Fix null-pointer assignment in do_change_cipher_spec() revealed

by using the Codenomicon TLS Test Tool (CAN-2004-0079)

Prepare for 0.9.6m release

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox

CHANGES

@@ -2,6 +2,71 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
+
+  *) Fix additional bug revealed by the NISCC test suite:
+
+     Stop bug triggering large recursion when presented with
+     certain ASN.1 tags (CAN-2003-0851)
+     [Steve Henson]
+
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
 
   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

Configure

@@ -132,7 +132,7 @@ my %table=(
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-declarations -Wno-long-long -pipe::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown):::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -354,7 +354,7 @@ my %table=(
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

FAQ

@@ -63,7 +63,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7a was released on February 19, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -111,11 +111,14 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 
 * Where can I get a compiled version of OpenSSL?
 
+You can finder pointers to binary distributions in
+http://www.openssl.org/related/binaries.html .
+
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
 yourself; the application will include the required parts (e.g. DLLs).
 
-If you want to install OpenSSL on a Windows system and you don't have
+If you want to build OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
 
@@ -674,6 +677,7 @@ The general answer is to check the config.log file generated when running
 the OpenSSH configure script. It should contain the detailed information
 on why the OpenSSL library was not detected or considered incompatible.
 
+
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 
 Yes; make sure to read the SSL_get_error(3) manual page!

INSTALL.W32

@@ -216,7 +216,7 @@
 	$ md c:\openssl\lib
 	$ md c:\openssl\include
 	$ md c:\openssl\include\openssl
-	$ copy /b inc32\*               c:\openssl\include\openssl
+	$ copy /b inc32\openssl\*       c:\openssl\include\openssl
 	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
 	$ copy /b out32dll\libeay32.lib c:\openssl\lib
 	$ copy /b out32dll\ssleay32.dll c:\openssl\bin

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Makefile.org

@@ -368,9 +368,10 @@ do_svr3-shared:
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
-		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="$$libs -l$$i"; \
@@ -384,13 +385,15 @@ do_svr5-shared:
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  SHARE_FLAG='-G'; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="$$libs -l$$i"; \

NEWS

@@ -5,6 +5,26 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.6l and OpenSSL 0.9.6m:
+
+      o Security: fix null-pointer bug leading to crash
+
+  Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
+
+      o Security: fix ASN1 bug leading to large recursion
+
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
+
+      o Security: fix various ASN1 parsing bugs.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Build: shared library support fixes.
+
   Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
 
       o Important security related bugfixes.

README

@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.6i [engine] Feb 19 2003
+ OpenSSL 0.9.6m [engine] 17 Mar 2004
 
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

STATUS

@@ -1,12 +1,19 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2003/02/19 12:45:13 $
+  ______________                           $Date: 2004/03/17 11:45:33 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7d: Released on March     17th, 2004
+    o  OpenSSL 0.9.7c: Released on September 30th, 2003
+    o  OpenSSL 0.9.7b: Released on April     10th, 2003
     o  OpenSSL 0.9.7a: Released on February  19th, 2003
     o  OpenSSL 0.9.7:  Released on December  31st, 2002
+    o  OpenSSL 0.9.6m: Released on March     17th, 2004
+    o  OpenSSL 0.9.6l: Released on November   4th, 2003
+    o  OpenSSL 0.9.6k: Released on September 30th, 2003
+    o  OpenSSL 0.9.6j: Released on April     10th, 2003
     o  OpenSSL 0.9.6i: Released on February  19th, 2003
     o  OpenSSL 0.9.6h: Released on December   5th, 2002
     o  OpenSSL 0.9.6g: Released on August     9th, 2002

apps/Makefile.ssl

@@ -81,6 +81,7 @@ all:	exe
 exe:	$(PROGRAM)
 
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 sreq.o: req.c 
@@ -135,6 +136,7 @@ $(DLIBCRYPTO):
 
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
 

apps/apps.h

@@ -59,7 +59,11 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#include "openssl/e_os.h"
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
 
 #include <openssl/buffer.h>
 #include <openssl/bio.h>

apps/asn1pars.c

@@ -301,7 +301,15 @@ bad:
 		num=tmplen;
 		}
 
-	if (length == 0) length=(unsigned int)num;
+	if (offset >= num)
+		{
+		BIO_printf(bio_err, "Error: offset too large\n");
+		goto end;
+		}
+
+	num -= offset;
+
+	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
 	if(derout) {
 		if(BIO_write(derout, str + offset, length) != (int)length) {
 			BIO_printf(bio_err, "Error writing output\n");

apps/makeapps.com

@@ -805,7 +805,7 @@ $ ENDIF
 $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
-$ CCDEFS = "VMS=1,MONOLITH"
+$ CCDEFS = "VMS=1,MONOLITH,THREADS"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
 $ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
 $ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"

apps/pkcs8.c

@@ -249,7 +249,7 @@ int MAIN(int argc, char **argv)
 		}
 		BIO_free(in);
 		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
-			BIO_printf(bio_err, "Error converting key\n", outfile);
+			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
 			return (1);
 		}
@@ -273,8 +273,7 @@ int MAIN(int argc, char **argv)
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
 					NULL, 0, iter, p8inf))) {
-				BIO_printf(bio_err, "Error encrypting key\n",
-								 outfile);
+				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
 				return (1);
 			}
@@ -317,7 +316,7 @@ int MAIN(int argc, char **argv)
 		}
 
 		if (!p8) {
-			BIO_printf (bio_err, "Error reading key\n", outfile);
+			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			return (1);
 		}
@@ -331,13 +330,13 @@ int MAIN(int argc, char **argv)
 	}
 
 	if (!p8inf) {
-		BIO_printf(bio_err, "Error decrypting key\n", outfile);
+		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
 	}
 
 	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
-		BIO_printf(bio_err, "Error converting key\n", outfile);
+		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
 	}

apps/x509.c

@@ -1090,7 +1090,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	BIO_free(io);
 	io=NULL;
 	
-	if (!X509_STORE_add_cert(ctx,x)) goto end;
+	/*if (!X509_STORE_add_cert(ctx,x)) goto end;*/
 
 	/* NOTE: this certificate can/should be self signed, unless it was
 	 * a certificate request in which case it is not. */

bugs/SSLv3

@@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
 doing a re-connect, always takes the first cipher in the cipher list.
 
