source: build-files/freebsd-update/patches/9.1-RELEASE/2-SA-13:03.openssl.patch @ 635dc54

9.2-releasereleng/10.0releng/10.0.1releng/10.0.2releng/10.0.3
Last change on this file since 635dc54 was 635dc54, checked in by Kris Moore <kris@…>, 15 months ago

Add our freebsd-update code to GIT

This will become a dumping ground for mods we may make to the freebsd-update
build process, as well as the specific patches we have going into a release

  • Property mode set to 100644
File size: 180.4 KB
  • crypto/openssl/CHANGES

     
    22 OpenSSL CHANGES 
    33 _______________ 
    44 
     5 Changes between 0.9.8x and 0.9.8y [5 Feb 2013] 
     6 
     7  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. 
     8 
     9     This addresses the flaw in CBC record processing discovered by  
     10     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found 
     11     at: http://www.isg.rhul.ac.uk/tls/      
     12 
     13     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information 
     14     Security Group at Royal Holloway, University of London 
     15     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and 
     16     Emilia Käsper for the initial patch. 
     17     (CVE-2013-0169) 
     18     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] 
     19 
     20  *) Return an error when checking OCSP signatures when key is NULL. 
     21     This fixes a DoS attack. (CVE-2013-0166) 
     22     [Steve Henson] 
     23 
     24  *) Call OCSP Stapling callback after ciphersuite has been chosen, so 
     25     the right response is stapled. Also change SSL_get_certificate() 
     26     so it returns the certificate actually sent. 
     27     See http://rt.openssl.org/Ticket/Display.html?id=2836. 
     28     (This is a backport) 
     29     [Rob Stradling <rob.stradling@comodo.com>] 
     30 
     31  *) Fix possible deadlock when decoding public keys. 
     32     [Steve Henson] 
     33 
    534 Changes between 0.9.8w and 0.9.8x [10 May 2012] 
    635 
    736  *) Sanity check record length before skipping explicit IV in DTLS 
  • crypto/openssl/Configure

    my %table=( 
    162162"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", 
    163163"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", 
    164164"debug-ben-debug",      "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG  -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::", 
     165"debug-ben-debug-64",   "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
    165166"debug-ben-debug-noopt",        "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG  -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::", 
    166167"debug-ben-strict",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", 
    167168"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", 
    my %table=( 
    172173"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
    173174"debug-steve",  "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", 
    174175"debug-steve-linux-pseudo64",   "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", 
    175 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
    176 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
    177 "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
    178 "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
     176"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
     177"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
     178"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
     179"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
    179180"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
    180181"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", 
    181182"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", 
    my %table=( 
    428429"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", 
    429430# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE 
    430431# at build time. $OBJECT_MODE is respected at ./config stage! 
    431 "aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", 
    432 "aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", 
     432"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", 
     433"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", 
    433434 
    434435# 
    435436# Cray T90 and similar (SDSC) 
  • crypto/openssl/FAQ

    OpenSSL - Frequently Asked Questions 
    8383* Which is the current version of OpenSSL? 
    8484 
    8585The current version is available from <URL: http://www.openssl.org>. 
    86 OpenSSL 1.0.1c was released on May 10th, 2012. 
     86OpenSSL 1.0.1d was released on Feb 5th, 2013. 
    8787 
    8888In addition to the current stable release, you can also access daily 
    8989snapshots of the OpenSSL development version at <URL: 
  • crypto/openssl/Makefile

     
    44## Makefile for OpenSSL 
    55## 
    66 
    7 VERSION=0.9.8x 
     7VERSION=0.9.8y 
    88MAJOR=0 
    99MINOR=9.8 
    1010SHLIB_VERSION_NUMBER=0.9.8 
  • crypto/openssl/NEWS

     
    55  This file gives a brief overview of the major changes between each OpenSSL 
    66  release. For more details please read the CHANGES file. 
    77 
     8  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: 
     9 
     10      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 
     11      o Fix OCSP bad key DoS attack CVE-2013-0166 
     12 
    813  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: 
    914 
    1015      o Fix DTLS record length checking bug CVE-2012-2333 
  • crypto/openssl/README

     
    11 
    2  OpenSSL 0.9.8x 10 May 2012 
     2 OpenSSL 0.9.8y 5 Feb 2013 
    33 
    44 Copyright (c) 1998-2011 The OpenSSL Project 
    55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 
  • crypto/openssl/apps/Makefile

