diff options
24 files changed, 141 insertions, 198 deletions
diff --git a/lib/libssl/src/CHANGES b/lib/libssl/src/CHANGES index b8399a3500a..500d3d481ab 100644 --- a/lib/libssl/src/CHANGES +++ b/lib/libssl/src/CHANGES @@ -4,6 +4,19 @@ Changes between 0.9.6d and 0.9.7 [XX xxx 2002] + *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this + allows existing EVP_CIPHER_CTX structures to be reused after + calling EVP_*Final(). This behaviour is used by encryption + BIOs and some applications. This has the side effect that + applications must explicitly clean up cipher contexts with + EVP_CIPHER_CTX_cleanup() or they will leak memory. + [Steve Henson] + + *) Check the values of dna and dnb in bn_mul_recursive before calling + bn_mul_comba (a non zero value means the a or b arrays do not contain + n2 elements) and fallback to bn_mul_normal if either is not zero. + [Steve Henson] + *) Fix escaping of non-ASCII characters when using the -subj option of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>) [Lutz Jaenicke] @@ -1600,7 +1613,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] - Changes between 0.9.6c and 0.9.6d [XX xxx 2002] + Changes between 0.9.6d and 0.9.6e [XX xxx XXXX] + + *) Fix EVP_dsa_sha macro. + [Nils Larsch] + + Changes between 0.9.6c and 0.9.6d [9 May 2002] *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not encoded as NULL) with id-dsa-with-sha1. diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure index 1ffe1ac8565..f6d8a919be7 100644 --- a/lib/libssl/src/Configure +++ b/lib/libssl/src/Configure @@ -144,6 +144,7 @@ my %table=( "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ index 8b53581c5af..bea8fcfde09 100644 --- a/lib/libssl/src/FAQ +++ b/lib/libssl/src/FAQ @@ -60,7 +60,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.6c was released on December 21st, 2001. +OpenSSL 0.9.6d was released on May 9, 2002. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: diff --git a/lib/libssl/src/INSTALL.W32 b/lib/libssl/src/INSTALL.W32 index da061b289e7..852a82831f9 100644 --- a/lib/libssl/src/INSTALL.W32 +++ b/lib/libssl/src/INSTALL.W32 @@ -112,10 +112,10 @@ * Compiler installation: Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/ - gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at - <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/ - make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run - C:\egcs-1.1.2\mingw32.bat to set the PATH. + gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it + to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to + the PATH environment variable in "System Properties"; or edit and + run C:\gcc-2.95.2\mingw32.bat to set the PATH. * Compile OpenSSL: diff --git a/lib/libssl/src/STATUS b/lib/libssl/src/STATUS index 3438215ee74..2b285d1db54 100644 --- a/lib/libssl/src/STATUS +++ b/lib/libssl/src/STATUS @@ -1,10 +1,11 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/05/15 02:29:08 $ + ______________ $Date: 2002/05/21 01:49:11 $ DEVELOPMENT STATE o OpenSSL 0.9.7: Under development... + o OpenSSL 0.9.6d: Released on May 9th, 2002 o OpenSSL 0.9.6c: Released on December 21st, 2001 o OpenSSL 0.9.6b: Released on July 9th, 2001 o OpenSSL 0.9.6a: Released on April 5th, 2001 @@ -17,23 +18,12 @@ o OpenSSL 0.9.2b: Released on March 22th, 1999 o OpenSSL 0.9.1c: Released on December 23th, 1998 - RELEASE SHOWSTOPPERS - - o BIGNUM library failures on 64-bit platforms (0.9.7-dev): - - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc - and other 64-bit platforms + [See also http://www.openssl.org/support/rt2.html] - Checked