From b4cadc6e1343c01b06613053a90ed2ee85e65090 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Mon, 22 Mar 1999 12:22:14 +0000 Subject: Fix security hole. --- ssl/Makefile.ssl | 303 ++++++++++++++++++++++++++++--------------------------- ssl/s23_lib.c | 2 +- ssl/s2_lib.c | 2 +- ssl/s3_clnt.c | 15 ++- ssl/s3_lib.c | 2 +- ssl/s3_srvr.c | 2 + ssl/ssl.err | 5 + ssl/ssl.h | 22 +++- ssl/ssl_asn1.c | 25 ++++- ssl/ssl_err.c | 5 + ssl/ssl_lib.c | 20 +++- ssl/ssl_sess.c | 28 +++-- ssl/ssl_txt.c | 14 ++- ssl/t1_lib.c | 2 +- 14 files changed, 273 insertions(+), 174 deletions(-) (limited to 'ssl') diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index ffadc17f30..8dfa3d0a2d 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -105,74 +105,74 @@ bio_ssl.o: ../include/bn.h ../include/buffer.h ../include/cast.h bio_ssl.o: ../include/crypto.h ../include/des.h ../include/dh.h bio_ssl.o: ../include/dsa.h ../include/err.h ../include/evp.h ../include/idea.h bio_ssl.o: ../include/lhash.h ../include/md2.h ../include/md5.h -bio_ssl.o: ../include/mdc2.h ../include/objects.h ../include/pkcs7.h -bio_ssl.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h -bio_ssl.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h -bio_ssl.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h -bio_ssl.o: ssl2.h ssl23.h ssl3.h tls1.h +bio_ssl.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h +bio_ssl.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h +bio_ssl.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h +bio_ssl.o: ../include/sha.h ../include/stack.h ../include/x509.h +bio_ssl.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h s23_clnt.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s23_clnt.o: ../include/bn.h ../include/buffer.h ../include/cast.h s23_clnt.o: ../include/comp.h ../include/crypto.h ../include/des.h s23_clnt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s23_clnt.o: ../include/evp.h ../include/idea.h ../include/lhash.h s23_clnt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s23_clnt.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -s23_clnt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h -s23_clnt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h -s23_clnt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h -s23_clnt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h +s23_clnt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s23_clnt.o: ../include/rand.h ../include/rc2.h ../include/rc4.h +s23_clnt.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h +s23_clnt.o: ../include/sha.h ../include/stack.h ../include/x509.h +s23_clnt.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s23_lib.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s23_lib.o: ../include/bn.h ../include/buffer.h ../include/cast.h s23_lib.o: ../include/comp.h ../include/crypto.h ../include/des.h s23_lib.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s23_lib.o: ../include/evp.h ../include/idea.h ../include/lhash.h s23_lib.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s23_lib.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s23_lib.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s23_lib.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s23_lib.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s23_lib.o: ssl_locl.h tls1.h +s23_lib.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s23_lib.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s23_lib.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s23_lib.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s23_lib.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s23_meth.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s23_meth.o: ../include/bn.h ../include/buffer.h ../include/cast.h s23_meth.o: ../include/comp.h ../include/crypto.h ../include/des.h s23_meth.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s23_meth.o: ../include/evp.h ../include/idea.h ../include/lhash.h s23_meth.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s23_meth.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s23_meth.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s23_meth.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s23_meth.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s23_meth.o: ssl_locl.h tls1.h +s23_meth.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s23_meth.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s23_meth.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s23_meth.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s23_meth.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s23_pkt.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s23_pkt.o: ../include/bn.h ../include/buffer.h ../include/cast.h s23_pkt.o: ../include/comp.h ../include/crypto.h ../include/des.h s23_pkt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s23_pkt.o: ../include/evp.h ../include/idea.h ../include/lhash.h s23_pkt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s23_pkt.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s23_pkt.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s23_pkt.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s23_pkt.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s23_pkt.o: ssl_locl.h tls1.h +s23_pkt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s23_pkt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s23_pkt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s23_pkt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s23_pkt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s23_srvr.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s23_srvr.o: ../include/bn.h ../include/buffer.h ../include/cast.h s23_srvr.o: ../include/comp.h ../include/crypto.h ../include/des.h s23_srvr.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s23_srvr.o: ../include/evp.h ../include/idea.h ../include/lhash.h s23_srvr.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s23_srvr.