generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Apply all the recent changes from 0.9.6-stable.

Browse Source
This commit is contained in:
Richard Levitte 2002-05-08 15:54:01 +00:00
parent 66ae107a14
commit e27fd320fc
17 changed files with 105 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -4,6 +4,10 @@
Changes between 0.9.6c and 0.9.6d [XX xxx XXXX] Changes between 0.9.6c and 0.9.6d [XX xxx XXXX]
*) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
encoded as NULL) with id-dsa-with-sha1.
[Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
*) Check various X509_...() return values in apps/req.c. *) Check various X509_...() return values in apps/req.c.
[Nils Larsch <nla@trustcenter.de>] [Nils Larsch <nla@trustcenter.de>]

2
Configure
View File

@ -445,7 +445,7 @@ my %table=(
"sco5-cc-pentium", "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options? "sco5-cc-pentium", "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... "sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic", "sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", "sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
# Sinix/ReliantUNIX RM400 # Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */

4
Makefile.org
View File

@ -646,7 +646,7 @@ install: all install_docs
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi \ fi; \
done done
@if [ -n "$(SHARED_LIBS)" ]; then \ @if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \ tmp="$(SHARED_LIBS)"; \
@ -664,7 +664,7 @@ install: all install_docs
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \ fi ); \
fi \ fi; \
done; \ done; \
( here="`pwd`"; \ ( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \

6
NEWS
View File

@ -5,12 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
o Various SSL/TLS library bugfixes. o Various SSL/TLS library bugfixes.
o Fix DH parameter generation for 'non-standard' generators. o Fix DH parameter generation for 'non-standard' generators.
Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
o Various SSL/TLS library bugfixes. o Various SSL/TLS library bugfixes.
o BIGNUM library fixes. o BIGNUM library fixes.
@ -23,7 +23,7 @@
Broadcom and Cryptographic Appliance's keyserver Broadcom and Cryptographic Appliance's keyserver
[in 0.9.6c-engine release]. [in 0.9.6c-engine release].
Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
o Security fix: PRNG improvements. o Security fix: PRNG improvements.
o Security fix: RSA OAEP check. o Security fix: RSA OAEP check.

2
STATUS
View File

@ -1,6 +1,6 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2002/04/17 12:52:31 $ ______________ $Date: 2002/05/08 15:53:53 $
DEVELOPMENT STATE DEVELOPMENT STATE

19
TABLE
View File

@ -1,4 +1,3 @@
Output of `Configure TABLE':
*** BC-16 *** BC-16
$cc = bcc $cc = bcc
@ -2790,15 +2789,15 @@ $unistd =
$thread_cflag = $thread_cflag =
$lflags = -lsocket -lresolv -lnsl $lflags = -lsocket -lresolv -lnsl
$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
$bn_obj = asm/bn86-elf.o asm/co86-elf.o $bn_obj =
$des_obj = asm/dx86-elf.o asm/yx86-elf.o $des_obj =
$bf_obj = asm/bx86-elf.o $bf_obj =
$md5_obj = asm/mx86-elf.o $md5_obj =
$sha1_obj = asm/sx86-elf.o $sha1_obj =
$cast_obj = asm/cx86-elf.o $cast_obj =
$rc4_obj = asm/rx86-elf.o $rc4_obj =
$rmd160_obj = asm/rm86-elf.o $rmd160_obj =
$rc5_obj = asm/r586-elf.o $rc5_obj =
$dso_scheme = dlfcn $dso_scheme = dlfcn
$shared_target= svr3-shared $shared_target= svr3-shared
$shared_cflag = -fPIC $shared_cflag = -fPIC

2
apps/dsaparam.c
View File

@ -176,7 +176,7 @@ bad:
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -text print as text\n");
BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -rand files to use for random number input\n"); BIO_printf(bio_err," -rand files to use for random number input\n");

5
apps/pkcs12.c
View File

@ -772,7 +772,10 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
print_attribs (out, bag->attrib, "Bag Attributes"); print_attribs (out, bag->attrib, "Bag Attributes");
if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen))) if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
return 0; return 0;
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; if (!(pkey = EVP_PKCS82PKEY (p8))) {
PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
}
print_attribs (out, p8->attributes, "Key Attributes"); print_attribs (out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8); PKCS8_PRIV_KEY_INFO_free(p8);
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);

5
apps/smime.c
View File

@ -441,7 +441,10 @@ int MAIN(int argc, char **argv)
p7 = PKCS7_encrypt(encerts, in, cipher, flags); p7 = PKCS7_encrypt(encerts, in, cipher, flags);
} else if(operation == SMIME_SIGN) { } else if(operation == SMIME_SIGN) {
p7 = PKCS7_sign(signer, key, other, in, flags); p7 = PKCS7_sign(signer, key, other, in, flags);
BIO_reset(in); if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
BIO_printf(bio_err, "Can't rewind input file\n");
goto end;
}
} else { } else {
if(informat == FORMAT_SMIME) if(informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata); p7 = SMIME_read_PKCS7(in, &indata);

