Changes between 0.9.6 and 0.9.6a [xx XXX 2001]
+ *) Fix PKCS#7 decode routines so they correctly update the length
+ after reading an EOC for the EXPLICIT tag.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
*) Fix bug in PKCS#12 key generation routines. This was triggered
if a 3DES key was generated with a 0 initial byte. Include
PKCS12_BROKEN_KEYGEN compilation option to retain the old
X509_NAME_get_index_by_NID() since 0 is a valid index.
[Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
- *) Use better test patterns in bntest.
- [Ulf Möller]
-
- *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
- the method-specific "init()" handler. Also clean up ex_data after
- calling the method-specific "finish()" handler. Previously, this was
- happening the other way round.
- [Geoff Thorpe]
-
*) Avoid coredump with unsupported or invalid public keys by checking if
X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
PKCS7_verify() fails with non detached data.
*) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
was empty.
[Steve Henson]
+ [This change does not apply to 0.9.7.]
*) Use the cached encoding of an X509_NAME structure rather than
copying it. This is apparently the reason for the libsafe "errors"
Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
to be set and top=0 forces the highest bit to be set; top=-1 is new
and leaves the highest bit random.
- [Ulf Moeller]
+ [Ulf Moeller, Bodo Moeller]
*) In the NCONF_...-based implementations for CONF_... queries
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
macros previously used would not encode an empty SEQUENCE OF
and break the signature.
[Steve Henson]
+ [This change does not apply to 0.9.7.]
*) Zero the premaster secret after deriving the master secret in
DH ciphersuites.
*) Fix a deadlock in CRYPTO_mem_leaks().
[Bodo Moeller]
+ *) Use better test patterns in bntest.
+ [Ulf Möller]
+
*) rand_win.c fix for Borland C.
[Ulf Möller]
*) BN_rshift bugfix for n == 0.
[Bodo Moeller]
+ *) Add a 'bctest' script that checks for some known 'bc' bugs
+ so that 'make test' does not abort just because 'bc' is broken.
+ [Bodo Moeller]
+
*) Store verify_result within SSL_SESSION also for client side to
avoid potential security hole. (Re-used sessions on the client side
always resulted in verify_result==X509_V_OK, not using the original
does the actual work for ssl3_read_internal.
[Bodo Moeller]
+ *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+ the method-specific "init()" handler. Also clean up ex_data after
+ calling the method-specific "finish()" handler. Previously, this was
+ happening the other way round.
+ [Geoff Thorpe]
+
*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
The previous value, 12, was not always sufficient for BN_mod_exp().
[Bodo Moeller]
+ *) Make sure that shared libraries get the internal name engine with
+ the full version number and not just 0. This should mark the
+ shared libraries as not backward compatible. Of course, this should
+ be changed again when we can guarantee backward binary compatibility.
+ [Richard Levitte]
+
*) Fix typo in get_cert_by_subject() in by_dir.c
[Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+my $mips3_irix_asm="asm/mips3.o::::::::";
+# There seems to be boundary faults in asm/alpha.s.
+#my $alpha_asm="asm/alpha.o::::::::";
+my $alpha_asm="::::::::";
+
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
# but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with Sun C setups
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-[g]cc' manually.
# -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
#### Unified HP-UX ANSI C configs.
# Special notes:
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared::.so",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared::.so",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Alpha Linux with GNU C and Compaq C setups
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
# assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
DEPFLAG=
-PEX_LIBS= -L. -L.. -L../.. -L../../..
+PEX_LIBS=
EX_LIBS=
AR=ar r
RANLIB= ranlib
fi; \
done; \
if echo "$(DIRS)" | \
- grep '\(^\| \)\(crypto\|ssl\)\( \|$$\)' > /dev/null 2>&1 && \
+ egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
[ -n "$(SHARED_LIBS)" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
- ( set -x; ln -s -f $$prev lib$$i$$j ); \
+ ( set -x; ln -f -s $$prev lib$$i$$j ); \
prev=lib$$i$$j; \
done; \
fi; \
build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
do_bsd-gcc-shared: linux-shared
-do_linux-shared:
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
+ -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done
# This assumes that GNU utilities are *not* used
-do_true64-shared:
+do_tru64-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
# This assumes that GNU utilities are *not* used
do_solaris-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- ( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -h lib$$i.so.${SHLIB_MAJOR} \
+ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+ set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done
OpenSSL STATUS Last modified at
- ______________ $Date: 2001/03/21 18:18:51 $
+ ______________ $Date: 2001/03/26 17:09:12 $
DEVELOPMENT STATE
- o OpenSSL 0.9.6a: In development...
