/f_enum.c +207 -0
  158. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/f_int.c +219 -0
  159. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/f_string.c +212 -0
  160. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/i2d_pr.c +80 -0
  161. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/i2d_pu.c +95 -0
  162. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/n_pkey.c +357 -0
  163. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/nsseq.c +83 -0
  164. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/p5_pbe.c +148 -0
  165. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/p5_pbev2.c +280 -0
  166. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/p8_pkey.c +155 -0
  167. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/t_bitst.c +102 -0
  168. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/t_crl.c +132 -0
  169. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/t_pkey.c +114 -0
  170. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/t_req.c +266 -0
  171. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/t_spki.c +107 -0
  172. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/t_x509.c +528 -0
  173. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/t_x509a.c +110 -0
  174. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/tasn_dec.c +1347 -0
  175. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/tasn_enc.c +691 -0
  176. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/tasn_fre.c +266 -0
  177. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/tasn_new.c +396 -0
  178. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/tasn_prn.c +627 -0
  179. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/tasn_typ.c +148 -0
  180. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/tasn_utl.c +279 -0
  181. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_algor.c +144 -0
  182. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_attrib.c +118 -0
  183. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_bignum.c +139 -0
  184. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_crl.c +527 -0
  185. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_exten.c +76 -0
  186. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_info.c +114 -0
  187. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_long.c +179 -0
  188. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_name.c +519 -0
  189. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_nx509.c +72 -0
  190. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_pkey.c +151 -0
  191. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_pubkey.c +382 -0
  192. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_req.c +113 -0
  193. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_sig.c +69 -0
  194. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_spki.c +81 -0
  195. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_val.c +69 -0
  196. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_x509.c +194 -0
  197. data/lib/extensions/openssl.so/ext/sources/crypto/asn1/x_x509a.c +180 -0
  198. data/lib/extensions/openssl.so/ext/sources/crypto/bf/bf_cfb64.c +121 -0
  199. data/lib/extensions/openssl.so/ext/sources/crypto/bf/bf_ecb.c +96 -0
  200. data/lib/extensions/openssl.so/ext/sources/crypto/bf/bf_enc.c +306 -0
  201. data/lib/extensions/openssl.so/ext/sources/crypto/bf/bf_locl.h +219 -0
  202. data/lib/extensions/openssl.so/ext/sources/crypto/bf/bf_ofb64.c +110 -0
  203. data/lib/extensions/openssl.so/ext/sources/crypto/bf/bf_pi.h +325 -0
  204. data/lib/extensions/openssl.so/ext/sources/crypto/bf/bf_skey.c +124 -0
  205. data/lib/extensions/openssl.so/ext/sources/crypto/bf/blowfish.h +129 -0
  206. data/lib/extensions/openssl.so/ext/sources/crypto/bio/b_dump.c +187 -0
  207. data/lib/extensions/openssl.so/ext/sources/crypto/bio/b_print.c +842 -0
  208. data/lib/extensions/openssl.so/ext/sources/crypto/bio/b_sock.c +975 -0
  209. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bf_buff.c +512 -0
  210. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bf_nbio.c +253 -0
  211. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bf_null.c +183 -0
  212. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bio.h +847 -0
  213. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bio_cb.c +143 -0
  214. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bio_err.c +155 -0
  215. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bio_lcl.h +36 -0
  216. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bio_lib.c +602 -0
  217. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_acpt.c +478 -0
  218. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_bio.c +924 -0
  219. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_conn.c +652 -0
  220. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_dgram.c +1832 -0
  221. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_fd.c +319 -0
  222. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_file.c +477 -0
  223. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_log.c +399 -0
  224. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_mem.c +319 -0
  225. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_null.c +150 -0
  226. data/lib/extensions/openssl.so/ext/sources/crypto/bio/bss_sock.c +294 -0
  227. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn.h +891 -0
  228. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_add.c +313 -0
  229. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_asm.c +1030 -0
  230. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_blind.c +385 -0
  231. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_const.c +402 -0
  232. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_ctx.c +454 -0
  233. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_depr.c +112 -0
  234. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_div.c +446 -0
  235. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_err.c +150 -0
  236. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_exp.c +1097 -0
  237. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_exp2.c +312 -0
  238. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_gcd.c +654 -0
  239. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_gf2m.c +1113 -0
  240. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_kron.c +184 -0
  241. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_lcl.h +508 -0
  242. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_lib.c +826 -0
  243. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_mod.c +301 -0
  244. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_mont.c +509 -0
  245. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_mpi.c +130 -0
  246. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_mul.c +1166 -0
  247. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_nist.c +1102 -0
  248. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_prime.c +494 -0
  249. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_prime.h +327 -0
  250. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_print.c +378 -0
  251. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_rand.c +305 -0
  252. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_recp.c +234 -0
  253. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_shift.c +223 -0
  254. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_sqr.c +294 -0
  255. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_sqrt.c +393 -0
  256. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_word.c +247 -0
  257. data/lib/extensions/openssl.so/ext/sources/crypto/bn/bn_x931p.c +272 -0
  258. data/lib/extensions/openssl.so/ext/sources/crypto/buffer/buf_err.c +99 -0
  259. data/lib/extensions/openssl.so/ext/sources/crypto/buffer/buf_str.c +119 -0
  260. data/lib/extensions/openssl.so/ext/sources/crypto/buffer/buffer.c +203 -0
  261. data/lib/extensions/openssl.so/ext/sources/crypto/buffer/buffer.h +119 -0
  262. data/lib/extensions/openssl.so/ext/sources/crypto/buildinf.h +12 -0
  263. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/camellia.c +582 -0
  264. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/camellia.h +130 -0
  265. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_cbc.c +64 -0
  266. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_cfb.c +139 -0
  267. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_ctr.c +64 -0
  268. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_ecb.c +74 -0
  269. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_locl.h +86 -0
  270. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_misc.c +80 -0
  271. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_ofb.c +119 -0
  272. data/lib/extensions/openssl.so/ext/sources/crypto/camellia/cmll_utl.c +64 -0
  273. data/lib/extensions/openssl.so/ext/sources/crypto/cast/c_cfb64.c +121 -0
  274. data/lib/extensions/openssl.so/ext/sources/crypto/cast/c_ecb.c +79 -0
  275. data/lib/extensions/openssl.so/ext/sources/crypto/cast/c_enc.c +208 -0
  276. data/lib/extensions/openssl.so/ext/sources/crypto/cast/c_ofb64.c +110 -0
  277. data/lib/extensions/openssl.so/ext/sources/crypto/cast/c_skey.c +173 -0
  278. data/lib/extensions/openssl.so/ext/sources/crypto/cast/cast.h +107 -0
  279. data/lib/extensions/openssl.so/ext/sources/crypto/cast/cast_lcl.h +227 -0
  280. data/lib/extensions/openssl.so/ext/sources/crypto/cast/cast_s.h +585 -0
  281. data/lib/extensions/openssl.so/ext/sources/crypto/cmac/cm_ameth.c +97 -0
  282. data/lib/extensions/openssl.so/ext/sources/crypto/cmac/cm_pmeth.c +224 -0
  283. data/lib/extensions/openssl.so/ext/sources/crypto/cmac/cmac.c +308 -0
  284. data/lib/extensions/openssl.so/ext/sources/crypto/cmac/cmac.h +82 -0
  285. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms.h +501 -0
  286. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_asn1.c +389 -0
  287. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_att.c +195 -0
  288. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_cd.c +134 -0
  289. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_dd.c +148 -0
  290. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_enc.c +294 -0
  291. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_env.c +876 -0
  292. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_err.c +245 -0
  293. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_ess.c +420 -0
  294. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_io.c +133 -0
  295. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_lcl.h +473 -0
  296. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_lib.c +626 -0
  297. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_pwri.c +454 -0
  298. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_sd.c +985 -0
  299. data/lib/extensions/openssl.so/ext/sources/crypto/cms/cms_smime.c +850 -0
  300. data/lib/extensions/openssl.so/ext/sources/crypto/comp/c_rle.c +61 -0
  301. data/lib/extensions/openssl.so/ext/sources/crypto/comp/c_zlib.c +799 -0
  302. data/lib/extensions/openssl.so/ext/sources/crypto/comp/comp.h +80 -0
  303. data/lib/extensions/openssl.so/ext/sources/crypto/comp/comp_err.c +100 -0
  304. data/lib/extensions/openssl.so/ext/sources/crypto/comp/comp_lib.c +72 -0
  305. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf.h +263 -0
  306. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_api.c +301 -0
  307. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_api.h +89 -0
  308. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_def.c +740 -0
  309. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_def.h +180 -0
  310. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_err.c +131 -0
  311. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_lib.c +407 -0
  312. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_mall.c +80 -0
  313. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_mod.c +623 -0
  314. data/lib/extensions/openssl.so/ext/sources/crypto/conf/conf_sap.c +111 -0
  315. data/lib/extensions/openssl.so/ext/sources/crypto/cpt_err.c +105 -0
  316. data/lib/extensions/openssl.so/ext/sources/crypto/cryptlib.c +926 -0
  317. data/lib/extensions/openssl.so/ext/sources/crypto/cryptlib.h +111 -0
  318. data/lib/extensions/openssl.so/ext/sources/crypto/crypto.h +604 -0
  319. data/lib/extensions/openssl.so/ext/sources/crypto/cversion.c +117 -0
  320. data/lib/extensions/openssl.so/ext/sources/crypto/des/cbc_cksm.c +106 -0
  321. data/lib/extensions/openssl.so/ext/sources/crypto/des/cbc_enc.c +61 -0
  322. data/lib/extensions/openssl.so/ext/sources/crypto/des/cfb64ede.c +254 -0
  323. data/lib/extensions/openssl.so/ext/sources/crypto/des/cfb64enc.c +121 -0
  324. data/lib/extensions/openssl.so/ext/sources/crypto/des/cfb_enc.c +195 -0
  325. data/lib/extensions/openssl.so/ext/sources/crypto/des/des.h +248 -0
  326. data/lib/extensions/openssl.so/ext/sources/crypto/des/des_enc.c +400 -0
  327. data/lib/extensions/openssl.so/ext/sources/crypto/des/des_locl.h +432 -0
  328. data/lib/extensions/openssl.so/ext/sources/crypto/des/des_old.c +273 -0
  329. data/lib/extensions/openssl.so/ext/sources/crypto/des/des_old.h +446 -0
  330. data/lib/extensions/openssl.so/ext/sources/crypto/des/des_old2.c +82 -0
  331. data/lib/extensions/openssl.so/ext/sources/crypto/des/des_ver.h +71 -0
  332. data/lib/extensions/openssl.so/ext/sources/crypto/des/ecb3_enc.c +83 -0
  333. data/lib/extensions/openssl.so/ext/sources/crypto/des/ecb_enc.c +122 -0
  334. data/lib/extensions/openssl.so/ext/sources/crypto/des/ede_cbcm_enc.c +199 -0
  335. data/lib/extensions/openssl.so/ext/sources/crypto/des/enc_read.c +240 -0
  336. data/lib/extensions/openssl.so/ext/sources/crypto/des/enc_writ.c +179 -0
  337. data/lib/extensions/openssl.so/ext/sources/crypto/des/fcrypt.c +170 -0
  338. data/lib/extensions/openssl.so/ext/sources/crypto/des/fcrypt_b.c +143 -0
  339. data/lib/extensions/openssl.so/ext/sources/crypto/des/ncbc_enc.c +148 -0
  340. data/lib/extensions/openssl.so/ext/sources/crypto/des/ofb64ede.c +125 -0
  341. data/lib/extensions/openssl.so/ext/sources/crypto/des/ofb64enc.c +110 -0
  342. data/lib/extensions/openssl.so/ext/sources/crypto/des/ofb_enc.c +135 -0
  343. data/lib/extensions/openssl.so/ext/sources/crypto/des/pcbc_enc.c +123 -0
  344. data/lib/extensions/openssl.so/ext/sources/crypto/des/qud_cksm.c +139 -0
  345. data/lib/extensions/openssl.so/ext/sources/crypto/des/rand_key.c +68 -0
  346. data/lib/extensions/openssl.so/ext/sources/crypto/des/read2pwd.c +140 -0
  347. data/lib/extensions/openssl.so/ext/sources/crypto/des/rpc_des.h +131 -0
  348. data/lib/extensions/openssl.so/ext/sources/crypto/des/rpc_enc.c +98 -0
  349. data/lib/extensions/openssl.so/ext/sources/crypto/des/set_key.c +416 -0
  350. data/lib/extensions/openssl.so/ext/sources/crypto/des/spr.h +204 -0
  351. data/lib/extensions/openssl.so/ext/sources/crypto/des/str2key.c +174 -0
  352. data/lib/extensions/openssl.so/ext/sources/crypto/des/xcbc_enc.c +197 -0
  353. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh.h +280 -0
  354. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_ameth.c +501 -0
  355. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_asn1.c +93 -0
  356. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_check.c +142 -0
  357. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_depr.c +83 -0
  358. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_err.c +122 -0
  359. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_gen.c +192 -0
  360. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_key.c +292 -0
  361. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_lib.c +260 -0
  362. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_pmeth.c +254 -0
  363. data/lib/extensions/openssl.so/ext/sources/crypto/dh/dh_prn.c +80 -0
  364. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa.h +327 -0
  365. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_ameth.c +704 -0
  366. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_asn1.c +188 -0
  367. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_depr.c +106 -0
  368. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_err.c +130 -0
  369. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_gen.c +371 -0
  370. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_key.c +144 -0
  371. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_lib.c +329 -0
  372. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_locl.h +60 -0
  373. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_ossl.c +412 -0
  374. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_pmeth.c +318 -0
  375. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_prn.c +121 -0
  376. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_sign.c +114 -0
  377. data/lib/extensions/openssl.so/ext/sources/crypto/dsa/dsa_vrf.c +76 -0
  378. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso.h +409 -0
  379. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_beos.c +270 -0
  380. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_dl.c +393 -0
  381. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_dlfcn.c +484 -0
  382. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_err.c +159 -0
  383. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_lib.c +483 -0
  384. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_null.c +90 -0
  385. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_openssl.c +83 -0
  386. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_vms.c +525 -0
  387. data/lib/extensions/openssl.so/ext/sources/crypto/dso/dso_win32.c +844 -0
  388. data/lib/extensions/openssl.so/ext/sources/crypto/ebcdic.c +221 -0
  389. data/lib/extensions/openssl.so/ext/sources/crypto/ebcdic.h +19 -0
  390. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec.h +1159 -0
  391. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec2_mult.c +390 -0
  392. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec2_oct.c +407 -0
  393. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec2_smpl.c +719 -0
  394. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_ameth.c +660 -0
  395. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_asn1.c +1447 -0
  396. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_check.c +123 -0
  397. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_curve.c +2100 -0
  398. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_cvt.c +170 -0
  399. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_err.c +276 -0
  400. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_key.c +563 -0
  401. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_lcl.h +446 -0
  402. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_lib.c +1096 -0
  403. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_mult.c +940 -0
  404. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_oct.c +199 -0
  405. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_pmeth.c +341 -0
  406. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ec_print.c +195 -0
  407. data/lib/extensions/openssl.so/ext/sources/crypto/ec/eck_prn.c +392 -0
  408. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_mont.c +323 -0
  409. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_nist.c +217 -0
  410. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_nistp224.c +1658 -0
  411. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_nistp256.c +2171 -0
  412. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_nistp521.c +2025 -0
  413. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_nistputil.c +197 -0
  414. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_oct.c +433 -0
  415. data/lib/extensions/openssl.so/ext/sources/crypto/ec/ecp_smpl.c +1360 -0
  416. data/lib/extensions/openssl.so/ext/sources/crypto/ecdh/ecdh.h +125 -0
  417. data/lib/extensions/openssl.so/ext/sources/crypto/ecdh/ech_err.c +100 -0
  418. data/lib/extensions/openssl.so/ext/sources/crypto/ecdh/ech_key.c +83 -0
  419. data/lib/extensions/openssl.so/ext/sources/crypto/ecdh/ech_lib.c +266 -0
  420. data/lib/extensions/openssl.so/ext/sources/crypto/ecdh/ech_locl.h +102 -0
  421. data/lib/extensions/openssl.so/ext/sources/crypto/ecdh/ech_ossl.c +215 -0
  422. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecdsa.h +260 -0
  423. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecs_asn1.c +69 -0
  424. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecs_err.c +106 -0
  425. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecs_lib.c +278 -0
  426. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecs_locl.h +115 -0
  427. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecs_ossl.c +483 -0
  428. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecs_sign.c +106 -0
  429. data/lib/extensions/openssl.so/ext/sources/crypto/ecdsa/ecs_vrf.c +96 -0
  430. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_all.c +135 -0
  431. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_cnf.c +259 -0
  432. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_cryptodev.c +1450 -0
  433. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_ctrl.c +389 -0
  434. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_dyn.c +548 -0
  435. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_err.c +173 -0
  436. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_fat.c +182 -0
  437. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_init.c +154 -0
  438. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_int.h +206 -0
  439. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_lib.c +332 -0
  440. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_list.c +433 -0
  441. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_openssl.c +384 -0
  442. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_pkey.c +196 -0
  443. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_rdrand.c +142 -0
  444. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_rsax.c +668 -0
  445. data/lib/extensions/openssl.so/ext/sources/crypto/engine/eng_table.c +351 -0
  446. data/lib/extensions/openssl.so/ext/sources/crypto/engine/engine.h +842 -0
  447. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_asnmth.c +246 -0
  448. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_cipher.c +143 -0
  449. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_dh.c +118 -0
  450. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_digest.c +143 -0
  451. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_dsa.c +118 -0
  452. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_ecdh.c +133 -0
  453. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_ecdsa.c +118 -0
  454. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_pkmeth.c +167 -0
  455. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_rand.c +118 -0
  456. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_rsa.c +118 -0
  457. data/lib/extensions/openssl.so/ext/sources/crypto/engine/tb_store.c +123 -0
  458. data/lib/extensions/openssl.so/ext/sources/crypto/err/err.c +1138 -0
  459. data/lib/extensions/openssl.so/ext/sources/crypto/err/err.h +386 -0
  460. data/lib/extensions/openssl.so/ext/sources/crypto/err/err_all.c +167 -0
  461. data/lib/extensions/openssl.so/ext/sources/crypto/err/err_prn.c +114 -0
  462. data/lib/extensions/openssl.so/ext/sources/crypto/evp/bio_b64.c +598 -0
  463. data/lib/extensions/openssl.so/ext/sources/crypto/evp/bio_enc.c +428 -0
  464. data/lib/extensions/openssl.so/ext/sources/crypto/evp/bio_md.c +275 -0
  465. data/lib/extensions/openssl.so/ext/sources/crypto/evp/bio_ok.c +624 -0
  466. data/lib/extensions/openssl.so/ext/sources/crypto/evp/c_all.c +90 -0
  467. data/lib/extensions/openssl.so/ext/sources/crypto/evp/c_allc.c +230 -0
  468. data/lib/extensions/openssl.so/ext/sources/crypto/evp/c_alld.c +114 -0
  469. data/lib/extensions/openssl.so/ext/sources/crypto/evp/digest.c +403 -0
  470. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_aes.c +1313 -0
  471. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_aes_cbc_hmac_sha1.c +406 -0
  472. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_bf.c +88 -0
  473. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_camellia.c +131 -0
  474. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_cast.c +90 -0
  475. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_des.c +224 -0
  476. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_des3.c +316 -0
  477. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_idea.c +118 -0
  478. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_null.c +104 -0
  479. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_old.c +125 -0
  480. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_rc2.c +238 -0
  481. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_rc4.c +137 -0
  482. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_rc4_hmac_md5.c +298 -0
  483. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_rc5.c +126 -0
  484. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_seed.c +83 -0
  485. data/lib/extensions/openssl.so/ext/sources/crypto/evp/e_xcbc_d.c +138 -0
  486. data/lib/extensions/openssl.so/ext/sources/crypto/evp/encode.c +445 -0
  487. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp.h +1402 -0
  488. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_acnf.c +73 -0
  489. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_enc.c +681 -0
  490. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_err.c +234 -0
  491. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_fips.c +113 -0
  492. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_key.c +189 -0
  493. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_lib.c +316 -0
  494. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_locl.h +385 -0
  495. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_pbe.c +316 -0
  496. data/lib/extensions/openssl.so/ext/sources/crypto/evp/evp_pkey.c +242 -0
  497. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_dss.c +101 -0
  498. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_dss1.c +103 -0
  499. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_ecdsa.c +151 -0
  500. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_md4.c +103 -0
  501. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_md5.c +102 -0
  502. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_mdc2.c +103 -0
  503. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_null.c +95 -0
  504. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_ripemd.c +102 -0
  505. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_sha.c +101 -0
  506. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_sha1.c +209 -0
  507. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_sigver.c +200 -0
  508. data/lib/extensions/openssl.so/ext/sources/crypto/evp/m_wp.c +43 -0
  509. data/lib/extensions/openssl.so/ext/sources/crypto/evp/names.c +206 -0
  510. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p5_crpt.c +143 -0
  511. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p5_crpt2.c +322 -0
  512. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p_dec.c +87 -0
  513. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p_enc.c +86 -0
  514. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p_lib.c +469 -0
  515. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p_open.c +128 -0
  516. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p_seal.c +116 -0
  517. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p_sign.c +139 -0
  518. data/lib/extensions/openssl.so/ext/sources/crypto/evp/p_verify.c +121 -0
  519. data/lib/extensions/openssl.so/ext/sources/crypto/evp/pmeth_fn.c +368 -0
  520. data/lib/extensions/openssl.so/ext/sources/crypto/evp/pmeth_gn.c +221 -0
  521. data/lib/extensions/openssl.so/ext/sources/crypto/evp/pmeth_lib.c +593 -0
  522. data/lib/extensions/openssl.so/ext/sources/crypto/ex_data.c +636 -0
  523. data/lib/extensions/openssl.so/ext/sources/crypto/fips_err.h +209 -0
  524. data/lib/extensions/openssl.so/ext/sources/crypto/fips_ers.c +7 -0
  525. data/lib/extensions/openssl.so/ext/sources/crypto/hmac/hm_ameth.c +167 -0
  526. data/lib/extensions/openssl.so/ext/sources/crypto/hmac/hm_pmeth.c +271 -0
  527. data/lib/extensions/openssl.so/ext/sources/crypto/hmac/hmac.c +251 -0
  528. data/lib/extensions/openssl.so/ext/sources/crypto/hmac/hmac.h +110 -0
  529. data/lib/extensions/openssl.so/ext/sources/crypto/idea/i_cbc.c +168 -0
  530. data/lib/extensions/openssl.so/ext/sources/crypto/idea/i_cfb64.c +122 -0
  531. data/lib/extensions/openssl.so/ext/sources/crypto/idea/i_ecb.c +85 -0
  532. data/lib/extensions/openssl.so/ext/sources/crypto/idea/i_ofb64.c +111 -0
  533. data/lib/extensions/openssl.so/ext/sources/crypto/idea/i_skey.c +164 -0
  534. data/lib/extensions/openssl.so/ext/sources/crypto/idea/idea.h +103 -0
  535. data/lib/extensions/openssl.so/ext/sources/crypto/idea/idea_lcl.h +215 -0
