OpenSSL CHANGES
_______________
+ Changes between 0.9.6 and 0.9.6a [xx XXX 2001]
+
+ *) Fix a memory leak in err.c: free err_data string if necessary.
+ [Bodo Moeller]
+
+ *) Implement ssl23_peek (analogous to ssl23_read), which previously
+ did not exist.
+ [Bodo Moeller]
+
+ *) Replace rdtsc with _emit statements for VC++ version 5.
+ [Jeremy Cooper <jeremy@baymoo.org>]
+
+ *) Make it possible to reuse SSLv2 sessions.
+ [Richard Levitte]
+
+ *) In copy_email() check for >= 0 as a return value for
+ X509_NAME_get_index_by_NID() since 0 is a valid index.
+ [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+ *) Use better test patterns in bntest.
+ [Ulf Möller]
+
+ *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+ the method-specific "init()" handler. Also clean up ex_data after
+ calling the method-specific "finish()" handler. Previously, this was
+ happening the other way round.
+ [Geoff Thorpe]
+
+ *) Avoid coredump with unsupported or invalid public keys by checking if
+ X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+ PKCS7_verify() fails with non detached data.
+ [Steve Henson]
+
+ *) Don't use getenv in library functions when run as setuid/setgid.
+ New function OPENSSL_issetugid().
+ [Ulf Moeller]
+
+ *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+ due to incorrect handling of multi-threading:
+
+ 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+ 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+ 3. Count how many times MemCheck_off() has been called so that
+ nested use can be treated correctly. This also avoids
+ inband-signalling in the previous code (which relied on the
+ assumption that thread ID 0 is impossible).
+ [Bodo Moeller]
+
+ *) Add "-rand" option also to s_client and s_server.
+ [Lutz Jaenicke]
+
+ *) Fix CPU detection on Irix 6.x.
+ [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+ "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+ *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+ was empty.
+ [Steve Henson]
+
+ *) Use the cached encoding of an X509_NAME structure rather than
+ copying it. This is apparently the reason for the libsafe "errors"
+ but the code is actually correct.
+ [Steve Henson]
+
+ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+ Bleichenbacher's DSA attack.
+ Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+ to be set and top=0 forces the highest bit to be set; top=-1 is new
+ and leaves the highest bit random.
+ [Ulf Moeller]
+
+ *) In the NCONF_...-based implementations for CONF_... queries
+ (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+ a temporary CONF structure with the data component set to NULL
+ (which gives segmentation faults in lh_retrieve).
+ Instead, use NULL for the CONF pointer in CONF_get_string and
+ CONF_get_number (which may use environment variables) and directly
+ return NULL from CONF_get_section.
+ [Bodo Moeller]
+
+ *) Fix potential buffer overrun for EBCDIC.
+ [Ulf Moeller]
+
+ *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+ keyUsage if basicConstraints absent for a CA.
+ [Steve Henson]
+
+ *) Make SMIME_write_PKCS7() write mail header values with a format that
+ is more generally accepted (no spaces before the semicolon), since
+ some programs can't parse those values properly otherwise. Also make
+ sure BIO's that break lines after each write do not create invalid
+ headers.
+ [Richard Levitte]
+
+ *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+ macros previously used would not encode an empty SEQUENCE OF
+ and break the signature.
+ [Steve Henson]
+
+ *) Zero the premaster secret after deriving the master secret in
+ DH ciphersuites.
+ [Steve Henson]
+
+ *) Add some EVP_add_digest_alias registrations (as found in
+ OpenSSL_add_all_digests()) to SSL_library_init()
+ aka OpenSSL_add_ssl_algorithms(). This provides improved
+ compatibility with peers using X.509 certificates
+ with unconventional AlgorithmIdentifier OIDs.
+ [Bodo Moeller]
+
+ *) Fix for Irix with NO_ASM.
+ ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+ *) ./config script fixes.
+ [Ulf Moeller, Richard Levitte]
+
+ *) Fix 'openssl passwd -1'.
+ [Bodo Moeller]
+
+ *) Change PKCS12_key_gen_asc() so it can cope with non null
+ terminated strings whose length is passed in the passlen
+ parameter, for example from PEM callbacks. This was done
+ by adding an extra length parameter to asc2uni().
+ [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+ *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+ call failed, free the DSA structure.
+ [Bodo Moeller]
+
+ *) Fix to uni2asc() to cope with zero length Unicode strings.
+ These are present in some PKCS#12 files.
+ [Steve Henson]
+
+ *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+ Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+ when writing a 32767 byte record.
+ [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+ *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+ obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+ (RSA objects have a reference count access to which is protected
+ by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+ so they are meant to be shared between threads.)
+ [Bodo Moeller, Geoff Thorpe; original patch submitted by
+ "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+ *) Fix a deadlock in CRYPTO_mem_leaks().
+ [Bodo Moeller]
+
+ *) rand_win.c fix for Borland C.
+ [Ulf Möller]
+
+ *) BN_rshift bugfix for n == 0.
+ [Bodo Moeller]
+
+ *) Store verify_result within SSL_SESSION also for client side to
+ avoid potential security hole. (Re-used sessions on the client side
+ always resulted in verify_result==X509_V_OK, not using the original
+ result of the server certificate verification.)
+ [Lutz Jaenicke]
+
+ *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+ SSL3_RT_APPLICATION_DATA, return 0.
+ Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+ [Bodo Moeller]
+
+ *) Fix SSL_peek:
+ Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+ releases, have been re-implemented by renaming the previous
+ implementations of ssl2_read and ssl3_read to ssl2_read_internal
+ and ssl3_read_internal, respectively, and adding 'peek' parameters
+ to them. The new ssl[23]_{read,peek} functions are calls to
+ ssl[23]_read_internal with the 'peek' flag set appropriately.