+ o OpenSSL 0.9.6a: Bugfix release -- under development...
Beta 1 released on March 13th, 2001
HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine]
HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine]
Needs -DDSO_DLFCN, -DHAVE_DLFCN_H and -ldl to work.
[CORRECTED]
mingw32 w/ gcc 2.95.2 - PASSED [presumed normal]
+
+ Beta 2 released on March 21st, 2001
+ OpenVMS (tested on VMS 7.2-1 for Alpha) - PASSED [presumed normal]
+ solaris64-sparcv9-cc (SunOS 5.8) - PASSED [normal]
+
o OpenSSL 0.9.6: Released on September 24th, 2000
o OpenSSL 0.9.5a: Released on April 1st, 2000
o OpenSSL 0.9.5: Released on February 28th, 2000
AVAILABLE PATCHES
- o CA.pl patch (Damien Miller)
-
IN PROGRESS
o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
+ OCSP
EVP cipher enhancement.
- Proper (or at least usable) certificate chain verification.
+ Enhanced certificate chain verification.
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Richard is currently working on:
UTIL (a new set of library functions to support some higher level
functionality that is currently missing).
- Dynamic thread-lock support.
Shared library support for VMS.
+ OCSP
+ Kerberos 5 authentication
+ Constification
NEEDS PATCH
- o non-blocking socket on AIX
- o $(PERL) in */Makefile.ssl
- o "Sign the certificate?" - "n" creates empty certificate file
+ o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+ o OpenSSL_0_9_6-stable:
+ #include <openssl/e_os.h> in exported header files is illegal since
+ e_os.h is suitable only for library-internal use.
+
+ o Whenever strncpy is used, make sure the resulting string is NULL-terminated
+ or an error is reported
OPEN ISSUES
- o internal_verify doesn't know about X509.v3 (basicConstraints
- CA flag ...)
+ o crypto/ex_data.c is not really thread-safe and so must be used
+ with care (e.g., extra locking where necessary, or don't call
+ CRYPTO_get_ex_new_index once multiple threads exist).
+ The current API is not suitable for everything that it pretends
+ to offer.
o The Makefile hierarchy and build mechanism is still not a round thing:
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= true64-shared
+$shared_target= tru64-shared
$shared_cflag =
$shared_extension = .so
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= true64-shared
+$shared_target= tru64-shared
$shared_cflag =
$shared_extension = .so
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= true64-shared
+$shared_target= tru64-shared
$shared_cflag =
$shared_extension = .so
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= solaris-shared
+$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= solaris-shared
+$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= solaris-shared
+$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= solaris-shared
+$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= solaris-shared
+$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
-$shared_target= solaris-shared
+$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$rmd160_obj = asm/rm86-sol.o
$rc5_obj = asm/r586-sol.o
$dso_scheme = dlfcn
-$shared_target= solaris-shared
+$shared_target= gnu-shared
$shared_cflag = -fPIC
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
}
#endif
+#ifndef NO_DSA
dsa_c[R_DSA_512][0]=count/1000;
dsa_c[R_DSA_512][1]=count/1000/2;
for (i=1; i<DSA_NUM; i++)
}
}
}
+#endif
#define COND(d) (count < (d))
#define COUNT(d) (d)
BIO_printf(bio_err,"Generating certificate request\n");
+#ifndef NO_DSA
if (pk->type == EVP_PKEY_DSA)
digest=EVP_dss1();
+#endif
rq=X509_to_X509_REQ(x,pk,digest);
EVP_PKEY_free(pk);
echo "m68k-apple-aux3"; exit 0
;;
+ AIX:[3456789]:4:*)
+ echo "${MACHINE}-ibm-aix43"; exit 0
+ ;;
+
+ AIX:*:[56789]:*)
+ echo "${MACHINE}-ibm-aix43"; exit 0
+ ;;
+
AIX:*)
echo "${MACHINE}-ibm-aix"; exit 0
;;
}
if (Tinf == (1|V_ASN1_CONSTRUCTED))
{
+ c.q=c.p;
if (!ASN1_check_infinite_end(&c.p,c.slen))
{
c.error=ERR_R_MISSING_ASN1_EOS;
c.line=__LINE__;
goto err;
}
+ c.slen-=(c.p-c.q);
}
}
else
static int dl_init(DSO *dso);