  536. data/lib/extensions/openssl.so/ext/sources/crypto/krb5/krb5_asn.c +167 -0
  537. data/lib/extensions/openssl.so/ext/sources/crypto/krb5/krb5_asn.h +256 -0
  538. data/lib/extensions/openssl.so/ext/sources/crypto/lhash/lh_stats.c +248 -0
  539. data/lib/extensions/openssl.so/ext/sources/crypto/lhash/lhash.c +475 -0
  540. data/lib/extensions/openssl.so/ext/sources/crypto/lhash/lhash.h +241 -0
  541. data/lib/extensions/openssl.so/ext/sources/crypto/md32_common.h +415 -0
  542. data/lib/extensions/openssl.so/ext/sources/crypto/md4/md4.h +120 -0
  543. data/lib/extensions/openssl.so/ext/sources/crypto/md4/md4_dgst.c +168 -0
  544. data/lib/extensions/openssl.so/ext/sources/crypto/md4/md4_locl.h +112 -0
  545. data/lib/extensions/openssl.so/ext/sources/crypto/md4/md4_one.c +97 -0
  546. data/lib/extensions/openssl.so/ext/sources/crypto/md5/md5.h +120 -0
  547. data/lib/extensions/openssl.so/ext/sources/crypto/md5/md5_dgst.c +185 -0
  548. data/lib/extensions/openssl.so/ext/sources/crypto/md5/md5_locl.h +130 -0
  549. data/lib/extensions/openssl.so/ext/sources/crypto/md5/md5_one.c +97 -0
  550. data/lib/extensions/openssl.so/ext/sources/crypto/mdc2/mdc2.h +98 -0
  551. data/lib/extensions/openssl.so/ext/sources/crypto/mdc2/mdc2_one.c +76 -0
  552. data/lib/extensions/openssl.so/ext/sources/crypto/mdc2/mdc2dgst.c +200 -0
  553. data/lib/extensions/openssl.so/ext/sources/crypto/mem.c +420 -0
  554. data/lib/extensions/openssl.so/ext/sources/crypto/mem_clr.c +77 -0
  555. data/lib/extensions/openssl.so/ext/sources/crypto/mem_dbg.c +874 -0
  556. data/lib/extensions/openssl.so/ext/sources/crypto/modes/cbc128.c +202 -0
  557. data/lib/extensions/openssl.so/ext/sources/crypto/modes/ccm128.c +441 -0
  558. data/lib/extensions/openssl.so/ext/sources/crypto/modes/cfb128.c +242 -0
  559. data/lib/extensions/openssl.so/ext/sources/crypto/modes/ctr128.c +252 -0
  560. data/lib/extensions/openssl.so/ext/sources/crypto/modes/cts128.c +465 -0
  561. data/lib/extensions/openssl.so/ext/sources/crypto/modes/gcm128.c +1757 -0
  562. data/lib/extensions/openssl.so/ext/sources/crypto/modes/modes.h +135 -0
  563. data/lib/extensions/openssl.so/ext/sources/crypto/modes/modes_lcl.h +131 -0
  564. data/lib/extensions/openssl.so/ext/sources/crypto/modes/ofb128.c +121 -0
  565. data/lib/extensions/openssl.so/ext/sources/crypto/modes/xts128.c +187 -0
  566. data/lib/extensions/openssl.so/ext/sources/crypto/o_dir.c +83 -0
  567. data/lib/extensions/openssl.so/ext/sources/crypto/o_dir.h +53 -0
  568. data/lib/extensions/openssl.so/ext/sources/crypto/o_fips.c +96 -0
  569. data/lib/extensions/openssl.so/ext/sources/crypto/o_init.c +82 -0
  570. data/lib/extensions/openssl.so/ext/sources/crypto/o_str.c +111 -0
  571. data/lib/extensions/openssl.so/ext/sources/crypto/o_str.h +68 -0
  572. data/lib/extensions/openssl.so/ext/sources/crypto/o_time.c +372 -0
  573. data/lib/extensions/openssl.so/ext/sources/crypto/o_time.h +67 -0
  574. data/lib/extensions/openssl.so/ext/sources/crypto/objects/o_names.c +372 -0
  575. data/lib/extensions/openssl.so/ext/sources/crypto/objects/obj_dat.c +810 -0
  576. data/lib/extensions/openssl.so/ext/sources/crypto/objects/obj_dat.h +5102 -0
  577. data/lib/extensions/openssl.so/ext/sources/crypto/objects/obj_err.c +102 -0
  578. data/lib/extensions/openssl.so/ext/sources/crypto/objects/obj_lib.c +129 -0
  579. data/lib/extensions/openssl.so/ext/sources/crypto/objects/obj_mac.h +4032 -0
  580. data/lib/extensions/openssl.so/ext/sources/crypto/objects/obj_xref.c +234 -0
  581. data/lib/extensions/openssl.so/ext/sources/crypto/objects/obj_xref.h +77 -0
  582. data/lib/extensions/openssl.so/ext/sources/crypto/objects/objects.h +1138 -0
  583. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp.h +623 -0
  584. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_asn.c +182 -0
  585. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_cl.c +371 -0
  586. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_err.c +142 -0
  587. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_ext.c +518 -0
  588. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_ht.c +504 -0
  589. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_lib.c +266 -0
  590. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_prn.c +290 -0
  591. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_srv.c +264 -0
  592. data/lib/extensions/openssl.so/ext/sources/crypto/ocsp/ocsp_vfy.c +446 -0
  593. data/lib/extensions/openssl.so/ext/sources/crypto/opensslconf.h +230 -0
  594. data/lib/extensions/openssl.so/ext/sources/crypto/opensslconf.h.in +154 -0
  595. data/lib/extensions/openssl.so/ext/sources/crypto/opensslv.h +89 -0
  596. data/lib/extensions/openssl.so/ext/sources/crypto/ossl_typ.h +202 -0
  597. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem.h +641 -0
  598. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem2.h +70 -0
  599. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_all.c +296 -0
  600. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_err.c +161 -0
  601. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_info.c +405 -0
  602. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_lib.c +852 -0
  603. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_oth.c +86 -0
  604. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_pk8.c +242 -0
  605. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_pkey.c +242 -0
  606. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_seal.c +189 -0
  607. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_sign.c +102 -0
  608. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_x509.c +68 -0
  609. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pem_xaux.c +68 -0
  610. data/lib/extensions/openssl.so/ext/sources/crypto/pem/pvkfmt.c +950 -0
  611. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_add.c +240 -0
  612. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_asn.c +125 -0
  613. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_attr.c +145 -0
  614. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_crpt.c +112 -0
  615. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_crt.c +359 -0
  616. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_decr.c +184 -0
  617. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_init.c +92 -0
  618. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_key.c +219 -0
  619. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_kiss.c +302 -0
  620. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_mutl.c +190 -0
  621. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_npas.c +225 -0
  622. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_p8d.c +68 -0
  623. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_p8e.c +97 -0
  624. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/p12_utl.c +146 -0
  625. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/pk12err.c +144 -0
  626. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs12/pkcs12.h +331 -0
  627. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/bio_pk7.c +69 -0
  628. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pk7_asn1.c +247 -0
  629. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pk7_attr.c +165 -0
  630. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pk7_doit.c +1299 -0
  631. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pk7_lib.c +665 -0
  632. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pk7_mime.c +97 -0
  633. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pk7_smime.c +606 -0
  634. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pkcs7.h +499 -0
  635. data/lib/extensions/openssl.so/ext/sources/crypto/pkcs7/pkcs7err.c +187 -0
  636. data/lib/extensions/openssl.so/ext/sources/crypto/pqueue/pqueue.c +252 -0
  637. data/lib/extensions/openssl.so/ext/sources/crypto/pqueue/pqueue.h +94 -0
  638. data/lib/extensions/openssl.so/ext/sources/crypto/rand/md_rand.c +592 -0
  639. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand.h +149 -0
  640. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_egd.c +303 -0
  641. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_err.c +100 -0
  642. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_lcl.h +158 -0
  643. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_lib.c +295 -0
  644. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_nw.c +183 -0
  645. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_os2.c +153 -0
  646. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_unix.c +431 -0
  647. data/lib/extensions/openssl.so/ext/sources/crypto/rand/rand_win.c +807 -0
  648. data/lib/extensions/openssl.so/ext/sources/crypto/rand/randfile.c +326 -0
  649. data/lib/extensions/openssl.so/ext/sources/crypto/rc2/rc2.h +103 -0
  650. data/lib/extensions/openssl.so/ext/sources/crypto/rc2/rc2_cbc.c +226 -0
  651. data/lib/extensions/openssl.so/ext/sources/crypto/rc2/rc2_ecb.c +88 -0
  652. data/lib/extensions/openssl.so/ext/sources/crypto/rc2/rc2_locl.h +156 -0
  653. data/lib/extensions/openssl.so/ext/sources/crypto/rc2/rc2_skey.c +153 -0
  654. data/lib/extensions/openssl.so/ext/sources/crypto/rc2/rc2cfb64.c +122 -0
  655. data/lib/extensions/openssl.so/ext/sources/crypto/rc2/rc2ofb64.c +111 -0
  656. data/lib/extensions/openssl.so/ext/sources/crypto/rc4/rc4.h +90 -0
  657. data/lib/extensions/openssl.so/ext/sources/crypto/rc4/rc4_enc.c +315 -0
  658. data/lib/extensions/openssl.so/ext/sources/crypto/rc4/rc4_locl.h +5 -0
  659. data/lib/extensions/openssl.so/ext/sources/crypto/rc4/rc4_skey.c +116 -0
  660. data/lib/extensions/openssl.so/ext/sources/crypto/rc4/rc4_utl.c +62 -0
  661. data/lib/extensions/openssl.so/ext/sources/crypto/ripemd/ripemd.h +107 -0
  662. data/lib/extensions/openssl.so/ext/sources/crypto/ripemd/rmd_dgst.c +292 -0
  663. data/lib/extensions/openssl.so/ext/sources/crypto/ripemd/rmd_locl.h +150 -0
  664. data/lib/extensions/openssl.so/ext/sources/crypto/ripemd/rmd_one.c +78 -0
  665. data/lib/extensions/openssl.so/ext/sources/crypto/ripemd/rmdconst.h +399 -0
  666. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa.h +582 -0
  667. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_ameth.c +698 -0
  668. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_asn1.c +121 -0
  669. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_chk.c +184 -0
  670. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_crpt.c +257 -0
  671. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_depr.c +101 -0
  672. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_eay.c +915 -0
  673. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_err.c +209 -0
  674. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_gen.c +234 -0
  675. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_lib.c +333 -0
  676. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_locl.h +4 -0
  677. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_none.c +98 -0
  678. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_null.c +151 -0
  679. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_oaep.c +235 -0
  680. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_pk1.c +224 -0
  681. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_pmeth.c +723 -0
  682. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_prn.c +93 -0
  683. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_pss.c +300 -0
  684. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_saos.c +150 -0
  685. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_sign.c +318 -0
  686. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_ssl.c +154 -0
  687. data/lib/extensions/openssl.so/ext/sources/crypto/rsa/rsa_x931.c +177 -0
  688. data/lib/extensions/openssl.so/ext/sources/crypto/seed/seed.c +336 -0
  689. data/lib/extensions/openssl.so/ext/sources/crypto/seed/seed.h +139 -0
  690. data/lib/extensions/openssl.so/ext/sources/crypto/seed/seed_cbc.c +63 -0
  691. data/lib/extensions/openssl.so/ext/sources/crypto/seed/seed_cfb.c +116 -0
  692. data/lib/extensions/openssl.so/ext/sources/crypto/seed/seed_ecb.c +60 -0
  693. data/lib/extensions/openssl.so/ext/sources/crypto/seed/seed_locl.h +116 -0
  694. data/lib/extensions/openssl.so/ext/sources/crypto/seed/seed_ofb.c +116 -0
  695. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha.h +214 -0
  696. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha1_one.c +78 -0
  697. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha1dgst.c +75 -0
  698. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha256.c +282 -0
  699. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha512.c +597 -0
  700. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha_dgst.c +75 -0
  701. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha_locl.h +441 -0
  702. data/lib/extensions/openssl.so/ext/sources/crypto/sha/sha_one.c +78 -0
  703. data/lib/extensions/openssl.so/ext/sources/crypto/srp/srp.h +172 -0
  704. data/lib/extensions/openssl.so/ext/sources/crypto/srp/srp_grps.h +517 -0
  705. data/lib/extensions/openssl.so/ext/sources/crypto/srp/srp_lcl.h +83 -0
  706. data/lib/extensions/openssl.so/ext/sources/crypto/srp/srp_lib.c +357 -0
  707. data/lib/extensions/openssl.so/ext/sources/crypto/srp/srp_vfy.c +657 -0
  708. data/lib/extensions/openssl.so/ext/sources/crypto/stack/safestack.h +2663 -0
  709. data/lib/extensions/openssl.so/ext/sources/crypto/stack/stack.c +334 -0
  710. data/lib/extensions/openssl.so/ext/sources/crypto/stack/stack.h +108 -0
  711. data/lib/extensions/openssl.so/ext/sources/crypto/symhacks.h +477 -0
  712. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts.h +858 -0
  713. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_asn1.c +322 -0
  714. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_conf.c +507 -0
  715. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_err.c +179 -0
  716. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_lib.c +145 -0
  717. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_req_print.c +102 -0
  718. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_req_utils.c +234 -0
  719. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_rsp_print.c +287 -0
  720. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_rsp_sign.c +1020 -0
  721. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_rsp_utils.c +409 -0
  722. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_rsp_verify.c +728 -0
  723. data/lib/extensions/openssl.so/ext/sources/crypto/ts/ts_verify_ctx.c +159 -0
  724. data/lib/extensions/openssl.so/ext/sources/crypto/txt_db/txt_db.c +388 -0
  725. data/lib/extensions/openssl.so/ext/sources/crypto/txt_db/txt_db.h +112 -0
  726. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui.h +383 -0
  727. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui_compat.c +67 -0
  728. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui_compat.h +83 -0
  729. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui_err.c +112 -0
  730. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui_lib.c +924 -0
  731. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui_locl.h +153 -0
  732. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui_openssl.c +712 -0
  733. data/lib/extensions/openssl.so/ext/sources/crypto/ui/ui_util.c +91 -0
  734. data/lib/extensions/openssl.so/ext/sources/crypto/uid.c +89 -0
  735. data/lib/extensions/openssl.so/ext/sources/crypto/vms_rms.h +51 -0
  736. data/lib/extensions/openssl.so/ext/sources/crypto/whrlpool/whrlpool.h +41 -0
  737. data/lib/extensions/openssl.so/ext/sources/crypto/whrlpool/wp_block.c +655 -0
  738. data/lib/extensions/openssl.so/ext/sources/crypto/whrlpool/wp_dgst.c +265 -0
  739. data/lib/extensions/openssl.so/ext/sources/crypto/whrlpool/wp_locl.h +3 -0
  740. data/lib/extensions/openssl.so/ext/sources/crypto/x509/by_dir.c +482 -0
  741. data/lib/extensions/openssl.so/ext/sources/crypto/x509/by_file.c +300 -0
  742. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509.h +1297 -0
  743. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_att.c +359 -0
  744. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_cmp.c +344 -0
  745. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_d2.c +107 -0
  746. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_def.c +81 -0
  747. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_err.c +164 -0
  748. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_ext.c +210 -0
  749. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_lu.c +716 -0
  750. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_obj.c +226 -0
  751. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_r2x.c +114 -0
  752. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_req.c +316 -0
  753. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_set.c +150 -0
  754. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_trs.c +288 -0
  755. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_txt.c +193 -0
  756. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_v3.c +274 -0
  757. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_vfy.c +2214 -0
  758. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_vfy.h +567 -0
  759. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509_vpm.c +438 -0
  760. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509cset.c +170 -0
  761. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509name.c +383 -0
  762. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509rset.c +83 -0
  763. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509spki.c +121 -0
  764. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x509type.c +131 -0
  765. data/lib/extensions/openssl.so/ext/sources/crypto/x509/x_all.c +535 -0
  766. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/ext_dat.h +132 -0
  767. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/pcy_cache.c +286 -0
  768. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/pcy_data.c +135 -0
  769. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/pcy_int.h +212 -0
  770. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/pcy_lib.c +167 -0
  771. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/pcy_map.c +132 -0
  772. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/pcy_node.c +197 -0
  773. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/pcy_tree.c +872 -0
  774. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_addr.c +1338 -0
  775. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_akey.c +208 -0
  776. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_akeya.c +72 -0
  777. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_alt.c +614 -0
  778. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_asid.c +890 -0
  779. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_bcons.c +124 -0
  780. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_bitst.c +141 -0
  781. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_conf.c +525 -0
  782. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_cpols.c +457 -0
  783. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_crld.c +616 -0
  784. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_enum.c +97 -0
  785. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_extku.c +144 -0
  786. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_genn.c +252 -0
  787. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_ia5.c +116 -0
  788. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_info.c +193 -0
  789. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_int.c +89 -0
  790. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_lib.c +309 -0
  791. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_ncons.c +505 -0
  792. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_ocsp.c +289 -0
  793. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_pci.c +328 -0
  794. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_pcia.c +55 -0
  795. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_pcons.c +140 -0
  796. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_pku.c +108 -0
  797. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_pmaps.c +155 -0
  798. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_prn.c +234 -0
  799. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_purp.c +767 -0
  800. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_skey.c +145 -0
  801. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_sxnet.c +262 -0
  802. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3_utl.c +874 -0
  803. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/v3err.c +226 -0
  804. data/lib/extensions/openssl.so/ext/sources/crypto/x509v3/x509v3.h +1007 -0
  805. data/lib/extensions/openssl.so/ext/sources/e_os.h +735 -0
  806. data/lib/extensions/openssl.so/ext/sources/e_os2.h +315 -0
  807. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/e_gost_err.c +212 -0
  808. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/e_gost_err.h +156 -0
  809. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost2001.c +343 -0
  810. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost2001_keyx.c +308 -0
  811. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost2001_keyx.h +10 -0
  812. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost89.c +409 -0
  813. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost89.h +96 -0
  814. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost94_keyx.c +291 -0
  815. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_ameth.c +945 -0
  816. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_asn1.c +55 -0
  817. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_crypt.c +617 -0
  818. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_ctl.c +89 -0
  819. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_eng.c +273 -0
  820. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_keywrap.c +109 -0
  821. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_keywrap.h +56 -0
  822. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_lcl.h +221 -0
  823. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_md.c +75 -0
  824. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_params.c +198 -0
  825. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_params.h +34 -0
  826. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_pmeth.c +628 -0
  827. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gost_sign.c +321 -0
  828. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gosthash.c +255 -0
  829. data/lib/extensions/openssl.so/ext/sources/engines/ccgost/gosthash.h +48 -0
  830. data/lib/extensions/openssl.so/ext/sources/engines/e_4758cca.c +987 -0
  831. data/lib/extensions/openssl.so/ext/sources/engines/e_4758cca_err.c +153 -0
  832. data/lib/extensions/openssl.so/ext/sources/engines/e_4758cca_err.h +97 -0
  833. data/lib/extensions/openssl.so/ext/sources/engines/e_aep.c +1139 -0
  834. data/lib/extensions/openssl.so/ext/sources/engines/e_aep_err.c +161 -0
  835. data/lib/extensions/openssl.so/ext/sources/engines/e_aep_err.h +105 -0
  836. data/lib/extensions/openssl.so/ext/sources/engines/e_atalla.c +607 -0
  837. data/lib/extensions/openssl.so/ext/sources/engines/e_atalla_err.c +149 -0
  838. data/lib/extensions/openssl.so/ext/sources/engines/e_atalla_err.h +93 -0
  839. data/lib/extensions/openssl.so/ext/sources/engines/e_capi.c +1913 -0
  840. data/lib/extensions/openssl.so/ext/sources/engines/e_capi_err.c +184 -0
  841. data/lib/extensions/openssl.so/ext/sources/engines/e_capi_err.h +128 -0
  842. data/lib/extensions/openssl.so/ext/sources/engines/e_chil.c +1356 -0
  843. data/lib/extensions/openssl.so/ext/sources/engines/e_chil_err.c +160 -0
  844. data/lib/extensions/openssl.so/ext/sources/engines/e_chil_err.h +104 -0
  845. data/lib/extensions/openssl.so/ext/sources/engines/e_cswift.c +1129 -0
  846. data/lib/extensions/openssl.so/ext/sources/engines/e_cswift_err.c +154 -0
  847. data/lib/extensions/openssl.so/ext/sources/engines/e_cswift_err.h +98 -0
  848. data/lib/extensions/openssl.so/ext/sources/engines/e_gmp.c +480 -0
  849. data/lib/extensions/openssl.so/ext/sources/engines/e_gmp_err.c +141 -0
  850. data/lib/extensions/openssl.so/ext/sources/engines/e_gmp_err.h +85 -0
  851. data/lib/extensions/openssl.so/ext/sources/engines/e_nuron.c +434 -0
  852. data/lib/extensions/openssl.so/ext/sources/engines/e_nuron_err.c +146 -0
  853. data/lib/extensions/openssl.so/ext/sources/engines/e_nuron_err.h +90 -0
  854. data/lib/extensions/openssl.so/ext/sources/engines/e_padlock.c +1239 -0
  855. data/lib/extensions/openssl.so/ext/sources/engines/e_sureware.c +1055 -0
  856. data/lib/extensions/openssl.so/ext/sources/engines/e_sureware_err.c +158 -0
  857. data/lib/extensions/openssl.so/ext/sources/engines/e_sureware_err.h +102 -0
  858. data/lib/extensions/openssl.so/ext/sources/engines/e_ubsec.c +1069 -0
  859. data/lib/extensions/openssl.so/ext/sources/engines/e_ubsec_err.c +157 -0
  860. data/lib/extensions/openssl.so/ext/sources/engines/e_ubsec_err.h +101 -0
  861. data/lib/extensions/openssl.so/ext/sources/engines/vendor_defns/aep.h +178 -0
  862. data/lib/extensions/openssl.so/ext/sources/engines/vendor_defns/atalla.h +48 -0
  863. data/lib/extensions/openssl.so/ext/sources/engines/vendor_defns/cswift.h +234 -0
  864. data/lib/extensions/openssl.so/ext/sources/engines/vendor_defns/hw_4758_cca.h +149 -0
  865. data/lib/extensions/openssl.so/ext/sources/engines/vendor_defns/hw_ubsec.h +100 -0
  866. data/lib/extensions/openssl.so/ext/sources/engines/vendor_defns/hwcryptohook.h +486 -0
  867. data/lib/extensions/openssl.so/ext/sources/engines/vendor_defns/sureware.h +239 -0
  868. data/lib/extensions/openssl.so/ext/sources/include/openssl/aes.h +1 -0
  869. data/lib/extensions/openssl.so/ext/sources/include/openssl/asn1.h +1 -0
  870. data/lib/extensions/openssl.so/ext/sources/include/openssl/asn1_mac.h +1 -0
  871. data/lib/extensions/openssl.so/ext/sources/include/openssl/asn1t.h +1 -0
  872. data/lib/extensions/openssl.so/ext/sources/include/openssl/bio.h +1 -0
  873. data/lib/extensions/openssl.so/ext/sources/include/openssl/blowfish.h +1 -0
  874. data/lib/extensions/openssl.so/ext/sources/include/openssl/bn.h +1 -0
  875. data/lib/extensions/openssl.so/ext/sources/include/openssl/buffer.h +1 -0
  876. data/lib/extensions/openssl.so/ext/sources/include/openssl/camellia.h +1 -0
  877. data/lib/extensions/openssl.so/ext/sources/include/openssl/cast.h +1 -0
  878. data/lib/extensions/openssl.so/ext/sources/include/openssl/cmac.h +1 -0
  879. data/lib/extensions/openssl.so/ext/sources/include/openssl/cms.h +1 -0
  880. data/lib/extensions/openssl.so/ext/sources/include/openssl/comp.h +1 -0
  881. data/lib/extensions/openssl.so/ext/sources/include/openssl/conf.h +1 -0
  882. data/lib/extensions/openssl.so/ext/sources/include/openssl/conf_api.h +1 -0
  883. data/lib/extensions/openssl.so/ext/sources/include/openssl/crypto.h +1 -0
  884. data/lib/extensions/openssl.so/ext/sources/include/openssl/des.h +1 -0
  885. data/lib/extensions/openssl.so/ext/sources/include/openssl/des_old.h +1 -0
  886. data/lib/extensions/openssl.so/ext/sources/include/openssl/dh.h +1 -0
  887. data/lib/extensions/openssl.so/ext/sources/include/openssl/dsa.h +1 -0
  888. data/lib/extensions/openssl.so/ext/sources/include/openssl/dso.h +1 -0
  889. data/lib/extensions/openssl.so/ext/sources/include/openssl/dtls1.h +1 -0
  890. data/lib/extensions/openssl.so/ext/sources/include/openssl/e_os2.h +1 -0
  891. data/lib/extensions/openssl.so/ext/sources/include/openssl/ebcdic.h +1 -0
  892. data/lib/extensions/openssl.so/ext/sources/include/openssl/ec.h +1 -0
  893. data/lib/extensions/openssl.so/ext/sources/include/openssl/ecdh.h +1 -0
  894. data/lib/extensions/openssl.so/ext/sources/include/openssl/ecdsa.h +1 -0
  895. data/lib/extensions/openssl.so/ext/sources/include/openssl/engine.h +1 -0
  896. data/lib/extensions/openssl.so/ext/sources/include/openssl/err.h +1 -0
  897. data/lib/extensions/openssl.so/ext/sources/include/openssl/evp.h +1 -0
  898. data/lib/extensions/openssl.so/ext/sources/include/openssl/hmac.h +1 -0
  899. data/lib/extensions/openssl.so/ext/sources/include/openssl/idea.h +1 -0
  900. data/lib/extensions/openssl.so/ext/sources/include/openssl/krb5_asn.h +1 -0
  901. data/lib/extensions/openssl.so/ext/sources/include/openssl/kssl.h +1 -0
  902. data/lib/extensions/openssl.so/ext/sources/include/openssl/lhash.h +1 -0
  903. data/lib/extensions/openssl.so/ext/sources/include/openssl/md4.h +1 -0
  904. data/lib/extensions/openssl.so/ext/sources/include/openssl/md5.h +1 -0
  905. data/lib/extensions/openssl.so/ext/sources/include/openssl/mdc2.h +1 -0
  906. data/lib/extensions/openssl.so/ext/sources/include/openssl/modes.h +1 -0
  907. data/lib/extensions/openssl.so/ext/sources/include/openssl/obj_mac.h +1 -0
  908. data/lib/extensions/openssl.so/ext/sources/include/openssl/objects.h +1 -0
  909. data/lib/extensions/openssl.so/ext/sources/include/openssl/ocsp.h +1 -0