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -s23_srvr.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h -s23_srvr.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h -s23_srvr.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h -s23_srvr.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h +s23_srvr.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s23_srvr.o: ../include/rand.h ../include/rc2.h ../include/rc4.h +s23_srvr.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h +s23_srvr.o: ../include/sha.h ../include/stack.h ../include/x509.h +s23_srvr.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s2_clnt.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s2_clnt.o: ../include/bn.h ../include/buffer.h ../include/cast.h s2_clnt.o: ../include/comp.h ../include/crypto.h ../include/des.h s2_clnt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s2_clnt.o: ../include/evp.h ../include/idea.h ../include/lhash.h s2_clnt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s2_clnt.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -s2_clnt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s2_clnt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s2_clnt.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h s2_clnt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h s2_clnt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h s2_clnt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h @@ -182,52 +182,52 @@ s2_enc.o: ../include/comp.h ../include/crypto.h ../include/des.h s2_enc.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s2_enc.o: ../include/evp.h ../include/idea.h ../include/lhash.h s2_enc.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s2_enc.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s2_enc.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s2_enc.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s2_enc.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s2_enc.o: ssl_locl.h tls1.h +s2_enc.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s2_enc.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s2_enc.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s2_enc.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s2_enc.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s2_lib.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s2_lib.o: ../include/bn.h ../include/buffer.h ../include/cast.h s2_lib.o: ../include/comp.h ../include/crypto.h ../include/des.h s2_lib.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s2_lib.o: ../include/evp.h ../include/idea.h ../include/lhash.h s2_lib.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s2_lib.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s2_lib.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s2_lib.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s2_lib.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s2_lib.o: ssl_locl.h tls1.h +s2_lib.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s2_lib.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s2_lib.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s2_lib.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s2_lib.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s2_meth.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s2_meth.o: ../include/bn.h ../include/buffer.h ../include/cast.h s2_meth.o: ../include/comp.h ../include/crypto.h ../include/des.h s2_meth.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s2_meth.o: ../include/evp.h ../include/idea.h ../include/lhash.h s2_meth.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s2_meth.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s2_meth.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s2_meth.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s2_meth.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s2_meth.o: ssl_locl.h tls1.h +s2_meth.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s2_meth.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s2_meth.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s2_meth.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s2_meth.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s2_pkt.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s2_pkt.o: ../include/bn.h ../include/buffer.h ../include/cast.h s2_pkt.o: ../include/comp.h ../include/crypto.h ../include/des.h s2_pkt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s2_pkt.o: ../include/evp.h ../include/idea.h ../include/lhash.h s2_pkt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s2_pkt.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s2_pkt.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s2_pkt.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s2_pkt.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s2_pkt.o: ssl_locl.h tls1.h +s2_pkt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s2_pkt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s2_pkt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s2_pkt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s2_pkt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s2_srvr.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s2_srvr.o: ../include/bn.h ../include/buffer.h ../include/cast.h s2_srvr.o: ../include/comp.h ../include/crypto.h ../include/des.h s2_srvr.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s2_srvr.o: ../include/evp.h ../include/idea.h ../include/lhash.h s2_srvr.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s2_srvr.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -s2_srvr.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s2_srvr.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s2_srvr.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h s2_srvr.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h s2_srvr.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h s2_srvr.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h @@ -237,8 +237,8 @@ s3_both.o: ../include/comp.h ../include/crypto.h ../include/des.h s3_both.