Recent changes from 0.9.6-stable.

diff --git a/INSTALL b/INSTALL
index 44e32817a4ae8804a53f19e6fa4ed22b7e00495c..d25798f31d09b96dedcd3988d20f39bb9656f43d 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -132,8 +132,8 @@
      standard headers).  If it is a problem with OpenSSL itself, please
      report the problem to <openssl-bugs@openssl.org> (note that your
      message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/rt2.html and will be forwarded to a public
-     mailing list). Include the output of "make report" in your message.
+     via http://www.openssl.org/support/rt2.html and will be forwarded to a
+     public mailing list). Include the output of "make report" in your message.
      Please check out the request tracker. Maybe the bug was already
      reported or has already been fixed.
 
@@ -154,7 +154,7 @@
      in Makefile.ssl and run "make clean; make". Please send a bug
      report to <openssl-bugs@openssl.org>, including the output of
      "make report" in order to be added to the request tracker at
-     http://www.openssl.org/rt2.html.
+     http://www.openssl.org/support/rt2.html.
 
   4. If everything tests ok, install OpenSSL with
 

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 808196891b2d7de6459582a7bab6047b3ec76604..29d4fddfcaa0cf8ba0451567cdf392104132098a 100644 (file)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -58,6 +58,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/safestack.h>
@@ -206,10 +207,18 @@ int CRYPTO_get_new_dynlockid(void)
        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
        /* If there was none, push, thereby creating a new one */
        if (i == -1)
-               i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+               /* Since sk_push() returns the number of items on the
+                  stack, not the location of the pushed item, we need
+                  to transform the returned number into a position,
+                  by decreasing it.  */
+               i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+       else
+               /* If we found a place with a NULL pointer, put our pointer
+                  in it.  */
+               sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 
-       if (!i)
+       if (i == -1)
                {
                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
                OPENSSL_free(pointer);
@@ -401,15 +410,17 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
 #endif
        if (type < 0)
                {
-               struct CRYPTO_dynlock_value *pointer
-                       = CRYPTO_get_dynlock_value(type);
-
-               if (pointer && dynlock_lock_callback)
+               if (dynlock_lock_callback != NULL)
                        {
+                       struct CRYPTO_dynlock_value *pointer
+                               = CRYPTO_get_dynlock_value(type);
+
+                       assert(pointer != NULL);
+
                        dynlock_lock_callback(mode, pointer, file, line);
-                       }
 
-               CRYPTO_destroy_dynlockid(type);
+                       CRYPTO_destroy_dynlockid(type);
+                       }
                }
        else
                if (locking_callback != NULL)

diff --git a/crypto/des/des.c b/crypto/des/des.c
index 22596648e89d97c8b36b4e61d031c55d53166b2c..470432e10fb7234f927df8b5b667f8b7a6673dd8 100644 (file)
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@@ -86,6 +86,7 @@
 #endif
 #include <sys/stat.h>
 #endif
+#include <openssl/crypto.h>
 #include <openssl/des.h>
 #include <openssl/rand.h>
 

diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 2361ad61cbb81c10027471053bac1fb531041458..2a25f3fe47535d6d71411f8791a37b7a06683d2b 100644 (file)
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -217,6 +217,7 @@ end:
 static int cb_exit(int ec)
        {
        EXIT(ec);
+       return(0);              /* To keep some compilers quiet */
        }
 
 static void MS_CALLBACK dsa_cb(int p, int n, void *arg)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 90b18a046407ef8e4f14671a71a2c3a3d770b2d2..9ad9276ff76b9bd7ad5c599cab45069e5a0b629a 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -897,7 +897,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
                ctx->chain=NULL;
                }
        CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
-       OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
+       memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
        }
 
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 105e16aeae8404697c450c4b1e1541a2517b0a12..8c198d44b30b236886fc492d2463d0b502614711 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -105,7 +105,7 @@ SSL_METHOD *SSLv23_client_method(void)
 
 int ssl23_connect(SSL *s)
        {
-       BUF_MEM *buf;
+       BUF_MEM *buf=NULL;
        unsigned long Time=time(NULL);
        void (*cb)()=NULL;
        int ret= -1;
@@ -159,6 +159,7 @@ int ssl23_connect(SSL *s)
                                        goto end;
                                        }
                                s->init_buf=buf;
+                               buf=NULL;
                                }
 