on Result - alpha-cc (Tru64 version 4.0) works - linux-alpha+bwx-gcc doesn't work. Reported by - Sean O'Riordain <seanpor@acm.org> - OpenBSD-sparc64 doesn't work. BN_mod_mul breaks. - - Needs checked on - [add platforms here] + RELEASE SHOWSTOPPERS - - BN_mod_mul verification fails for mips3-sgi-irix - unless configured with no-asm + o BN_mod_mul verification fails for mips3-sgi-irix + unless configured with no-asm AVAILABLE PATCHES diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h index a05ba712be8..5b3836ab228 100644 --- a/lib/libssl/src/apps/apps.h +++ b/lib/libssl/src/apps/apps.h @@ -253,6 +253,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str); int make_serial_index(TXT_DB *db); +X509_NAME *do_subject(char *str, long chtype); + #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 #define FORMAT_TEXT 2 diff --git a/lib/libssl/src/apps/ca.c b/lib/libssl/src/apps/ca.c index 8be557c956a..51d9470aa18 100644 --- a/lib/libssl/src/apps/ca.c +++ b/lib/libssl/src/apps/ca.c @@ -238,7 +238,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static X509_NAME *do_subject(char *subject); static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, TXT_DB *db); static int do_updatedb(TXT_DB *db); @@ -1874,7 +1873,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj); + X509_NAME *n = do_subject(subj, MBSTRING_ASC); if (!n) { @@ -3012,13 +3011,13 @@ int make_revoked(X509_REVOKED *rev, char *str) * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static X509_NAME *do_subject(char *subject) +X509_NAME *do_subject(char *subject, long chtype) { - size_t buflen = strlen (subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ - char *buf = malloc (buflen); + size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + char *buf = OPENSSL_malloc(buflen); size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = malloc (max_ne * sizeof (char *)); - char **ne_values = malloc (max_ne * sizeof (char *)); + char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); char *sp = subject, *bp = buf; int i, ne_num = 0; @@ -3029,13 +3028,13 @@ static X509_NAME *do_subject(char *subject) if (!buf || !ne_types || !ne_values) { BIO_printf(bio_err, "malloc error\n"); - goto error0; + goto error; } if (*subject != '/') { BIO_printf(bio_err, "Subject does not start with '/'.\n"); - goto error0; + goto error; } sp++; /* skip leading / */ @@ -3051,7 +3050,7 @@ static X509_NAME *do_subject(char *subject) else { BIO_printf(bio_err, "escape character at end of string\n"); - goto error0; + goto error; } else if (*sp == '=') { @@ -3065,7 +3064,7 @@ static X509_NAME *do_subject(char *subject) if (!*sp) { BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); - goto error0; + goto error; } ne_values[ne_num] = bp; while (*sp) @@ -3076,12 +3075,11 @@ static X509_NAME *do_subject(char *subject) else { BIO_printf(bio_err, "escape character at end of string\n"); - goto error0; + goto error; } else if (*sp == '/') { sp++; - *bp++ = '\0'; break; } else @@ -3092,7 +3090,7 @@ static X509_NAME *do_subject(char *subject) } if (!