    progs.h: progs.pl 
    176176app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    177177app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    178178app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    179 app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    180 app_rand.o: ../include/openssl/engine.h ../include/openssl/evp.h 
    181 app_rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    182 app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    183 app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    184 app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    185 app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
    186 app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    187 app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    188 app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    189 app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h 
    190 app_rand.o: app_rand.c apps.h 
     179app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     180app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     181app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     182app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     183app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     184app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     185app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
     186app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h 
     187app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     188app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     189app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     190app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h 
    191191apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    192192apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    193193apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    194194apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    195 apps.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    196 apps.o: ../include/openssl/err.h ../include/openssl/evp.h 
    197 apps.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    198 apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    199 apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    200 apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    201 apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    202 apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h 
    203 apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    204 apps.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    205 apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    206 apps.o: ../include/openssl/ui.h ../include/openssl/x509.h 
    207 apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h 
     195apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     196apps.o: ../include/openssl/engine.h ../include/openssl/err.h 
     197apps.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     198apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     199apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     200apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     201apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     202apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h 
     203apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h 
     204apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     205apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     206apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
     207apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     208apps.o: ../include/openssl/x509v3.h apps.c apps.h 
    208209asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    209210asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    210211asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    211 asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    212 asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h 
    213 asn1pars.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    214 asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    215 asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    216 asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    217 asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    218 asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    219 asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    220 asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    221 asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    222 asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    223 asn1pars.o: asn1pars.c 
     212asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     213asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     214asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h 
     215asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     216asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     217asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     218asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     219asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     220asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     221asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     222asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     223asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     224asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c 
    224225ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    225226ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    226227ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    227228ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    228 ca.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    229 ca.o: ../include/openssl/err.h ../include/openssl/evp.h 
    230 ca.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    231 ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    232 ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    233 ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    234 ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    235 ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
    236 ca.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    237 ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    238 ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    239 ca.o: ../include/openssl/x509v3.h apps.h ca.c 
     229ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     230ca.o: ../include/openssl/engine.h ../include/openssl/err.h 
     231ca.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     232ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     233ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     234ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     235ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     236ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     237ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     238ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     239ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     240ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c 
    240241ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    241242ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    242243ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    243244ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    244245ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    245 ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    246 ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h 
    247 ciphers.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    248 ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    249 ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    250 ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    251 ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    252 ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    253 ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    254 ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    255 ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    256 ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    257 ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    258 ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    259 ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    260 ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    261 ciphers.o: ciphers.c 
     246ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     247ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h 
     248ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     249ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     250ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     251ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     252ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     253ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     254ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     255ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     256ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     257ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     258ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     259ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     260ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     261ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     262ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c 
    262263cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    263264cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    264265cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    265 cms.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    266 cms.o: ../include/openssl/engine.h ../include/openssl/evp.h 
    267 cms.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    268 cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    269 cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    270 cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    271 cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
    272 cms.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    273 cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    274 cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    275 cms.o: ../include/openssl/x509v3.h apps.h cms.c 
     266cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     267cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     268cms.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     269cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     270cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     271cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     272cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
     273cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     274cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     275cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     276cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c 
    276277crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    277278crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    278279crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    279 crl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    280 crl.o: ../include/openssl/engine.h ../include/openssl/err.h 
    281 crl.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    282 crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    283 crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    284 crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    285 crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    286 crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    287 crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    288 crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    289 crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    290 crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c 
     280crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     281crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     282crl.o: ../include/openssl/err.h ../include/openssl/evp.h 
     283crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     284crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     285crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     286crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     287crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     288crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     289crl.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     290crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     291crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     292crl.o: ../include/openssl/x509v3.h apps.h crl.c 
    291293crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    292294crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    293295crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    294 crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    295 crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h 
    296 crl2p7.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    297 crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    298 crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    299 crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    300 crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    301 crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    302 crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    303 crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    304 crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    305 crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    306 crl2p7.o: crl2p7.c 
     296crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     297crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     298crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h 
     299crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     300crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     301crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     302crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     303crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     304crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     305crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     306crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     307crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     308crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c 
    307309dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    308310dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    309311dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    310 dgst.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    311 dgst.o: ../include/openssl/engine.h ../include/openssl/err.h 
    312 dgst.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    313 dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h 
    314 dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    315 dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    316 dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    317 dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    318 dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
    319 dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    320 dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    321 dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    322 dgst.o: ../include/openssl/x509v3.h apps.h dgst.c 
     312dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     313dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     314dgst.o: ../include/openssl/err.h ../include/openssl/evp.h 
     315dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
     316dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     317dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     318dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     319dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     320dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     321dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     322dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     323dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     324dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c 
    323325dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    324326dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    325327dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    326328dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h 
    327 dh.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    328 dh.o: ../include/openssl/engine.h ../include/openssl/err.h 
    329 dh.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    330 dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    331 dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    332 dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    333 dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    334 dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    335 dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    336 dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    337 dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    338 dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c 
     329dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     330dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     331dh.o: ../include/openssl/err.h ../include/openssl/evp.h 
     332dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     333dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     334dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     335dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     336dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     337dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     338dh.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     339dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     340dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     341dh.o: ../include/openssl/x509v3.h apps.h dh.c 
    339342dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    340343dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    341344dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    342345dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h 
    343 dsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    344 dsa.o: ../include/openssl/engine.h ../include/openssl/err.h 
    345 dsa.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    346 dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    347 dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    348 dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    349 dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    350 dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    351 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    352 dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    353 dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    354 dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c 
     346dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     347dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     348dsa.o: ../include/openssl/err.h ../include/openssl/evp.h 
     349dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     350dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     351dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     352dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     353dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     354dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     355dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     356dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     357dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     358dsa.o: ../include/openssl/x509v3.h apps.h dsa.c 
    355359dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    356360dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    357361dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    358362dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h 
    359363dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    360 dsaparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    361 dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h 
    362 dsaparam.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    363 dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    364 dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    365 dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    366 dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    367 dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
    368 dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    369 dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    370 dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h 
    371 dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
    372 dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    373 dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c 
     364dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     365dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h 
     366dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     367dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     368dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     369dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     370dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     371dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     372dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h 
     373dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     374dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h 
     375dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     376dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h 
     377dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     378dsaparam.o: dsaparam.c 
    374379ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    375380ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    376381ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    377 ec.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    378 ec.o: ../include/openssl/engine.h ../include/openssl/err.h 
    379 ec.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    380 ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    381 ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    382 ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    383 ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    384 ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    385 ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    386 ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    387 ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    388 ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c 
     382ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     383ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     384ec.o: ../include/openssl/err.h ../include/openssl/evp.h 
     385ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     386ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     387ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     388ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     389ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     390ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     391ec.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     392ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     393ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     394ec.o: ../include/openssl/x509v3.h apps.h ec.c 
    389395ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    390396ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    391397ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    392398ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    393 ecparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    394 ecparam.o: ../include/openssl/err.h ../include/openssl/evp.h 
    395 ecparam.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    396 ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    397 ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    398 ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    399 ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    400 ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
    401 ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    402 ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    403 ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    404 ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c 
     399ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     400ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h 
     401ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     402ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     403ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     404ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     405ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     406ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     407ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     408ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     409ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     410ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     411ecparam.o: ecparam.c 
    405412enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    406413enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    407414enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    408 enc.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    409 enc.o: ../include/openssl/engine.h ../include/openssl/err.h 
    410 enc.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    411 enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    412 enc.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    413 enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    414 enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    415 enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    416 enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h 
    417 enc.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    418 enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    419 enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    420 enc.o: ../include/openssl/x509v3.h apps.h enc.c 
     415enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     416enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     417enc.o: ../include/openssl/err.h ../include/openssl/evp.h 
     418enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     419enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     420enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     421enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     422enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     423enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
     424enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     425enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     426enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     427enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c 
    421428engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    422429engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    423430engine.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    424431engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    425432engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    426 engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    427 engine.o: ../include/openssl/err.h ../include/openssl/evp.h 
    428 engine.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    429 engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    430 engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    431 engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    432 engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    433 engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    434 engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    435 engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    436 engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    437 engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    438 engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    439 engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    440 engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    441 engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    442 engine.o: engine.c 
     433engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     434engine.o: ../include/openssl/engine.h ../include/openssl/err.h 
     435engine.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     436engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     437engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     438engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     439engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     440engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     441engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     442engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     443engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     444engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     445engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     446engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     447engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     448engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     449engine.o: ../include/openssl/x509v3.h apps.h engine.c 
    443450errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    444451errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    445452errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    446453errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    447454errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    448 errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    449 errstr.o: ../include/openssl/err.h ../include/openssl/evp.h 
    450 errstr.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    451 errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    452 errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    453 errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    454 errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    455 errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    456 errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    457 errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    458 errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    459 errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    460 errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    461 errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    462 errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    463 errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    464 errstr.o: errstr.c 
     455errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     456errstr.o: ../include/openssl/engine.h ../include/openssl/err.h 
     457errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     458errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     459errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     460errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     461errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     462errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     463errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     464errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     465errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     466errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     467errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     468errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     469errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     470errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     471errstr.o: ../include/openssl/x509v3.h apps.h errstr.c 
    465472gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    466473gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    467474gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    468475gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h 
    469476gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    470 gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    471 gendh.o: ../include/openssl/err.h ../include/openssl/evp.h 
    472 gendh.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    473 gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    474 gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    475 gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    476 gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    477 gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
    478 gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    479 gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    480 gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h 
    481 gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
    482 gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    483 gendh.o: ../include/openssl/x509v3.h apps.h gendh.c 
     477gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     478gendh.o: ../include/openssl/engine.h ../include/openssl/err.h 
     479gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     480gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     481gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     482gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     483gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     484gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     485gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h 
     486gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     487gendh.o: ../include/openssl/stack.h ../include/openssl/store.h 
     488gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     489gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h 
     490gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     491gendh.o: gendh.c 
    484492gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    485493gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    486494gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    487495gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h 
    488 gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    489 gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h 
    490 gendsa.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    491 gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    492 gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    493 gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    494 gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    495 gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    496 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    497 gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    498 gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    499 gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    500 gendsa.o: gendsa.c 
     496gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     497gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     498gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h 
     499gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     500gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     501gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     502gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     503gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     504gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     505gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     506gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     507gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     508gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c 
    501509genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    502510genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    503511genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    504512genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h 
    505513genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    506 genrsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    507 genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h 
    508 genrsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    509 genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    510 genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    511 genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    512 genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    513 genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
    514 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    515 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    516 genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h 
    517 genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
    518 genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    519 genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c 
     514genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     515genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h 
     516genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     517genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     518genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     519genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     520genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     521genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     522genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h 
     523genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     524genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h 
     525genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     526genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h 
     527genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     528genrsa.o: genrsa.c 
    520529nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    521530nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    522531nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    523 nseq.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    524 nseq.o: ../include/openssl/engine.h ../include/openssl/err.h 
    525 nseq.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    526 nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    527 nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    528 nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    529 nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    530 nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    531 nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    532 nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    533 nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    534 nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c 
     532nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     533nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     534nseq.o: ../include/openssl/err.h ../include/openssl/evp.h 
     535nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     536nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     537nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     538nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     539nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     540nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     541nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     542nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     543nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     544nseq.o: ../include/openssl/x509v3.h apps.h nseq.c 
    535545ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    536546ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    537547ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    538548ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    539549ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    540 ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    541 ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h 
    542 ocsp.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    543 ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    544 ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    545 ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    546 ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    547 ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    548 ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    549 ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    550 ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    551 ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    552 ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    553 ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    554 ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    555 ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c 
     550ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     551ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h 
     552ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     553ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     554ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     555ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     556ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     557ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     558ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     559ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     560ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     561ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     562ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     563ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     564ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     565ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     566ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c 
    556567openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    557568openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    558569openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    559570openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    560571openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    561 openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    562 openssl.o: ../include/openssl/err.h ../include/openssl/evp.h 
    563 openssl.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    564 openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    565 openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    566 openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    567 openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    568 openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    569 openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    570 openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    571 openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    572 openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    573 openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    574 openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    575 openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    576 openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    577 openssl.o: openssl.c progs.h s_apps.h 
     572openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     573openssl.o: ../include/openssl/engine.h ../include/openssl/err.h 
     574openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     575openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     576openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     577openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     578openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     579openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     580openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     581openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     582openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     583openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     584openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     585openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     586openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     587openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     588openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h 
    578589passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    579590passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    580591passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h 
    581592passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h 
    582 passwd.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    583 passwd.o: ../include/openssl/engine.h ../include/openssl/err.h 
    584 passwd.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    585 passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h 
    586 passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    587 passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    588 passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    589 passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
    590 passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    591 passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    592 passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
    593 passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 
    594 passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    595 passwd.o: passwd.c 
     593passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     594passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     595passwd.o: ../include/openssl/err.h ../include/openssl/evp.h 
     596passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     597passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h 
     598passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     599passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     600passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
     601passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h 
     602passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     603passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     604passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 
     605passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     606passwd.o: ../include/openssl/x509v3.h apps.h passwd.c 
    596607pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    597608pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    598609pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    599 pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    600 pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h 
    601 pkcs12.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    602 pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    603 pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    604 pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    605 pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    606 pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h 
    607 pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
    608 pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    609 pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    610 pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    611 pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c 
     610pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     611pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     612pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h 
     613pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     614pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     615pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     616pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     617pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     618pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h 
     619pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     620pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     621pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     622pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     623pkcs12.o: pkcs12.c 
    612624pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    613625pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    614626pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    615 pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    616 pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h 
    617 pkcs7.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    618 pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    619 pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    620 pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    621 pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    622 pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    623 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    624 pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    625 pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    626 pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    627 pkcs7.o: pkcs7.c 
     627pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     628pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     629pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h 
     630pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     631pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     632pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     633pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     634pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     635pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     636pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     637pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     638pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     639pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c 
    628640pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    629641pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    630642pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    631 pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    632 pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h 
    633 pkcs8.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    634 pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    635 pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    636 pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    637 pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    638 pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h 
    639 pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
    640 pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    641 pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    642 pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    643 pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c 
     643pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     644pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     645pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h 
     646pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     647pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     648pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     649pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     650pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     651pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h 
     652pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     653pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     654pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     655pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     656pkcs8.o: pkcs8.c 
    644657prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    645658prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    646659prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    647660prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    648 prime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    649 prime.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    650 prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    651 prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    652 prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    653 prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
    654 prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    655 prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    656 prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    657 prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    658 prime.o: prime.c 
     661prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     662prime.o: ../include/openssl/engine.h ../include/openssl/evp.h 
     663prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     664prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     665prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     666prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     667prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     668prime.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     669prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     670prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     671prime.o: ../include/openssl/x509v3.h apps.h prime.c 
    659672rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    660673rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    661674rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    662 rand.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    663 rand.o: ../include/openssl/engine.h ../include/openssl/err.h 
    664 rand.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    665 rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    666 rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    667 rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    668 rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
    669 rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h 
    670 rand.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    671 rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    672 rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    673 rand.o: ../include/openssl/x509v3.h apps.h rand.c 
     675rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     676rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     677rand.o: ../include/openssl/err.h ../include/openssl/evp.h 
     678rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     679rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     680rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     681rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     682rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
     683rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     684rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     685rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     686rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c 
    674687req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    675688req.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    676689req.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    677690req.o: ../include/openssl/dh.h ../include/openssl/dsa.h 
    678691req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    679 req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    680 req.o: ../include/openssl/err.h ../include/openssl/evp.h 
    681 req.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    682 req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    683 req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    684 req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    685 req.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    686 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
    687 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    688 req.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    689 req.o: ../include/openssl/store.h ../include/openssl/symhacks.h 
    690 req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
    691 req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    692 req.o: ../include/openssl/x509v3.h apps.h req.c 
     692req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     693req.o: ../include/openssl/engine.h ../include/openssl/err.h 
     694req.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     695req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     696req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     697req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     698req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     699req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     700req.o: ../include/openssl/rand.h ../include/openssl/rsa.h 
     701req.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     702req.o: ../include/openssl/stack.h ../include/openssl/store.h 
     703req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     704req.o: ../include/openssl/ui.h ../include/openssl/x509.h 
     705req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c 
    693706rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    694707rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    695708rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    696709rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    697 rsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    698 rsa.o: ../include/openssl/err.h ../include/openssl/evp.h 
    699 rsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
    700 rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    701 rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    702 rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    703 rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    704 rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h 
    705 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    706 rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    707 rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    708 rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c 
     710rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     711rsa.o: ../include/openssl/engine.h ../include/openssl/err.h 
     712rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     713rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     714rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     715rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     716rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     717rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     718rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
     719rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     720rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     721rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     722rsa.o: ../include/openssl/x509v3.h apps.h rsa.c 
    709723rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    710724rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    711725rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    712 rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    713 rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h 
    714 rsautl.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    715 rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    716 rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    717 rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    718 rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    719 rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    720 rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    721 rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    722 rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    723 rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    724 rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c 
     726rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     727rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     728rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h 
     729rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     730rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     731rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     732rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     733rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     734rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h 
     735rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     736rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     737rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     738rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     739rsautl.o: rsautl.c 
    725740s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    726741s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    727742s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    728743s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    729744s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    730 s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    731 s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h 
    732 s_cb.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    733 s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    734 s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    735 s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    736 s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    737 s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    738 s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    739 s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h 
    740 s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    741 s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
    742 s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
    743 s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    744 s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
    745 s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    746 s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c 
     745s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     746s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h 
     747s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     748s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     749s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     750s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     751s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     752s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     753s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     754s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     755s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h 
     756s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
     757s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
     758s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
     759s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
     760s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     761s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     762s_cb.o: s_apps.h s_cb.c 
    747763s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    748764s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    749765s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    750766s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    751767s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    752 s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    753 s_client.o: ../include/openssl/err.h ../include/openssl/evp.h 
    754 s_client.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    755 s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    756 s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    757 s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    758 s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    759 s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    760 s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    761 s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h 
    762 s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    763 s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
    764 s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
    765 s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    766 s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
    767 s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    768 s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h 
     768s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     769s_client.o: ../include/openssl/engine.h ../include/openssl/err.h 
     770s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     771s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     772s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     773s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     774s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     775s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     776s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     777s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     778s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h 
     779s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
     780s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
     781s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
     782s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
     783s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     784s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     785s_client.o: s_apps.h s_client.c timeouts.h 
    769786s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    770787s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    771788s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    772789s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h 
    773790s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h 
    774791s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    775 s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    776 s_server.o: ../include/openssl/err.h ../include/openssl/evp.h 
    777 s_server.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    778 s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    779 s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    780 s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    781 s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    782 s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    783 s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    784 s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h 
    785 s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    786 s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    787 s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    788 s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    789 s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h 
    790 s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
    791 s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h 
    792 s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    793 s_server.o: s_apps.h s_server.c timeouts.h 
     792s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     793s_server.o: ../include/openssl/engine.h ../include/openssl/err.h 
     794s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     795s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     796s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     797s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     798s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     799s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     800s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     801s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     802s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h 
     803s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     804s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     805s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     806s_server.o: ../include/openssl/stack.h ../include/openssl/store.h 
     807s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
     808s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
     809s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     810s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h 
    794811s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h 
    795812s_socket.o: ../include/openssl/bio.h ../include/openssl/bn.h 
    796813s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h 
    797814s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    798815s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 
    799 s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    800 s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h 
    801 s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    802 s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    803 s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    804 s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    805 s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    806 s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    807 s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    808 s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    809 s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    810 s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    811 s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    812 s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    813 s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    814 s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    815 s_socket.o: s_apps.h s_socket.c 
     816s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     817s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     818s_socket.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     819s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     820s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     821s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     822s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     823s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     824s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     825s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     826s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     827s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     828s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     829s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     830s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     831s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     832s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c 
    816833s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    817834s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    818835s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    819836s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    820837s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    821 s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    822 s_time.o: ../include/openssl/err.h ../include/openssl/evp.h 
    823 s_time.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    824 s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    825 s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    826 s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    827 s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    828 s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    829 s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    830 s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    831 s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    832 s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    833 s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    834 s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    835 s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    836 s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    837 s_time.o: s_apps.h s_time.c 
     838s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     839s_time.o: ../include/openssl/engine.h ../include/openssl/err.h 
     840s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     841s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     842s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     843s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     844s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     845s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     846s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     847s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     848s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     849s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     850s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     851s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     852s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     853s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     854s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c 
    838855sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    839856sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    840857sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h 
    841858sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h 
    842859sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    843 sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    844 sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h 
    845 sess_id.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    846 sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
    847 sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    848 sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    849 sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    850 sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
    851 sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
    852 sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 
    853 sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h 
    854 sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 
    855 sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 
    856 sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 
    857 sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    858 sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    859 sess_id.o: sess_id.c 
     860sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     861sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h 
     862sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     863sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h 
     864sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
     865sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     866sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     867sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
     868sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
     869sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 
     870sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     871sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     872sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     873sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     874sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 
     875sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     876sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c 
    860877smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    861878smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    862879smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    863 smime.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    864 smime.o: ../include/openssl/engine.h ../include/openssl/err.h 
    865 smime.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    866 smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    867 smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    868 smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    869 smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    870 smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    871 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    872 smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    873 smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    874 smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    875 smime.o: smime.c 
     880smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     881smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     882smime.o: ../include/openssl/err.h ../include/openssl/evp.h 
     883smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     884smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     885smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     886smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     887smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     888smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     889smime.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     890smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     891smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     892smime.o: ../include/openssl/x509v3.h apps.h smime.c 
    876893speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h 
    877894speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 
    878895speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    speed.o: ../include/openssl/cast.h ../include/open 
    880897speed.o: ../include/openssl/crypto.h ../include/openssl/des.h 
    881898speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h 
    882899speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
    883 speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
    884 speed.o: ../include/openssl/err.h ../include/openssl/evp.h 
    885 speed.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
    886 speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h 
    887 speed.o: ../include/openssl/md2.h ../include/openssl/md4.h 
    888 speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h 
    889 speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    890 speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    891 speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
    892 speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h 
    893 speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h 
    894 speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    895 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    896 speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    897 speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 
    898 speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    899 speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h 
     900speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     901speed.o: ../include/openssl/engine.h ../include/openssl/err.h 
     902speed.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     903speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h 
     904speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h 
     905speed.o: ../include/openssl/md4.h ../include/openssl/md5.h 
     906speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     907speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     908speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     909speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h 
     910speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h 
     911speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h 
     912speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     913speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     914speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
     915speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 
     916speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
     917speed.o: speed.c testdsa.h testrsa.h 
    900918spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    901919spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    902920spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    903 spkac.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    904 spkac.o: ../include/openssl/engine.h ../include/openssl/err.h 
    905 spkac.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    906 spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    907 spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    908 spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    909 spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    910 spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    911 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    912 spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    913 spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    914 spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    915 spkac.o: spkac.c 
     921spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     922spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     923spkac.o: ../include/openssl/err.h ../include/openssl/evp.h 
     924spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     925spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     926spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     927spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     928spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     929spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     930spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     931spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     932spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     933spkac.o: ../include/openssl/x509v3.h apps.h spkac.c 
    916934verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    917935verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    918936verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
    919 verify.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    920 verify.o: ../include/openssl/engine.h ../include/openssl/err.h 
    921 verify.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    922 verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    923 verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    924 verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    925 verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    926 verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    927 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    928 verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    929 verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
    930 verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    931 verify.o: verify.c 
     937verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     938verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     939verify.o: ../include/openssl/err.h ../include/openssl/evp.h 
     940verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     941verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     942verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     943verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     944verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     945verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h 
     946verify.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     947verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     948verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     949verify.o: ../include/openssl/x509v3.h apps.h verify.c 
    932950version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    933951version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 
    934952version.o: ../include/openssl/buffer.h ../include/openssl/conf.h 
    935953version.o: ../include/openssl/crypto.h ../include/openssl/des.h 
    936954version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h 
    937 version.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    938 version.o: ../include/openssl/engine.h ../include/openssl/evp.h 
    939 version.o: ../include/openssl/fips.h ../include/openssl/idea.h 
    940 version.o: ../include/openssl/lhash.h ../include/openssl/md2.h 
    941 version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
    942 version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
    943 version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
    944 version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h 
    945 version.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
    946 version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    947 version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 
    948 version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 
    949 version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 
    950 version.o: version.c 
     955version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     956version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     957version.o: ../include/openssl/evp.h ../include/openssl/fips.h 
     958version.o: ../include/openssl/idea.h ../include/openssl/lhash.h 
     959version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h 
     960version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
     961version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
     962version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
     963version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h 
     964version.o: ../include/openssl/sha.h ../include/openssl/stack.h 
     965version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
     966version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 
     967version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
     968version.o: ../include/openssl/x509v3.h apps.h version.c 
    951969x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    952970x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    953971x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h 
    954972x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h 
    955 x509.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h 
    956 x509.o: ../include/openssl/engine.h ../include/openssl/err.h 
    957 x509.o: ../include/openssl/evp.h ../include/openssl/fips.h 
    958 x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 
    959 x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 
    960 x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 
    961 x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 
    962 x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 
    963 x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 
    964 x509.o: ../include/openssl/sha.h ../include/openssl/stack.h 
    965 x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h 
    966 x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 
    967 x509.o: ../include/openssl/x509v3.h apps.h x509.c 
     973x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 
     974x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 
     975x509.o: ../include/openssl/err.h ../include/openssl/evp.h 
     976x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h 
     977x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 
     978x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 
     979x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     980x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     981x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h 
     982x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     983x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     984x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 
     985x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c 
  • crypto/openssl/apps/apps.c

