diff options
| author | Richard Levitte <levitte@openssl.org> | 2001-03-13 06:58:57 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2001-03-13 06:58:57 +0000 |
| commit | 1e6c9fc26f33a58bab5b2cba90841109534de982 (patch) | |
| tree | 845346a6f740547b53c2864a02168d25702db77e | |
| parent | 3d4bb90138b0586f88f44a67b7ea3b7ab4a88081 (diff) | |
| download | openssl-1e6c9fc26f33a58bab5b2cba90841109534de982.tar.gz | |
Merge of the 0.9.6-stable branch (continued after network interrupt).
61 files changed, 812 insertions, 250 deletions
@@ -2,6 +2,209 @@ OpenSSL CHANGES _______________ + Changes between 0.9.6 and 0.9.6a [xx XXX 2001] + + *) Fix a memory leak in err.c: free err_data string if necessary. + [Bodo Moeller] + + *) Implement ssl23_peek (analogous to ssl23_read), which previously + did not exist. + [Bodo Moeller] + + *) Replace rdtsc with _emit statements for VC++ version 5. + [Jeremy Cooper <jeremy@baymoo.org>] + + *) Make it possible to reuse SSLv2 sessions. + [Richard Levitte] + + *) In copy_email() check for >= 0 as a return value for + X509_NAME_get_index_by_NID() since 0 is a valid index. + [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>] + + *) Use better test patterns in bntest. + [Ulf Möller] + + *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling + the method-specific "init()" handler. Also clean up ex_data after + calling the method-specific "finish()" handler. Previously, this was + happening the other way round. + [Geoff Thorpe] + + *) Avoid coredump with unsupported or invalid public keys by checking if + X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when + PKCS7_verify() fails with non detached data. + [Steve Henson] + + *) Don't use getenv in library functions when run as setuid/setgid. + New function OPENSSL_issetugid(). + [Ulf Moeller] + + *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) + due to incorrect handling of multi-threading: + + 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). + + 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). + + 3. Count how many times MemCheck_off() has been called so that + nested use can be treated correctly. This also avoids + inband-signalling in the previous code (which relied on the + assumption that thread ID 0 is impossible). + [Bodo Moeller] + + *) Add "-rand" option also to s_client and s_server. + [Lutz Jaenicke] + + *) Fix CPU detection on Irix 6.x. + [Kurt Hockenbury <khockenb@stevens-tech.edu> and + "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] + + *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME + was empty. + [Steve Henson] + + *) Use the cached encoding of an X509_NAME structure rather than + copying it. This is apparently the reason for the libsafe "errors" + but the code is actually correct. + [Steve Henson] + + *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent + Bleichenbacher's DSA attack. + Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits + to be set and top=0 forces the highest bit to be set; top=-1 is new + and leaves the highest bit random. + [Ulf Moeller] + + *) In the NCONF_...-based implementations for CONF_... queries + (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using + a temporary CONF structure with the data component set to NULL + (which gives segmentation faults in lh_retrieve). + Instead, use NULL for the CONF pointer in CONF_get_string and + CONF_get_number (which may use environment variables) and directly + return NULL from CONF_get_section. + [Bodo Moeller] + + *) Fix potential buffer overrun for EBCDIC. + [Ulf Moeller] + + *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign + keyUsage if basicConstraints absent for a CA. + [Steve Henson] + + *) Make SMIME_write_PKCS7() write mail header values with a format that + is more generally accepted (no spaces before the semicolon), since + some programs can't parse those values properly otherwise. Also make + sure BIO's that break lines after each write do not create invalid + headers. + [Richard Levitte] + + *) Make the CRL encoding routines work with empty SEQUENCE OF. The + macros previously used would not encode an empty SEQUENCE OF + and break the signature. + [Steve Henson] + + *) Zero the premaster secret after deriving the master secret in + DH ciphersuites. + [Steve Henson] + + *) Add some EVP_add_digest_alias registrations (as found in + OpenSSL_add_all_digests()) to SSL_library_init() + aka OpenSSL_add_ssl_algorithms(). This provides improved + compatibility with peers using X.509 certificates + with unconventional AlgorithmIdentifier OIDs. + [Bodo Moeller] + + *) Fix for Irix with NO_ASM. + ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] + + *) ./config script fixes. + [Ulf Moeller, Richard Levitte] + + *) Fix 'openssl passwd -1'. + [Bodo Moeller] + + *) Change PKCS12_key_gen_asc() so it can cope with non null + terminated strings whose length is passed in the passlen + parameter, for example from PEM callbacks. This was done + by adding an extra length parameter to asc2uni(). + [Steve Henson, reported by <oddissey@samsung.co.kr>] + + *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn + call failed, free the DSA structure. + [Bodo Moeller] + + *) Fix to uni2asc() to cope with zero length Unicode strings. + These are present in some PKCS#12 files. + [Steve Henson] + + *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). + Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits + when writing a 32767 byte record. + [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>] + + *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), + obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. + + (RSA objects have a reference count access to which is protected + by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], + so they are meant to be shared between threads.) + [Bodo Moeller, Geoff Thorpe; original patch submitted by + "Reddie, Steven" <Steven.Reddie@ca.com>] + + *) Fix a deadlock in CRYPTO_mem_leaks(). + [Bodo Moeller] + + *) rand_win.c fix for Borland C. + [Ulf Möller] + + *) BN_rshift bugfix for n == 0. + [Bodo Moeller] + + *) Store verify_result within SSL_SESSION also for client side to + avoid potential security hole. (Re-used sessions on the client side + always resulted in verify_result==X509_V_OK, not using the original + result of the server certificate verification.) + [Lutz Jaenicke] + + *) Fix ssl3_pending: If the record in s->s3->rrec is not of type + SSL3_RT_APPLICATION_DATA, return 0. + Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true. + [Bodo Moeller] + + *) Fix SSL_peek: + Both ssl2_peek and ssl3_peek, which were totally broken in earlier + releases, have been re-implemented by renaming the previous + implementations of ssl2_read and ssl3_read to ssl2_read_internal + and ssl3_read_internal, respectively, and adding 'peek' parameters + to them. The new ssl[23]_{read,peek} functions are calls to + ssl[23]_read_internal with the 'peek' flag set appropriately. + A 'peek' parameter has also been added to ssl3_read_bytes, which + does the actual work for ssl3_read_internal. + [Bodo Moeller] + + *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. + The previous value, 12, was not always sufficient for BN_mod_exp(). + [Bodo Moeller] + + *) Fix typo in get_cert_by_subject() in by_dir.c + [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>] + + *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. + + Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new + and not in SSL_clear because the latter is also used by the + accept/connect functions; previously, the settings made by + SSL_set_read_ahead would be lost during the handshake. + [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>] + + *) Correct util/mkdef.pl to be selective about disabled algorithms. + Previously, it would create entries for disableed algorithms no + matter what. + [Richard Levitte] + + *) Added several new manual pages for SSL_* function. + [Lutz Jaenicke] + Changes between 0.9.5a and 0.9.6 [24 Sep 2000] *) In ssl23_get_client_hello, generate an error message when faced @@ -158,7 +158,7 @@ my %table=( "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC", "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC", "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:/usr/ccs/bin/ar rs", #### "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC", "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC", @@ -289,8 +289,8 @@ my %table=( # # <appro@fy.chalmers.se> # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC", "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", @@ -306,6 +306,7 @@ my %table=( "linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", +"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::", "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", @@ -451,10 +452,10 @@ my $md5_obj=""; my $sha1_obj=""; my $rmd160_obj=""; my $processor=""; -my $ranlib; +my $default_ranlib; my $perl; -$ranlib=&which("ranlib") or $ranlib="true"; +$default_ranlib= &which("ranlib") or $default_ranlib="true"; $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; @@ -653,7 +654,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//; print "IsWindows=$IsWindows\n"; (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, - $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)= + $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, my $ranlib)= split(/\s*:\s*/,$table{$target} . ":" x 22 , -1); $cflags="$flags$cflags" if ($flags ne ""); @@ -740,6 +741,15 @@ if ($shared_cflag ne "") $shared_mark2 = ".shlib."; } } +else + { + $no_shared = 1; + } + +if ($ranlib eq "") + { + $ranlib = $default_ranlib; + } #my ($bn1)=split(/\s+/,$bn_obj); #$bn1 = "" unless defined $bn1; @@ -1133,7 +1143,7 @@ sub print_table_entry (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops, my $bn_obj,my $des_obj,my $bf_obj, my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, - my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)= + my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $ranlib)= split(/\s*:\s*/,$table{$target} . ":" x 22 , -1); print <<EOF @@ -1157,5 +1167,6 @@ sub print_table_entry \$dso_scheme = $dso_scheme \$shared_target= $shared_target \$shared_cflag = $shared_cflag +\$ranlib = $ranlib EOF } @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile.org b/Makefile.org index d1fd33e56c..c617706a89 100644 --- a/Makefile.org +++ b/Makefile.org @@ -462,7 +462,8 @@ install: all install_docs if [ -f "$$i" ]; then \ ( echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + (echo $$i | grep '\\.a$$' > /dev/null 2>&1) \ + && $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi \ done @@ -19,6 +19,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** BC-32 $cc = bcc32 @@ -39,6 +40,7 @@ $rc5_obj = $dso_scheme = win32 $shared_target= $shared_cflag = +$ranlib = *** BS2000-OSD $cc = c89 @@ -59,6 +61,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** CygWin32 $cc = gcc @@ -79,6 +82,7 @@ $rc5_obj = $dso_scheme = win32 $shared_target= $shared_cflag = +$ranlib = *** FreeBSD $cc = gcc @@ -99,6 +103,7 @@ $rc5_obj = asm/r586-out.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** FreeBSD-alpha $cc = gcc @@ -119,6 +124,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** FreeBSD-elf $cc = gcc @@ -139,6 +145,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** MPE/iX-gcc $cc = gcc @@ -159,6 +166,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** Mingw32 $cc = gcc @@ -179,6 +187,7 @@ $rc5_obj = $dso_scheme = win32 $shared_target= $shared_cflag = +$ranlib = *** NetBSD-m68 $cc = gcc @@ -199,6 +208,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** NetBSD-sparc $cc = gcc @@ -219,6 +229,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** NetBSD-x86 $cc = gcc @@ -239,6 +250,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** OpenBSD $cc = gcc @@ -259,6 +271,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** OpenBSD-alpha $cc = gcc @@ -279,6 +292,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** OpenBSD-mips $cc = gcc @@ -299,6 +313,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** OpenBSD-x86 $cc = gcc @@ -319,6 +334,7 @@ $rc5_obj = asm/r586-out.o $dso_scheme = dlfcn $shared_target= $shared_cflag = +$ranlib = *** ReliantUNIX $cc = cc @@ -339,6 +355,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** SINIX $cc = cc @@ -359,6 +376,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** SINIX-N $cc = /usr/ucb/cc @@ -379,6 +397,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** VC-MSDOS $cc = cl @@ -399,6 +418,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** VC-NT $cc = cl @@ -419,6 +439,7 @@ $rc5_obj = $dso_scheme = win32 $shared_target= $shared_cflag = +$ranlib = *** VC-W31-16 $cc = cl @@ -439,6 +460,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** VC-W31-32 $cc = cl @@ -459,6 +481,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** VC-WIN16 $cc = cl @@ -479,6 +502,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** VC-WIN32 $cc = cl @@ -499,6 +523,7 @@ $rc5_obj = $dso_scheme = win32 $shared_target= $shared_cflag = +$ranlib = *** aix-cc $cc = cc @@ -519,6 +544,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** aix-gcc $cc = gcc @@ -539,6 +565,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** alpha-cc $cc = cc @@ -559,6 +586,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= true64-shared $shared_cflag = +$ranlib = *** alpha-gcc $cc = gcc @@ -579,6 +607,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= true64-shared $shared_cflag = +$ranlib = *** alpha164-cc $cc = cc @@ -599,6 +628,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= true64-shared $shared_cflag = +$ranlib = *** bsdi-elf-gcc $cc = gcc @@ -619,6 +649,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** bsdi-gcc $cc = gcc @@ -639,6 +670,7 @@ $rc5_obj = asm/r586bsdi.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** cc $cc = cc @@ -659,6 +691,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** cray-t3e $cc = cc @@ -679,6 +712,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** cray-t90-cc $cc = cc @@ -699,6 +733,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug $cc = gcc @@ -719,6 +754,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug-ben $cc = gcc @@ -739,6 +775,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug-ben-debug $cc = gcc @@ -759,6 +796,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug-ben-strict $cc = gcc @@ -779,6 +817,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug-bodo $cc = gcc @@ -799,6 +838,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug-levitte-linux-elf $cc = gcc @@ -819,6 +859,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= $shared_cflag = +$ranlib = *** debug-linux-elf $cc = gcc @@ -839,6 +880,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= $shared_cflag = +$ranlib = *** debug-linux-elf-noefence $cc = gcc @@ -859,6 +901,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= $shared_cflag = +$ranlib = *** debug-rse $cc = cc @@ -879,6 +922,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug-solaris-sparcv8-cc $cc = cc @@ -899,6 +943,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -KPIC +$ranlib = *** debug-solaris-sparcv8-gcc $cc = gcc @@ -919,6 +964,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC +$ranlib = *** debug-solaris-sparcv9-cc $cc = cc @@ -939,6 +985,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -KPIC +$ranlib = *** debug-solaris-sparcv9-gcc $cc = gcc @@ -959,6 +1006,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC +$ranlib = *** debug-steve $cc = gcc @@ -979,6 +1027,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** debug-ulf $cc = gcc @@ -999,6 +1048,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** dgux-R3-gcc $cc = gcc @@ -1019,6 +1069,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** dgux-R4-gcc $cc = gcc @@ -1039,6 +1090,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** dgux-R4-x86-gcc $cc = gcc @@ -1059,6 +1111,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** dist $cc = cc @@ -1079,6 +1132,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** gcc $cc = gcc @@ -1099,6 +1153,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** hpux-brokencc $cc = cc @@ -1119,6 +1174,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-brokengcc $cc = gcc @@ -1139,6 +1195,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-cc $cc = cc @@ -1159,6 +1216,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-gcc $cc = gcc @@ -1179,6 +1237,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-parisc-cc $cc = cc @@ -1199,6 +1258,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-parisc-cc-o4 $cc = cc @@ -1219,6 +1279,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-parisc-gcc $cc = gcc @@ -1239,6 +1300,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-parisc1_1-cc $cc = cc @@ -1259,6 +1321,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux-parisc2-cc $cc = cc @@ -1279,6 +1342,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux10-brokencc $cc = cc @@ -1299,6 +1363,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux10-brokengcc $cc = gcc @@ -1319,6 +1384,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux10-cc $cc = cc @@ -1339,6 +1405,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux10-gcc $cc = gcc @@ -1359,6 +1426,7 @@ $rc5_obj = $dso_scheme = dl $shared_target= $shared_cflag = +$ranlib = *** hpux64-parisc-cc $cc = cc @@ -1379,6 +1447,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= $shared_cflag = +$ranlib = *** hpux64-parisc2-cc $cc = cc @@ -1399,6 +1468,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= $shared_cflag = +$ranlib = *** irix-cc $cc = cc @@ -1419,6 +1489,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** irix-gcc $cc = gcc @@ -1439,6 +1510,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** irix-mips3-cc $cc = cc @@ -1459,6 +1531,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** irix-mips3-gcc $cc = gcc @@ -1479,6 +1552,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** irix64-mips4-cc $cc = cc @@ -1499,6 +1573,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** irix64-mips4-gcc $cc = gcc @@ -1519,6 +1594,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-alpha+bwx-ccc $cc = ccc @@ -1539,13 +1615,14 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-alpha+bwx-gcc $cc = gcc $cflags = -O3 -DL_ENDIAN -DTERMIO $unistd = $thread_cflag = -D_REENTRANT -$lflags = +$lflags = -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL $bn_obj = asm/alpha.o $des_obj = @@ -1556,9 +1633,10 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$ranlib = *** linux-alpha-ccc $cc = ccc @@ -1579,13 +1657,14 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-alpha-gcc $cc = gcc $cflags = -O3 -DL_ENDIAN -DTERMIO $unistd = $thread_cflag = -D_REENTRANT -$lflags = +$lflags = -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL $bn_obj = asm/alpha.o $des_obj = @@ -1596,9 +1675,10 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$ranlib = *** linux-aout $cc = gcc @@ -1619,6 +1699,7 @@ $rc5_obj = asm/r586-out.o $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-elf $cc = gcc @@ -1639,6 +1720,7 @@ $rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC +$ranlib = *** linux-elf-arm $cc = gcc @@ -1659,6 +1741,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC +$ranlib = *** linux-ia64 $cc = gcc @@ -1679,6 +1762,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-m68k $cc = gcc @@ -1699,6 +1783,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-mips $cc = gcc @@ -1719,6 +1804,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-ppc $cc = gcc @@ -1739,6 +1825,28 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = + +*** linux-s390 +$cc = gcc +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$lflags = +$bn_ops = BN_LLONG +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$ranlib = *** linux-sparcv7 $cc = gcc @@ -1759,6 +1867,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-sparcv8 $cc = gcc @@ -1779,6 +1888,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** linux-sparcv9 $cc = gcc @@ -1799,6 +1909,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** ncr-scde $cc = cc @@ -1819,6 +1930,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** newsos4-gcc $cc = gcc @@ -1839,6 +1951,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** nextstep $cc = cc @@ -1859,6 +1972,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** nextstep3.3 $cc = cc @@ -1879,6 +1993,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** purify $cc = purify gcc @@ -1899,6 +2014,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** qnx4 $cc = cc @@ -1919,6 +2035,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** rhapsody-ppc-cc $cc = cc @@ -1939,6 +2056,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** sco5-cc $cc = cc @@ -1959,6 +2077,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** sco5-gcc $cc = gcc @@ -1979,6 +2098,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** solaris-sparc-sc3 $cc = cc @@ -1999,6 +2119,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -KPIC +$ranlib = *** solaris-sparcv7-cc $cc = cc @@ -2019,6 +2140,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -KPIC +$ranlib = *** solaris-sparcv7-gcc $cc = gcc @@ -2039,6 +2161,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC +$ranlib = *** solaris-sparcv8-cc $cc = cc @@ -2059,6 +2182,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -KPIC +$ranlib = *** solaris-sparcv8-gcc $cc = gcc @@ -2079,6 +2203,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC +$ranlib = *** solaris-sparcv9-cc $cc = cc @@ -2099,6 +2224,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -KPIC +$ranlib = *** solaris-sparcv9-gcc $cc = gcc @@ -2119,6 +2245,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC +$ranlib = *** solaris-sparcv9-gcc27 $cc = gcc @@ -2139,6 +2266,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC +$ranlib = *** solaris-x86-gcc $cc = gcc @@ -2159,6 +2287,7 @@ $rc5_obj = asm/r586-sol.o $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC +$ranlib = *** solaris64-sparcv9-cc $cc = cc @@ -2179,6 +2308,7 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -KPIC +$ranlib = /usr/ccs/bin/ar rs *** sunos-gcc $cc = gcc @@ -2199,6 +2329,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** ultrix-cc $cc = cc @@ -2219,6 +2350,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** ultrix-gcc $cc = gcc @@ -2239,6 +2371,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** unixware-2.0 $cc = cc @@ -2259,6 +2392,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** unixware-2.0-pentium $cc = cc @@ -2279,6 +2413,7 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = *** unixware-7 $cc = cc @@ -2299,3 +2434,4 @@ $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = +$ranlib = diff --git a/apps/app_rand.c b/apps/app_rand.c index 1146f9f7f3..8a78e12eb7 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -177,8 +177,10 @@ long app_RAND_load_files(char *name) if (*n == '\0') break; egd=RAND_egd(n); - if (egd > 0) tot+=egd; - tot+=RAND_load_file(n,-1); + if (egd > 0) + tot+=egd; + else + tot+=RAND_load_file(n,-1); if (last) break; } if (tot > 512) diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl index eeee65ec41..2c7456e3eb 100644 --- a/apps/ca-cert.srl +++ b/apps/ca-cert.srl @@ -1 +1 @@ -05 +07 diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 67f054c645..34230b2cfb 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -313,7 +313,7 @@ bad: printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", bits_p,bits_p); printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); - printf("\t\treturn(NULL);\n"); + printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); printf("\treturn(dsa);\n\t}\n"); } diff --git a/apps/passwd.c b/apps/passwd.c index 6851a9927d..533b4692d0 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -315,7 +315,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) strncat(out_buf, "$", 1); strncat(out_buf, salt, 8); assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ - salt_out = out_buf + 6; + salt_out = out_buf + 2 + strlen(magic); salt_len = strlen(salt_out); assert(salt_len <= 8); diff --git a/apps/pca-cert.srl b/apps/pca-cert.srl index 8a0f05e166..2c7456e3eb 100644 --- a/apps/pca-cert.srl +++ b/apps/pca-cert.srl @@ -1 +1 @@ -01 +07 diff --git a/apps/req.c b/apps/req.c index 0751d92201..ca8dc87957 100644 --- a/apps/req.c +++ b/apps/req.c @@ -725,16 +725,15 @@ loop: if (newreq || x509) { -#ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) - digest=EVP_dss1(); -#endif - if (pkey == NULL) { BIO_printf(bio_err,"you need to specify a private key\n"); goto end; } +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + digest=EVP_dss1(); +#endif if (req == NULL) { req=X509_REQ_new(); diff --git a/apps/rsautl.c b/apps/rsautl.c index 2ef75649dd..95fce436bb 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -55,6 +55,9 @@ * Hudson (tjh@cryptsoft.com). * */ + +#ifndef NO_RSA + #include "apps.h" #include <string.h> #include <openssl/err.h> @@ -313,3 +316,4 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); } +#endif diff --git