summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2002-05-21 01:49:12 +0000
committerBob Beck <beck@cvs.openbsd.org>2002-05-21 01:49:12 +0000
commit17f9e18763dbaafd99a9aba0411dc32dc76598fa (patch)
treeb2d254f7d97c7b627905c9e678d35b7fb307edd1
parent8aad40806a907cf884bc87ea850673b9d3bf9251 (diff)
Merge openssl-0.9.7-stable-SNAP-20020519
-rw-r--r--lib/libssl/src/CHANGES20
-rw-r--r--lib/libssl/src/Configure1
-rw-r--r--lib/libssl/src/FAQ2
-rw-r--r--lib/libssl/src/INSTALL.W328
-rw-r--r--lib/libssl/src/STATUS22
-rw-r--r--lib/libssl/src/apps/apps.h2
-rw-r--r--lib/libssl/src/apps/ca.c49
-rw-r--r--lib/libssl/src/apps/req.c114
-rw-r--r--lib/libssl/src/config4
-rw-r--r--lib/libssl/src/crypto/asn1/p5_pbev2.c2
-rw-r--r--lib/libssl/src/crypto/bio/b_print.c16
-rw-r--r--lib/libssl/src/crypto/bio/bss_bio.c13
-rw-r--r--lib/libssl/src/crypto/bn/bn.h2
-rw-r--r--lib/libssl/src/crypto/bn/bn_mul.c12
-rw-r--r--lib/libssl/src/crypto/evp/evp.h4
-rw-r--r--lib/libssl/src/crypto/evp/evp_enc.c30
-rw-r--r--lib/libssl/src/crypto/evp/evp_test.c4
-rw-r--r--lib/libssl/src/crypto/evp/p_seal.c6
-rw-r--r--lib/libssl/src/crypto/ui/ui_openssl.c2
-rw-r--r--lib/libssl/src/doc/apps/x509.pod6
-rw-r--r--lib/libssl/src/ms/mingw32.bat3
-rw-r--r--lib/libssl/src/shlib/svr5-shared-gcc.sh2
-rw-r--r--lib/libssl/src/ssl/ssl_cert.c1
-rw-r--r--lib/libssl/src/util/pl/Mingw32.pl14
24 files changed, 141 insertions, 198 deletions
diff --git a/lib/libssl/src/CHANGES b/lib/libssl/src/CHANGES
index b8399a3500a..500d3d481ab 100644
--- a/lib/libssl/src/CHANGES
+++ b/lib/libssl/src/CHANGES
@@ -4,6 +4,19 @@
Changes between 0.9.6d and 0.9.7 [XX xxx 2002]
+ *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
+ allows existing EVP_CIPHER_CTX structures to be reused after
+ calling EVP_*Final(). This behaviour is used by encryption
+ BIOs and some applications. This has the side effect that
+ applications must explicitly clean up cipher contexts with
+ EVP_CIPHER_CTX_cleanup() or they will leak memory.
+ [Steve Henson]
+
+ *) Check the values of dna and dnb in bn_mul_recursive before calling
+ bn_mul_comba (a non zero value means the a or b arrays do not contain
+ n2 elements) and fallback to bn_mul_normal if either is not zero.
+ [Steve Henson]
+
*) Fix escaping of non-ASCII characters when using the -subj option
of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
[Lutz Jaenicke]
@@ -1600,7 +1613,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
- Changes between 0.9.6c and 0.9.6d [XX xxx 2002]
+ Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
+
+ *) Fix EVP_dsa_sha macro.
+ [Nils Larsch]
+
+ Changes between 0.9.6c and 0.9.6d [9 May 2002]
*) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
encoded as NULL) with id-dsa-with-sha1.
diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure
index 1ffe1ac8565..f6d8a919be7 100644
--- a/lib/libssl/src/Configure
+++ b/lib/libssl/src/Configure
@@ -144,6 +144,7 @@ my %table=(
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"dist", "cc:-O::(unknown)::::::",
diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ
index 8b53581c5af..bea8fcfde09 100644
--- a/lib/libssl/src/FAQ
+++ b/lib/libssl/src/FAQ
@@ -60,7 +60,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6c was released on December 21st, 2001.