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s3_both.o: ../include/evp.h ../include/idea.h ../include/lhash.h s3_both.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s3_both.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -s3_both.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s3_both.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s3_both.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h s3_both.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h s3_both.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h s3_both.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h @@ -248,8 +248,8 @@ s3_clnt.o: ../include/comp.h ../include/crypto.h ../include/des.h s3_clnt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s3_clnt.o: ../include/evp.h ../include/idea.h ../include/lhash.h s3_clnt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s3_clnt.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -s3_clnt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s3_clnt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s3_clnt.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h s3_clnt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h s3_clnt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h s3_clnt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h @@ -259,52 +259,52 @@ s3_enc.o: ../include/comp.h ../include/crypto.h ../include/des.h s3_enc.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s3_enc.o: ../include/evp.h ../include/idea.h ../include/lhash.h s3_enc.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s3_enc.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s3_enc.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s3_enc.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s3_enc.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s3_enc.o: ssl_locl.h tls1.h +s3_enc.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s3_enc.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s3_enc.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s3_enc.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s3_enc.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s3_lib.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s3_lib.o: ../include/bn.h ../include/buffer.h ../include/cast.h s3_lib.o: ../include/comp.h ../include/crypto.h ../include/des.h s3_lib.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s3_lib.o: ../include/evp.h ../include/idea.h ../include/lhash.h s3_lib.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s3_lib.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s3_lib.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s3_lib.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s3_lib.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s3_lib.o: ssl_locl.h tls1.h +s3_lib.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s3_lib.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s3_lib.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s3_lib.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s3_lib.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s3_meth.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s3_meth.o: ../include/bn.h ../include/buffer.h ../include/cast.h s3_meth.o: ../include/comp.h ../include/crypto.h ../include/des.h s3_meth.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s3_meth.o: ../include/evp.h ../include/idea.h ../include/lhash.h s3_meth.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s3_meth.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s3_meth.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s3_meth.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s3_meth.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s3_meth.o: ssl_locl.h tls1.h +s3_meth.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s3_meth.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s3_meth.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s3_meth.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s3_meth.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s3_pkt.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s3_pkt.o: ../include/bn.h ../include/buffer.h ../include/cast.h s3_pkt.o: ../include/comp.h ../include/crypto.h ../include/des.h s3_pkt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s3_pkt.o: ../include/evp.h ../include/idea.h ../include/lhash.h s3_pkt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s3_pkt.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -s3_pkt.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -s3_pkt.o: ../include/rsa.h ../include/sha.h ../include/stack.h -s3_pkt.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -s3_pkt.o: ssl_locl.h tls1.h +s3_pkt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s3_pkt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s3_pkt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +s3_pkt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +s3_pkt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h s3_srvr.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h s3_srvr.o: ../include/bn.h ../include/buffer.h ../include/cast.h s3_srvr.o: ../include/comp.h ../include/crypto.h ../include/des.h s3_srvr.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h s3_srvr.o: ../include/evp.h ../include/idea.h ../include/lhash.h s3_srvr.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -s3_srvr.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -s3_srvr.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +s3_srvr.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +s3_srvr.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h s3_srvr.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h s3_srvr.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h s3_srvr.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h @@ -314,127 +314,130 @@ ssl_algs.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_algs.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_algs.