+ A 'peek' parameter has also been added to ssl3_read_bytes, which
+ does the actual work for ssl3_read_internal.
+ [Bodo Moeller]
+
+ *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+ The previous value, 12, was not always sufficient for BN_mod_exp().
+ [Bodo Moeller]
+
+ *) Fix typo in get_cert_by_subject() in by_dir.c
+ [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
+
+ *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+ Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+ and not in SSL_clear because the latter is also used by the
+ accept/connect functions; previously, the settings made by
+ SSL_set_read_ahead would be lost during the handshake.
+ [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
+
+ *) Correct util/mkdef.pl to be selective about disabled algorithms.
+ Previously, it would create entries for disableed algorithms no
+ matter what.
+ [Richard Levitte]
+
+ *) Added several new manual pages for SSL_* function.
+ [Lutz Jaenicke]
+
Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
*) In ssl23_get_client_hello, generate an error message when faced
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:/usr/ccs/bin/ar rs",
####
"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
my $sha1_obj="";
my $rmd160_obj="";
my $processor="";
-my $ranlib;
+my $default_ranlib;
my $perl;
-$ranlib=&which("ranlib") or $ranlib="true";
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
print "IsWindows=$IsWindows\n";
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, my $ranlib)=
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
$cflags="$flags$cflags" if ($flags ne "");
$shared_mark2 = ".shlib.";
}
}
+else
+ {
+ $no_shared = 1;
+ }
+
+if ($ranlib eq "")
+ {
+ $ranlib = $default_ranlib;
+ }
#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
my $bn_obj,my $des_obj,my $bf_obj,
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
- my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
+ my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $ranlib)=
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
print <<EOF
\$dso_scheme = $dso_scheme
\$shared_target= $shared_target
\$shared_cflag = $shared_cflag
+\$ranlib = $ranlib
EOF
}
---------------
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ (echo $$i | grep '\\.a$$' > /dev/null 2>&1) \
+ && $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi \
done
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** BC-32
$cc = bcc32
$dso_scheme = win32
$shared_target=
$shared_cflag =
+$ranlib =
*** BS2000-OSD
$cc = c89
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** CygWin32
$cc = gcc
$dso_scheme = win32
$shared_target=
$shared_cflag =
+$ranlib =
*** FreeBSD
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** FreeBSD-alpha
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** FreeBSD-elf
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** MPE/iX-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** Mingw32
$cc = gcc
$dso_scheme = win32
$shared_target=
$shared_cflag =
+$ranlib =
*** NetBSD-m68
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** NetBSD-sparc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** NetBSD-x86
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** OpenBSD
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** OpenBSD-alpha
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** OpenBSD-mips
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** OpenBSD-x86
$cc = gcc
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
+$ranlib =
*** ReliantUNIX
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** SINIX
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** SINIX-N
$cc = /usr/ucb/cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** VC-MSDOS
$cc = cl
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** VC-NT
$cc = cl
$dso_scheme = win32
$shared_target=
$shared_cflag =
+$ranlib =
*** VC-W31-16
$cc = cl
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** VC-W31-32
$cc = cl
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** VC-WIN16
$cc = cl
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** VC-WIN32
$cc = cl
$dso_scheme = win32
$shared_target=
$shared_cflag =
+$ranlib =
*** aix-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** aix-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** alpha-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= true64-shared
$shared_cflag =
+$ranlib =
*** alpha-gcc
$cc = gcc
$dso_scheme = dlfcn
$shared_target= true64-shared
$shared_cflag =
+$ranlib =
*** alpha164-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= true64-shared
$shared_cflag =
+$ranlib =
*** bsdi-elf-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** bsdi-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** cray-t3e
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** cray-t90-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-ben
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-ben-debug
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-ben-strict
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-bodo
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-levitte-linux-elf
$cc = gcc
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-linux-elf
$cc = gcc
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-linux-elf-noefence
$cc = gcc
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-rse
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-solaris-sparcv8-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
+$ranlib =
*** debug-solaris-sparcv8-gcc
$cc = gcc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -fPIC
+$ranlib =
*** debug-solaris-sparcv9-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
+$ranlib =
*** debug-solaris-sparcv9-gcc
$cc = gcc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -fPIC
+$ranlib =
*** debug-steve
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** debug-ulf
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** dgux-R3-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** dgux-R4-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** dgux-R4-x86-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** dist
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-brokencc
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-brokengcc
$cc = gcc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-cc
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-gcc
$cc = gcc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-parisc-cc
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-parisc-cc-o4
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-parisc-gcc
$cc = gcc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-parisc1_1-cc
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux-parisc2-cc
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux10-brokencc
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux10-brokengcc
$cc = gcc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux10-cc
$cc = cc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux10-gcc
$cc = gcc
$dso_scheme = dl
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux64-parisc-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
+$ranlib =
*** hpux64-parisc2-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
+$ranlib =
*** irix-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** irix-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** irix-mips3-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** irix-mips3-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** irix64-mips4-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** irix64-mips4-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-alpha+bwx-ccc
$cc = ccc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-alpha+bwx-gcc
$cc = gcc
$cflags = -O3 -DL_ENDIAN -DTERMIO
$unistd =
$thread_cflag = -D_REENTRANT
-$lflags =