a/apps/s_client.c b/apps/s_client.c index e0898795ee..e1f48444d5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -153,8 +153,8 @@ static void sc_usage(void) BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err," command to see what is available\n"); + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); - } int MAIN(int, char **); @@ -347,7 +347,14 @@ bad: goto end; } - app_RAND_load_file(NULL, bio_err, 0); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + && !RAND_status()) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); if (bio_c_out == NULL) { diff --git a/apps/s_server.c b/apps/s_server.c index 3a7c62350a..314ff4c79e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -245,6 +245,7 @@ static void sv_usage(void) BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); } @@ -598,7 +599,14 @@ bad: goto end; } - app_RAND_load_file(NULL, bio_err, 0); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + && !RAND_status()) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); if (bio_s_out == NULL) { @@ -716,7 +724,8 @@ bad: #ifndef NO_RSA #if 1 - SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); + if (!no_tmp_rsa) + SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); #else if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) { diff --git a/apps/server.pem b/apps/server.pem index c57b32507d..56248e57a3 100644 --- a/apps/server.pem +++ b/apps/server.pem @@ -1,17 +1,17 @@ issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) -subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) +subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) -----BEGIN CERTIFICATE----- -MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD -VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4 -MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0 +MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// -Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9 -JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO -IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ -FUGcPZf9ND22Etc+AQ== +Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4 +GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM +k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz +itAE+OjGF+PFKbwX8Q== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD diff --git a/certs/rsa-ssca.pem b/certs/rsa-ssca.pem deleted file mode 100644 index c9403212d1..0000000000 --- a/certs/rsa-ssca.pem +++ /dev/null @@ -1,19 +0,0 @@ -subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority -issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority -notBefore=941109235417Z -notAfter =991231235417Z ------BEGIN X509 CERTIFICATE----- - -MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw -HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl -IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda -Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0 -YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB -roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12 -aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc -HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A -iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7 -suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h -cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk= ------END X509 CERTIFICATE----- @@ -168,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in ;; NetBSD:*:*:*386*) - echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 + echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 ;; NetBSD:*) @@ -393,10 +393,16 @@ case "$GUESSOS" in ;; mips4-sgi-irix64) echo "WARNING! If you wish to build 64-bit library, then you have to" - echo " invoke './Configre irix64-mips4-$CC' *manually*." - echo " Type Ctrl-C if you don't want to continue." + echo " invoke './Configure irix64-mips4-$CC' *manually*." + echo " Type return if you want to continue, Ctrl-C to abort." read waste < /dev/tty - options="$options -mips4" + CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + CPU=${CPU:-0} + if [ $CPU -ge 5000 ]; then + options="$options -mips4" + else + options="$options -mips3" + fi OUT="irix-mips3-$CC" ;; alpha-*-linux2) @@ -423,11 +429,11 @@ case "$GUESSOS" in #till 64-bit glibc for SPARC is operational:-( #echo "WARNING! If you wish to build 64-bit library, then you have to" #echo " invoke './Configure linux64-sparcv9' *manually*." - #echo " Type Ctrl-C if you don't want to continue." + #echo " Type return if you want to continue, Ctrl-C to abort." #read waste < /dev/tty OUT="linux-sparcv9" ;; sparc-*-linux2) - KARCH=`awk '/type/{print$3}' /proc/cpuinfo` + KARCH=`awk '/^type/{print$3}' /proc/cpuinfo` case ${KARCH:-sun4} in sun4u*) OUT="linux-sparcv9" ;; sun4m) OUT="linux-sparcv8" ;; @@ -435,6 +441,7 @@ case "$GUESSOS" in *) OUT="linux-sparcv7" ;; esac ;; arm*-*-linux2) OUT="linux-elf-arm" ;; + s390-*-linux2) OUT="linux-s390" ;; *-*-linux2) OUT="linux-elf" ;; *-*-linux1) OUT="linux-aout" ;; sun4u*-*-solaris2) @@ -442,7 +449,7 @@ case "$GUESSOS" in if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then echo "WARNING! If you wish to build 64-bit library, then you have to" echo " invoke './Configure solaris64-sparcv9-cc' *manually*." - echo " Type Ctrl-C if you don't want to continue." + echo " Type return if you want to continue, Ctrl-C to abort." read waste < /dev/tty fi OUT="solaris-sparcv9-$CC" ;; @@ -573,7 +580,7 @@ OUT="$PREFIX$OUT" $PERL ./Configure LIST | grep "$OUT" > /dev/null if [ $? = "0" ]; then - #echo Configuring for $OUT + echo Configuring for $OUT if [ "$TEST" = "true" ]; then echo $PERL ./Configure $OUT $options diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 37c5d9f916..7108e2c1e0 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a -LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c -LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o +LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c +LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o SRC= $(LIBSRC) @@ -90,7 +90,8 @@ links: lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib libs: diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index eae97f321d..269af44593 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -75,7 +75,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 6b10cff994..732e68fe46 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, if(tbl) { mask = tbl->mask; if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; - ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, + ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, tbl->minsize, tbl->maxsize); } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); if(ret <= 0) return NULL; diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h index 4512ba6cc6..af0e664b2d 100644 --- a/crypto/asn1/asn1_mac.h +++ b/crypto/asn1/asn1_mac.h @@ -196,6 +196,9 @@ err:\ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ M_ASN1_I2D_put_SEQUENCE_type(type,a,f); +#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \ + if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f); + #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ if ((c.slen != 0) && \ (M_ASN1_next == \ @@ -389,6 +392,9 @@ err:\ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ M_ASN1_I2D_len_SEQUENCE_type(type,a,f); +#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \ + if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f); + #define M_ASN1_I2D_len_IMP_SET(a,f,x) \ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); @@ -452,6 +458,15 @@ err:\ ret+=ASN1_object_size(1,v,mtag); \ } +#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \ + if (a)\ + { \ + v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ + V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + ret+=ASN1_object_size(1,v,mtag); \ + } + /* Put Macros */ #define M_ASN1_I2D_put(a,f) f(a,&p) @@ -536,6 +551,14 @@ err:\ IS_SEQUENCE); \ } +#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \ + if (a) \ + { \ + ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ + i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ + IS_SEQUENCE); \ + } + #define M_ASN1_I2D_seq_total() \ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ if (pp == NULL) return(r); \ diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 1f302d0e01..51518cdf35 