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_algs.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_algs.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -ssl_algs.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -ssl_algs.o: ../include/rsa.h ../include/sha.h ../include/stack.h -ssl_algs.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -ssl_algs.o: ssl_locl.h tls1.h +ssl_algs.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +ssl_algs.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +ssl_algs.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +ssl_algs.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +ssl_algs.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h ssl_asn1.o: ../include/asn1.h ../include/asn1_mac.h ../include/bio.h ssl_asn1.o: ../include/blowfish.h ../include/bn.h ../include/buffer.h ssl_asn1.o: ../include/cast.h ../include/comp.h ../include/crypto.h ssl_asn1.o: ../include/des.h ../include/dh.h ../include/dsa.h ../include/e_os.h ssl_asn1.o: ../include/err.h ../include/evp.h ../include/idea.h ssl_asn1.o: ../include/lhash.h ../include/md2.h ../include/md5.h -ssl_asn1.o: ../include/mdc2.h ../include/objects.h ../include/pkcs7.h -ssl_asn1.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h -ssl_asn1.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h -ssl_asn1.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h -ssl_asn1.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h +ssl_asn1.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h +ssl_asn1.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h +ssl_asn1.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h +ssl_asn1.o: ../include/sha.h ../include/stack.h ../include/x509.h +ssl_asn1.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h ssl_cert.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_cert.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_cert.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_cert.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_cert.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_cert.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_cert.o: ../include/objects.h ../include/pem.h ../include/pem2.h -ssl_cert.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h -ssl_cert.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h -ssl_cert.o: ../include/sha.h ../include/stack.h ../include/x509.h -ssl_cert.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h +ssl_cert.o: ../include/objects.h ../include/opensslv.h ../include/pem.h +ssl_cert.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h +ssl_cert.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h +ssl_cert.o: ../include/rsa.h ../include/sha.h ../include/stack.h +ssl_cert.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h +ssl_cert.o: ssl_locl.h tls1.h ssl_ciph.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_ciph.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_ciph.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_ciph.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_ciph.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_ciph.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_ciph.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -ssl_ciph.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -ssl_ciph.o: ../include/rsa.h ../include/sha.h ../include/stack.h -ssl_ciph.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -ssl_ciph.o: ssl_locl.h tls1.h +ssl_ciph.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +ssl_ciph.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +ssl_ciph.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +ssl_ciph.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +ssl_ciph.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h ssl_err.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_err.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_err.o: ../include/crypto.h ../include/des.h ../include/dh.h ssl_err.o: ../include/dsa.h ../include/err.h ../include/evp.h ../include/idea.h ssl_err.o: ../include/lhash.h ../include/md2.h ../include/md5.h -ssl_err.o: ../include/mdc2.h ../include/objects.h ../include/pkcs7.h -ssl_err.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h -ssl_err.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h -ssl_err.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h -ssl_err.o: ssl2.h ssl23.h ssl3.h tls1.h +ssl_err.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h +ssl_err.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h +ssl_err.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h +ssl_err.o: ../include/sha.h ../include/stack.h ../include/x509.h +ssl_err.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h ssl_err2.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_err2.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_err2.o: ../include/crypto.h ../include/des.h ../include/dh.h ssl_err2.o: ../include/dsa.h ../include/err.h ../include/evp.h ssl_err2.o: ../include/idea.h ../include/lhash.h ../include/md2.h ssl_err2.o: ../include/md5.h ../include/mdc2.h ../include/objects.h -ssl_err2.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h -ssl_err2.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h -ssl_err2.o: ../include/sha.h ../include/stack.h ../include/x509.h -ssl_err2.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h +ssl_err2.o: ../include/opensslv.h ../include/pkcs7.h ../include/rc2.h +ssl_err2.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h +ssl_err2.o: ../include/rsa.h ../include/sha.h ../include/stack.h +ssl_err2.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h +ssl_err2.o: tls1.h ssl_lib.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_lib.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_lib.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_lib.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_lib.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_lib.