  910. data/lib/extensions/openssl.so/ext/sources/include/openssl/opensslconf.h +1 -0
  911. data/lib/extensions/openssl.so/ext/sources/include/openssl/opensslv.h +1 -0
  912. data/lib/extensions/openssl.so/ext/sources/include/openssl/ossl_typ.h +1 -0
  913. data/lib/extensions/openssl.so/ext/sources/include/openssl/pem.h +1 -0
  914. data/lib/extensions/openssl.so/ext/sources/include/openssl/pem2.h +1 -0
  915. data/lib/extensions/openssl.so/ext/sources/include/openssl/pkcs12.h +1 -0
  916. data/lib/extensions/openssl.so/ext/sources/include/openssl/pkcs7.h +1 -0
  917. data/lib/extensions/openssl.so/ext/sources/include/openssl/pqueue.h +1 -0
  918. data/lib/extensions/openssl.so/ext/sources/include/openssl/rand.h +1 -0
  919. data/lib/extensions/openssl.so/ext/sources/include/openssl/rc2.h +1 -0
  920. data/lib/extensions/openssl.so/ext/sources/include/openssl/rc4.h +1 -0
  921. data/lib/extensions/openssl.so/ext/sources/include/openssl/ripemd.h +1 -0
  922. data/lib/extensions/openssl.so/ext/sources/include/openssl/rsa.h +1 -0
  923. data/lib/extensions/openssl.so/ext/sources/include/openssl/safestack.h +1 -0
  924. data/lib/extensions/openssl.so/ext/sources/include/openssl/seed.h +1 -0
  925. data/lib/extensions/openssl.so/ext/sources/include/openssl/sha.h +1 -0
  926. data/lib/extensions/openssl.so/ext/sources/include/openssl/srp.h +1 -0
  927. data/lib/extensions/openssl.so/ext/sources/include/openssl/srtp.h +1 -0
  928. data/lib/extensions/openssl.so/ext/sources/include/openssl/ssl.h +1 -0
  929. data/lib/extensions/openssl.so/ext/sources/include/openssl/ssl2.h +1 -0
  930. data/lib/extensions/openssl.so/ext/sources/include/openssl/ssl23.h +1 -0
  931. data/lib/extensions/openssl.so/ext/sources/include/openssl/ssl3.h +1 -0
  932. data/lib/extensions/openssl.so/ext/sources/include/openssl/stack.h +1 -0
  933. data/lib/extensions/openssl.so/ext/sources/include/openssl/store.h +1 -0
  934. data/lib/extensions/openssl.so/ext/sources/include/openssl/symhacks.h +1 -0
  935. data/lib/extensions/openssl.so/ext/sources/include/openssl/tls1.h +1 -0
  936. data/lib/extensions/openssl.so/ext/sources/include/openssl/ts.h +1 -0
  937. data/lib/extensions/openssl.so/ext/sources/include/openssl/txt_db.h +1 -0
  938. data/lib/extensions/openssl.so/ext/sources/include/openssl/ui.h +1 -0
  939. data/lib/extensions/openssl.so/ext/sources/include/openssl/ui_compat.h +1 -0
  940. data/lib/extensions/openssl.so/ext/sources/include/openssl/whrlpool.h +1 -0
  941. data/lib/extensions/openssl.so/ext/sources/include/openssl/x509.h +1 -0
  942. data/lib/extensions/openssl.so/ext/sources/include/openssl/x509_vfy.h +1 -0
  943. data/lib/extensions/openssl.so/ext/sources/include/openssl/x509v3.h +1 -0
  944. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/assert.h +50 -0
  945. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/conio.h +40 -0
  946. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/ctype.h +90 -0
  947. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/direct.h +22 -0
  948. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/errno.h +158 -0
  949. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/fcntl.h +56 -0
  950. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/float.h +330 -0
  951. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/io.h +63 -0
  952. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/limits.h +95 -0
  953. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/malloc.h +59 -0
  954. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/math.h +95 -0
  955. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/memory.h +44 -0
  956. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/process.h +59 -0
  957. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/setjmp.h +69 -0
  958. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/signal.h +53 -0
  959. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/stdarg.h +78 -0
  960. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/stddef.h +88 -0
  961. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/stdio.h +182 -0
  962. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/stdlib.h +142 -0
  963. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/string.h +109 -0
  964. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/strings.h +3 -0
  965. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/sys/locking.h +31 -0
  966. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/sys/stat.h +92 -0
  967. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/sys/time.h +20 -0
  968. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/sys/timeb.h +58 -0
  969. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/sys/types.h +35 -0
  970. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/sys/utime.h +21 -0
  971. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/time.h +81 -0
  972. data/lib/extensions/openssl.so/ext/sources/include/wcecompat/winsock_extras.h +46 -0
  973. data/lib/extensions/openssl.so/ext/sources/ssl/bio_ssl.c +605 -0
  974. data/lib/extensions/openssl.so/ext/sources/ssl/d1_both.c +1591 -0
  975. data/lib/extensions/openssl.so/ext/sources/ssl/d1_clnt.c +1710 -0
  976. data/lib/extensions/openssl.so/ext/sources/ssl/d1_enc.c +289 -0
  977. data/lib/extensions/openssl.so/ext/sources/ssl/d1_lib.c +482 -0
  978. data/lib/extensions/openssl.so/ext/sources/ssl/d1_meth.c +77 -0
  979. data/lib/extensions/openssl.so/ext/sources/ssl/d1_pkt.c +1876 -0
  980. data/lib/extensions/openssl.so/ext/sources/ssl/d1_srtp.c +493 -0
  981. data/lib/extensions/openssl.so/ext/sources/ssl/d1_srvr.c +1711 -0
  982. data/lib/extensions/openssl.so/ext/sources/ssl/dtls1.h +283 -0
  983. data/lib/extensions/openssl.so/ext/sources/ssl/kssl.c +2221 -0
  984. data/lib/extensions/openssl.so/ext/sources/ssl/kssl.h +183 -0
  985. data/lib/extensions/openssl.so/ext/sources/ssl/kssl_lcl.h +87 -0
  986. data/lib/extensions/openssl.so/ext/sources/ssl/s23_clnt.c +779 -0
  987. data/lib/extensions/openssl.so/ext/sources/ssl/s23_lib.c +187 -0
  988. data/lib/extensions/openssl.so/ext/sources/ssl/s23_meth.c +92 -0
  989. data/lib/extensions/openssl.so/ext/sources/ssl/s23_pkt.c +117 -0
  990. data/lib/extensions/openssl.so/ext/sources/ssl/s23_srvr.c +638 -0
  991. data/lib/extensions/openssl.so/ext/sources/ssl/s2_clnt.c +1125 -0
  992. data/lib/extensions/openssl.so/ext/sources/ssl/s2_enc.c +193 -0
  993. data/lib/extensions/openssl.so/ext/sources/ssl/s2_lib.c +556 -0
  994. data/lib/extensions/openssl.so/ext/sources/ssl/s2_meth.c +84 -0
  995. data/lib/extensions/openssl.so/ext/sources/ssl/s2_pkt.c +744 -0
  996. data/lib/extensions/openssl.so/ext/sources/ssl/s2_srvr.c +1142 -0
  997. data/lib/extensions/openssl.so/ext/sources/ssl/s3_both.c +843 -0
  998. data/lib/extensions/openssl.so/ext/sources/ssl/s3_clnt.c +3371 -0
  999. data/lib/extensions/openssl.so/ext/sources/ssl/s3_enc.c +861 -0
  1000. data/lib/extensions/openssl.so/ext/sources/ssl/s3_lib.c +4282 -0
  1001. data/lib/extensions/openssl.so/ext/sources/ssl/s3_meth.c +77 -0
  1002. data/lib/extensions/openssl.so/ext/sources/ssl/s3_pkt.c +1518 -0
  1003. data/lib/extensions/openssl.so/ext/sources/ssl/s3_srvr.c +3586 -0
  1004. data/lib/extensions/openssl.so/ext/sources/ssl/srtp.h +145 -0
  1005. data/lib/extensions/openssl.so/ext/sources/ssl/ssl.h +2573 -0
  1006. data/lib/extensions/openssl.so/ext/sources/ssl/ssl2.h +272 -0
  1007. data/lib/extensions/openssl.so/ext/sources/ssl/ssl23.h +83 -0
  1008. data/lib/extensions/openssl.so/ext/sources/ssl/ssl3.h +678 -0
  1009. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_algs.c +149 -0
  1010. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_asn1.c +642 -0
  1011. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_cert.c +853 -0
  1012. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_ciph.c +1852 -0
  1013. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_err.c +609 -0
  1014. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_err2.c +70 -0
  1015. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_lib.c +3251 -0
  1016. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_locl.h +1134 -0
  1017. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_rsa.c +779 -0
  1018. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_sess.c +1159 -0
  1019. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_stat.c +567 -0
  1020. data/lib/extensions/openssl.so/ext/sources/ssl/ssl_txt.c +248 -0
  1021. data/lib/extensions/openssl.so/ext/sources/ssl/t1_clnt.c +92 -0
  1022. data/lib/extensions/openssl.so/ext/sources/ssl/t1_enc.c +1256 -0
  1023. data/lib/extensions/openssl.so/ext/sources/ssl/t1_lib.c +2578 -0
  1024. data/lib/extensions/openssl.so/ext/sources/ssl/t1_meth.c +88 -0
  1025. data/lib/extensions/openssl.so/ext/sources/ssl/t1_reneg.c +292 -0
  1026. data/lib/extensions/openssl.so/ext/sources/ssl/t1_srvr.c +93 -0
  1027. data/lib/extensions/openssl.so/ext/sources/ssl/tls1.h +735 -0
  1028. data/lib/extensions/openssl.so/ext/sources/ssl/tls_srp.c +506 -0
  1029. data/lib/extensions/openssl.so/ext/win32/UPDATE +15 -0
  1030. data/lib/extensions/openssl.so/ext/win32/bin/libeay32.dll +0 -0
  1031. data/lib/extensions/openssl.so/ext/win32/bin/ssleay32.dll +0 -0
  1032. data/lib/extensions/openssl.so/ext/win32/include/openssl/aes.h +147 -0
  1033. data/lib/extensions/openssl.so/ext/win32/include/openssl/applink.c +94 -0
  1034. data/lib/extensions/openssl.so/ext/win32/include/openssl/asn1.h +1404 -0
  1035. data/lib/extensions/openssl.so/ext/win32/include/openssl/asn1_mac.h +578 -0
  1036. data/lib/extensions/openssl.so/ext/win32/include/openssl/asn1t.h +960 -0
  1037. data/lib/extensions/openssl.so/ext/win32/include/openssl/bio.h +847 -0
  1038. data/lib/extensions/openssl.so/ext/win32/include/openssl/blowfish.h +129 -0
  1039. data/lib/extensions/openssl.so/ext/win32/include/openssl/bn.h +891 -0
  1040. data/lib/extensions/openssl.so/ext/win32/include/openssl/buffer.h +119 -0
  1041. data/lib/extensions/openssl.so/ext/win32/include/openssl/camellia.h +130 -0
  1042. data/lib/extensions/openssl.so/ext/win32/include/openssl/cast.h +107 -0
  1043. data/lib/extensions/openssl.so/ext/win32/include/openssl/cmac.h +82 -0
  1044. data/lib/extensions/openssl.so/ext/win32/include/openssl/cms.h +501 -0
  1045. data/lib/extensions/openssl.so/ext/win32/include/openssl/comp.h +80 -0
  1046. data/lib/extensions/openssl.so/ext/win32/include/openssl/conf.h +263 -0
  1047. data/lib/extensions/openssl.so/ext/win32/include/openssl/conf_api.h +89 -0
  1048. data/lib/extensions/openssl.so/ext/win32/include/openssl/crypto.h +604 -0
  1049. data/lib/extensions/openssl.so/ext/win32/include/openssl/des.h +248 -0
  1050. data/lib/extensions/openssl.so/ext/win32/include/openssl/des_old.h +446 -0
  1051. data/lib/extensions/openssl.so/ext/win32/include/openssl/dh.h +280 -0
  1052. data/lib/extensions/openssl.so/ext/win32/include/openssl/dsa.h +327 -0
  1053. data/lib/extensions/openssl.so/ext/win32/include/openssl/dso.h +409 -0
  1054. data/lib/extensions/openssl.so/ext/win32/include/openssl/dtls1.h +283 -0
  1055. data/lib/extensions/openssl.so/ext/win32/include/openssl/e_os2.h +315 -0
  1056. data/lib/extensions/openssl.so/ext/win32/include/openssl/ebcdic.h +19 -0
  1057. data/lib/extensions/openssl.so/ext/win32/include/openssl/ec.h +1159 -0
  1058. data/lib/extensions/openssl.so/ext/win32/include/openssl/ecdh.h +125 -0
  1059. data/lib/extensions/openssl.so/ext/win32/include/openssl/ecdsa.h +260 -0
  1060. data/lib/extensions/openssl.so/ext/win32/include/openssl/engine.h +842 -0
  1061. data/lib/extensions/openssl.so/ext/win32/include/openssl/err.h +386 -0
  1062. data/lib/extensions/openssl.so/ext/win32/include/openssl/evp.h +1402 -0
  1063. data/lib/extensions/openssl.so/ext/win32/include/openssl/hmac.h +110 -0
  1064. data/lib/extensions/openssl.so/ext/win32/include/openssl/idea.h +103 -0
  1065. data/lib/extensions/openssl.so/ext/win32/include/openssl/krb5_asn.h +256 -0
  1066. data/lib/extensions/openssl.so/ext/win32/include/openssl/kssl.h +183 -0
  1067. data/lib/extensions/openssl.so/ext/win32/include/openssl/lhash.h +241 -0
  1068. data/lib/extensions/openssl.so/ext/win32/include/openssl/md4.h +120 -0
  1069. data/lib/extensions/openssl.so/ext/win32/include/openssl/md5.h +120 -0
  1070. data/lib/extensions/openssl.so/ext/win32/include/openssl/mdc2.h +98 -0
  1071. data/lib/extensions/openssl.so/ext/win32/include/openssl/modes.h +135 -0
  1072. data/lib/extensions/openssl.so/ext/win32/include/openssl/obj_mac.h +4032 -0
  1073. data/lib/extensions/openssl.so/ext/win32/include/openssl/objects.h +1138 -0
  1074. data/lib/extensions/openssl.so/ext/win32/include/openssl/ocsp.h +623 -0
  1075. data/lib/extensions/openssl.so/ext/win32/include/openssl/opensslconf.h +235 -0
  1076. data/lib/extensions/openssl.so/ext/win32/include/openssl/opensslv.h +89 -0
  1077. data/lib/extensions/openssl.so/ext/win32/include/openssl/ossl_typ.h +202 -0
  1078. data/lib/extensions/openssl.so/ext/win32/include/openssl/pem.h +641 -0
  1079. data/lib/extensions/openssl.so/ext/win32/include/openssl/pem2.h +70 -0
  1080. data/lib/extensions/openssl.so/ext/win32/include/openssl/pkcs12.h +331 -0
  1081. data/lib/extensions/openssl.so/ext/win32/include/openssl/pkcs7.h +499 -0
  1082. data/lib/extensions/openssl.so/ext/win32/include/openssl/pqueue.h +94 -0
  1083. data/lib/extensions/openssl.so/ext/win32/include/openssl/rand.h +149 -0
  1084. data/lib/extensions/openssl.so/ext/win32/include/openssl/rc2.h +103 -0
  1085. data/lib/extensions/openssl.so/ext/win32/include/openssl/rc4.h +90 -0
  1086. data/lib/extensions/openssl.so/ext/win32/include/openssl/ripemd.h +107 -0
  1087. data/lib/extensions/openssl.so/ext/win32/include/openssl/rsa.h +582 -0
  1088. data/lib/extensions/openssl.so/ext/win32/include/openssl/safestack.h +2663 -0
  1089. data/lib/extensions/openssl.so/ext/win32/include/openssl/seed.h +139 -0
  1090. data/lib/extensions/openssl.so/ext/win32/include/openssl/sha.h +214 -0
  1091. data/lib/extensions/openssl.so/ext/win32/include/openssl/srp.h +172 -0
  1092. data/lib/extensions/openssl.so/ext/win32/include/openssl/srtp.h +145 -0
  1093. data/lib/extensions/openssl.so/ext/win32/include/openssl/ssl.h +2572 -0
  1094. data/lib/extensions/openssl.so/ext/win32/include/openssl/ssl2.h +272 -0
  1095. data/lib/extensions/openssl.so/ext/win32/include/openssl/ssl23.h +83 -0
  1096. data/lib/extensions/openssl.so/ext/win32/include/openssl/ssl3.h +678 -0
  1097. data/lib/extensions/openssl.so/ext/win32/include/openssl/stack.h +108 -0
  1098. data/lib/extensions/openssl.so/ext/win32/include/openssl/symhacks.h +477 -0
  1099. data/lib/extensions/openssl.so/ext/win32/include/openssl/tls1.h +735 -0
  1100. data/lib/extensions/openssl.so/ext/win32/include/openssl/ts.h +858 -0
  1101. data/lib/extensions/openssl.so/ext/win32/include/openssl/txt_db.h +112 -0
  1102. data/lib/extensions/openssl.so/ext/win32/include/openssl/ui.h +383 -0
  1103. data/lib/extensions/openssl.so/ext/win32/include/openssl/ui_compat.h +83 -0
  1104. data/lib/extensions/openssl.so/ext/win32/include/openssl/whrlpool.h +41 -0
  1105. data/lib/extensions/openssl.so/ext/win32/include/openssl/x509.h +1297 -0
  1106. data/lib/extensions/openssl.so/ext/win32/include/openssl/x509_vfy.h +567 -0
  1107. data/lib/extensions/openssl.so/ext/win32/include/openssl/x509v3.h +1007 -0
  1108. data/lib/extensions/openssl.so/ext/win32/lib/libeay32.lib +0 -0
  1109. data/lib/extensions/openssl.so/ext/win32/lib/ssleay32.lib +0 -0
  1110. data/lib/extensions/openssl.so/ext/wm/lib/libopenssl.lib +0 -0
  1111. data/lib/extensions/openssl.so/ext/wm/openssl.sln +30 -0
  1112. data/lib/extensions/openssl.so/ext/wm/openssl.vcproj +3254 -0
  1113. data/lib/extensions/openssl.so/ext/wm/tmp/MC3000c50b (ARMV4I)/Release/BuildLog.htm +0 -0
  1114. data/lib/extensions/openssl.so/ext/wm/tmp/Windows Mobile 6 Professional SDK (ARMV4I)/Release/BuildLog.htm +0 -0
  1115. data/lib/extensions/openssl.so/openssl.so.rb +1 -0
  1116. data/lib/extensions/openssl/ext.yml +2 -0
  1117. data/lib/extensions/openssl/ext/Rakefile +132 -0
  1118. data/lib/extensions/openssl/ext/android/extconf.h +55 -0
  1119. data/lib/extensions/openssl/ext/build +12 -0
  1120. data/lib/extensions/openssl/ext/build.bat +1 -0
  1121. data/lib/extensions/openssl/ext/extconf.rb +141 -0
  1122. data/lib/extensions/openssl/ext/iphone/Rakefile +79 -0
  1123. data/lib/extensions/openssl/ext/iphone/extconf.h +55 -0
  1124. data/lib/extensions/openssl/ext/iphone/openssl.xcodeproj/project.pbxproj +472 -0
  1125. data/lib/extensions/openssl/ext/iphone/openssl_Prefix.pch +7 -0
  1126. data/lib/extensions/openssl/ext/macosx/extconf.h +53 -0
  1127. data/lib/extensions/openssl/ext/openssl.sln +44 -0
  1128. data/lib/extensions/openssl/ext/openssl.vcproj +844 -0
  1129. data/lib/extensions/openssl/ext/openssl_missing.c +361 -0
  1130. data/lib/extensions/openssl/ext/openssl_missing.h +194 -0
  1131. data/lib/extensions/openssl/ext/ossl.c +514 -0
  1132. data/lib/extensions/openssl/ext/ossl.h +243 -0
  1133. data/lib/extensions/openssl/ext/ossl_asn1.c +1170 -0
  1134. data/lib/extensions/openssl/ext/ossl_asn1.h +59 -0
  1135. data/lib/extensions/openssl/ext/ossl_bio.c +86 -0
  1136. data/lib/extensions/openssl/ext/ossl_bio.h +21 -0
  1137. data/lib/extensions/openssl/ext/ossl_bn.c +852 -0
  1138. data/lib/extensions/openssl/ext/ossl_bn.h +25 -0
  1139. data/lib/extensions/openssl/ext/ossl_cipher.c +546 -0
  1140. data/lib/extensions/openssl/ext/ossl_cipher.h +22 -0
  1141. data/lib/extensions/openssl/ext/ossl_config.c +492 -0
  1142. data/lib/extensions/openssl/ext/ossl_config.h +22 -0
  1143. data/lib/extensions/openssl/ext/ossl_digest.c +257 -0
  1144. data/lib/extensions/openssl/ext/ossl_digest.h +22 -0
  1145. data/lib/extensions/openssl/ext/ossl_engine.c +411 -0
  1146. data/lib/extensions/openssl/ext/ossl_engine.h +20 -0
  1147. data/lib/extensions/openssl/ext/ossl_hmac.c +270 -0
  1148. data/lib/extensions/openssl/ext/ossl_hmac.h +19 -0
  1149. data/lib/extensions/openssl/ext/ossl_ns_spki.c +257 -0
  1150. data/lib/extensions/openssl/ext/ossl_ns_spki.h +21 -0
  1151. data/lib/extensions/openssl/ext/ossl_ocsp.c +773 -0
  1152. data/lib/extensions/openssl/ext/ossl_ocsp.h +24 -0
  1153. data/lib/extensions/openssl/ext/ossl_pkcs12.c +212 -0
  1154. data/lib/extensions/openssl/ext/ossl_pkcs12.h +15 -0
  1155. data/lib/extensions/openssl/ext/ossl_pkcs5.c +98 -0
  1156. data/lib/extensions/openssl/ext/ossl_pkcs5.h +6 -0
  1157. data/lib/extensions/openssl/ext/ossl_pkcs7.c +1041 -0
  1158. data/lib/extensions/openssl/ext/ossl_pkcs7.h +22 -0
  1159. data/lib/extensions/openssl/ext/ossl_pkey.c +240 -0
  1160. data/lib/extensions/openssl/ext/ossl_pkey.h +141 -0
  1161. data/lib/extensions/openssl/ext/ossl_pkey_dh.c +536 -0
  1162. data/lib/extensions/openssl/ext/ossl_pkey_dsa.c +492 -0
  1163. data/lib/extensions/openssl/ext/ossl_pkey_ec.c +1597 -0
  1164. data/lib/extensions/openssl/ext/ossl_pkey_rsa.c +601 -0
  1165. data/lib/extensions/openssl/ext/ossl_rand.c +202 -0
  1166. data/lib/extensions/openssl/ext/ossl_rand.h +20 -0
  1167. data/lib/extensions/openssl/ext/ossl_ssl.c +1691 -0
  1168. data/lib/extensions/openssl/ext/ossl_ssl.h +36 -0
  1169. data/lib/extensions/openssl/ext/ossl_ssl_session.c +306 -0
  1170. data/lib/extensions/openssl/ext/ossl_version.h +16 -0
  1171. data/lib/extensions/openssl/ext/ossl_x509.c +104 -0
  1172. data/lib/extensions/openssl/ext/ossl_x509.h +114 -0
  1173. data/lib/extensions/openssl/ext/ossl_x509attr.c +275 -0
  1174. data/lib/extensions/openssl/ext/ossl_x509cert.c +766 -0
  1175. data/lib/extensions/openssl/ext/ossl_x509crl.c +537 -0
  1176. data/lib/extensions/openssl/ext/ossl_x509ext.c +459 -0
  1177. data/lib/extensions/openssl/ext/ossl_x509name.c +375 -0
  1178. data/lib/extensions/openssl/ext/ossl_x509req.c +468 -0
  1179. data/lib/extensions/openssl/ext/ossl_x509revoked.c +229 -0
  1180. data/lib/extensions/openssl/ext/ossl_x509store.c +624 -0
  1181. data/lib/extensions/openssl/ext/ruby_missing.h +41 -0
  1182. data/lib/extensions/openssl/ext/windows/extconf.h +66 -0
  1183. data/lib/extensions/openssl/openssl.rb +24 -0
  1184. data/lib/extensions/openssl/openssl/bn.rb +35 -0
  1185. data/lib/extensions/openssl/openssl/buffering.rb +341 -0
  1186. data/lib/extensions/openssl/openssl/cipher.rb +65 -0
  1187. data/lib/extensions/openssl/openssl/digest.rb +61 -0
  1188. data/lib/extensions/openssl/openssl/ssl-internal.rb +178 -0
  1189. data/lib/extensions/openssl/openssl/ssl.rb +1 -0
  1190. data/lib/extensions/openssl/openssl/x509-internal.rb +153 -0
  1191. data/lib/extensions/openssl/openssl/x509.rb +1 -0
  1192. data/lib/extensions/rhoxml/rexml/xmldecl.rb +119 -0
  1193. data/lib/extensions/zlib/ext.yml +2 -0
  1194. data/lib/extensions/zlib/ext/README +115 -0
  1195. data/lib/extensions/zlib/ext/Rakefile +127 -0
  1196. data/lib/extensions/zlib/ext/adler32.c +179 -0
  1197. data/lib/extensions/zlib/ext/build +12 -0
  1198. data/lib/extensions/zlib/ext/build.bat +1 -0
  1199. data/lib/extensions/zlib/ext/compress.c +80 -0
  1200. data/lib/extensions/zlib/ext/crc32.c +425 -0
  1201. data/lib/extensions/zlib/ext/crc32.h +441 -0
  1202. data/lib/extensions/zlib/ext/deflate.c +1965 -0
  1203. data/lib/extensions/zlib/ext/deflate.h +346 -0
  1204. data/lib/extensions/zlib/ext/gzclose.c +25 -0
  1205. data/lib/extensions/zlib/ext/gzguts.h +193 -0
  1206. data/lib/extensions/zlib/ext/gzlib.c +620 -0
  1207. data/lib/extensions/zlib/ext/gzread.c +589 -0
  1208. data/lib/extensions/zlib/ext/gzwrite.c +565 -0
  1209. data/lib/extensions/zlib/ext/infback.c +640 -0
  1210. data/lib/extensions/zlib/ext/inffast.c +340 -0
  1211. data/lib/extensions/zlib/ext/inffast.h +11 -0
  1212. data/lib/extensions/zlib/ext/inffixed.h +94 -0
  1213. data/lib/extensions/zlib/ext/inflate.c +1496 -0
  1214. data/lib/extensions/zlib/ext/inflate.h +122 -0
  1215. data/lib/extensions/zlib/ext/inftrees.c +306 -0
  1216. data/lib/extensions/zlib/ext/inftrees.h +62 -0
  1217. data/lib/extensions/zlib/ext/iphone/Rakefile +79 -0
  1218. data/lib/extensions/zlib/ext/iphone/zlib.xcodeproj/project.pbxproj +360 -0
  1219. data/lib/extensions/zlib/ext/iphone/zlib_Prefix.pch +7 -0
  1220. data/lib/extensions/zlib/ext/trees.c +1224 -0
  1221. data/lib/extensions/zlib/ext/trees.h +128 -0
  1222. data/lib/extensions/zlib/ext/uncompr.c +59 -0
  1223. data/lib/extensions/zlib/ext/zconf.h +506 -0
  1224. data/lib/extensions/zlib/ext/zlib.c +3762 -0
  1225. data/lib/extensions/zlib/ext/zlib.h +1744 -0
  1226. data/lib/extensions/zlib/ext/zlib.sln +36 -0
  1227. data/lib/extensions/zlib/ext/zlib.vcproj +746 -0
  1228. data/lib/extensions/zlib/ext/zlib.vsprops +16 -0
  1229. data/lib/extensions/zlib/ext/zutil.c +324 -0
  1230. data/lib/extensions/zlib/ext/zutil.h +252 -0
  1231. data/lib/extensions/zlib/zlib.rb +0 -0
  1232. data/lib/framework/rbconfig.rb +1 -1
  1233. data/lib/framework/rho/render.rb +31 -34
  1234. data/lib/framework/rho/rho.rb +89 -24
  1235. data/lib/framework/rho/rhocontroller.rb +8 -5
  1236. data/lib/framework/rho/rhofsconnector.rb +3 -0
  1237. data/lib/framework/rhodes.rb +9 -9
  1238. data/lib/framework/rhom/rhom.rb +15 -0
  1239. data/lib/framework/rhom/rhom_db_adapter.rb +18 -0
  1240. data/lib/framework/rhom/rhom_object_factory.rb +36 -26
  1241. data/lib/framework/rhomotoapi.rb +65 -1
  1242. data/lib/framework/rhosystem.rb +23 -19
  1243. data/lib/framework/version.rb +7 -7
  1244. data/lib/rhodes.rb +9 -9
  1245. data/platform/android/Rhodes/AndroidManifest.xml +117 -117
  1246. data/platform/android/Rhodes/AndroidManifest.xml.erb +77 -0
  1247. data/platform/android/Rhodes/PushReceiver.erb +14 -0
  1248. data/platform/android/Rhodes/jni/Android.mk +3 -1
  1249. data/platform/android/Rhodes/jni/include/rhodes/jni/com_rhomobile_rhodes_Logger.h +16 -0
  1250. data/platform/android/Rhodes/jni/include/rhodes/jni/com_rhomobile_rhodes_RhodesService.h +8 -0
  1251. data/platform/android/Rhodes/jni/src/fileapi.cpp +18 -0
  1252. data/platform/android/Rhodes/jni/src/logger.cpp +16 -0
  1253. data/platform/android/Rhodes/jni/src/rhodesapp.cpp +9 -2
  1254. data/platform/android/Rhodes/jni/src/signature.cpp +3 -28
  1255. data/platform/android/Rhodes/src/com/rhomobile/rhodes/BaseActivity.java +41 -37
  1256. data/platform/android/Rhodes/src/com/rhomobile/rhodes/Logger.java +5 -5
  1257. data/platform/android/Rhodes/src/com/rhomobile/rhodes/PushReceiver.java +6 -2
  1258. data/platform/android/Rhodes/src/com/rhomobile/rhodes/RhodesActivity.java +38 -15
  1259. data/platform/android/Rhodes/src/com/rhomobile/rhodes/RhodesApplication.java +49 -9
  1260. data/platform/android/Rhodes/src/com/rhomobile/rhodes/RhodesService.java +130 -10
  1261. data/platform/android/Rhodes/src/com/rhomobile/rhodes/bluetooth/RhoBluetoothManagerNew.java +13 -1
  1262. data/platform/android/Rhodes/src/com/rhomobile/rhodes/camera/Camera.java +8 -6
  1263. data/platform/android/Rhodes/src/com/rhomobile/rhodes/camera/CameraNewService.java +20 -0
  1264. data/platform/android/Rhodes/src/com/rhomobile/rhodes/camera/CameraOldService.java +5 -0
  1265. data/platform/android/Rhodes/src/com/rhomobile/rhodes/camera/CameraSemiService.java +14 -0
  1266. data/platform/android/Rhodes/src/com/rhomobile/rhodes/camera/CameraService.java +2 -0
  1267. data/platform/android/Rhodes/src/com/rhomobile/rhodes/camera/ImageCapture.java +16 -13
  1268. data/platform/android/Rhodes/src/com/rhomobile/rhodes/extmanager/AbstractRhoExtension.java +1 -1
  1269. data/platform/android/Rhodes/src/com/rhomobile/rhodes/extmanager/Config.java +3 -0
  1270. data/platform/android/Rhodes/src/com/rhomobile/rhodes/extmanager/IRhoExtManager.java +1 -1
  1271. data/platform/android/Rhodes/src/com/rhomobile/rhodes/extmanager/IRhoExtension.java +3 -1
  1272. data/platform/android/Rhodes/src/com/rhomobile/rhodes/extmanager/RhoExtManager.java +10 -0
  1273. data/platform/android/Rhodes/src/com/rhomobile/rhodes/extmanager/RhoExtManagerImpl.java +23 -35
  1274. data/platform/android/Rhodes/src/com/rhomobile/rhodes/file/RhoFileApi.java +10 -0
  1275. data/platform/android/Rhodes/src/com/rhomobile/rhodes/mainview/SplashScreen.java +60 -34
  1276. data/platform/android/Rhodes/src/com/rhomobile/rhodes/osfunctionality/AndroidFunctionality.java +14 -1
  1277. data/platform/android/Rhodes/src/com/rhomobile/rhodes/osfunctionality/AndroidFunctionality01.java +38 -3
  1278. data/platform/android/Rhodes/src/com/rhomobile/rhodes/osfunctionality/AndroidFunctionality08.java +26 -4
  1279. data/platform/android/Rhodes/src/com/rhomobile/rhodes/osfunctionality/AndroidFunctionality11.java +47 -0
  1280. data/platform/android/Rhodes/src/com/rhomobile/rhodes/osfunctionality/AndroidFunctionalityManager.java +4 -1
  1281. data/platform/android/Rhodes/src/com/rhomobile/rhodes/socket/RhoSocketImpl.java +9 -1
  1282. data/platform/android/Rhodes/src/com/rhomobile/rhodes/webview/GoogleWebView.java +10 -0
  1283. data/platform/android/Rhodes/src/com/rhomobile/rhodes/webview/IRhoWebView.java +2 -0
  1284. data/platform/android/Rhodes/src/com/rhomobile/rhodes/webview/RhoWebViewClient.java +10 -3
  1285. data/platform/android/build/RhodesSRC_build.files +1 -1
  1286. data/platform/android/build/android.rake +567 -556
  1287. data/platform/android/build/android_tools.rb +87 -0
  1288. data/platform/android/build/librhocommon_build.files +3 -0
  1289. data/platform/android/build/librhodb_build.files +2 -0
  1290. data/platform/android/build/manifest_generator.rb +96 -0
  1291. data/platform/bb/Hsqldb/src/org/hsqldb/Expression.java +2 -4
  1292. data/platform/bb/RubyVM/src/com/rho/RhoProfiler.java +11 -0
  1293. data/platform/bb/RubyVM/src/com/xruby/runtime/lang/RhoSupport.java +61 -48
  1294. data/platform/bb/build/rhodes_build.files +0 -1
  1295. data/platform/bb/rhodes/platform/4.7/com/rho/rubyext/SignatureCapture.java +314 -0
  1296. data/platform/bb/rhodes/platform/common/com/rho/rubyext/SignatureCapture.java +312 -0
  1297. data/platform/bb/rhodes/src/rhomobile/RhodesApplication.java +4 -1
  1298. data/platform/iphone/Classes/AppManager/AppManager.h +1 -0
  1299. data/platform/iphone/Classes/AppManager/AppManager.m +165 -123
  1300. data/platform/iphone/Classes/Event/Event.m +53 -14
  1301. data/platform/iphone/Classes/Rhodes.h +5 -4
  1302. data/platform/iphone/Classes/Rhodes.m +10 -8
  1303. data/platform/iphone/Classes/Signature/SignatureDelegate.m +2 -2
  1304. data/platform/iphone/Classes/SimpleMainView.m +55 -17
  1305. data/platform/iphone/Classes/SplashViewController.m +28 -1
  1306. data/platform/iphone/Info.plist +59 -54
  1307. data/platform/iphone/RhoLib/RhoLib.xcodeproj/project.pbxproj +43 -14
  1308. data/platform/iphone/curl/curl.xcodeproj/project.pbxproj +15 -18
  1309. data/platform/iphone/rbuild/iphone.rake +113 -4
  1310. data/platform/iphone/rhoextlib/rhoextlib.xcodeproj/project.pbxproj +15 -17
