188 lines
5.3 KiB
Diff
188 lines
5.3 KiB
Diff
--- openssl.orig.c 2014-09-04 01:22:36.000000000 +1200
|
|
+++ openssl.c 2015-01-04 11:26:39.827435900 +1300
|
|
@@ -92,15 +92,6 @@
|
|
#undef HAVE_USERDATA_IN_PWD_CALLBACK
|
|
#endif
|
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x00907001L
|
|
-/* ENGINE_load_private_key() takes four arguments */
|
|
-#define HAVE_ENGINE_LOAD_FOUR_ARGS
|
|
-#include <openssl/ui.h>
|
|
-#else
|
|
-/* ENGINE_load_private_key() takes three arguments */
|
|
-#undef HAVE_ENGINE_LOAD_FOUR_ARGS
|
|
-#endif
|
|
-
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x00903001L) && defined(HAVE_OPENSSL_PKCS12_H)
|
|
/* OpenSSL has PKCS 12 support */
|
|
#define HAVE_PKCS12_SUPPORT
|
|
@@ -135,6 +126,9 @@
|
|
#define OPENSSL_NO_SSL2
|
|
#endif
|
|
|
|
+#undef HAVE_OPENSSL_ENGINE_H
|
|
+#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
|
+
|
|
/*
|
|
* Number of bytes to read from the random number seed file. This must be
|
|
* a finite value (because some entropy "files" like /dev/urandom have
|
|
@@ -168,108 +162,8 @@
|
|
return 0;
|
|
}
|
|
|
|
-/*
|
|
- * rand_enough() is a function that returns TRUE if we have seeded the random
|
|
- * engine properly. We use some preprocessor magic to provide a seed_enough()
|
|
- * macro to use, just to prevent a compiler warning on this function if we
|
|
- * pass in an argument that is never used.
|
|
- */
|
|
-
|
|
-#ifdef HAVE_RAND_STATUS
|
|
-#define seed_enough(x) rand_enough()
|
|
-static bool rand_enough(void)
|
|
-{
|
|
- return (0 != RAND_status()) ? TRUE : FALSE;
|
|
-}
|
|
-#else
|
|
-#define seed_enough(x) rand_enough(x)
|
|
-static bool rand_enough(int nread)
|
|
-{
|
|
- /* this is a very silly decision to make */
|
|
- return (nread > 500) ? TRUE : FALSE;
|
|
-}
|
|
-#endif
|
|
-
|
|
-static int ossl_seed(struct SessionHandle *data)
|
|
-{
|
|
- char *buf = data->state.buffer; /* point to the big buffer */
|
|
- int nread=0;
|
|
-
|
|
- /* Q: should we add support for a random file name as a libcurl option?
|
|
- A: Yes, it is here */
|
|
-
|
|
-#ifndef RANDOM_FILE
|
|
- /* if RANDOM_FILE isn't defined, we only perform this if an option tells
|
|
- us to! */
|
|
- if(data->set.ssl.random_file)
|
|
-#define RANDOM_FILE "" /* doesn't matter won't be used */
|
|
-#endif
|
|
- {
|
|
- /* let the option override the define */
|
|
- nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
|
|
- data->set.str[STRING_SSL_RANDOM_FILE]:
|
|
- RANDOM_FILE),
|
|
- RAND_LOAD_LENGTH);
|
|
- if(seed_enough(nread))
|
|
- return nread;
|
|
- }
|
|
-
|
|
-#if defined(HAVE_RAND_EGD)
|
|
- /* only available in OpenSSL 0.9.5 and later */
|
|
- /* EGD_SOCKET is set at configure time or not at all */
|
|
-#ifndef EGD_SOCKET
|
|
- /* If we don't have the define set, we only do this if the egd-option
|
|
- is set */
|
|
- if(data->set.str[STRING_SSL_EGDSOCKET])
|
|
-#define EGD_SOCKET "" /* doesn't matter won't be used */
|
|
-#endif
|
|
- {
|
|
- /* If there's an option and a define, the option overrides the
|
|
- define */
|
|
- int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
|
|
- data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
|
|
- if(-1 != ret) {
|
|
- nread += ret;
|
|
- if(seed_enough(nread))
|
|
- return nread;
|
|
- }
|
|
- }
|
|
-#endif
|
|
-
|
|
- /* If we get here, it means we need to seed the PRNG using a "silly"
|
|
- approach! */
|
|
- do {
|
|
- unsigned char randb[64];
|
|
- int len = sizeof(randb);
|
|
- RAND_bytes(randb, len);
|
|
- RAND_add(randb, len, (len >> 1));
|
|
- } while(!RAND_status());
|
|
-
|
|
- /* generates a default path for the random seed file */
|
|
- buf[0]=0; /* blank it first */
|
|
- RAND_file_name(buf, BUFSIZE);
|
|
- if(buf[0]) {
|
|
- /* we got a file name to try */
|
|
- nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
|
|
- if(seed_enough(nread))
|
|
- return nread;
|
|
- }
|
|
-
|
|
- infof(data, "libcurl is now using a weak random seed!\n");
|
|
- return nread;
|
|
-}
|
|
-
|
|
static int Curl_ossl_seed(struct SessionHandle *data)
|
|
{
|
|
- /* we have the "SSL is seeded" boolean static to prevent multiple
|
|
- time-consuming seedings in vain */
|
|
- static bool ssl_seeded = FALSE;
|
|
-
|
|
- if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
|
|
- data->set.str[STRING_SSL_EGDSOCKET]) {
|
|
- ossl_seed(data);
|
|
- ssl_seeded = TRUE;
|
|
- }
|
|
return 0;
|
|
}
|
|
|
|
@@ -742,17 +636,6 @@
|
|
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
-
|
|
- /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
|
|
- that function makes an exit() call on wrongly formatted config files
|
|
- which makes it hard to use in some situations. OPENSSL_config() itself
|
|
- calls CONF_modules_load_file() and we use that instead and we ignore
|
|
- its return code! */
|
|
-
|
|
- (void)CONF_modules_load_file(NULL, NULL,
|
|
- CONF_MFLAGS_DEFAULT_SECTION|
|
|
- CONF_MFLAGS_IGNORE_MISSING_FILE);
|
|
-
|
|
return 1;
|
|
}
|
|
|
|
@@ -2825,29 +2708,10 @@
|
|
#if(SSLEAY_VERSION_NUMBER >= 0x905000)
|
|
{
|
|
char sub[3];
|
|
- unsigned long ssleay_value;
|
|
+ unsigned long ssleay_value = 0;
|
|
sub[2]='\0';
|
|
sub[1]='\0';
|
|
- ssleay_value=SSLeay();
|
|
- if(ssleay_value < 0x906000) {
|
|
- ssleay_value=SSLEAY_VERSION_NUMBER;
|
|
- sub[0]='\0';
|
|
- }
|
|
- else {
|
|
- if(ssleay_value&0xff0) {
|
|
- int minor_ver = (ssleay_value >> 4) & 0xff;
|
|
- if(minor_ver > 26) {
|
|
- /* handle extended version introduced for 0.9.8za */
|
|
- sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
|
|
- sub[0] = 'z';
|
|
- }
|
|
- else {
|
|
- sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
|
|
- }
|
|
- }
|
|
- else
|
|
- sub[0]='\0';
|
|
- }
|
|
+ sub[0]='\0';
|
|
|
|
return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
|
|
#ifdef OPENSSL_IS_BORINGSSL
|