diff options
| author | Richard Levitte <levitte@openssl.org> | 2001-03-26 17:09:15 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2001-03-26 17:09:15 +0000 |
| commit | 0294674b44beafb4ca8cb806d6e11c93505e3998 (patch) | |
| tree | 85e81d99bb6c992344b65ce6446e7e40ae157236 | |
| parent | 771c8a7ce5b5da3fc9643de36f9f50f039ad9561 (diff) | |
| download | openssl-0294674b44beafb4ca8cb806d6e11c93505e3998.tar.gz | |
Merge in recent changes from OpenSSL_0_9_6-stable.
| -rw-r--r-- | CHANGES | 37 | ||||
| -rwxr-xr-x | Configure | 43 | ||||
| -rw-r--r-- | Makefile.org | 18 | ||||
| -rw-r--r-- | STATUS | 36 | ||||
| -rw-r--r-- | TABLE | 20 | ||||
| -rw-r--r-- | apps/speed.c | 2 | ||||
| -rw-r--r-- | apps/x509.c | 2 | ||||
| -rwxr-xr-x | config | 8 | ||||
| -rw-r--r-- | crypto/asn1/p7_lib.c | 2 | ||||
| -rw-r--r-- | crypto/dso/dso_dl.c | 10 | ||||
| -rw-r--r-- | crypto/rand/rand_win.c | 3 | ||||
| -rw-r--r-- | openssl.spec | 40 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 2 |
13 files changed, 140 insertions, 83 deletions
@@ -4,6 +4,11 @@ Changes between 0.9.6 and 0.9.6a [xx XXX 2001] + *) Fix PKCS#7 decode routines so they correctly update the length + after reading an EOC for the EXPLICIT tag. + [Steve Henson] + [This change does not apply to 0.9.7.] + *) Fix bug in PKCS#12 key generation routines. This was triggered if a 3DES key was generated with a 0 initial byte. Include PKCS12_BROKEN_KEYGEN compilation option to retain the old @@ -28,15 +33,6 @@ X509_NAME_get_index_by_NID() since 0 is a valid index. [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>] - *) Use better test patterns in bntest. - [Ulf Möller] - - *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling - the method-specific "init()" handler. Also clean up ex_data after - calling the method-specific "finish()" handler. Previously, this was - happening the other way round. - [Geoff Thorpe] - *) Avoid coredump with unsupported or invalid public keys by checking if X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when PKCS7_verify() fails with non detached data. @@ -69,6 +65,7 @@ *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME was empty. [Steve Henson] + [This change does not apply to 0.9.7.] *) Use the cached encoding of an X509_NAME structure rather than copying it. This is apparently the reason for the libsafe "errors" @@ -80,7 +77,7 @@ Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits to be set and top=0 forces the highest bit to be set; top=-1 is new and leaves the highest bit random. - [Ulf Moeller] + [Ulf Moeller, Bodo Moeller] *) In the NCONF_...-based implementations for CONF_... queries (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using @@ -109,6 +106,7 @@ macros previously used would not encode an empty SEQUENCE OF and break the signature. [Steve Henson] + [This change does not apply to 0.9.7.] *) Zero the premaster secret after deriving the master secret in DH ciphersuites. @@ -161,12 +159,19 @@ *) Fix a deadlock in CRYPTO_mem_leaks(). [Bodo Moeller] + *) Use better test patterns in bntest. + [Ulf Möller] + *) rand_win.c fix for Borland C. [Ulf Möller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] + *) Add a 'bctest' script that checks for some known 'bc' bugs + so that 'make test' does not abort just because 'bc' is broken. + [Bodo Moeller] + *) Store verify_result within SSL_SESSION also for client side to avoid potential security hole. (Re-used sessions on the client side always resulted in verify_result==X509_V_OK, not using the original @@ -189,10 +194,22 @@ does the actual work for ssl3_read_internal. [Bodo Moeller] + *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling + the method-specific "init()" handler. Also clean up ex_data after + calling the method-specific "finish()" handler. Previously, this was + happening the other way round. + [Geoff Thorpe] + *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. The previous value, 12, was not always sufficient for BN_mod_exp(). [Bodo Moeller] + *) Make sure that shared libraries get the internal name engine with + the full version number and not just 0. This should mark the + shared libraries as not backward compatible. Of course, this should + be changed again when we can guarantee backward binary compatibility. + [Richard Levitte] + *) Fix typo in get_cert_by_subject() in by_dir.c [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>] @@ -98,6 +98,11 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; +my $mips3_irix_asm="asm/mips3.o::::::::"; +# There seems to be boundary faults in asm/alpha.s. +#my $alpha_asm="asm/alpha.o::::::::"; +my $alpha_asm="::::::::"; + # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. # So the md5_locl.h file has an undef B_ENDIAN