+OpenSSL 0.9.6d was released on May 9, 2002.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
diff --git a/lib/libssl/src/INSTALL.W32 b/lib/libssl/src/INSTALL.W32
index da061b289e7..852a82831f9 100644
--- a/lib/libssl/src/INSTALL.W32
+++ b/lib/libssl/src/INSTALL.W32
@@ -112,10 +112,10 @@
* Compiler installation:
Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
- gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
- <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
- make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
- C:\egcs-1.1.2\mingw32.bat to set the PATH.
+ gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it
+ to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to
+ the PATH environment variable in "System Properties"; or edit and
+ run C:\gcc-2.95.2\mingw32.bat to set the PATH.
* Compile OpenSSL:
diff --git a/lib/libssl/src/STATUS b/lib/libssl/src/STATUS
index 3438215ee74..2b285d1db54 100644
--- a/lib/libssl/src/STATUS
+++ b/lib/libssl/src/STATUS
@@ -1,10 +1,11 @@
OpenSSL STATUS Last modified at
- ______________ $Date: 2002/05/15 02:29:08 $
+ ______________ $Date: 2002/05/21 01:49:11 $
DEVELOPMENT STATE
o OpenSSL 0.9.7: Under development...
+ o OpenSSL 0.9.6d: Released on May 9th, 2002
o OpenSSL 0.9.6c: Released on December 21st, 2001
o OpenSSL 0.9.6b: Released on July 9th, 2001
o OpenSSL 0.9.6a: Released on April 5th, 2001
@@ -17,23 +18,12 @@
o OpenSSL 0.9.2b: Released on March 22th, 1999
o OpenSSL 0.9.1c: Released on December 23th, 1998
- RELEASE SHOWSTOPPERS
-
- o BIGNUM library failures on 64-bit platforms (0.9.7-dev):
- - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc
- and other 64-bit platforms
+ [See also http://www.openssl.org/support/rt2.html]
- Checked on Result
- alpha-cc (Tru64 version 4.0) works
- linux-alpha+bwx-gcc doesn't work. Reported by
- Sean O'Riordain <seanpor@acm.org>
- OpenBSD-sparc64 doesn't work. BN_mod_mul breaks.
-
- Needs checked on
- [add platforms here]
+ RELEASE SHOWSTOPPERS
- - BN_mod_mul verification fails for mips3-sgi-irix
- unless configured with no-asm
+ o BN_mod_mul verification fails for mips3-sgi-irix
+ unless configured with no-asm
AVAILABLE PATCHES
diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h
index a05ba712be8..5b3836ab228 100644
--- a/lib/libssl/src/apps/apps.h
+++ b/lib/libssl/src/apps/apps.h
@@ -253,6 +253,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, char *str);
int make_serial_index(TXT_DB *db);
+X509_NAME *do_subject(char *str, long chtype);
+
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
diff --git a/lib/libssl/src/apps/ca.c b/lib/libssl/src/apps/ca.c
index 8be557c956a..51d9470aa18 100644
--- a/lib/libssl/src/apps/ca.c
+++ b/lib/libssl/src/apps/ca.c
@@ -238,7 +238,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
-static X509_NAME *do_subject(char *subject);
static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
static int get_certificate_status(const char *ser_status, TXT_DB *db);
static int do_updatedb(TXT_DB *db);
@@ -1874,7 +1873,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
if (subj)
{
- X509_NAME *n = do_subject(subj);
+ X509_NAME *n = do_subject(subj, MBSTRING_ASC);
if (!n)
{
@@ -3012,13 +3011,13 @@ int make_revoked(X509_REVOKED *rev, char *str)
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
-static X509_NAME *do_subject(char *subject)
+X509_NAME *do_subject(char *subject, long chtype)
{