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_lib.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -ssl_lib.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -ssl_lib.o: ../include/rsa.h ../include/sha.h ../include/stack.h -ssl_lib.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -ssl_lib.o: ssl_locl.h tls1.h +ssl_lib.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +ssl_lib.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +ssl_lib.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +ssl_lib.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +ssl_lib.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h ssl_rsa.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_rsa.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_rsa.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_rsa.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_rsa.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_rsa.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_rsa.o: ../include/objects.h ../include/pem.h ../include/pem2.h -ssl_rsa.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h -ssl_rsa.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h -ssl_rsa.o: ../include/sha.h ../include/stack.h ../include/x509.h -ssl_rsa.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h +ssl_rsa.o: ../include/objects.h ../include/opensslv.h ../include/pem.h +ssl_rsa.o: ../include/pem2.h ../include/pkcs7.h ../include/rc2.h +ssl_rsa.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h +ssl_rsa.o: ../include/rsa.h ../include/sha.h ../include/stack.h +ssl_rsa.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h +ssl_rsa.o: ssl_locl.h tls1.h ssl_sess.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_sess.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_sess.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_sess.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_sess.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_sess.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_sess.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -ssl_sess.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h -ssl_sess.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h -ssl_sess.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h -ssl_sess.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h +ssl_sess.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +ssl_sess.o: ../include/rand.h ../include/rc2.h ../include/rc4.h +ssl_sess.o: ../include/rc5.h ../include/ripemd.h ../include/rsa.h +ssl_sess.o: ../include/sha.h ../include/stack.h ../include/x509.h +ssl_sess.o: ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h ssl_stat.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_stat.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_stat.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_stat.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_stat.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_stat.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_stat.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -ssl_stat.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -ssl_stat.o: ../include/rsa.h ../include/sha.h ../include/stack.h -ssl_stat.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -ssl_stat.o: ssl_locl.h tls1.h +ssl_stat.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +ssl_stat.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +ssl_stat.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +ssl_stat.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +ssl_stat.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h ssl_txt.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h ssl_txt.o: ../include/bn.h ../include/buffer.h ../include/cast.h ssl_txt.o: ../include/comp.h ../include/crypto.h ../include/des.h ssl_txt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h ssl_txt.o: ../include/evp.h ../include/idea.h ../include/lhash.h ssl_txt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -ssl_txt.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -ssl_txt.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -ssl_txt.o: ../include/rsa.h ../include/sha.h ../include/stack.h -ssl_txt.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -ssl_txt.o: ssl_locl.h tls1.h +ssl_txt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +ssl_txt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +ssl_txt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +ssl_txt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +ssl_txt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h t1_clnt.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h t1_clnt.o: ../include/bn.h ../include/buffer.h ../include/cast.h t1_clnt.o: ../include/comp.h ../include/crypto.h ../include/des.h t1_clnt.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h t1_clnt.o: ../include/evp.h ../include/idea.h ../include/lhash.h t1_clnt.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -t1_clnt.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -t1_clnt.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +t1_clnt.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +t1_clnt.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h t1_clnt.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h t1_clnt.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h t1_clnt.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h @@ -444,8 +447,8 @@ t1_enc.o: ../include/comp.h ../include/crypto.h ../include/des.h t1_enc.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h t1_enc.o: ../include/evp.h ../include/hmac.h ../include/idea.h t1_enc.o: ../include/lhash.h ../include/md2.h ../include/md5.h -t1_enc.o: ../include/mdc2.h ../include/objects.h ../include/pkcs7.h -t1_enc.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +t1_enc.o: ../include/mdc2.h ../include/objects.h ../include/opensslv.h +t1_enc.o: ../include/pkcs7.h ../include/rc2.h ../include/rc4.h ../include/rc5.h t1_enc.