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp) M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION); M_ASN1_I2D_seq_total(); M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME); - M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION); M_ASN1_I2D_finish(); @@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); } M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked, i2d_X509_REVOKED); - M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION,0, V_ASN1_SEQUENCE,v1); @@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp) { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); } M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked, i2d_X509_REVOKED); - M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, + M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions, i2d_X509_EXTENSION,0, V_ASN1_SEQUENCE,v1); @@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void) M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new); ret->nextUpdate=NULL; M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null); - M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null); + ret->extensions = NULL; sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp); return(ret); M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW); diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index b832deb928..585a375c48 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -141,8 +141,9 @@ static int i2d_X509_NAME_entries(X509_NAME *a) } size+=i2d_X509_NAME_ENTRY(ne,NULL); } - - ret+=ASN1_object_size(1,size,V_ASN1_SET); + /* If empty no extra SET OF needed */ + if (ret) + ret+=ASN1_object_size(1,size,V_ASN1_SET); if (fe != NULL) fe->size=size; diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl index adc9eec3c6..2d61ec50f4 100644 --- a/crypto/bf/Makefile.ssl +++ b/crypto/bf/Makefile.ssl @@ -44,7 +44,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl index af5998b102..00caa9f7eb 100644 --- a/crypto/bio/Makefile.ssl +++ b/crypto/bio/Makefile.ssl @@ -49,7 +49,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 64310058b4..62cc3f1a0c 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip) /* At this point, we have something that is most probably correct in some way, so let's init the socket. */ - if (!BIO_sock_init()) - return(0); /* don't generate another error code here */ + if (BIO_sock_init() != 1) + return 0; /* don't generate another error code here */ /* If the string actually contained an IP address, we need not do anything more */ @@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode) { int ret=0; struct sockaddr_in server,client; - int s= -1,cs; + int s=INVALID_SOCKET,cs; unsigned char ip[4]; unsigned short port; - char *str,*e; + char *str=NULL,*e; const char *h,*p; unsigned long l; int err_num; - if (!BIO_sock_init()) return(INVALID_SOCKET); + if (BIO_sock_init() != 1) return(INVALID_SOCKET); if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET); @@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) h="*"; } - if (!BIO_get_port(p,&port)) return(INVALID_SOCKET); + if (!BIO_get_port(p,&port)) goto err; memset((char *)&server,0,sizeof(server)); server.sin_family=AF_INET; @@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) server.sin_addr.s_addr=INADDR_ANY; else { - if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET); + if (!BIO_get_host_ip(h,&(ip[0]))) goto err; l=(unsigned long) ((unsigned long)ip[0]<<24L)| ((unsigned long)ip[1]<<16L)| diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index 85be16a5b6..ad36267e26 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -68,7 +68,8 @@ bnbug: bnbug.c ../../libcrypto.a top lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s index 7239aa2c76..af9730d062 100644 --- a/crypto/bn/asm/pa-risc2.s +++ b/crypto/bn/asm/pa-risc2.s @@ -1611,7 +1611,7 @@ bn_mul_comba4 .IMPORT $global$,DATA .SPACE $TEXT$ .SUBSPA $CODE$ - .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 + .SUBSPA $LIT$,ACCESS=0x2c C$7 .ALIGN 8 .STRINGZ "Division would overflow (%d)\n" diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s index 54b6606252..a99545754d 100644 --- a/crypto/bn/asm/pa-risc2W.s +++ b/crypto/bn/asm/pa-risc2W.s @@ -1598,7 +1598,7 @@ bn_mul_comba4 .IMPORT $global$,DATA .SPACE $TEXT$ .SUBSPA $CODE$ - .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 + .SUBSPA $LIT$,ACCESS=0x2c C$4 .ALIGN 8 .STRINGZ "Division would overflow (%d)\n" diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 1eb8395b25..b232c2ceae 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -239,7 +239,7 @@ typedef struct bignum_st } BIGNUM; /* Used for temp variables */ -#define BN_CTX_NUM 12 +#define BN_CTX_NUM 16 #define BN_CTX_NUM_POS 12 typedef struct bignum_ctx { @@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_rand_range(BIGNUM *rnd, BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); @@ -467,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); # define bn_dump(a,b) #endif +int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -493,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); #define BN_F_BN_MPI2BN 112 #define BN_F_BN_NEW 113 #define BN_F_BN_RAND 114 +#define BN_F_BN_RAND_RANGE 122 #define BN_F_BN_USUB 115 /* Reason codes. */ #define BN_R_ARG2_LT_ARG3 100 #define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 114 #define BN_R_CALLED_WITH_EVEN_MODULUS 102 #define BN_R_DIV_BY_ZERO 103 #define BN_R_ENCODING_ERROR 104 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 #define BN_R_INVALID_LENGTH 106 +#define BN_R_INVALID_RANGE 115 #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index c3772c243b..891b602631 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX_start(ctx); tmp=BN_CTX_get(ctx); - tmp->neg=0; snum=BN_CTX_get(ctx); sdiv=BN_CTX_get(ctx); if (dv == NULL) res=BN_CTX_get(ctx); else res=dv; - if (res == NULL) goto err; + if (sdiv==NULL || res == NULL) goto err; + tmp->neg=0; /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); @@ -237,7 +237,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, for (i=0; i<loop-1; i++) { BN_ULONG q,l0; -#ifdef BN_DIV3W +#if defined(BN_DIV3W) && !defined(NO_ASM) q=bn_div_3_words(wnump,d1,d0); #else BN_ULONG n0,n1,rem=0; diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 86550c4c21..adc6a214fc 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]= {ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, {ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, {ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, +{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, {ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, {0,NULL} }; @@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]= { {BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, {BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, +{BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, {BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, {BN_R_DIV_BY_ZERO ,"div by zero"}, {BN_R_ENCODING_ERROR ,"encoding error"}, {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, {BN_R_INVALID_LENGTH ,"invalid length"}, +{BN_R_INVALID_RANGE ,"invalid range"}, {BN_R_NOT_INITIALIZED ,"not initialized"}, {BN_R_NO_INVERSE ,"no inverse"}, {BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index b6b0ce4b3c..7767d65170 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -62,6 +62,7 @@ #endif #include <assert.h> +#include <limits.h> #include <stdio.h> #include "cryptlib.h" #include "bn_lcl.h" @@ -319,6 +320,12 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) if (words > b->dmax) { + if (words > (INT_MAX/(4*BN_BITS2))) + { + BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG); + return NULL; + } + bn_check_top(b); if (BN_get_flags(b,BN_FLG_STATIC_DATA)) { diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 21ecbc04ed..acd0619921 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) bytes=(bits+7)/8; bit=(bits-1)%8; - mask=0xff<<bit; + mask=0xff<<(bit+1); buf=(unsigned char *)OPENSSL_malloc(bytes); if (buf == NULL) @@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) goto err; } - if (top) +#if 1 + if (pseudorand == 2) { - if (bit == 0) + /* generate patterns that are more likely to trigger BN + library bugs */ + int i; + unsigned char c; + + for (i = 0; i < bytes; i++) + { + RAND_pseudo_bytes(&c, 1); + if (c >= 128 && i > 0) + buf[i] = buf[i-1]; + else if (c < 42) + buf[i] = 0; + else if (c < 84) + buf[i] = 255; + } + } +#endif + + if (top != -1) + { + if (top) { - buf[0]=1; - buf[1]|=0x80; + if (bit == 