openssl/openssl-1.0.0-init-sha256.patch

80 lines
2.9 KiB
Diff
Raw Normal View History

diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod
--- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100
+++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200
@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori
=head1 DESCRIPTION
-SSL_library_init() registers the available ciphers and digests.
+SSL_library_init() registers the available SSL/TLS ciphers and digests.
OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
for SSL_library_init().
@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant.
=head1 WARNING
-SSL_library_init() only registers ciphers. Another important initialization
-is the seeding of the PRNG (Pseudo Random Number Generator), which has to
-be performed separately.
+SSL_library_init() adds ciphers and digests used directly and indirectly by
+SSL/TLS.
=head1 EXAMPLES
A typical TLS/SSL application will start with the library initialization,
-will provide readable error messages and will seed the PRNG.
+and provide readable error messages.
SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */
- actions_to_seed_PRNG();
=head1 RETURN VALUES
SSL_library_init() always returns "1", so it is safe to discard the return
value.
+=head1 NOTES
+
+OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
+Applications which need to use SHA2 in earlier versions of OpenSSL should call
+OpenSSL_add_all_algorithms() as well.
+
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c
--- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200
+++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200
@@ -111,6 +111,14 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
@@ -148,6 +156,14 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);