Merge in changes from 0.9.6-stable. This should definitely be done a

little more often.

CHANGES

@@ -4,6 +4,29 @@
 
  Changes between 0.9.6c and 0.9.6d  [XX xxx XXXX]
 
+  *) Fix DH_generate_parameters() so that it works for 'non-standard'
+     generators, i.e. generators other than 2 and 5.  (Previously, the
+     code did not properly initialise the 'add' and 'rem' values to
+     BN_generate_prime().)
+
+     In the new general case, we do not insist that 'generator' is
+     actually a primitive root: This requirement is rather pointless;
+     a generator of the order-q subgroup is just as good, if not
+     better.
+     [Bodo Moeller]
+ 
+  *) Map new X509 verification errors to alerts. Discovered and submitted by
+     Tom Wu <tom@arcot.com>.
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+     returning non-zero before the data has been completely received
+     when using non-blocking I/O.
+     [Bodo Moeller; problem pointed out by John Hughes]
+
+  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+     [Ben Laurie, Lutz Jaenicke]
+
   *) Fix bug in SSL_clear(): bad sessions were not removed (found by
      Yoram Zahavi <YoramZ@gilian.com>).
      [Lutz Jaenicke]

Configure

@@ -406,7 +406,7 @@ my %table=(
 "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
 
 #
-# Cray T90 (SDSC)
+# Cray T90 and similar (SDSC)
 # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
 # defined.  The T90 ints and longs are 8 bytes long, and apparently the
 # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
@@ -416,7 +416,10 @@ my %table=(
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+#
+# j90 is considered the base machine type for unicos machines,
+# so this configuration is now called "cray-j90" ...
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
 
 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)

INSTALL

@@ -272,6 +272,11 @@
  Note on shared libraries
  ------------------------
 
+ Shared library is currently an experimental feature.  The only reason to
+ have them would be to conserve memory on systems where several program
+ are using OpenSSL.  Binary backward compatibility can't be guaranteed
+ before OpenSSL version 1.0.
+
  For some systems, the OpenSSL Configure script knows what is needed to
  build shared libraries for libcrypto and libssl.  On these systems,
  the shared libraries are currently not created by default, but giving

INSTALL.W32

@@ -81,7 +81,7 @@
 
  There are various changes you can make to the Win32 compile environment. By
  default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
+ to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
  compiled in.
 
  The default Win32 environment is to leave out any Windows NT specific

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

TABLE

@@ -1035,13 +1035,13 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 
-*** cray-t3e
+*** cray-j90
 $cc           = cc
 $cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
 $unistd       = 
 $thread_cflag = (unknown)
 $lflags       = 
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
@@ -1058,13 +1058,13 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 
 
-*** cray-t90-cc
+*** cray-t3e
 $cc           = cc
 $cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
 $unistd       = 
 $thread_cflag = (unknown)
 $lflags       = 
-$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
 $bn_obj       = 
 $des_obj      = 
 $bf_obj       = 

config

@@ -310,6 +310,13 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	exit 0
 	;;
 
+    *"CRAY T3E")
+       echo "t3e-cray-unicosmk"; exit 0;
+       ;;
+
+    *CRAY*)
+       echo "j90-cray-unicos"; exit 0;
+       ;;
 esac
 
 #
@@ -591,6 +598,8 @@ EOF
   mips-sony-newsos4) OUT="newsos4-gcc" ;;
   *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
   *-*-cygwin) OUT="Cygwin" ;;
+  t3e-cray-unicosmk) OUT="cray-t3e" ;;
+  j90-cray-unicos) OUT="cray-j90" ;;
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 

crypto/Makefile.ssl

@@ -6,7 +6,7 @@ DIR=		crypto
 TOP=		..
 CC=		cc
 INCLUDE=	-I. -I../include
-INCLUDES=	-I.. -I../../include
+INCLUDES=	-I.. -I../.. -I../../include
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl

crypto/bio/b_sock.c

@@ -72,9 +72,9 @@
 #endif
 
 #ifdef SO_MAXCONN
-#define MAX_LISTEN  SOMAXCONN
-#elif defined(SO_MAXCONN)
 #define MAX_LISTEN  SO_MAXCONN
+#elif defined(SOMAXCONN)
+#define MAX_LISTEN  SOMAXCONN
 #else
 #define MAX_LISTEN  32
 #endif

crypto/conf/Makefile.ssl

@@ -5,7 +5,7 @@
 DIR=	conf
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I../.. -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl

crypto/conf/conf_api.c

@@ -67,6 +67,7 @@
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
+#include "e_os.h"
 
 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
 static void value_free_stack(CONF_VALUE *a,LHASH *conf);

crypto/dh/dh.h

@@ -204,6 +204,7 @@ void ERR_load_DH_strings(void);
 #define DH_F_DH_NEW					 105
 
 /* Reason codes. */
+#define DH_R_BAD_GENERATOR				 101
 #define DH_R_NO_PRIVATE_VALUE				 100
 
 #ifdef  __cplusplus

crypto/dh/dh_err.c

@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -77,6 +77,7 @@ static ERR_STRING_DATA DH_str_functs[]=
 
 static ERR_STRING_DATA DH_str_reasons[]=
 	{
+{DH_R_BAD_GENERATOR                      ,"bad generator"},
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
 {0,NULL}
 	};

crypto/dh/dh_gen.c

@@ -82,7 +82,10 @@
  * Since DH should be using a safe prime (both p and q are prime),
  * this generator function can take a very very long time to run.
  */
-
+/* Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
 DH *DH_generate_parameters(int prime_len, int generator,
 	     void (*callback)(int,int,void *), void *cb_arg)
 	{
@@ -100,30 +103,43 @@ DH *DH_generate_parameters(int prime_len, int generator,
 	t2 = BN_CTX_get(ctx);
 	if (t1 == NULL || t2 == NULL) goto err;
 	
+	if (generator <= 1)
+		{
+		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
+		goto err;
+		}
 	if (generator == DH_GENERATOR_2)
 		{
-		BN_set_word(t1,24);
-		BN_set_word(t2,11);
+		if (!BN_set_word(t1,24)) goto err;
+		if (!BN_set_word(t2,11)) goto err;
 		g=2;
 		}
-#ifdef undef  /* does not work for safe primes */
+#if 0 /* does not work for safe primes */
 	else if (generator == DH_GENERATOR_3)
 		{
-		BN_set_word(t1,12);
-		BN_set_word(t2,5);
+		if (!BN_set_word(t1,12)) goto err;
+		if (!BN_set_word(t2,5)) goto err;
 		g=3;
 		}
 #endif
 	else if (generator == DH_GENERATOR_5)
 		{
-		BN_set_word(t1,10);
-		BN_set_word(t2,3);
+		if (!BN_set_word(t1,10)) goto err;
+		if (!BN_set_word(t2,3)) goto err;
 		/* BN_set_word(t3,7); just have to miss
 		 * out on these ones :-( */
 		g=5;
 		}
 	else
+		{
+		/* in the general case, don't worry if 'generator' is a
+		 * generator or not: since we are using safe primes,
+		 * it will generate either an order-q or an order-2q group,
+		 * which both is OK */
+		if (!BN_set_word(t1,2)) goto err;
+		if (!BN_set_word(t2,1)) goto err;
 		g=generator;
+		}
 	
 	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
 	if (p == NULL) goto err;

crypto/dh/dhtest.c

@@ -66,6 +66,7 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 
 #ifdef NO_DH
 int main(int argc, char *argv[])
@@ -112,6 +113,16 @@ int main(int argc, char *argv[])
 	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
 	if (a == NULL) goto err;
 