0) + { + buf[0]=1; + buf[1]|=0x80; + } + else + { + buf[0]|=(3<<(bit-1)); + } } else { - buf[0]|=(3<<(bit-1)); - buf[0]&= ~(mask<<1); + buf[0]|=(1<<bit); } } - else - { - buf[0]|=(1<<bit); - buf[0]&= ~(mask<<1); - } - if (bottom) /* set bottom bits to whatever odd is */ + buf[0] &= ~mask; + if (bottom) /* set bottom bit if requested */ buf[bytes-1]|=1; if (!BN_bin2bn(buf,bytes,rnd)) goto err; ret=1; @@ -140,3 +163,61 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(1, rnd, bits, top, bottom); } + +#if 1 +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) + { + return bnrand(2, rnd, bits, top, bottom); + } +#endif + +/* random number r: 0 <= r < range */ +int BN_rand_range(BIGNUM *r, BIGNUM *range) + { + int n; + + if (range->neg || BN_is_zero(range)) + { + BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); + return 0; + } + + n = BN_num_bits(range); /* n > 0 */ + + if (n == 1) + { + if (!BN_zero(r)) return 0; + } + else if (BN_is_bit_set(range, n - 2)) + { + do + { + /* range = 11..._2, so each iteration succeeds with probability >= .75 */ + if (!BN_rand(r, n, -1, 0)) return 0; + } + while (BN_cmp(r, range) >= 0); + } + else + { + /* range = 10..._2, + * so 3*range (= 11..._2) is exactly one bit longer than range */ + do + { + if (!BN_rand(r, n + 1, -1, 0)) return 0; + /* If r < 3*range, use r := r MOD range + * (which is either r, r - range, or r - 2*range). + * Otherwise, iterate once more. + * Since 3*range = 11..._2, each iteration succeeds with + * probability >= .75. */ + if (BN_cmp(r ,range) >= 0) + { + if (!BN_sub(r, r, range)) return 0; + if (BN_cmp(r, range) >= 0) + if (!BN_sub(r, r, range)) return 0; + } + } + while (BN_cmp(r, range) >= 0); + } + + return 1; + } diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 0883247384..c2608f9f4a 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n) r->neg=a->neg; if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); } + else + { + if (n == 0) + return 1; /* or the copying loop will go berserk */ + } f= &(a->d[nw]); t=r->d; diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 0a97af69c5..af0c2629e8 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think static void message(BIO *out, char *m) { fprintf(stderr, "test %s\n", m); -#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */ BIO_puts(out, "print \"test "); BIO_puts(out, m); BIO_puts(out, "\\n\"\n"); -#endif } int main(int argc, char *argv[]) @@ -122,9 +120,7 @@ int main(int argc, char *argv[]) results = 0; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't - * even check its return value - * (which we should) */ + RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ argc--; argv++; @@ -253,10 +249,10 @@ int test_add(BIO *bp) BN_init(&b); BN_init(&c); - BN_rand(&a,512,0,0); + BN_bntest_rand(&a,512,0,0); for (i=0; i<num0; i++) { - BN_rand(&b,450+i,0,0); + BN_bntest_rand(&b,450+i,0,0); a.neg=rand_neg(); b.neg=rand_neg(); if (bp == NULL) @@ -305,14 +301,14 @@ int test_sub(BIO *bp) { if (i < num1) { - BN_rand(&a,512,0,0); + BN_bntest_rand(&a,512,0,0); BN_copy(&b,&a); if (BN_set_bit(&a,i)==0) return(0); BN_add_word(&b,i); } else { - BN_rand(&b,400+i-num1,0,0); + BN_bntest_rand(&b,400+i-num1,0,0); a.neg=rand_neg(); b.neg=rand_neg(); } @@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx) { if (i < num1) { - BN_rand(&a,400,0,0); + BN_bntest_rand(&a,400,0,0); BN_copy(&b,&a); BN_lshift(&a,&a,i); BN_add_word(&a,i); } else - BN_rand(&b,50+3*(i-num1),0,0); + BN_bntest_rand(&b,50+3*(i-num1),0,0); a.neg=rand_neg(); b.neg=rand_neg(); if (bp == NULL) @@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx) { if (i < num1) { - BN_rand(&a,400,0,0); + BN_bntest_rand(&a,400,0,0); BN_copy(&b,&a); BN_lshift(&a,&a,i); BN_add_word(&a,i); } else - BN_rand(&b,50+3*(i-num1),0,0); + BN_bntest_rand(&b,50+3*(i-num1),0,0); a.neg=rand_neg(); b.neg=rand_neg(); BN_RECP_CTX_set(&recp,&b,ctx); @@ -509,11 +505,11 @@ int test_mul(BIO *bp) { if (i <= num1) { - BN_rand(&a,100,0,0); - BN_rand(&b,100,0,0); + BN_bntest_rand(&a,100,0,0); + BN_bntest_rand(&b,100,0,0); } else - BN_rand(&b,i-num1,0,0); + BN_bntest_rand(&b,i-num1,0,0); a.neg=rand_neg(); b.neg=rand_neg(); if (bp == NULL) @@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx) for (i=0; i<num0; i++) { - BN_rand(&a,40+i*10,0,0); + BN_bntest_rand(&a,40+i*10,0,0); a.neg=rand_neg(); if (bp == NULL) for (j=0; j<100; j++) @@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx) mont=BN_MONT_CTX_new(); - BN_rand(&a,100,0,0); /**/ - BN_rand(&b,100,0,0); /**/ + BN_bntest_rand(&a,100,0,0); /**/ + BN_bntest_rand(&b,100,0,0); /**/ for (i=0; i<num2; i++) { int bits = (200*(i+1))/num2; if (bits == 0) continue; - BN_rand(&n,bits,0,1); + BN_bntest_rand(&n,bits,0,1); BN_MONT_CTX_set(mont,&n,ctx); BN_to_montgomery(&A,&a,mont,ctx); @@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(a,1024,0,0); /**/ + BN_bntest_rand(a,1024,0,0); /**/ for (i=0; i<num0; i++) { - BN_rand(b,450+i*10,0,0); /**/ + BN_bntest_rand(b,450+i*10,0,0); /**/ a->neg=rand_neg(); b->neg=rand_neg(); if (bp == NULL) @@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(c,1024,0,0); /**/ + BN_bntest_rand(c,1024,0,0); /**/ for (i=0; i<num0; i++) { - BN_rand(a,475+i*10,0,0); /**/ - BN_rand(b,425+i*11,0,0); /**/ + BN_bntest_rand(a,475+i*10,0,0); /**/ + BN_bntest_rand(b,425+i*11,0,0); /**/ a->neg=rand_neg(); b->neg=rand_neg(); /* if (bp == NULL) @@ -794,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) d=BN_new(); e=BN_new(); - BN_rand(c,30,0,1); /* must be odd for montgomery */ + BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */ for (i=0; i<num2; i++) { - BN_rand(a,20+i*5,0,0); /**/ - BN_rand(b,2+i,0,0); /**/ + BN_bntest_rand(a,20+i*5,0,0); /**/ + BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_mod_exp(d,a,b,c,ctx)) return(00); @@ -848,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx) for (i=0; i<num2; i++) { - BN_rand(a,20+i*5,0,0); /**/ - BN_rand(b,2+i,0,0); /**/ + BN_bntest_rand(a,20+i*5,0,0); /**/ + BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_exp(d,a,b,ctx)) return(00); @@ -899,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_) else { a=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); } for (i=0; i<num0; i++) @@ -951,7 +947,7 @@ int test_lshift1(BIO *bp) b=BN_new(); c=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { @@ -995,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx) e=BN_new(); BN_one(c); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { @@ -1038,7 +1034,7 @@ int test_rshift1(BIO *bp) b=BN_new(); c=BN_new(); - BN_rand(a,200,0,0); /**/ + BN_bntest_rand(a,200,0,0); /**/ a->neg=rand_neg(); for (i=0; i<num0; i++) { diff --git a/crypto/buffer/Makefile.ssl b/crypto/buffer/Makefile.ssl index 4e11038c8b..c088ec6b3c 100644 --- a/crypto/buffer/Makefile.ssl +++ b/crypto/buffer/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/cast/Makefile.ssl b/crypto/cast/Makefile.ssl index afba084e8b..0aa1cbc55a 100644 --- a/crypto/cast/Makefile.ssl +++ b/crypto/cast/Makefile.ssl @@ -47,7 +47,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib # elf diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index 3064df2447..ba705c2a1c 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -42,7 +42,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index ea82d46727..a96212252a 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -40,7 +40,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 2f70634455..cd40a0db21 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -167,6 +167,8 @@ int NCONF_dump_bio(CONF *conf, BIO *out); #define CONF_R_MISSING_EQUAL_SIGN 101 #define CONF_R_NO_CLOSE_BRACE 102 #define CONF_R_NO_CONF 105 +#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +#define CONF_R_NO_SECTION 107 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 #define CONF_R_VARIABLE_HAS_NO_VALUE 104 diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index 06d3163573..8c2bc6f1c4 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -87,6 +87,8 @@ static ERR_STRING_DATA CONF_str_reasons[]= {CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, {CONF_R_NO_CLOSE_BRACE ,"no close brace"}, {CONF_R_NO_CONF ,"no conf"}, +{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, +{CONF_R_NO_SECTION ,"no section"}, {CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, {CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, {0,NULL} diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 