- size_t buflen = strlen (subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
- char *buf = malloc (buflen);
+ size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+ char *buf = OPENSSL_malloc(buflen);
size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = malloc (max_ne * sizeof (char *));
- char **ne_values = malloc (max_ne * sizeof (char *));
+ char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+ char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
char *sp = subject, *bp = buf;
int i, ne_num = 0;
@@ -3029,13 +3028,13 @@ static X509_NAME *do_subject(char *subject)
if (!buf || !ne_types || !ne_values)
{
BIO_printf(bio_err, "malloc error\n");
- goto error0;
+ goto error;
}
if (*subject != '/')
{
BIO_printf(bio_err, "Subject does not start with '/'.\n");
- goto error0;
+ goto error;
}
sp++; /* skip leading / */
@@ -3051,7 +3050,7 @@ static X509_NAME *do_subject(char *subject)
else
{
BIO_printf(bio_err, "escape character at end of string\n");
- goto error0;
+ goto error;
}
else if (*sp == '=')
{
@@ -3065,7 +3064,7 @@ static X509_NAME *do_subject(char *subject)
if (!*sp)
{
BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
- goto error0;
+ goto error;
}
ne_values[ne_num] = bp;
while (*sp)
@@ -3076,12 +3075,11 @@ static X509_NAME *do_subject(char *subject)
else
{
BIO_printf(bio_err, "escape character at end of string\n");
- goto error0;
+ goto error;
}
else if (*sp == '/')
{
sp++;
- *bp++ = '\0';
break;
}
else
@@ -3092,7 +3090,7 @@ static X509_NAME *do_subject(char *subject)
}
if (!(n = X509_NAME_new()))
- goto error0;
+ goto error;
for (i = 0; i < ne_num; i++)
{
@@ -3108,25 +3106,26 @@ static X509_NAME *do_subject(char *subject)
continue;
}
- if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_values[i], -1,-1,0))
- goto error1;
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
+ goto error;
}
- free (ne_values);
- free (ne_types);
- free (buf);
+ OPENSSL_free(ne_values);
+ OPENSSL_free(ne_types);
+ OPENSSL_free(buf);
return n;
-error1:
+error:
X509_NAME_free(n);
-error0:
- free (ne_values);
- free (ne_types);
- free (buf);
+ if (ne_values)
+ OPENSSL_free(ne_values);
+ if (ne_types)
+ OPENSSL_free(ne_types);
+ if (buf)
+ OPENSSL_free(buf);
return NULL;
}
-
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
{
char buf[25],*pbuf, *p;
diff --git a/lib/libssl/src/apps/req.c b/lib/libssl/src/apps/req.c
index 790aa90eb6c..5631a3839b0 100644
--- a/lib/libssl/src/apps/req.c
+++ b/lib/libssl/src/apps/req.c
@@ -1144,120 +1144,18 @@ err:
*/
static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
{
- size_t buflen = strlen (subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
- char *buf = malloc (buflen);
- size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = malloc (max_ne * sizeof (char *));
- char **ne_values = malloc (max_ne * sizeof (char *));
+ X509_NAME *n;
- char *sp = subject, *bp = buf;
- int i, ne_num = 0;
-
- X509_NAME *n = NULL;
- int nid;
-
- if (!buf || !ne_types || !ne_values)
- {
- BIO_printf(bio_err, "malloc error\n");
- goto error0;
- }
-
- if (*subject != '/')
- {
- BIO_printf(bio_err, "Subject does not start with '/'.\n");
- goto error0;
- }
- sp++; /* skip leading / */
-
- while (*sp)
- {
- /* collect type */
- ne_types[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\') /* is there anything to escape in the type...? */
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error0;
- }