    X509_NAME *parse_name(char *subject, long chtype, 
    20522052        X509_NAME *n = NULL; 
    20532053        int nid; 
    20542054 
    2055         if (!buf || !ne_types || !ne_values) 
     2055        if (!buf || !ne_types || !ne_values || !mval) 
    20562056                { 
    20572057                BIO_printf(bio_err, "malloc error\n"); 
    20582058                goto error; 
    X509_NAME *parse_name(char *subject, long chtype, 
    21562156        OPENSSL_free(ne_values); 
    21572157        OPENSSL_free(ne_types); 
    21582158        OPENSSL_free(buf); 
     2159        OPENSSL_free(mval); 
    21592160        return n; 
    21602161 
    21612162error: 
    error: 
    21642165                OPENSSL_free(ne_values); 
    21652166        if (ne_types) 
    21662167                OPENSSL_free(ne_types); 
     2168        if (mval) 
     2169                OPENSSL_free(mval); 
    21672170        if (buf) 
    21682171                OPENSSL_free(buf); 
    21692172        return NULL; 
  • crypto/openssl/apps/dhparam.c

    bad: 
    332332                        BIO_printf(bio_err,"This is going to take a long time\n"); 
    333333                        if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) 
    334334                                { 
    335                                 if(dh) DH_free(dh); 
    336335                                ERR_print_errors(bio_err); 
    337336                                goto end; 
    338337                                } 
  • crypto/openssl/apps/s_server.c

    end: 
    15501550        if (dpass) 
    15511551                OPENSSL_free(dpass); 
    15521552#ifndef OPENSSL_NO_TLSEXT 
     1553        if (tlscstatp.host) 
     1554                OPENSSL_free(tlscstatp.host); 
     1555        if (tlscstatp.port) 
     1556                OPENSSL_free(tlscstatp.port); 
     1557        if (tlscstatp.path) 
     1558                OPENSSL_free(tlscstatp.path); 
    15531559        if (ctx2 != NULL) SSL_CTX_free(ctx2); 
    15541560        if (s_cert2) 
    15551561                X509_free(s_cert2); 
  • crypto/openssl/crypto/asn1/a_strex.c

    int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_ 
    567567        if(mbflag == -1) return -1; 
    568568        mbflag |= MBSTRING_FLAG; 
    569569        stmp.data = NULL; 
     570        stmp.length = 0; 
    570571        ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); 
    571572        if(ret < 0) return ret; 
    572573        *out = stmp.data; 
  • crypto/openssl/crypto/asn1/a_verify.c

    int ASN1_item_verify(const ASN1_ITEM *it, X509_ALG 
    138138        unsigned char *buf_in=NULL; 
    139139        int ret= -1,i,inl; 
    140140 
     141        if (!pkey) 
     142                { 
     143                ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); 
     144                return -1; 
     145                } 
     146 
    141147        EVP_MD_CTX_init(&ctx); 
    142148        i=OBJ_obj2nid(a->algorithm); 
    143149        type=EVP_get_digestbyname(OBJ_nid2sn(i)); 
  • crypto/openssl/crypto/asn1/x_pubkey.c

    EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) 
    371371        CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); 
    372372        if (key->pkey) 
    373373                { 
     374                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); 
    374375                EVP_PKEY_free(ret); 
    375376                ret = key->pkey; 
    376377                } 
    377378        else 
     379                { 
    378380                key->pkey = ret; 
    379         CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); 
     381                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); 
     382                } 
    380383        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); 
    381384        return(ret); 
    382385err: 
  • crypto/openssl/crypto/bn/bn_word.c

    int BN_add_word(BIGNUM *a, BN_ULONG w) 
    144144                        a->neg=!(a->neg); 
    145145                return(i); 
    146146                } 
    147         /* Only expand (and risk failing) if it's possibly necessary */ 
    148         if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && 
    149                         (bn_wexpand(a,a->top+1) == NULL)) 
    150                 return(0); 
    151         i=0; 
    152         for (;;) 
     147        for (i=0;w!=0 && i<a->top;i++) 
    153148                { 
    154                 if (i >= a->top) 
    155                         l=w; 
    156                 else 
    157                         l=(a->d[i]+w)&BN_MASK2; 
    158                 a->d[i]=l; 
    159                 if (w > l) 
    160                         w=1; 
    161                 else 
    162                         break; 
    163                 i++; 
     149                a->d[i] = l = (a->d[i]+w)&BN_MASK2; 
     150                w = (w>l)?1:0; 
    164151                } 
    165         if (i >= a->top) 
     152        if (w && i==a->top) 
     153                { 
     154                if (bn_wexpand(a,a->top+1) == NULL) return 0; 
    166155                a->top++; 
     156                a->d[i]=w; 
     157                } 
    167158        bn_check_top(a); 
    168159        return(1); 
    169160        } 
  • crypto/openssl/crypto/cryptlib.c

    void OpenSSLDie(const char *file,int line,const ch 
    542542        } 
    543543 
    544544void *OPENSSL_stderr(void)      { return stderr; } 
     545 
     546#ifndef OPENSSL_FIPS 
     547 
     548int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) 
     549        { 
     550        size_t i; 
     551        const unsigned char *a = in_a; 
     552        const unsigned char *b = in_b; 
     553        unsigned char x = 0; 
     554 
     555        for (i = 0; i < len; i++) 
     556                x |= a[i] ^ b[i]; 
     557 
     558        return x; 
     559        } 
     560#endif 
  • crypto/openssl/crypto/crypto.h

    int OPENSSL_isservice(void); 
    591591#define OPENSSL_HAVE_INIT       1 
    592592void OPENSSL_init(void); 
    593593 
     594/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It 
     595 * takes an amount of time dependent on |len|, but independent of the contents 
     596 * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a 
     597 * defined order as the return value when a != b is undefined, other than to be 
     598 * non-zero. */ 
     599int CRYPTO_memcmp(const void *a, const void *b, size_t len); 
     600 
    594601/* BEGIN ERROR CODES */ 
    595602/* The following lines are auto generated by the script mkerr.pl. Any changes 
    596603 * made after this point may be overwritten when the script is next run. 
  • crypto/openssl/crypto/o_init.c

    void OPENSSL_init(void) 
    9393#endif 
    9494        } 
    9595                 
     96#ifdef OPENSSL_FIPS 
    9697 
     98int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) 
     99        { 
     100        size_t i; 
     101        const unsigned char *a = in_a; 
     102        const unsigned char *b = in_b; 
     103        unsigned char x = 0; 
     104 
     105        for (i = 0; i < len; i++) 
     106                x |= a[i] ^ b[i]; 
     107 
     108        return x; 
     109        } 
     110#endif 
  • crypto/openssl/crypto/ocsp/ocsp_vfy.c

    int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF 
    9191                { 
    9292                EVP_PKEY *skey; 
    9393                skey = X509_get_pubkey(signer); 
    94                 ret = OCSP_BASICRESP_verify(bs, skey, 0); 
    95                 EVP_PKEY_free(skey); 
    96                 if(ret <= 0) 
     94                if (skey) 
    9795                        { 
     96                        ret = OCSP_BASICRESP_verify(bs, skey, 0); 
     97                        EVP_PKEY_free(skey); 
     98                        } 
     99                if(!skey || ret <= 0) 
     100                        { 
    98101                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); 
    99102                        goto end; 
    100103                        } 
    int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF 
    108111                        init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); 
    109112                if(!init_res) 
    110113                        { 
     114                        ret = -1; 
    111115                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); 
    112116                        goto end; 
    113117                        } 
  • crypto/openssl/crypto/opensslv.h

     
    2525 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 
    2626 *  major minor fix final patch/beta) 
    2727 */ 
    28 #define OPENSSL_VERSION_NUMBER  0x0090818fL 
     28#define OPENSSL_VERSION_NUMBER  0x0090819fL 
    2929#ifdef OPENSSL_FIPS 
    30 #define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8x-fips 10 May 2012" 
     30#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8y-fips 5 Feb 2013" 
    3131#else 
    32 #define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8x 10 May 2012" 
     32#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8y 5 Feb 2013" 
    3333#endif 
    3434#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT 
    3535 
  • crypto/openssl/crypto/rsa/rsa_oaep.c

    int RSA_padding_check_PKCS1_OAEP(unsigned char *to 
    143143 
    144144        EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); 
    145145 
    146         if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) 
     146        if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) 
    147147                goto decoding_err; 
    148148        else 
    149149                { 
  • crypto/openssl/crypto/symhacks.h

     
    252252#define EC_POINT_set_compressed_coordinates_GF2m \ 
    253253                                                EC_POINT_set_compr_coords_GF2m 
    254254#undef ec_GF2m_simple_group_clear_finish 
    255 #define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish 
     255#define ec_GF2m_simple_group_clear_finish       ec_GF2m_simple_grp_clr_finish 
    256256#undef ec_GF2m_simple_group_check_discriminant 
    257257#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim 
    258258#undef ec_GF2m_simple_point_clear_finish 
    259 #define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish 
     259#define ec_GF2m_simple_point_clear_finish       ec_GF2m_simple_pt_clr_finish 
    260260#undef ec_GF2m_simple_point_set_to_infinity 
    261 #define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf 
     261#define ec_GF2m_simple_point_set_to_infinity    ec_GF2m_simple_pt_set_to_inf 
    262262#undef ec_GF2m_simple_points_make_affine 
    263 #define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine 
     263#define ec_GF2m_simple_points_make_affine       ec_GF2m_simple_pts_make_affine 
    264264#undef ec_GF2m_simple_point_set_affine_coordinates 
    265265#define ec_GF2m_simple_point_set_affine_coordinates \ 
    266266                                                ec_GF2m_smp_pt_set_af_coords 
     
    288288#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf 
    289289#undef ec_GFp_simple_points_make_affine 
    290290#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine 
    291 #undef ec_GFp_simple_group_get_curve_GFp 
    292 #define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp 
    293291#undef ec_GFp_simple_set_Jprojective_coordinates_GFp 
    294292#define ec_GFp_simple_set_Jprojective_coordinates_GFp \ 
    295293                                                ec_GFp_smp_set_Jproj_coords_GFp 
  • crypto/openssl/doc/apps/CA.pl.pod

    prints a usage message. 
    3939 
    4040=item B<-newcert> 
    4141 
    42 creates a new self signed certificate. The private key and certificate are 
    43 written to the file "newreq.pem". 
     42creates a new self signed certificate. The private key is written to the file 
     43"newkey.pem" and the request written to the file "newreq.pem". 
    4444 
    4545=item B<-newreq> 
    4646 
    47 creates a new certificate request. The private key and request are 
    48 written to the file "newreq.pem". 
     47creates a new certificate request. The private key is written to the file 
     48"newkey.pem" and the request written to the file "newreq.pem". 
    4949 
    5050=item B<-newreq-nodes> 
    5151 
  • crypto/openssl/engines/e_capi.c

    static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx 
    14091409static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec) 
    14101410        { 
    14111411        CAPI_KEY *key; 
     1412    DWORD dwFlags = 0;  
    14121413        key = OPENSSL_malloc(sizeof(CAPI_KEY)); 
    14131414        CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",  
    14141415                                                contname, provname, ptype); 
    1415         if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0)) 
     1416    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE) 
     1417        dwFlags = CRYPT_MACHINE_KEYSET; 
     1418    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags))  
    14161419                { 
    14171420                CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); 
    14181421                capi_addlasterror(); 
  • crypto/openssl/openssl.spec

     
    22%define libmaj 0 
    33%define libmin 9 
    44%define librel 8 
    5 %define librev x 
     5%define librev y 
    66Release: 1 
    77 
    88%define openssldir /var/ssl 
  • crypto/openssl/ssl/Makefile

    LIB=$(TOP)/libssl.a 
    2222SHARED_LIB= libssl$(SHLIB_EXT) 
    2323LIBSRC= \ 
    2424        s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \ 
    25         s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \ 
     25        s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \ 
    2626        s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \ 
    2727        t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \ 
    2828        d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \ 
    LIBSRC= \ 
    3333        bio_ssl.c ssl_err.c kssl.c t1_reneg.c 
    3434LIBOBJ= \ 
    3535        s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \ 
    36         s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \ 
     36        s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ 
    3737        s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \ 
    3838        t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \ 
    3939        d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \ 
    s3_both.o: ../include/openssl/ssl23.h ../include/o 
    545545s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
    546546s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h 
    547547s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h 
     548s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
     549s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
     550s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h 
     551s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h 
     552s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 
     553s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 
     554s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h 
     555s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h 
     556s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 
     557s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h 
     558s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 
     559s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 
     560s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h 
     561s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 
     562s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h 
     563s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h 
     564s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 
     565s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 
     566s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 
     567s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h 
     568s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h 
    548569s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 
    549570s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 
    550571s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 
  • crypto/openssl/ssl/d1_enc.c