if sun is defined @@ -136,18 +141,18 @@ my %table=( # surrounds it with #APP #NO_APP comment pair which (at least Solaris # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" # error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 # but keep the assembler modules. -"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests @@ -187,11 +192,11 @@ my %table=( # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-[g]cc' manually. # -mips4 flag is added by ./config when appropriate. -"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", -"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::", +"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}", +"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}", # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::", +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}", #### Unified HP-UX ANSI C configs. # Special notes: @@ -271,9 +276,9 @@ my %table=( # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with # the new compiler # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version -"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared::.so", -"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared::.so", -"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared::.so", +"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so", +"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so", +"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so", "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Alpha Linux with GNU C and Compaq C setups @@ -289,13 +294,13 @@ my %table=( # # <appro@fy.chalmers.se> # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", # assembler versions -- currently defunct: -##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::", +##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}", # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the # bn86-elf.o file file since it is hand tweaked assembler. diff --git a/Makefile.org b/Makefile.org index 041b8432ba..209129e6d7 100644 --- a/Makefile.org +++ b/Makefile.org @@ -57,7 +57,7 @@ CC= gcc #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM DEPFLAG= -PEX_LIBS= -L. -L.. -L../.. -L../../.. +PEX_LIBS= EX_LIBS= AR=ar r RANLIB= ranlib @@ -207,7 +207,7 @@ sub_all: fi; \ done; \ if echo "$(DIRS)" | \ - grep '\(^\| \)\(crypto\|ssl\)\( \|$$\)' > /dev/null 2>&1 && \ + egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \ [ -n "$(SHARED_LIBS)" ]; then \ $(MAKE) $(SHARED_LIBS); \ fi @@ -242,7 +242,7 @@ link-shared: if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ tmp="$(SHARED_LIBS_LINK_EXTS)"; \ for j in $${tmp:-x}; do \ - ( set -x; ln -s -f $$prev lib$$i$$j ); \ + ( set -x; ln -f -s $$prev lib$$i$$j ); \ prev=lib$$i$$j; \ done; \ fi; \ @@ -251,17 +251,18 @@ link-shared: build-shared: clean-shared do_$(SHLIB_TARGET) link-shared do_bsd-gcc-shared: linux-shared -do_linux-shared: +do_linux-shared: do_gnu-shared +do_gnu-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \ + -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -l$$i"; \ done # This assumes that GNU utilities are *not* used -do_true64-shared: +do_tru64-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -shared -no_archive -o lib$$i.so \ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ @@ -272,8 +273,9 @@ do_true64-shared: # This assumes that GNU utilities are *not* used do_solaris-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR} \ + ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ + set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -l$$i"; \ done @@ -1,10 +1,10 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2001/03/21 18:18:51 $ + ______________ $Date: 2001/03/26 17:09:12 $ DEVELOPMENT STATE - o OpenSSL 0.9.6a: In development... + o OpenSSL 0.9.6a: Bugfix release -- under development... Beta 1 released on March 13th, 2001 HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine] HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine] @@ -36,6 +36,11 @@ Needs -DDSO_DLFCN, -DHAVE_DLFCN_H and -ldl to work. [CORRECTED] mingw32 w/ gcc 2.95.2 - PASSED [presumed normal] + + Beta 2 released on March 21st, 2001 + OpenVMS (tested on VMS 7.2-1 for Alpha) - PASSED [presumed normal] + solaris64-sparcv9-cc (SunOS 5.8) - PASSED [normal] + o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 @@ -49,14 +54,13 @@ AVAILABLE PATCHES - o CA.pl patch (Damien Miller) - IN PROGRESS o Steve is currently working on (in no particular order): ASN1 code redesign, butchery, replacement. + OCSP EVP cipher enhancement. - Proper (or at least usable) certificate chain verification. + Enhanced certificate chain verification. Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. @@ -65,19 +69,29 @@ o Richard is currently working on: UTIL (a new set of library functions to support some higher level functionality that is currently missing). - Dynamic thread-lock support. Shared library support for VMS. + OCSP + Kerberos 5 authentication + Constification NEEDS PATCH - o non-blocking socket on AIX - o $(PERL) in */Makefile.ssl - o "Sign the certificate?" - "n" creates empty certificate file + o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file + + o OpenSSL_0_9_6-stable: + #include <openssl/e_os.h> in exported header files is illegal since + e_os.h is suitable only for library-internal use. + + o Whenever strncpy is used, make sure the resulting string is NULL-terminated + or an error is reported OPEN ISSUES - o internal_verify doesn't know about X509.v3 (basicConstraints - CA flag ...) + o crypto/ex_data.c is not really thread-safe and so must be used + with care (e.g., extra locking where necessary, or don't call + CRYPTO_get_ex_new_index once multiple threads exist). + The current API is not suitable for everything that it pretends + to offer. o The Makefile hierarchy and build mechanism is still not a round thing: @@ -655,7 +655,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= true64-shared +$shared_target= tru64-shared $shared_cflag = $shared_extension = .so $ranlib = @@ -677,7 +677,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= true64-shared +$shared_target= tru64-shared $shared_cflag = $shared_extension = .so $ranlib = @@ -699,7 +699,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= true64-shared +$shared_target= tru64-shared $shared_cflag = $shared_extension = .so $ranlib = @@ -1051,7 +1051,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= solaris-shared +$shared_target= gnu-shared $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = @@ -1095,7 +1095,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= solaris-shared +$shared_target= gnu-shared $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = @@ -2349,7 +2349,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= solaris-shared +$shared_target= gnu-shared $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = @@ -2393,7 +2393,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= solaris-shared +$shared_target= gnu-shared $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = @@ -2437,7 +2437,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= solaris-shared +$shared_target= gnu-shared $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = @@ -2459,7 +2459,7 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= solaris-shared +$shared_target= gnu-shared $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = @@ -2481,7 +2481,7 @@ $rc4_obj = asm/rx86-sol.o $rmd160_obj = asm/rm86-sol.o $rc5_obj = asm/r586-sol.o $dso_scheme = dlfcn -$shared_target= solaris-shared +$shared_target= gnu-shared $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = diff --git a/apps/speed.c b/apps/speed.c index f05cd8a38c..3562ea277b 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -865,6 +865,7 @@ int MAIN(int argc, char **argv) } #endif +#ifndef NO_DSA dsa_c[R_DSA_512][0]=count/1000; dsa_c[R_DSA_512][1]=count/1000/2; for (i=1; i<DSA_NUM; i++) @@ -882,6 +883,7 @@ int MAIN(int argc, char **argv) } } } +#endif #define COND(d) (count < (d)) #define COUNT(d) (d) diff --git a/apps/x509.c b/apps/x509.c index 0c0d42a0ac..95f05e580c 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -894,8 +894,10 @@ bad: BIO_printf(bio_err,"Generating certificate request\n"); +#ifndef NO_DSA if (pk->type == EVP_PKEY_DSA) digest=EVP_dss1(); +#endif rq=X509_to_X509_REQ(x,pk,digest); EVP_PKEY_free(pk); @@ -87,6 +87,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "m68k-apple-aux3"; exit 0 ;; + AIX:[3456789]:4:*) + echo "${MACHINE}-ibm-aix43"; exit 0 + ;; + + AIX:*:[56789]:*) + echo "${MACHINE}-ibm-aix43"; exit 0 + ;; + AIX:*) echo "${MACHINE}-ibm-aix"; exit 0 ;; diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c index b1196ef581..8a340b0119 100644 --- a/crypto/asn1/p7_lib.c +++ b/crypto/asn1/p7_lib.c @@ -307,12 +307,14 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length) } if (Tinf == (1|V_ASN1_CONSTRUCTED)) { + c.q=c.p; if (!ASN1_check_infinite_end(&c.p,c.slen)) { c.error=ERR_R_MISSING_ASN1_EOS; c.line=__LINE__; goto err; } + c.slen-=(c.p-c.q); } } else diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 1a898c5407..455bd66ecf 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -82,7 +82,7 @@ static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); static int dl_init(DSO *dso); static int dl_finish(DSO *dso); #endif -static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); +static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg); static DSO_METHOD dso_meth_dl = { "OpenSSL 'dl' shared library method", @@ -123,7 +123,7 @@ static int dl_load(DSO *dso, const char *filename) int len; /* The same comment as in dlfcn_load applies here. bleurgh. */ - len = strlen(filename) + len(extension); + len = strlen(filename) + strlen(extension); if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && (len + 3 < DSO_MAX_TRANSLATED_SIZE) && (strstr(filename, "/") == NULL)) @@ -229,7 +229,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) return((DSO_FUNC_TYPE)sym); } -static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg) +static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg) { if(dso == NULL) { @@ -241,10 +241,10 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg) case DSO_CTRL_GET_FLAGS: return dso->flags; case DSO_CTRL_SET_FLAGS: - dso->flags = (int)larg; + dso->flags = larg; return(0); case DSO_CTRL_OR_FLAGS: - dso->flags |= (int)larg; + dso->flags |= larg; return(0); default: break; diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index dbd82b3686..3d137badd0 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -726,8 +726,9 @@ int RAND_poll(void) #ifdef DEVRANDOM return 1; -#endif +#else return 0; +#endif } #endif diff --git a/openssl.spec b/openssl.spec index 33a47116d6..d00e461e37 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,15 +1,15 @@ %define libmaj 0 %define libmin 9 %define librel 6 -#%define librev +%define librev a Release: 1 %define openssldir /var/ssl Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl-engine -Version: %{libmaj}.%{libmin}.%{librel} -#Version: %{libmaj}.%{libmin}.%{librel}%{librev} +#Version: %{libmaj}.%{libmin}.%{librel} +Version: %{libmaj}.%{libmin}.%{librel}%{librev} Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz Copyright: Freely distributable Group: System Environment/Libraries @@ -96,8 +96,8 @@ perl util/perlpath.pl /usr/bin/perl #!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared %endif %ifarch alpha -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc -#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc shared +./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha +#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared %endif LD_LIBRARY_PATH=`pwd` make LD_LIBRARY_PATH=`pwd` make rehash @@ -105,7 +105,7 @@ LD_LIBRARY_PATH=`pwd` make test %install rm -rf $RPM_BUILD_ROOT -make install MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" +make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install # Rename manpages for x in $RPM_BUILD_ROOT/usr/man/man*/* @@ -119,19 +119,6 @@ install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib # Make backwards-compatibility symlink to ssleay ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay -# Install shared libs -install -m644 libcrypto.a $RPM_BUILD_ROOT/usr/lib -#!#install -m755 libcrypto.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib -install -m644 libssl.a $RPM_BUILD_ROOT/usr/lib -#!#install -m755 libssl.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib -( - cd $RPM_BUILD_ROOT/usr/lib - #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so.%{libmaj} - #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so - #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so.%{libmaj} - #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so -) - %clean rm -rf $RPM_BUILD_ROOT @@ -169,6 +156,21 @@ ldconfig ldconfig %changelog +* Thu Mar 22 2001 Richard Levitte <richard@levitte.org> +- Removed redundant subsection that re-installed libcrypto.a and libssl.a + as well. +* Thu Mar 15 2001 Jeremiah Johnson <jjohnson@penguincomputing.com> +- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and + libssl.so.0.9.6. As well as the subsection that created symlinks for + these. make install handles all this. +* Sat Oct 21 2000 Horms <horms@vergenet.net> +- Make sure symlinks are created by using -f flag to ln. + Otherwise some .so libraries are copied rather than + linked in the resulting binary RPM. This causes the package + to be larger than neccessary and makes ldconfig complain. +* Fri Oct 13 2000 Horms <horms@vergenet.net> +- Make defattr is set for files in all packages so packages built as + non-root will still be installed with files owned by root. * Thu Sep 14 2000 Richard Levitte <richard@levitte.org> - Changed to adapt to the new (supported) way of making shared libraries - Installs all static libraries, not just libRSAglue.a diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index c26df62c20..27e7fcc60a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -271,7 +271,9 @@ CERT *ssl_cert_dup(CERT *cert) return(ret); +#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */ err: +#endif #ifndef NO_RSA if (ret->rsa_tmp != NULL) RSA_free(ret->rsa_tmp); |