- else if (*sp == '=')
- {
- sp++;
- *bp++ = '\0';
- break;
- }
- else
- *bp++ = *sp++;
- }
- if (!*sp)
- {
- BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
- goto error0;
- }
- ne_values[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\')
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error0;
- }
- else if (*sp == '/')
- {
- sp++;
- *bp++ = '\0';
- break;
- }
- else
- *bp++ = *sp++;
- }
- *bp++ = '\0';
- ne_num++;
- }
-
- if (!(n = X509_NAME_new()))
- goto error0;
+ if (!(n = do_subject(subject, chtype)))
+ return 0;
- for(i = 0; i < ne_num; i++)
+ if (!X509_REQ_set_subject_name(req, n))
{
- if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
- {
- BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!*ne_values[i])
- {
- BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
- goto error1;
-
+ X509_NAME_free(n);
+ return 0;
}
-
- if (!X509_REQ_set_subject_name(req, n))
- goto error1;
X509_NAME_free(n);
- free (ne_values);
- free (ne_types);
- free (buf);
return 1;
-
-error1:
- X509_NAME_free(n);
-error0:
- free (ne_values);
- free (ne_types);
- free (buf);
- return 0;
}
diff --git a/lib/libssl/src/config b/lib/libssl/src/config
index a7a40e04db8..132fb7a0ce8 100644
--- a/lib/libssl/src/config
+++ b/lib/libssl/src/config
@@ -517,6 +517,10 @@ EOF
${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
rm dummy dummy.c
;;
+ ppc64-*-linux2)
+ #Use the standard target for PPC architecture until we create a
+ #special one for the 64bit architecture.
+ OUT="linux-ppc" ;;
ppc-*-linux2) OUT="linux-ppc" ;;
m68k-*-linux*) OUT="linux-m68k" ;;
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
diff --git a/lib/libssl/src/crypto/asn1/p5_pbev2.c b/lib/libssl/src/crypto/asn1/p5_pbev2.c
index 43dfe09479f..91e1c8987d3 100644
--- a/lib/libssl/src/crypto/asn1/p5_pbev2.c
+++ b/lib/libssl/src/crypto/asn1/p5_pbev2.c
@@ -116,6 +116,8 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
goto err;
+ EVP_CIPHER_CTX_init(&ctx);
+
/* Dummy cipherinit to just setup the IV */
EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
diff --git a/lib/libssl/src/crypto/bio/b_print.c b/lib/libssl/src/crypto/bio/b_print.c
index b7e268f0920..3ce12907728 100644
--- a/lib/libssl/src/crypto/bio/b_print.c
+++ b/lib/libssl/src/crypto/bio/b_print.c
@@ -56,6 +56,13 @@
* [including the GNU Public Licence.]
*/
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
/*
* Stolen from tjh's ssl/ssl_trc.c stuff.
*/
@@ -716,12 +723,13 @@ doapr_outch(
if (buffer) {
while (*currlen >= *maxlen) {
if (*buffer == NULL) {
- assert(*sbuffer != NULL);
if (*maxlen == 0)
*maxlen = 1024;
*buffer = OPENSSL_malloc(*maxlen);
- if (*currlen > 0)
+ if (*currlen > 0) {
+ assert(*sbuffer != NULL);
memcpy(*buffer, *sbuffer, *currlen);
+ }
*sbuffer = NULL;
} else {
*maxlen += 1024;
@@ -761,7 +769,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
{
int ret;
size_t retlen;
- MS_STATIC char hugebuf[1024*10];
+ char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable
+ in small-stack environments, like threads
+ or DOS programs. */
char *hugebufp = hugebuf;
size_t hugebufsize = sizeof(hugebuf);
char *dynbuf = NULL;
diff --git a/lib/libssl/src/crypto/bio/bss_bio.c b/lib/libssl/src/crypto/bio/bss_bio.c
index a5da4730317..1c485a4479a 100644
--- a/lib/libssl/src/crypto/bio/bss_bio.c
+++ b/lib/libssl/src/crypto/bio/bss_bio.c
@@ -7,9 +7,18 @@
* for which no specific BIO method is available.
