diff --git a/CHANGES b/CHANGES index 96fbadd4d..13c729abb 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.6 and 0.9.6a [xx XXX 2001] + *) Change bctest to avoid here-documents inside command substitution + (workaround for FreeBSD /bin/sh bug). + [Bodo Moeller] + *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes with des_encrypt() defined on some operating systems, like Solaris and UnixWare. @@ -29,6 +33,10 @@ (but broken) behaviour. [Steve Henson] + *) Enhance bctest to search for a working bc along $PATH and print + it when found. + [Tim Rice via Richard Levitte] + *) Fix memory leaks in err.c: free err_data string if necessary; don't write to the wrong index in ERR_set_error_data. [Bodo Moeller] diff --git a/NEWS b/NEWS index 794f90382..b9ea61239 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,7 @@ o Security fix: prevent Bleichenbacher's DSA attack. o Security fix: Zero the premaster secret after deriving the master secret in DH ciphersuites. + o Reimplement SSL_peek(), which had various problems. o Compatibility fix: the function des_encrypt() renamed to des_encrypt1() to avoid clashes with some Unixen libc. o Bug fixes for Win32, HP/UX and Irix. @@ -26,7 +27,7 @@ o Add tighter checks of BIGNUM routines. o Shared library support has been reworked for generality. o More documentation. - o New function BN_rand_range() + o New function BN_rand_range(). o Add "-rand" option to openssl s_client and s_server. Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: diff --git a/apps/s_server.c b/apps/s_server.c index e545e4d22..eb275e2b6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1386,15 +1386,30 @@ static int www_body(char *hostname, int s, unsigned char *context) /* skip the '/' */ p= &(buf[5]); - dot=0; + + dot = 1; for (e=p; *e != '\0'; e++) { - if (e[0] == ' ') break; - if ( (e[0] == '.') && - (strncmp(&(e[-1]),"/../",4) == 0)) - dot=1; + if (e[0] == ' ') + break; + + switch (dot) + { + case 0: + dot = (e[0] == '/') ? 1 : 0; + break; + case 1: + dot = (e[0] == '.') ? 2 : 0; + break; + case 2: + dot = (e[0] == '.') ? 3 : 0; + break; + case 3: + dot = (e[0] == '/') ? -1 : 0; + break; + } } - + dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ if (*e == '\0') { diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index 585a375c4..1885d699e 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -141,11 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a) } size+=i2d_X509_NAME_ENTRY(ne,NULL); } - /* If empty no extra SET OF needed */ - if (ret) - ret+=ASN1_object_size(1,size,V_ASN1_SET); if (fe != NULL) + { + /* SET OF needed only if entries is non empty */ + ret+=ASN1_object_size(1,size,V_ASN1_SET); fe->size=size; + } r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl index f05407107..c890766bc 100644 --- a/crypto/des/asm/des-586.pl +++ b/crypto/des/asm/des-586.pl @@ -20,11 +20,11 @@ $L="edi"; $R="esi"; &external_label("des_SPtrans"); -&des_encrypt("des_encrypt",1); +&des_encrypt("des_encrypt1",1); &des_encrypt("des_encrypt2",0); &des_encrypt3("des_encrypt3",1); &des_encrypt3("des_decrypt3",0); -&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); +&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1); &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); &asm_finish(); diff --git a/crypto/des/asm/des686.pl b/crypto/des/asm/des686.pl index 77dc5b51c..84c3e8543 100644 --- a/crypto/des/asm/des686.pl +++ b/crypto/des/asm/des686.pl @@ -46,7 +46,7 @@ EOF $L="edi"; $R="esi"; -&des_encrypt("des_encrypt",1); +&des_encrypt("des_encrypt1",1); &des_encrypt("des_encrypt2",0); &des_encrypt3("des_encrypt3",1); diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme index f8529d930..1beafe253 100644 --- a/crypto/des/asm/readme +++ b/crypto/des/asm/readme @@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-). The file to implement in assembler is des_enc.c. Replace the following 4 functions -des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt); +des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt); des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c index 82b3f29b9..138ee1c6b 100644 --- a/crypto/des/des_opts.c +++ b/crypto/des/des_opts.c @@ -118,7 +118,7 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#define des_encrypt des_encrypt_u4_cisc_idx +#define des_encrypt1 des_encrypt_u4_cisc_idx #define des_encrypt2 des_encrypt2_u4_cisc_idx #define des_encrypt3 des_encrypt3_u4_cisc_idx #define des_decrypt3 des_decrypt3_u4_cisc_idx @@ -130,11 +130,11 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_cisc_idx +#define des_encrypt1 des_encrypt_u16_cisc_idx #define des_encrypt2 des_encrypt2_u16_cisc_idx #define des_encrypt3 des_encrypt3_u16_cisc_idx #define des_decrypt3 des_decrypt3_u16_cisc_idx @@ -146,11 +146,11 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc1_idx +#define des_encrypt1 des_encrypt_u4_risc1_idx #define des_encrypt2 des_encrypt2_u4_risc1_idx #define des_encrypt3 des_encrypt3_u4_risc1_idx #define des_decrypt3 des_decrypt3_u4_risc1_idx @@ -166,11 +166,11 @@ extern void exit(); #define DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc2_idx +#define des_encrypt1 des_encrypt_u4_risc2_idx #define des_encrypt2 des_encrypt2_u4_risc2_idx #define des_encrypt3 des_encrypt3_u4_risc2_idx #define des_decrypt3 des_decrypt3_u4_risc2_idx @@ -182,11 +182,11 @@ extern void exit(); #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc1_idx +#define des_encrypt1 des_encrypt_u16_risc1_idx #define des_encrypt2 des_encrypt2_u16_risc1_idx #define des_encrypt3 des_encrypt3_u16_risc1_idx #define des_decrypt3 des_decrypt3_u16_risc1_idx @@ -198,11 +198,11 @@ extern void exit(); #define DES_RISC2 #undef DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc2_idx +#define des_encrypt1 des_encrypt_u16_risc2_idx #define des_encrypt2 des_encrypt2_u16_risc2_idx #define des_encrypt3 des_encrypt3_u16_risc2_idx #define des_decrypt3 des_decrypt3_u16_risc2_idx @@ -218,11 +218,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_cisc_ptr +#define des_encrypt1 des_encrypt_u4_cisc_ptr #define des_encrypt2 des_encrypt2_u4_cisc_ptr #define des_encrypt3 des_encrypt3_u4_cisc_ptr #define des_decrypt3 des_decrypt3_u4_cisc_ptr @@ -234,11 +234,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_cisc_ptr +#define des_encrypt1 des_encrypt_u16_cisc_ptr #define des_encrypt2 des_encrypt2_u16_cisc_ptr #define des_encrypt3 des_encrypt3_u16_cisc_ptr #define des_decrypt3 des_decrypt3_u16_cisc_ptr @@ -250,11 +250,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc1_ptr +#define des_encrypt1 des_encrypt_u4_risc1_ptr #define des_encrypt2 des_encrypt2_u4_risc1_ptr #define des_encrypt3 des_encrypt3_u4_risc1_ptr #define des_decrypt3 des_decrypt3_u4_risc1_ptr @@ -270,11 +270,11 @@ extern void exit(); #define DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc2_ptr +#define des_encrypt1 des_encrypt_u4_risc2_ptr #define des_encrypt2 des_encrypt2_u4_risc2_ptr #define des_encrypt3 des_encrypt3_u4_risc2_ptr #define des_decrypt3 des_decrypt3_u4_risc2_ptr @@ -286,11 +286,11 @@ extern void exit(); #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc1_ptr +#define des_encrypt1 des_encrypt_u16_risc1_ptr #define des_encrypt2 des_encrypt2_u16_risc1_ptr #define des_encrypt3 des_encrypt3_u16_risc1_ptr #define des_decrypt3 des_decrypt3_u16_risc1_ptr @@ -302,11 +302,11 @@ extern void exit(); #define DES_RISC2 #define DES_PTR #undef D_ENCRYPT -#undef des_encrypt +#undef des_encrypt1 #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc2_ptr +#define des_encrypt1 des_encrypt_u16_risc2_ptr #define des_encrypt2 des_encrypt2_u16_risc2_ptr #define des_encrypt3 des_encrypt3_u16_risc2_ptr #define des_decrypt3 des_decrypt3_u16_risc2_ptr diff --git a/crypto/des/dess.cpp b/crypto/des/dess.cpp index 753e67ad9..5549bab90 100644 --- a/crypto/des/dess.cpp +++ b/crypto/des/dess.cpp @@ -45,19 +45,19 @@ void main(int argc,char *argv[]) { for (i=0; i<1000; i++) /**/ { - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); GetTSC(s1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); GetTSC(e1); GetTSC(s2); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); + des_encrypt1(&data[0],key,1); GetTSC(e2); - des_encrypt(&data[0],key,1); + des_encrypt1(&data[0],key,1); } printf("des %d %d (%d)\n", diff --git a/test/Makefile.ssl b/test/Makefile.ssl index cd8fcb67c..f9cd4f27c 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -245,7 +245,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log + rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log $(DLIBSSL): (cd ../ssl; $(MAKE)) diff --git a/test/bctest b/test/bctest index 6fa0663bb..b9ef95bf8 100755 --- a/test/bctest +++ b/test/bctest @@ -11,8 +11,9 @@ # running) bc. -# Test for SunOS 5.[78] bc bug (or missing bc) -if [ 0 != "`bc <<\EOF +# Test for SunOS 5.[78] bc bug +SunOStest() { +${1} >tmp.bctest <<\EOF obase=16 ibase=16 a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ @@ -26,17 +27,18 @@ b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ 8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ 3ED0E2017D60A68775B75481449 (a/b)*b + (a%b) - a -EOF`" ] +EOF +if [ 0 != "`cat tmp.bctest`" ] then - echo "bc does not work. Consider installing GNU bc." >&2 - echo "cat >/dev/null" - exit 1 + # failure + return 1 fi +} # Test for SCO bc bug. -if [ "0 -0" != "`bc <<\EOF +SCOtest() { +${1} >tmp.bctest <<\EOF obase=16 ibase=16 -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ @@ -62,23 +64,36 @@ F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ 9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ 5296964 -EOF`" ] +EOF +if [ "0 +0" != "`cat tmp.bctest`" ] then - echo "bc does not work. Consider installing GNU bc." >&2 - echo "cat >/dev/null" - exit 1 + # failure + return 1 fi +} -# bc works, good. -# Now check if it knows the 'print' command. -if [ "OK" = "`bc 2>/dev/null <<\EOF -print \"OK\" -EOF`" ] -then - echo "bc" -else - echo "sed 's/print.*//' | bc" -fi +IFS=: +for dir in $PATH; do + bc="$dir/bc" -exit 0 + if [ -x "$bc" -a ! -d "$bc" ]; then + if SunOStest "$bc" && SCOtest "$bc"; then + # bc works; now check if it knows the 'print' command. + if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] + then + echo "$bc" + else + echo "sed 's/print.*//' | $bc" + fi + exit 0 + fi + + echo "$bc does not work properly. Looking for another bc ..." >&2 + fi +done + +echo "No working bc found. Consider installing GNU bc." >&2 +echo "cat >/dev/null" +exit 1