+$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
$bn_obj = asm/alpha.o
$des_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
+$dso_scheme = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$ranlib =
*** linux-alpha-ccc
$cc = ccc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-alpha-gcc
$cc = gcc
$cflags = -O3 -DL_ENDIAN -DTERMIO
$unistd =
$thread_cflag = -D_REENTRANT
-$lflags =
+$lflags = -ldl
$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL
$bn_obj = asm/alpha.o
$des_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
-$dso_scheme =
-$shared_target=
-$shared_cflag =
+$dso_scheme = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$ranlib =
*** linux-aout
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-elf
$cc = gcc
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
+$ranlib =
*** linux-elf-arm
$cc = gcc
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
+$ranlib =
*** linux-ia64
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-m68k
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-mips
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-ppc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
+
+*** linux-s390
+$cc = gcc
+$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd =
+$thread_cflag = -D_REENTRANT
+$lflags =
+$bn_ops = BN_LLONG
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme =
+$shared_target=
+$shared_cflag =
+$ranlib =
*** linux-sparcv7
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-sparcv8
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** linux-sparcv9
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** ncr-scde
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** newsos4-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** nextstep
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** nextstep3.3
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** purify
$cc = purify gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** qnx4
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** rhapsody-ppc-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** sco5-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** sco5-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** solaris-sparc-sc3
$cc = cc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
+$ranlib =
*** solaris-sparcv7-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
+$ranlib =
*** solaris-sparcv7-gcc
$cc = gcc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -fPIC
+$ranlib =
*** solaris-sparcv8-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
+$ranlib =
*** solaris-sparcv8-gcc
$cc = gcc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -fPIC
+$ranlib =
*** solaris-sparcv9-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
+$ranlib =
*** solaris-sparcv9-gcc
$cc = gcc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -fPIC
+$ranlib =
*** solaris-sparcv9-gcc27
$cc = gcc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -fPIC
+$ranlib =
*** solaris-x86-gcc
$cc = gcc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -fPIC
+$ranlib =
*** solaris64-sparcv9-cc
$cc = cc
$dso_scheme = dlfcn
$shared_target= solaris-shared
$shared_cflag = -KPIC
+$ranlib = /usr/ccs/bin/ar rs
*** sunos-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** ultrix-cc
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** ultrix-gcc
$cc = gcc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** unixware-2.0
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** unixware-2.0-pentium
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
*** unixware-7
$cc = cc
$dso_scheme =
$shared_target=
$shared_cflag =
+$ranlib =
if (*n == '\0') break;
egd=RAND_egd(n);
- if (egd > 0) tot+=egd;
- tot+=RAND_load_file(n,-1);
+ if (egd > 0)
+ tot+=egd;
+ else
+ tot+=RAND_load_file(n,-1);
if (last) break;
}
if (tot > 512)
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
bits_p,bits_p);
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
- printf("\t\treturn(NULL);\n");
+ printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\treturn(dsa);\n\t}\n");
}
strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8);
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
- salt_out = out_buf + 6;
+ salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
assert(salt_len <= 8);
if (newreq || x509)
{
-#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-
if (pkey == NULL)
{
BIO_printf(bio_err,"you need to specify a private key\n");
goto end;
}
+#ifndef NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+#endif
if (req == NULL)
{
req=X509_REQ_new();
* Hudson (tjh@cryptsoft.com).
*
*/
+
+#ifndef NO_RSA
+
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
BIO_printf(bio_err, "-hexdump hex dump output\n");
}
+#endif
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
-
}
int MAIN(int, char **);
goto end;
}
- app_RAND_load_file(NULL, bio_err, 0);
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status())
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
if (bio_c_out == NULL)
{
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
goto end;
}
- app_RAND_load_file(NULL, bio_err, 0);
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status())
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
if (bio_s_out == NULL)
{
#ifndef NO_RSA
#if 1
- SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+ if (!no_tmp_rsa)
+ SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
#else
if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
{
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
-----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
-MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
+MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
-JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
-IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
-FUGcPZf9ND22Etc+AQ==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
+GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
+k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
+itAE+OjGF+PFKbwX8Q==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+++ /dev/null
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=941109235417Z
-notAfter =991231235417Z
------BEGIN X509 CERTIFICATE-----
-
-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
------END X509 CERTIFICATE-----
;;
NetBSD:*:*:*386*)
- echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+ echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
;;
NetBSD:*)
;;
mips4-sgi-irix64)
echo "WARNING! If you wish to build 64-bit library, then you have to"
- echo " invoke './Configre irix64-mips4-$CC' *manually*."
- echo " Type Ctrl-C if you don't want to continue."
+ echo " invoke './Configure irix64-mips4-$CC' *manually*."
+ echo " Type return if you want to continue, Ctrl-C to abort."
read waste < /dev/tty
- options="$options -mips4"
+ CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+ CPU=${CPU:-0}
+ if [ $CPU -ge 5000 ]; then
+ options="$options -mips4"
+ else
+ options="$options -mips3"
+ fi
OUT="irix-mips3-$CC"
;;
alpha-*-linux2)
#till 64-bit glibc for SPARC is operational:-(
#echo "WARNING! If you wish to build 64-bit library, then you have to"
#echo " invoke './Configure linux64-sparcv9' *manually*."
- #echo " Type Ctrl-C if you don't want to continue."
+ #echo " Type return if you want to continue, Ctrl-C to abort."
#read waste < /dev/tty
OUT="linux-sparcv9" ;;
sparc-*-linux2)
- KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+ KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
case ${KARCH:-sun4} in
sun4u*) OUT="linux-sparcv9" ;;
sun4m) OUT="linux-sparcv8" ;;
*) OUT="linux-sparcv7" ;;
esac ;;
arm*-*-linux2) OUT="linux-elf-arm" ;;
+ s390-*-linux2) OUT="linux-s390" ;;
*-*-linux2) OUT="linux-elf" ;;
*-*-linux1) OUT="linux-aout" ;;
sun4u*-*-solaris2)
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
- echo " Type Ctrl-C if you don't want to continue."