* See ssl/ssltest.c for some hints on how this can be used. */
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
+# ifndef BIO_PAIR_DEBUG
+# define BIO_PAIR_DEBUG
+# endif
+#endif
+
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
#ifndef BIO_PAIR_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
#endif
#include <assert.h>
diff --git a/lib/libssl/src/crypto/bn/bn.h b/lib/libssl/src/crypto/bn/bn.h
index d25b49c9d8d..1eaf8795531 100644
--- a/lib/libssl/src/crypto/bn/bn.h
+++ b/lib/libssl/src/crypto/bn/bn.h
@@ -136,7 +136,7 @@ extern "C" {
#define BN_MASK2h (0xffffffff00000000LL)
#define BN_MASK2h1 (0xffffffff80000000LL)
#define BN_TBIT (0x8000000000000000LL)
-#define BN_DEC_CONV (10000000000000000000LL)
+#define BN_DEC_CONV (10000000000000000000ULL)
#define BN_DEC_FMT1 "%llu"
#define BN_DEC_FMT2 "%019llu"
#define BN_DEC_NUM 19
diff --git a/lib/libssl/src/crypto/bn/bn_mul.c b/lib/libssl/src/crypto/bn/bn_mul.c
index 41ea925b8d9..7bffc9c16a5 100644
--- a/lib/libssl/src/crypto/bn/bn_mul.c
+++ b/lib/libssl/src/crypto/bn/bn_mul.c
@@ -408,16 +408,22 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
return;
}
# endif
- if (n2 == 8)
+ /* Only call bn_mul_comba 8 if n2 == 8 and the
+ * two arrays are complete [steve]
+ */
+ if (n2 == 8 && dna == 0 && dnb == 0)
{
bn_mul_comba8(r,a,b);
return;
}
# endif /* BN_MUL_COMBA */
+ /* Else do normal multiply */
if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
{
- /* This should not happen */
- bn_mul_normal(r,a,n2,b,n2);
+ bn_mul_normal(r,a,n2+dna,b,n2+dnb);
+ if ((dna + dnb) < 0)
+ memset(&r[2*n2 + dna + dnb], 0,
+ sizeof(BN_ULONG) * -(dna + dnb));
return;
}
/* r=(a[0]-a[1])*(b[1]-b[0]) */
diff --git a/lib/libssl/src/crypto/evp/evp.h b/lib/libssl/src/crypto/evp/evp.h
index 915fe623412..0d870d60beb 100644
--- a/lib/libssl/src/crypto/evp/evp.h
+++ b/lib/libssl/src/crypto/evp/evp.h
@@ -184,7 +184,7 @@ typedef struct evp_pkey_md_st
EVP_rsa_octet_string(),EVP_mdc2())
#define EVP_dsa_sha() \
EVP_PKEY_MD_add(NID_dsaWithSHA,\
- EVP_dsa(),EVP_mdc2())
+ EVP_dsa(),EVP_sha())
#define EVP_dsa_sha1() \
EVP_PKEY_MD_add(NID_dsaWithSHA1,\
EVP_dsa(),EVP_sha1())
@@ -525,7 +525,7 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
-void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c
index d28a7d266e5..32a1c7a2e94 100644
--- a/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/lib/libssl/src/crypto/evp/evp_enc.c
@@ -102,11 +102,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
goto skip_to_init;
if (cipher)
{
- /* Ensure an ENGINE left lying around from last time is cleared
+ /* Ensure a context left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
* ENGINE and EVP_CIPHER could be used). */
- if(ctx->engine)
- ENGINE_finish(ctx->engine);
+ EVP_CIPHER_CTX_cleanup(ctx);
+
+ /* Restore encrypt field: it is zeroed by cleanup */
+ ctx->encrypt = enc;
if(impl)
{
if (!ENGINE_init(impl))
@@ -140,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
}
else
ctx->engine = NULL;
+
ctx->cipher=cipher;
ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
ctx->key_len = cipher->key_len;
@@ -303,7 +306,6 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int ret;
ret = EVP_EncryptFinal_ex(ctx, out, outl);
- EVP_CIPHER_CTX_cleanup(ctx);
return ret;
}
@@ -314,14 +316,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
b=ctx->cipher->block_size;
if (b == 1)
{
- EVP_CIPHER_CTX_cleanup(ctx);
*outl=0;
return 1;
}
bl=ctx->buf_len;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
- EVP_CIPHER_CTX_cleanup(ctx);
if(bl)
{
EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -336,7 +336,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
ctx->buf[i]=n;
ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
- EVP_CIPHER_CTX_cleanup(ctx);
if(ret)
*outl=b;
@@ -394,7 +393,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int ret;
ret = EVP_DecryptFinal_ex(ctx, out, outl);
- EVP_CIPHER_CTX_cleanup(ctx);
return ret;
}
@@ -407,7 +405,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
b=ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
- EVP_CIPHER_CTX_cleanup(ctx);
if(ctx->buf_len)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -420,14 +417,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
if (ctx->buf_len || !ctx->final_used)
{
- EVP_CIPHER_CTX_cleanup(ctx);
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return(0);
}
n=ctx->final[b-1];
if (n > b)
{
- EVP_CIPHER_CTX_cleanup(ctx);
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
return(0);
}
@@ -435,7 +430,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
if (ctx->final[--b] != n)
{
- EVP_CIPHER_CTX_cleanup(ctx);
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
return(0);
}
@@ -447,17 +441,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
}
else
*outl=0;
- EVP_CIPHER_CTX_cleanup(ctx);
return(1);
}
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
{
- if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
+ if (c->cipher != NULL)
{
- if(!c->cipher->cleanup(c)) return 0;
+ if(c->cipher->cleanup && !c->cipher->cleanup(c))
+ return 0;
+ /* Zero cipher context data */
+ if (c->cipher_data)
+ memset(c->cipher_data, 0, c->cipher->ctx_size);
}
- OPENSSL_free(c->cipher_data);
+ if (c->cipher_data)
+ OPENSSL_free(c->cipher_data);
if (c->engine)
/* The EVP_CIPHER we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
diff --git a/lib/libssl/src/crypto/evp/evp_test.c b/lib/libssl/src/crypto/evp/evp_test.c
index 3607fe77767..decd0713d62 100644
--- a/lib/libssl/src/crypto/evp/evp_test.c
+++ b/lib/libssl/src/crypto/evp/evp_test.c
@@ -209,6 +209,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
exit(9);
}
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
printf("\n");
}
@@ -279,6 +281,8 @@ static int test_digest(const char *digest,
printf("\n");
+ EVP_MD_CTX_cleanup(&ctx);
+
return 1;
}
diff --git a/lib/libssl/src/crypto/evp/p_seal.c b/lib/libssl/src/crypto/evp/p_seal.c
index 5570ca37456..37e547fe727 100644
--- a/lib/libssl/src/crypto/evp/p_seal.c
+++ b/lib/libssl/src/crypto/evp/p_seal.c
@@ -106,8 +106,10 @@ int inl;
}
*/
-void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
- EVP_EncryptFinal_ex(ctx,out,outl);
+ int i;
+ i = EVP_EncryptFinal_ex(ctx,out,outl);
EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+ return i;
}
diff --git a/lib/libssl/src/crypto/ui/ui_openssl.c b/lib/libssl/src/crypto/ui/ui_openssl.c
index 3aa03f74aae..4e121654101 100644
--- a/lib/libssl/src/crypto/ui/ui_openssl.c
+++ b/lib/libssl/src/crypto/ui/ui_openssl.c
@@ -465,7 +465,7 @@ static int open_console(UI *ui)
tty_out=stderr;
#endif
-#if defined(TTY_get) && !defined(VMS)
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
if (TTY_get(fileno(tty_in),&tty_orig) == -1)
{
#ifdef ENOTTY
diff --git a/lib/libssl/src/doc/apps/x509.pod b/lib/libssl/src/doc/apps/x509.pod
index 23367b7659d..4a17e338dd6 100644
--- a/lib/libssl/src/doc/apps/x509.pod
+++ b/lib/libssl/src/doc/apps/x509.pod
@@ -505,6 +505,8 @@ As well as customising the name output format, it is also possible to
customise the actual fields printed using the B<certopt> options when
the B<text> option is present. The default behaviour is to print all fields.