  1311. data/platform/iphone/rhorubylib/rhorubylib.xcodeproj/project.pbxproj +6 -14
  1312. data/platform/iphone/rhorunner.xcodeproj/project.pbxproj +20 -23
  1313. data/platform/iphone/rhosynclib/rhosynclib.xcodeproj/project.pbxproj +22 -14
  1314. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/Frameworks/QtCore.framework/Versions/4/QtCore +0 -0
  1315. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/Frameworks/QtGui.framework/Versions/4/QtGui +0 -0
  1316. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/Frameworks/QtNetwork.framework/Versions/4/QtNetwork +0 -0
  1317. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/Frameworks/QtWebKit.framework/Versions/4/QtWebKit +0 -0
  1318. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/Info.plist +1 -1
  1319. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/MacOS/RhoSimulator +0 -0
  1320. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/accessible/libqtaccessiblewidgets.dylib +0 -0
  1321. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/bearer/libqcorewlanbearer.dylib +0 -0
  1322. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/bearer/libqgenericbearer.dylib +0 -0
  1323. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/codecs/libqcncodecs.dylib +0 -0
  1324. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/codecs/libqjpcodecs.dylib +0 -0
  1325. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/codecs/libqkrcodecs.dylib +0 -0
  1326. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/codecs/libqtwcodecs.dylib +0 -0
  1327. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/graphicssystems/libqtracegraphicssystem.dylib +0 -0
  1328. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/imageformats/libqgif.dylib +0 -0
  1329. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/imageformats/libqico.dylib +0 -0
  1330. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/imageformats/libqjpeg.dylib +0 -0
  1331. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/imageformats/libqmng.dylib +0 -0
  1332. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/imageformats/libqtga.dylib +0 -0
  1333. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/imageformats/libqtiff.dylib +0 -0
  1334. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/qmltooling/libqmldbg_inspector.dylib +0 -0
  1335. data/platform/osx/bin/RhoSimulator/RhoSimulator.app/Contents/PlugIns/qmltooling/libqmldbg_tcp.dylib +0 -0
  1336. data/platform/osx/build/osx.rake +18 -9
  1337. data/platform/shared/RhoConnectClient/RhoConnectClient.cpp +12 -0
  1338. data/platform/shared/RhoConnectClient/RhoConnectClient.h +3 -0
  1339. data/platform/shared/common/Android.mk +1 -0
  1340. data/platform/shared/common/BundleManager.cpp +503 -47
  1341. data/platform/shared/common/ExtManager.h +4 -0
  1342. data/platform/shared/common/RhoSettingsDefs.h +3 -0
  1343. data/platform/shared/common/RhoStd.h +14 -1
  1344. data/platform/shared/common/RhodesApp.cpp +84 -137
  1345. data/platform/shared/common/RhodesApp.h +12 -7
  1346. data/platform/shared/common/RhodesAppBase.cpp +124 -2
  1347. data/platform/shared/common/RhodesAppBase.h +43 -2
  1348. data/platform/shared/common/ThreadQueue.cpp +1 -1
  1349. data/platform/shared/common/app_build_capabilities.h +0 -7
  1350. data/platform/shared/common/map/MapEngine.h +1 -0
  1351. data/platform/shared/common/push/IRhoPushClient.h +46 -0
  1352. data/platform/shared/common/push/RhoPushManager.cpp +146 -0
  1353. data/platform/shared/common/push/RhoPushManager.h +79 -0
  1354. data/platform/shared/curl/lib/curl_config.h +8 -0
  1355. data/platform/shared/curl/lib/netrc.c +2 -0
  1356. data/platform/shared/db/Android.mk +4 -1
  1357. data/platform/shared/db/DBAdapter.cpp +218 -12
  1358. data/platform/shared/db/DBAdapter.h +16 -1
  1359. data/platform/shared/db/DBAttrManager.cpp +18 -1
  1360. data/platform/shared/db/DBAttrManager.h +2 -1
  1361. data/platform/shared/db/DBImportTransaction.cpp +300 -0
  1362. data/platform/shared/db/DBImportTransaction.h +56 -0
  1363. data/platform/shared/db/DBRequestHelper.cpp +114 -0
  1364. data/platform/shared/db/DBRequestHelper.h +27 -0
  1365. data/platform/shared/logging/RhoLogConf.h +2 -0
  1366. data/platform/shared/net/AsyncHttp.cpp +4 -3
  1367. data/platform/shared/net/AsyncHttp.h +3 -2
  1368. data/platform/shared/net/CURLNetRequest.cpp +18 -5
  1369. data/platform/shared/net/HttpServer.cpp +18 -14
  1370. data/platform/shared/qt/rhodes/MainWindowCallback.h +0 -1
  1371. data/platform/shared/qt/rhodes/QtMainWindow.cpp +180 -36
  1372. data/platform/shared/qt/rhodes/QtMainWindow.h +13 -1
  1373. data/platform/shared/qt/rhodes/QtMainWindow.ui +22 -3
  1374. data/platform/shared/qt/rhodes/RhoSimulator.h +3 -0
  1375. data/platform/shared/qt/rhodes/impl/MainWindowImpl.cpp +22 -0
  1376. data/platform/shared/qt/rhodes/impl/MainWindowImpl.h +6 -0
  1377. data/platform/shared/qt/rhodes/impl/SystemImpl.cpp +15 -0
  1378. data/platform/shared/qt/rhodes/main.cpp +15 -1
  1379. data/platform/shared/qt/rholib/rholib.pro +8 -2
  1380. data/platform/shared/qt/syncengine/syncengine.pro +6 -2
  1381. data/platform/shared/ruby/ext/rho/extensions.c +2 -0
  1382. data/platform/shared/ruby/ext/rho/rhoruby.c +12 -0
  1383. data/platform/shared/ruby/ext/rho/rhoruby.h +2 -0
  1384. data/platform/shared/ruby/ext/rho/rhosupport.c +77 -38
  1385. data/platform/shared/ruby/ext/sqlite3_api/sqlite3_api_wrap.c +54 -2
  1386. data/platform/shared/ruby/ext/syncengine/syncengine.i +4 -0
  1387. data/platform/shared/ruby/ext/syncengine/syncengine_wrap.c +40 -1
  1388. data/platform/shared/ruby/ext/system/system.i +38 -4
  1389. data/platform/shared/ruby/ext/system/system_wrap.c +277 -9
  1390. data/platform/shared/ruby/iphone/ruby/config.h +28 -0
  1391. data/platform/shared/ruby/main.c +8 -0
  1392. data/platform/shared/ruby/wince/sys/timeb.c +4 -0
  1393. data/platform/shared/ruby/wince/sys/timeb.h +1 -0
  1394. data/platform/shared/rubyext/Android.mk +2 -1
  1395. data/platform/shared/rubyext/System.cpp +93 -3
  1396. data/platform/shared/rubyext/ZipFiles.cpp +65 -0
  1397. data/platform/shared/statistic/RhoProfiler.cpp +36 -6
  1398. data/platform/shared/statistic/RhoProfiler.h +3 -0
  1399. data/platform/shared/sync/ClientRegister.cpp +21 -5
  1400. data/platform/shared/sync/ClientRegister.h +4 -2
  1401. data/platform/shared/sync/ISyncProtocol.h +5 -2
  1402. data/platform/shared/sync/SyncEngine.cpp +85 -15
  1403. data/platform/shared/sync/SyncEngine.h +5 -0
  1404. data/platform/shared/sync/SyncNotify.cpp +3 -0
  1405. data/platform/shared/sync/SyncProtocol_3.h +14 -2
  1406. data/platform/shared/sync/SyncSource.cpp +238 -40
  1407. data/platform/shared/sync/SyncSource.h +2 -0
  1408. data/platform/shared/sync/SyncThread.cpp +7 -0
  1409. data/platform/shared/sync/SyncThread.h +1 -0
  1410. data/platform/shared/tcmalloc/rhomem.h +1 -1
  1411. data/platform/shared/tcmalloc/windows/port.cpp +1 -1
  1412. data/platform/shared/unzip/Android.mk +1 -1
  1413. data/platform/shared/unzip/zip.cpp +2953 -0
  1414. data/platform/shared/unzip/zip.h +255 -0
  1415. data/platform/win32/RhoSimulator/QtCore4.dll +0 -0
  1416. data/platform/win32/RhoSimulator/QtGui4.dll +0 -0
  1417. data/platform/win32/RhoSimulator/QtNetwork4.dll +0 -0
  1418. data/platform/win32/RhoSimulator/QtWebKit4.dll +0 -0
  1419. data/platform/win32/RhoSimulator/RhoSimulator.exe +0 -0
  1420. data/platform/win32/RhoSimulator/imageformats/qgif4.dll +0 -0
  1421. data/platform/win32/RhoSimulator/imageformats/qico4.dll +0 -0
  1422. data/platform/win32/RhoSimulator/imageformats/qjpeg4.dll +0 -0
  1423. data/platform/win32/RhoSimulator/imageformats/qmng4.dll +0 -0
  1424. data/platform/win32/RhoSimulator/imageformats/qsvg4.dll +0 -0
  1425. data/platform/win32/RhoSimulator/imageformats/qtiff4.dll +0 -0
  1426. data/platform/win32/RhoSimulator/phonon4.dll +0 -0
  1427. data/platform/win32/RubyWin/RubyWin.sln +2 -2
  1428. data/platform/win32/RubyWin/RubyWin.vcproj +6 -7
  1429. data/platform/wm/RhoLib/RhoLib.vcproj +33 -3
  1430. data/platform/wm/build/rhodes.nsi +64 -230
  1431. data/platform/wm/build/wm.rake +306 -93
  1432. data/platform/wm/rhodes.sln +70 -21
  1433. data/platform/wm/rhodes/DateTimePicker.h +1 -1
  1434. data/platform/wm/rhodes/IEBrowserEngine.cpp +4 -1
  1435. data/platform/wm/rhodes/MainWindow.cpp +8 -7
  1436. data/platform/wm/rhodes/MainWindow.h +1 -1
  1437. data/platform/wm/rhodes/RhoNativeViewManager.cpp +2 -2
  1438. data/platform/wm/rhodes/Rhodes.cpp +80 -30
  1439. data/platform/wm/rhodes/camera/Camera.cpp +44 -65
  1440. data/platform/wm/rhodes/camera/Camera.h +6 -0
  1441. data/platform/wm/rhodes/rho/common/ExtManager.cpp +29 -6
  1442. data/platform/wm/rhodes/rho/common/RhoClassFactory.cpp +6 -1
  1443. data/platform/wm/rhodes/rho/net/NetRequestImpl.cpp +3 -0
  1444. data/platform/wm/rhodes/rho/net/NetRequestImpl.h +1 -1
  1445. data/platform/wm/rhodes/rho/rubyext/NativeToolbarExt.cpp +5 -5
  1446. data/platform/wm/rhodes/rho/rubyext/SystemImpl.cpp +188 -29
  1447. data/platform/wm/rhodes/rho/rubyext/WebView.cpp +3 -3
  1448. data/platform/wm/rhodes/rhodes.vcproj +2284 -148
  1449. data/platform/wm/rhodes/simulator/MainWindowQt.cpp +48 -10
  1450. data/platform/wm/rhodes/simulator/MainWindowQt.h +6 -2
  1451. data/platform/wm/rhoelements.sln +122 -0
  1452. data/platform/wm/rubylib/rubylib.vcproj +4 -2
  1453. data/platform/wm/sqlite3/sqlite3.vcproj +4 -2
  1454. data/platform/wm/syncengine/syncengine.vcproj +20 -2
  1455. data/platform/wm/tcmalloc/tcmalloc.vcproj +160 -0
  1456. data/platform/wp7/RhoRubyLib/rubyext/RhoSyncEngine.cs +4 -0
  1457. data/platform/wp7/RhoRubyLib/rubyext/RhoSystem.cs +4 -0
  1458. data/rakefile.rb +173 -17
  1459. data/res/build-tools/license_rc.dll +0 -0
  1460. data/res/build-tools/win32/license_rc.dll +0 -0
  1461. data/res/generators/templates/application/app/layout.erb +7 -3
  1462. data/res/generators/templates/application/public/css/re_webkit.css +1 -1
  1463. data/res/generators/templates/application/public/css/re_webkit_flat.css +753 -0
  1464. data/res/generators/templates/extension/extensions/montana/ext/montana/platform/iphone/Montana.xcodeproj/project.pbxproj +4 -10
  1465. data/spec/framework_spec/app/spec/core/file/new_spec.rb +2 -2
  1466. data/spec/framework_spec/app/spec/core/file/open_spec.rb +6 -6
  1467. data/spec/framework_spec/app/spec/core/file/shared/open.rb +1 -1
  1468. data/spec/framework_spec/app/spec/core/file/shared/stat.rb +2 -2
  1469. data/spec/framework_spec/app/spec/core/file/stat/blksize_spec.rb +1 -1
  1470. data/spec/framework_spec/app/spec/core/file/stat/blocks_spec.rb +1 -1
  1471. data/spec/framework_spec/app/spec/core/file/stat/comparison_spec.rb +1 -1
  1472. data/spec/framework_spec/app/spec/core/file/stat/ino_spec.rb +1 -1
  1473. data/spec/framework_spec/app/spec/core/file/stat/inspect_spec.rb +1 -1
  1474. data/spec/framework_spec/app/spec/core/file/stat/mode_spec.rb +1 -1
  1475. data/spec/framework_spec/app/spec/core/file/stat/nlink_spec.rb +1 -1
  1476. data/spec/framework_spec/app/spec/core/file/stat_spec.rb +1 -1
  1477. data/spec/framework_spec/app/spec/core/file/sticky_spec.rb +2 -2
  1478. data/spec/framework_spec/app/spec/core/io/close_read_spec.rb +1 -1
  1479. data/spec/framework_spec/app/spec/core/io/close_write_spec.rb +1 -1
  1480. data/spec/framework_spec/app/spec/core/io/foreach_spec.rb +8 -8
  1481. data/spec/framework_spec/app/spec/core/io/getc_spec.rb +1 -1
  1482. data/spec/framework_spec/app/spec/core/io/gets_spec.rb +1 -1
  1483. data/spec/framework_spec/app/spec/core/io/stat_spec.rb +1 -1
  1484. data/spec/framework_spec/app/spec/core/kernel/respond_to_spec.rb +1 -1
  1485. data/spec/framework_spec/app/spec/core/time/shared/gmt_offset.rb +1 -1
  1486. data/spec/framework_spec/app/spec/library/digest/hmac_spec.rb +91 -0
  1487. data/spec/framework_spec/app/spec/library/digest/md5/file_spec.rb +1 -1
  1488. data/spec/framework_spec/app/spec/library/digest/sha256/append_spec.rb +7 -0
  1489. data/spec/framework_spec/app/spec/library/digest/sha256/block_length_spec.rb +12 -0
  1490. data/spec/framework_spec/app/spec/library/digest/sha256/digest_bang_spec.rb +13 -0
  1491. data/spec/framework_spec/app/spec/library/digest/sha256/digest_length_spec.rb +12 -0
  1492. data/spec/framework_spec/app/spec/library/digest/sha256/digest_spec.rb +32 -0
  1493. data/spec/framework_spec/app/spec/library/digest/sha256/equal_spec.rb +37 -0
  1494. data/spec/framework_spec/app/spec/library/digest/sha256/file_spec.rb +47 -0
  1495. data/spec/framework_spec/app/spec/library/digest/sha256/hexdigest_bang_spec.rb +14 -0
  1496. data/spec/framework_spec/app/spec/library/digest/sha256/hexdigest_spec.rb +32 -0
  1497. data/spec/framework_spec/app/spec/library/digest/sha256/inspect_spec.rb +12 -0
  1498. data/spec/framework_spec/app/spec/library/digest/sha256/length_spec.rb +8 -0
  1499. data/spec/framework_spec/app/spec/library/digest/sha256/reset_spec.rb +15 -0
  1500. data/spec/framework_spec/app/spec/library/digest/sha256/shared/constants.rb +15 -0
  1501. data/spec/framework_spec/app/spec/library/digest/sha256/shared/length.rb +8 -0
  1502. data/spec/framework_spec/app/spec/library/digest/sha256/shared/update.rb +7 -0
  1503. data/spec/framework_spec/app/spec/library/digest/sha256/size_spec.rb +8 -0
  1504. data/spec/framework_spec/app/spec/library/digest/sha256/to_s_spec.rb +21 -0
  1505. data/spec/framework_spec/app/spec/library/digest/sha256/update_spec.rb +7 -0
  1506. data/spec/framework_spec/app/spec/library/digest/sha384/append_spec.rb +7 -0
  1507. data/spec/framework_spec/app/spec/library/digest/sha384/block_length_spec.rb +12 -0
  1508. data/spec/framework_spec/app/spec/library/digest/sha384/digest_bang_spec.rb +13 -0
  1509. data/spec/framework_spec/app/spec/library/digest/sha384/digest_length_spec.rb +12 -0
  1510. data/spec/framework_spec/app/spec/library/digest/sha384/digest_spec.rb +32 -0
  1511. data/spec/framework_spec/app/spec/library/digest/sha384/equal_spec.rb +37 -0
  1512. data/spec/framework_spec/app/spec/library/digest/sha384/file_spec.rb +47 -0
  1513. data/spec/framework_spec/app/spec/library/digest/sha384/hexdigest_bang_spec.rb +14 -0
  1514. data/spec/framework_spec/app/spec/library/digest/sha384/hexdigest_spec.rb +32 -0
  1515. data/spec/framework_spec/app/spec/library/digest/sha384/inspect_spec.rb +12 -0
  1516. data/spec/framework_spec/app/spec/library/digest/sha384/length_spec.rb +8 -0
  1517. data/spec/framework_spec/app/spec/library/digest/sha384/reset_spec.rb +15 -0
  1518. data/spec/framework_spec/app/spec/library/digest/sha384/shared/constants.rb +16 -0
  1519. data/spec/framework_spec/app/spec/library/digest/sha384/shared/length.rb +8 -0
  1520. data/spec/framework_spec/app/spec/library/digest/sha384/shared/update.rb +7 -0
  1521. data/spec/framework_spec/app/spec/library/digest/sha384/size_spec.rb +8 -0
  1522. data/spec/framework_spec/app/spec/library/digest/sha384/to_s_spec.rb +21 -0
  1523. data/spec/framework_spec/app/spec/library/digest/sha384/update_spec.rb +7 -0
  1524. data/spec/framework_spec/app/spec/library/digest/sha512/append_spec.rb +7 -0
  1525. data/spec/framework_spec/app/spec/library/digest/sha512/block_length_spec.rb +12 -0
  1526. data/spec/framework_spec/app/spec/library/digest/sha512/digest_bang_spec.rb +13 -0
  1527. data/spec/framework_spec/app/spec/library/digest/sha512/digest_length_spec.rb +12 -0
  1528. data/spec/framework_spec/app/spec/library/digest/sha512/digest_spec.rb +32 -0
  1529. data/spec/framework_spec/app/spec/library/digest/sha512/equal_spec.rb +37 -0
  1530. data/spec/framework_spec/app/spec/library/digest/sha512/file_spec.rb +47 -0
  1531. data/spec/framework_spec/app/spec/library/digest/sha512/hexdigest_bang_spec.rb +14 -0
  1532. data/spec/framework_spec/app/spec/library/digest/sha512/hexdigest_spec.rb +32 -0
  1533. data/spec/framework_spec/app/spec/library/digest/sha512/inspect_spec.rb +12 -0
  1534. data/spec/framework_spec/app/spec/library/digest/sha512/length_spec.rb +8 -0
  1535. data/spec/framework_spec/app/spec/library/digest/sha512/reset_spec.rb +15 -0
  1536. data/spec/framework_spec/app/spec/library/digest/sha512/shared/constants.rb +15 -0
  1537. data/spec/framework_spec/app/spec/library/digest/sha512/shared/length.rb +8 -0
  1538. data/spec/framework_spec/app/spec/library/digest/sha512/shared/update.rb +7 -0
  1539. data/spec/framework_spec/app/spec/library/digest/sha512/size_spec.rb +8 -0
  1540. data/spec/framework_spec/app/spec/library/digest/sha512/to_s_spec.rb +21 -0
  1541. data/spec/framework_spec/app/spec/library/digest/sha512/update_spec.rb +7 -0
  1542. data/spec/framework_spec/app/spec/library/ezcrypto/ezcrypto_spec.rb +13 -0
  1543. data/spec/framework_spec/app/spec/library/net/ftp/nlst_spec.rb +1 -1
  1544. data/spec/framework_spec/app/spec/library/net/ftp/retrbinary_spec.rb +1 -1
  1545. data/spec/framework_spec/app/spec/library/net/ftp/retrlines_spec.rb +1 -1
  1546. data/spec/framework_spec/app/spec/library/net/ftp/shared/getbinaryfile.rb +1 -1
  1547. data/spec/framework_spec/app/spec/library/net/ftp/shared/gettextfile.rb +1 -1
  1548. data/spec/framework_spec/app/spec/library/net/ftp/shared/list.rb +1 -1
  1549. data/spec/framework_spec/app/spec/library/net/ftp/shared/putbinaryfile.rb +1 -1
  1550. data/spec/framework_spec/app/spec/library/net/ftp/shared/puttextfile.rb +1 -1
  1551. data/spec/framework_spec/app/spec/library/net/ftp/storbinary_spec.rb +1 -1
  1552. data/spec/framework_spec/app/spec/library/net/ftp/storlines_spec.rb +1 -1
  1553. data/spec/framework_spec/app/spec/library/openssl/cipher_spec.rb +19 -0
  1554. data/spec/framework_spec/app/spec/library/openssl/config/freeze_spec.rb +21 -0
  1555. data/spec/framework_spec/app/spec/library/openssl/hmac/digest_spec.rb +18 -0
  1556. data/spec/framework_spec/app/spec/library/openssl/hmac/hexdigest_spec.rb +18 -0
  1557. data/spec/framework_spec/app/spec/library/openssl/random/pseudo_bytes_spec.rb +7 -0
  1558. data/spec/framework_spec/app/spec/library/openssl/random/random_bytes_spec.rb +7 -0
  1559. data/spec/framework_spec/app/spec/library/openssl/random/shared/random_bytes.rb +29 -0
  1560. data/spec/framework_spec/app/spec/library/openssl/shared/constants.rb +10 -0
  1561. data/spec/framework_spec/app/spec/library/zlib/adler32_spec.rb +46 -0
  1562. data/spec/framework_spec/app/spec/library/zlib/crc32_spec.rb +52 -0
  1563. data/spec/framework_spec/app/spec/library/zlib/crc_table_spec.rb +11 -0
  1564. data/spec/framework_spec/app/spec/library/zlib/deflate/append_spec.rb +1 -0
  1565. data/spec/framework_spec/app/spec/library/zlib/deflate/deflate_spec.rb +49 -0
  1566. data/spec/framework_spec/app/spec/library/zlib/deflate/flush_spec.rb +1 -0
  1567. data/spec/framework_spec/app/spec/library/zlib/deflate/initialize_copy_spec.rb +1 -0
  1568. data/spec/framework_spec/app/spec/library/zlib/deflate/new_spec.rb +1 -0
  1569. data/spec/framework_spec/app/spec/library/zlib/deflate/params_spec.rb +20 -0
  1570. data/spec/framework_spec/app/spec/library/zlib/deflate/set_dictionary_spec.rb +14 -0
  1571. data/spec/framework_spec/app/spec/library/zlib/gzipfile/close_spec.rb +23 -0
  1572. data/spec/framework_spec/app/spec/library/zlib/gzipfile/closed_spec.rb +17 -0
  1573. data/spec/framework_spec/app/spec/library/zlib/gzipfile/comment_spec.rb +27 -0
  1574. data/spec/framework_spec/app/spec/library/zlib/gzipfile/crc_spec.rb +1 -0
  1575. data/spec/framework_spec/app/spec/library/zlib/gzipfile/finish_spec.rb +1 -0
  1576. data/spec/framework_spec/app/spec/library/zlib/gzipfile/level_spec.rb +1 -0
  1577. data/spec/framework_spec/app/spec/library/zlib/gzipfile/mtime_spec.rb +1 -0
  1578. data/spec/framework_spec/app/spec/library/zlib/gzipfile/orig_name_spec.rb +27 -0
  1579. data/spec/framework_spec/app/spec/library/zlib/gzipfile/os_code_spec.rb +1 -0
  1580. data/spec/framework_spec/app/spec/library/zlib/gzipfile/sync_spec.rb +1 -0
  1581. data/spec/framework_spec/app/spec/library/zlib/gzipfile/to_io_spec.rb +1 -0
  1582. data/spec/framework_spec/app/spec/library/zlib/gzipfile/wrap_spec.rb +1 -0
  1583. data/spec/framework_spec/app/spec/library/zlib/gzipreader/each_byte_spec.rb +33 -0
  1584. data/spec/framework_spec/app/spec/library/zlib/gzipreader/each_line_spec.rb +1 -0
  1585. data/spec/framework_spec/app/spec/library/zlib/gzipreader/each_spec.rb +1 -0
  1586. data/spec/framework_spec/app/spec/library/zlib/gzipreader/eof_spec.rb +55 -0
  1587. data/spec/framework_spec/app/spec/library/zlib/gzipreader/getc_spec.rb +55 -0
  1588. data/spec/framework_spec/app/spec/library/zlib/gzipreader/gets_spec.rb +1 -0
  1589. data/spec/framework_spec/app/spec/library/zlib/gzipreader/lineno_spec.rb +1 -0
  1590. data/spec/framework_spec/app/spec/library/zlib/gzipreader/new_spec.rb +1 -0
  1591. data/spec/framework_spec/app/spec/library/zlib/gzipreader/open_spec.rb +1 -0
  1592. data/spec/framework_spec/app/spec/library/zlib/gzipreader/pos_spec.rb +26 -0
  1593. data/spec/framework_spec/app/spec/library/zlib/gzipreader/read_spec.rb +58 -0
  1594. data/spec/framework_spec/app/spec/library/zlib/gzipreader/readchar_spec.rb +1 -0
  1595. data/spec/framework_spec/app/spec/library/zlib/gzipreader/readline_spec.rb +1 -0
  1596. data/spec/framework_spec/app/spec/library/zlib/gzipreader/readlines_spec.rb +1 -0
  1597. data/spec/framework_spec/app/spec/library/zlib/gzipreader/rewind_spec.rb +47 -0
  1598. data/spec/framework_spec/app/spec/library/zlib/gzipreader/tell_spec.rb +1 -0
  1599. data/spec/framework_spec/app/spec/library/zlib/gzipreader/ungetc_spec.rb +1 -0
  1600. data/spec/framework_spec/app/spec/library/zlib/gzipreader/unused_spec.rb +1 -0
  1601. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/append_spec.rb +1 -0
  1602. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/comment_spec.rb +1 -0
  1603. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/flush_spec.rb +1 -0
  1604. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/mtime_spec.rb +41 -0
  1605. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/new_spec.rb +1 -0
  1606. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/open_spec.rb +1 -0
  1607. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/orig_name_spec.rb +1 -0
  1608. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/pos_spec.rb +1 -0
  1609. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/print_spec.rb +1 -0
  1610. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/printf_spec.rb +1 -0
  1611. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/putc_spec.rb +1 -0
  1612. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/puts_spec.rb +1 -0
  1613. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/tell_spec.rb +1 -0
  1614. data/spec/framework_spec/app/spec/library/zlib/gzipwriter/write_spec.rb +24 -0
  1615. data/spec/framework_spec/app/spec/library/zlib/inflate/append_spec.rb +60 -0
  1616. data/spec/framework_spec/app/spec/library/zlib/inflate/inflate_spec.rb +109 -0
  1617. data/spec/framework_spec/app/spec/library/zlib/inflate/new_spec.rb +1 -0
  1618. data/spec/framework_spec/app/spec/library/zlib/inflate/set_dictionary_spec.rb +20 -0
  1619. data/spec/framework_spec/app/spec/library/zlib/inflate/sync_point_spec.rb +1 -0
  1620. data/spec/framework_spec/app/spec/library/zlib/inflate/sync_spec.rb +1 -0
  1621. data/spec/framework_spec/app/spec/library/zlib/zlib_version_spec.rb +1 -0
  1622. data/spec/framework_spec/app/spec/library/zlib/zstream/adler_spec.rb +1 -0
  1623. data/spec/framework_spec/app/spec/library/zlib/zstream/avail_in_spec.rb +1 -0
  1624. data/spec/framework_spec/app/spec/library/zlib/zstream/avail_out_spec.rb +1 -0
  1625. data/spec/framework_spec/app/spec/library/zlib/zstream/close_spec.rb +1 -0
  1626. data/spec/framework_spec/app/spec/library/zlib/zstream/closed_spec.rb +1 -0
  1627. data/spec/framework_spec/app/spec/library/zlib/zstream/data_type_spec.rb +1 -0
  1628. data/spec/framework_spec/app/spec/library/zlib/zstream/end_spec.rb +1 -0
  1629. data/spec/framework_spec/app/spec/library/zlib/zstream/ended_spec.rb +1 -0
  1630. data/spec/framework_spec/app/spec/library/zlib/zstream/finish_spec.rb +1 -0
  1631. data/spec/framework_spec/app/spec/library/zlib/zstream/finished_spec.rb +1 -0
  1632. data/spec/framework_spec/app/spec/library/zlib/zstream/flush_next_in_spec.rb +1 -0
  1633. data/spec/framework_spec/app/spec/library/zlib/zstream/flush_next_out_spec.rb +16 -0
  1634. data/spec/framework_spec/app/spec/library/zlib/zstream/reset_spec.rb +1 -0
  1635. data/spec/framework_spec/app/spec/library/zlib/zstream/stream_end_spec.rb +1 -0
  1636. data/spec/framework_spec/app/spec/library/zlib/zstream/total_in_spec.rb +1 -0
  1637. data/spec/framework_spec/app/spec/library/zlib/zstream/total_out_spec.rb +1 -0
  1638. data/spec/framework_spec/app/spec/shared/file/executable_real.rb +1 -1
  1639. data/spec/framework_spec/app/spec/shared/file/file.rb +1 -1
  1640. data/spec/framework_spec/app/spec_runner.rb +6 -5
  1641. data/spec/framework_spec/build.yml +4 -1
  1642. data/spec/phone_spec/app/BlobBulkTest/blob_bulk_test.png +0 -0
  1643. data/spec/phone_spec/app/BlobBulkTest/blob_bulk_test.rb +11 -0
  1644. data/spec/phone_spec/app/BlobBulkTest_s/blob_bulk_test_s.png +0 -0
  1645. data/spec/phone_spec/app/BlobBulkTest_s/blob_bulk_test_s.rb +11 -0
  1646. data/spec/phone_spec/app/Data/invalid_import_db.zip +0 -0
  1647. data/spec/phone_spec/app/Data/valid_import_db.zip +0 -0
  1648. data/spec/phone_spec/app/spec/asynchttp_spec.rb +1 -1
  1649. data/spec/phone_spec/app/spec/blob_bulksync_spec.rb +160 -0
  1650. data/spec/phone_spec/app/spec/bulksync_spec.rb +51 -1
  1651. data/spec/phone_spec/app/spec/bundle_update_spec.rb +85 -0
  1652. data/spec/phone_spec/app/spec/database_spec.rb +174 -0
  1653. data/spec/phone_spec/app/spec/events_spec.rb +4 -4
  1654. data/spec/phone_spec/app/spec/json_spec.rb +1 -1
  1655. data/spec/phone_spec/app/spec/rho_spec.rb +88 -12
  1656. data/spec/phone_spec/app/spec/rhofile_spec.rb +1 -1
  1657. data/spec/phone_spec/app/spec/rhom_object_spec.rb +8 -5
  1658. data/spec/phone_spec/app/spec/syncengine_spec.rb +281 -18
  1659. data/spec/phone_spec/app/spec/uri_spec.rb +5 -5
  1660. data/spec/phone_spec/app/spec_runner.rb +16 -9
  1661. data/spec/phone_spec/build.yml +2 -1
  1662. data/spec/phone_spec/public/file_for_replace.txt +1 -0
  1663. data/spec/phone_spec/public/file_to_remove.png +0 -0
  1664. data/spec/phone_spec/public/folder_to_remove.png +0 -0
  1665. data/spec/phone_spec/public/folder_to_remove/switch.png +0 -0
  1666. data/spec/phone_spec/public/partial_update_bundle/upgrade_bundle_partial.zip +0 -0
  1667. data/spec/phone_spec/upgrade_package_add_files.txt +2 -0
  1668. data/spec/phone_spec/upgrade_package_remove_files.txt +2 -0
  1669. data/version +1 -1
  1670. metadata +1384 -12
  1671. data/Manifest.txt +0 -8054
  1672. data/doc/alert-api.txt +0 -51
  1673. data/doc/files.txt +0 -4
  1674. data/doc/rhodes-api.txt +0 -147
  1675. data/doc/scanner.txt +0 -507
  1676. data/doc/timer-api.txt +0 -39
  1677. data/doc/tutorial.txt +0 -130
  1678. data/platform/android/Rhodes/src/com/rhomobile/rhodes/extmanager/WebkitExtension.java +0 -53
data/lib/extensions/openssl.so/ext/sources/ssl/s3_srvr.c ADDED
@@ -0,0 +1,3586 @@
1
+ /* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
2
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
+ * All rights reserved.
4
+ *
5
+ * This package is an SSL implementation written
6
+ * by Eric Young (eay@cryptsoft.com).
7
+ * The implementation was written so as to conform with Netscapes SSL.
8
+ *
9
+ * This library is free for commercial and non-commercial use as long as
10
+ * the following conditions are aheared to. The following conditions
11
+ * apply to all code found in this distribution, be it the RC4, RSA,
12
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13
+ * included with this distribution is covered by the same copyright terms
14
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
+ *
16
+ * Copyright remains Eric Young's, and as such any Copyright notices in
17
+ * the code are not to be removed.
18
+ * If this package is used in a product, Eric Young should be given attribution
19
+ * as the author of the parts of the library used.
20
+ * This can be in the form of a textual message at program startup or
21
+ * in documentation (online or textual) provided with the package.
22
+ *
23
+ * Redistribution and use in source and binary forms, with or without
24
+ * modification, are permitted provided that the following conditions
25
+ * are met:
26
+ * 1. Redistributions of source code must retain the copyright
27
+ * notice, this list of conditions and the following disclaimer.
28
+ * 2. Redistributions in binary form must reproduce the above copyright
29
+ * notice, this list of conditions and the following disclaimer in the
30
+ * documentation and/or other materials provided with the distribution.