     
    126126#include <openssl/des.h> 
    127127#endif 
    128128 
     129/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. 
     130 * 
     131 * Returns: 
     132 *   0: (in non-constant time) if the record is publically invalid (i.e. too 
     133 *       short etc). 
     134 *   1: if the record's padding is valid / the encryption was successful. 
     135 *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending, 
     136 *       an internal error occured. */ 
    129137int dtls1_enc(SSL *s, int send) 
    130138        { 
    131139        SSL3_RECORD *rec; 
    132140        EVP_CIPHER_CTX *ds; 
    133141        unsigned long l; 
    134         int bs,i,ii,j,k; 
     142        int bs,i,j,k,mac_size=0; 
    135143        const EVP_CIPHER *enc; 
    136144 
    137145        if (send) 
    138146                { 
     147                if (s->write_hash) 
     148                        { 
     149                        mac_size=EVP_MD_size(s->write_hash); 
     150                        if (mac_size < 0) 
     151                                return -1; 
     152                        } 
    139153                ds=s->enc_write_ctx; 
    140154                rec= &(s->s3->wrec); 
    141155                if (s->enc_write_ctx == NULL) 
    int dtls1_enc(SSL *s, int send) 
    156170                } 
    157171        else 
    158172                { 
     173                if (s->read_hash) 
     174                        { 
     175                        mac_size=EVP_MD_size(s->read_hash); 
     176                        OPENSSL_assert(mac_size >= 0); 
     177                        } 
    159178                ds=s->enc_read_ctx; 
    160179                rec= &(s->s3->rrec); 
    161180                if (s->enc_read_ctx == NULL) 
    int dtls1_enc(SSL *s, int send) 
    220239                if (!send) 
    221240                        { 
    222241                        if (l == 0 || l%bs != 0) 
    223                                 return -1; 
     242                                return 0; 
    224243                        } 
    225244                 
    226245                EVP_Cipher(ds,rec->data,rec->input,l); 
    int dtls1_enc(SSL *s, int send) 
    235254#endif  /* KSSL_DEBUG */ 
    236255 
    237256                if ((bs != 1) && !send) 
    238                         { 
    239                         ii=i=rec->data[l-1]; /* padding_length */ 
    240                         i++; 
    241                         if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) 
    242                                 { 
    243                                 /* First packet is even in size, so check */ 
    244                                 if ((memcmp(s->s3->read_sequence, 
    245                                         "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) 
    246                                         s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 
    247                                 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 
    248                                         i--; 
    249                                 } 
    250                         /* TLS 1.0 does not bound the number of padding bytes by the block size. 
    251                          * All of them must have value 'padding_length'. */ 
    252                         if (i + bs > (int)rec->length) 
    253                                 { 
    254                                 /* Incorrect padding. SSLerr() and ssl3_alert are done 
    255                                  * by caller: we don't want to reveal whether this is 
    256                                  * a decryption error or a MAC verification failure 
    257                                  * (see http://www.openssl.org/~bodo/tls-cbc.txt)  
    258                                  */ 
    259                                 return -1; 
    260                                 } 
    261                         for (j=(int)(l-i); j<(int)l; j++) 
    262                                 { 
    263                                 if (rec->data[j] != ii) 
    264                                         { 
    265                                         /* Incorrect padding */ 
    266                                         return -1; 
    267                                         } 
    268                                 } 
    269                         rec->length-=i; 
    270  
    271                         rec->data += bs;    /* skip the implicit IV */ 
    272                         rec->input += bs; 
    273                         rec->length -= bs; 
    274                         } 
     257                        return tls1_cbc_remove_padding(s, rec, bs, mac_size); 
    275258                } 
    276259        return(1); 
    277260        } 
  • crypto/openssl/ssl/d1_pkt.c

    dtls1_get_buffered_record(SSL *s) 
    327327static int 
    328328dtls1_process_record(SSL *s) 
    329329{ 
    330     int al; 
    331         int clear=0; 
    332     int enc_err; 
     330        int i,al; 
     331        int enc_err; 
    333332        SSL_SESSION *sess; 
    334     SSL3_RECORD *rr; 
    335         unsigned int mac_size; 
     333        SSL3_RECORD *rr; 
     334        unsigned int mac_size, orig_len; 
    336335        unsigned char md[EVP_MAX_MD_SIZE]; 
    337         int decryption_failed_or_bad_record_mac = 0; 
    338         unsigned char *mac = NULL; 
    339336 
    340  
    341337        rr= &(s->s3->rrec); 
    342338    sess = s->session; 
    343339 
    dtls1_process_record(SSL *s) 
    366362 
    367363        /* decrypt in place in 'rr->input' */ 
    368364        rr->data=rr->input; 
     365        orig_len=rr->length; 
    369366 
    370367        enc_err = s->method->ssl3_enc->enc(s,0); 
    371         if (enc_err <= 0) 
     368        /* enc_err is: 
     369         *    0: (in non-constant time) if the record is publically invalid. 
     370         *    1: if the padding is valid 
     371         *    -1: if the padding is invalid */ 
     372        if (enc_err == 0) 
    372373                { 
    373                 /* To minimize information leaked via timing, we will always 
    374                  * perform all computations before discarding the message. 
    375                  */ 
    376                 decryption_failed_or_bad_record_mac = 1; 
     374                /* For DTLS we simply ignore bad packets. */ 
     375                rr->length = 0; 
     376                s->packet_length = 0; 
     377                goto err; 
    377378                } 
    378379 
    379380#ifdef TLS_DEBUG 
    printf("\n"); 
    383384#endif 
    384385 
    385386        /* r->length is now the compressed data plus mac */ 
    386 if (    (sess == NULL) || 
    387                 (s->enc_read_ctx == NULL) || 
    388                 (s->read_hash == NULL)) 
    389     clear=1; 
    390  
    391         if (!clear) 
     387        if ((sess != NULL) && 
     388            (s->enc_read_ctx != NULL) && 
     389            (s->read_hash != NULL)) 
    392390                { 
     391                /* s->read_hash != NULL => mac_size != -1 */ 
     392                unsigned char *mac = NULL; 
     393                unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 
    393394                mac_size=EVP_MD_size(s->read_hash); 
     395                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 
    394396 
    395                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 
     397                /* orig_len is the length of the record before any padding was 
     398                 * removed. This is public information, as is the MAC in use, 
     399                 * therefore we can safely process the record in a different 
     400                 * amount of time if it's too short to possibly contain a MAC. 
     401                 */ 
     402                if (orig_len < mac_size || 
     403                    /* CBC records must have a padding length byte too. */ 
     404                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && 
     405                     orig_len < mac_size+1)) 
    396406                        { 
    397 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 
    398                         al=SSL_AD_RECORD_OVERFLOW; 
    399                         SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 
     407                        al=SSL_AD_DECODE_ERROR; 
     408                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); 
    400409                        goto f_err; 
    401 #else 
    402                         decryption_failed_or_bad_record_mac = 1; 
    403 #endif                   
    404410                        } 
    405                 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 
    406                 if (rr->length >= mac_size) 
     411 
     412                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) 
    407413                        { 
     414                        /* We update the length so that the TLS header bytes 
     415                         * can be constructed correctly but we need to extract 
     416                         * the MAC in constant time from within the record, 
     417                         * without leaking the contents of the padding bytes. 
     418                         * */ 
     419                        mac = mac_tmp; 
     420                        ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); 
    408421                        rr->length -= mac_size; 
    409                         mac = &rr->data[rr->length]; 
    410422                        } 
    411423                else 
    412                         rr->length = 0; 
    413                 s->method->ssl3_enc->mac(s,md,0); 
    414                 if (mac == NULL || memcmp(md, mac, mac_size) != 0) 
    415424                        { 
    416                         decryption_failed_or_bad_record_mac = 1; 
     425                        /* In this case there's no padding, so |orig_len| 
     426                         * equals |rec->length| and we checked that there's 
     427                         * enough bytes for |mac_size| above. */ 
     428                        rr->length -= mac_size; 
     429                        mac = &rr->data[rr->length]; 
    417430                        } 
     431 
     432                i=s->method->ssl3_enc->mac(s,md,0 /* not send */); 
     433                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) 
     434                        enc_err = -1; 
     435                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 
     436                        enc_err = -1; 
    418437                } 
    419438 
    420         if (decryption_failed_or_bad_record_mac) 
     439        if (enc_err < 0) 
    421440                { 
    422441                /* decryption failed, silently discard message */ 
    423442                rr->length = 0; 
  • crypto/openssl/ssl/s2_clnt.c

    static int get_server_verify(SSL *s) 
    935935                s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ 
    936936        p += 1; 
    937937 
    938         if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) 
     938        if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) 
    939939                { 
    940940                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 
    941941                SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); 
  • crypto/openssl/ssl/s2_pkt.c

    static int ssl2_read_internal(SSL *s, void *buf, i 
    267267                        s->s2->ract_data_length-=mac_size; 
    268268                        ssl2_mac(s,mac,0); 
    269269                        s->s2->ract_data_length-=s->s2->padding; 
    270                         if (    (memcmp(mac,s->s2->mac_data, 
    271                                 (unsigned int)mac_size) != 0) || 
     270                        if (    (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) || 
    272271                                (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) 
    273272                                { 
    274273                                SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE); 
  • crypto/openssl/ssl/s3_both.c

    int ssl3_get_finished(SSL *s, int a, int b) 
    242242                goto f_err; 
    243243                } 
    244244 
    245         if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) 
     245        if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) 
    246246                { 
    247247                al=SSL_AD_DECRYPT_ERROR; 
    248248                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); 
  • crypto/openssl/ssl/s3_cbc.c