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h t1_enc.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h t1_enc.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h @@ -455,30 +458,30 @@ t1_lib.o: ../include/comp.h ../include/crypto.h ../include/des.h t1_lib.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h t1_lib.o: ../include/evp.h ../include/idea.h ../include/lhash.h t1_lib.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -t1_lib.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -t1_lib.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -t1_lib.o: ../include/rsa.h ../include/sha.h ../include/stack.h -t1_lib.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -t1_lib.o: ssl_locl.h tls1.h +t1_lib.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +t1_lib.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +t1_lib.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +t1_lib.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +t1_lib.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h t1_meth.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h t1_meth.o: ../include/bn.h ../include/buffer.h ../include/cast.h t1_meth.o: ../include/comp.h ../include/crypto.h ../include/des.h t1_meth.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h t1_meth.o: ../include/evp.h ../include/idea.h ../include/lhash.h t1_meth.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -t1_meth.o: ../include/objects.h ../include/pkcs7.h ../include/rc2.h -t1_meth.o: ../include/rc4.h ../include/rc5.h ../include/ripemd.h -t1_meth.o: ../include/rsa.h ../include/sha.h ../include/stack.h -t1_meth.o: ../include/x509.h ../include/x509_vfy.h ssl.h ssl2.h ssl23.h ssl3.h -t1_meth.o: ssl_locl.h tls1.h +t1_meth.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +t1_meth.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +t1_meth.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h +t1_meth.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h +t1_meth.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h t1_srvr.o: ../include/asn1.h ../include/bio.h ../include/blowfish.h t1_srvr.o: ../include/bn.h ../include/buffer.h ../include/cast.h t1_srvr.o: ../include/comp.h ../include/crypto.h ../include/des.h t1_srvr.o: ../include/dh.h ../include/dsa.h ../include/e_os.h ../include/err.h t1_srvr.o: ../include/evp.h ../include/idea.h ../include/lhash.h t1_srvr.o: ../include/md2.h ../include/md5.h ../include/mdc2.h -t1_srvr.o: ../include/objects.h ../include/pkcs7.h ../include/rand.h -t1_srvr.o: ../include/rc2.h ../include/rc4.h ../include/rc5.h +t1_srvr.o: ../include/objects.h ../include/opensslv.h ../include/pkcs7.h +t1_srvr.o: ../include/rand.h ../include/rc2.h ../include/rc4.h ../include/rc5.h t1_srvr.o: ../include/ripemd.h ../include/rsa.h ../include/sha.h t1_srvr.o: ../include/stack.h ../include/x509.h ../include/x509_vfy.h ssl.h t1_srvr.o: ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 24b884ff4c..34aa0de4fd 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -78,7 +78,7 @@ static int ssl23_put_cipher_by_char(); static SSL_CIPHER *ssl23_get_cipher_by_char(); #endif -char *SSL23_version_str="SSLv2/3 compatibility part of OpenSSL 0.9.2 31-Dec-1998"; +char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; static SSL_METHOD SSLv23_data= { TLS1_VERSION, diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index df24775568..e7581313c9 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -67,7 +67,7 @@ static long ssl2_default_timeout(void ); static long ssl2_default_timeout(); #endif -char *ssl2_version_str="SSLv2 part of OpenSSL 0.9.2 31-Dec-1998"; +char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index cb63a9f7ce..5cc0ff446d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -605,9 +605,18 @@ SSL *s; goto f_err; } } - if ((j != 0) && (j == s->session->session_id_length) && - (memcmp(p,s->session->session_id,j) == 0)) - s->hit=1; + if (j != 0 && j == s->session->session_id_length + && memcmp(p,s->session->session_id,j) == 0) + { + if(s->sid_ctx_length != s->session->sid_ctx_length + || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; + } + s->hit=1; + } else /* a miss or crap from the other end */ { /* If we were trying for session-id reuse, make a new diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 78afd87ced..0fba6ce0ba 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -60,7 +60,7 @@ #include "objects.h" #include "ssl_locl.h" -char *ssl3_version_str="SSLv3 part of OpenSSL 0.9.2 31-Dec-1998"; +char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 56d8dd4737..21b93c1ba4 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1683,6 +1683,8 @@ SSL *s; if (s->session->peer != NULL) X509_free(s->session->peer); s->session->peer=(X509 *)sk_shift(sk); + s->session->cert->cert_chain=sk; + sk=NULL; ret=1; if (0) diff --git a/ssl/ssl.err b/ssl/ssl.err index 413124f7f5..e2677d7755 100644 --- a/ssl/ssl.err +++ b/ssl/ssl.err @@ -86,6 +86,7 @@ #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 #define SSL_F_SSL_DO_HANDSHAKE 180 #define SSL_F_SSL_GET_NEW_SESSION 181 +#define SSL_F_SSL_GET_PREV_SESSION 217 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 #define SSL_F_SSL_GET_SIGN_PKEY 183 #define SSL_F_SSL_INIT_WBIO_BUFFER 184 @@ -100,6 +101,7 @@ #define SSL_F_SSL_SET_PKEY 193 #define SSL_F_SSL_SET_RFD 194 #define SSL_F_SSL_SET_SESSION 195 +#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 #define SSL_F_SSL_SET_WFD 196 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 #define SSL_F_SSL_USE_CERTIFICATE 198 @@ -120,6 +122,7 @@ /* Reason codes. */ #define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 #define SSL_R_BAD_ALERT_RECORD 101 #define SSL_R_BAD_AUTHENTICATION_TYPE 102 #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 @@ -132,6 +135,7 @@ #define SSL_R_BAD_DH_P_LENGTH 110 #define SSL_R_BAD_DIGEST_LENGTH 111 #define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_LENGTH 271 #define