31
+ * 3. All advertising materials mentioning features or use of this software
32
+ * must display the following acknowledgement:
33
+ * "This product includes cryptographic software written by
34
+ * Eric Young (eay@cryptsoft.com)"
35
+ * The word 'cryptographic' can be left out if the rouines from the library
36
+ * being used are not cryptographic related :-).
37
+ * 4. If you include any Windows specific code (or a derivative thereof) from
38
+ * the apps directory (application code) you must include an acknowledgement:
39
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
+ *
41
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
+ * SUCH DAMAGE.
52
+ *
53
+ * The licence and distribution terms for any publically available version or
54
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
55
+ * copied and put under another distribution licence
56
+ * [including the GNU Public Licence.]
57
+ */
58
+ /* ====================================================================
59
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60
+ *
61
+ * Redistribution and use in source and binary forms, with or without
62
+ * modification, are permitted provided that the following conditions
63
+ * are met:
64
+ *
65
+ * 1. Redistributions of source code must retain the above copyright
66
+ * notice, this list of conditions and the following disclaimer.
67
+ *
68
+ * 2. Redistributions in binary form must reproduce the above copyright
69
+ * notice, this list of conditions and the following disclaimer in
70
+ * the documentation and/or other materials provided with the
71
+ * distribution.
72
+ *
73
+ * 3. All advertising materials mentioning features or use of this
74
+ * software must display the following acknowledgment:
75
+ * "This product includes software developed by the OpenSSL Project
76
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77
+ *
78
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
+ * endorse or promote products derived from this software without
80
+ * prior written permission. For written permission, please contact
81
+ * openssl-core@openssl.org.
82
+ *
83
+ * 5. Products derived from this software may not be called "OpenSSL"
84
+ * nor may "OpenSSL" appear in their names without prior written
85
+ * permission of the OpenSSL Project.
86
+ *
87
+ * 6. Redistributions of any form whatsoever must retain the following
88
+ * acknowledgment:
89
+ * "This product includes software developed by the OpenSSL Project
90
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91
+ *
92
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
104
+ * ====================================================================
105
+ *
106
+ * This product includes cryptographic software written by Eric Young
107
+ * (eay@cryptsoft.com). This product includes software written by Tim
108
+ * Hudson (tjh@cryptsoft.com).
109
+ *
110
+ */
111
+ /* ====================================================================
112
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113
+ *
114
+ * Portions of the attached software ("Contribution") are developed by
115
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116
+ *
117
+ * The Contribution is licensed pursuant to the OpenSSL open source
118
+ * license provided above.
119
+ *
120
+ * ECC cipher suite support in OpenSSL originally written by
121
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122
+ *
123
+ */
124
+ /* ====================================================================
125
+ * Copyright 2005 Nokia. All rights reserved.
126
+ *
127
+ * The portions of the attached software ("Contribution") is developed by
128
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129
+ * license.
130
+ *
131
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133
+ * support (see RFC 4279) to OpenSSL.
134
+ *
135
+ * No patent licenses or other rights except those expressly stated in
136
+ * the OpenSSL open source license shall be deemed granted or received
137
+ * expressly, by implication, estoppel, or otherwise.
138
+ *
139
+ * No assurances are provided by Nokia that the Contribution does not
140
+ * infringe the patent or other intellectual property rights of any third
141
+ * party or that the license provides you with all the necessary rights
142
+ * to make use of the Contribution.
143
+ *
144
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148
+ * OTHERWISE.
149
+ */
150
+
151
+ #define REUSE_CIPHER_BUG
152
+ #define NETSCAPE_HANG_BUG
153
+
154
+ #include <stdio.h>
155
+ #include "ssl_locl.h"
156
+ #include "kssl_lcl.h"
157
+ #include <openssl/buffer.h>
158
+ #include <openssl/rand.h>
159
+ #include <openssl/objects.h>
160
+ #include <openssl/evp.h>
161
+ #include <openssl/hmac.h>
162
+ #include <openssl/x509.h>
163
+ #ifndef OPENSSL_NO_DH
164
+ #include <openssl/dh.h>
165
+ #endif
166
+ #include <openssl/bn.h>
167
+ #ifndef OPENSSL_NO_KRB5
168
+ #include <openssl/krb5_asn.h>
169
+ #endif
170
+ #include <openssl/md5.h>
171
+
172
+ static const SSL_METHOD *ssl3_get_server_method(int ver);
173
+
174
+ static const SSL_METHOD *ssl3_get_server_method(int ver)
175
+ {
176
+ if (ver == SSL3_VERSION)
177
+ return(SSLv3_server_method());
178
+ else
179
+ return(NULL);
180
+ }
181
+
182
+ #ifndef OPENSSL_NO_SRP
183
+ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
184
+ {
185
+ int ret = SSL_ERROR_NONE;
186
+
187
+ *al = SSL_AD_UNRECOGNIZED_NAME;
188
+
189
+ if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
190
+ (s->srp_ctx.TLS_ext_srp_username_callback != NULL))
191
+ {
192
+ if(s->srp_ctx.login == NULL)
193
+ {
194
+ /* There isn't any srp login extension !!! */
195
+ ret = SSL3_AL_FATAL;
196
+ *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
197
+ }
198
+ else
199
+ {
200
+ ret = SSL_srp_server_param_with_username(s,al);
201
+ }
202
+ }
203
+ return ret;
204
+ }
205
+ #endif
206
+
207
+ IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
208
+ ssl3_accept,
209
+ ssl_undefined_function,
210
+ ssl3_get_server_method)
211
+
212
+ int ssl3_accept(SSL *s)
213
+ {
214
+ BUF_MEM *buf;
215
+ unsigned long alg_k,Time=(unsigned long)time(NULL);
216
+ void (*cb)(const SSL *ssl,int type,int val)=NULL;
217
+ int ret= -1;
218
+ int new_state,state,skip=0;
219
+
220
+ RAND_add(&Time,sizeof(Time),0);
221
+ ERR_clear_error();
222
+ clear_sys_error();
223
+
224
+ if (s->info_callback != NULL)
225
+ cb=s->info_callback;
226
+ else if (s->ctx->info_callback != NULL)
227
+ cb=s->ctx->info_callback;
228
+
229
+ /* init things to blank */
230
+ s->in_handshake++;
231
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
232
+
233
+ if (s->cert == NULL)
234
+ {
235
+ SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
236
+ return(-1);
237
+ }
238
+
239
+ #ifndef OPENSSL_NO_HEARTBEATS
240
+ /* If we're awaiting a HeartbeatResponse, pretend we
241
+ * already got and don't await it anymore, because
242
+ * Heartbeats don't make sense during handshakes anyway.
243
+ */
244
+ if (s->tlsext_hb_pending)
245
+ {
246
+ s->tlsext_hb_pending = 0;
247
+ s->tlsext_hb_seq++;
248
+ }
249
+ #endif
250
+
251
+ for (;;)
252
+ {
253
+ state=s->state;
254
+
255
+ switch (s->state)
256
+ {
257
+ case SSL_ST_RENEGOTIATE:
258
+ s->renegotiate=1;
259
+ /* s->state=SSL_ST_ACCEPT; */
260
+
261
+ case SSL_ST_BEFORE:
262
+ case SSL_ST_ACCEPT:
263
+ case SSL_ST_BEFORE|SSL_ST_ACCEPT:
264
+ case SSL_ST_OK|SSL_ST_ACCEPT:
265
+
266
+ s->server=1;
267
+ if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
268
+
269
+ if ((s->version>>8) != 3)
270
+ {
271
+ SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
272
+ return -1;
273
+ }
274
+ s->type=SSL_ST_ACCEPT;
275
+
276
+ if (s->init_buf == NULL)
277
+ {
278
+ if ((buf=BUF_MEM_new()) == NULL)
279
+ {
280
+ ret= -1;
281
+ goto end;
282
+ }
283
+ if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
284
+ {
285
+ ret= -1;
286
+ goto end;
287
+ }
288
+ s->init_buf=buf;
289
+ }
290
+
291
+ if (!ssl3_setup_buffers(s))
292
+ {
293
+ ret= -1;
294
+ goto end;
295
+ }
296
+
297
+ s->init_num=0;
298
+ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
299
+
300
+ if (s->state != SSL_ST_RENEGOTIATE)
301
+ {
302
+ /* Ok, we now need to push on a buffering BIO so that
303
+ * the output is sent in a way that TCP likes :-)
304
+ */
305
+ if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
306
+
307
+ ssl3_init_finished_mac(s);
308
+ s->state=SSL3_ST_SR_CLNT_HELLO_A;
309
+ s->ctx->stats.sess_accept++;
310
+ }
311
+ else if (!s->s3->send_connection_binding &&
312
+ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
313
+ {
314
+ /* Server attempting to renegotiate with
315
+ * client that doesn't support secure
316
+ * renegotiation.
317
+ */
318
+ SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
319
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
320
+ ret = -1;
321
+ goto end;
322
+ }
323
+ else
324
+ {
325
+ /* s->state == SSL_ST_RENEGOTIATE,
326
+ * we will just send a HelloRequest */
327
+ s->ctx->stats.sess_accept_renegotiate++;
328
+ s->state=SSL3_ST_SW_HELLO_REQ_A;
329
+ }
330
+ break;
331
+
332
+ case SSL3_ST_SW_HELLO_REQ_A:
333
+ case SSL3_ST_SW_HELLO_REQ_B:
334
+
335
+ s->shutdown=0;
336
+ ret=ssl3_send_hello_request(s);
337
+ if (ret <= 0) goto end;
338
+ s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
339
+ s->state=SSL3_ST_SW_FLUSH;
340
+ s->init_num=0;
341
+
342
+ ssl3_init_finished_mac(s);
343
+ break;
344
+
345
+ case SSL3_ST_SW_HELLO_REQ_C:
346
+ s->state=SSL_ST_OK;
347
+ break;
348
+
349
+ case SSL3_ST_SR_CLNT_HELLO_A:
350
+ case SSL3_ST_SR_CLNT_HELLO_B:
351
+ case SSL3_ST_SR_CLNT_HELLO_C:
352
+
353
+ s->shutdown=0;
354
+ if (s->rwstate != SSL_X509_LOOKUP)
355
+ {
356
+ ret=ssl3_get_client_hello(s);
357
+ if (ret <= 0) goto end;
358
+ }
359
+ #ifndef OPENSSL_NO_SRP
360
+ {
361
+ int al;
362
+ if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) < 0)
363
+ {
364
+ /* callback indicates firther work to be done */
365
+ s->rwstate=SSL_X509_LOOKUP;
366
+ goto end;
367
+ }
368
+ if (ret != SSL_ERROR_NONE)
369
+ {
370
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
371
+ /* This is not really an error but the only means to
372
+ for a client to detect whether srp is supported. */
373
+ if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
374
+ SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);
375
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
376
+ ret= -1;
377
+ goto end;
378
+ }
379
+ }
380
+ #endif
381
+ s->renegotiate = 2;
382
+ s->state=SSL3_ST_SW_SRVR_HELLO_A;
383
+ s->init_num=0;
384
+ break;
385
+
386
+ case SSL3_ST_SW_SRVR_HELLO_A:
387
+ case SSL3_ST_SW_SRVR_HELLO_B:
388
+ ret=ssl3_send_server_hello(s);
389
+ if (ret <= 0) goto end;
390
+ #ifndef OPENSSL_NO_TLSEXT
391
+ if (s->hit)
392
+ {
393
+ if (s->tlsext_ticket_expected)
394
+ s->state=SSL3_ST_SW_SESSION_TICKET_A;
395
+ else
396
+ s->state=SSL3_ST_SW_CHANGE_A;
397
+ }
398
+ #else
399
+ if (s->hit)
400
+ s->state=SSL3_ST_SW_CHANGE_A;
401
+ #endif
402
+ else
403
+ s->state=SSL3_ST_SW_CERT_A;
404
+ s->init_num=0;
405
+ break;
406
+
407
+ case SSL3_ST_SW_CERT_A:
408
+ case SSL3_ST_SW_CERT_B:
409
+ /* Check if it is anon DH or anon ECDH, */
410
+ /* normal PSK or KRB5 or SRP */
411
+ if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
412
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
413
+ && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
414
+ {
415
+ ret=ssl3_send_server_certificate(s);
416
+ if (ret <= 0) goto end;
417
+ #ifndef OPENSSL_NO_TLSEXT
418
+ if (s->tlsext_status_expected)
419
+ s->state=SSL3_ST_SW_CERT_STATUS_A;
420
+ else
421
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
422
+ }
423
+ else
424
+ {
425
+ skip = 1;
426
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
427
+ }
428
+ #else
429
+ }
430
+ else
431
+ skip=1;
432
+
433
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
434
+ #endif
435
+ s->init_num=0;
436
+ break;
437
+
438
+ case SSL3_ST_SW_KEY_EXCH_A:
439
+ case SSL3_ST_SW_KEY_EXCH_B:
440
+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
441
+
442
+ /* clear this, it may get reset by
443
+ * send_server_key_exchange */
444
+ if ((s->options & SSL_OP_EPHEMERAL_RSA)
445
+ #ifndef OPENSSL_NO_KRB5
446
+ && !(alg_k & SSL_kKRB5)
447
+ #endif /* OPENSSL_NO_KRB5 */
448
+ )
449
+ /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
450
+ * even when forbidden by protocol specs
451
+ * (handshake may fail as clients are not required to
452
+ * be able to handle this) */
453
+ s->s3->tmp.use_rsa_tmp=1;
454
+ else
455
+ s->s3->tmp.use_rsa_tmp=0;
456
+
457
+
458
+ /* only send if a DH key exchange, fortezza or
459
+ * RSA but we have a sign only certificate
460
+ *
461
+ * PSK: may send PSK identity hints
462
+ *
463
+ * For ECC ciphersuites, we send a serverKeyExchange
464
+ * message only if the cipher suite is either
465
+ * ECDH-anon or ECDHE. In other cases, the
466
+ * server certificate contains the server's
467
+ * public key for key exchange.
468
+ */
469
+ if (s->s3->tmp.use_rsa_tmp
470
+ /* PSK: send ServerKeyExchange if PSK identity
471
+ * hint if provided */
472
+ #ifndef OPENSSL_NO_PSK
473
+ || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
474
+ #endif
475
+ #ifndef OPENSSL_NO_SRP
476
+ /* SRP: send ServerKeyExchange */
477
+ || (alg_k & SSL_kSRP)
478
+ #endif
479
+ || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
480
+ || (alg_k & SSL_kEECDH)
481
+ || ((alg_k & SSL_kRSA)
482
+ && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
483
+ || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
484
+ && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
485
+ )
486
+ )
487
+ )
488
+ )
489
+ {
490
+ ret=ssl3_send_server_key_exchange(s);
491
+ if (ret <= 0) goto end;
492
+ }
493
+ else
494
+ skip=1;
495
+
496
+ s->state=SSL3_ST_SW_CERT_REQ_A;
497
+ s->init_num=0;
498
+ break;
499
+
500
+ case SSL3_ST_SW_CERT_REQ_A:
501
+ case SSL3_ST_SW_CERT_REQ_B:
502
+ if (/* don't request cert unless asked for it: */
503
+ !(s->verify_mode & SSL_VERIFY_PEER) ||
504
+ /* if SSL_VERIFY_CLIENT_ONCE is set,
505
+ * don't request cert during re-negotiation: */
506
+ ((s->session->peer != NULL) &&
507
+ (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
508
+ /* never request cert in anonymous ciphersuites
509
+ * (see section "Certificate request" in SSL 3 drafts
510
+ * and in RFC 2246): */
511
+ ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
512
+ /* ... except when the application insists on verification
513
+ * (against the specs, but s3_clnt.c accepts this for SSL 3) */
514
+ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
515
+ /* never request cert in Kerberos ciphersuites */
516
+ (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
517
+ /* With normal PSK Certificates and
518
+ * Certificate Requests are omitted */
519
+ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
520
+ {
521
+ /* no cert request */
522
+ skip=1;
523
+ s->s3->tmp.cert_request=0;
524
+ s->state=SSL3_ST_SW_SRVR_DONE_A;
525
+ if (s->s3->handshake_buffer)
526
+ if (!ssl3_digest_cached_records(s))
527
+ return -1;
528
+ }
529
+ else
530
+ {
531
+ s->s3->tmp.cert_request=1;
532
+ ret=ssl3_send_certificate_request(s);
533
+ if (ret <= 0) goto end;
534
+ #ifndef NETSCAPE_HANG_BUG
535
+ s->state=SSL3_ST_SW_SRVR_DONE_A;
536
+ #else
537
+ s->state=SSL3_ST_SW_FLUSH;
538
+ s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
539
+ #endif
540
+ s->init_num=0;
541
+ }
542
+ break;
543
+
544
+ case SSL3_ST_SW_SRVR_DONE_A:
545
+ case SSL3_ST_SW_SRVR_DONE_B:
546
+ ret=ssl3_send_server_done(s);
547
+ if (ret <= 0) goto end;
548
+ s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
549
+ s->state=SSL3_ST_SW_FLUSH;
550
+ s->init_num=0;
551
+ break;
552
+
553
+ case SSL3_ST_SW_FLUSH:
554
+
555
+ /* This code originally checked to see if
556
+ * any data was pending using BIO_CTRL_INFO
557
+ * and then flushed. This caused problems
558
+ * as documented in PR#1939. The proposed
559
+ * fix doesn't completely resolve this issue
560
+ * as buggy implementations of BIO_CTRL_PENDING
561
+ * still exist. So instead we just flush
562
+ * unconditionally.
563
+ */
564
+
565
+ s->rwstate=SSL_WRITING;
566
+ if (BIO_flush(s->wbio) <= 0)
567
+ {
568
+ ret= -1;
569
+ goto end;
570
+ }
571
+ s->rwstate=SSL_NOTHING;
572
+
573
+ s->state=s->s3->tmp.next_state;
574
+ break;
575
+
576
+ case SSL3_ST_SR_CERT_A:
577
+ case SSL3_ST_SR_CERT_B:
578
+ /* Check for second client hello (MS SGC) */
579
+ ret = ssl3_check_client_hello(s);
580
+ if (ret <= 0)
581
+ goto end;
582
+ if (ret == 2)
583
+ s->state = SSL3_ST_SR_CLNT_HELLO_C;
584
+ else {
585
+ if (s->s3->tmp.cert_request)
586
+ {
587
+ ret=ssl3_get_client_certificate(s);
588
+ if (ret <= 0) goto end;
589
+ }
590
+ s->init_num=0;
591
+ s->state=SSL3_ST_SR_KEY_EXCH_A;
592
+ }
593
+ break;
594
+
595
+ case SSL3_ST_SR_KEY_EXCH_A:
596
+ case SSL3_ST_SR_KEY_EXCH_B:
597
+ ret=ssl3_get_client_key_exchange(s);
598
+ if (ret <= 0)
599
+ goto end;
600
+ if (ret == 2)
601
+ {
602
+ /* For the ECDH ciphersuites when
603
+ * the client sends its ECDH pub key in
604
+ * a certificate, the CertificateVerify
605
+ * message is not sent.
606
+ * Also for GOST ciphersuites when
607
+ * the client uses its key from the certificate
608
+ * for key exchange.
609
+ */
610
+ #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
611
+ s->state=SSL3_ST_SR_FINISHED_A;
612
+ #else
613
+ if (s->s3->next_proto_neg_seen)
614
+ s->state=SSL3_ST_SR_NEXT_PROTO_A;
615
+ else
616
+ s->state=SSL3_ST_SR_FINISHED_A;
617
+ #endif
618
+ s->init_num = 0;
619
+ }
620
+ else if (TLS1_get_version(s) >= TLS1_2_VERSION)
621
+ {
622
+ s->state=SSL3_ST_SR_CERT_VRFY_A;
623
+ s->init_num=0;
624
+ if (!s->session->peer)
625
+ break;
626
+ /* For TLS v1.2 freeze the handshake buffer
627
+ * at this point and digest cached records.
628
+ */
629
+ if (!s->s3->handshake_buffer)
630
+ {
631
+ SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
632
+ return -1;
633
+ }
634
+ s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
635
+ if (!ssl3_digest_cached_records(s))
636
+ return -1;
637
+ }
638
+ else
639
+ {
640
+ int offset=0;
641
+ int dgst_num;
642
+
643
+ s->state=SSL3_ST_SR_CERT_VRFY_A;
644
+ s->init_num=0;
645
+
646
+ /* We need to get hashes here so if there is
647
+ * a client cert, it can be verified
648
+ * FIXME - digest processing for CertificateVerify
649
+ * should be generalized. But it is next step
650
+ */
651
+ if (s->s3->handshake_buffer)
652
+ if (!ssl3_digest_cached_records(s))
653
+ return -1;
654
+ for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
655
+ if (s->s3->handshake_dgst[dgst_num])
656
+ {
657
+ int dgst_size;
658
+
659
+ s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
660
+ dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
661
+ if (dgst_size < 0)
662
+ {
663
+ ret = -1;
664
+ goto end;
665
+ }
666
+ offset+=dgst_size;
667
+ }
668
+ }
669
+ break;
670
+
671
+ case SSL3_ST_SR_CERT_VRFY_A:
672
+ case SSL3_ST_SR_CERT_VRFY_B:
673
+
674
+ /* we should decide if we expected this one */
675
+ ret=ssl3_get_cert_verify(s);
676
+ if (ret <= 0) goto end;
677
+
678
+ #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
679
+ s->state=SSL3_ST_SR_FINISHED_A;
680
+ #else
681
+ if (s->s3->next_proto_neg_seen)
682
+ s->state=SSL3_ST_SR_NEXT_PROTO_A;
683
+ else
684
+ s->state=SSL3_ST_SR_FINISHED_A;
685
+ #endif
686
+ s->init_num=0;
687
+ break;
688
+
689
+ #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
690
+ case SSL3_ST_SR_NEXT_PROTO_A:
691
+ case SSL3_ST_SR_NEXT_PROTO_B:
692
+ ret=ssl3_get_next_proto(s);
693
+ if (ret <= 0) goto end;
694
+ s->init_num = 0;
695
+ s->state=SSL3_ST_SR_FINISHED_A;
696
+ break;
697
+ #endif
698
+
699
+ case SSL3_ST_SR_FINISHED_A:
700
+ case SSL3_ST_SR_FINISHED_B:
701
+ ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
702
+ SSL3_ST_SR_FINISHED_B);
703
+ if (ret <= 0) goto end;
704
+ if (s->hit)
705
+ s->state=SSL_ST_OK;
706
+ #ifndef OPENSSL_NO_TLSEXT
707
+ else if (s->tlsext_ticket_expected)
708
+ s->state=SSL3_ST_SW_SESSION_TICKET_A;
709
+ #endif
710
+ else
711
+ s->state=SSL3_ST_SW_CHANGE_A;
712
+ s->init_num=0;
713
+ break;
714
+
715
+ #ifndef OPENSSL_NO_TLSEXT
716
+ case SSL3_ST_SW_SESSION_TICKET_A:
717
+ case SSL3_ST_SW_SESSION_TICKET_B:
718
+ ret=ssl3_send_newsession_ticket(s);
719
+ if (ret <= 0) goto end;
720
+ s->state=SSL3_ST_SW_CHANGE_A;
721
+ s->init_num=0;
722
+ break;
723
+
724
+ case SSL3_ST_SW_CERT_STATUS_A:
725
+ case SSL3_ST_SW_CERT_STATUS_B:
726
+ ret=ssl3_send_cert_status(s);
727
+ if (ret <= 0) goto end;
728
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
729
+ s->init_num=0;
730
+ break;
731
+
732
+ #endif
733
+
734
+ case SSL3_ST_SW_CHANGE_A:
735
+ case SSL3_ST_SW_CHANGE_B:
736
+
737
+ s->session->cipher=s->s3->tmp.new_cipher;
738
+ if (!s->method->ssl3_enc->setup_key_block(s))
739
+ { ret= -1; goto end; }
740
+
741
+ ret=ssl3_send_change_cipher_spec(s,
742
+ SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
743
+
744
+ if (ret <= 0) goto end;
745
+ s->state=SSL3_ST_SW_FINISHED_A;
746
+ s->init_num=0;
747
+
748
+ if (!s->method->ssl3_enc->change_cipher_state(s,
749
+ SSL3_CHANGE_CIPHER_SERVER_WRITE))
750
+ {
751
+ ret= -1;
752
+ goto end;
753
+ }
754
+
755
+ break;
756
+
757
+ case SSL3_ST_SW_FINISHED_A:
758
+ case SSL3_ST_SW_FINISHED_B:
759
+ ret=ssl3_send_finished(s,
760
+ SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
761
+ s->method->ssl3_enc->server_finished_label,
762
+ s->method->ssl3_enc->server_finished_label_len);
763
+ if (ret <= 0) goto end;
764
+ s->state=SSL3_ST_SW_FLUSH;
765
+ if (s->hit)
766
+ {
767
+ #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
768
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
769
+ #else
770
+ if (s->s3->next_proto_neg_seen)
771
+ s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
772
+ else
773
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
774
+ #endif
775
+ }
776
+ else
777
+ s->s3->tmp.next_state=SSL_ST_OK;
778
+ s->init_num=0;
779
+ break;
780
+
781
+ case SSL_ST_OK:
782
+ /* clean a few things up */
783
+ ssl3_cleanup_key_block(s);
784
+
785
+ BUF_MEM_free(s->init_buf);
786
+ s->init_buf=NULL;
787
+
788
+ /* remove buffering on output */
789
+ ssl_free_wbio_buffer(s);
790
+
791
+ s->init_num=0;
792
+
793
+ if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
794
+ {
795
+ s->renegotiate=0;
796
+ s->new_session=0;
797
+
798
+ ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
799
+
800
+ s->ctx->stats.sess_accept_good++;
801
+ /* s->server=1; */
802
+ s->handshake_func=ssl3_accept;
803
+
804
+ if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
805
+ }
806
+
807
+ ret = 1;
808
+ goto end;
809
+ /* break; */
810
+
811
+ default:
812
+ SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
813
+ ret= -1;
814
+ goto end;
815
+ /* break; */
816
+ }
817
+
818
+ if (!s->s3->tmp.reuse_message && !skip)
819
+ {
820
+ if (s->debug)
821
+ {
822
+ if ((ret=BIO_flush(s->wbio)) <= 0)
823
+ goto end;
824
+ }
825
+
826
+
827
+ if ((cb != NULL) && (s->state != state))
828
+ {
829
+ new_state=s->state;
830
+ s->state=state;
831
+ cb(s,SSL_CB_ACCEPT_LOOP,1);
832
+ s->state=new_state;
833
+ }
834
+ }
835
+ skip=0;
836
+ }
837
+ end:
838
+ /* BIO_flush(s->wbio); */
839
+
840
+ s->in_handshake--;
841
+ if (cb != NULL)
842
+ cb(s,SSL_CB_ACCEPT_EXIT,ret);
843
+ return(ret);
844
+ }
845
+
846
+ int ssl3_send_hello_request(SSL *s)
847
+ {
848
+ unsigned char *p;
849
+
850
+ if (s->state == SSL3_ST_SW_HELLO_REQ_A)
851
+ {
852
+ p=(unsigned char *)s->init_buf->data;
853
+ *(p++)=SSL3_MT_HELLO_REQUEST;
854
+ *(p++)=0;
855
+ *(p++)=0;
856
+ *(p++)=0;
857
+
858
+ s->state=SSL3_ST_SW_HELLO_REQ_B;
859
+ /* number of bytes to write */
860
+ s->init_num=4;
861
+ s->init_off=0;
862
+ }
863
+
864
+ /* SSL3_ST_SW_HELLO_REQ_B */
865
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
866
+ }
867
+
868
+ int ssl3_check_client_hello(SSL *s)
869
+ {
870
+ int ok;
871
+ long n;
872
+
873
+ /* this function is called when we really expect a Certificate message,
874
+ * so permit appropriate message length */
875
+ n=s->method->ssl_get_message(s,
876
+ SSL3_ST_SR_CERT_A,
877
+ SSL3_ST_SR_CERT_B,
878
+ -1,
879
+ s->max_cert_list,
880
+ &ok);
881
+ if (!ok) return((int)n);
882
+ s->s3->tmp.reuse_message = 1;
883
+ if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
884
+ {
885
+ /* We only allow the client to restart the handshake once per
886
+ * negotiation. */
887
+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
888
+ {
889
+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
890
+ return -1;
891
+ }
892
+ /* Throw away what we have done so far in the current handshake,
893
+ * which will now be aborted. (A full SSL_clear would be too much.) */
894
+ #ifndef OPENSSL_NO_DH
895
+ if (s->s3->tmp.dh != NULL)
896
+ {
897
+ DH_free(s->s3->tmp.dh);
898
+ s->s3->tmp.dh = NULL;
899
+ }
900
+ #endif
901
+ #ifndef OPENSSL_NO_ECDH
902
+ if (s->s3->tmp.ecdh != NULL)
903
+ {
904
+ EC_KEY_free(s->s3->tmp.ecdh);
905
+ s->s3->tmp.ecdh = NULL;
906
+ }
907
+ #endif
908
+ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
909
+ return 2;
910
+ }
911
+ return 1;
912
+ }
913
+
914
+ int ssl3_get_client_hello(SSL *s)
915
+ {
916
+ int i,j,ok,al,ret= -1;
917
+ unsigned int cookie_len;
918
+ long n;
919
+ unsigned long id;
920
+ unsigned char *p,*d,*q;
921
+ SSL_CIPHER *c;
922
+ #ifndef OPENSSL_NO_COMP
923
+ SSL_COMP *comp=NULL;
924
+ #endif
925
+ STACK_OF(SSL_CIPHER) *ciphers=NULL;
926
+
927
+ /* We do this so that we will respond with our native type.
928
+ * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
929
+ * This down switching should be handled by a different method.
930
+ * If we are SSLv3, we will respond with SSLv3, even if prompted with
931
+ * TLSv1.