4c8ca9e9ae..11ec639732 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -131,38 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section) { - CONF ctmp; + if (conf == NULL) + { + return NULL; + } + else + { + CONF ctmp; - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); - default_CONF_method->init(&ctmp); - ctmp.data = conf; - return NCONF_get_section(&ctmp, section); + default_CONF_method->init(&ctmp); + ctmp.data = conf; + return NCONF_get_section(&ctmp, section); + } } char *CONF_get_string(LHASH *conf,char *group,char *name) { - CONF ctmp; + if (conf == NULL) + { + return NCONF_get_string(NULL, group, name); + } + else + { + CONF ctmp; - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); - default_CONF_method->init(&ctmp); - ctmp.data = conf; - return NCONF_get_string(&ctmp, group, name); + default_CONF_method->init(&ctmp); + ctmp.data = conf; + return NCONF_get_string(&ctmp, group, name); + } } long CONF_get_number(LHASH *conf,char *group,char *name) { - CONF ctmp; + if (conf == NULL) + { + return NCONF_get_number(NULL, group, name); + } + else + { + CONF ctmp; - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); - default_CONF_method->init(&ctmp); - ctmp.data = conf; - return NCONF_get_number(&ctmp, group, name); + default_CONF_method->init(&ctmp); + ctmp.data = conf; + return NCONF_get_number(&ctmp, group, name); + } } void CONF_free(LHASH *conf) @@ -299,27 +320,46 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section) return NULL; } + if (section == NULL) + { + CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION); + return NULL; + } + return _CONF_get_section_values(conf, section); } char *NCONF_get_string(CONF *conf,char *group,char *name) { + char *s = _CONF_get_string(conf, group, name); + + /* Since we may get a value from an environment variable even + if conf is NULL, let's check the value first */ + if (s) return s; + if (conf == NULL) { - CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF); + CONFerr(CONF_F_NCONF_GET_STRING, + CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); return NULL; } - - return _CONF_get_string(conf, group, name); + return NULL; } long NCONF_get_number(CONF *conf,char *group,char *name) { +#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding + an environment variable with a suitable name. Unfortunately, there's + no way with the current API to see if we found one or not... + The meaning of this is that if a number is not found anywhere, it + will always default to 0. */ if (conf == NULL) { - CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF); + CONFerr(CONF_F_NCONF_GET_NUMBER, + CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); return 0; } +#endif return _CONF_get_number(conf, group, name); } diff --git a/crypto/crypto.h b/crypto/crypto.h index 52ee97b71a..9257673279 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -278,6 +278,8 @@ int CRYPTO_is_mem_check_on(void); const char *SSLeay_version(int type); unsigned long SSLeay(void); +int OPENSSL_issetugid(void); + int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index b3cfe3dab6..28e58f4207 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -57,7 +57,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib des: des.o cbc3_enc.o lib diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index 4616ca2b20..ec0e1ec5a3 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 6915d79dcc..22b087b778 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -100,7 +100,6 @@ DH_METHOD *DH_OpenSSL(void) static int generate_key(DH *dh) { int ok=0; - unsigned int i; BN_CTX ctx; BN_MONT_CTX *mont; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -109,15 +108,11 @@ static int generate_key(DH *dh) if (dh->priv_key == NULL) { - i=dh->length; - if (i == 0) - { - /* Make the number p-1 bits long */ - i=BN_num_bits(dh->p)-1; - } priv_key=BN_new(); if (priv_key == NULL) goto err; - if (!BN_rand(priv_key,i,0,0)) goto err; + do + if (!BN_rand_range(priv_key, dh->p)) goto err; + while (BN_is_zero(priv_key)); } else priv_key=dh->priv_key; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 66803b5565..96f118c153 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -168,13 +168,13 @@ DH *DH_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references = 1; ret->flags=meth->flags; + CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { + CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data); OPENSSL_free(ret); ret=NULL; } - else - CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data); return(ret); } @@ -196,12 +196,12 @@ void DH_free(DH *r) } #endif - CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); - meth = ENGINE_get_DH(r->engine); if(meth->finish) meth->finish(r); ENGINE_finish(r->engine); + CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); + if (r->p != NULL) BN_clear_free(r->p); if (r->g != NULL) BN_clear_free(r->g); if (r->q != NULL) BN_clear_free(r->q); diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 24758c64cd..70899e8278 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index af3c56d770..86cacfb3b9 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -68,7 +68,6 @@ int DSA_generate_key(DSA *dsa) { int ok=0; - unsigned int i; BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -81,15 +80,9 @@ int DSA_generate_key(DSA *dsa) else priv_key=dsa->priv_key; - i=BN_num_bits(dsa->q); - for (;;) - { - if (!BN_rand(priv_key,i,0,0)) - goto err; - if (BN_cmp(priv_key,dsa->q) >= 0) - BN_sub(priv_key,priv_key,dsa->q); - if (!BN_is_zero(priv_key)) break; - } + do + if (!BN_rand_range(priv_key,dsa->q)) goto err; + while (BN_is_zero(priv_key)); if (dsa->pub_key == NULL) { diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index b31b946ad3..15f667a203 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -173,13 +173,13 @@ DSA *DSA_new_method(ENGINE *engine) ret->references=1; ret->flags=meth->flags; + CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data); if ((meth->init != NULL) && !meth->init(ret)) { + CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data); OPENSSL_free(ret); ret=NULL; } - else - CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data); return(ret); } @@ -204,12 +204,12 @@ void DSA_free(DSA *r) } #endif - CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); - meth = ENGINE_get_DSA(r->engine); if(meth->finish) meth->finish(r); ENGINE_finish(r->engine); + CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); + if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->g != NULL) BN_clear_free(r->g); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 96295dc24f..72878e193f 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -180,13 +180,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) kinv=NULL; /* Get random k */ - for (;;) - { - if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err; - if (BN_cmp(&k,dsa->q) >= 0) - BN_sub(&k,&k,dsa->q); - if (!BN_is_zero(&k)) break; - } + do + if (!BN_rand_range(&k, dsa->q)) goto err; + while (BN_is_zero(&k)); if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) { diff --git a/crypto/dso/Makefile.ssl b/crypto/dso/Makefile.ssl index effc46d2dc..33630e0bbb 100644 --- a/crypto/dso/Makefile.ssl +++ b/crypto/dso/Makefile.ssl @@ -41,7 +41,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 69810fc3bb..f661ec5bfb 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -187,7 +187,7 @@ static void *dl_bind_var(DSO *dso, const char *symname) DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); return(NULL); } - if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) + if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); return(NULL); @@ -216,7 +216,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); return(NULL); } - if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) + if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); return(NULL); diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl index c4cfaef3f0..0e6d307e3b 100644 --- a/crypto/err/Makefile.ssl +++ b/crypto/err/Makefile.ssl @@ -39,7 +39,8 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + @echo You may get an error following this line. Please ignore. + - $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/err/err.c b/crypto/err/err.c index 99272e437c..92b7891c26 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -464,7 +464,15 @@ static unsigned long get_error_values(int inc, const char **file, int *line, } } - if (data != NULL) + if (data == NULL) + { + if (inc && (es->err_data[i] != NULL) && (es->err_data_flags[i] & ERR_TXT_MALLOCED)) + { + OPENSSL_free(es->err_data[i]); + es->err_data[i] = NULL; + } + } + else { if (es->err_data[i] == NULL) { diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 1ee88da2a8..739e543d78 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -101,7 +101,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long ret=idx; err: MemCheck_on(); - return(idx); + return(ret); } int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 866c53e73a..ef19d8f844 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -81,7 +81,8 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF; */ static unsigned long order = 0; /* number of memory requests */ -static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ +static LHASH *mh=NULL; /* hash-table of memory requests (address as key); + * access requires MALLOC2 lock */ typedef struct app_mem_info_st @@ -103,7 +104,8 @@ typedef struct app_mem_info_st static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's * that are at the top of their thread's stack - * (with `thread' as key) */ + * (with `thread' as key); + * access requires MALLOC2 lock */ typedef struct mem_st /* memory-block description */ @@ -128,7 +130,15 @@ static long options = /* extra information to be recorded */ 0; -static unsigned long disabling_thread = 0; +static unsigned int num_disable = 0; /* num_disable > 0 + * iff + * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) + */ +static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. + * CRYPTO_LOCK_MALLOC2 is locked + * exactly in this case (by the + * thread named in disabling_thread). + */ int CRYPTO_mem_ctrl(int mode) { @@ -137,22 +147,23 @@ int CRYPTO_mem_ctrl(int mode) CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); switch (mode) { - /* for applications: */ + /* for applications (not to be called while multiple threads + * use the library): */ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; - disabling_thread = 0; + num_disable = 0; break; case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ mh_mode = 0; - disabling_thread = 0; + num_disable = 0; /* should be true *before* MemCheck_stop is used, + or there'll be a lot of confusion */ break; /* switch off temporarily (for library-internal use): */ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ if (mh_mode & CRYPTO_MEM_CHECK_ON) { - mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE; - if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */ + if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */ { /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if @@ -169,18 +180,23 @@ int CRYPTO_mem_ctrl(int mode) * OpenSSL threads. */ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; disabling_thread=CRYPTO_thread_id(); } + num_disable++; } break; case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ if (mh_mode & CRYPTO_MEM_CHECK_ON) { - mh_mode|=CRYPTO_MEM_CHECK_ENABLE; - if (disabling_thread != 0) + if (num_disable) /* always true, or something is going wrong */ { - disabling_thread=0; - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + num_disable--; + if (num_disable == 0) + { + mh_mode|=CRYPTO_MEM_CHECK_ENABLE; + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + } } } break; @@ -198,12 +214,12 @@ int CRYPTO_is_mem_check_on(void) if (mh_mode & CRYPTO_MEM_CHECK_ON) { - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) - && disabling_thread != CRYPTO_thread_id(); + || (disabling_thread != CRYPTO_thread_id()); - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); } return(ret); } @@ -293,7 +309,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) if (is_MemCheck_on()) { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* obtain MALLOC2 lock */ if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) { @@ -330,7 +346,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) ami->next=amim; } err: - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock */ } return(ret); @@ -342,11 +358,11 @@ int CRYPTO_pop_info(void) if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* obtain MALLOC2 lock */ ret=(pop_info() != NULL); - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock */ } return(ret); } @@ -357,12 +373,12 @@ int CRYPTO_remove_all_info(void) if (is_MemCheck_on()) /* _must_ be true */ { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* obtain MALLOC2 lock */ while(pop_info() != NULL) ret++; - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock */ } return(ret); } @@ -385,11 +401,12 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, if (is_MemCheck_on()) { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* make sure we hold MALLOC2 lock */ if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) { OPENSSL_free(addr); - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ return; } if (mh == NULL) @@ -448,7 +465,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, OPENSSL_free(mm); } err: - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ } break; } @@ -467,7 +485,7 @@ void CRYPTO_dbg_free(void *addr, int before_p) if (is_MemCheck_on() && (mh != NULL)) { - MemCheck_off(); + MemCheck_off(); /* make sure we hold MALLOC2 lock */ m.addr=addr; mp=(MEM *)lh_delete(mh,(char *)&m); @@ -484,7 +502,8 @@ void CRYPTO_dbg_free(void *addr, int before_p) OPENSSL_free(mp); } - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ } break; case 1: @@ -518,7 +537,7 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, if (is_MemCheck_on()) { - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + MemCheck_off(); /* make sure we hold MALLOC2 lock */ m.addr=addr1; mp=(MEM *)lh_delete(mh,(char *)&m); @@ -535,7 +554,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, lh_insert(mh,(char *)mp); } - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ + MemCheck_on(); /* release MALLOC2 lock + * if num_disabled drops to 0 */ } break; } @@ -642,10 +662,12 @@ void CRYPTO_mem_leaks(BIO *b) if (mh == NULL && amih == NULL) return; + + MemCheck_off(); /* obtain MALLOC2 lock */ + ml.bio=b; ml.bytes=0; ml.chunks=0; - MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ if (mh != NULL) lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); if (ml.chunks != 0) @@ -671,7 +693,15 @@ void CRYPTO_mem_leaks(BIO *b) * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. * Otherwise the code police will come and get us.) */ + int old_mh_mode; + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + + /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(), + * which uses CRYPTO_is_mem_check_on */ + old_mh_mode = mh_mode; + mh_mode = CRYPTO_MEM_CHECK_OFF; + if (mh != NULL) { lh_free(mh); @@ -685,15 +715,11 @@ void CRYPTO_mem_leaks(BIO *b) amih = NULL; } } + + mh_mode = old_mh_mode; CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); } - MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ - -#if 0 - lh_stats_bio(mh,b); - lh_node_stats_bio(mh,b); - lh_node_usage_stats_bio(mh,b); -#endif + MemCheck_on(); /* release MALLOC2 lock */ } #ifndef NO_FP_API diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 6b5aedeea6..92a5e4e678 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090600fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 [engine] 24 Sep 2000" +#define OPENSSL_VERSION_NUMBER 0x00906010L +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a-dev [engine] XX xxx XXXX" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -355,12 +355,14 @@ extern HINSTANCE _hInstance; # if defined(VMS) && !defined(__DECC) # include <socket.h> # include <in.h> +# include <inet.h> # else # include <sys/socket.h> # ifdef FILIO_H # include <sys/filio.h> /* Added for FIONBIO under unixware */ # endif # include <netinet/in.h> +# include <arpa/inet.h> # endif # if defined(NeXT) || defined(_NEXT_SOURCE) diff --git a/openssl.spec b/openssl.spec index 1c8f4e9d81..33a47116d6 100644 --- a/openssl.spec +++ b/openssl.spec @@ -96,8 +96,8 @@ perl util/perlpath.pl /usr/bin/perl #!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared %endif %ifarch alpha -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha -#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared +./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc +#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc shared %endif LD_LIBRARY_PATH=`pwd` make LD_LIBRARY_PATH=`pwd` make rehash |