     
     1/* ssl/s3_cbc.c */ 
     2/* ==================================================================== 
     3 * Copyright (c) 2012 The OpenSSL Project.  All rights reserved. 
     4 * 
     5 * Redistribution and use in source and binary forms, with or without 
     6 * modification, are permitted provided that the following conditions 
     7 * are met: 
     8 * 
     9 * 1. Redistributions of source code must retain the above copyright 
     10 *    notice, this list of conditions and the following disclaimer. 
     11 * 
     12 * 2. Redistributions in binary form must reproduce the above copyright 
     13 *    notice, this list of conditions and the following disclaimer in 
     14 *    the documentation and/or other materials provided with the 
     15 *    distribution. 
     16 * 
     17 * 3. All advertising materials mentioning features or use of this 
     18 *    software must display the following acknowledgment: 
     19 *    "This product includes software developed by the OpenSSL Project 
     20 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 
     21 * 
     22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 
     23 *    endorse or promote products derived from this software without 
     24 *    prior written permission. For written permission, please contact 
     25 *    openssl-core@openssl.org. 
     26 * 
     27 * 5. Products derived from this software may not be called "OpenSSL" 
     28 *    nor may "OpenSSL" appear in their names without prior written 
     29 *    permission of the OpenSSL Project. 
     30 * 
     31 * 6. Redistributions of any form whatsoever must retain the following 
     32 *    acknowledgment: 
     33 *    "This product includes software developed by the OpenSSL Project 
     34 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)" 
     35 * 
     36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 
     37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
     38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
     39 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR 
     40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
     41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 
     42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
     43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
     44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
     45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
     46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 
     47 * OF THE POSSIBILITY OF SUCH DAMAGE. 
     48 * ==================================================================== 
     49 * 
     50 * This product includes cryptographic software written by Eric Young 
     51 * (eay@cryptsoft.com).  This product includes software written by Tim 
     52 * Hudson (tjh@cryptsoft.com). 
     53 * 
     54 */ 
     55 
     56#include "ssl_locl.h" 
     57 
     58#include <openssl/md5.h> 
     59#include <openssl/sha.h> 
     60 
     61/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length 
     62 * field. (SHA-384/512 have 128-bit length.) */ 
     63#define MAX_HASH_BIT_COUNT_BYTES 16 
     64 
     65/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support. 
     66 * Currently SHA-384/512 has a 128-byte block size and that's the largest 
     67 * supported by TLS.) */ 
     68#define MAX_HASH_BLOCK_SIZE 128 
     69 
     70/* Some utility functions are needed: 
     71 * 
     72 * These macros return the given value with the MSB copied to all the other 
     73 * bits. They use the fact that arithmetic shift shifts-in the sign bit. 
     74 * However, this is not ensured by the C standard so you may need to replace 
     75 * them with something else on odd CPUs. */ 
     76#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) 
     77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) 
     78 
     79/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ 
     80static unsigned constant_time_ge(unsigned a, unsigned b) 
     81        { 
     82        a -= b; 
     83        return DUPLICATE_MSB_TO_ALL(~a); 
     84        } 
     85 
     86/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ 
     87static unsigned char constant_time_eq_8(unsigned char a, unsigned char b) 
     88        { 
     89        unsigned c = a ^ b; 
     90        c--; 
     91        return DUPLICATE_MSB_TO_ALL_8(c); 
     92        } 
     93 
     94/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC 
     95 * record in |rec| by updating |rec->length| in constant time. 
     96 * 
     97 * block_size: the block size of the cipher used to encrypt the record. 
     98 * returns: 
     99 *   0: (in non-constant time) if the record is publicly invalid. 
     100 *   1: if the padding was valid 
     101 *  -1: otherwise. */ 
     102int ssl3_cbc_remove_padding(const SSL* s, 
     103                            SSL3_RECORD *rec, 
     104                            unsigned block_size, 
     105                            unsigned mac_size) 
     106        { 
     107        unsigned padding_length, good; 
     108        const unsigned overhead = 1 /* padding length byte */ + mac_size; 
     109 
     110        /* These lengths are all public so we can test them in non-constant 
     111         * time. */ 
     112        if (overhead > rec->length) 
     113                return 0; 
     114 
     115        padding_length = rec->data[rec->length-1]; 
     116        good = constant_time_ge(rec->length, padding_length+overhead); 
     117        /* SSLv3 requires that the padding is minimal. */ 
     118        good &= constant_time_ge(block_size, padding_length+1); 
     119        padding_length = good & (padding_length+1); 
     120        rec->length -= padding_length; 
     121        rec->type |= padding_length<<8; /* kludge: pass padding length */ 
     122        return (int)((good & 1) | (~good & -1)); 
     123} 
     124 
     125/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC 
     126 * record in |rec| in constant time and returns 1 if the padding is valid and 
     127 * -1 otherwise. It also removes any explicit IV from the start of the record 
     128 * without leaking any timing about whether there was enough space after the 
     129 * padding was removed. 
     130 * 
     131 * block_size: the block size of the cipher used to encrypt the record. 
     132 * returns: 
     133 *   0: (in non-constant time) if the record is publicly invalid. 
     134 *   1: if the padding was valid 
     135 *  -1: otherwise. */ 
     136int tls1_cbc_remove_padding(const SSL* s, 
     137                            SSL3_RECORD *rec, 
     138                            unsigned block_size, 
     139                            unsigned mac_size) 
     140        { 
     141        unsigned padding_length, good, to_check, i; 
     142        const char has_explicit_iv = s->version == DTLS1_VERSION; 
     143        const unsigned overhead = 1 /* padding length byte */ + 
     144                                  mac_size + 
     145                                  (has_explicit_iv ? block_size : 0); 
     146 
     147        /* These lengths are all public so we can test them in non-constant 
     148         * time. */ 
     149        if (overhead > rec->length) 
     150                return 0; 
     151 
     152        padding_length = rec->data[rec->length-1]; 
     153 
     154        /* NB: if compression is in operation the first packet may not be of 
     155         * even length so the padding bug check cannot be performed. This bug 
     156         * workaround has been around since SSLeay so hopefully it is either 
     157         * fixed now or no buggy implementation supports compression [steve] 
     158         */ 
     159        if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) 
     160                { 
     161                /* First packet is even in size, so check */ 
     162                if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && 
     163                    !(padding_length & 1)) 
     164                        { 
     165                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 
     166                        } 
     167                if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && 
     168                    padding_length > 0) 
     169                        { 
     170                        padding_length--; 
     171                        } 
     172                } 
     173 
     174        good = constant_time_ge(rec->length, overhead+padding_length); 
     175        /* The padding consists of a length byte at the end of the record and 
     176         * then that many bytes of padding, all with the same value as the 
     177         * length byte. Thus, with the length byte included, there are i+1 
     178         * bytes of padding. 
     179         * 
     180         * We can't check just |padding_length+1| bytes because that leaks 
     181         * decrypted information. Therefore we always have to check the maximum 
     182         * amount of padding possible. (Again, the length of the record is 
     183         * public information so we can use it.) */ 
     184        to_check = 255; /* maximum amount of padding. */ 
     185        if (to_check > rec->length-1) 
     186                to_check = rec->length-1; 
     187 
     188        for (i = 0; i < to_check; i++) 
     189                { 
     190                unsigned char mask = constant_time_ge(padding_length, i); 
     191                unsigned char b = rec->data[rec->length-1-i]; 
     192                /* The final |padding_length+1| bytes should all have the value 
     193                 * |padding_length|. Therefore the XOR should be zero. */ 
     194                good &= ~(mask&(padding_length ^ b)); 
     195                } 
     196 
     197        /* If any of the final |padding_length+1| bytes had the wrong value, 
     198         * one or more of the lower eight bits of |good| will be cleared. We 
     199         * AND the bottom 8 bits together and duplicate the result to all the 
     200         * bits. */ 
     201        good &= good >> 4; 
     202        good &= good >> 2; 
     203        good &= good >> 1; 
     204        good <<= sizeof(good)*8-1; 
     205        good = DUPLICATE_MSB_TO_ALL(good); 
     206 
     207        padding_length = good & (padding_length+1); 
     208        rec->length -= padding_length; 
     209        rec->type |= padding_length<<8; /* kludge: pass padding length */ 
     210 
     211        /* We can always safely skip the explicit IV. We check at the beginning 
     212         * of this function that the record has at least enough space for the 
     213         * IV, MAC and padding length byte. (These can be checked in 
     214         * non-constant time because it's all public information.) So, if the 
     215         * padding was invalid, then we didn't change |rec->length| and this is 
     216         * safe. If the padding was valid then we know that we have at least 
     217         * overhead+padding_length bytes of space and so this is still safe 
     218         * because overhead accounts for the explicit IV. */ 
     219        if (has_explicit_iv) 
     220                { 
     221                rec->data += block_size; 
     222                rec->input += block_size; 
     223                rec->length -= block_size; 
     224                } 
     225 
     226        return (int)((good & 1) | (~good & -1)); 
     227        } 
     228 
     229#if defined(_M_AMD64) || defined(__x86_64__) 
     230#define CBC_MAC_ROTATE_IN_PLACE 
     231#endif 
     232 
     233/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in 
     234 * constant time (independent of the concrete value of rec->length, which may 
     235 * vary within a 256-byte window). 
     236 * 
     237 * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to 
     238 * this function. 
     239 * 
     240 * On entry: 
     241 *   rec->orig_len >= md_size 
     242 *   md_size <= EVP_MAX_MD_SIZE 
     243 * 
     244 * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with 
     245 * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into 
     246 * a single cache-line, then the variable memory accesses don't actually affect 
     247 * the timing. This has been tested to be true on Intel amd64 chips. 
     248 */ 
     249void ssl3_cbc_copy_mac(unsigned char* out, 
     250                       const SSL3_RECORD *rec, 
     251                       unsigned md_size,unsigned orig_len) 
     252        { 
     253#if defined(CBC_MAC_ROTATE_IN_PLACE) 
     254        unsigned char rotated_mac_buf[EVP_MAX_MD_SIZE*2]; 
     255        unsigned char *rotated_mac; 
     256#else 
     257        unsigned char rotated_mac[EVP_MAX_MD_SIZE]; 
     258#endif 
     259 
     260        /* mac_end is the index of |rec->data| just after the end of the MAC. */ 
     261        unsigned mac_end = rec->length; 
     262        unsigned mac_start = mac_end - md_size; 
     263        /* scan_start contains the number of bytes that we can ignore because 
     264         * the MAC's position can only vary by 255 bytes. */ 
     265        unsigned scan_start = 0; 
     266        unsigned i, j; 
     267        unsigned div_spoiler; 
     268        unsigned rotate_offset; 
     269 
     270        OPENSSL_assert(orig_len >= md_size); 
     271        OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); 
     272 
     273#if defined(CBC_MAC_ROTATE_IN_PLACE) 
     274        rotated_mac = (unsigned char*) (((intptr_t)(rotated_mac_buf + 64)) & ~63); 
     275#endif 
     276 
     277        /* This information is public so it's safe to branch based on it. */ 
     278        if (orig_len > md_size + 255 + 1) 
     279                scan_start = orig_len - (md_size + 255 + 1); 
     280        /* div_spoiler contains a multiple of md_size that is used to cause the 
     281         * modulo operation to be constant time. Without this, the time varies 
     282         * based on the amount of padding when running on Intel chips at least. 
     283         * 
     284         * The aim of right-shifting md_size is so that the compiler doesn't 
     285         * figure out that it can remove div_spoiler as that would require it 
     286         * to prove that md_size is always even, which I hope is beyond it. */ 
     287        div_spoiler = md_size >> 1; 
     288        div_spoiler <<= (sizeof(div_spoiler)-1)*8; 
     289        rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; 
     290 
     291        memset(rotated_mac, 0, md_size); 
     292        for (i = scan_start; i < orig_len;) 
     293                { 
     294                for (j = 0; j < md_size && i < orig_len; i++, j++) 
     295                        { 
     296                        unsigned char mac_started = constant_time_ge(i, mac_start); 
     297                        unsigned char mac_ended = constant_time_ge(i, mac_end); 
     298                        unsigned char b = 0; 
     299                        b = rec->data[i]; 
     300                        rotated_mac[j] |= b & mac_started & ~mac_ended; 
     301                        } 
     302                } 
     303 
     304        /* Now rotate the MAC */ 
     305#if defined(CBC_MAC_ROTATE_IN_PLACE) 
     306        j = 0; 
     307        for (i = 0; i < md_size; i++) 
     308                { 
     309                unsigned char offset = (div_spoiler + rotate_offset + i) % md_size; 
     310                out[j++] = rotated_mac[offset]; 
     311                } 
     312#else 
     313        memset(out, 0, md_size); 
     314        for (i = 0; i < md_size; i++) 
     315                { 
     316                unsigned char offset = (div_spoiler + md_size - rotate_offset + i) % md_size; 
     317                for (j = 0; j < md_size; j++) 
     318                        out[j] |= rotated_mac[i] & constant_time_eq_8(j, offset); 
     319                } 
     320#endif 
     321        } 
     322 
     323/* These functions serialize the state of a hash and thus perform the standard 
     324 * "final" operation without adding the padding and length that such a function 
     325 * typically does. */ 
     326static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) 
     327        { 
     328        MD5_CTX *md5 = ctx; 
     329        l2n(md5->A, md_out); 
     330        l2n(md5->B, md_out); 
     331        l2n(md5->C, md_out); 
     332        l2n(md5->D, md_out); 
     333        } 
     334 
     335static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) 
     336        { 
     337        SHA_CTX *sha1 = ctx; 
     338        l2n(sha1->h0, md_out); 
     339        l2n(sha1->h1, md_out); 
     340        l2n(sha1->h2, md_out); 
     341        l2n(sha1->h3, md_out); 
     342        l2n(sha1->h4, md_out); 
     343        } 
     344#define LARGEST_DIGEST_CTX SHA_CTX 
     345 
     346#ifndef OPENSSL_NO_SHA256 
     347static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) 
     348        { 
     349        SHA256_CTX *sha256 = ctx; 
     350        unsigned i; 
     351 
     352        for (i = 0; i < 8; i++) 
     353                { 
     354                l2n(sha256->h[i], md_out); 
     355                } 
     356        } 
     357#undef  LARGEST_DIGEST_CTX 
     358#define LARGEST_DIGEST_CTX SHA256_CTX 
     359#endif 
     360 
     361#ifndef OPENSSL_NO_SHA512 
     362static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) 
     363        { 
     364        SHA512_CTX *sha512 = ctx; 
     365        unsigned i; 
     366 
     367        for (i = 0; i < 8; i++) 
     368                { 
     369                l2n8(sha512->h[i], md_out); 
     370                } 
     371        } 
     372#undef  LARGEST_DIGEST_CTX 
     373#define LARGEST_DIGEST_CTX SHA512_CTX 
     374#endif 
     375 
     376/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function 
     377 * which ssl3_cbc_digest_record supports. */ 
     378char ssl3_cbc_record_digest_supported(const EVP_MD *digest) 
     379        { 
     380#ifdef OPENSSL_FIPS 
     381        if (FIPS_mode()) 
     382                return 0; 
     383#endif 
     384        switch (EVP_MD_type(digest)) 
     385                { 
     386                case NID_md5: 
     387                case NID_sha1: 
     388#ifndef OPENSSL_NO_SHA256 
     389                case NID_sha224: 
     390                case NID_sha256: 
     391#endif 
     392#ifndef OPENSSL_NO_SHA512 
     393                case NID_sha384: 
     394                case NID_sha512: 
     395#endif 
     396                        return 1; 
     397                default: 
     398                        return 0; 
     399                } 
     400        } 
     401 
     402/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS 
     403 * record. 
     404 * 
     405 *   ctx: the EVP_MD_CTX from which we take the hash function. 
     406 *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX. 
     407 *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written. 
     408 *   md_out_size: if non-NULL, the number of output bytes is written here. 
     409 *   header: the 13-byte, TLS record header. 
     410 *   data: the record data itself, less any preceeding explicit IV. 
     411 *   data_plus_mac_size: the secret, reported length of the data and MAC 
     412 *     once the padding has been removed. 
     413 *   data_plus_mac_plus_padding_size: the public length of the whole 
     414 *     record, including padding. 
     415 *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS. 
     416 * 
     417 * On entry: by virtue of having been through one of the remove_padding 
     418 * functions, above, we know that data_plus_mac_size is large enough to contain 
     419 * a padding byte and MAC. (If the padding was invalid, it might contain the 
     420 * padding too. ) */ 
     421void ssl3_cbc_digest_record( 
     422        const EVP_MD *digest, 
     423        unsigned char* md_out, 
     424        size_t* md_out_size, 
     425        const unsigned char header[13], 
     426        const unsigned char *data, 
     427        size_t data_plus_mac_size, 
     428        size_t data_plus_mac_plus_padding_size, 
     429        const unsigned char *mac_secret, 
     430        unsigned mac_secret_length, 
     431        char is_sslv3) 
     432        { 
     433        union { double align; 
     434                unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; 
     435        void (*md_final_raw)(void *ctx, unsigned char *md_out); 
     436        void (*md_transform)(void *ctx, const unsigned char *block); 
     437        unsigned md_size, md_block_size = 64; 
     438        unsigned sslv3_pad_length = 40, header_length, variance_blocks, 
     439                 len, max_mac_bytes, num_blocks, 
     440                 num_starting_blocks, k, mac_end_offset, c, index_a, index_b; 
     441        unsigned int bits;      /* at most 18 bits */ 
     442        unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; 
     443        /* hmac_pad is the masked HMAC key. */ 
     444        unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; 
     445        unsigned char first_block[MAX_HASH_BLOCK_SIZE]; 
     446        unsigned char mac_out[EVP_MAX_MD_SIZE]; 
     447        unsigned i, j, md_out_size_u; 
     448        EVP_MD_CTX md_ctx; 
     449        /* mdLengthSize is the number of bytes in the length field that terminates 
     450        * the hash. */ 
     451        unsigned md_length_size = 8; 
     452 
     453        /* This is a, hopefully redundant, check that allows us to forget about 
     454         * many possible overflows later in this function. */ 
     455        OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); 
     456 
     457        switch (EVP_MD_type(digest)) 
     458                { 
     459                case NID_md5: 
     460                        MD5_Init((MD5_CTX*)md_state.c); 
     461                        md_final_raw = tls1_md5_final_raw; 
     462                        md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; 
     463                        md_size = 16; 
     464                        sslv3_pad_length = 48; 
     465                        break; 
     466                case NID_sha1: 
     467                        SHA1_Init((SHA_CTX*)md_state.c); 
     468                        md_final_raw = tls1_sha1_final_raw; 
     469                        md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; 
     470                        md_size = 20; 
     471                        break; 
     472#ifndef OPENSSL_NO_SHA256 
     473                case NID_sha224: 
     474                        SHA224_Init((SHA256_CTX*)md_state.c); 
     475                        md_final_raw = tls1_sha256_final_raw; 
     476                        md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; 
     477                        md_size = 224/8; 
     478                        break; 
     479                case NID_sha256: 
     480                        SHA256_Init((SHA256_CTX*)md_state.c); 
     481                        md_final_raw = tls1_sha256_final_raw; 
     482                        md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; 
     483                        md_size = 32; 
     484                        break; 
     485#endif 
     486#ifndef OPENSSL_NO_SHA512 
     487                case NID_sha384: 
     488                        SHA384_Init((SHA512_CTX*)md_state.c); 
     489                        md_final_raw = tls1_sha512_final_raw; 
     490                        md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; 
     491                        md_size = 384/8; 
     492                        md_block_size = 128; 
     493                        md_length_size = 16; 
     494                        break; 
     495                case NID_sha512: 
     496                        SHA512_Init((SHA512_CTX*)md_state.c); 
     497                        md_final_raw = tls1_sha512_final_raw; 
     498                        md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; 
     499                        md_size = 64; 
     500                        md_block_size = 128; 
     501                        md_length_size = 16; 
     502                        break; 
     503#endif 
     504                default: 
     505                        /* ssl3_cbc_record_digest_supported should have been 
     506                         * called first to check that the hash function is 
     507                         * supported. */ 
     508                        OPENSSL_assert(0); 
     509                        if (md_out_size) 
     510                                *md_out_size = -1; 
     511                        return; 
     512                } 
     513 
     514        OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); 
     515        OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); 
     516        OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); 
     517 
     518        header_length = 13; 
     519        if (is_sslv3) 
     520                { 
     521                header_length = 
     522                        mac_secret_length + 
     523                        sslv3_pad_length + 
     524                        8 /* sequence number */ + 
     525                        1 /* record type */ + 
     526                        2 /* record length */; 
     527                } 
     528 
     529        /* variance_blocks is the number of blocks of the hash that we have to 
     530         * calculate in constant time because they could be altered by the 
     531         * padding value. 
     532         * 
     533         * In SSLv3, the padding must be minimal so the end of the plaintext 
     534         * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that 
     535         * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash 
     536         * termination (0x80 + 64-bit length) don't fit in the final block, we 
     537         * say that the final two blocks can vary based on the padding. 
     538         * 
     539         * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not 
     540         * required to be minimal. Therefore we say that the final six blocks 
     541         * can vary based on the padding. 
     542         * 
     543         * Later in the function, if the message is short and there obviously 
     544         * cannot be this many blocks then variance_blocks can be reduced. */ 
     545        variance_blocks = is_sslv3 ? 2 : 6; 
     546        /* From now on we're dealing with the MAC, which conceptually has 13 
     547         * bytes of `header' before the start of the data (TLS) or 71/75 bytes 
     548         * (SSLv3) */ 
     549        len = data_plus_mac_plus_padding_size + header_length; 
     550        /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including 
     551        * |header|, assuming that there's no padding. */ 
     552        max_mac_bytes = len - md_size - 1; 
     553        /* num_blocks is the maximum number of hash blocks. */ 
     554        num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; 
     555        /* In order to calculate the MAC in constant time we have to handle 
     556         * the final blocks specially because the padding value could cause the 
     557         * end to appear somewhere in the final |variance_blocks| blocks and we 
     558         * can't leak where. However, |num_starting_blocks| worth of data can 
     559         * be hashed right away because no padding value can affect whether 
     560         * they are plaintext. */ 
     561        num_starting_blocks = 0; 
     562        /* k is the starting byte offset into the conceptual header||data where 
     563         * we start processing. */ 
     564        k = 0; 
     565        /* mac_end_offset is the index just past the end of the data to be 
     566         * MACed. */ 
     567        mac_end_offset = data_plus_mac_size + header_length - md_size; 
     568        /* c is the index of the 0x80 byte in the final hash block that 
     569         * contains application data. */ 
     570        c = mac_end_offset % md_block_size; 
     571        /* index_a is the hash block number that contains the 0x80 terminating 
     572         * value. */ 
     573        index_a = mac_end_offset / md_block_size; 
     574        /* index_b is the hash block number that contains the 64-bit hash 
     575         * length, in bits. */ 
     576        index_b = (mac_end_offset + md_length_size) / md_block_size; 
     577        /* bits is the hash-length in bits. It includes the additional hash 
     578         * block for the masked HMAC key, or whole of |header| in the case of 
     579         * SSLv3. */ 
     580 
     581        /* For SSLv3, if we're going to have any starting blocks then we need 
     582         * at least two because the header is larger than a single block. */ 
     583        if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) 
     584                { 
     585                num_starting_blocks = num_blocks - variance_blocks; 
     586                k = md_block_size*num_starting_blocks; 
     587                } 
     588 
     589        bits = 8*mac_end_offset; 
     590        if (!is_sslv3) 
     591                { 
     592                /* Compute the initial HMAC block. For SSLv3, the padding and 
     593                 * secret bytes are included in |header| because they take more 
     594                 * than a single block. */ 
     595                bits += 8*md_block_size; 
     596                memset(hmac_pad, 0, md_block_size); 
     597                OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); 
     598                memcpy(hmac_pad, mac_secret, mac_secret_length); 
     599                for (i = 0; i < md_block_size; i++) 
     600                        hmac_pad[i] ^= 0x36; 
     601 
     602                md_transform(md_state.c, hmac_pad); 
     603                } 
     604 
     605        memset(length_bytes,0,md_length_size-4); 
     606        length_bytes[md_length_size-4] = (unsigned char)(bits>>24); 
     607        length_bytes[md_length_size-3] = (unsigned char)(bits>>16); 
     608        length_bytes[md_length_size-2] = (unsigned char)(bits>>8); 
     609        length_bytes[md_length_size-1] = (unsigned char)bits; 
     610 
     611        if (k > 0) 
     612                { 
     613                if (is_sslv3) 
     614                        { 
     615                        /* The SSLv3 header is larger than a single block. 
     616                         * overhang is the number of bytes beyond a single 
     617                         * block that the header consumes: either 7 bytes 
     618                         * (SHA1) or 11 bytes (MD5). */ 
     619                        unsigned overhang = header_length-md_block_size; 
     620                        md_transform(md_state.c, header); 
     621                        memcpy(first_block, header + md_block_size, overhang); 
     622                        memcpy(first_block + overhang, data, md_block_size-overhang); 
     623                        md_transform(md_state.c, first_block); 
     624                        for (i = 1; i < k/md_block_size - 1; i++) 
     625                                md_transform(md_state.c, data + md_block_size*i - overhang); 
     626                        } 
     627                else 
     628                        { 
     629                        /* k is a multiple of md_block_size. */ 
     630                        memcpy(first_block, header, 13); 
     631                        memcpy(first_block+13, data, md_block_size-13); 
     632                        md_transform(md_state.c, first_block); 
     633                        for (i = 1; i < k/md_block_size; i++) 
     634                                md_transform(md_state.c, data + md_block_size*i - 13); 
     635                        } 
     636                } 
     637 
     638        memset(mac_out, 0, sizeof(mac_out)); 
     639 
     640        /* We now process the final hash blocks. For each block, we construct 
     641         * it in constant time. If the |i==index_a| then we'll include the 0x80 
     642         * bytes and zero pad etc. For each block we selectively copy it, in 
     643         * constant time, to |mac_out|. */ 
     644        for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++) 
     645                { 
     646                unsigned char block[MAX_HASH_BLOCK_SIZE]; 
     647                unsigned char is_block_a = constant_time_eq_8(i, index_a); 
     648                unsigned char is_block_b = constant_time_eq_8(i, index_b); 
     649                for (j = 0; j < md_block_size; j++) 
     650                        { 
     651                        unsigned char b = 0, is_past_c, is_past_cp1; 
     652                        if (k < header_length) 
     653                                b = header[k]; 
     654                        else if (k < data_plus_mac_plus_padding_size + header_length) 
     655                                b = data[k-header_length]; 
     656                        k++; 
     657 
     658                        is_past_c = is_block_a & constant_time_ge(j, c); 
     659                        is_past_cp1 = is_block_a & constant_time_ge(j, c+1); 
     660                        /* If this is the block containing the end of the 
     661                         * application data, and we are at the offset for the 
     662                         * 0x80 value, then overwrite b with 0x80. */ 
     663                        b = (b&~is_past_c) | (0x80&is_past_c); 
     664                        /* If this the the block containing the end of the 
     665                         * application data and we're past the 0x80 value then 
     666                         * just write zero. */ 
     667                        b = b&~is_past_cp1; 
     668                        /* If this is index_b (the final block), but not 
     669                         * index_a (the end of the data), then the 64-bit 
     670                         * length didn't fit into index_a and we're having to 
     671                         * add an extra block of zeros. */ 
     672                        b &= ~is_block_b | is_block_a; 
     673 
     674                        /* The final bytes of one of the blocks contains the 
     675                         * length. */ 
     676                        if (j >= md_block_size - md_length_size) 
     677                                { 
     678                                /* If this is index_b, write a length byte. */ 
     679                                b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); 
     680                                } 
     681                        block[j] = b; 
     682                        } 
     683 
     684                md_transform(md_state.c, block); 
     685                md_final_raw(md_state.c, block); 
     686                /* If this is index_b, copy the hash value to |mac_out|. */ 
     687                for (j = 0; j < md_size; j++) 
     688                        mac_out[j] |= block[j]&is_block_b; 
     689                } 
     690 
     691        EVP_MD_CTX_init(&md_ctx); 
     692        EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */); 
     693        if (is_sslv3) 
     694                { 
     695                /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ 
     696                memset(hmac_pad, 0x5c, sslv3_pad_length); 
     697 
     698                EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); 
     699                EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); 
     700                EVP_DigestUpdate(&md_ctx, mac_out, md_size); 
     701                } 
     702        else 
     703                { 
     704                /* Complete the HMAC in the standard manner. */ 
     705                for (i = 0; i < md_block_size; i++) 
     706                        hmac_pad[i] ^= 0x6a; 
     707 
     708                EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); 
     709                EVP_DigestUpdate(&md_ctx, mac_out, md_size); 
     710                } 
     711        EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); 
     712        if (md_out_size) 
     713                *md_out_size = md_out_size_u; 
     714        EVP_MD_CTX_cleanup(&md_ctx); 
     715        } 
     716 
     717#ifdef OPENSSL_FIPS 
     718 
     719/* Due to the need to use EVP in FIPS mode we can't reimplement digests but 
     720 * we can ensure the number of blocks processed is equal for all cases 
     721 * by digesting additional data. 
     722 */ 
     723 
     724void tls_fips_digest_extra( 
     725        const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx, 
     726        const unsigned char *data, size_t data_len, size_t orig_len) 
     727        { 
     728        size_t block_size, digest_pad, blocks_data, blocks_orig; 
     729        if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) 
     730                return; 
     731        block_size = EVP_MD_block_size(hash); 
     732        /* We are in FIPS mode if we get this far so we know we have only SHA* 
     733         * digests and TLS to deal with. 
     734         * Minimum digest padding length is 17 for SHA384/SHA512 and 9 
     735         * otherwise. 
     736         * Additional header is 13 bytes. To get the number of digest blocks 
     737         * processed round up the amount of data plus padding to the nearest 
     738         * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. 
     739         * So we have: 
     740         * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size 
     741         * equivalently: 
     742         * blocks = (payload_len + digest_pad + 12)/block_size + 1 
     743         * HMAC adds a constant overhead. 
     744         * We're ultimately only interested in differences so this becomes 
     745         * blocks = (payload_len + 29)/128 
     746         * for SHA384/SHA512 and 
     747         * blocks = (payload_len + 21)/64 
     748         * otherwise. 
     749         */ 
     750        digest_pad = block_size == 64 ? 21 : 29; 
     751        blocks_orig = (orig_len + digest_pad)/block_size; 
     752        blocks_data = (data_len + digest_pad)/block_size; 
     753        /* MAC enough blocks to make up the difference between the original 
     754         * and actual lengths plus one extra block to ensure this is never a 
     755         * no op. The "data" pointer should always have enough space to 
     756         * perform this operation as it is large enough for a maximum 
     757         * length TLS buffer.  
     758         */ 
     759        HMAC_Update(hctx, data, 
     760                                (blocks_orig - blocks_data + 1) * block_size); 
     761        } 
     762#endif 
  • crypto/openssl/ssl/s3_clnt.c