932
+ */
933
+ if (s->state == SSL3_ST_SR_CLNT_HELLO_A
934
+ )
935
+ {
936
+ s->state=SSL3_ST_SR_CLNT_HELLO_B;
937
+ }
938
+ s->first_packet=1;
939
+ n=s->method->ssl_get_message(s,
940
+ SSL3_ST_SR_CLNT_HELLO_B,
941
+ SSL3_ST_SR_CLNT_HELLO_C,
942
+ SSL3_MT_CLIENT_HELLO,
943
+ SSL3_RT_MAX_PLAIN_LENGTH,
944
+ &ok);
945
+
946
+ if (!ok) return((int)n);
947
+ s->first_packet=0;
948
+ d=p=(unsigned char *)s->init_msg;
949
+
950
+ /* use version from inside client hello, not from record header
951
+ * (may differ: see RFC 2246, Appendix E, second paragraph) */
952
+ s->client_version=(((int)p[0])<<8)|(int)p[1];
953
+ p+=2;
954
+
955
+ if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
956
+ (s->version != DTLS1_VERSION && s->client_version < s->version))
957
+ {
958
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
959
+ if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
960
+ {
961
+ /* similar to ssl3_get_record, send alert using remote version number */
962
+ s->version = s->client_version;
963
+ }
964
+ al = SSL_AD_PROTOCOL_VERSION;
965
+ goto f_err;
966
+ }
967
+
968
+ /* If we require cookies and this ClientHello doesn't
969
+ * contain one, just return since we do not want to
970
+ * allocate any memory yet. So check cookie length...
971
+ */
972
+ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
973
+ {
974
+ unsigned int session_length, cookie_length;
975
+
976
+ session_length = *(p + SSL3_RANDOM_SIZE);
977
+ cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
978
+
979
+ if (cookie_length == 0)
980
+ return 1;
981
+ }
982
+
983
+ /* load the client random */
984
+ memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
985
+ p+=SSL3_RANDOM_SIZE;
986
+
987
+ /* get the session-id */
988
+ j= *(p++);
989
+
990
+ s->hit=0;
991
+ /* Versions before 0.9.7 always allow clients to resume sessions in renegotiation.
992
+ * 0.9.7 and later allow this by default, but optionally ignore resumption requests
993
+ * with flag SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
994
+ * than a change to default behavior so that applications relying on this for security
995
+ * won't even compile against older library versions).
996
+ *
997
+ * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to request
998
+ * renegotiation but not a new session (s->new_session remains unset): for servers,
999
+ * this essentially just means that the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
1000
+ * setting will be ignored.
1001
+ */
1002
+ if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
1003
+ {
1004
+ if (!ssl_get_new_session(s,1))
1005
+ goto err;
1006
+ }
1007
+ else
1008
+ {
1009
+ i=ssl_get_prev_session(s, p, j, d + n);
1010
+ if (i == 1)
1011
+ { /* previous session */
1012
+ s->hit=1;
1013
+ }
1014
+ else if (i == -1)
1015
+ goto err;
1016
+ else /* i == 0 */
1017
+ {
1018
+ if (!ssl_get_new_session(s,1))
1019
+ goto err;
1020
+ }
1021
+ }
1022
+
1023
+ p+=j;
1024
+
1025
+ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
1026
+ {
1027
+ /* cookie stuff */
1028
+ cookie_len = *(p++);
1029
+
1030
+ /*
1031
+ * The ClientHello may contain a cookie even if the
1032
+ * HelloVerify message has not been sent--make sure that it
1033
+ * does not cause an overflow.
1034
+ */
1035
+ if ( cookie_len > sizeof(s->d1->rcvd_cookie))
1036
+ {
1037
+ /* too much data */
1038
+ al = SSL_AD_DECODE_ERROR;
1039
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
1040
+ goto f_err;
1041
+ }
1042
+
1043
+ /* verify the cookie if appropriate option is set. */
1044
+ if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
1045
+ cookie_len > 0)
1046
+ {
1047
+ memcpy(s->d1->rcvd_cookie, p, cookie_len);
1048
+
1049
+ if ( s->ctx->app_verify_cookie_cb != NULL)
1050
+ {
1051
+ if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
1052
+ cookie_len) == 0)
1053
+ {
1054
+ al=SSL_AD_HANDSHAKE_FAILURE;
1055
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1056
+ SSL_R_COOKIE_MISMATCH);
1057
+ goto f_err;
1058
+ }
1059
+ /* else cookie verification succeeded */
1060
+ }
1061
+ else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
1062
+ s->d1->cookie_len) != 0) /* default verification */
1063
+ {
1064
+ al=SSL_AD_HANDSHAKE_FAILURE;
1065
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1066
+ SSL_R_COOKIE_MISMATCH);
1067
+ goto f_err;
1068
+ }
1069
+
1070
+ ret = 2;
1071
+ }
1072
+
1073
+ p += cookie_len;
1074
+ }
1075
+
1076
+ n2s(p,i);
1077
+ if ((i == 0) && (j != 0))
1078
+ {
1079
+ /* we need a cipher if we are not resuming a session */
1080
+ al=SSL_AD_ILLEGAL_PARAMETER;
1081
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
1082
+ goto f_err;
1083
+ }
1084
+ if ((p+i) >= (d+n))
1085
+ {
1086
+ /* not enough data */
1087
+ al=SSL_AD_DECODE_ERROR;
1088
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1089
+ goto f_err;
1090
+ }
1091
+ if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
1092
+ == NULL))
1093
+ {
1094
+ goto err;
1095
+ }
1096
+ p+=i;
1097
+
1098
+ /* If it is a hit, check that the cipher is in the list */
1099
+ if ((s->hit) && (i > 0))
1100
+ {
1101
+ j=0;
1102
+ id=s->session->cipher->id;
1103
+
1104
+ #ifdef CIPHER_DEBUG
1105
+ printf("client sent %d ciphers\n",sk_num(ciphers));
1106
+ #endif
1107
+ for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
1108
+ {
1109
+ c=sk_SSL_CIPHER_value(ciphers,i);
1110
+ #ifdef CIPHER_DEBUG
1111
+ printf("client [%2d of %2d]:%s\n",
1112
+ i,sk_num(ciphers),SSL_CIPHER_get_name(c));
1113
+ #endif
1114
+ if (c->id == id)
1115
+ {
1116
+ j=1;
1117
+ break;
1118
+ }
1119
+ }
1120
+ /* Disabled because it can be used in a ciphersuite downgrade
1121
+ * attack: CVE-2010-4180.
1122
+ */
1123
+ #if 0
1124
+ if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
1125
+ {
1126
+ /* Special case as client bug workaround: the previously used cipher may
1127
+ * not be in the current list, the client instead might be trying to
1128
+ * continue using a cipher that before wasn't chosen due to server
1129
+ * preferences. We'll have to reject the connection if the cipher is not
1130
+ * enabled, though. */
1131
+ c = sk_SSL_CIPHER_value(ciphers, 0);
1132
+ if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
1133
+ {
1134
+ s->session->cipher = c;
1135
+ j = 1;
1136
+ }
1137
+ }
1138
+ #endif
1139
+ if (j == 0)
1140
+ {
1141
+ /* we need to have the cipher in the cipher
1142
+ * list if we are asked to reuse it */
1143
+ al=SSL_AD_ILLEGAL_PARAMETER;
1144
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
1145
+ goto f_err;
1146
+ }
1147
+ }
1148
+
1149
+ /* compression */
1150
+ i= *(p++);
1151
+ if ((p+i) > (d+n))
1152
+ {
1153
+ /* not enough data */
1154
+ al=SSL_AD_DECODE_ERROR;
1155
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1156
+ goto f_err;
1157
+ }
1158
+ q=p;
1159
+ for (j=0; j<i; j++)
1160
+ {
1161
+ if (p[j] == 0) break;
1162
+ }
1163
+
1164
+ p+=i;
1165
+ if (j >= i)
1166
+ {
1167
+ /* no compress */
1168
+ al=SSL_AD_DECODE_ERROR;
1169
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
1170
+ goto f_err;
1171
+ }
1172
+
1173
+ #ifndef OPENSSL_NO_TLSEXT
1174
+ /* TLS extensions*/
1175
+ if (s->version >= SSL3_VERSION)
1176
+ {
1177
+ if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
1178
+ {
1179
+ /* 'al' set by ssl_parse_clienthello_tlsext */
1180
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
1181
+ goto f_err;
1182
+ }
1183
+ }
1184
+ if (ssl_check_clienthello_tlsext(s) <= 0) {
1185
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
1186
+ goto err;
1187
+ }
1188
+
1189
+ /* Check if we want to use external pre-shared secret for this
1190
+ * handshake for not reused session only. We need to generate
1191
+ * server_random before calling tls_session_secret_cb in order to allow
1192
+ * SessionTicket processing to use it in key derivation. */
1193
+ {
1194
+ unsigned long Time;
1195
+ unsigned char *pos;
1196
+ Time=(unsigned long)time(NULL); /* Time */
1197
+ pos=s->s3->server_random;
1198
+ l2n(Time,pos);
1199
+ if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
1200
+ {
1201
+ al=SSL_AD_INTERNAL_ERROR;
1202
+ goto f_err;
1203
+ }
1204
+ }
1205
+
1206
+ if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
1207
+ {
1208
+ SSL_CIPHER *pref_cipher=NULL;
1209
+
1210
+ s->session->master_key_length=sizeof(s->session->master_key);
1211
+ if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
1212
+ ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
1213
+ {
1214
+ s->hit=1;
1215
+ s->session->ciphers=ciphers;
1216
+ s->session->verify_result=X509_V_OK;
1217
+
1218
+ ciphers=NULL;
1219
+
1220
+ /* check if some cipher was preferred by call back */
1221
+ pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
1222
+ if (pref_cipher == NULL)
1223
+ {
1224
+ al=SSL_AD_HANDSHAKE_FAILURE;
1225
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1226
+ goto f_err;
1227
+ }
1228
+
1229
+ s->session->cipher=pref_cipher;
1230
+
1231
+ if (s->cipher_list)
1232
+ sk_SSL_CIPHER_free(s->cipher_list);
1233
+
1234
+ if (s->cipher_list_by_id)
1235
+ sk_SSL_CIPHER_free(s->cipher_list_by_id);
1236
+
1237
+ s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1238
+ s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1239
+ }
1240
+ }
1241
+ #endif
1242
+
1243
+ /* Worst case, we will use the NULL compression, but if we have other
1244
+ * options, we will now look for them. We have i-1 compression
1245
+ * algorithms from the client, starting at q. */
1246
+ s->s3->tmp.new_compression=NULL;
1247
+ #ifndef OPENSSL_NO_COMP
1248
+ /* This only happens if we have a cache hit */
1249
+ if (s->session->compress_meth != 0)
1250
+ {
1251
+ int m, comp_id = s->session->compress_meth;
1252
+ /* Perform sanity checks on resumed compression algorithm */
1253
+ /* Can't disable compression */
1254
+ if (s->options & SSL_OP_NO_COMPRESSION)
1255
+ {
1256
+ al=SSL_AD_INTERNAL_ERROR;
1257
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1258
+ goto f_err;
1259
+ }
1260
+ /* Look for resumed compression method */
1261
+ for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
1262
+ {
1263
+ comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1264
+ if (comp_id == comp->id)
1265
+ {
1266
+ s->s3->tmp.new_compression=comp;
1267
+ break;
1268
+ }
1269
+ }
1270
+ if (s->s3->tmp.new_compression == NULL)
1271
+ {
1272
+ al=SSL_AD_INTERNAL_ERROR;
1273
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
1274
+ goto f_err;
1275
+ }
1276
+ /* Look for resumed method in compression list */
1277
+ for (m = 0; m < i; m++)
1278
+ {
1279
+ if (q[m] == comp_id)
1280
+ break;
1281
+ }
1282
+ if (m >= i)
1283
+ {
1284
+ al=SSL_AD_ILLEGAL_PARAMETER;
1285
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1286
+ goto f_err;
1287
+ }
1288
+ }
1289
+ else if (s->hit)
1290
+ comp = NULL;
1291
+ else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
1292
+ { /* See if we have a match */
1293
+ int m,nn,o,v,done=0;
1294
+
1295
+ nn=sk_SSL_COMP_num(s->ctx->comp_methods);
1296
+ for (m=0; m<nn; m++)
1297
+ {
1298
+ comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1299
+ v=comp->id;
1300
+ for (o=0; o<i; o++)
1301
+ {
1302
+ if (v == q[o])
1303
+ {
1304
+ done=1;
1305
+ break;
1306
+ }
1307
+ }
1308
+ if (done) break;
1309
+ }
1310
+ if (done)
1311
+ s->s3->tmp.new_compression=comp;
1312
+ else
1313
+ comp=NULL;
1314
+ }
1315
+ #else
1316
+ /* If compression is disabled we'd better not try to resume a session
1317
+ * using compression.
1318
+ */
1319
+ if (s->session->compress_meth != 0)
1320
+ {
1321
+ al=SSL_AD_INTERNAL_ERROR;
1322
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1323
+ goto f_err;
1324
+ }
1325
+ #endif
1326
+
1327
+ /* Given s->session->ciphers and SSL_get_ciphers, we must
1328
+ * pick a cipher */
1329
+
1330
+ if (!s->hit)
1331
+ {
1332
+ #ifdef OPENSSL_NO_COMP
1333
+ s->session->compress_meth=0;
1334
+ #else
1335
+ s->session->compress_meth=(comp == NULL)?0:comp->id;
1336
+ #endif
1337
+ if (s->session->ciphers != NULL)
1338
+ sk_SSL_CIPHER_free(s->session->ciphers);
1339
+ s->session->ciphers=ciphers;
1340
+ if (ciphers == NULL)
1341
+ {
1342
+ al=SSL_AD_ILLEGAL_PARAMETER;
1343
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
1344
+ goto f_err;
1345
+ }
1346
+ ciphers=NULL;
1347
+ c=ssl3_choose_cipher(s,s->session->ciphers,
1348
+ SSL_get_ciphers(s));
1349
+
1350
+ if (c == NULL)
1351
+ {
1352
+ al=SSL_AD_HANDSHAKE_FAILURE;
1353
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1354
+ goto f_err;
1355
+ }
1356
+ s->s3->tmp.new_cipher=c;
1357
+ }
1358
+ else
1359
+ {
1360
+ /* Session-id reuse */
1361
+ #ifdef REUSE_CIPHER_BUG
1362
+ STACK_OF(SSL_CIPHER) *sk;
1363
+ SSL_CIPHER *nc=NULL;
1364
+ SSL_CIPHER *ec=NULL;
1365
+
1366
+ if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
1367
+ {
1368
+ sk=s->session->ciphers;
1369
+ for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1370
+ {
1371
+ c=sk_SSL_CIPHER_value(sk,i);
1372
+ if (c->algorithm_enc & SSL_eNULL)
1373
+ nc=c;
1374
+ if (SSL_C_IS_EXPORT(c))
1375
+ ec=c;
1376
+ }
1377
+ if (nc != NULL)
1378
+ s->s3->tmp.new_cipher=nc;
1379
+ else if (ec != NULL)
1380
+ s->s3->tmp.new_cipher=ec;
1381
+ else
1382
+ s->s3->tmp.new_cipher=s->session->cipher;
1383
+ }
1384
+ else
1385
+ #endif
1386
+ s->s3->tmp.new_cipher=s->session->cipher;
1387
+ }
1388
+
1389
+ if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER))
1390
+ {
1391
+ if (!ssl3_digest_cached_records(s))
1392
+ goto f_err;
1393
+ }
1394
+
1395
+ /* we now have the following setup.
1396
+ * client_random
1397
+ * cipher_list - our prefered list of ciphers
1398
+ * ciphers - the clients prefered list of ciphers
1399
+ * compression - basically ignored right now
1400
+ * ssl version is set - sslv3
1401
+ * s->session - The ssl session has been setup.
1402
+ * s->hit - session reuse flag
1403
+ * s->tmp.new_cipher - the new cipher to use.
1404
+ */
1405
+
1406
+ if (ret < 0) ret=1;
1407
+ if (0)
1408
+ {
1409
+ f_err:
1410
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
1411
+ }
1412
+ err:
1413
+ if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
1414
+ return(ret);
1415
+ }
1416
+
1417
+ int ssl3_send_server_hello(SSL *s)
1418
+ {
1419
+ unsigned char *buf;
1420
+ unsigned char *p,*d;
1421
+ int i,sl;
1422
+ unsigned long l;
1423
+ #ifdef OPENSSL_NO_TLSEXT
1424
+ unsigned long Time;
1425
+ #endif
1426
+
1427
+ if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
1428
+ {
1429
+ buf=(unsigned char *)s->init_buf->data;
1430
+ #ifdef OPENSSL_NO_TLSEXT
1431
+ p=s->s3->server_random;
1432
+ /* Generate server_random if it was not needed previously */
1433
+ Time=(unsigned long)time(NULL); /* Time */
1434
+ l2n(Time,p);
1435
+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
1436
+ return -1;
1437
+ #endif
1438
+ /* Do the message type and length last */
1439
+ d=p= &(buf[4]);
1440
+
1441
+ *(p++)=s->version>>8;
1442
+ *(p++)=s->version&0xff;
1443
+
1444
+ /* Random stuff */
1445
+ memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
1446
+ p+=SSL3_RANDOM_SIZE;
1447
+
1448
+ /* There are several cases for the session ID to send
1449
+ * back in the server hello:
1450
+ * - For session reuse from the session cache,
1451
+ * we send back the old session ID.
1452
+ * - If stateless session reuse (using a session ticket)
1453
+ * is successful, we send back the client's "session ID"
1454
+ * (which doesn't actually identify the session).
1455
+ * - If it is a new session, we send back the new
1456
+ * session ID.
1457
+ * - However, if we want the new session to be single-use,
1458
+ * we send back a 0-length session ID.
1459
+ * s->hit is non-zero in either case of session reuse,
1460
+ * so the following won't overwrite an ID that we're supposed
1461
+ * to send back.
1462
+ */
1463
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1464
+ && !s->hit)
1465
+ s->session->session_id_length=0;
1466
+
1467
+ sl=s->session->session_id_length;
1468
+ if (sl > (int)sizeof(s->session->session_id))
1469
+ {
1470
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
1471
+ return -1;
1472
+ }
1473
+ *(p++)=sl;
1474
+ memcpy(p,s->session->session_id,sl);
1475
+ p+=sl;
1476
+
1477
+ /* put the cipher */
1478
+ i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
1479
+ p+=i;
1480
+
1481
+ /* put the compression method */
1482
+ #ifdef OPENSSL_NO_COMP
1483
+ *(p++)=0;
1484
+ #else
1485
+ if (s->s3->tmp.new_compression == NULL)
1486
+ *(p++)=0;
1487
+ else
1488
+ *(p++)=s->s3->tmp.new_compression->id;
1489
+ #endif
1490
+ #ifndef OPENSSL_NO_TLSEXT
1491
+ if (ssl_prepare_serverhello_tlsext(s) <= 0)
1492
+ {
1493
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1494
+ return -1;
1495
+ }
1496
+ if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
1497
+ {
1498
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
1499
+ return -1;
1500
+ }
1501
+ #endif
1502
+ /* do the header */
1503
+ l=(p-d);
1504
+ d=buf;
1505
+ *(d++)=SSL3_MT_SERVER_HELLO;
1506
+ l2n3(l,d);
1507
+
1508
+ s->state=SSL3_ST_SW_SRVR_HELLO_B;
1509
+ /* number of bytes to write */
1510
+ s->init_num=p-buf;
1511
+ s->init_off=0;
1512
+ }
1513
+
1514
+ /* SSL3_ST_SW_SRVR_HELLO_B */
1515
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1516
+ }
1517
+
1518
+ int ssl3_send_server_done(SSL *s)
1519
+ {
1520
+ unsigned char *p;
1521
+
1522
+ if (s->state == SSL3_ST_SW_SRVR_DONE_A)
1523
+ {
1524
+ p=(unsigned char *)s->init_buf->data;
1525
+
1526
+ /* do the header */
1527
+ *(p++)=SSL3_MT_SERVER_DONE;
1528
+ *(p++)=0;
1529
+ *(p++)=0;
1530
+ *(p++)=0;
1531
+
1532
+ s->state=SSL3_ST_SW_SRVR_DONE_B;
1533
+ /* number of bytes to write */
1534
+ s->init_num=4;
1535
+ s->init_off=0;
1536
+ }
1537
+
1538
+ /* SSL3_ST_SW_SRVR_DONE_B */
1539
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1540
+ }
1541
+
1542
+ int ssl3_send_server_key_exchange(SSL *s)
1543
+ {
1544
+ #ifndef OPENSSL_NO_RSA
1545
+ unsigned char *q;
1546
+ int j,num;
1547
+ RSA *rsa;
1548
+ unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1549
+ unsigned int u;
1550
+ #endif
1551
+ #ifndef OPENSSL_NO_DH
1552
+ DH *dh=NULL,*dhp;
1553
+ #endif
1554
+ #ifndef OPENSSL_NO_ECDH
1555
+ EC_KEY *ecdh=NULL, *ecdhp;
1556
+ unsigned char *encodedPoint = NULL;
1557
+ int encodedlen = 0;
1558
+ int curve_id = 0;
1559
+ BN_CTX *bn_ctx = NULL;
1560
+ #endif
1561
+ EVP_PKEY *pkey;
1562
+ const EVP_MD *md = NULL;
1563
+ unsigned char *p,*d;
1564
+ int al,i;
1565
+ unsigned long type;
1566
+ int n;
1567
+ CERT *cert;
1568
+ BIGNUM *r[4];
1569
+ int nr[4],kn;
1570
+ BUF_MEM *buf;
1571
+ EVP_MD_CTX md_ctx;
1572
+
1573
+ EVP_MD_CTX_init(&md_ctx);
1574
+ if (s->state == SSL3_ST_SW_KEY_EXCH_A)
1575
+ {
1576
+ type=s->s3->tmp.new_cipher->algorithm_mkey;
1577
+ cert=s->cert;
1578
+
1579
+ buf=s->init_buf;
1580
+
1581
+ r[0]=r[1]=r[2]=r[3]=NULL;
1582
+ n=0;
1583
+ #ifndef OPENSSL_NO_RSA
1584
+ if (type & SSL_kRSA)
1585
+ {
1586
+ rsa=cert->rsa_tmp;
1587
+ if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
1588
+ {
1589
+ rsa=s->cert->rsa_tmp_cb(s,
1590
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1591
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1592
+ if(rsa == NULL)
1593
+ {
1594
+ al=SSL_AD_HANDSHAKE_FAILURE;
1595
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1596
+ goto f_err;
1597
+ }
1598
+ RSA_up_ref(rsa);
1599
+ cert->rsa_tmp=rsa;
1600
+ }
1601
+ if (rsa == NULL)
1602
+ {
1603
+ al=SSL_AD_HANDSHAKE_FAILURE;
1604
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1605
+ goto f_err;
1606
+ }
1607
+ r[0]=rsa->n;
1608
+ r[1]=rsa->e;
1609
+ s->s3->tmp.use_rsa_tmp=1;
1610
+ }
1611
+ else
1612
+ #endif
1613
+ #ifndef OPENSSL_NO_DH
1614
+ if (type & SSL_kEDH)
1615
+ {
1616
+ dhp=cert->dh_tmp;
1617
+ if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1618
+ dhp=s->cert->dh_tmp_cb(s,
1619
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1620
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1621
+ if (dhp == NULL)
1622
+ {
1623
+ al=SSL_AD_HANDSHAKE_FAILURE;
1624
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1625
+ goto f_err;
1626
+ }
1627
+
1628
+ if (s->s3->tmp.dh != NULL)
1629
+ {
1630
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1631
+ goto err;
1632
+ }
1633
+
1634
+ if ((dh=DHparams_dup(dhp)) == NULL)
1635
+ {
1636
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1637
+ goto err;
1638
+ }
1639
+
1640
+ s->s3->tmp.dh=dh;
1641
+ if ((dhp->pub_key == NULL ||
1642
+ dhp->priv_key == NULL ||
1643
+ (s->options & SSL_OP_SINGLE_DH_USE)))
1644
+ {
1645
+ if(!DH_generate_key(dh))
1646
+ {
1647
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1648
+ ERR_R_DH_LIB);
1649
+ goto err;
1650
+ }
1651
+ }
1652
+ else
1653
+ {
1654
+ dh->pub_key=BN_dup(dhp->pub_key);
1655
+ dh->priv_key=BN_dup(dhp->priv_key);
1656
+ if ((dh->pub_key == NULL) ||
1657
+ (dh->priv_key == NULL))
1658
+ {
1659
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1660
+ goto err;
1661
+ }
1662
+ }
1663
+ r[0]=dh->p;
1664
+ r[1]=dh->g;
1665
+ r[2]=dh->pub_key;
1666
+ }
1667
+ else
1668
+ #endif
1669
+ #ifndef OPENSSL_NO_ECDH
1670
+ if (type & SSL_kEECDH)
1671
+ {
1672
+ const EC_GROUP *group;
1673
+
1674
+ ecdhp=cert->ecdh_tmp;
1675
+ if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
1676
+ {
1677
+ ecdhp=s->cert->ecdh_tmp_cb(s,
1678
+ SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1679
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1680
+ }
1681
+ if (ecdhp == NULL)
1682
+ {
1683
+ al=SSL_AD_HANDSHAKE_FAILURE;
1684
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1685
+ goto f_err;
1686
+ }
1687
+
1688
+ if (s->s3->tmp.ecdh != NULL)
1689
+ {
1690
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1691
+ goto err;
1692
+ }
1693
+
1694
+ /* Duplicate the ECDH structure. */
1695
+ if (ecdhp == NULL)
1696
+ {
1697
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1698
+ goto err;
1699
+ }
1700
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1701
+ {
1702
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1703
+ goto err;
1704
+ }
1705
+
1706
+ s->s3->tmp.ecdh=ecdh;
1707
+ if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1708
+ (EC_KEY_get0_private_key(ecdh) == NULL) ||
1709
+ (s->options & SSL_OP_SINGLE_ECDH_USE))
1710
+ {
1711
+ if(!EC_KEY_generate_key(ecdh))
1712
+ {
1713
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1714
+ goto err;
1715
+ }
1716
+ }
1717
+
1718
+ if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1719
+ (EC_KEY_get0_public_key(ecdh) == NULL) ||
1720
+ (EC_KEY_get0_private_key(ecdh) == NULL))
1721
+ {
1722
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1723
+ goto err;
1724
+ }
1725
+
1726
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1727
+ (EC_GROUP_get_degree(group) > 163))
1728
+ {
1729
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1730
+ goto err;
1731
+ }
1732
+
1733
+ /* XXX: For now, we only support ephemeral ECDH
1734
+ * keys over named (not generic) curves. For
1735
+ * supported named curves, curve_id is non-zero.
1736
+ */
1737
+ if ((curve_id =
1738
+ tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1739
+ == 0)
1740
+ {
1741
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1742
+ goto err;
1743
+ }
1744
+
1745
+ /* Encode the public key.
1746
+ * First check the size of encoding and
1747
+ * allocate memory accordingly.
1748
+ */
1749
+ encodedlen = EC_POINT_point2oct(group,
1750
+ EC_KEY_get0_public_key(ecdh),
1751
+ POINT_CONVERSION_UNCOMPRESSED,
1752
+ NULL, 0, NULL);
1753
+
1754
+ encodedPoint = (unsigned char *)
1755
+ OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1756
+ bn_ctx = BN_CTX_new();
1757
+ if ((encodedPoint == NULL) || (bn_ctx == NULL))
1758
+ {
1759
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1760
+ goto err;
1761
+ }
1762
+
1763
+
1764
+ encodedlen = EC_POINT_point2oct(group,
1765
+ EC_KEY_get0_public_key(ecdh),
1766
+ POINT_CONVERSION_UNCOMPRESSED,
1767
+ encodedPoint, encodedlen, bn_ctx);
1768
+
1769
+ if (encodedlen == 0)
1770
+ {
1771
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1772
+ goto err;
1773
+ }
1774
+
1775
+ BN_CTX_free(bn_ctx); bn_ctx=NULL;
1776
+
1777
+ /* XXX: For now, we only support named (not
1778
+ * generic) curves in ECDH ephemeral key exchanges.
1779
+ * In this situation, we need four additional bytes
1780
+ * to encode the entire ServerECDHParams
1781
+ * structure.
1782
+ */
1783
+ n = 4 + encodedlen;
1784
+
1785
+ /* We'll generate the serverKeyExchange message
1786
+ * explicitly so we can set these to NULLs
1787
+ */
1788
+ r[0]=NULL;
1789
+ r[1]=NULL;
1790
+ r[2]=NULL;
1791
+ r[3]=NULL;
1792
+ }
1793
+ else
1794
+ #endif /* !OPENSSL_NO_ECDH */
1795
+ #ifndef OPENSSL_NO_PSK
1796
+ if (type & SSL_kPSK)
1797
+ {
1798
+ /* reserve size for record length and PSK identity hint*/
1799
+ n+=2+strlen(s->ctx->psk_identity_hint);
1800
+ }
1801
+ else
1802
+ #endif /* !OPENSSL_NO_PSK */
1803
+ #ifndef OPENSSL_NO_SRP
1804
+ if (type & SSL_kSRP)
1805
+ {
1806
+ if ((s->srp_ctx.N == NULL) ||
1807
+ (s->srp_ctx.g == NULL) ||
1808
+ (s->srp_ctx.s == NULL) ||
1809
+ (s->srp_ctx.B == NULL))
1810
+ {
1811
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_SRP_PARAM);
1812
+ goto err;
1813
+ }
1814
+ r[0]=s->srp_ctx.N;
1815
+ r[1]=s->srp_ctx.g;
1816
+ r[2]=s->srp_ctx.s;
1817
+ r[3]=s->srp_ctx.B;
1818
+ }
1819
+ else
1820
+ #endif
1821
+ {
1822
+ al=SSL_AD_HANDSHAKE_FAILURE;
1823
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1824
+ goto f_err;
1825
+ }
1826
+ for (i=0; r[i] != NULL && i<4; i++)
1827
+ {
1828
+ nr[i]=BN_num_bytes(r[i]);
1829
+ #ifndef OPENSSL_NO_SRP
1830
+ if ((i == 2) && (type & SSL_kSRP))
1831
+ n+=1+nr[i];
1832
+ else
1833
+ #endif
1834
+ n+=2+nr[i];
1835
+ }
1836
+
1837
+ if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1838
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1839
+ {
1840
+ if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))
1841
+ == NULL)
1842
+ {
1843
+ al=SSL_AD_DECODE_ERROR;
1844
+ goto f_err;
1845
+ }
1846
+ kn=EVP_PKEY_size(pkey);
1847
+ }
1848
+ else
1849
+ {
1850
+ pkey=NULL;
1851
+ kn=0;
1852
+ }
1853
+
1854
+ if (!BUF_MEM_grow_clean(buf,n+4+kn))
1855
+ {
1856
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1857
+ goto err;
1858
+ }
1859
+ d=(unsigned char *)s->init_buf->data;
1860
+ p= &(d[4]);
1861
+
1862
+ for (i=0; r[i] != NULL && i<4; i++)
1863
+ {
1864
+ #ifndef OPENSSL_NO_SRP
1865
+ if ((i == 2) && (type & SSL_kSRP))
1866
+ {
1867
+ *p = nr[i];
1868
+ p++;
1869
+ }
1870
+ else
1871
+ #endif
1872
+ s2n(nr[i],p);
1873
+ BN_bn2bin(r[i],p);
1874
+ p+=nr[i];
1875
+ }
1876
+
1877
+ #ifndef OPENSSL_NO_ECDH
1878
+ if (type & SSL_kEECDH)
1879
+ {
1880
+ /* XXX: For now, we only support named (not generic) curves.