 If we accept a netscape connection, demand a client cert, have a
-non-self-sighed CA which does not have it's CA in netscape, and the
+non-self-signed CA which does not have it's CA in netscape, and the
 browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta
 
 Netscape browsers do not really notice the server sending a

certs/expired/vsign3.pem

@@ -0,0 +1,18 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
+-----END CERTIFICATE-----

certs/vsign3.pem

@@ -1,18 +1,17 @@
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan  7 23:59:59 2004 GMT
+notAfter=Aug  1 23:59:59 2028 GMT
 -----BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
 -----END CERTIFICATE-----

crypto/asn1/a_bytes.c

@@ -201,7 +201,10 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
 		c.pp=pp;
 		c.p=p;
 		c.inf=inf;
-		c.slen=len;
+		if (inf & 1)
+			c.slen = length - (p - *pp);
+		else
+			c.slen=len;
 		c.tag=Ptag;
 		c.xclass=Pclass;
 		c.max=(length == 0)?0:(p+length);
@@ -279,8 +282,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 		{
 		if (c->inf & 1)
 			{
-			c->eos=ASN1_check_infinite_end(&c->p,
-				(long)(c->max-c->p));
+			c->eos=ASN1_check_infinite_end(&c->p, c->slen);
 			if (c->eos) break;
 			}
 		else
@@ -289,7 +291,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 			}
 
 		c->q=c->p;
-		if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+		if (d2i_ASN1_bytes(&os,&c->p,c->slen,c->tag,c->xclass)
 			== NULL)
 			{
 			c->error=ERR_R_ASN1_LIB;
@@ -302,8 +304,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 			goto err;
 			}
 		memcpy(&(b.data[num]),os->data,os->length);
-		if (!(c->inf & 1))
-			c->slen-=(c->p-c->q);
+		c->slen-=(c->p-c->q);
 		num+=os->length;
 		}
 

crypto/asn1/a_strex.c

@@ -78,7 +78,8 @@
  * and a FILE pointer.
  */
 
-int send_mem_chars(void *arg, const void *buf, int len)
+#if 0 /* Not used */
+static int send_mem_chars(void *arg, const void *buf, int len)
 {
 	unsigned char **out = arg;
 	if(!out) return 1;
@@ -86,15 +87,16 @@ int send_mem_chars(void *arg, const void *buf, int len)
 	*out += len;
 	return 1;
 }
+#endif
 
-int send_bio_chars(void *arg, const void *buf, int len)
+static int send_bio_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(BIO_write(arg, buf, len) != len) return 0;
 	return 1;
 }
 
-int send_fp_chars(void *arg, const void *buf, int len)
+static int send_fp_chars(void *arg, const void *buf, int len)
 {
 	if(!arg) return 1;
 	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
@@ -240,7 +242,8 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen
  * #01234 format.
  */
 
-int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
+		   ASN1_STRING *str)
 {
 	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
 	 * the DER encoding to readily obtained
@@ -274,7 +277,7 @@ int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
  * otherwise it is the number of bytes per character
  */
 
-const static char tag2nbyte[] = {
+const static signed char tag2nbyte[] = {
 	-1, -1, -1, -1, -1,	/* 0-4 */
 	-1, -1, -1, -1, -1,	/* 5-9 */
 	-1, -1, 0, -1,		/* 10-13 */

crypto/asn1/asn1.h

@@ -123,7 +123,7 @@ extern "C" {
 #define B_ASN1_NUMERICSTRING	0x0001
 #define B_ASN1_PRINTABLESTRING	0x0002
 #define B_ASN1_T61STRING	0x0004
-#define B_ASN1_TELETEXSTRING	0x0008
+#define B_ASN1_TELETEXSTRING	0x0004
 #define B_ASN1_VIDEOTEXSTRING	0x0008
 #define B_ASN1_IA5STRING	0x0010
 #define B_ASN1_GRAPHICSTRING	0x0020

crypto/asn1/asn1_lib.c

@@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 			l<<=7L;
 			l|= *(p++)&0x7f;
 			if (--max == 0) goto err;
+			if (l > (INT_MAX >> 7L)) goto err;
 			}
 		l<<=7L;
 		l|= *(p++)&0x7f;
 		tag=(int)l;
+		if (--max == 0) goto err;
 		}
 	else
 		{ 

crypto/bf/bftest.c

@@ -63,7 +63,11 @@
 #include <string.h>
 #include <stdlib.h>
 
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
 #include "../e_os.h"
+#endif
 
 #ifdef NO_BF
 int main(int argc, char *argv[])

crypto/bio/b_print.c

@@ -565,12 +565,12 @@ abs_val(LDOUBLE value)
 }
 
 static LDOUBLE
-pow10(int exp)
+pow10(int in_exp)
 {
     LDOUBLE result = 1;
-    while (exp) {
+    while (in_exp) {
         result *= 10;
-        exp--;
+        in_exp--;
     }
     return result;
 }
@@ -825,5 +825,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
 		 * had the buffer been large enough.) */
 		return -1;
 	else
-		return (retlen <= INT_MAX) ? retlen : -1;
+		return (retlen <= INT_MAX) ? (int)retlen : -1;
 	}

crypto/bio/bf_buff.c

@@ -495,6 +495,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
 			if (i <= 0)
 				{
 				BIO_copy_next_retry(b);
+				*buf='\0';
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}

crypto/bio/bss_bio.c

@@ -1,4 +1,57 @@
 /* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 /* Special method for a BIO where the other endpoint is also a BIO
  * of this kind, handled by the same thread (i.e. the "peer" is actually
@@ -503,7 +556,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		break;
 		
 	case BIO_C_DESTROY_BIO_PAIR:
-		/* Effects both BIOs in the pair -- call just once!
+		/* Affects both BIOs in the pair -- call just once!
 		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
 		bio_destroy_pair(bio);
 		ret = 1;

crypto/bn/bn.h

@@ -259,6 +259,8 @@ typedef struct bn_blinding_st
 	BIGNUM *A;
 	BIGNUM *Ai;
 	BIGNUM *mod; /* just a reference */
+	unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
+				  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
 	} BN_BLINDING;
 
 /* Used for montgomery multiplication */

crypto/bn/bn_mul.c

@@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
 	     int n, BN_ULONG *t)
 	{
 	int i,j,n2=n*2;
-	unsigned int c1,c2,neg,zero;
+	int c1,c2,neg,zero;
 	BN_ULONG ln,lo,*p;
 
 # ifdef BN_COUNT
@@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
 
 		/* The overflow will stop before we over write
 		 * words we should not overwrite */
-		if (ln < c1)
+		if (ln < (BN_ULONG)c1)
 			{
 			do	{
 				p++;

crypto/cryptlib.h

@@ -62,7 +62,11 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "openssl/e_os.h"
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
 
 #include <openssl/crypto.h>
 #include <openssl/buffer.h> 

crypto/crypto-lib.com

@@ -1142,7 +1142,7 @@ $ ENDIF
 $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
-$ CCDEFS = "VMS=1,TCPIP_TYPE_''P5',DSO_VMS"
+$ CCDEFS = "VMS=1,TCPIP_TYPE_''P5',DSO_VMS,THREADS"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
 $ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
 $ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"

crypto/des/cfb_enc.c

@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include "openssl/e_os.h"
 #include "des_locl.h"
 
 /* The input and output are loaded in multiples of 8 bits.

crypto/dso/dso_dlfcn.c

@@ -123,7 +123,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 #		endif
 #	endif
 #else
-#	define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+#	ifdef OPENSSL_SYS_SUNOS
+#		define DLOPEN_FLAG 1
+#	else
+#		define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+#	endif
 #endif
 