(n = X509_NAME_new())) - goto error0; + goto error; for (i = 0; i < ne_num; i++) { @@ -3108,25 +3106,26 @@ static X509_NAME *do_subject(char *subject) continue; } - if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_values[i], -1,-1,0)) - goto error1; + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) + goto error; } - free (ne_values); - free (ne_types); - free (buf); + OPENSSL_free(ne_values); + OPENSSL_free(ne_types); + OPENSSL_free(buf); return n; -error1: +error: X509_NAME_free(n); -error0: - free (ne_values); - free (ne_types); - free (buf); + if (ne_values) + OPENSSL_free(ne_values); + if (ne_types) + OPENSSL_free(ne_types); + if (buf) + OPENSSL_free(buf); return NULL; } - int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25],*pbuf, *p; diff --git a/lib/libssl/src/apps/req.c b/lib/libssl/src/apps/req.c index 790aa90eb6c..5631a3839b0 100644 --- a/lib/libssl/src/apps/req.c +++ b/lib/libssl/src/apps/req.c @@ -1144,120 +1144,18 @@ err: */ static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) { - size_t buflen = strlen (subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ - char *buf = malloc (buflen); - size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = malloc (max_ne * sizeof (char *)); - char **ne_values = malloc (max_ne * sizeof (char *)); + X509_NAME *n; - char *sp = subject, *bp = buf; - int i, ne_num = 0; - - X509_NAME *n = NULL; - int nid; - - if (!buf || !ne_types || !ne_values) - { - BIO_printf(bio_err, "malloc error\n"); - goto error0; - } - - if (*subject != '/') - { - BIO_printf(bio_err, "Subject does not start with '/'.\n"); - goto error0; - } - sp++; /* skip leading / */ - - while (*sp) - { - /* collect type */ - ne_types[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') /* is there anything to escape in the type...? */ - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error0; - } - else if (*sp == '=') - { - sp++; - *bp++ = '\0'; - break; - } - else - *bp++ = *sp++; - } - if (!*sp) - { - BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); - goto error0; - } - ne_values[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error0; - } - else if (*sp == '/') - { - sp++; - *bp++ = '\0'; - break; - } - else - *bp++ = *sp++; - } - *bp++ = '\0'; - ne_num++; - } - - if (!(n = X509_NAME_new())) - goto error0; + if (!(n = do_subject(subject, chtype))) + return 0; - for(i = 0; i < ne_num; i++) + if (!X509_REQ_set_subject_name(req, n)) { - if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) - { - BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); - continue; - } - - if (!*ne_values[i]) - { - BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); - continue; - } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) - goto error1; - + X509_NAME_free(n); + return 0; } - - if (!X509_REQ_set_subject_name(req, n)) - goto error1; X509_NAME_free(n); - free (ne_values); - free (ne_types); - free (buf); return 1; - -error1: - X509_NAME_free(n); -error0: - free (ne_values); - free (ne_types); - free (buf); - return 0; } diff --git a/lib/libssl/src/config b/lib/libssl/src/config index a7a40e04db8..132fb7a0ce8 100644 --- a/lib/libssl/src/config +++ b/lib/libssl/src/config @@ -517,6 +517,10 @@ EOF ${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}` rm dummy dummy.c ;; + ppc64-*-linux2) + #Use the standard target for PPC architecture until we create a + #special one for the 64bit architecture. + OUT="linux-ppc" ;; ppc-*-linux2) OUT="linux-ppc" ;; m68k-*-linux*) OUT="linux-m68k" ;; ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; diff --git a/lib/libssl/src/crypto/asn1/p5_pbev2.c b/lib/libssl/src/crypto/asn1/p5_pbev2.c index 43dfe09479f..91e1c8987d3 100644 --- a/lib/libssl/src/crypto/asn1/p5_pbev2.c +++ b/lib/libssl/src/crypto/asn1/p5_pbev2.c @@ -116,6 +116,8 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) goto err; + EVP_CIPHER_CTX_init(&ctx); + /* Dummy cipherinit to just setup the IV */ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { diff --git a/lib/libssl/src/crypto/bio/b_print.c b/lib/libssl/src/crypto/bio/b_print.c index b7e268f0920..3ce12907728 100644 --- a/lib/libssl/src/crypto/bio/b_print.c +++ b/lib/libssl/src/crypto/bio/b_print.