static int dl_finish(DSO *dso);
#endif
-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
static DSO_METHOD dso_meth_dl = {
"OpenSSL 'dl' shared library method",
int len;
/* The same comment as in dlfcn_load applies here. bleurgh. */
- len = strlen(filename) + len(extension);
+ len = strlen(filename) + strlen(extension);
if((dso->flags & DSO_FLAG_NAME_TRANSLATION) &&
(len + 3 < DSO_MAX_TRANSLATED_SIZE) &&
(strstr(filename, "/") == NULL))
return((DSO_FUNC_TYPE)sym);
}
-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
+static long dl_ctrl(DSO *dso, int cmd, long larg, void *parg)
{
if(dso == NULL)
{
case DSO_CTRL_GET_FLAGS:
return dso->flags;
case DSO_CTRL_SET_FLAGS:
- dso->flags = (int)larg;
+ dso->flags = larg;
return(0);
case DSO_CTRL_OR_FLAGS:
- dso->flags |= (int)larg;
+ dso->flags |= larg;
return(0);
default:
break;
#ifdef DEVRANDOM
return 1;
-#endif
+#else
return 0;
+#endif
}
#endif
%define libmaj 0
%define libmin 9
%define librel 6
-#%define librev
+%define librev a
Release: 1
%define openssldir /var/ssl
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl-engine
-Version: %{libmaj}.%{libmin}.%{librel}
-#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+#Version: %{libmaj}.%{libmin}.%{librel}
+Version: %{libmaj}.%{libmin}.%{librel}%{librev}
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Copyright: Freely distributable
Group: System Environment/Libraries
#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared
%endif
%ifarch alpha
-./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc
-#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc shared
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha
+#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared
%endif
LD_LIBRARY_PATH=`pwd` make
LD_LIBRARY_PATH=`pwd` make rehash
%install
rm -rf $RPM_BUILD_ROOT
-make install MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT"
+make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install
# Rename manpages
for x in $RPM_BUILD_ROOT/usr/man/man*/*
# Make backwards-compatibility symlink to ssleay
ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
-# Install shared libs
-install -m644 libcrypto.a $RPM_BUILD_ROOT/usr/lib
-#!#install -m755 libcrypto.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib
-install -m644 libssl.a $RPM_BUILD_ROOT/usr/lib
-#!#install -m755 libssl.so.%{libmaj}.%{libmin}.%{librel} $RPM_BUILD_ROOT/usr/lib
-(
- cd $RPM_BUILD_ROOT/usr/lib
- #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so.%{libmaj}
- #!#ln -s libcrypto.so.%{libmaj}.%{libmin}.%{librel} libcrypto.so
- #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so.%{libmaj}
- #!#ln -s libssl.so.%{libmaj}.%{libmin}.%{librel} libssl.so
-)
-
%clean
rm -rf $RPM_BUILD_ROOT
ldconfig
%changelog
+* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
+- Removed redundant subsection that re-installed libcrypto.a and libssl.a
+ as well.
+* Thu Mar 15 2001 Jeremiah Johnson <jjohnson@penguincomputing.com>
+- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
+ libssl.so.0.9.6. As well as the subsection that created symlinks for
+ these. make install handles all this.
+* Sat Oct 21 2000 Horms <horms@vergenet.net>
+- Make sure symlinks are created by using -f flag to ln.
+ Otherwise some .so libraries are copied rather than
+ linked in the resulting binary RPM. This causes the package
+ to be larger than neccessary and makes ldconfig complain.
+* Fri Oct 13 2000 Horms <horms@vergenet.net>
+- Make defattr is set for files in all packages so packages built as
+ non-root will still be installed with files owned by root.
* Thu Sep 14 2000 Richard Levitte <richard@levitte.org>
- Changed to adapt to the new (supported) way of making shared libraries
- Installs all static libraries, not just libRSAglue.a
return(ret);
+#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */
err:
+#endif
#ifndef NO_RSA
if (ret->rsa_tmp != NULL)
RSA_free(ret->rsa_tmp);
projects / oweals / openssl.git / commitdiff