 /* For this DSO_METHOD, our meth_data STACK will contain;

crypto/engine/hw_ncipher.c

@@ -164,7 +164,7 @@ static RAND_METHOD hwcrhk_rand =
 	hwcrhk_rand_bytes,
 	NULL,
 	NULL,
-	hwcrhk_rand_bytes,
+	NULL,
 	hwcrhk_rand_status,
 	};
 
@@ -293,6 +293,7 @@ ENGINE *ENGINE_ncipher()
 	{
 	RSA_METHOD *meth1;
 	DH_METHOD *meth2;
+	const RAND_METHOD *meth3;
 
 	/* We know that the "PKCS1_SSLeay()" functions hook properly
 	 * to the cswift-specific mod_exp and mod_exp_crt so we use
@@ -311,6 +312,14 @@ ENGINE *ENGINE_ncipher()
 	meth2 = DH_OpenSSL();
 	hwcrhk_dh.generate_key = meth2->generate_key;
 	hwcrhk_dh.compute_key = meth2->compute_key;
+
+	/* Much the same for RAND */
+	meth3 = RAND_SSLeay();
+	hwcrhk_rand.seed = meth3->seed;
+	hwcrhk_rand.cleanup = meth3->cleanup;
+	hwcrhk_rand.add = meth3->add;
+	hwcrhk_rand.pseudorand = meth3->pseudorand;
+
 	return &engine_hwcrhk;
 	}
 
@@ -386,6 +395,8 @@ static int hwcrhk_init()
 	HWCryptoHook_RSAUnloadKey_t *p7;
 	HWCryptoHook_RandomBytes_t *p8;
 	HWCryptoHook_ModExpCRT_t *p9;
+	int rand_cnt;
+	RAND_METHOD *rand_method = RAND_SSLeay();
 
 	if(hwcrhk_dso != NULL)
 		{
@@ -466,6 +477,28 @@ static int hwcrhk_init()
 		hndidx = RSA_get_ex_new_index(0,
 			"nFast HWCryptoHook RSA key handle",
 			NULL, NULL, hwcrhk_ex_free);
+
+	/* Let's seed the OpenSSL pool with a bit of hardware randomness
+	   for a maximum of 32 rounds.  Beyond that, the OpenSSL random
+	   pool should be good, and if not, we assume something is seriously
+	   wrong with OpenSSL (for now, we let it be and let the user discover
+	   it through normal means.  That may need to change).  */
+	rand_cnt = 32;
+	do
+		{
+		unsigned char buf[8];
+
+		/* If something went wrong, it's OK to just return a fault.
+		   All that may happen is that the OpenSSL randomness pool
+		   is a bit more seeded, and that can't really be a bad thing,
+		   right?  */
+		if (!hwcrhk_rand.bytes(buf, sizeof(buf)))
+			goto err;
+
+		rand_method->seed(buf, sizeof(buf));
+		}
+	while(rand_cnt-- > 0 && rand_method->status());
+
 	return 1;
 err:
 	if(hwcrhk_dso)

crypto/engine/hw_ubsec.c

@@ -513,7 +513,6 @@ static int ubsec_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 		}
-	memset(r->d, 0, BN_num_bytes(m));
 
 	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) 
 	        {

crypto/evp/e_rc4.c

@@ -110,9 +110,8 @@ EVP_CIPHER *EVP_rc4_40(void)
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv, int enc)
 	{
-	memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
 	RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
-		ctx->c.rc4.key);
+		    key);
 	return 1;
 	}
 

crypto/md5/asm/md5-586.pl

@@ -293,7 +293,7 @@ sub md5_block
 	 &mov(&DWP(12,$tmp2,"",0),$D);
 
 	&cmp($tmp1,$X) unless $normal;			# check count
-	 &jge(&label("start")) unless $normal;
+	 &jae(&label("start")) unless $normal;
 
 	&pop("eax"); # pop the temp variable off the stack
 	 &pop("ebx");

crypto/mem.c

@@ -175,7 +175,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
 	void *ret = NULL;
 	extern unsigned char cleanse_ctr;
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -216,7 +216,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
 	void *ret = NULL;
 	extern unsigned char cleanse_ctr;
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -247,7 +247,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
 	if (str == NULL)
 		return CRYPTO_malloc(num, file, line);
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);

crypto/opensslv.h

@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x0090609fL
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6i [engine] Feb 19 2003"
+#define OPENSSL_VERSION_NUMBER	0x009060dfL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6m [engine] 17 Mar 2004"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 

crypto/pem/pem_lib.c

@@ -567,7 +567,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
 	     long len)
 	{
 	int nlen,n,i,j,outl;
-	unsigned char *buf;
+	unsigned char *buf = NULL;
 	EVP_ENCODE_CTX ctx;
 	int reason=ERR_R_BUF_LIB;
 	
@@ -587,7 +587,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
 			goto err;
 		}
 
-	buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
+	buf = OPENSSL_malloc(PEM_BUFSIZE*8);
 	if (buf == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -608,12 +608,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
 	EVP_EncodeFinal(&ctx,buf,&outl);
 	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
 	OPENSSL_free(buf);
+	buf = NULL;
 	if (	(BIO_write(bp,"-----END ",9) != 9) ||
 		(BIO_write(bp,name,nlen) != nlen) ||
 		(BIO_write(bp,"-----\n",6) != 6))
 		goto err;
 	return(i+outl);
 err:
+	if (buf)
+		OPENSSL_free(buf);
 	PEMerr(PEM_F_PEM_WRITE_BIO,reason);
 	return(0);
 	}

crypto/perlasm/x86ms.pl

@@ -141,7 +141,10 @@ sub main'jle	{ &out1("jle",@_); }
 sub main'jz	{ &out1("jz",@_); }
 sub main'jge	{ &out1("jge",@_); }
 sub main'jl	{ &out1("jl",@_); }
+sub main'ja	{ &out1("ja",@_); }
+sub main'jae	{ &out1("jae",@_); }
 sub main'jb	{ &out1("jb",@_); }
+sub main'jbe	{ &out1("jbe",@_); }
 sub main'jc	{ &out1("jc",@_); }
 sub main'jnc	{ &out1("jnc",@_); }
 sub main'jnz	{ &out1("jnz",@_); }

crypto/perlasm/x86nasm.pl

@@ -149,7 +149,10 @@ sub main'jle	{ &out1("jle NEAR",@_); }
 sub main'jz	{ &out1("jz NEAR",@_); }
 sub main'jge	{ &out1("jge NEAR",@_); }
 sub main'jl	{ &out1("jl NEAR",@_); }
+sub main'ja	{ &out1("ja NEAR",@_); }
+sub main'jae	{ &out1("jae NEAR",@_); }
 sub main'jb	{ &out1("jb NEAR",@_); }
+sub main'jbe	{ &out1("jbe NEAR",@_); }
 sub main'jc	{ &out1("jc NEAR",@_); }
 sub main'jnc	{ &out1("jnc NEAR",@_); }
 sub main'jnz	{ &out1("jnz NEAR",@_); }