                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -207,6 +208,8 @@ int ssl23_connect(SSL *s)
                }
 end:
        s->in_handshake--;
+       if (buf != NULL)
+               BUF_MEM_free(buf);
        if (cb != NULL)
                cb(s,SSL_CB_CONNECT_EXIT,ret);
        return(ret);

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 5c40996e1cfc53e86f9a0d352e340245ba23031a..61adfcf199e298ca353708e8d102b34946e5907c 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -208,10 +208,13 @@ int ssl2_connect(SSL *s)
                        if (!BUF_MEM_grow(buf,
                                SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
                                {
+                               if (buf == s->init_buf)
+                                       buf=NULL;
                                ret= -1;
                                goto end;
                                }
                        s->init_buf=buf;
+                       buf=NULL;
                        s->init_num=0;
                        s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
                        s->ctx->stats.sess_connect++;
@@ -338,6 +341,8 @@ int ssl2_connect(SSL *s)
                }
 end:
        s->in_handshake--;
+       if (buf != NULL)
+               BUF_MEM_free(buf);
        if (cb != NULL) 
                cb(s,SSL_CB_CONNECT_EXIT,ret);
        return(ret);

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c32a95581d33267db4217e155229d1e6626b1344..60c97ee62940c1766c55471121e2817bf1d916ec 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -164,7 +164,7 @@ SSL_METHOD *SSLv3_client_method(void)
 
 int ssl3_connect(SSL *s)
        {
-       BUF_MEM *buf;
+       BUF_MEM *buf=NULL;
        unsigned long Time=time(NULL),l;
        long num1;
        void (*cb)()=NULL;
@@ -225,6 +225,7 @@ int ssl3_connect(SSL *s)
                                        goto end;
                                        }
                                s->init_buf=buf;
+                               buf=NULL;
                                }
 
                        if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -503,6 +504,8 @@ int ssl3_connect(SSL *s)
                }
 end:
        s->in_handshake--;
+       if (buf != NULL)
+               BUF_MEM_free(buf);
        if (cb != NULL)
                cb(s,SSL_CB_CONNECT_EXIT,ret);
        return(ret);

diff --git a/test/testssl b/test/testssl
index 2151a6438cdab64341bb30711efe7b2c79df98ae..ad4f45f1fa1396905d5bbc7a41c1c6df1318a674 100644 (file)
--- a/test/testssl
+++ b/test/testssl
@@ -112,8 +112,12 @@ $ssltest -bio_pair -server_auth -client_auth $CA || exit 1
 
 #############################################################################
 
-echo test tls1 with 1024bit anonymous DH, multiple handshakes
-$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+if ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+fi
 
 if ../apps/openssl no-rsa; then
   echo skipping RSA tests
@@ -121,8 +125,12 @@ else
   echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
   ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
 
-  echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+  if ../apps/openssl no-dh; then
+    echo skipping RSA+DHE tests
+  else
+    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+  fi
 fi
 
 exit 0

diff --git a/test/testssl.com b/test/testssl.com
index 785f262f5ad5c889dec02eead9346f9fef70e823..26308f7715cd8098014c113a3df8eb6fa215f3ab 100644 (file)
--- a/test/testssl.com
+++ b/test/testssl.com
@@ -159,16 +159,25 @@ $ if $severity .ne. 1 then goto exit3
 $
 $!###########################################################################
 $
-$      write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
-$      'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
-$      if $severity .ne. 1 then goto exit3
-$
 $      set noon
 $      define/user sys$output nla0:
 $      mcr 'exe_dir'openssl no-rsa
-$      save_severity=$SEVERITY
+$      no_rsa=$SEVERITY
+$      define/user sys$output nla0:
+$      mcr 'exe_dir'openssl no-dh
+$      no_dh=$SEVERITY
 $      set on
-$      if save_severity
+$
+$      if no_dh
+$      then
+$          write sys$output "skipping anonymous DH tests"
+$      else
+$          write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
+$          'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
+$          if $severity .ne. 1 then goto exit3
+$      endif
+$
+$      if no_rsa
 $      then
 $          write sys$output "skipping RSA tests"
 $      else
@@ -176,9 +185,14 @@ $      write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
 $          mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
 $          if $severity .ne. 1 then goto exit3
 $
-$          write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
-$          mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
-$          if $severity .ne. 1 then goto exit3
+$          if no_dh
+$          then
+$              write sys$output "skipping RSA+DHE tests"
+$          else
+$              write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
+$              mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
+$              if $severity .ne. 1 then goto exit3
+$          endif
 $      endif
 $
 $      RET = 1