+=over 4
+
=item B<compatible>
use the old format. This is equivalent to specifying no output options at all.
@@ -574,10 +576,6 @@ hex dump unsupported extensions.
the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
B<no_version>, B<no_sigdump> and B<no_signame>.
-
-
-=over 4
-
=back
=head1 EXAMPLES
diff --git a/lib/libssl/src/ms/mingw32.bat b/lib/libssl/src/ms/mingw32.bat
index db70b8580ee..1968f4150bb 100644
--- a/lib/libssl/src/ms/mingw32.bat
+++ b/lib/libssl/src/ms/mingw32.bat
@@ -12,7 +12,8 @@ echo Generating x86 for GNU assember
echo Bignum
cd crypto\bn\asm
-perl x86.pl gaswin > bn-win32.s
+perl bn-586.pl gaswin > bn-win32.s
+perl co-586.pl gaswin > co-win32.s
cd ..\..\..
echo DES
diff --git a/lib/libssl/src/shlib/svr5-shared-gcc.sh b/lib/libssl/src/shlib/svr5-shared-gcc.sh
index b36a0375a68..76957df9476 100644
--- a/lib/libssl/src/shlib/svr5-shared-gcc.sh
+++ b/lib/libssl/src/shlib/svr5-shared-gcc.sh
@@ -9,7 +9,7 @@ sh_slib=$slib.so.$major.$minor
clib=libcrypto
sh_clib=$clib.so.$major.$minor
-FLAGS="-O3 -DFILIO_H -fomit-frame-pointer -pthread
+FLAGS="-O3 -DFILIO_H -fomit-frame-pointer -pthread"
SHFLAGS="-DPIC -fPIC"
touch $sh_clib
diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c
index 79e89fe14ad..3d31bbf05f0 100644
--- a/lib/libssl/src/ssl/ssl_cert.c
+++ b/lib/libssl/src/ssl/ssl_cert.c
@@ -825,7 +825,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
err:
FindClose(hFind);
err_noclose:
- if (d) closedir(d);
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret;
}
diff --git a/lib/libssl/src/util/pl/Mingw32.pl b/lib/libssl/src/util/pl/Mingw32.pl
index 37f36126f37..45ab685974e 100644
--- a/lib/libssl/src/util/pl/Mingw32.pl
+++ b/lib/libssl/src/util/pl/Mingw32.pl
@@ -25,6 +25,8 @@ if ($gaswin and !$no_asm)
{
$bn_asm_obj='$(OBJ_D)/bn-win32.o';
$bn_asm_src='crypto/bn/asm/bn-win32.s';
+ $bnco_asm_obj='$(OBJ_D)/co-win32.o';
+ $bnco_asm_src='crypto/bn/asm/co-win32.s';
$des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o';
$des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
$bf_enc_obj='$(OBJ_D)/b-win32.o';
@@ -66,12 +68,12 @@ $lfile='';
$asm='as';
$afile='-o ';
-$bn_asm_obj="";
-$bn_asm_src="";
-$des_enc_obj="";
-$des_enc_src="";
-$bf_enc_obj="";
-$bf_enc_src="";
+#$bn_asm_obj="";
+#$bn_asm_src="";
+#$des_enc_obj="";
+#$des_enc_src="";
+#$bf_enc_obj="";
+#$bf_enc_src="";
sub do_lib_rule
{