crypto/perlasm/x86unix.pl

@@ -154,7 +154,10 @@ sub main'jnz	{ &out1("jnz",@_); }
 sub main'jz	{ &out1("jz",@_); }
 sub main'jge	{ &out1("jge",@_); }
 sub main'jl	{ &out1("jl",@_); }
+sub main'ja	{ &out1("ja",@_); }
+sub main'jae	{ &out1("jae",@_); }
 sub main'jb	{ &out1("jb",@_); }
+sub main'jbe	{ &out1("jbe",@_); }
 sub main'jc	{ &out1("jc",@_); }
 sub main'jnc	{ &out1("jnc",@_); }
 sub main'jno	{ &out1("jno",@_); }

crypto/rand/md_rand.c

@@ -292,7 +292,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 				st_idx=0;
 			}
 		}
-	memset((char *)&m,0,sizeof(m));
+	OPENSSL_cleanse((char *)&m,sizeof(m));
 
 	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	/* Don't just copy back local_md into md -- this could mean that
@@ -493,7 +493,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	MD_Final(md,&m);
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
-	memset(&m,0,sizeof(m));
+	OPENSSL_cleanse(&m,sizeof(m));
 	if (ok)
 		return(1);
 	else

crypto/rand/rand_egd.c

@@ -102,7 +102,7 @@ int RAND_egd(const char *path)
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
-	if (strlen(path) > sizeof(addr.sun_path))
+	if (strlen(path) >= sizeof(addr.sun_path))
 		return (-1);
 	strcpy(addr.sun_path,path);
 	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
@@ -134,7 +134,7 @@ int RAND_egd_bytes(const char *path,int bytes)
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
-	if (strlen(path) > sizeof(addr.sun_path))
+	if (strlen(path) >= sizeof(addr.sun_path))
 		return (-1);
 	strcpy(addr.sun_path,path);
 	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);

crypto/rand/rand_win.c

@@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
 typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
 
 typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
 typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
 typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
 typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@@ -414,7 +415,7 @@ int RAND_poll(void)
 	 * This seeding method was proposed in Peter Gutmann, Software
 	 * Generation of Practically Strong Random Numbers,
 	 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
-     * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+	 * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
 	 * (The assignment of entropy estimates below is arbitrary, but based
 	 * on Peter's analysis the full poll appears to be safe. Additional
 	 * interactive seeding is encouraged.)
@@ -423,6 +424,7 @@ int RAND_poll(void)
 	if (kernel)
 		{
 		CREATETOOLHELP32SNAPSHOT snap;
+		CLOSETOOLHELP32SNAPSHOT close_snap;
 		HANDLE handle;
 
 		HEAP32FIRST heap_first;
@@ -440,6 +442,8 @@ int RAND_poll(void)
 
 		snap = (CREATETOOLHELP32SNAPSHOT)
 			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+		close_snap = (CLOSETOOLHELP32SNAPSHOT)
+			GetProcAddress(kernel, "CloseToolhelp32Snapshot");
 		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
 		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
 		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
@@ -455,7 +459,7 @@ int RAND_poll(void)
 			heaplist_next && process_first && process_next &&
 			thread_first && thread_next && module_first &&
 			module_next && (handle = snap(TH32CS_SNAPALL,0))
-			!= NULL)
+			!= INVALID_HANDLE_VALUE)
 			{
 			/* heap list and heap walking */
                         /* HEAPLIST32 contains 3 fields that will change with
@@ -517,8 +521,10 @@ int RAND_poll(void)
 				do
 					RAND_add(&m, m.dwSize, 9);
 				while (module_next(handle, &m));
-
-			CloseHandle(handle);
+			if (close_snap)
+				close_snap(handle);
+			else
+				CloseHandle(handle);
 			}
 
 		FreeLibrary(kernel);

crypto/rsa/rsa.h

@@ -168,6 +168,12 @@ struct rsa_st
  */
 #define RSA_FLAG_SIGN_VER		0x40
 
+#define RSA_FLAG_NO_BLINDING		0x80 /* new with 0.9.6j and 0.9.7b; the built-in
+                                              * RSA implementation now uses blinding by
+                                              * default (ignoring RSA_FLAG_BLINDING),
+                                              * but other engines might not need it
+                                              */
+
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
 #define RSA_NO_PADDING		3
@@ -341,6 +347,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
+#define RSA_R_INTERNAL_ERROR				 133
 #define RSA_R_INVALID_MESSAGE_LENGTH			 131
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
 #define RSA_R_KEY_SIZE_TOO_SMALL			 120

crypto/rsa/rsa_eay.c

@@ -193,6 +193,61 @@ err:
 	return(r);
 	}
 
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+	{
+	int ret = 1;
+	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+	/* Check again inside the lock - the macro's check is racey */
+	if(rsa->blinding == NULL)
+		ret = RSA_blinding_on(rsa, ctx);
+	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+	return ret;
+	}
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+	do { \
+		if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
+		    ((rsa)->blinding == NULL) && \
+		    !rsa_eay_blinding(rsa, ctx)) \
+			err_instr \
+	} while(0)
+
+static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
+	{
+	const RSA_METHOD *meth;
+	BIGNUM *A, *Ai;
+	BN_BLINDING *ret = NULL;
+
+	/* added in OpenSSL 0.9.6j and 0.9.7b */
+
+	/* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
+	 * this should be placed in a new function of its own, but for reasons
+	 * of binary compatibility can't */
+
+	meth = ENGINE_get_RSA(rsa->engine);
+	BN_CTX_start(ctx);
+	A = BN_CTX_get(ctx);
+	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+		{
+		/* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+		RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+		if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+		}
+	else
+		{
+		if (!BN_rand_range(A,rsa->n)) goto err;
+		}
+	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
+
+	if (!meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+		goto err;
+	ret = BN_BLINDING_new(A,Ai,rsa->n);
+	BN_free(Ai);
+err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
 /* signing */
 static int RSA_eay_private_encrypt(int flen, unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
@@ -202,6 +257,8 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
+	int local_blinding = 0;
+	BN_BLINDING *blinding = NULL;
 
 	meth = ENGINE_get_RSA(rsa->engine);
 	BN_init(&f);
@@ -239,10 +296,39 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
 		goto err;
 		}
 
-	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-		RSA_blinding_on(rsa,ctx);
-	if (rsa->flags & RSA_FLAG_BLINDING)
-		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+	BLINDING_HELPER(rsa, ctx, goto err;);
+	blinding = rsa->blinding;
+	
+	/* Now unless blinding is disabled, 'blinding' is non-NULL.
+	 * But the BN_BLINDING object may be owned by some other thread
+	 * (we don't want to keep it constant and we don't want to use
+	 * lots of locking to avoid race conditions, so only a single
+	 * thread can use it; other threads have to use local blinding
+	 * factors) */
+	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+		{
+		if (blinding == NULL)
+			{
+			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_INTERNAL_ERROR);
+			goto err;
+			}
+		}
+	
+	if (blinding != NULL)
+		{
+		if (blinding->thread_id != CRYPTO_thread_id())
+			{
+			/* we need a local one-time blinding factor */
+
+			blinding = setup_blinding(rsa, ctx);
+			if (blinding == NULL)
+				goto err;
+			local_blinding = 1;
+			}
+		}
+
+	if (blinding)
+		if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
 