    int ssl3_connect(SSL *s) 
    262262                        ret=ssl3_get_server_hello(s); 
    263263                        if (ret <= 0) goto end; 
    264264                        if (s->hit) 
     265                                { 
    265266                                s->state=SSL3_ST_CR_FINISHED_A; 
     267#ifndef OPENSSL_NO_TLSEXT 
     268                                if (s->tlsext_ticket_expected) 
     269                                        { 
     270                                        /* receive renewed session ticket */ 
     271                                        s->state=SSL3_ST_CR_SESSION_TICKET_A; 
     272                                        } 
     273#endif 
     274                                } 
    266275                        else 
    267276                                s->state=SSL3_ST_CR_CERT_A; 
    268277                        s->init_num=0; 
  • crypto/openssl/ssl/s3_enc.c

    void ssl3_cleanup_key_block(SSL *s) 
    433433        s->s3->tmp.key_block_length=0; 
    434434        } 
    435435 
     436/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. 
     437 * 
     438 * Returns: 
     439 *   0: (in non-constant time) if the record is publically invalid (i.e. too 
     440 *       short etc). 
     441 *   1: if the record's padding is valid / the encryption was successful. 
     442 *   -1: if the record's padding is invalid or, if sending, an internal error 
     443 *       occured. 
     444 */ 
    436445int ssl3_enc(SSL *s, int send) 
    437446        { 
    438447        SSL3_RECORD *rec; 
    439448        EVP_CIPHER_CTX *ds; 
    440449        unsigned long l; 
    441         int bs,i; 
     450        int bs,i,mac_size=0; 
    442451        const EVP_CIPHER *enc; 
    443452 
    444453        if (send) 
    int ssl3_enc(SSL *s, int send) 
    489498                if (!send) 
    490499                        { 
    491500                        if (l == 0 || l%bs != 0) 
    492                                 { 
    493                                 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 
    494                                 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); 
    495501                                return 0; 
    496                                 } 
    497502                        /* otherwise, rec->length >= bs */ 
    498503                        } 
    499504                 
    500505                EVP_Cipher(ds,rec->data,rec->input,l); 
    501506 
     507                if (s->read_hash != NULL) 
     508                        mac_size = EVP_MD_size(s->read_hash); 
     509 
    502510                if ((bs != 1) && !send) 
    503                         { 
    504                         i=rec->data[l-1]+1; 
    505                         /* SSL 3.0 bounds the number of padding bytes by the block size; 
    506                          * padding bytes (except the last one) are arbitrary */ 
    507                         if (i > bs) 
    508                                 { 
    509                                 /* Incorrect padding. SSLerr() and ssl3_alert are done 
    510                                  * by caller: we don't want to reveal whether this is 
    511                                  * a decryption error or a MAC verification failure 
    512                                  * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ 
    513                                 return -1; 
    514                                 } 
    515                         /* now i <= bs <= rec->length */ 
    516                         rec->length-=i; 
    517                         } 
     511                        return ssl3_cbc_remove_padding(s, rec, bs, mac_size); 
    518512                } 
    519513        return(1); 
    520514        } 
    int ssl3_mac(SSL *ssl, unsigned char *md, int send 
    591585        EVP_MD_CTX md_ctx; 
    592586        const EVP_MD *hash; 
    593587        unsigned char *p,rec_char; 
    594         unsigned int md_size; 
     588        size_t md_size, orig_len; 
    595589        int npad; 
    596590 
    597591        if (send) 
    int ssl3_mac(SSL *ssl, unsigned char *md, int send 
    612606        md_size=EVP_MD_size(hash); 
    613607        npad=(48/md_size)*md_size; 
    614608 
    615         /* Chop the digest off the end :-) */ 
    616         EVP_MD_CTX_init(&md_ctx); 
     609        /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ 
     610        orig_len = rec->length+md_size+((unsigned int)rec->type>>8); 
     611        rec->type &= 0xff; 
    617612 
    618         EVP_DigestInit_ex(  &md_ctx,hash, NULL); 
    619         EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 
    620         EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); 
    621         EVP_DigestUpdate(&md_ctx,seq,8); 
    622         rec_char=rec->type; 
    623         EVP_DigestUpdate(&md_ctx,&rec_char,1); 
    624         p=md; 
    625         s2n(rec->length,p); 
    626         EVP_DigestUpdate(&md_ctx,md,2); 
    627         EVP_DigestUpdate(&md_ctx,rec->input,rec->length); 
    628         EVP_DigestFinal_ex( &md_ctx,md,NULL); 
     613        if (!send && 
     614            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && 
     615            ssl3_cbc_record_digest_supported(hash)) 
     616                { 
     617                /* This is a CBC-encrypted record. We must avoid leaking any 
     618                 * timing-side channel information about how many blocks of 
     619                 * data we are hashing because that gives an attacker a 
     620                 * timing-oracle. */ 
    629621 
    630         EVP_DigestInit_ex(  &md_ctx,hash, NULL); 
    631         EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 
    632         EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); 
    633         EVP_DigestUpdate(&md_ctx,md,md_size); 
    634         EVP_DigestFinal_ex( &md_ctx,md,&md_size); 
     622                /* npad is, at most, 48 bytes and that's with MD5: 
     623                 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. 
     624                 * 
     625                 * With SHA-1 (the largest hash speced for SSLv3) the hash size 
     626                 * goes up 4, but npad goes down by 8, resulting in a smaller 
     627                 * total size. */ 
     628                unsigned char header[75]; 
     629                unsigned j = 0; 
     630                memcpy(header+j, mac_sec, md_size); 
     631                j += md_size; 
     632                memcpy(header+j, ssl3_pad_1, npad); 
     633                j += npad; 
     634                memcpy(header+j, seq, 8); 
     635                j += 8; 
     636                header[j++] = rec->type; 
     637                header[j++] = rec->length >> 8; 
     638                header[j++] = rec->length & 0xff; 
    635639 
    636         EVP_MD_CTX_cleanup(&md_ctx); 
     640                ssl3_cbc_digest_record( 
     641                        hash, 
     642                        md, &md_size, 
     643                        header, rec->input, 
     644                        rec->length + md_size, orig_len, 
     645                        mac_sec, md_size, 
     646                        1 /* is SSLv3 */); 
     647                } 
     648        else 
     649                { 
     650                unsigned int md_size_u; 
     651                /* Chop the digest off the end :-) */ 
     652                EVP_MD_CTX_init(&md_ctx); 
    637653 
     654                EVP_DigestInit_ex( &md_ctx,hash, NULL); 
     655                EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 
     656                EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); 
     657                EVP_DigestUpdate(&md_ctx,seq,8); 
     658                rec_char=rec->type; 
     659                EVP_DigestUpdate(&md_ctx,&rec_char,1); 
     660                p=md; 
     661                s2n(rec->length,p); 
     662                EVP_DigestUpdate(&md_ctx,md,2); 
     663                EVP_DigestUpdate(&md_ctx,rec->input,rec->length); 
     664                EVP_DigestFinal_ex( &md_ctx,md,NULL); 
     665 
     666                EVP_DigestInit_ex( &md_ctx,hash, NULL); 
     667                EVP_DigestUpdate(&md_ctx,mac_sec,md_size); 
     668                EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); 
     669                EVP_DigestUpdate(&md_ctx,md,md_size); 
     670                EVP_DigestFinal_ex( &md_ctx,md,&md_size_u); 
     671                md_size = md_size_u; 
     672 
     673                EVP_MD_CTX_cleanup(&md_ctx); 
     674        } 
     675 
    638676        ssl3_record_sequence_update(seq); 
    639677        return(md_size); 
    640678        } 
  • crypto/openssl/ssl/s3_pkt.c