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +/* disable assert() unless BIO_DEBUG has been defined */ +#ifndef BIO_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + /* * Stolen from tjh's ssl/ssl_trc.c stuff. */ @@ -716,12 +723,13 @@ doapr_outch( if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { - assert(*sbuffer != NULL); if (*maxlen == 0) *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); - if (*currlen > 0) + if (*currlen > 0) { + assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); + } *sbuffer = NULL; } else { *maxlen += 1024; @@ -761,7 +769,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args) { int ret; size_t retlen; - MS_STATIC char hugebuf[1024*10]; + char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable + in small-stack environments, like threads + or DOS programs. */ char *hugebufp = hugebuf; size_t hugebufsize = sizeof(hugebuf); char *dynbuf = NULL; diff --git a/lib/libssl/src/crypto/bio/bss_bio.c b/lib/libssl/src/crypto/bio/bss_bio.c index a5da4730317..1c485a4479a 100644 --- a/lib/libssl/src/crypto/bio/bss_bio.c +++ b/lib/libssl/src/crypto/bio/bss_bio.c @@ -7,9 +7,18 @@ * for which no specific BIO method is available. * See ssl/ssltest.c for some hints on how this can be used. */ +/* BIO_DEBUG implies BIO_PAIR_DEBUG */ +#ifdef BIO_DEBUG +# ifndef BIO_PAIR_DEBUG +# define BIO_PAIR_DEBUG +# endif +#endif + +/* disable assert() unless BIO_PAIR_DEBUG has been defined */ #ifndef BIO_PAIR_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG +# ifndef NDEBUG +# define NDEBUG +# endif #endif #include <assert.h> diff --git a/lib/libssl/src/crypto/bn/bn.h b/lib/libssl/src/crypto/bn/bn.h index d25b49c9d8d..1eaf8795531 100644 --- a/lib/libssl/src/crypto/bn/bn.h +++ b/lib/libssl/src/crypto/bn/bn.h @@ -136,7 +136,7 @@ extern "C" { #define BN_MASK2h (0xffffffff00000000LL) #define BN_MASK2h1 (0xffffffff80000000LL) #define BN_TBIT (0x8000000000000000LL) -#define BN_DEC_CONV (10000000000000000000LL) +#define BN_DEC_CONV (10000000000000000000ULL) #define BN_DEC_FMT1 "%llu" #define BN_DEC_FMT2 "%019llu" #define BN_DEC_NUM 19 diff --git a/lib/libssl/src/crypto/bn/bn_mul.c b/lib/libssl/src/crypto/bn/bn_mul.c index 41ea925b8d9..7bffc9c16a5 100644 --- a/lib/libssl/src/crypto/bn/bn_mul.c +++ b/lib/libssl/src/crypto/bn/bn_mul.c @@ -408,16 +408,22 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, return; } # endif - if (n2 == 8) + /* Only call bn_mul_comba 8 if n2 == 8 and the + * two arrays are complete [steve] + */ + if (n2 == 8 && dna == 0 && dnb == 0) { bn_mul_comba8(r,a,b); return; } # endif /* BN_MUL_COMBA */ + /* Else do normal multiply */ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { - /* This should not happen */ - bn_mul_normal(r,a,n2,b,n2); + bn_mul_normal(r,a,n2+dna,b,n2+dnb); + if ((dna + dnb) < 0) + memset(&r[2*n2 + dna + dnb], 0, + sizeof(BN_ULONG) * -(dna + dnb)); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ diff --git a/lib/libssl/src/crypto/evp/evp.h b/lib/libssl/src/crypto/evp/evp.h index 915fe623412..0d870d60beb 100644 --- a/lib/libssl/src/crypto/evp/evp.h +++ b/lib/libssl/src/crypto/evp/evp.h @@ -184,7 +184,7 @@ typedef struct evp_pkey_md_st EVP_rsa_octet_string(),EVP_mdc2()) #define EVP_dsa_sha() \ EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_mdc2()) + EVP_dsa(),EVP_sha()) #define EVP_dsa_sha1() \ EVP_PKEY_MD_add(NID_dsaWithSHA1,\ EVP_dsa(),EVP_sha1()) @@ -525,7 +525,7 