 	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
 		((rsa->p != NULL) &&
@@ -256,8 +342,8 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
 		if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
 		}
 
-	if (rsa->flags & RSA_FLAG_BLINDING)
-		if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+	if (blinding)
+		if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
 
 	/* put in leading 0 bytes if the number is less than the
 	 * length of the modulus */
@@ -271,6 +357,8 @@ err:
 	if (ctx != NULL) BN_CTX_free(ctx);
 	BN_clear_free(&ret);
 	BN_clear_free(&f);
+	if (local_blinding)
+		BN_BLINDING_free(blinding);
 	if (buf != NULL)
 		{
 		OPENSSL_cleanse(buf,num);
@@ -288,6 +376,8 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 	unsigned char *p;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
+	int local_blinding = 0;
+	BN_BLINDING *blinding = NULL;
 
 	meth = ENGINE_get_RSA(rsa->engine);
 	BN_init(&f);
@@ -320,10 +410,39 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 		goto err;
 		}
 
-	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-		RSA_blinding_on(rsa,ctx);
-	if (rsa->flags & RSA_FLAG_BLINDING)
-		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+	BLINDING_HELPER(rsa, ctx, goto err;);
+	blinding = rsa->blinding;
+	
+	/* Now unless blinding is disabled, 'blinding' is non-NULL.
+	 * But the BN_BLINDING object may be owned by some other thread
+	 * (we don't want to keep it constant and we don't want to use
+	 * lots of locking to avoid race conditions, so only a single
+	 * thread can use it; other threads have to use local blinding
+	 * factors) */
+	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+		{
+		if (blinding == NULL)
+			{
+			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_INTERNAL_ERROR);
+			goto err;
+			}
+		}
+	
+	if (blinding != NULL)
+		{
+		if (blinding->thread_id != CRYPTO_thread_id())
+			{
+			/* we need a local one-time blinding factor */
+
+			blinding = setup_blinding(rsa, ctx);
+			if (blinding == NULL)
+				goto err;
+			local_blinding = 1;
+			}
+		}
+
+	if (blinding)
+		if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
 
 	/* do the decrypt */
 	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -339,8 +458,8 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 			goto err;
 		}
 
-	if (rsa->flags & RSA_FLAG_BLINDING)
-		if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+	if (blinding)
+		if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
 
 	p=buf;
 	j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
@@ -372,6 +491,8 @@ err:
 	if (ctx != NULL) BN_CTX_free(ctx);
 	BN_clear_free(&f);
 	BN_clear_free(&ret);
+	if (local_blinding)
+		BN_BLINDING_free(blinding);
 	if (buf != NULL)
 		{
 		OPENSSL_cleanse(buf,num);

crypto/rsa/rsa_err.c

@@ -1,6 +1,6 @@
 /* crypto/rsa/rsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {RSA_R_DMP1_NOT_CONGRUENT_TO_D           ,"dmp1 not congruent to d"},
 {RSA_R_DMQ1_NOT_CONGRUENT_TO_D           ,"dmq1 not congruent to d"},
 {RSA_R_D_E_NOT_CONGRUENT_TO_1            ,"d e not congruent to 1"},
+{RSA_R_INTERNAL_ERROR                    ,"internal error"},
 {RSA_R_INVALID_MESSAGE_LENGTH            ,"invalid message length"},
 {RSA_R_IQMP_NOT_INVERSE_OF_Q             ,"iqmp not inverse of q"},
 {RSA_R_KEY_SIZE_TOO_SMALL                ,"key size too small"},

crypto/rsa/rsa_lib.c

@@ -62,6 +62,7 @@
 #include <openssl/lhash.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 
 const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
@@ -72,7 +73,9 @@ static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
 
 RSA *RSA_new(void)
 	{
-	return(RSA_new_method(NULL));
+	RSA *r=RSA_new_method(NULL);
+
+	return r;
 	}
 
 void RSA_set_default_openssl_method(RSA_METHOD *meth)
@@ -304,12 +307,13 @@ void RSA_blinding_off(RSA *rsa)
 		BN_BLINDING_free(rsa->blinding);
 		rsa->blinding=NULL;
 		}
-	rsa->flags&= ~RSA_FLAG_BLINDING;
+	rsa->flags &= ~RSA_FLAG_BLINDING;
+	rsa->flags |= RSA_FLAG_NO_BLINDING;
 	}
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	{
-	BIGNUM *A,*Ai;
+	BIGNUM *A,*Ai = NULL;
 	BN_CTX *ctx;
 	int ret=0;
 
@@ -320,22 +324,43 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	else
 		ctx=p_ctx;
 
+	/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
 	if (rsa->blinding != NULL)
+		{
 		BN_BLINDING_free(rsa->blinding);
+		rsa->blinding = NULL;
+		}
+
+	/* NB: similar code appears in setup_blinding (rsa_eay.c);
+	 * this should be placed in a new function of its own, but for reasons
+	 * of binary compatibility can't */
 
 	BN_CTX_start(ctx);
 	A = BN_CTX_get(ctx);
-	if (!BN_rand_range(A,rsa->n)) goto err;
+	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+		{
+		/* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+		RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+		if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+		}
+	else
+		{
+		if (!BN_rand_range(A,rsa->n)) goto err;
+		}
 	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
 	if (!ENGINE_get_RSA(rsa->engine)->bn_mod_exp(A,A,
 		rsa->e,rsa->n,ctx,rsa->_method_mod_n))
 	    goto err;
-	rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
-	rsa->flags|=RSA_FLAG_BLINDING;
-	BN_free(Ai);
+	if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
+	/* to make things thread-safe without excessive locking,
+	 * rsa->blinding will be used just by the current thread: */
+	rsa->blinding->thread_id = CRYPTO_thread_id();
+	rsa->flags |= RSA_FLAG_BLINDING;
+	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
 	ret=1;
 err:
+	if (Ai != NULL) BN_free(Ai);
 	BN_CTX_end(ctx);
 	if (ctx != p_ctx) BN_CTX_free(ctx);
 	return(ret);