+	if (!DH_check(a, &i)) goto err;
+	if (i & DH_CHECK_P_NOT_PRIME)
+		BIO_puts(out, "p value is not prime\n");
+	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+		BIO_puts(out, "p value is not a safe prime\n");
+	if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+		BIO_puts(out, "unable to check the generator value\n");
+	if (i & DH_NOT_SUITABLE_GENERATOR)
+		BIO_puts(out, "the g value is not a generator\n");
+
 	BIO_puts(out,"\np    =");
 	BN_print(out,a->p);
 	BIO_puts(out,"\ng    =");
@@ -170,6 +181,8 @@ int main(int argc, char *argv[])
 	else
 		ret=0;
 err:
+	ERR_print_errors_fp(stderr);
+
 	if (abuf != NULL) OPENSSL_free(abuf);
 	if (bbuf != NULL) OPENSSL_free(bbuf);
 	if(b != NULL) DH_free(b);

crypto/lhash/lh_test.c

@@ -75,7 +75,6 @@ main()
 		buf[0]='\0';
 		fgets(buf,256,stdin);
 		if (buf[0] == '\0') break;
-		buf[256]='\0';
 		i=strlen(buf);
 		p=OPENSSL_malloc(i+1);
 		memcpy(p,buf,i+1);

demos/maurice/example1.c

@@ -72,7 +72,7 @@ void main_encrypt(void)
 
         pubKey[0] = ReadPublicKey(PUBFILE);
 
-	if(!pubKey)
+	if(!pubKey[0])
 	{
            fprintf(stderr,"Error: can't load public key");
            exit(1);

ssl/s3_both.c

@@ -528,6 +528,8 @@ int ssl_verify_alarm_type(long type)
 	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_CRL_NOT_YET_VALID:
+	case X509_V_ERR_CERT_UNTRUSTED:
+	case X509_V_ERR_CERT_REJECTED:
 		al=SSL_AD_BAD_CERTIFICATE;
 		break;
 	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -549,11 +551,16 @@ int ssl_verify_alarm_type(long type)
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+	case X509_V_ERR_INVALID_CA:
 		al=SSL_AD_UNKNOWN_CA;
 		break;
 	case X509_V_ERR_APPLICATION_VERIFICATION:
 		al=SSL_AD_HANDSHAKE_FAILURE;
 		break;
+	case X509_V_ERR_INVALID_PURPOSE:
+		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+		break;
 	default:
 		al=SSL_AD_CERTIFICATE_UNKNOWN;
 		break;

ssl/s3_lib.c

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -170,7 +170,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_ADH_RC4_128_MD5,
 	SSL3_CK_ADH_RC4_128_MD5,
 	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
 	128,
 	128,
@@ -196,7 +196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_ADH_DES_64_CBC_SHA,
 	SSL3_CK_ADH_DES_64_CBC_SHA,
 	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
 	56,
 	56,
@@ -209,7 +209,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_ADH_DES_192_CBC_SHA,
 	SSL3_CK_ADH_DES_192_CBC_SHA,
 	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
 	168,
 	168,
@@ -518,7 +518,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_FZA_DMS_RC4_SHA,
 	SSL3_CK_FZA_DMS_RC4_SHA,
 	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
 	128,
 	128,
@@ -612,7 +612,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
 	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
 	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-	    SSL_NOT_EXP,
+	    SSL_NOT_EXP|SSL_MEDIUM,
 	    0,
 	    128,
 	    128,
@@ -693,6 +693,9 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 
 int ssl3_pending(SSL *s)
 	{
+	if (s->rstate == SSL_ST_READ_BODY)
+		return 0;
+	
 	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
 	}
 

ssl/ssltest.c

@@ -848,10 +848,10 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
 					if (num > 1)
 						--num; /* test restartability even more thoroughly */
 					
-					r = BIO_nwrite(io1, &dataptr, (int)num);
+					r = BIO_nwrite0(io1, &dataptr);
 					assert(r > 0);
-					assert(r <= (int)num);
-					num = r;
+					if (r < num)
+						num = r;
 					r = BIO_read(io2, dataptr, (int)num);
 					if (r != (int)num) /* can't happen */
 						{
@@ -860,6 +860,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
 						goto err;
 						}
 					progress = 1;
+					r = BIO_nwrite(io1, &dataptr, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
+							"BIO_nwrite0() bytes");
+						goto err;
+						}
 					
 					if (debug)
 						printf((io2 == client_io) ?