+ echo " Type return if you want to continue, Ctrl-C to abort."
read waste < /dev/tty
fi
OUT="solaris-sparcv9-$CC" ;;
$PERL ./Configure LIST | grep "$OUT" > /dev/null
if [ $? = "0" ]; then
- #echo Configuring for $OUT
+ echo Configuring for $OUT
if [ "$TEST" = "true" ]; then
echo $PERL ./Configure $OUT $options
GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
-LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
SRC= $(LIBSRC)
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
libs:
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
if(tbl) {
mask = tbl->mask;
if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
- ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
+ ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
tbl->minsize, tbl->maxsize);
} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
if(ret <= 0) return NULL;
if ((a != NULL) && (sk_##type##_num(a) != 0)) \
M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
+ if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
if ((c.slen != 0) && \
(M_ASN1_next == \
if ((a != NULL) && (sk_##type##_num(a) != 0)) \
M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
+ if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
ret+=ASN1_object_size(1,v,mtag); \
}
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+ if (a)\
+ { \
+ v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+ V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
/* Put Macros */
#define M_ASN1_I2D_put(a,f) f(a,&p)
IS_SEQUENCE); \
}
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+ if (a) \
+ { \
+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+ i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ }
+
#define M_ASN1_I2D_seq_total() \
r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
if (pp == NULL) return(r); \
M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
- M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+ M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
- M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+ M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION);
M_ASN1_I2D_finish();
{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
i2d_X509_REVOKED);
- M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION,0,
V_ASN1_SEQUENCE,v1);
{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
i2d_X509_REVOKED);
- M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION,0,
V_ASN1_SEQUENCE,v1);
M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
ret->nextUpdate=NULL;
M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
- M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
+ ret->extensions = NULL;
sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
return(ret);
M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
}
size+=i2d_X509_NAME_ENTRY(ne,NULL);
}
-
- ret+=ASN1_object_size(1,size,V_ASN1_SET);
+ /* If empty no extra SET OF needed */
+ if (ret)
+ ret+=ASN1_object_size(1,size,V_ASN1_SET);
if (fe != NULL)
fe->size=size;
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
# elf
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
/* At this point, we have something that is most probably correct
in some way, so let's init the socket. */
- if (!BIO_sock_init())
- return(0); /* don't generate another error code here */
+ if (BIO_sock_init() != 1)
+ return 0; /* don't generate another error code here */
/* If the string actually contained an IP address, we need not do
anything more */
{
int ret=0;
struct sockaddr_in server,client;
- int s= -1,cs;
+ int s=INVALID_SOCKET,cs;
unsigned char ip[4];
unsigned short port;
- char *str,*e;
+ char *str=NULL,*e;
const char *h,*p;
unsigned long l;
int err_num;
- if (!BIO_sock_init()) return(INVALID_SOCKET);
+ if (BIO_sock_init() != 1) return(INVALID_SOCKET);
if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
h="*";
}
- if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+ if (!BIO_get_port(p,&port)) goto err;
memset((char *)&server,0,sizeof(server));
server.sin_family=AF_INET;
server.sin_addr.s_addr=INADDR_ANY;
else
{
- if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+ if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
l=(unsigned long)
((unsigned long)ip[0]<<24L)|
((unsigned long)ip[1]<<16L)|
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
# elf
.IMPORT $global$,DATA
.SPACE $TEXT$
.SUBSPA $CODE$
- .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+ .SUBSPA $LIT$,ACCESS=0x2c
C$7
.ALIGN 8
.STRINGZ "Division would overflow (%d)\n"
.IMPORT $global$,DATA
.SPACE $TEXT$
.SUBSPA $CODE$
- .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
+ .SUBSPA $LIT$,ACCESS=0x2c
C$4
.ALIGN 8
.STRINGZ "Division would overflow (%d)\n"
} BIGNUM;
/* Used for temp variables */
-#define BN_CTX_NUM 12
+#define BN_CTX_NUM 16
#define BN_CTX_NUM_POS 12
typedef struct bignum_ctx
{
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
# define bn_dump(a,b)
#endif
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#define BN_F_BN_MPI2BN 112
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
+#define BN_F_BN_RAND_RANGE 122
#define BN_F_BN_USUB 115
/* Reason codes. */
#define BN_R_ARG2_LT_ARG3 100
#define BN_R_BAD_RECIPROCAL 101
+#define BN_R_BIGNUM_TOO_LONG 114
#define BN_R_CALLED_WITH_EVEN_MODULUS 102
#define BN_R_DIV_BY_ZERO 103
#define BN_R_ENCODING_ERROR 104
#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
#define BN_R_INVALID_LENGTH 106
+#define BN_R_INVALID_RANGE 115
#define BN_R_NOT_INITIALIZED 107
#define BN_R_NO_INVERSE 108
#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
BN_CTX_start(ctx);
tmp=BN_CTX_get(ctx);
- tmp->neg=0;
snum=BN_CTX_get(ctx);
sdiv=BN_CTX_get(ctx);
if (dv == NULL)
res=BN_CTX_get(ctx);
else res=dv;
- if (res == NULL) goto err;
+ if (sdiv==NULL || res == NULL) goto err;
+ tmp->neg=0;
/* First we normalise the numbers */
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
for (i=0; i<loop-1; i++)
{
BN_ULONG q,l0;
-#ifdef BN_DIV3W
+#if defined(BN_DIV3W) && !defined(NO_ASM)
q=bn_div_3_words(wnump,d1,d0);
#else
BN_ULONG n0,n1,rem=0;
{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"},
{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"},
{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"},
{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"},
{0,NULL}
};
{
{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"},
{BN_R_BAD_RECIPROCAL ,"bad reciprocal"},
+{BN_R_BIGNUM_TOO_LONG ,"bignum too long"},
{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"},
{BN_R_DIV_BY_ZERO ,"div by zero"},
{BN_R_ENCODING_ERROR ,"encoding error"},
{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"},
{BN_R_INVALID_LENGTH ,"invalid length"},
+{BN_R_INVALID_RANGE ,"invalid range"},
{BN_R_NOT_INITIALIZED ,"not initialized"},
{BN_R_NO_INVERSE ,"no inverse"},
{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},
#endif
#include <assert.h>
+#include <limits.h>
#include <stdio.h>
#include "cryptlib.h"
#include "bn_lcl.h"
if (words > b->dmax)
{
+ if (words > (INT_MAX/(4*BN_BITS2)))
+ {
+ BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
+ return NULL;
+ }
+
bn_check_top(b);
if (BN_get_flags(b,BN_FLG_STATIC_DATA))
{
bytes=(bits+7)/8;
bit=(bits-1)%8;
- mask=0xff<<bit;
+ mask=0xff<<(bit+1);
buf=(unsigned char *)OPENSSL_malloc(bytes);
if (buf == NULL)
goto err;
}
- if (top)
+#if 1
+ if (pseudorand == 2)
{
- if (bit == 0)
+ /* generate patterns that are more likely to trigger BN
+ library bugs */
+ int i;
+ unsigned char c;
+
+ for (i = 0; i < bytes; i++)
+ {
+ RAND_pseudo_bytes(&c, 1);
+ if (c >= 128 && i > 0)
+ buf[i] = buf[i-1];
+ else if (c < 42)
+ buf[i] = 0;
+ else if (c < 84)
+ buf[i] = 255;
+ }
+ }
+#endif
+
+ if (top != -1)
+ {
+ if (top)
{
- buf[0]=1;
- buf[1]|=0x80;
+ if (bit == 0)
+ {
+ buf[0]=1;
+ buf[1]|=0x80;
+ }
+ else
+ {
+ buf[0]|=(3<<(bit-1));
+ }
}
else
{
- buf[0]|=(3<<(bit-1));
- buf[0]&= ~(mask<<1);
+ buf[0]|=(1<<bit);
}
}
- else
- {
- buf[0]|=(1<<bit);
- buf[0]&= ~(mask<<1);
- }
- if (bottom) /* set bottom bits to whatever odd is */
+ buf[0] &= ~mask;
+ if (bottom) /* set bottom bit if requested */
buf[bytes-1]|=1;
if (!BN_bin2bn(buf,bytes,rnd)) goto err;
ret=1;
{
return bnrand(1, rnd, bits, top, bottom);
}
+
+#if 1
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+ {
+ return bnrand(2, rnd, bits, top, bottom);
+ }
+#endif
+
+/* random number r: 0 <= r < range */
+int BN_rand_range(BIGNUM *r, BIGNUM *range)
+ {
+ int n;
+
+ if (range->neg || BN_is_zero(range))
+ {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+ return 0;
+ }
+
+ n = BN_num_bits(range); /* n > 0 */
+
+ if (n == 1)
+ {
+ if (!BN_zero(r)) return 0;
+ }
+ else if (BN_is_bit_set(range, n - 2))
+ {
+ do
+ {
+ /* range = 11..._2, so each iteration succeeds with probability >= .75 */
+ if (!BN_rand(r, n, -1, 0)) return 0;
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+ else
+ {
+ /* range = 10..._2,
+ * so 3*range (= 11..._2) is exactly one bit longer than range */
+ do
+ {
+ if (!BN_rand(r, n + 1, -1, 0)) return 0;
+ /* If r < 3*range, use r := r MOD range
+ * (which is either r, r - range, or r - 2*range).
+ * Otherwise, iterate once more.
+ * Since 3*range = 11..._2, each iteration succeeds with
+ * probability >= .75. */
+ if (BN_cmp(r ,range) >= 0)
+ {
+ if (!BN_sub(r, r, range)) return 0;
+ if (BN_cmp(r, range) >= 0)
+ if (!BN_sub(r, r, range)) return 0;
+ }
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+
+ return 1;
+ }
r->neg=a->neg;
if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
}
+ else
+ {
+ if (n == 0)
+ return 1; /* or the copying loop will go berserk */
+ }
f= &(a->d[nw]);
t=r->d;
static void message(BIO *out, char *m)
{
fprintf(stderr, "test %s\n", m);
-#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
BIO_puts(out, "print \"test ");
BIO_puts(out, m);
BIO_puts(out, "\\n\"\n");
-#endif
}
int main(int argc, char *argv[])
results = 0;
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
- * even check its return value
- * (which we should) */
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
argc--;
argv++;
BN_init(&b);
BN_init(&c);
- BN_rand(&a,512,0,0);
+ BN_bntest_rand(&a,512,0,0);
for (i=0; i<num0; i++)
{
- BN_rand(&b,450+i,0,0);
+ BN_bntest_rand(&b,450+i,0,0);
a.neg=rand_neg();
b.neg=rand_neg();
if (bp == NULL)
{
if (i < num1)
{
- BN_rand(&a,512,0,0);
+ BN_bntest_rand(&a,512,0,0);
BN_copy(&b,&a);
if (BN_set_bit(&a,i)==0) return(0);
BN_add_word(&b,i);
}
else
{
- BN_rand(&b,400+i-num1,0,0);
+ BN_bntest_rand(&b,400+i-num1,0,0);
a.neg=rand_neg();
b.neg=rand_neg();
}
{
if (i < num1)
{
- BN_rand(&a,400,0,0);
+ BN_bntest_rand(&a,400,0,0);
BN_copy(&b,&a);
BN_lshift(&a,&a,i);
BN_add_word(&a,i);
}
else
- BN_rand(&b,50+3*(i-num1),0,0);
+ BN_bntest_rand(&b,50+3*(i-num1),0,0);
a.neg=rand_neg();
b.neg=rand_neg();
if (bp == NULL)
{
if (i < num1)
{
- BN_rand(&a,400,0,0);
+ BN_bntest_rand(&a,400,0,0);
BN_copy(&b,&a);
BN_lshift(&a,&a,i);
BN_add_word(&a,i);
}
else
- BN_rand(&b,50+3*(i-num1),0,0);
+ BN_bntest_rand(&b,50+3*(i-num1),0,0);
a.neg=rand_neg();
b.neg=rand_neg();
BN_RECP_CTX_set(&recp,&b,ctx);
{
if (i <= num1)
{
- BN_rand(&a,100,0,0);
- BN_rand(&b,100,0,0);
+ BN_bntest_rand(&a,100,0,0);
+ BN_bntest_rand(&b,100,0,0);
}
else
- BN_rand(&b,i-num1,0,0);
+ BN_bntest_rand(&b,i-num1,0,0);
a.neg=rand_neg();
b.neg=rand_neg();
if (bp == NULL)
for (i=0; i<num0; i++)
{
- BN_rand(&a,40+i*10,0,0);
+ BN_bntest_rand(&a,40+i*10,0,0);
a.neg=rand_neg();
if (bp == NULL)
for (j=0; j<100; j++)
mont=BN_MONT_CTX_new();
- BN_rand(&a,100,0,0); /**/
- BN_rand(&b,100,0,0); /**/
+ BN_bntest_rand(&a,100,0,0); /**/
+ BN_bntest_rand(&b,100,0,0); /**/
for (i=0; i<num2; i++)
{
int bits = (200*(i+1))/num2;
if (bits == 0)
continue;
- BN_rand(&n,bits,0,1);
+ BN_bntest_rand(&n,bits,0,1);
BN_MONT_CTX_set(mont,&n,ctx);
BN_to_montgomery(&A,&a,mont,ctx);
d=BN_new();
e=BN_new();
- BN_rand(a,1024,0,0); /**/
+ BN_bntest_rand(a,1024,0,0); /**/
for (i=0; i<num0; i++)
{
- BN_rand(b,450+i*10,0,0); /**/
+ BN_bntest_rand(b,450+i*10,0,0); /**/
a->neg=rand_neg();
b->neg=rand_neg();
if (bp == NULL)
d=BN_new();
e=BN_new();
- BN_rand(c,1024,0,0); /**/
+ BN_bntest_rand(c,1024,0,0); /**/
for (i=0; i<num0; i++)
{
- BN_rand(a,475+i*10,0,0); /**/
- BN_rand(b,425+i*11,0,0); /**/
+ BN_bntest_rand(a,475+i*10,0,0); /**/
+ BN_bntest_rand(b,425+i*11,0,0); /**/
a->neg=rand_neg();
b->neg=rand_neg();
/* if (bp == NULL)
d=BN_new();
e=BN_new();
- BN_rand(c,30,0,1); /* must be odd for montgomery */
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
for (i=0; i<num2; i++)
{
- BN_rand(a,20+i*5,0,0); /**/
- BN_rand(b,2+i,0,0); /**/
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
if (!BN_mod_exp(d,a,b,c,ctx))
return(00);
for (i=0; i<num2; i++)
{
- BN_rand(a,20+i*5,0,0); /**/
- BN_rand(b,2+i,0,0); /**/
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
if (!BN_exp(d,a,b,ctx))
return(00);
else
{
a=BN_new();
- BN_rand(a,200,0,0); /**/
+ BN_bntest_rand(a,200,0,0); /**/
a->neg=rand_neg();
}
for (i=0; i<num0; i++)
b=BN_new();
c=BN_new();
- BN_rand(a,200,0,0); /**/
+ BN_bntest_rand(a,200,0,0); /**/
a->neg=rand_neg();
for (i=0; i<num0; i++)
{
e=BN_new();
BN_one(c);
- BN_rand(a,200,0,0); /**/
+ BN_bntest_rand(a,200,0,0); /**/
a->neg=rand_neg();
for (i=0; i<num0; i++)
{
b=BN_new();
c=BN_new();
- BN_rand(a,200,0,0); /**/
+ BN_bntest_rand(a,200,0,0); /**/
a->neg=rand_neg();
for (i=0; i<num0; i++)
{
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
# elf
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
#define CONF_R_MISSING_EQUAL_SIGN 101
#define CONF_R_NO_CLOSE_BRACE 102
#define CONF_R_NO_CONF 105
+#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106
+#define CONF_R_NO_SECTION 107
#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103
#define CONF_R_VARIABLE_HAS_NO_VALUE 104
{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"},
{CONF_R_NO_CLOSE_BRACE ,"no close brace"},
{CONF_R_NO_CONF ,"no conf"},
+{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"},
+{CONF_R_NO_SECTION ,"no section"},
{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"},
{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"},
{0,NULL}
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
{
- CONF ctmp;
+ if (conf == NULL)
+ {
+ return NULL;
+ }
+ else
+ {
+ CONF ctmp;
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
+ if (default_CONF_method == NULL)
+ default_CONF_method = NCONF_default();
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
- return NCONF_get_section(&ctmp, section);
+ default_CONF_method->init(&ctmp);
+ ctmp.data = conf;
+ return NCONF_get_section(&ctmp, section);
+ }
}
char *CONF_get_string(LHASH *conf,char *group,char *name)
{
- CONF ctmp;
+ if (conf == NULL)
+ {
+ return NCONF_get_string(NULL, group, name);
+ }
+ else
+ {
+ CONF ctmp;
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
+ if (default_CONF_method == NULL)
+ default_CONF_method = NCONF_default();
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
- return NCONF_get_string(&ctmp, group, name);
+ default_CONF_method->init(&ctmp);
+ ctmp.data = conf;
+ return NCONF_get_string(&ctmp, group, name);
+ }
}
long CONF_get_number(LHASH *conf,char *group,char *name)
{
- CONF ctmp;
+ if (conf == NULL)
+ {
+ return NCONF_get_number(NULL, group, name);
+ }
+ else
+ {
+ CONF ctmp;
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
+ if (default_CONF_method == NULL)
+ default_CONF_method = NCONF_default();
- default_CONF_method->init(&ctmp);
- ctmp.data = conf;
- return NCONF_get_number(&ctmp, group, name);
+ default_CONF_method->init(&ctmp);
+ ctmp.data = conf;
+ return NCONF_get_number(&ctmp, group, name);
+ }
}
void CONF_free(LHASH *conf)
return NULL;
}
+ if (section == NULL)
+ {
+ CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
+ return NULL;
+ }
+
return _CONF_get_section_values(conf, section);
}
char *NCONF_get_string(CONF *conf,char *group,char *name)
{
+ char *s = _CONF_get_string(conf, group, name);
+
+ /* Since we may get a value from an environment variable even
+ if conf is NULL, let's check the value first */
+ if (s) return s;
+
if (conf == NULL)
{
- CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF);
+ CONFerr(CONF_F_NCONF_GET_STRING,
+ CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
return NULL;
}
-
- return _CONF_get_string(conf, group, name);
+ return NULL;
}
long NCONF_get_number(CONF *conf,char *group,char *name)
{
+#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
+ an environment variable with a suitable name. Unfortunately, there's
+ no way with the current API to see if we found one or not...
+ The meaning of this is that if a number is not found anywhere, it
+ will always default to 0. */
if (conf == NULL)
{
- CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF);
+ CONFerr(CONF_F_NCONF_GET_NUMBER,
+ CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
return 0;
}
+#endif
return _CONF_get_number(conf, group, name);
}
const char *SSLeay_version(int type);
unsigned long SSLeay(void);
+int OPENSSL_issetugid(void);
+
int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
des: des.o cbc3_enc.o lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
static int generate_key(DH *dh)
{
int ok=0;
- unsigned int i;
BN_CTX ctx;
BN_MONT_CTX *mont;
BIGNUM *pub_key=NULL,*priv_key=NULL;
if (dh->priv_key == NULL)
{
- i=dh->length;
- if (i == 0)
- {
- /* Make the number p-1 bits long */
- i=BN_num_bits(dh->p)-1;
- }
priv_key=BN_new();
if (priv_key == NULL) goto err;
- if (!BN_rand(priv_key,i,0,0)) goto err;
+ do
+ if (!BN_rand_range(priv_key, dh->p)) goto err;
+ while (BN_is_zero(priv_key));
}
else
priv_key=dh->priv_key;
ret->method_mont_p=NULL;
ret->references = 1;
ret->flags=meth->flags;
+ CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
{
+ CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
- else
- CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
return(ret);
}
}
#endif
- CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
-
meth = ENGINE_get_DH(r->engine);
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
+ CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+
if (r->p != NULL) BN_clear_free(r->p);
if (r->g != NULL) BN_clear_free(r->g);
if (r->q != NULL) BN_clear_free(r->q);
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
int DSA_generate_key(DSA *dsa)
{
int ok=0;
- unsigned int i;
BN_CTX *ctx=NULL;
BIGNUM *pub_key=NULL,*priv_key=NULL;
else
priv_key=dsa->priv_key;
- i=BN_num_bits(dsa->q);
- for (;;)
- {
- if (!BN_rand(priv_key,i,0,0))
- goto err;
- if (BN_cmp(priv_key,dsa->q) >= 0)
- BN_sub(priv_key,priv_key,dsa->q);
- if (!BN_is_zero(priv_key)) break;
- }
+ do
+ if (!BN_rand_range(priv_key,dsa->q)) goto err;
+ while (BN_is_zero(priv_key));
if (dsa->pub_key == NULL)
{
ret->references=1;
ret->flags=meth->flags;
+ CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
if ((meth->init != NULL) && !meth->init(ret))
{
+ CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
- else
- CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
return(ret);
}
}
#endif
- CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
-
meth = ENGINE_get_DSA(r->engine);
if(meth->finish) meth->finish(r);
ENGINE_finish(r->engine);
+ CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
+
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->g != NULL) BN_clear_free(r->g);
kinv=NULL;
/* Get random k */
- for (;;)
- {
- if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
- if (BN_cmp(&k,dsa->q) >= 0)
- BN_sub(&k,&k,dsa->q);
- if (!BN_is_zero(&k)) break;
- }
+ do
+ if (!BN_rand_range(&k, dsa->q)) goto err;
+ while (BN_is_zero(&k));
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
return(NULL);
}
- if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
{
DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
return(NULL);
DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
return(NULL);
}
- if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
{
DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
return(NULL);
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ @echo You may get an error following this line. Please ignore.
+ - $(RANLIB) $(LIB)
@touch lib
files:
}
}
- if (data != NULL)
+ if (data == NULL)
+ {
+ if (inc && (es->err_data[i] != NULL) && (es->err_data_flags[i] & ERR_TXT_MALLOCED))
+ {
+ OPENSSL_free(es->err_data[i]);
+ es->err_data[i] = NULL;
+ }
+ }
+ else
{
if (es->err_data[i] == NULL)
{
ret=idx;
err:
MemCheck_on();
- return(idx);
+ return(ret);
}
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
*/
static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
+static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
+ * access requires MALLOC2 lock */
typedef struct app_mem_info_st
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
* that are at the top of their thread's stack
- * (with `thread' as key) */
+ * (with `thread' as key);
+ * access requires MALLOC2 lock */
typedef struct mem_st
/* memory-block description */
0;
-static unsigned long disabling_thread = 0;
+static unsigned int num_disable = 0; /* num_disable > 0
+ * iff
+ * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
+ */
+static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
+ * CRYPTO_LOCK_MALLOC2 is locked
+ * exactly in this case (by the
+ * thread named in disabling_thread).