    static int ssl3_get_record(SSL *s) 
    246246        unsigned char *p; 
    247247        unsigned char md[EVP_MAX_MD_SIZE]; 
    248248        short version; 
    249         unsigned int mac_size; 
    250         int clear=0; 
     249        unsigned mac_size, orig_len; 
    251250        size_t extra; 
    252         int decryption_failed_or_bad_record_mac = 0; 
    253         unsigned char *mac = NULL; 
    254251 
    255252        rr= &(s->s3->rrec); 
    256253        sess=s->session; 
    again: 
    354351 
    355352        /* decrypt in place in 'rr->input' */ 
    356353        rr->data=rr->input; 
     354        orig_len=rr->length; 
    357355 
    358356        enc_err = s->method->ssl3_enc->enc(s,0); 
    359         if (enc_err <= 0) 
     357        /* enc_err is: 
     358         *    0: (in non-constant time) if the record is publically invalid. 
     359         *    1: if the padding is valid 
     360         *    -1: if the padding is invalid */ 
     361        if (enc_err == 0) 
    360362                { 
    361                 if (enc_err == 0) 
    362                         /* SSLerr() and ssl3_send_alert() have been called */ 
    363                         goto err; 
    364  
    365                 /* Otherwise enc_err == -1, which indicates bad padding 
    366                  * (rec->length has not been changed in this case). 
    367                  * To minimize information leaked via timing, we will perform 
    368                  * the MAC computation anyway. */ 
    369                 decryption_failed_or_bad_record_mac = 1; 
     363                al=SSL_AD_DECRYPTION_FAILED; 
     364                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 
     365                goto f_err; 
    370366                } 
    371367 
    372368#ifdef TLS_DEBUG 
    printf("\n"); 
    376372#endif 
    377373 
    378374        /* r->length is now the compressed data plus mac */ 
    379         if (    (sess == NULL) || 
    380                 (s->enc_read_ctx == NULL) || 
    381                 (s->read_hash == NULL)) 
    382                 clear=1; 
    383  
    384         if (!clear) 
     375        if ((sess != NULL) && 
     376            (s->enc_read_ctx != NULL) && 
     377            (s->read_hash != NULL)) 
    385378                { 
     379                /* s->read_hash != NULL => mac_size != -1 */ 
     380                unsigned char *mac = NULL; 
     381                unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 
    386382                mac_size=EVP_MD_size(s->read_hash); 
     383                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 
    387384 
    388                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 
     385                /* orig_len is the length of the record before any padding was 
     386                 * removed. This is public information, as is the MAC in use, 
     387                 * therefore we can safely process the record in a different 
     388                 * amount of time if it's too short to possibly contain a MAC. 
     389                 */ 
     390                if (orig_len < mac_size || 
     391                    /* CBC records must have a padding length byte too. */ 
     392                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && 
     393                     orig_len < mac_size+1)) 
    389394                        { 
    390 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 
    391                         al=SSL_AD_RECORD_OVERFLOW; 
    392                         SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 
     395                        al=SSL_AD_DECODE_ERROR; 
     396                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); 
    393397                        goto f_err; 
    394 #else 
    395                         decryption_failed_or_bad_record_mac = 1; 
    396 #endif                   
    397398                        } 
    398                 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 
    399                 if (rr->length >= mac_size) 
     399 
     400                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) 
    400401                        { 
     402                        /* We update the length so that the TLS header bytes 
     403                         * can be constructed correctly but we need to extract 
     404                         * the MAC in constant time from within the record, 
     405                         * without leaking the contents of the padding bytes. 
     406                         * */ 
     407                        mac = mac_tmp; 
     408                        ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); 
    401409                        rr->length -= mac_size; 
    402                         mac = &rr->data[rr->length]; 
    403410                        } 
    404411                else 
    405412                        { 
    406                         /* record (minus padding) is too short to contain a MAC */ 
    407 #if 0 /* OK only for stream ciphers */ 
    408                         al=SSL_AD_DECODE_ERROR; 
    409                         SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); 
    410                         goto f_err; 
    411 #else 
    412                         decryption_failed_or_bad_record_mac = 1; 
    413                         rr->length = 0; 
    414 #endif 
     413                        /* In this case there's no padding, so |orig_len| 
     414                         * equals |rec->length| and we checked that there's 
     415                         * enough bytes for |mac_size| above. */ 
     416                        rr->length -= mac_size; 
     417                        mac = &rr->data[rr->length]; 
    415418                        } 
    416                 i=s->method->ssl3_enc->mac(s,md,0); 
    417                 if (mac == NULL || memcmp(md, mac, mac_size) != 0) 
    418                         { 
    419                         decryption_failed_or_bad_record_mac = 1; 
    420                         } 
     419 
     420                i=s->method->ssl3_enc->mac(s,md,0 /* not send */); 
     421                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) 
     422                        enc_err = -1; 
     423                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 
     424                        enc_err = -1; 
    421425                } 
    422426 
    423         if (decryption_failed_or_bad_record_mac) 
     427        if (enc_err < 0) 
    424428                { 
    425429                /* A separate 'decryption_failed' alert was introduced with TLS 1.0, 
    426430                 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption 
  • crypto/openssl/ssl/s3_srvr.c

    int ssl3_get_client_hello(SSL *s) 
    10051005                        goto f_err; 
    10061006                        } 
    10071007                } 
    1008                 if (ssl_check_clienthello_tlsext(s) <= 0) { 
     1008                if (ssl_check_clienthello_tlsext_early(s) <= 0) { 
    10091009                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); 
    10101010                        goto err; 
    10111011                } 
    int ssl3_get_client_hello(SSL *s) 
    11311131         * s->tmp.new_cipher    - the new cipher to use. 
    11321132         */ 
    11331133 
     1134        /* Handles TLS extensions that we couldn't check earlier */ 
     1135        if (s->version >= SSL3_VERSION) 
     1136                { 
     1137                if (ssl_check_clienthello_tlsext_late(s) <= 0) 
     1138                        { 
     1139                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); 
     1140                        goto err; 
     1141                        } 
     1142                } 
     1143 
    11341144        if (ret < 0) ret=1; 
    11351145        if (0) 
    11361146                { 
  • crypto/openssl/ssl/ssl.h

    void ERR_load_SSL_strings(void); 
    18201820#define SSL_F_SSL_GET_NEW_SESSION                        181 
    18211821#define SSL_F_SSL_GET_PREV_SESSION                       217 
    18221822#define SSL_F_SSL_GET_SERVER_SEND_CERT                   182 
     1823#define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317 
    18231824#define SSL_F_SSL_GET_SIGN_PKEY                          183 
    18241825#define SSL_F_SSL_INIT_WBIO_BUFFER                       184 
    18251826#define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185 
  • crypto/openssl/ssl/ssl_err.c

    static ERR_STRING_DATA SSL_str_functs[]= 
    218218{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),   "SSL_GET_NEW_SESSION"}, 
    219219{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),  "SSL_GET_PREV_SESSION"}, 
    220220{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),      "SSL_GET_SERVER_SEND_CERT"}, 
     221{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),      "SSL_GET_SERVER_SEND_PKEY"}, 
    221222{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),     "SSL_GET_SIGN_PKEY"}, 
    222223{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),  "SSL_INIT_WBIO_BUFFER"}, 
    223224{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),       "SSL_load_client_CA_file"}, 
  • crypto/openssl/ssl/ssl_lib.c

    int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE 
    19431943        } 
    19441944 
    19451945/* THIS NEEDS CLEANING UP */ 
    1946 X509 *ssl_get_server_send_cert(SSL *s) 
     1946CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) 
    19471947        { 
    19481948        unsigned long alg,kalg; 
    19491949        CERT *c; 
    int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHE 
    19931993                } 
    19941994        else /* if (kalg & SSL_aNULL) */ 
    19951995                { 
    1996                 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); 
     1996                SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); 
    19971997                return(NULL); 
    19981998                } 
    1999         if (c->pkeys[i].x509 == NULL) return(NULL); 
    20001999 
    2001         return(c->pkeys[i].x509); 
     2000        return c->pkeys + i; 
    20022001        } 
    20032002 
     2003X509 *ssl_get_server_send_cert(const SSL *s) 
     2004        { 
     2005        CERT_PKEY *cpk; 
     2006        cpk = ssl_get_server_send_pkey(s); 
     2007        if (!cpk) 
     2008                return NULL; 
     2009        return cpk->x509; 
     2010        } 
     2011 
    20042012EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) 
    20052013        { 
    20062014        unsigned long alg; 
    void ssl_clear_cipher_ctx(SSL *s) 
    24202428/* Fix this function so that it takes an optional type parameter */ 
    24212429X509 *SSL_get_certificate(const SSL *s) 
    24222430        { 
    2423         if (s->cert != NULL) 
     2431        if (s->server) 
     2432                return(ssl_get_server_send_cert(s)); 
     2433        else if (s->cert != NULL) 
    24242434                return(s->cert->key->x509); 
    24252435        else 
    24262436                return(NULL); 
  • crypto/openssl/ssl/ssl_locl.h

     
    189189                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 
    190190                         *((c)++)=(unsigned char)(((l)    )&0xff)) 
    191191 
     192#define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ 
     193                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \ 
     194                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \ 
     195                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \ 
     196                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \ 
     197                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 
     198                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 
     199                         *((c)++)=(unsigned char)(((l)    )&0xff)) 
     200 
    192201#define n2l6(c,l)       (l =((BN_ULLONG)(*((c)++)))<<40, \ 
    193202                         l|=((BN_ULLONG)(*((c)++)))<<32, \ 
    194203                         l|=((BN_ULLONG)(*((c)++)))<<24, \ 
    int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *s 
    740749int ssl_undefined_function(SSL *s); 
    741750int ssl_undefined_void_function(void); 
    742751int ssl_undefined_const_function(const SSL *s); 
    743 X509 *ssl_get_server_send_cert(SSL *); 
     752CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); 
     753X509 *ssl_get_server_send_cert(const SSL *); 
    744754EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); 
    745755int ssl_cert_type(X509 *x,EVP_PKEY *pkey); 
    746756void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); 
    int ssl_parse_clienthello_tlsext(SSL *s, unsigned 
    979989int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); 
    980990int ssl_prepare_clienthello_tlsext(SSL *s); 
    981991int ssl_prepare_serverhello_tlsext(SSL *s); 
    982 int ssl_check_clienthello_tlsext(SSL *s); 
     992int ssl_check_clienthello_tlsext_early(SSL *s); 
     993int ssl_check_clienthello_tlsext_late(SSL *s); 
    983994int ssl_check_serverhello_tlsext(SSL *s); 
    984995 
    985996#ifdef OPENSSL_NO_SHA256 
    int ssl_add_clienthello_renegotiate_ext(SSL *s, un 
    10011012int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, 
    10021013                                          int *al); 
    10031014#endif 
     1015/* s3_cbc.c */ 
     1016void ssl3_cbc_copy_mac(unsigned char* out, 
     1017                       const SSL3_RECORD *rec, 
     1018                       unsigned md_size,unsigned orig_len); 
     1019int ssl3_cbc_remove_padding(const SSL* s, 
     1020                            SSL3_RECORD *rec, 
     1021                            unsigned block_size, 
     1022                            unsigned mac_size); 
     1023int tls1_cbc_remove_padding(const SSL* s, 
     1024                            SSL3_RECORD *rec, 
     1025                            unsigned block_size, 
     1026                            unsigned mac_size); 
     1027char ssl3_cbc_record_digest_supported(const EVP_MD *hash); 
     1028void ssl3_cbc_digest_record( 
     1029        const EVP_MD *hash, 
     1030        unsigned char* md_out, 
     1031        size_t* md_out_size, 
     1032        const unsigned char header[13], 
     1033        const unsigned char *data, 
     1034        size_t data_plus_mac_size, 
     1035        size_t data_plus_mac_plus_padding_size, 
     1036        const unsigned char *mac_secret, 
     1037        unsigned mac_secret_length, 
     1038        char is_sslv3); 
    10041039 
     1040void tls_fips_digest_extra( 
     1041        const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx, 
     1042        const unsigned char *data, size_t data_len, size_t orig_len); 
     1043 
    10051044#endif 
  • crypto/openssl/ssl/t1_enc.c