SSL_R_BAD_MAC_DECODE 113 #define SSL_R_BAD_MESSAGE_TYPE 114 #define SSL_R_BAD_PACKET_LENGTH 115 @@ -262,6 +266,7 @@ #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 #define SSL_R_SSL_HANDSHAKE_FAILURE 229 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 diff --git a/ssl/ssl.h b/ssl/ssl.h index bd9ac8f9af..f0b143abd9 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -82,6 +82,7 @@ extern "C" { #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +#define SSL_MAX_SID_CTX_LENGTH 32 #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) #define SSL_MAX_KEY_ARG_LENGTH 8 @@ -208,7 +209,8 @@ typedef struct ssl_method_st * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate - * Compression [4] IMPLICIT ASN1_OBJECT -- compression OID XXXXX + * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context + * Compression [5] IMPLICIT ASN1_OBJECT -- compression OID XXXXX * } * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). @@ -226,6 +228,11 @@ typedef struct ssl_session_st /* session_id - valid? */ unsigned int session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + /* this is used to determine whether the session is being reused in + * the appropriate context. It is up to the application to set this, + * via SSL_new */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; int not_resumable; @@ -555,6 +562,11 @@ struct ssl_st /* This is used to hold the server certificate used */ struct cert_st /* CERT */ *cert; + /* the session_id_context is used to ensure sessions are only reused + * in the appropriate context */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + /* This can also be in the session once a session is established */ SSL_SESSION *session; @@ -917,6 +929,8 @@ int SSL_CTX_check_private_key(SSL_CTX *ctx); int SSL_check_private_key(SSL *ctx); SSL * SSL_new(SSL_CTX *ctx); +int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, + unsigned int sid_ctx_len); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); @@ -1169,6 +1183,7 @@ int SSL_CTX_check_private_key(); int SSL_check_private_key(); SSL * SSL_new(); +int SSL_set_session_id_context(); void SSL_clear(); void SSL_free(); int SSL_accept(); @@ -1374,6 +1389,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 #define SSL_F_SSL_DO_HANDSHAKE 180 #define SSL_F_SSL_GET_NEW_SESSION 181 +#define SSL_F_SSL_GET_PREV_SESSION 217 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 #define SSL_F_SSL_GET_SIGN_PKEY 183 #define SSL_F_SSL_INIT_WBIO_BUFFER 184 @@ -1388,6 +1404,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_F_SSL_SET_PKEY 193 #define SSL_F_SSL_SET_RFD 194 #define SSL_F_SSL_SET_SESSION 195 +#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 #define SSL_F_SSL_SET_WFD 196 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 #define SSL_F_SSL_USE_CERTIFICATE 198 @@ -1408,6 +1425,7 @@ void SSL_set_tmp_dh_callback(); /* Reason codes. */ #define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 #define SSL_R_BAD_ALERT_RECORD 101 #define SSL_R_BAD_AUTHENTICATION_TYPE 102 #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 @@ -1420,6 +1438,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_R_BAD_DH_P_LENGTH 110 #define SSL_R_BAD_DIGEST_LENGTH 111 #define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_LENGTH 271 #define SSL_R_BAD_MAC_DECODE 113 #define SSL_R_BAD_MESSAGE_TYPE 114 #define SSL_R_BAD_PACKET_LENGTH 115 @@ -1550,6 +1569,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 #define SSL_R_SSL_HANDSHAKE_FAILURE 229 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 116a83de64..f4ba04a961 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -69,6 +69,7 @@ typedef struct ssl_session_asn1_st ASN1_OCTET_STRING cipher; ASN1_OCTET_STRING master_key; ASN1_OCTET_STRING session_id; + ASN1_OCTET_STRING session_id_context; ASN1_OCTET_STRING key_arg; ASN1_INTEGER time; ASN1_INTEGER timeout; @@ -84,7 +85,7 @@ SSL_SESSION *in; unsigned char **pp; { #define LSIZE2 (sizeof(long)*2) - int v1=0,v2=0,v3=0; + int v1=0,v2=0,v3=0,v4=0; unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2]; long l; @@ -138,6 +139,10 @@ unsigned char **pp; a.session_id.type=V_ASN1_OCTET_STRING; a.session_id.data=in->session_id; + a.session_id_context.length=in->sid_ctx_length; + a.session_id_context.type=V_ASN1_OCTET_STRING; + a.session_id_context.data=in->sid_ctx; + a.key_arg.length=in->key_arg_length; a.key_arg.type=V_ASN1_OCTET_STRING; a.key_arg.data=in->key_arg; @@ -171,6 +176,7 @@ unsigned char **pp; M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); if (in->peer != NULL) M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); + M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); M_ASN1_I2D_seq_total(); @@ -187,6 +193,8 @@ unsigned char **pp; M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); if (in->peer != NULL) M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); + M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, + v4); M_ASN1_I2D_finish(); } @@ -308,6 +316,21 @@ long length; } M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); + os.length=0; + os.data=NULL; + M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); + + if(os.data != NULL) + { + if (os.length > SSL_MAX_SID_CTX_LENGTH) + SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); + ret->sid_ctx_length=os.length; + memcpy(ret->sid_ctx,os.data,os.length); + Free(os.data); os.data=NULL; os.length=0; + } + else + ret->sid_ctx_length=0; + M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index a255a23f96..4f8bd3652a 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -148,6 +148,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"}, {ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"}, {ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"}, +{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"}, {ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"}, {ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"}, {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"}, @@ -162,6 +163,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"}, {ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"}, {ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"}, +{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"}, {ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, @@ -185,6 +187,7 @@ static ERR_STRING_DATA SSL_str_functs[]= static ERR_STRING_DATA SSL_str_reasons[]= { {SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"}, +{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"}, {SSL_R_BAD_ALERT_RECORD ,"bad alert record"}, {SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"}, {SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"}, @@ -197,6 +200,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"}, {SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"}, {SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"}, +{SSL_R_BAD_LENGTH ,"bad length"}, {SSL_R_BAD_MAC_DECODE ,"bad mac decode"}, {SSL_R_BAD_MESSAGE_TYPE ,"bad message type"}, {SSL_R_BAD_PACKET_LENGTH ,"bad packet length"}, @@ -327,6 +331,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"}, {SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"}, {SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"}, +{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"}, {SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"}, {SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"}, {SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1091ee1009..3b6c364b01 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -63,7 +63,7 @@ #include "lhash.h" #include "ssl_locl.h" -char *SSL_version_str="OpenSSL 0.9.2 31-Dec-1998"; +char *SSL_version_str=OPENSSL_VERSION_TEXT; static STACK *ssl_meth=NULL; static STACK *ssl_ctx_meth=NULL; @@ -216,6 +216,20 @@ err: return(NULL); } +int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, + unsigned int sid_ctx_len) + { + if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) + { + SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); + return 0; + } + ssl->sid_ctx_length=sid_ctx_len; + memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); + + return 1; + } + void SSL_free(SSL *s) { int i; @@ -485,6 +499,7 @@ void SSL_copy_session_id(SSL *t,SSL *f) else t->cert=NULL; if (tmp != NULL) ssl_cert_free(tmp); + SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); } /* Fix this so it checks all the valid key/cert options */ @@ -1417,7 +1432,8 @@ SSL *SSL_dup(SSL *s) SSL *ret; int i; - if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL); + if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) + return(NULL); /* This copies version, session-id, SSL_METHOD and 'cert' */ SSL_copy_session_id(ret,s); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 2403b066cb..d731634c70 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -190,6 +190,8 @@ int session; ss->session_id_length=0; } + memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); + ss->sid_ctx_length=s->sid_ctx_length; s->session=ss; ss->ssl_version=s->version; @@ -202,13 +204,14 @@ unsigned char *session_id; int len; { SSL_SESSION *ret=NULL,data; + int copy=1; /* conn_init();*/ data.ssl_version=s->version; data.session_id_length=len; if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) return(0); - memcpy(data.session_id,session_id,len);; + memcpy(data.session_id,session_id,len); if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { @@ -219,26 +222,33 @@ int len; if (ret == NULL) { - int copy=1; - s->ctx->stats.sess_miss++; ret=NULL; - if ((s->ctx->get_session_cb != NULL) && - ((ret=s->ctx->get_session_cb(s,session_id,len,©)) - != NULL)) + if (s->ctx->get_session_cb != NULL + && (ret=s->ctx->get_session_cb(s,session_id,len,©)) + != NULL) { s->ctx->stats.sess_cb_hit++; /* The following should not return 1, otherwise, * things are very strange */ SSL_CTX_add_session(s->ctx,ret); - /* auto free it */ - if (!copy) - SSL_SESSION_free(ret); } if (ret == NULL) return(0); } + if((s->verify_mode&SSL_VERIFY_PEER) + && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length + || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) + { + SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + return 0; + } + + /* auto free it */ + if (!copy) + SSL_SESSION_free(ret); + if (ret->cipher == NULL) { char buf[5],*p; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index e41b738f5c..22fbb5f55b 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -84,7 +84,7 @@ int SSL_SESSION_print(bp,x) BIO *bp; SSL_SESSION *x; { - int i; + unsigned int i; char str[128],*s; if (x == NULL) goto err; @@ -111,13 +111,19 @@ SSL_SESSION *x; sprintf(str," Cipher : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name); if (BIO_puts(bp,str) <= 0) goto err; if (BIO_puts(bp," Session-ID: ") <= 0) goto err; - for (i=0; i<(int)x->session_id_length; i++) + for (i=0; isession_id_length; i++) { sprintf(str,"%02X",x->session_id[i]); if (BIO_puts(bp,str) <= 0) goto err; } + if (BIO_puts(bp,"\nSession-ID-ctx: ") <= 0) goto err; + for (i=0; isid_ctx_length; i++) + { + sprintf(str,"%02X",x->sid_ctx[i]); + if (BIO_puts(bp,str) <= 0) goto err; + } if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; - for (i=0; i<(int)x->master_key_length; i++) + for (i=0; i<(unsigned int)x->master_key_length; i++) { sprintf(str,"%02X",x->master_key[i]); if (BIO_puts(bp,str) <= 0) goto err; @@ -128,7 +134,7 @@ SSL_SESSION *x; if (BIO_puts(bp,"None") <= 0) goto err; } else - for (i=0; i<(int)x->key_arg_length; i++) + for (i=0; ikey_arg_length; i++) { sprintf(str,"%02X",x->key_arg[i]); if (BIO_puts(bp,str) <= 0) goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a1f1a48693..4534403d22 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -60,7 +60,7 @@ #include "objects.h" #include "ssl_locl.h" -char *tls1_version_str="TLSv1 part of OpenSSL 0.9.2 31-Dec-1998"; +char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT; #ifndef NO_PROTO static long tls1_default_timeout(void); -- cgit v1.2.3