2
crypto/Makefile.ssl
View File

@ -54,7 +54,7 @@ buildinf.h: ../Makefile.ssl
echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \ echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
echo " #define CFLAGS \"$(CC) $(CFLAG)\""; \ echo " #define CFLAGS \"$(CC) $(CFLAG)\""; \
echo " #define PLATFORM \"$(PLATFORM)\""; \ echo " #define PLATFORM \"$(PLATFORM)\""; \
echo " #define DATE \"`date`\""; \ echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
echo "#endif" ) >buildinf.h echo "#endif" ) >buildinf.h
testapps: testapps:

62
crypto/asn1/a_sign.c
View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
@ -87,7 +140,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
else else
a=algor2; a=algor2;
if (a == NULL) continue; if (a == NULL) continue;
if ( (a->parameter == NULL) || if (type->pkey_type == NID_dsaWithSHA1)
{
/* special case: RFC 2459 tells us to omit 'parameters'
* with id-dsa-with-sha1 */
ASN1_TYPE_free(a->parameter);
a->parameter = NULL;
}
else if ((a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL)) (a->parameter->type != V_ASN1_NULL))
{ {
ASN1_TYPE_free(a->parameter); ASN1_TYPE_free(a->parameter);

3
crypto/objects/obj_dat.c
View File

@ -437,8 +437,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
return(0); return(0);
} }
nid=OBJ_obj2nid(a); if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
if ((nid == NID_undef) || no_name) {
len=a->length; len=a->length;
p=a->data; p=a->data;

2
crypto/pem/pem_info.c
View File

@ -346,7 +346,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
} }
/* if we have a certificate then write it out now */ /* if we have a certificate then write it out now */
if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0)) if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
goto err; goto err;
/* we are ignoring anything else that is loaded into the X509_INFO /* we are ignoring anything else that is loaded into the X509_INFO

2
doc/crypto/EVP_EncryptInit.pod
View File

@ -192,7 +192,7 @@ EVP_DecryptInit() and EVP_DecryptUpdate() return 1 for success and 0 for failure
EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success. EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure. EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
EVP_CipherFinal() returns 1 for a decryption failure or 1 for success. EVP_CipherFinal() returns 0 for a decryption failure or 1 for success.
EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure. EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.

19
ssl/s3_pkt.c
View File

@ -236,7 +236,8 @@ static int ssl3_get_record(SSL *s)
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
short version; short version;
unsigned int mac_size; unsigned int mac_size;
int clear=0,extra; int clear=0;
size_t extra;
rr= &(s->s3->rrec); rr= &(s->s3->rrec);
sess=s->session; sess=s->session;
@ -245,7 +246,7 @@ static int ssl3_get_record(SSL *s)
extra=SSL3_RT_MAX_EXTRA; extra=SSL3_RT_MAX_EXTRA;
else else
extra=0; extra=0;
if (extra != (s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)) if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
{ {
/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
* set after ssl3_setup_buffers() was done */ * set after ssl3_setup_buffers() was done */
@ -295,8 +296,7 @@ again:
goto err; goto err;
} }
if (rr->length > if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
{ {
al=SSL_AD_RECORD_OVERFLOW; al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
@ -308,7 +308,7 @@ again:
/* s->rstate == SSL_ST_READ_BODY, get and decode the data */ /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
{ {
/* now s->packet_length == SSL3_RT_HEADER_LENGTH */ /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
i=rr->length; i=rr->length;
@ -336,7 +336,7 @@ again:
* rr->length bytes of encrypted compressed stuff. */ * rr->length bytes of encrypted compressed stuff. */
/* check is not needed I believe */ /* check is not needed I believe */
if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
{ {
al=SSL_AD_RECORD_OVERFLOW; al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
@ -405,8 +405,7 @@ printf("\n");
/* r->length is now just compressed */ /* r->length is now just compressed */
if (s->expand != NULL) if (s->expand != NULL)
{ {
if (rr->length > if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
{ {
al=SSL_AD_RECORD_OVERFLOW; al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
@ -420,7 +419,7 @@ printf("\n");
} }
} }
if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
{ {
al=SSL_AD_RECORD_OVERFLOW; al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
@ -605,7 +604,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (prefix_len <= 0) if (prefix_len <= 0)
goto err; goto err;
if (s->s3->wbuf_len < prefix_len + SSL3_RT_MAX_PACKET_SIZE) if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
{ {
/* insufficient space */ /* insufficient space */
SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR); SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);

1
ssl/ssl_cert.c
View File

@ -751,6 +751,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
ret = 1; ret = 1;
err: err:
if (d) closedir(d);
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret; return ret;
} }

2
ssl/ssltest.c
View File

@ -850,7 +850,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
r = BIO_nwrite0(io1, &dataptr); r = BIO_nwrite0(io1, &dataptr);
assert(r > 0); assert(r > 0);
if (r < num) if (r < (int)num)
num = r; num = r;
r = BIO_read(io2, dataptr, (int)num); r = BIO_read(io2, dataptr, (int)num);
if (r != (int)num) /* can't happen */ if (r != (int)num) /* can't happen */