generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge from main trunk.

Browse Source
This commit is contained in:
Richard Levitte
2000-09-24 09:50:31 +00:00
parent e1db7a5e30
commit 3476515195
11 changed files with 57 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
CHANGES
View File

@@ -4,6 +4,24 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) In ssl23_get_client_hello, generate an error message when faced
with an initial SSL 3.0/TLS record that is too small to contain the
first two bytes of the ClientHello message, i.e. client_version.
(Note that this is a pathologic case that probably has never happened
in real life.) The previous approach was to use the version number
from the record header as a substitute; but our protocol choice
should not depend on that one because it is not authenticated
by the Finished messages.
[Bodo Moeller]
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
not set then we don't setup the error code for issuer check errors
to avoid possibly overwriting other errors which the callback does
handle. If an application does set the flag then we assume it knows
what it is doing and can handle the new informational codes
appropriately.
[Steve Henson]
*) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
a general "ANY" type, as such it should be able to decode anything a general "ANY" type, as such it should be able to decode anything
including tagged types. However it didn't check the class so it would including tagged types. However it didn't check the class so it would

2
Configure
View File

@@ -274,7 +274,7 @@ my %table=(
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared", "alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", "alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::", "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
#### Alpha Linux with GNU C and Compaq C setups #### Alpha Linux with GNU C and Compaq C setups
# Special notes: # Special notes:

1
NEWS
View File

@@ -15,6 +15,7 @@
o MD4 now included. o MD4 now included.
o Bugfix for SSL rollback padding check. o Bugfix for SSL rollback padding check.
o Support for external crypto device[1]. o Support for external crypto device[1].
o Enhanced EVP interafce.
[1] The support for external crypto devices is currently a separate [1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE. distribution. See the file README.ENGINE.

4
STATUS
View File

@@ -1,6 +1,6 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2000/09/21 21:00:19 $ ______________ $Date: 2000/09/24 09:50:28 $
DEVELOPMENT STATE DEVELOPMENT STATE
@@ -126,7 +126,7 @@
The USE_TOD fix needed to be applied. The USE_TOD fix needed to be applied.
There were warnings about -O3 triggering There were warnings about -O3 triggering
known optimizer bugs on that known optimizer bugs on that
platform. platform. [FIXED]
OpenBSD-x86 (2.7, gcc 2.95.2) - success OpenBSD-x86 (2.7, gcc 2.95.2) - success
alpha-cc (OSF1 V4.0) - success alpha-cc (OSF1 V4.0) - success
solaris-x86-gcc (5.8, gcc 2.95.2) - success solaris-x86-gcc (5.8, gcc 2.95.2) - success

2
crypto/asn1/a_type.c
View File

@@ -315,6 +315,8 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
case V_ASN1_OBJECT: case V_ASN1_OBJECT:
ASN1_OBJECT_free(a->value.object); ASN1_OBJECT_free(a->value.object);
break; break;
case V_ASN1_NULL:
break;
case V_ASN1_INTEGER: case V_ASN1_INTEGER:
case V_ASN1_NEG_INTEGER: case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED: case V_ASN1_ENUMERATED:

19
crypto/x509/x509_vfy.c
View File

@@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
ret = X509_check_issued(issuer, x); ret = X509_check_issued(issuer, x);
if (ret == X509_V_OK) if (ret == X509_V_OK)
return 1; return 1;
else /* If we haven't asked for issuer errors don't set ctx */
{ if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
ctx->error = ret; return 0;
ctx->current_cert = x;
ctx->current_issuer = issuer; ctx->error = ret;
if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb) ctx->current_cert = x;
return ctx->verify_cb(0, ctx); ctx->current_issuer = issuer;
else if (ctx->verify_cb)
return 0; return ctx->verify_cb(0, ctx);
}
return 0; return 0;
} }

2
doc/apps/smime.pod
View File

@@ -325,7 +325,7 @@ Send encrypted mail using triple DES:
Sign and encrypt mail: Sign and encrypt mail:
openssl smime -sign -in ml.txt -signer my.pem -text \ openssl smime -sign -in ml.txt -signer my.pem -text \
| openssl -encrypt -out mail.msg \ | openssl smime -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \ -from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem -subject "Signed and Encrypted message" -des3 user.pem

21
ssl/s23_srvr.c
View File

@@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
* SSLv3 or tls1 header * SSLv3 or tls1 header
*/ */
v[0]=p[1]; /* major version */ v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
/* We must look at client_version inside the Client Hello message /* We must look at client_version inside the Client Hello message
* to get the correct minor version: */ * to get the correct minor version.
v[1]=p[10]; * However if we have only a pathologically small fragment of the
/* However if we have only a pathologically small fragment of the * Client Hello message, this would be difficult, we'd have
* Client Hello message, we simply use the version from the * to read at least one additional record to find out.
* record header -- this is incorrect but unlikely to fail in * This doesn't usually happen in real life, so we just complain
* practice */ * for now.
*/
if (p[3] == 0 && p[4] < 6) if (p[3] == 0 && p[4] < 6)
v[1]=p[2]; {
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
goto err;
}
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR) if (v[1] >= TLS1_VERSION_MINOR)
{ {
if (!(s->options & SSL_OP_NO_TLSv1)) if (!(s->options & SSL_OP_NO_TLSv1))

1
ssl/ssl.h
View File

@@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
#define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214 #define SSL_R_RECORD_TOO_LARGE 214
#define SSL_R_RECORD_TOO_SMALL 1093
#define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217

1
ssl/ssl_err.c
View File

@@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"},
{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
{SSL_R_RECORD_TOO_LARGE ,"record too large"}, {SSL_R_RECORD_TOO_LARGE ,"record too large"},
{SSL_R_RECORD_TOO_SMALL ,"record too small"},
{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},

12
util/mk1mf.pl
View File

@@ -366,10 +366,6 @@ all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
banner: banner:
$banner $banner
# Generate perlasm output files
%.cpp:
(cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F))
\$(TMP_D): \$(TMP_D):
\$(MKDIR) \$(TMP_D) \$(MKDIR) \$(TMP_D)
# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different # NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
@@ -617,6 +613,14 @@ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPT
$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
print $defs; print $defs;
if ($platform eq "linux-elf") {
print <<"EOF";
# Generate perlasm output files
%.cpp:
(cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F))
EOF
}
print "###################################################################\n"; print "###################################################################\n";
print $rules; print $rules;