    int tls1_change_cipher_state(SSL *s, int which) 
    264264        { 
    265265        int ki; 
    266266        for (ki=0; ki<s->s3->tmp.key_block_length; ki++) 
    267                 printf("%02x", key_block[ki]);  printf("\n"); 
     267                printf("%02x", s->s3->tmp.key_block[ki]);  printf("\n"); 
    268268        } 
    269269#endif  /* KSSL_DEBUG */ 
    270270 
    err: 
    528528        return(0); 
    529529        } 
    530530 
     531/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. 
     532 * 
     533 * Returns: 
     534 *   0: (in non-constant time) if the record is publically invalid (i.e. too 
     535 *       short etc). 
     536 *   1: if the record's padding is valid / the encryption was successful. 
     537 *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending, 
     538 *       an internal error occured. 
     539 */ 
    531540int tls1_enc(SSL *s, int send) 
    532541        { 
    533542        SSL3_RECORD *rec; 
    534543        EVP_CIPHER_CTX *ds; 
    535544        unsigned long l; 
    536         int bs,i,ii,j,k; 
     545        int bs,i,j,k,pad=0,ret,mac_size=0; 
    537546        const EVP_CIPHER *enc; 
    538547 
    539548        if (send) 
    int tls1_enc(SSL *s, int send) 
    559568        printf("tls1_enc(%d)\n", send); 
    560569#endif    /* KSSL_DEBUG */ 
    561570 
    562         if ((s->session == NULL) || (ds == NULL) || 
    563                 (enc == NULL)) 
     571        if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) 
    564572                { 
    565573                memmove(rec->data,rec->input,rec->length); 
    566574                rec->input=rec->data; 
     575                ret = 1; 
    567576                } 
    568577        else 
    569578                { 
    int tls1_enc(SSL *s, int send) 
    591600 
    592601#ifdef KSSL_DEBUG 
    593602                { 
    594                 unsigned long ui; 
     603                unsigned long ui; 
    595604                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 
    596                         (void *)ds,rec->data,rec->input,l); 
    597                 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", 
    598                         ds->buf_len, ds->cipher->key_len, 
    599                         (unsigned long)DES_KEY_SZ, 
    600                         (unsigned long)DES_SCHEDULE_SZ, 
    601                         ds->cipher->iv_len); 
     605                        ds,rec->data,rec->input,l); 
     606                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", 
     607                        ds->buf_len, ds->cipher->key_len, 
     608                        DES_KEY_SZ, DES_SCHEDULE_SZ, 
     609                        ds->cipher->iv_len); 
    602610                printf("\t\tIV: "); 
    603611                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 
    604612                printf("\n"); 
    int tls1_enc(SSL *s, int send) 
    611619                if (!send) 
    612620                        { 
    613621                        if (l == 0 || l%bs != 0) 
    614                                 { 
    615                                 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 
    616                                 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); 
    617622                                return 0; 
    618                                 } 
    619623                        } 
    620624                 
    621625                EVP_Cipher(ds,rec->data,rec->input,l); 
    int tls1_enc(SSL *s, int send) 
    629633                } 
    630634#endif  /* KSSL_DEBUG */ 
    631635 
     636                ret = 1; 
     637                if (s->read_hash != NULL) 
     638                        mac_size = EVP_MD_size(s->read_hash); 
    632639                if ((bs != 1) && !send) 
    633                         { 
    634                         ii=i=rec->data[l-1]; /* padding_length */ 
    635                         i++; 
    636                         /* NB: if compression is in operation the first packet 
    637                          * may not be of even length so the padding bug check 
    638                          * cannot be performed. This bug workaround has been 
    639                          * around since SSLeay so hopefully it is either fixed 
    640                          * now or no buggy implementation supports compression  
    641                          * [steve] 
    642                          */ 
    643                         if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) 
    644                                 && !s->expand) 
    645                                 { 
    646                                 /* First packet is even in size, so check */ 
    647                                 if ((memcmp(s->s3->read_sequence, 
    648                                         "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) 
    649                                         s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 
    650                                 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 
    651                                         i--; 
    652                                 } 
    653                         /* TLS 1.0 does not bound the number of padding bytes by the block size. 
    654                          * All of them must have value 'padding_length'. */ 
    655                         if (i > (int)rec->length) 
    656                                 { 
    657                                 /* Incorrect padding. SSLerr() and ssl3_alert are done 
    658                                  * by caller: we don't want to reveal whether this is 
    659                                  * a decryption error or a MAC verification failure 
    660                                  * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ 
    661                                 return -1; 
    662                                 } 
    663                         for (j=(int)(l-i); j<(int)l; j++) 
    664                                 { 
    665                                 if (rec->data[j] != ii) 
    666                                         { 
    667                                         /* Incorrect padding */ 
    668                                         return -1; 
    669                                         } 
    670                                 } 
    671                         rec->length-=i; 
    672                         } 
     640                        ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); 
     641                if (pad && !send) 
     642                        rec->length -= pad; 
    673643                } 
    674         return(1); 
     644        return ret; 
    675645        } 
    676646 
    677647int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out) 
    int tls1_mac(SSL *ssl, unsigned char *md, int send 
    719689        SSL3_RECORD *rec; 
    720690        unsigned char *mac_sec,*seq; 
    721691        const EVP_MD *hash; 
    722         unsigned int md_size; 
     692        size_t md_size, orig_len; 
    723693        int i; 
    724694        HMAC_CTX hmac; 
    725         unsigned char buf[5];  
     695        unsigned char header[13]; 
    726696 
    727697        if (send) 
    728698                { 
    int tls1_mac(SSL *ssl, unsigned char *md, int send 
    741711 
    742712        md_size=EVP_MD_size(hash); 
    743713 
    744         buf[0]=rec->type; 
    745         if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) 
    746                 { 
    747                 buf[1]=TLS1_VERSION_MAJOR; 
    748                 buf[2]=TLS1_VERSION_MINOR; 
    749                 } 
    750         else    { 
    751                 buf[1]=(unsigned char)(ssl->version>>8); 
    752                 buf[2]=(unsigned char)(ssl->version); 
    753                 } 
    754  
    755         buf[3]=rec->length>>8; 
    756         buf[4]=rec->length&0xff; 
    757  
    758714        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ 
    759715        HMAC_CTX_init(&hmac); 
    760716        HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); 
    int tls1_mac(SSL *ssl, unsigned char *md, int send 
    766722                s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); 
    767723                memcpy (p,&seq[2],6); 
    768724 
    769                 HMAC_Update(&hmac,dtlsseq,8); 
     725                memcpy(header, dtlsseq, 8); 
    770726                } 
    771727        else 
    772                 HMAC_Update(&hmac,seq,8); 
     728                memcpy(header, seq, 8); 
    773729 
    774         HMAC_Update(&hmac,buf,5); 
    775         HMAC_Update(&hmac,rec->input,rec->length); 
    776         HMAC_Final(&hmac,md,&md_size); 
     730        /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */ 
     731        orig_len = rec->length+md_size+((unsigned int)rec->type>>8); 
     732        rec->type &= 0xff; 
     733 
     734        header[8]=rec->type; 
     735        header[9]=(unsigned char)(ssl->version>>8); 
     736        header[10]=(unsigned char)(ssl->version); 
     737        header[11]=(rec->length)>>8; 
     738        header[12]=(rec->length)&0xff; 
     739 
     740        if (!send && 
     741            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && 
     742            ssl3_cbc_record_digest_supported(hash)) 
     743                { 
     744                /* This is a CBC-encrypted record. We must avoid leaking any 
     745                 * timing-side channel information about how many blocks of 
     746                 * data we are hashing because that gives an attacker a 
     747                 * timing-oracle. */ 
     748                ssl3_cbc_digest_record( 
     749                        hash, 
     750                        md, &md_size, 
     751                        header, rec->input, 
     752                        rec->length + md_size, orig_len, 
     753                        ssl->s3->read_mac_secret, 
     754                        EVP_MD_size(ssl->read_hash), 
     755                        0 /* not SSLv3 */); 
     756                } 
     757        else 
     758                { 
     759                unsigned mds; 
     760 
     761                HMAC_Update(&hmac,header,sizeof(header)); 
     762                HMAC_Update(&hmac,rec->input,rec->length); 
     763                HMAC_Final(&hmac,md,&mds); 
     764                md_size = mds; 
     765#ifdef OPENSSL_FIPS 
     766                if (!send && FIPS_mode()) 
     767                        tls_fips_digest_extra( 
     768                                        ssl->enc_read_ctx, 
     769                                        hash, 
     770                                        &hmac, rec->input, 
     771                                        rec->length, orig_len); 
     772#endif 
     773                } 
     774                 
    777775        HMAC_CTX_cleanup(&hmac); 
    778  
    779776#ifdef TLS_DEBUG 
    780777printf("sec="); 
    781778{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } 
  • crypto/openssl/ssl/t1_lib.c

    int ssl_parse_serverhello_tlsext(SSL *s, unsigned 
    745745        return 1; 
    746746        } 
    747747 
    748 int ssl_check_clienthello_tlsext(SSL *s) 
     748int ssl_check_clienthello_tlsext_early(SSL *s) 
    749749        { 
    750750        int ret=SSL_TLSEXT_ERR_NOACK; 
    751751        int al = SSL_AD_UNRECOGNIZED_NAME; 
    int ssl_parse_serverhello_tlsext(SSL *s, unsigned 
    755755        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)              
    756756                ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 
    757757 
     758        switch (ret) 
     759                { 
     760                case SSL_TLSEXT_ERR_ALERT_FATAL: 
     761                        ssl3_send_alert(s, SSL3_AL_FATAL, al);  
     762                        return -1; 
     763 
     764                case SSL_TLSEXT_ERR_ALERT_WARNING: 
     765                        ssl3_send_alert(s, SSL3_AL_WARNING, al); 
     766                        return 1;  
     767                                         
     768                case SSL_TLSEXT_ERR_NOACK: 
     769                        s->servername_done = 0; 
     770 
     771                default: 
     772                        return 1; 
     773                } 
     774        } 
     775 
     776int ssl_check_clienthello_tlsext_late(SSL *s) 
     777        { 
     778        int ret = SSL_TLSEXT_ERR_OK; 
     779        int al; 
     780 
    758781        /* If status request then ask callback what to do. 
    759782         * Note: this must be called after servername callbacks in case  
    760          * the certificate has changed. 
     783         * the certificate has changed, and must be called after the cipher 
     784         * has been chosen because this may influence which certificate is sent 
    761785         */ 
    762         if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb) 
     786        if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb) 
    763787                { 
    764788                int r; 
     789                CERT_PKEY *certpkey; 
     790                certpkey = ssl_get_server_send_pkey(s); 
     791                /* If no certificate can't return certificate status */ 
     792                if (certpkey == NULL) 
     793                        { 
     794                        s->tlsext_status_expected = 0; 
     795                        return 1; 
     796                        } 
     797                /* Set current certificate to one we will use so 
     798                 * SSL_get_certificate et al can pick it up. 
     799                 */ 
     800                s->cert->key = certpkey; 
    765801                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 
    766802                switch (r) 
    767803                        { 
    int ssl_parse_serverhello_tlsext(SSL *s, unsigned 
    785821                } 
    786822        else 
    787823                s->tlsext_status_expected = 0; 
    788         err: 
     824 
     825 err: 
    789826        switch (ret) 
    790827                { 
    791828                case SSL_TLSEXT_ERR_ALERT_FATAL: 
    int ssl_parse_serverhello_tlsext(SSL *s, unsigned 
    795832                case SSL_TLSEXT_ERR_ALERT_WARNING: 
    796833                        ssl3_send_alert(s,SSL3_AL_WARNING,al); 
    797834                        return 1;  
    798                                          
    799                 case SSL_TLSEXT_ERR_NOACK: 
    800                         s->servername_done=0; 
    801                         default: 
    802                 return 1; 
     835 
     836                default: 
     837                        return 1; 
    803838                } 
    804839        } 
    805840 
    static int tls_decrypt_ticket(SSL *s, const unsign 
    9771012        HMAC_Update(&hctx, etick, eticklen); 
    9781013        HMAC_Final(&hctx, tick_hmac, NULL); 
    9791014        HMAC_CTX_cleanup(&hctx); 
    980         if (memcmp(tick_hmac, etick + eticklen, mlen)) 
     1015        if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) 
    9811016                goto tickerr; 
    9821017        /* Attempt to decrypt session data */ 
    9831018        /* Move p after IV to start of encrypted ticket, update length */ 
  • crypto/openssl/util/libeay.num

    BIO_get_callback_arg 3902 EXIST 
    35103510BIO_set_callback                        3903    EXIST::FUNCTION: 
    35113511d2i_ASIdOrRange                         3904    EXIST::FUNCTION:RFC3779 
    35123512i2d_ASIdentifiers                       3905    EXIST::FUNCTION:RFC3779 
     3513CRYPTO_memcmp                           3906    EXIST::FUNCTION: 
    35133514SEED_decrypt                            3908    EXIST::FUNCTION:SEED 
    35143515SEED_encrypt                            3909    EXIST::FUNCTION:SEED 
    35153516SEED_cbc_encrypt                        3910    EXIST::FUNCTION:SEED 
  • secure/lib/libcrypto/Makefile.inc

     
    33.include <bsd.own.mk> 
    44 
    55# OpenSSL version used for manual page generation 
    6 OPENSSL_VER=    0.9.8x 
    7 OPENSSL_DATE=   2012-05-10 
     6OPENSSL_VER=    0.9.8y 
     7OPENSSL_DATE=   2013-02-05 
    88 
    99LCRYPTO_SRC=    ${.CURDIR}/../../../crypto/openssl 
    1010LCRYPTO_DOC=    ${.CURDIR}/../../../crypto/openssl/doc 
  • secure/lib/libssl/Makefile

    SRCS= bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_l 
    1414        d1_both.c d1_enc.c \ 
    1515        s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ 
    1616        s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \ 
    17         s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ 
     17        s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \ 
     18        s3_pkt.c \ 
    1819        s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ 
    1920        ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ 
    2021        ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c 
Note: See TracBrowser for help on using the repository browser.