crypto/x509/by_dir.c

@@ -302,8 +302,36 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 		k=0;
 		for (;;)
 			{
-			sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
-				postfix,k);
+			char c = '/';
+#ifdef VMS
+			c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
+			if (c != ':' && c != '>' && c != ']')
+				{
+				/* If no separator is present, we assume the
+				   directory specifier is a logical name, and
+				   add a colon.  We really should use better
+				   VMS routines for merging things like this,
+				   but this will do for now...
+				   -- Richard Levitte */
+				c = ':';
+				}
+			else
+				{
+				c = '\0';
+				}
+#endif
+			if (c == '\0')
+				{
+				/* This is special.  When c == '\0', no
+				   directory separator should be added. */
+				sprintf(b->data,"%s%08lx.%s%d",ctx->dirs[i],h,
+					postfix,k);
+				}
+			else
+				{
+				sprintf(b->data,"%s%c%08lx.%s%d",
+					ctx->dirs[i],c,h,postfix,k);
+				}
 			k++;
 			if (stat(b->data,&st) < 0)
 				break;

crypto/x509/x509_obj.c

@@ -94,6 +94,7 @@ int i;
 		OPENSSL_free(b);
 		}
 	    strncpy(buf,"NO X509_NAME",len);
+	    buf[len-1]='\0';
 	    return buf;
 	    }
 

crypto/x509/x509_vfy.c

@@ -490,7 +490,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 				ok=(*cb)(0,ctx);
 				if (!ok) goto end;
 				}
-			if (X509_verify(xs,pkey) <= 0)
+			else if (X509_verify(xs,pkey) <= 0)
 				{
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;

crypto/x509/x509type.c

@@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
 	case EVP_PKEY_RSA:
 		ret|=EVP_PKS_RSA;
 		break;
-	case EVP_PKS_DSA:
+	case EVP_PKEY_DSA:
 		ret|=EVP_PKS_DSA;
 		break;
 	default:
 		break;
 		}
 
-	if (EVP_PKEY_size(pk) <= 512)
+	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
+					   for, not bytes */
 		ret|=EVP_PKT_EXP;
 	if(pkey==NULL) EVP_PKEY_free(pk);
 	return(ret);

doc/crypto/BIO_f_ssl.pod

@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
 	return 0;
  }
 
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
  for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "</pre>\r\n");
+ BIO_puts(sbio, "\r\n");
 
  /* Since there is a buffering BIO present we had better flush it */
  BIO_flush(sbio);

doc/ssl/SSL_COMP_add_compression_method.pod

@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
 
 =over 4
 
-=item 1
+=item 0
 
 The operation succeeded.
 
-=item 0
+=item 1
 
 The operation failed. Check the error queue to find out the reason.
 

doc/ssl/SSL_CTX_set_options.pod

@@ -168,7 +168,7 @@ Diffie-Hellman) key exchange should be used instead.
 =item SSL_OP_NETSCAPE_CA_DN_BUG
 
 If we accept a netscape connection, demand a client cert, have a
-non-self-sighed CA which does not have it's CA in netscape, and the
+non-self-signed CA which does not have it's CA in netscape, and the
 browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta 
 
 =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG

e_os.h

@@ -303,6 +303,8 @@ extern "C" {
 #      define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
                          * (unless when compiling with -D_POSIX_SOURCE,
                          * which doesn't work for us) */
+#    endif
+#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
 #      define ssize_t int /* ditto */
 #    endif
 #    ifdef NEWS4 /* setvbuf is missing on mips-sony-bsd */

makevms.com

@@ -187,6 +187,73 @@ $!
 $ WRITE H_FILE "/* This file was automatically built using makevms.com */"
 $ WRITE H_FILE "/* and [.CRYPTO]OPENSSLCONF.H_IN */"
 $
+$!
+$! Write a few macros that indicate how this system was built.
+$!
+$ WRITE H_FILE ""
+$ WRITE H_FILE "#ifdef OPENSSL_ALGORITHM_DEFINES"
+$ CONFIG_LOGICALS := NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,-
+	NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,-
+	NO_IDEA,NO_BF,NO_CAST,NO_HMAC,NO_SSL2
+$ CONFIG_LOG_I = 0
+$ CONFIG_LOG_LOOP:
+$   CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS)
+$   CONFIG_LOG_I = CONFIG_LOG_I + 1
+$   IF CONFIG_LOG_E1 .EQS. "" THEN GOTO CONFIG_LOG_LOOP
+$   IF CONFIG_LOG_E1 .EQS. "," THEN GOTO CONFIG_LOG_LOOP_END
+$   CONFIG_LOG_E2 = F$EDIT(CONFIG_LOG_E1,"TRIM")
+$   CONFIG_LOG_E1 = F$ELEMENT(0,";",CONFIG_LOG_E2)
+$   CONFIG_LOG_E2 = F$ELEMENT(1,";",CONFIG_LOG_E2)
+$   CONFIG_LOG_E0 = F$ELEMENT(0,"/",CONFIG_LOG_E1)
+$   CONFIG_LOG_E1 = F$ELEMENT(1,"/",CONFIG_LOG_E1)
+$   IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E0)
+$   THEN
+$     WRITE H_FILE "# ifndef ",CONFIG_LOG_E0
+$     WRITE H_FILE "#  define ",CONFIG_LOG_E0
+$     WRITE H_FILE "# endif"
+$     IF CONFIG_LOG_E1 .NES. "/"
+$     THEN
+$       WRITE H_FILE "# ifndef ",CONFIG_LOG_E1
+$       WRITE H_FILE "#  define ",CONFIG_LOG_E1
+$       WRITE H_FILE "# endif"
+$     ENDIF
+$   ELSE
+$     IF CONFIG_LOG_E2 .NES. ";"
+$     THEN
+$       IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E2)
+$       THEN
+$         WRITE H_FILE "# ifndef ",CONFIG_LOG_E2
+$         WRITE H_FILE "#  define ",CONFIG_LOG_E2
+$         WRITE H_FILE "# endif"
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$   GOTO CONFIG_LOG_LOOP
+$ CONFIG_LOG_LOOP_END:
+$ WRITE H_FILE "#endif"
+$ WRITE H_FILE "#ifdef OPENSSL_THREAD_DEFINES"
+$ WRITE H_FILE "# ifndef THREADS"
+$ WRITE H_FILE "#  define THREADS"
+$ WRITE H_FILE "# endif"
+$ WRITE H_FILE "#endif"
+$ WRITE H_FILE "#ifdef OPENSSL_OTHER_DEFINES"
+$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP"
+$ THEN
+$   WRITE H_FILE "# ifndef NO_ASM"
+$   WRITE H_FILE "#  define NO_ASM"
+$   WRITE H_FILE "# endif"
+$ ENDIF
+$ IF RSAREF.EQS."RSAREF"
+$ THEN
+$   WRITE H_FILE "# ifndef RSAref"
+$   WRITE H_FILE "#  define RSAref"
+$   WRITE H_FILE "# endif"
+$ ENDIF
+$ WRITE H_FILE "# ifndef DSO_VMS"
+$ WRITE H_FILE "#  define DSO_VMS"
+$ WRITE H_FILE "# endif"
+$ WRITE H_FILE "#endif"
+$!
 $! Different tar version may have named the file differently
 $ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H_IN") .NES. ""
 $ THEN

openssl.spec

@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 6
-%define librev i
+%define librev m
 Release: 1
 