+ */
int CRYPTO_mem_ctrl(int mode)
{
CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
switch (mode)
{
- /* for applications: */
+ /* for applications (not to be called while multiple threads
+ * use the library): */
case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
- disabling_thread = 0;
+ num_disable = 0;
break;
case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
mh_mode = 0;
- disabling_thread = 0;
+ num_disable = 0; /* should be true *before* MemCheck_stop is used,
+ or there'll be a lot of confusion */
break;
/* switch off temporarily (for library-internal use): */
case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
if (mh_mode & CRYPTO_MEM_CHECK_ON)
{
- mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE;
- if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */
+ if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
{
/* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
* we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
* OpenSSL threads. */
CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+ mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
disabling_thread=CRYPTO_thread_id();
}
+ num_disable++;
}
break;
case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
if (mh_mode & CRYPTO_MEM_CHECK_ON)
{
- mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
- if (disabling_thread != 0)
+ if (num_disable) /* always true, or something is going wrong */
{
- disabling_thread=0;
- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+ num_disable--;
+ if (num_disable == 0)
+ {
+ mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+ }
}
}
break;
if (mh_mode & CRYPTO_MEM_CHECK_ON)
{
- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+ CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
- && disabling_thread != CRYPTO_thread_id();
+ || (disabling_thread != CRYPTO_thread_id());
- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+ CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
}
return(ret);
}
if (is_MemCheck_on())
{
- MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+ MemCheck_off(); /* obtain MALLOC2 lock */
if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
{
ami->next=amim;
}
err:
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ MemCheck_on(); /* release MALLOC2 lock */
}
return(ret);
if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
{
- MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+ MemCheck_off(); /* obtain MALLOC2 lock */
ret=(pop_info() != NULL);
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ MemCheck_on(); /* release MALLOC2 lock */
}
return(ret);
}
if (is_MemCheck_on()) /* _must_ be true */
{
- MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+ MemCheck_off(); /* obtain MALLOC2 lock */
while(pop_info() != NULL)
ret++;
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ MemCheck_on(); /* release MALLOC2 lock */
}
return(ret);
}
if (is_MemCheck_on())
{
- MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+ MemCheck_off(); /* make sure we hold MALLOC2 lock */
if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
{
OPENSSL_free(addr);
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ MemCheck_on(); /* release MALLOC2 lock
+ * if num_disabled drops to 0 */
return;
}
if (mh == NULL)
OPENSSL_free(mm);
}
err:
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ MemCheck_on(); /* release MALLOC2 lock
+ * if num_disabled drops to 0 */
}
break;
}
if (is_MemCheck_on() && (mh != NULL))
{
- MemCheck_off();
+ MemCheck_off(); /* make sure we hold MALLOC2 lock */
m.addr=addr;
mp=(MEM *)lh_delete(mh,(char *)&m);
OPENSSL_free(mp);
}
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ MemCheck_on(); /* release MALLOC2 lock
+ * if num_disabled drops to 0 */
}
break;
case 1:
if (is_MemCheck_on())
{
- MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
+ MemCheck_off(); /* make sure we hold MALLOC2 lock */
m.addr=addr1;
mp=(MEM *)lh_delete(mh,(char *)&m);
lh_insert(mh,(char *)mp);
}
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
+ MemCheck_on(); /* release MALLOC2 lock
+ * if num_disabled drops to 0 */
}
break;
}
if (mh == NULL && amih == NULL)
return;
+
+ MemCheck_off(); /* obtain MALLOC2 lock */
+
ml.bio=b;
ml.bytes=0;
ml.chunks=0;
- MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */
if (mh != NULL)
lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
if (ml.chunks != 0)
* void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
* Otherwise the code police will come and get us.)
*/
+ int old_mh_mode;
+
CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+
+ /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
+ * which uses CRYPTO_is_mem_check_on */
+ old_mh_mode = mh_mode;
+ mh_mode = CRYPTO_MEM_CHECK_OFF;
+
if (mh != NULL)
{
lh_free(mh);
amih = NULL;
}
}
+
+ mh_mode = old_mh_mode;
CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
}
- MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
-
-#if 0
- lh_stats_bio(mh,b);
- lh_node_stats_bio(mh,b);
- lh_node_usage_stats_bio(mh,b);
-#endif
+ MemCheck_on(); /* release MALLOC2 lock */
}
#ifndef NO_FP_API
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090600fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 [engine] 24 Sep 2000"
+#define OPENSSL_VERSION_NUMBER 0x00906010L
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a-dev [engine] XX xxx XXXX"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
# if defined(VMS) && !defined(__DECC)
# include <socket.h>
# include <in.h>
+# include <inet.h>
# else
# include <sys/socket.h>
# ifdef FILIO_H
# include <sys/filio.h> /* Added for FIONBIO under unixware */
# endif
# include <netinet/in.h>
+# include <arpa/inet.h>
# endif
# if defined(NeXT) || defined(_NEXT_SOURCE)
#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared
%endif
%ifarch alpha
-./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha
-#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc
+#!#./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha-gcc shared
%endif
LD_LIBRARY_PATH=`pwd` make
LD_LIBRARY_PATH=`pwd` make rehash
projects / oweals / openssl.git / commitdiff