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); -void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c index d28a7d266e5..32a1c7a2e94 100644 --- a/lib/libssl/src/crypto/evp/evp_enc.c +++ b/lib/libssl/src/crypto/evp/evp_enc.c @@ -102,11 +102,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp goto skip_to_init; if (cipher) { - /* Ensure an ENGINE left lying around from last time is cleared + /* Ensure a context left lying around from last time is cleared * (the previous check attempted to avoid this if the same * ENGINE and EVP_CIPHER could be used). */ - if(ctx->engine) - ENGINE_finish(ctx->engine); + EVP_CIPHER_CTX_cleanup(ctx); + + /* Restore encrypt field: it is zeroed by cleanup */ + ctx->encrypt = enc; if(impl) { if (!ENGINE_init(impl)) @@ -140,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; + ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); ctx->key_len = cipher->key_len; @@ -303,7 +306,6 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int ret; ret = EVP_EncryptFinal_ex(ctx, out, outl); - EVP_CIPHER_CTX_cleanup(ctx); return ret; } @@ -314,14 +316,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) b=ctx->cipher->block_size; if (b == 1) { - EVP_CIPHER_CTX_cleanup(ctx); *outl=0; return 1; } bl=ctx->buf_len; if (ctx->flags & EVP_CIPH_NO_PADDING) { - EVP_CIPHER_CTX_cleanup(ctx); if(bl) { EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); @@ -336,7 +336,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) ctx->buf[i]=n; ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); - EVP_CIPHER_CTX_cleanup(ctx); if(ret) *outl=b; @@ -394,7 +393,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int ret; ret = EVP_DecryptFinal_ex(ctx, out, outl); - EVP_CIPHER_CTX_cleanup(ctx); return ret; } @@ -407,7 +405,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) b=ctx->cipher->block_size; if (ctx->flags & EVP_CIPH_NO_PADDING) { - EVP_CIPHER_CTX_cleanup(ctx); if(ctx->buf_len) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); @@ -420,14 +417,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->buf_len || !ctx->final_used) { - EVP_CIPHER_CTX_cleanup(ctx); EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } n=ctx->final[b-1]; if (n > b) { - EVP_CIPHER_CTX_cleanup(ctx); EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); } @@ -435,7 +430,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->final[--b] != n) { - EVP_CIPHER_CTX_cleanup(ctx); EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); } @@ -447,17 +441,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } else *outl=0; - EVP_CIPHER_CTX_cleanup(ctx); return(1); } int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { - if ((c->cipher != NULL) && (c->cipher->cleanup != NULL)) + if (c->cipher != NULL) { - if(!c->cipher->cleanup(c)) return 0; + if(c->cipher->cleanup && !c->cipher->cleanup(c)) + return 0; + /* Zero cipher context data */ + if (c->cipher_data) + memset(c->cipher_data, 0, c->cipher->ctx_size); } - OPENSSL_free(c->cipher_data); + if (c->cipher_data) + OPENSSL_free(c->cipher_data); if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ diff --git a/lib/libssl/src/crypto/evp/evp_test.c b/lib/libssl/src/crypto/evp/evp_test.c index 3607fe77767..decd0713d62 100644 --- a/lib/libssl/src/crypto/evp/evp_test.c +++ b/lib/libssl/src/crypto/evp/evp_test.c @@ -209,6 +209,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, exit(9); } + EVP_CIPHER_CTX_cleanup(&ctx); + printf("\n"); } @@ -279,6 +281,8 @@ static int test_digest(const char *digest, printf("\n"); + EVP_MD_CTX_cleanup(&ctx); + return 1; } diff --git a/lib/libssl/src/crypto/evp/p_seal.c b/lib/libssl/src/crypto/evp/p_seal.c index 5570ca37456..37e547fe727 100644 --- a/lib/libssl/src/crypto/evp/p_seal.c +++ b/lib/libssl/src/crypto/evp/p_seal.c @@ -106,8 +106,10 @@ int inl; } */ -void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - EVP_EncryptFinal_ex(ctx,out,outl); + int i; + i = EVP_EncryptFinal_ex(ctx,out,outl); EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL); + return i; } diff --git a/lib/libssl/src/crypto/ui/ui_openssl.c b/lib/libssl/src/crypto/ui/ui_openssl.c index 3aa03f74aae..4e121654101 100644 --- a/lib/libssl/src/crypto/ui/ui_openssl.c +++ b/lib/libssl/src/crypto/ui/ui_openssl.c @@ -465,7 +465,7 @@ static int open_console(UI *ui) tty_out=stderr; #endif -#if defined(TTY_get) && !defined(VMS) +#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) if (TTY_get(fileno(tty_in),&tty_orig) == -1) { #ifdef ENOTTY diff --git a/lib/libssl/src/doc/apps/x509.pod b/lib/libssl/src/doc/apps/x509.pod index 23367b7659d..4a17e338dd6 100644 --- a/lib/libssl/src/doc/apps/x509.pod +++ b/lib/libssl/src/doc/apps/x509.pod @@ -505,6 +505,8 @@ As well as customising the name output format, it is also possible to customise the actual fields printed using the B<certopt> options when the B<text> option is present. The default behaviour is to print all fields. +=over 4 + =item B<compatible> use the old format. This is equivalent to specifying no output options at all. @@ -574,10 +576,6 @@ hex dump unsupported extensions. the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>, B<no_version>, B<no_sigdump> and B<no_signame>. - - -=over 4 - =back =head1 EXAMPLES diff --git a/lib/libssl/src/ms/mingw32.bat b/lib/libssl/src/ms/mingw32.bat index db70b8580ee..1968f4150bb 100644 --- a/lib/libssl/src/ms/mingw32.bat +++ b/lib/libssl/src/ms/mingw32.bat @@ -12,7 +12,8 @@ echo Generating x86 for GNU assember echo Bignum
cd crypto\bn\asm
-perl x86.pl gaswin > bn-win32.s
+perl bn-586.pl gaswin > bn-win32.s
+perl co-586.pl gaswin > co-win32.s
cd ..\..\..
echo DES
diff --git a/lib/libssl/src/shlib/svr5-shared-gcc.sh b/lib/libssl/src/shlib/svr5-shared-gcc.sh index b36a0375a68..76957df9476 100644 --- a/lib/libssl/src/shlib/svr5-shared-gcc.sh +++ b/lib/libssl/src/shlib/svr5-shared-gcc.sh @@ -9,7 +9,7 @@ sh_slib=$slib.so.$major.$minor clib=libcrypto sh_clib=$clib.so.$major.$minor -FLAGS="-O3 -DFILIO_H -fomit-frame-pointer -pthread +FLAGS="-O3 -DFILIO_H -fomit-frame-pointer -pthread" SHFLAGS="-DPIC -fPIC" touch $sh_clib diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index 79e89fe14ad..3d31bbf05f0 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -825,7 +825,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, err: FindClose(hFind); err_noclose: - if (d) closedir(d); CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } diff --git a/lib/libssl/src/util/pl/Mingw32.pl b/lib/libssl/src/util/pl/Mingw32.pl index 37f36126f37..45ab685974e 100644 --- a/lib/libssl/src/util/pl/Mingw32.pl +++ b/lib/libssl/src/util/pl/Mingw32.pl @@ -25,6 +25,8 @@ if ($gaswin and !$no_asm) { $bn_asm_obj='$(OBJ_D)/bn-win32.o'; $bn_asm_src='crypto/bn/asm/bn-win32.s'; + $bnco_asm_obj='$(OBJ_D)/co-win32.o'; + $bnco_asm_src='crypto/bn/asm/co-win32.s'; $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; $bf_enc_obj='$(OBJ_D)/b-win32.o'; @@ -66,12 +68,12 @@ $lfile=''; $asm='as'; $afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; +#$bn_asm_obj=""; +#$bn_asm_src=""; +#$des_enc_obj=""; +#$des_enc_src=""; +#$bf_enc_obj=""; +#$bf_enc_src=""; sub do_lib_rule { |