 %define openssldir /var/ssl

ssl/s3_clnt.c

@@ -1608,6 +1608,7 @@ static int ssl3_send_client_verify(SSL *s)
 		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
 		l2n3(n,d);
 
+		s->state=SSL3_ST_CW_CERT_VRFY_B;
 		s->init_num=(int)n+4;
 		s->init_off=0;
 		}
@@ -1785,7 +1786,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		if (algs & SSL_kRSA)
 			{
 			if (rsa == NULL
-			    || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+			    || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
 				goto f_err;
@@ -1797,7 +1798,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
-				|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
 				goto f_err;

ssl/s3_enc.c

@@ -188,9 +188,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
 	COMP_METHOD *comp;
 	const EVP_MD *m;
 	MD5_CTX md;
-	int exp,n,i,j,k,cl;
+	int is_exp,n,i,j,k,cl;
 
-	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+	is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
 	if (s->s3->tmp.new_compression == NULL)
@@ -262,9 +262,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
 	cl=EVP_CIPHER_key_length(c);
-	j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+	j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		    cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
@@ -292,7 +292,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
 		}
 
 	memcpy(mac_secret,ms,i);
-	if (exp)
+	if (is_exp)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).

ssl/s3_pkt.c

@@ -1079,6 +1079,14 @@ start:
 			goto err;
 			}
 
+		/* Check we have a cipher to change to */
+		if (s->s3->tmp.new_cipher == NULL)
+			{
+			i=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+			goto err;
+			}
+
 		rr->length=0;
 		s->s3->change_cipher_spec=1;
 		if (!do_change_cipher_spec(s))

ssl/s3_srvr.c

@@ -420,10 +420,11 @@ int ssl3_accept(SSL *s)
 			if (ret == 2)
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
 			else {
-				/* could be sent for a DH cert, even if we
-				 * have not asked for it :-) */
-				ret=ssl3_get_client_certificate(s);
-				if (ret <= 0) goto end;
+				if (s->s3->tmp.cert_request)
+					{
+					ret=ssl3_get_client_certificate(s);
+					if (ret <= 0) goto end;
+					}
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
@@ -828,6 +829,9 @@ static int ssl3_get_client_hello(SSL *s)
 		}
 
 	/* TLS does not mind if there is extra stuff */
+#if 0   /* SSL 3.0 does not mind either, so we should disable this test
+         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
 	if (s->version == SSL3_VERSION)
 		{
 		if (p < (d+n))
@@ -839,6 +843,7 @@ static int ssl3_get_client_hello(SSL *s)
 			goto f_err;
 			}
 		}
+#endif
 
 	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
 	 * pick a cipher */
@@ -1333,6 +1338,7 @@ static int ssl3_send_certificate_request(SSL *s)
 		s->init_num += 4;
 #endif
 
+		s->state = SSL3_ST_SW_CERT_REQ_B;
 		}
 
 	/* SSL3_ST_SW_CERT_REQ_B */
@@ -1425,7 +1431,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		if (i != SSL_MAX_MASTER_KEY_LENGTH)
 			{
 			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+			/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
 			}
 
 		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
@@ -1441,30 +1447,28 @@ static int ssl3_get_client_key_exchange(SSL *s)
 				(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
 				{
 				al=SSL_AD_DECODE_ERROR;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
-				goto f_err;
+				/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
+
+				/* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+				 * (http://eprint.iacr.org/2003/052/) exploits the version
+				 * number check as a "bad version oracle" -- an alert would
+				 * reveal that the plaintext corresponding to some ciphertext
+				 * made up by the adversary is properly formatted except
+				 * that the version number is wrong.  To avoid such attacks,
+				 * we should treat this just like any other decryption error. */
 				}
 			}
 
 		if (al != -1)
 			{
-#if 0
-			goto f_err;
-#else
 			/* Some decryption failure -- use random value instead as countermeasure
 			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
-			 * (see RFC 2246, section 7.4.7.1).
-			 * But note that due to length and protocol version checking, the
-			 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
-			 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
-			 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
-			 */
+			 * (see RFC 2246, section 7.4.7.1). */
 			ERR_clear_error();
 			i = SSL_MAX_MASTER_KEY_LENGTH;
 			p[0] = s->client_version >> 8;
 			p[1] = s->client_version & 0xff;
 			RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
-#endif
 			}
 	
 		s->session->master_key_length=

ssl/ssl-lib.com

@@ -898,7 +898,7 @@ $ ENDIF
 $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
-$ CCDEFS = "VMS=1,TCPIP_TYPE_''P5'"
+$ CCDEFS = "VMS=1,TCPIP_TYPE_''P5',THREADS"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
 $ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
 $ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"

ssl/ssl.h

@@ -1175,8 +1175,8 @@ char *SSL_alert_type_string(int value);
 char *SSL_alert_desc_string_long(int value);
 char *SSL_alert_desc_string(int value);
 
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);

ssl/ssl_cert.c

@@ -483,12 +483,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	return(i);
 	}
 
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
 	{
 	if (*ca_list != NULL)
 		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
 
-	*ca_list=list;
+	*ca_list=name_list;
 	}
 
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -510,14 +510,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
 	return(ret);
 	}
 
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
 	{
-	set_client_CA_list(&(s->client_CA),list);
+	set_client_CA_list(&(s->client_CA),name_list);
 	}
 
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
 	{
-	set_client_CA_list(&(ctx->client_CA),list);
+	set_client_CA_list(&(ctx->client_CA),name_list);
 	}
 
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)

ssl/ssl_ciph.c

@@ -310,10 +310,10 @@ static unsigned long ssl_cipher_get_disabled(void)
 	}
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 	{
-	int i, list_num;
+	int i, co_list_num;
 	SSL_CIPHER *c;
 
 	/*
@@ -324,18 +324,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 	 */
 
 	/* Get the initial list of ciphers */
-	list_num = 0;	/* actual count of ciphers */
+	co_list_num = 0;	/* actual count of ciphers */
 	for (i = 0; i < num_of_ciphers; i++)
 		{
 		c = ssl_method->get_cipher(i);
 		/* drop those that use any of that is not available */
 		if ((c != NULL) && c->valid && !(c->algorithms & mask))
 			{
-			list[list_num].cipher = c;
-			list[list_num].next = NULL;
-			list[list_num].prev = NULL;
-			list[list_num].active = 0;
-			list_num++;
+			co_list[co_list_num].cipher = c;
+			co_list[co_list_num].next = NULL;
+			co_list[co_list_num].prev = NULL;
+			co_list[co_list_num].active = 0;
+			co_list_num++;
 			/*
 			if (!sk_push(ca_list,(char *)c)) goto err;
 			*/
@@ -345,18 +345,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 	/*
 	 * Prepare linked list from list entries
 	 */	
-	for (i = 1; i < list_num - 1; i++)
+	for (i = 1; i < co_list_num - 1; i++)
 		{
-		list[i].prev = &(list[i-1]);
-		list[i].next = &(list[i+1]);
+		co_list[i].prev = &(co_list[i-1]);
+		co_list[i].next = &(co_list[i+1]);
 		}
-	if (list_num > 0)
+	if (co_list_num > 0)
 		{
-		(*head_p) = &(list[0]);
+		(*head_p) = &(co_list[0]);
 		(*head_p)->prev = NULL;
-		(*head_p)->next = &(list[1]);
-		(*tail_p) = &(list[list_num - 1]);
-		(*tail_p)->prev = &(list[list_num - 2]);
+		(*head_p)->next = &(co_list[1]);
+		(*tail_p) = &(co_list[co_list_num - 1]);
+		(*tail_p)->prev = &(co_list[co_list_num - 2]);
 		(*tail_p)->next = NULL;
 		}
 	}
@@ -402,7 +402,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
 