1881
+ * In this situation, the serverKeyExchange message has:
1882
+ * [1 byte CurveType], [2 byte CurveName]
1883
+ * [1 byte length of encoded point], followed by
1884
+ * the actual encoded point itself
1885
+ */
1886
+ *p = NAMED_CURVE_TYPE;
1887
+ p += 1;
1888
+ *p = 0;
1889
+ p += 1;
1890
+ *p = curve_id;
1891
+ p += 1;
1892
+ *p = encodedlen;
1893
+ p += 1;
1894
+ memcpy((unsigned char*)p,
1895
+ (unsigned char *)encodedPoint,
1896
+ encodedlen);
1897
+ OPENSSL_free(encodedPoint);
1898
+ encodedPoint = NULL;
1899
+ p += encodedlen;
1900
+ }
1901
+ #endif
1902
+
1903
+ #ifndef OPENSSL_NO_PSK
1904
+ if (type & SSL_kPSK)
1905
+ {
1906
+ /* copy PSK identity hint */
1907
+ s2n(strlen(s->ctx->psk_identity_hint), p);
1908
+ strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1909
+ p+=strlen(s->ctx->psk_identity_hint);
1910
+ }
1911
+ #endif
1912
+
1913
+ /* not anonymous */
1914
+ if (pkey != NULL)
1915
+ {
1916
+ /* n is the length of the params, they start at &(d[4])
1917
+ * and p points to the space at the end. */
1918
+ #ifndef OPENSSL_NO_RSA
1919
+ if (pkey->type == EVP_PKEY_RSA
1920
+ && TLS1_get_version(s) < TLS1_2_VERSION)
1921
+ {
1922
+ q=md_buf;
1923
+ j=0;
1924
+ for (num=2; num > 0; num--)
1925
+ {
1926
+ EVP_MD_CTX_set_flags(&md_ctx,
1927
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1928
+ EVP_DigestInit_ex(&md_ctx,(num == 2)
1929
+ ?s->ctx->md5:s->ctx->sha1, NULL);
1930
+ EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1931
+ EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1932
+ EVP_DigestUpdate(&md_ctx,&(d[4]),n);
1933
+ EVP_DigestFinal_ex(&md_ctx,q,
1934
+ (unsigned int *)&i);
1935
+ q+=i;
1936
+ j+=i;
1937
+ }
1938
+ if (RSA_sign(NID_md5_sha1, md_buf, j,
1939
+ &(p[2]), &u, pkey->pkey.rsa) <= 0)
1940
+ {
1941
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1942
+ goto err;
1943
+ }
1944
+ s2n(u,p);
1945
+ n+=u+2;
1946
+ }
1947
+ else
1948
+ #endif
1949
+ if (md)
1950
+ {
1951
+ /* For TLS1.2 and later send signature
1952
+ * algorithm */
1953
+ if (TLS1_get_version(s) >= TLS1_2_VERSION)
1954
+ {
1955
+ if (!tls12_get_sigandhash(p, pkey, md))
1956
+ {
1957
+ /* Should never happen */
1958
+ al=SSL_AD_INTERNAL_ERROR;
1959
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1960
+ goto f_err;
1961
+ }
1962
+ p+=2;
1963
+ }
1964
+ #ifdef SSL_DEBUG
1965
+ fprintf(stderr, "Using hash %s\n",
1966
+ EVP_MD_name(md));
1967
+ #endif
1968
+ EVP_SignInit_ex(&md_ctx, md, NULL);
1969
+ EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1970
+ EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1971
+ EVP_SignUpdate(&md_ctx,&(d[4]),n);
1972
+ if (!EVP_SignFinal(&md_ctx,&(p[2]),
1973
+ (unsigned int *)&i,pkey))
1974
+ {
1975
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_EVP);
1976
+ goto err;
1977
+ }
1978
+ s2n(i,p);
1979
+ n+=i+2;
1980
+ if (TLS1_get_version(s) >= TLS1_2_VERSION)
1981
+ n+= 2;
1982
+ }
1983
+ else
1984
+ {
1985
+ /* Is this error check actually needed? */
1986
+ al=SSL_AD_HANDSHAKE_FAILURE;
1987
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1988
+ goto f_err;
1989
+ }
1990
+ }
1991
+
1992
+ *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
1993
+ l2n3(n,d);
1994
+
1995
+ /* we should now have things packed up, so lets send
1996
+ * it off */
1997
+ s->init_num=n+4;
1998
+ s->init_off=0;
1999
+ }
2000
+
2001
+ s->state = SSL3_ST_SW_KEY_EXCH_B;
2002
+ EVP_MD_CTX_cleanup(&md_ctx);
2003
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2004
+ f_err:
2005
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
2006
+ err:
2007
+ #ifndef OPENSSL_NO_ECDH
2008
+ if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2009
+ BN_CTX_free(bn_ctx);
2010
+ #endif
2011
+ EVP_MD_CTX_cleanup(&md_ctx);
2012
+ return(-1);
2013
+ }
2014
+
2015
+ int ssl3_send_certificate_request(SSL *s)
2016
+ {
2017
+ unsigned char *p,*d;
2018
+ int i,j,nl,off,n;
2019
+ STACK_OF(X509_NAME) *sk=NULL;
2020
+ X509_NAME *name;
2021
+ BUF_MEM *buf;
2022
+
2023
+ if (s->state == SSL3_ST_SW_CERT_REQ_A)
2024
+ {
2025
+ buf=s->init_buf;
2026
+
2027
+ d=p=(unsigned char *)&(buf->data[4]);
2028
+
2029
+ /* get the list of acceptable cert types */
2030
+ p++;
2031
+ n=ssl3_get_req_cert_type(s,p);
2032
+ d[0]=n;
2033
+ p+=n;
2034
+ n++;
2035
+
2036
+ if (TLS1_get_version(s) >= TLS1_2_VERSION)
2037
+ {
2038
+ nl = tls12_get_req_sig_algs(s, p + 2);
2039
+ s2n(nl, p);
2040
+ p += nl + 2;
2041
+ n += nl + 2;
2042
+ }
2043
+
2044
+ off=n;
2045
+ p+=2;
2046
+ n+=2;
2047
+
2048
+ sk=SSL_get_client_CA_list(s);
2049
+ nl=0;
2050
+ if (sk != NULL)
2051
+ {
2052
+ for (i=0; i<sk_X509_NAME_num(sk); i++)
2053
+ {
2054
+ name=sk_X509_NAME_value(sk,i);
2055
+ j=i2d_X509_NAME(name,NULL);
2056
+ if (!BUF_MEM_grow_clean(buf,4+n+j+2))
2057
+ {
2058
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
2059
+ goto err;
2060
+ }
2061
+ p=(unsigned char *)&(buf->data[4+n]);
2062
+ if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
2063
+ {
2064
+ s2n(j,p);
2065
+ i2d_X509_NAME(name,&p);
2066
+ n+=2+j;
2067
+ nl+=2+j;
2068
+ }
2069
+ else
2070
+ {
2071
+ d=p;
2072
+ i2d_X509_NAME(name,&p);
2073
+ j-=2; s2n(j,d); j+=2;
2074
+ n+=j;
2075
+ nl+=j;
2076
+ }
2077
+ }
2078
+ }
2079
+ /* else no CA names */
2080
+ p=(unsigned char *)&(buf->data[4+off]);
2081
+ s2n(nl,p);
2082
+
2083
+ d=(unsigned char *)buf->data;
2084
+ *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
2085
+ l2n3(n,d);
2086
+
2087
+ /* we should now have things packed up, so lets send
2088
+ * it off */
2089
+
2090
+ s->init_num=n+4;
2091
+ s->init_off=0;
2092
+ #ifdef NETSCAPE_HANG_BUG
2093
+ p=(unsigned char *)s->init_buf->data + s->init_num;
2094
+
2095
+ /* do the header */
2096
+ *(p++)=SSL3_MT_SERVER_DONE;
2097
+ *(p++)=0;
2098
+ *(p++)=0;
2099
+ *(p++)=0;
2100
+ s->init_num += 4;
2101
+ #endif
2102
+
2103
+ s->state = SSL3_ST_SW_CERT_REQ_B;
2104
+ }
2105
+
2106
+ /* SSL3_ST_SW_CERT_REQ_B */
2107
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2108
+ err:
2109
+ return(-1);
2110
+ }
2111
+
2112
+ int ssl3_get_client_key_exchange(SSL *s)
2113
+ {
2114
+ int i,al,ok;
2115
+ long n;
2116
+ unsigned long alg_k;
2117
+ unsigned char *p;
2118
+ #ifndef OPENSSL_NO_RSA
2119
+ RSA *rsa=NULL;
2120
+ EVP_PKEY *pkey=NULL;
2121
+ #endif
2122
+ #ifndef OPENSSL_NO_DH
2123
+ BIGNUM *pub=NULL;
2124
+ DH *dh_srvr;
2125
+ #endif
2126
+ #ifndef OPENSSL_NO_KRB5
2127
+ KSSL_ERR kssl_err;
2128
+ #endif /* OPENSSL_NO_KRB5 */
2129
+
2130
+ #ifndef OPENSSL_NO_ECDH
2131
+ EC_KEY *srvr_ecdh = NULL;
2132
+ EVP_PKEY *clnt_pub_pkey = NULL;
2133
+ EC_POINT *clnt_ecpoint = NULL;
2134
+ BN_CTX *bn_ctx = NULL;
2135
+ #endif
2136
+
2137
+ n=s->method->ssl_get_message(s,
2138
+ SSL3_ST_SR_KEY_EXCH_A,
2139
+ SSL3_ST_SR_KEY_EXCH_B,
2140
+ SSL3_MT_CLIENT_KEY_EXCHANGE,
2141
+ 2048, /* ??? */
2142
+ &ok);
2143
+
2144
+ if (!ok) return((int)n);
2145
+ p=(unsigned char *)s->init_msg;
2146
+
2147
+ alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2148
+
2149
+ #ifndef OPENSSL_NO_RSA
2150
+ if (alg_k & SSL_kRSA)
2151
+ {
2152
+ /* FIX THIS UP EAY EAY EAY EAY */
2153
+ if (s->s3->tmp.use_rsa_tmp)
2154
+ {
2155
+ if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
2156
+ rsa=s->cert->rsa_tmp;
2157
+ /* Don't do a callback because rsa_tmp should
2158
+ * be sent already */
2159
+ if (rsa == NULL)
2160
+ {
2161
+ al=SSL_AD_HANDSHAKE_FAILURE;
2162
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
2163
+ goto f_err;
2164
+
2165
+ }
2166
+ }
2167
+ else
2168
+ {
2169
+ pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
2170
+ if ( (pkey == NULL) ||
2171
+ (pkey->type != EVP_PKEY_RSA) ||
2172
+ (pkey->pkey.rsa == NULL))
2173
+ {
2174
+ al=SSL_AD_HANDSHAKE_FAILURE;
2175
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
2176
+ goto f_err;
2177
+ }
2178
+ rsa=pkey->pkey.rsa;
2179
+ }
2180
+
2181
+ /* TLS and [incidentally] DTLS{0xFEFF} */
2182
+ if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
2183
+ {
2184
+ n2s(p,i);
2185
+ if (n != i+2)
2186
+ {
2187
+ if (!(s->options & SSL_OP_TLS_D5_BUG))
2188
+ {
2189
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
2190
+ goto err;
2191
+ }
2192
+ else
2193
+ p-=2;
2194
+ }
2195
+ else
2196
+ n=i;
2197
+ }
2198
+
2199
+ i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
2200
+
2201
+ al = -1;
2202
+
2203
+ if (i != SSL_MAX_MASTER_KEY_LENGTH)
2204
+ {
2205
+ al=SSL_AD_DECODE_ERROR;
2206
+ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
2207
+ }
2208
+
2209
+ if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
2210
+ {
2211
+ /* The premaster secret must contain the same version number as the
2212
+ * ClientHello to detect version rollback attacks (strangely, the
2213
+ * protocol does not offer such protection for DH ciphersuites).
2214
+ * However, buggy clients exist that send the negotiated protocol
2215
+ * version instead if the server does not support the requested
2216
+ * protocol version.
2217
+ * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
2218
+ if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
2219
+ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
2220
+ {
2221
+ al=SSL_AD_DECODE_ERROR;
2222
+ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
2223
+
2224
+ /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
2225
+ * (http://eprint.iacr.org/2003/052/) exploits the version
2226
+ * number check as a "bad version oracle" -- an alert would
2227
+ * reveal that the plaintext corresponding to some ciphertext
2228
+ * made up by the adversary is properly formatted except
2229
+ * that the version number is wrong. To avoid such attacks,
2230
+ * we should treat this just like any other decryption error. */
2231
+ }
2232
+ }
2233
+
2234
+ if (al != -1)
2235
+ {
2236
+ /* Some decryption failure -- use random value instead as countermeasure
2237
+ * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
2238
+ * (see RFC 2246, section 7.4.7.1). */
2239
+ ERR_clear_error();
2240
+ i = SSL_MAX_MASTER_KEY_LENGTH;
2241
+ p[0] = s->client_version >> 8;
2242
+ p[1] = s->client_version & 0xff;
2243
+ if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
2244
+ goto err;
2245
+ }
2246
+
2247
+ s->session->master_key_length=
2248
+ s->method->ssl3_enc->generate_master_secret(s,
2249
+ s->session->master_key,
2250
+ p,i);
2251
+ OPENSSL_cleanse(p,i);
2252
+ }
2253
+ else
2254
+ #endif
2255
+ #ifndef OPENSSL_NO_DH
2256
+ if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2257
+ {
2258
+ n2s(p,i);
2259
+ if (n != i+2)
2260
+ {
2261
+ if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
2262
+ {
2263
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
2264
+ goto err;
2265
+ }
2266
+ else
2267
+ {
2268
+ p-=2;
2269
+ i=(int)n;
2270
+ }
2271
+ }
2272
+
2273
+ if (n == 0L) /* the parameters are in the cert */
2274
+ {
2275
+ al=SSL_AD_HANDSHAKE_FAILURE;
2276
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
2277
+ goto f_err;
2278
+ }
2279
+ else
2280
+ {
2281
+ if (s->s3->tmp.dh == NULL)
2282
+ {
2283
+ al=SSL_AD_HANDSHAKE_FAILURE;
2284
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
2285
+ goto f_err;
2286
+ }
2287
+ else
2288
+ dh_srvr=s->s3->tmp.dh;
2289
+ }
2290
+
2291
+ pub=BN_bin2bn(p,i,NULL);
2292
+ if (pub == NULL)
2293
+ {
2294
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
2295
+ goto err;
2296
+ }
2297
+
2298
+ i=DH_compute_key(p,pub,dh_srvr);
2299
+
2300
+ if (i <= 0)
2301
+ {
2302
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2303
+ BN_clear_free(pub);
2304
+ goto err;
2305
+ }
2306
+
2307
+ DH_free(s->s3->tmp.dh);
2308
+ s->s3->tmp.dh=NULL;
2309
+
2310
+ BN_clear_free(pub);
2311
+ pub=NULL;
2312
+ s->session->master_key_length=
2313
+ s->method->ssl3_enc->generate_master_secret(s,
2314
+ s->session->master_key,p,i);
2315
+ OPENSSL_cleanse(p,i);
2316
+ }
2317
+ else
2318
+ #endif
2319
+ #ifndef OPENSSL_NO_KRB5
2320
+ if (alg_k & SSL_kKRB5)
2321
+ {
2322
+ krb5_error_code krb5rc;
2323
+ krb5_data enc_ticket;
2324
+ krb5_data authenticator;
2325
+ krb5_data enc_pms;
2326
+ KSSL_CTX *kssl_ctx = s->kssl_ctx;
2327
+ EVP_CIPHER_CTX ciph_ctx;
2328
+ const EVP_CIPHER *enc = NULL;
2329
+ unsigned char iv[EVP_MAX_IV_LENGTH];
2330
+ unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
2331
+ + EVP_MAX_BLOCK_LENGTH];
2332
+ int padl, outl;
2333
+ krb5_timestamp authtime = 0;
2334
+ krb5_ticket_times ttimes;
2335
+
2336
+ EVP_CIPHER_CTX_init(&ciph_ctx);
2337
+
2338
+ if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
2339
+
2340
+ n2s(p,i);
2341
+ enc_ticket.length = i;
2342
+
2343
+ if (n < (long)(enc_ticket.length + 6))
2344
+ {
2345
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2346
+ SSL_R_DATA_LENGTH_TOO_LONG);
2347
+ goto err;
2348
+ }
2349
+
2350
+ enc_ticket.data = (char *)p;
2351
+ p+=enc_ticket.length;
2352
+
2353
+ n2s(p,i);
2354
+ authenticator.length = i;
2355
+
2356
+ if (n < (long)(enc_ticket.length + authenticator.length + 6))
2357
+ {
2358
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2359
+ SSL_R_DATA_LENGTH_TOO_LONG);
2360
+ goto err;
2361
+ }
2362
+
2363
+ authenticator.data = (char *)p;
2364
+ p+=authenticator.length;
2365
+
2366
+ n2s(p,i);
2367
+ enc_pms.length = i;
2368
+ enc_pms.data = (char *)p;
2369
+ p+=enc_pms.length;
2370
+
2371
+ /* Note that the length is checked again below,
2372
+ ** after decryption
2373
+ */
2374
+ if(enc_pms.length > sizeof pms)
2375
+ {
2376
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2377
+ SSL_R_DATA_LENGTH_TOO_LONG);
2378
+ goto err;
2379
+ }
2380
+
2381
+ if (n != (long)(enc_ticket.length + authenticator.length +
2382
+ enc_pms.length + 6))
2383
+ {
2384
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2385
+ SSL_R_DATA_LENGTH_TOO_LONG);
2386
+ goto err;
2387
+ }
2388
+
2389
+ if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2390
+ &kssl_err)) != 0)
2391
+ {
2392
+ #ifdef KSSL_DEBUG
2393
+ printf("kssl_sget_tkt rtn %d [%d]\n",
2394
+ krb5rc, kssl_err.reason);
2395
+ if (kssl_err.text)
2396
+ printf("kssl_err text= %s\n", kssl_err.text);
2397
+ #endif /* KSSL_DEBUG */
2398
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2399
+ kssl_err.reason);
2400
+ goto err;
2401
+ }
2402
+
2403
+ /* Note: no authenticator is not considered an error,
2404
+ ** but will return authtime == 0.
2405
+ */
2406
+ if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
2407
+ &authtime, &kssl_err)) != 0)
2408
+ {
2409
+ #ifdef KSSL_DEBUG
2410
+ printf("kssl_check_authent rtn %d [%d]\n",
2411
+ krb5rc, kssl_err.reason);
2412
+ if (kssl_err.text)
2413
+ printf("kssl_err text= %s\n", kssl_err.text);
2414
+ #endif /* KSSL_DEBUG */
2415
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2416
+ kssl_err.reason);
2417
+ goto err;
2418
+ }
2419
+
2420
+ if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
2421
+ {
2422
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
2423
+ goto err;
2424
+ }
2425
+
2426
+ #ifdef KSSL_DEBUG
2427
+ kssl_ctx_show(kssl_ctx);
2428
+ #endif /* KSSL_DEBUG */
2429
+
2430
+ enc = kssl_map_enc(kssl_ctx->enctype);
2431
+ if (enc == NULL)
2432
+ goto err;
2433
+
2434
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
2435
+
2436
+ if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
2437
+ {
2438
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2439
+ SSL_R_DECRYPTION_FAILED);
2440
+ goto err;
2441
+ }
2442
+ if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
2443
+ (unsigned char *)enc_pms.data, enc_pms.length))
2444
+ {
2445
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2446
+ SSL_R_DECRYPTION_FAILED);
2447
+ goto err;
2448
+ }
2449
+ if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2450
+ {
2451
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2452
+ SSL_R_DATA_LENGTH_TOO_LONG);
2453
+ goto err;
2454
+ }
2455
+ if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
2456
+ {
2457
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2458
+ SSL_R_DECRYPTION_FAILED);
2459
+ goto err;
2460
+ }
2461
+ outl += padl;
2462
+ if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2463
+ {
2464
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2465
+ SSL_R_DATA_LENGTH_TOO_LONG);
2466
+ goto err;
2467
+ }
2468
+ if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
2469
+ {
2470
+ /* The premaster secret must contain the same version number as the
2471
+ * ClientHello to detect version rollback attacks (strangely, the
2472
+ * protocol does not offer such protection for DH ciphersuites).
2473
+ * However, buggy clients exist that send random bytes instead of
2474
+ * the protocol version.
2475
+ * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
2476
+ * (Perhaps we should have a separate BUG value for the Kerberos cipher)
2477
+ */
2478
+ if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
2479
+ {
2480
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2481
+ SSL_AD_DECODE_ERROR);
2482
+ goto err;
2483
+ }
2484
+ }
2485
+
2486
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2487
+
2488
+ s->session->master_key_length=
2489
+ s->method->ssl3_enc->generate_master_secret(s,
2490
+ s->session->master_key, pms, outl);
2491
+
2492
+ if (kssl_ctx->client_princ)
2493
+ {
2494
+ size_t len = strlen(kssl_ctx->client_princ);
2495
+ if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
2496
+ {
2497
+ s->session->krb5_client_princ_len = len;
2498
+ memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
2499
+ }
2500
+ }
2501
+
2502
+
2503
+ /* Was doing kssl_ctx_free() here,
2504
+ ** but it caused problems for apache.
2505
+ ** kssl_ctx = kssl_ctx_free(kssl_ctx);
2506
+ ** if (s->kssl_ctx) s->kssl_ctx = NULL;
2507
+ */
2508
+ }
2509
+ else
2510
+ #endif /* OPENSSL_NO_KRB5 */
2511
+
2512
+ #ifndef OPENSSL_NO_ECDH
2513
+ if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2514
+ {
2515
+ int ret = 1;
2516
+ int field_size = 0;
2517
+ const EC_KEY *tkey;
2518
+ const EC_GROUP *group;
2519
+ const BIGNUM *priv_key;
2520
+
2521
+ /* initialize structures for server's ECDH key pair */
2522
+ if ((srvr_ecdh = EC_KEY_new()) == NULL)
2523
+ {
2524
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2525
+ ERR_R_MALLOC_FAILURE);
2526
+ goto err;
2527
+ }
2528
+
2529
+ /* Let's get server private key and group information */
2530
+ if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2531
+ {
2532
+ /* use the certificate */
2533
+ tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
2534
+ }
2535
+ else
2536
+ {
2537
+ /* use the ephermeral values we saved when
2538
+ * generating the ServerKeyExchange msg.
2539
+ */
2540
+ tkey = s->s3->tmp.ecdh;
2541
+ }
2542
+
2543
+ group = EC_KEY_get0_group(tkey);
2544
+ priv_key = EC_KEY_get0_private_key(tkey);
2545
+
2546
+ if (!EC_KEY_set_group(srvr_ecdh, group) ||
2547
+ !EC_KEY_set_private_key(srvr_ecdh, priv_key))
2548
+ {
2549
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2550
+ ERR_R_EC_LIB);
2551
+ goto err;
2552
+ }
2553
+
2554
+ /* Let's get client's public key */
2555
+ if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
2556
+ {
2557
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2558
+ ERR_R_MALLOC_FAILURE);
2559
+ goto err;
2560
+ }
2561
+
2562
+ if (n == 0L)
2563
+ {
2564
+ /* Client Publickey was in Client Certificate */
2565
+
2566
+ if (alg_k & SSL_kEECDH)
2567
+ {
2568
+ al=SSL_AD_HANDSHAKE_FAILURE;
2569
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
2570
+ goto f_err;
2571
+ }
2572
+ if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
2573
+ == NULL) ||
2574
+ (clnt_pub_pkey->type != EVP_PKEY_EC))
2575
+ {
2576
+ /* XXX: For now, we do not support client
2577
+ * authentication using ECDH certificates
2578
+ * so this branch (n == 0L) of the code is
2579
+ * never executed. When that support is
2580
+ * added, we ought to ensure the key
2581
+ * received in the certificate is
2582
+ * authorized for key agreement.
2583
+ * ECDH_compute_key implicitly checks that
2584
+ * the two ECDH shares are for the same
2585
+ * group.
2586
+ */
2587
+ al=SSL_AD_HANDSHAKE_FAILURE;
2588
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2589
+ SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
2590
+ goto f_err;
2591
+ }
2592
+
2593
+ if (EC_POINT_copy(clnt_ecpoint,
2594
+ EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
2595
+ {
2596
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2597
+ ERR_R_EC_LIB);
2598
+ goto err;
2599
+ }
2600
+ ret = 2; /* Skip certificate verify processing */
2601
+ }
2602
+ else
2603
+ {
2604
+ /* Get client's public key from encoded point
2605
+ * in the ClientKeyExchange message.
2606
+ */
2607
+ if ((bn_ctx = BN_CTX_new()) == NULL)
2608
+ {
2609
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2610
+ ERR_R_MALLOC_FAILURE);
2611
+ goto err;
2612
+ }
2613
+
2614
+ /* Get encoded point length */
2615
+ i = *p;
2616
+ p += 1;
2617
+ if (n != 1 + i)
2618
+ {
2619
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2620
+ ERR_R_EC_LIB);
2621
+ goto err;
2622
+ }
2623
+ if (EC_POINT_oct2point(group,
2624
+ clnt_ecpoint, p, i, bn_ctx) == 0)
2625
+ {
2626
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2627
+ ERR_R_EC_LIB);
2628
+ goto err;
2629
+ }
2630
+ /* p is pointing to somewhere in the buffer
2631
+ * currently, so set it to the start
2632
+ */
2633
+ p=(unsigned char *)s->init_buf->data;
2634
+ }
2635
+
2636
+ /* Compute the shared pre-master secret */
2637
+ field_size = EC_GROUP_get_degree(group);
2638
+ if (field_size <= 0)
2639
+ {
2640
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2641
+ ERR_R_ECDH_LIB);
2642
+ goto err;
2643
+ }
2644
+ i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
2645
+ if (i <= 0)
2646
+ {
2647
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2648
+ ERR_R_ECDH_LIB);
2649
+ goto err;
2650
+ }
2651
+
2652
+ EVP_PKEY_free(clnt_pub_pkey);
2653
+ EC_POINT_free(clnt_ecpoint);
2654
+ EC_KEY_free(srvr_ecdh);
2655
+ BN_CTX_free(bn_ctx);
2656
+ EC_KEY_free(s->s3->tmp.ecdh);
2657
+ s->s3->tmp.ecdh = NULL;
2658
+
2659
+ /* Compute the master secret */
2660
+ s->session->master_key_length = s->method->ssl3_enc-> \
2661
+ generate_master_secret(s, s->session->master_key, p, i);
2662
+
2663
+ OPENSSL_cleanse(p, i);
2664
+ return (ret);
2665
+ }
2666
+ else
2667
+ #endif
2668
+ #ifndef OPENSSL_NO_PSK
2669
+ if (alg_k & SSL_kPSK)
2670
+ {
2671
+ unsigned char *t = NULL;
2672
+ unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2673
+ unsigned int pre_ms_len = 0, psk_len = 0;
2674
+ int psk_err = 1;
2675
+ char tmp_id[PSK_MAX_IDENTITY_LEN+1];
2676
+
2677
+ al=SSL_AD_HANDSHAKE_FAILURE;
2678
+
2679
+ n2s(p,i);
2680
+ if (n != i+2)
2681
+ {
2682
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2683
+ SSL_R_LENGTH_MISMATCH);
2684
+ goto psk_err;
2685
+ }
2686
+ if (i > PSK_MAX_IDENTITY_LEN)
2687
+ {
2688
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2689
+ SSL_R_DATA_LENGTH_TOO_LONG);
2690
+ goto psk_err;
2691
+ }
2692
+ if (s->psk_server_callback == NULL)
2693
+ {
2694
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2695
+ SSL_R_PSK_NO_SERVER_CB);
2696
+ goto psk_err;
2697
+ }
2698
+
2699
+ /* Create guaranteed NULL-terminated identity
2700
+ * string for the callback */
2701
+ memcpy(tmp_id, p, i);
2702
+ memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
2703
+ psk_len = s->psk_server_callback(s, tmp_id,
2704
+ psk_or_pre_ms, sizeof(psk_or_pre_ms));
2705
+ OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
2706
+
2707
+ if (psk_len > PSK_MAX_PSK_LEN)
2708
+ {
2709
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2710
+ ERR_R_INTERNAL_ERROR);
2711
+ goto psk_err;
2712
+ }
2713
+ else if (psk_len == 0)
2714
+ {
2715
+ /* PSK related to the given identity not found */
2716
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2717
+ SSL_R_PSK_IDENTITY_NOT_FOUND);
2718
+ al=SSL_AD_UNKNOWN_PSK_IDENTITY;
2719
+ goto psk_err;
2720
+ }
2721
+
2722
+ /* create PSK pre_master_secret */
2723
+ pre_ms_len=2+psk_len+2+psk_len;
2724
+ t = psk_or_pre_ms;
2725
+ memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2726
+ s2n(psk_len, t);
2727
+ memset(t, 0, psk_len);
2728
+ t+=psk_len;
2729
+ s2n(psk_len, t);
2730
+
2731
+ if (s->session->psk_identity != NULL)
2732
+ OPENSSL_free(s->session->psk_identity);
2733
+ s->session->psk_identity = BUF_strdup((char *)p);
2734
+ if (s->session->psk_identity == NULL)
2735
+ {
2736
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2737
+ ERR_R_MALLOC_FAILURE);
2738
+ goto psk_err;
2739
+ }
2740
+
2741
+ if (s->session->psk_identity_hint != NULL)
2742
+ OPENSSL_free(s->session->psk_identity_hint);
2743
+ s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2744
+ if (s->ctx->psk_identity_hint != NULL &&
2745
+ s->session->psk_identity_hint == NULL)
2746
+ {
2747
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2748
+ ERR_R_MALLOC_FAILURE);
2749
+ goto psk_err;
2750
+ }
2751
+
2752
+ s->session->master_key_length=
2753
+ s->method->ssl3_enc->generate_master_secret(s,
2754
+ s->session->master_key, psk_or_pre_ms, pre_ms_len);
2755
+ psk_err = 0;
2756
+ psk_err:
2757
+ OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2758
+ if (psk_err != 0)
2759
+ goto f_err;
2760
+ }
2761
+ else
2762
+ #endif
2763
+ #ifndef OPENSSL_NO_SRP
2764
+ if (alg_k & SSL_kSRP)
2765
+ {
2766
+ int param_len;
2767
+
2768
+ n2s(p,i);
2769
+ param_len=i+2;
2770
+ if (param_len > n)
2771
+ {
2772
+ al=SSL_AD_DECODE_ERROR;
2773
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_A_LENGTH);
2774
+ goto f_err;
2775
+ }
2776
+ if (!(s->srp_ctx.A=BN_bin2bn(p,i,NULL)))
2777
+ {
2778
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
2779
+ goto err;
2780
+ }
2781
+ if (s->session->srp_username != NULL)
2782
+ OPENSSL_free(s->session->srp_username);
2783
+ s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2784
+ if (s->session->srp_username == NULL)
2785
+ {
2786
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2787
+ ERR_R_MALLOC_FAILURE);
2788
+ goto err;
2789
+ }
2790
+
2791
+ if ((s->session->master_key_length = SRP_generate_server_master_secret(s,s->session->master_key))<0)
2792
+ {
2793
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2794
+ goto err;
2795
+ }
2796
+
2797
+ p+=i;
2798
+ }
2799
+ else
2800
+ #endif /* OPENSSL_NO_SRP */
2801
+ if (alg_k & SSL_kGOST)
2802
+ {
2803
+ int ret = 0;
2804
+ EVP_PKEY_CTX *pkey_ctx;
2805
+ EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
2806
+ unsigned char premaster_secret[32], *start;
2807
+ size_t outlen=32, inlen;
2808
+ unsigned long alg_a;
2809
+
2810
+ /* Get our certificate private key*/
2811
+ alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2812
+ if (alg_a & SSL_aGOST94)
2813
+ pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
2814
+ else if (alg_a & SSL_aGOST01)
2815
+ pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2816
+
2817
+ pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
2818
+ EVP_PKEY_decrypt_init(pkey_ctx);
2819
+ /* If client certificate is present and is of the same type, maybe
2820
+ * use it for key exchange. Don't mind errors from
2821
+ * EVP_PKEY_derive_set_peer, because it is completely valid to use
2822
+ * a client certificate for authorization only. */
2823
+ client_pub_pkey = X509_get_pubkey(s->session->peer);
2824
+ if (client_pub_pkey)
2825
+ {
2826
+ if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
2827
+ ERR_clear_error();
2828
+ }
2829
+ /* Decrypt session key */
2830
+ if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)))
2831
+ {
2832
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2833
+ goto gerr;
2834
+ }
2835
+ if (p[1] == 0x81)
2836
+ {
2837
+ start = p+3;
2838
+ inlen = p[2];
2839
+ }
2840
+ else if (p[1] < 0x80)
2841
+ {
2842
+ start = p+2;
2843
+ inlen = p[1];
2844
+ }
2845
+ else
2846
+ {
2847
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2848
+ goto gerr;
2849
+ }
2850
+ if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0)
2851
+
2852
+ {
2853
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2854
+ goto gerr;
2855
+ }
2856
+ /* Generate master secret */
2857
+ s->session->master_key_length=
2858
+ s->method->ssl3_enc->generate_master_secret(s,
2859
+ s->session->master_key,premaster_secret,32);
2860
+ /* Check if pubkey from client certificate was used */
2861
+ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2862
+ ret = 2;
2863
+ else
2864
+ ret = 1;
2865
+ gerr:
2866
+ EVP_PKEY_free(client_pub_pkey);
2867
+ EVP_PKEY_CTX_free(pkey_ctx);
2868
+ if (ret)
2869
+ return ret;
2870
+ else
2871
+ goto err;
2872
+ }
2873
+ else
2874
+ {
2875
+ al=SSL_AD_HANDSHAKE_FAILURE;
2876
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2877
+ SSL_R_UNKNOWN_CIPHER_TYPE);
2878
+ goto f_err;
2879
+ }
2880
+
2881
+ return(1);
2882
+ f_err:
2883
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
2884
+ #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
2885
+ err:
2886
+ #endif
2887
+ #ifndef OPENSSL_NO_ECDH
2888
+ EVP_PKEY_free(clnt_pub_pkey);
2889
+ EC_POINT_free(clnt_ecpoint);
2890
+ if (srvr_ecdh != NULL)
2891
+ EC_KEY_free(srvr_ecdh);
2892
+ BN_CTX_free(bn_ctx);
2893
+ #endif
2894
+ return(-1);
2895
+ }
2896
+
2897
+ int ssl3_get_cert_verify(SSL *s)
2898
+ {
2899
+ EVP_PKEY *pkey=NULL;
2900
+ unsigned char *p;
2901
+ int al,ok,ret=0;
2902
+ long n;
2903
+ int type=0,i,j;
2904
+ X509 *peer;
2905
+ const EVP_MD *md = NULL;
2906
+ EVP_MD_CTX mctx;
2907
+ EVP_MD_CTX_init(&mctx);
2908
+
2909
+ n=s->method->ssl_get_message(s,
2910
+ SSL3_ST_SR_CERT_VRFY_A,
2911
+ SSL3_ST_SR_CERT_VRFY_B,
2912
+ -1,
2913
+ 516, /* Enough for 4096 bit RSA key with TLS v1.2 */
2914
+ &ok);
2915
+
2916
+ if (!ok) return((int)n);
2917
+
2918
+ if (s->session->peer != NULL)
2919
+ {
2920
+ peer=s->session->peer;
2921
+ pkey=X509_get_pubkey(peer);
2922
+ type=X509_certificate_type(peer,pkey);
2923
+ }
2924
+ else
2925
+ {
2926
+ peer=NULL;
2927
+ pkey=NULL;
2928
+ }
2929
+
2930
+ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
2931
+ {
2932
+ s->s3->tmp.reuse_message=1;
2933
+ if ((peer != NULL) && (type & EVP_PKT_SIGN))
2934
+ {
2935
+ al=SSL_AD_UNEXPECTED_MESSAGE;
2936
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
2937
+ goto f_err;
2938
+ }
2939
+ ret=1;
2940
+ goto end;
2941
+ }
2942
+
2943
+ if (peer == NULL)
2944
+ {
2945
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
2946
+ al=SSL_AD_UNEXPECTED_MESSAGE;
2947
+ goto f_err;
2948
+ }
2949
+
2950
+ if (!(type & EVP_PKT_SIGN))
2951
+ {
2952
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2953
+ al=SSL_AD_ILLEGAL_PARAMETER;
2954
+ goto f_err;
2955
+ }
2956
+
2957
+ if (s->s3->change_cipher_spec)
2958
+ {
2959
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
2960
+ al=SSL_AD_UNEXPECTED_MESSAGE;
2961
+ goto f_err;
2962
+ }
2963
+
2964
+ /* we now have a signature that we need to verify */
2965
+ p=(unsigned char *)s->init_msg;
2966
+ /* Check for broken implementations of GOST ciphersuites */
2967
+ /* If key is GOST and n is exactly 64, it is bare
2968
+ * signature without length field */
2969
+ if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
2970
+ pkey->type == NID_id_GostR3410_2001) )
2971
+ {
2972
+ i=64;
2973
+ }
2974
+ else
2975
+ {
2976
+ if (TLS1_get_version(s) >= TLS1_2_VERSION)
2977
+ {
2978
+ int sigalg = tls12_get_sigid(pkey);
2979
+ /* Should never happen */
2980
+ if (sigalg == -1)
2981
+ {
2982
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
2983
+ al=SSL_AD_INTERNAL_ERROR;
2984
+ goto f_err;
2985
+ }
2986
+ /* Check key type is consistent with signature */
2987
+ if (sigalg != (int)p[1])
2988
+ {
2989
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE);
2990
+ al=SSL_AD_DECODE_ERROR;
2991
+ goto f_err;
2992
+ }
2993
+ md = tls12_get_hash(p[0]);
2994
+ if (md == NULL)
2995
+ {
2996
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST);
2997
+ al=SSL_AD_DECODE_ERROR;
2998
+ goto f_err;
2999
+ }
3000
+ #ifdef SSL_DEBUG
3001
+ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
3002
+ #endif
3003
+ p += 2;
3004
+ n -= 2;
3005
+ }
3006
+ n2s(p,i);
3007
+ n-=2;
3008
+ if (i > n)
3009
+ {
3010
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
3011
+ al=SSL_AD_DECODE_ERROR;
3012
+ goto f_err;
3013
+ }
3014
+ }
3015
+ j=EVP_PKEY_size(pkey);
3016
+ if ((i > j) || (n > j) || (n <= 0))
3017
+ {
3018
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
3019
+ al=SSL_AD_DECODE_ERROR;
3020
+ goto f_err;
3021
+ }
3022
+
3023
+ if (TLS1_get_version(s) >= TLS1_2_VERSION)
3024
+ {
3025
+ long hdatalen = 0;
3026
+ void *hdata;
3027
+ hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
3028
+ if (hdatalen <= 0)
3029
+ {
3030
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
3031
+ al=SSL_AD_INTERNAL_ERROR;
3032
+ goto f_err;
3033
+ }
3034
+ #ifdef SSL_DEBUG
3035
+ fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
3036
+ EVP_MD_name(md));
3037
+ #endif
3038
+ if (!EVP_VerifyInit_ex(&mctx, md, NULL)
3039
+ || !EVP_VerifyUpdate(&mctx, hdata, hdatalen))
3040
+ {
3041
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
3042
+ al=SSL_AD_INTERNAL_ERROR;
3043
+ goto f_err;
3044
+ }
3045
+
3046
+ if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0)
3047
+ {
3048
+ al=SSL_AD_DECRYPT_ERROR;
3049
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_SIGNATURE);
3050
+ goto f_err;
3051
+ }
3052
+ }
3053
+ else
3054
+ #ifndef OPENSSL_NO_RSA
3055
+ if (pkey->type == EVP_PKEY_RSA)
3056
+ {
3057
+ i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
3058
+ MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
3059
+ pkey->pkey.rsa);
3060
+ if (i < 0)
3061
+ {
3062
+ al=SSL_AD_DECRYPT_ERROR;
3063
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
3064
+ goto f_err;
3065
+ }
3066
+ if (i == 0)
3067
+ {
3068
+ al=SSL_AD_DECRYPT_ERROR;
3069
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
3070
+ goto f_err;
3071
+ }
3072
+ }
3073
+ else
3074
+ #endif
3075
+ #ifndef OPENSSL_NO_DSA
3076
+ if (pkey->type == EVP_PKEY_DSA)
3077
+ {
3078
+ j=DSA_verify(pkey->save_type,
3079
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
3080
+ SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
3081
+ if (j <= 0)
3082
+ {
3083
+ /* bad signature */
3084
+ al=SSL_AD_DECRYPT_ERROR;
3085
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
3086
+ goto f_err;
3087
+ }
3088
+ }
3089
+ else
3090
+ #endif
3091
+ #ifndef OPENSSL_NO_ECDSA
3092
+ if (pkey->type == EVP_PKEY_EC)
3093
+ {
3094
+ j=ECDSA_verify(pkey->save_type,
3095
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
3096
+ SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
3097
+ if (j <= 0)
3098
+ {
3099
+ /* bad signature */
3100
+ al=SSL_AD_DECRYPT_ERROR;
3101
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
3102
+ SSL_R_BAD_ECDSA_SIGNATURE);
3103
+ goto f_err;
3104
+ }
3105
+ }
3106
+ else
3107
+ #endif
3108
+ if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
3109
+ { unsigned char signature[64];
3110
+ int idx;
3111
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
3112
+ EVP_PKEY_verify_init(pctx);
3113
+ if (i!=64) {
3114
+ fprintf(stderr,"GOST signature length is %d",i);
3115
+ }
3116
+ for (idx=0;idx<64;idx++) {
3117
+ signature[63-idx]=p[idx];
3118
+ }
3119
+ j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
3120
+ EVP_PKEY_CTX_free(pctx);
3121
+ if (j<=0)
3122
+ {
3123
+ al=SSL_AD_DECRYPT_ERROR;
3124
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
3125
+ SSL_R_BAD_ECDSA_SIGNATURE);
3126
+ goto f_err;
3127
+ }
3128
+ }
3129
+ else
3130
+ {
3131
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
3132
+ al=SSL_AD_UNSUPPORTED_CERTIFICATE;
3133
+ goto f_err;
3134
+ }
3135
+
3136
+
3137
+ ret=1;
3138
+ if (0)
3139
+ {
3140
+ f_err:
3141
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
3142
+ }
3143
+ end:
3144
+ if (s->s3->handshake_buffer)
3145
+ {
3146
+ BIO_free(s->s3->handshake_buffer);
3147
+ s->s3->handshake_buffer = NULL;
3148
+ s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
3149
+ }
3150
+ EVP_MD_CTX_cleanup(&mctx);
3151
+ EVP_PKEY_free(pkey);
3152
+ return(ret);
3153
+ }
3154
+
3155
+ int ssl3_get_client_certificate(SSL *s)
3156
+ {
3157
+ int i,ok,al,ret= -1;
3158
+ X509 *x=NULL;
3159
+ unsigned long l,nc,llen,n;
3160
+ const unsigned char *p,*q;
3161
+ unsigned char *d;
3162
+ STACK_OF(X509) *sk=NULL;
3163
+
3164
+ n=s->method->ssl_get_message(s,
3165
+ SSL3_ST_SR_CERT_A,
3166
+ SSL3_ST_SR_CERT_B,
3167
+ -1,
3168
+ s->max_cert_list,
3169
+ &ok);
3170
+
3171
+ if (!ok) return((int)n);
3172
+
3173
+ if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
3174
+ {
3175
+ if ( (s->verify_mode & SSL_VERIFY_PEER) &&
3176
+ (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
3177
+ {
3178
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
3179
+ al=SSL_AD_HANDSHAKE_FAILURE;
3180
+ goto f_err;
3181
+ }
3182
+ /* If tls asked for a client cert, the client must return a 0 list */
3183
+ if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
3184
+ {
3185
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
3186
+ al=SSL_AD_UNEXPECTED_MESSAGE;
3187
+ goto f_err;
3188
+ }
3189
+ s->s3->tmp.reuse_message=1;
3190
+ return(1);
3191
+ }
3192
+
3193
+ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
3194
+ {
3195
+ al=SSL_AD_UNEXPECTED_MESSAGE;
3196
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
3197
+ goto f_err;
3198
+ }
3199
+ p=d=(unsigned char *)s->init_msg;
3200
+
3201
+ if ((sk=sk_X509_new_null()) == NULL)
3202
+ {
3203
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
3204
+ goto err;
3205
+ }
3206
+
3207
+ n2l3(p,llen);
3208
+ if (llen+3 != n)
3209
+ {
3210
+ al=SSL_AD_DECODE_ERROR;
3211
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
3212
+ goto f_err;
3213
+ }
3214
+ for (nc=0; nc<llen; )
3215
+ {
3216
+ n2l3(p,l);
3217
+ if ((l+nc+3) > llen)
3218
+ {
3219
+ al=SSL_AD_DECODE_ERROR;
3220
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
3221
+ goto f_err;
3222
+ }
3223
+
3224
+ q=p;
3225
+ x=d2i_X509(NULL,&p,l);
3226
+ if (x == NULL)
3227
+ {
3228
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
3229
+ goto err;
3230
+ }
3231
+ if (p != (q+l))
3232
+ {
3233
+ al=SSL_AD_DECODE_ERROR;
3234
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
3235
+ goto f_err;
3236
+ }
3237
+ if (!sk_X509_push(sk,x))
3238
+ {
3239
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
3240
+ goto err;
3241
+ }
3242
+ x=NULL;
3243
+ nc+=l+3;
3244
+ }
3245
+
3246
+ if (sk_X509_num(sk) <= 0)
3247
+ {
3248
+ /* TLS does not mind 0 certs returned */
3249
+ if (s->version == SSL3_VERSION)
3250
+ {
3251
+ al=SSL_AD_HANDSHAKE_FAILURE;
3252
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
3253
+ goto f_err;
3254
+ }
3255
+ /* Fail for TLS only if we required a certificate */
3256
+ else if ((s->verify_mode & SSL_VERIFY_PEER) &&
3257
+ (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
3258
+ {
3259
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
3260
+ al=SSL_AD_HANDSHAKE_FAILURE;
3261
+ goto f_err;
3262
+ }
3263
+ /* No client certificate so digest cached records */
3264
+ if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s))
3265
+ {
3266
+ al=SSL_AD_INTERNAL_ERROR;
3267
+ goto f_err;
3268
+ }
3269
+ }
3270
+ else
3271
+ {
3272
+ i=ssl_verify_cert_chain(s,sk);
3273
+ if (i <= 0)
3274
+ {
3275
+ al=ssl_verify_alarm_type(s->verify_result);
3276
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
3277
+ goto f_err;
3278
+ }
3279
+ }
3280
+
3281
+ if (s->session->peer != NULL) /* This should not be needed */
3282
+ X509_free(s->session->peer);
3283
+ s->session->peer=sk_X509_shift(sk);
3284
+ s->session->verify_result = s->verify_result;
3285
+
3286
+ /* With the current implementation, sess_cert will always be NULL
3287
+ * when we arrive here. */
3288
+ if (s->session->sess_cert == NULL)
3289
+ {
3290
+ s->session->sess_cert = ssl_sess_cert_new();
3291
+ if (s->session->sess_cert == NULL)
3292
+ {
3293
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
3294
+ goto err;
3295
+ }
3296
+ }
3297
+ if (s->session->sess_cert->cert_chain != NULL)
3298
+ sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
3299
+ s->session->sess_cert->cert_chain=sk;
3300
+ /* Inconsistency alert: cert_chain does *not* include the
3301
+ * peer's own certificate, while we do include it in s3_clnt.c */
3302
+
3303
+ sk=NULL;
3304
+
3305
+ ret=1;
3306
+ if (0)
3307
+ {
3308
+ f_err:
3309
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
3310
+ }
3311
+ err:
3312
+ if (x != NULL) X509_free(x);
3313
+ if (sk != NULL) sk_X509_pop_free(sk,X509_free);
3314
+ return(ret);
3315
+ }
3316
+
3317
+ int ssl3_send_server_certificate(SSL *s)
3318
+ {
3319
+ unsigned long l;
3320
+ X509 *x;
3321
+
3322
+ if (s->state == SSL3_ST_SW_CERT_A)
3323
+ {
3324
+ x=ssl_get_server_send_cert(s);
3325
+ if (x == NULL)
3326
+ {
3327
+ /* VRS: allow null cert if auth == KRB5 */
3328
+ if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
3329
+ (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
3330
+ {
3331
+ SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
3332
+ return(0);
3333
+ }
3334
+ }
3335
+
3336
+ l=ssl3_output_cert_chain(s,x);
3337
+ s->state=SSL3_ST_SW_CERT_B;
3338
+ s->init_num=(int)l;
3339
+ s->init_off=0;
3340
+ }
3341
+
3342
+ /* SSL3_ST_SW_CERT_B */
3343
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3344
+ }
3345
+
3346
+ #ifndef OPENSSL_NO_TLSEXT
3347
+ /* send a new session ticket (not necessarily for a new session) */
3348
+ int ssl3_send_newsession_ticket(SSL *s)
3349
+ {
3350
+ if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
3351
+ {
3352
+ unsigned char *p, *senc, *macstart;
3353
+ const unsigned char *const_p;
3354
+ int len, slen_full, slen;
3355
+ SSL_SESSION *sess;
3356
+ unsigned int hlen;
3357
+ EVP_CIPHER_CTX ctx;
3358
+ HMAC_CTX hctx;
3359
+ SSL_CTX *tctx = s->initial_ctx;
3360
+ unsigned char iv[EVP_MAX_IV_LENGTH];
3361
+ unsigned char key_name[16];
3362
+
3363
+ /* get session encoding length */
3364
+ slen_full = i2d_SSL_SESSION(s->session, NULL);
3365
+ /* Some length values are 16 bits, so forget it if session is
3366
+ * too long
3367
+ */
3368
+ if (slen_full > 0xFF00)
3369
+ return -1;
3370
+ senc = OPENSSL_malloc(slen_full);
3371
+ if (!senc)
3372
+ return -1;
3373
+ p = senc;
3374
+ i2d_SSL_SESSION(s->session, &p);
3375
+
3376
+ /* create a fresh copy (not shared with other threads) to clean up */
3377
+ const_p = senc;
3378
+ sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
3379
+ if (sess == NULL)
3380
+ {
3381
+ OPENSSL_free(senc);
3382
+ return -1;
3383
+ }
3384
+ sess->session_id_length = 0; /* ID is irrelevant for the ticket */
3385
+
3386
+ slen = i2d_SSL_SESSION(sess, NULL);
3387
+ if (slen > slen_full) /* shouldn't ever happen */
3388
+ {
3389
+ OPENSSL_free(senc);
3390
+ return -1;
3391
+ }
3392
+ p = senc;
3393
+ i2d_SSL_SESSION(sess, &p);
3394
+ SSL_SESSION_free(sess);
3395
+
3396
+ /* Grow buffer if need be: the length calculation is as
3397
+ * follows 1 (size of message name) + 3 (message length
3398
+ * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
3399
+ * 16 (key name) + max_iv_len (iv length) +
3400
+ * session_length + max_enc_block_size (max encrypted session
3401
+ * length) + max_md_size (HMAC).
3402
+ */
3403
+ if (!BUF_MEM_grow(s->init_buf,
3404
+ 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
3405
+ EVP_MAX_MD_SIZE + slen))
3406
+ return -1;
3407
+
3408
+ p=(unsigned char *)s->init_buf->data;
3409
+ /* do the header */
3410
+ *(p++)=SSL3_MT_NEWSESSION_TICKET;
3411
+ /* Skip message length for now */
3412
+ p += 3;
3413
+ EVP_CIPHER_CTX_init(&ctx);
3414
+ HMAC_CTX_init(&hctx);
3415
+ /* Initialize HMAC and cipher contexts. If callback present
3416
+ * it does all the work otherwise use generated values
3417
+ * from parent ctx.
3418
+ */
3419
+ if (tctx->tlsext_ticket_key_cb)
3420
+ {
3421
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
3422
+ &hctx, 1) < 0)
3423
+ {
3424
+ OPENSSL_free(senc);
3425
+ return -1;
3426
+ }
3427
+ }
3428
+ else
3429
+ {
3430
+ RAND_pseudo_bytes(iv, 16);
3431
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
3432
+ tctx->tlsext_tick_aes_key, iv);
3433
+ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
3434
+ tlsext_tick_md(), NULL);
3435
+ memcpy(key_name, tctx->tlsext_tick_key_name, 16);
3436
+ }
3437
+
3438
+ /* Ticket lifetime hint (advisory only):
3439
+ * We leave this unspecified for resumed session (for simplicity),
3440
+ * and guess that tickets for new sessions will live as long
3441
+ * as their sessions. */
3442
+ l2n(s->hit ? 0 : s->session->timeout, p);
3443
+
3444
+ /* Skip ticket length for now */
3445
+ p += 2;
3446
+ /* Output key name */
3447
+ macstart = p;
3448
+ memcpy(p, key_name, 16);
3449
+ p += 16;
3450
+ /* output IV */
3451
+ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
3452
+ p += EVP_CIPHER_CTX_iv_length(&ctx);
3453
+ /* Encrypt session data */
3454
+ EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
3455
+ p += len;
3456
+ EVP_EncryptFinal(&ctx, p, &len);
3457
+ p += len;
3458
+ EVP_CIPHER_CTX_cleanup(&ctx);
3459
+
3460
+ HMAC_Update(&hctx, macstart, p - macstart);
3461
+ HMAC_Final(&hctx, p, &hlen);
3462
+ HMAC_CTX_cleanup(&hctx);
3463
+
3464
+ p += hlen;
3465
+ /* Now write out lengths: p points to end of data written */
3466
+ /* Total length */
3467
+ len = p - (unsigned char *)s->init_buf->data;
3468
+ p=(unsigned char *)s->init_buf->data + 1;
3469
+ l2n3(len - 4, p); /* Message length */
3470
+ p += 4;
3471
+ s2n(len - 10, p); /* Ticket length */
3472
+
3473
+ /* number of bytes to write */
3474
+ s->init_num= len;
3475
+ s->state=SSL3_ST_SW_SESSION_TICKET_B;
3476
+ s->init_off=0;
3477
+ OPENSSL_free(senc);
3478
+ }
3479
+
3480
+ /* SSL3_ST_SW_SESSION_TICKET_B */
3481
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3482
+ }
3483
+
3484
+ int ssl3_send_cert_status(SSL *s)
3485
+ {
3486
+ if (s->state == SSL3_ST_SW_CERT_STATUS_A)
3487
+ {
3488
+ unsigned char *p;
3489
+ /* Grow buffer if need be: the length calculation is as
3490
+ * follows 1 (message type) + 3 (message length) +
3491
+ * 1 (ocsp response type) + 3 (ocsp response length)
3492
+ * + (ocsp response)
3493
+ */
3494
+ if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
3495
+ return -1;
3496
+
3497
+ p=(unsigned char *)s->init_buf->data;
3498
+
3499
+ /* do the header */
3500
+ *(p++)=SSL3_MT_CERTIFICATE_STATUS;
3501
+ /* message length */
3502
+ l2n3(s->tlsext_ocsp_resplen + 4, p);
3503
+ /* status type */
3504
+ *(p++)= s->tlsext_status_type;
3505
+ /* length of OCSP response */
3506
+ l2n3(s->tlsext_ocsp_resplen, p);
3507
+ /* actual response */
3508
+ memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
3509
+ /* number of bytes to write */
3510
+ s->init_num = 8 + s->tlsext_ocsp_resplen;
3511
+ s->state=SSL3_ST_SW_CERT_STATUS_B;
3512
+ s->init_off = 0;
3513
+ }
3514
+
3515
+ /* SSL3_ST_SW_CERT_STATUS_B */
3516
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3517
+ }
3518
+
3519
+ # ifndef OPENSSL_NO_NEXTPROTONEG
3520
+ /* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
3521
+ * sets the next_proto member in s if found */
3522
+ int ssl3_get_next_proto(SSL *s)
3523
+ {
3524
+ int ok;
3525
+ int proto_len, padding_len;
3526
+ long n;
3527
+ const unsigned char *p;
3528
+
3529
+ /* Clients cannot send a NextProtocol message if we didn't see the
3530
+ * extension in their ClientHello */
3531
+ if (!s->s3->next_proto_neg_seen)
3532
+ {
3533
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
3534
+ return -1;
3535
+ }
3536
+
3537
+ n=s->method->ssl_get_message(s,
3538
+ SSL3_ST_SR_NEXT_PROTO_A,
3539
+ SSL3_ST_SR_NEXT_PROTO_B,
3540
+ SSL3_MT_NEXT_PROTO,
3541
+ 514, /* See the payload format below */
3542
+ &ok);
3543
+
3544
+ if (!ok)
3545
+ return((int)n);
3546
+
3547
+ /* s->state doesn't reflect whether ChangeCipherSpec has been received
3548
+ * in this handshake, but s->s3->change_cipher_spec does (will be reset
3549
+ * by ssl3_get_finished). */
3550
+ if (!s->s3->change_cipher_spec)
3551
+ {
3552
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
3553
+ return -1;
3554
+ }
3555
+
3556
+ if (n < 2)
3557
+ return 0; /* The body must be > 1 bytes long */
3558
+
3559
+ p=(unsigned char *)s->init_msg;
3560
+
3561
+ /* The payload looks like:
3562
+ * uint8 proto_len;
3563
+ * uint8 proto[proto_len];
3564
+ * uint8 padding_len;
3565
+ * uint8 padding[padding_len];
3566
+ */
3567
+ proto_len = p[0];
3568
+ if (proto_len + 2 > s->init_num)
3569
+ return 0;
3570
+ padding_len = p[proto_len + 1];
3571
+ if (proto_len + padding_len + 2 != s->init_num)
3572
+ return 0;
3573
+
3574
+ s->next_proto_negotiated = OPENSSL_malloc(proto_len);
3575
+ if (!s->next_proto_negotiated)
3576
+ {
3577
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);
3578
+ return 0;
3579
+ }
3580
+ memcpy(s->next_proto_negotiated, p + 1, proto_len);
3581
+ s->next_proto_negotiated_len = proto_len;
3582
+
3583
+ return 1;
3584
+ }
3585
+ # endif
3586
+ #endif