 static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
 		unsigned long algo_strength, unsigned long mask_strength,
-		int rule, int strength_bits, CIPHER_ORDER *list,
+		int rule, int strength_bits, CIPHER_ORDER *co_list,
 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 	{
 	CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -497,8 +497,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
 	*tail_p = tail;
 	}
 
-static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
-				     CIPHER_ORDER **tail_p)
+static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+				    CIPHER_ORDER **head_p,
+				    CIPHER_ORDER **tail_p)
 	{
 	int max_strength_bits, i, *number_uses;
 	CIPHER_ORDER *curr;
@@ -543,14 +544,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
 	for (i = max_strength_bits; i >= 0; i--)
 		if (number_uses[i] > 0)
 			ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
-					list, head_p, tail_p);
+					co_list, head_p, tail_p);
 
 	OPENSSL_free(number_uses);
 	return(1);
 	}
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
-		CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
 		CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
 	{
 	unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -674,7 +675,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			ok = 0;
 			if ((buflen == 8) &&
 				!strncmp(buf, "STRENGTH", 8))
-				ok = ssl_cipher_strength_sort(list,
+				ok = ssl_cipher_strength_sort(co_list,
 					head_p, tail_p);
 			else
 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -694,7 +695,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			{
 			ssl_cipher_apply_rule(algorithms, mask,
 				algo_strength, mask_strength, rule, -1,
-				list, head_p, tail_p);
+				co_list, head_p, tail_p);
 			}
 		else
 			{
@@ -716,7 +717,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	unsigned long disabled_mask;
 	STACK_OF(SSL_CIPHER) *cipherstack;
 	const char *rule_p;
-	CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
 	SSL_CIPHER **ca_list = NULL;
 
 	/*
@@ -738,15 +739,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 * it is used for allocation.
 	 */
 	num_of_ciphers = ssl_method->num_ciphers();
-	list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
-	if (list == NULL)
+	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+	if (co_list == NULL)
 		{
 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 		return(NULL);	/* Failure */
 		}
 
 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
-				   list, &head, &tail);
+				   co_list, &head, &tail);
 
 	/*
 	 * We also need cipher aliases for selecting based on the rule_str.
@@ -762,7 +763,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 		(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
 	if (ca_list == NULL)
 		{
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 		return(NULL);	/* Failure */
 		}
@@ -778,21 +779,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	if (strncmp(rule_str,"DEFAULT",7) == 0)
 		{
 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-			list, &head, &tail, ca_list);
+			co_list, &head, &tail, ca_list);
 		rule_p += 7;
 		if (*rule_p == ':')
 			rule_p++;
 		}
 
 	if (ok && (strlen(rule_p) > 0))
-		ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+		ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
 						ca_list);
 
 	OPENSSL_free(ca_list);	/* Not needed anymore */
 
 	if (!ok)
 		{	/* Rule processing failure */
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		return(NULL);
 		}
 	/*
@@ -801,7 +802,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 */
 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
 		{
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		return(NULL);
 		}
 
@@ -819,7 +820,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 #endif
 			}
 		}
-	OPENSSL_free(list);	/* Not needed any longer */
+	OPENSSL_free(co_list);	/* Not needed any longer */
 
 	/*
 	 * The following passage is a little bit odd. If pointer variables
@@ -869,7 +870,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	{
 	int is_export,pkl,kl;
-	char *ver,*exp;
+	char *ver,*exp_str;
 	char *kx,*au,*enc,*mac;
 	unsigned long alg,alg2,alg_s;
 	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
@@ -881,7 +882,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	is_export=SSL_C_IS_EXPORT(cipher);
 	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
 	kl=SSL_C_EXPORT_KEYLENGTH(cipher);
-	exp=is_export?" export":"";
+	exp_str=is_export?" export":"";
 
 	if (alg & SSL_SSLV2)
 		ver="SSLv2";
@@ -982,7 +983,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	else if (len < 128)
 		return("Buffer too small");
 
-	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
 	return(buf);
 	}
 
@@ -1063,9 +1064,9 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 	if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
 		{
 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
-		return(0);
+		return(1);
 		}
 	else
-		return(1);
+		return(0);
 	}
 

ssl/ssl_rsa.c

@@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 			 ok=1;
 		else
 #endif
-			if (!X509_check_private_key(c->pkeys[i].x509,pkey))
+		     if (!X509_check_private_key(c->pkeys[i].x509,pkey))
 			{
 			if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
 				{
@@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 		return(0);
 		}
 
+	ERR_clear_error(); /* make sure no error from X509_check_private_key()
+	                    * is left if we have chosen to ignore it */
 	if (c->pkeys[i].privatekey != NULL)
 		EVP_PKEY_free(c->pkeys[i].privatekey);
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);

ssl/ssl_sess.c

@@ -81,11 +81,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
 	/* Need to lock this all up rather than just use CRYPTO_add so that
 	 * somebody doesn't free ssl->session between when we check it's
 	 * non-null and when we up the reference count. */
-	CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
+	CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
 	sess = ssl->session;
 	if(sess)
 		sess->references++;
-	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
 	return(sess);
 	}
 

test/Makefile.ssl

@@ -258,78 +258,103 @@ $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)
 
 $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 
 $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 dummytest: dummytest.o $(DLIBCRYPTO)
+	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

test/maketests.com

@@ -729,7 +729,7 @@ $ ENDIF
 $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
-$ CCDEFS = "VMS=1,TCPIP_TYPE_''P4'"
+$ CCDEFS = "VMS=1,TCPIP_TYPE_''P4',THREADS"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
 $ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
 $ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"

util/mkdef.pl

@@ -315,6 +315,10 @@ sub do_defs
 	    		}
 
 			s/\/\*.*?\*\///gs;                   # ignore comments
+			if (/\/\*/) {                        # if we have part
+				$line = $_;                  # of a comment,
+				next;                        # continue reading
+			}
 			s/{[^{}]*}//gs;                      # ignore {} blocks
 			if (/^\#\s*ifndef (.*)/) {
 				push(@tag,$1);

util/mkerr.pl

@@ -320,7 +320,7 @@ EOF
 	print OUT <<"EOF";
 /* $cfile */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions