Changes between 0.9.6c and 0.9.6d [XX xxx XXXX]
+ *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+ encoded as NULL) with id-dsa-with-sha1.
+ [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
+
*) Check various X509_...() return values in apps/req.c.
[Nils Larsch <nla@trustcenter.de>]
"sco5-cc-pentium", "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC",
+"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
# Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi \
+ fi; \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
- fi \
+ fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+ Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
o Various SSL/TLS library bugfixes.
o Fix DH parameter generation for 'non-standard' generators.
- Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+ Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
o Various SSL/TLS library bugfixes.
o BIGNUM library fixes.
Broadcom and Cryptographic Appliance's keyserver
[in 0.9.6c-engine release].
- Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+ Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
o Security fix: PRNG improvements.
o Security fix: RSA OAEP check.
OpenSSL STATUS Last modified at
- ______________ $Date: 2002/04/17 12:52:31 $
+ ______________ $Date: 2002/05/08 15:53:53 $
DEVELOPMENT STATE
-Output of `Configure TABLE':
*** BC-16
$cc = bcc
$thread_cflag =
$lflags = -lsocket -lresolv -lnsl
$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj = asm/bn86-elf.o asm/co86-elf.o
-$des_obj = asm/dx86-elf.o asm/yx86-elf.o
-$bf_obj = asm/bx86-elf.o
-$md5_obj = asm/mx86-elf.o
-$sha1_obj = asm/sx86-elf.o
-$cast_obj = asm/cx86-elf.o
-$rc4_obj = asm/rx86-elf.o
-$rmd160_obj = asm/rm86-elf.o
-$rc5_obj = asm/r586-elf.o
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
$dso_scheme = dlfcn
$shared_target= svr3-shared
$shared_cflag = -fPIC
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -text print as text\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
print_attribs (out, bag->attrib, "Bag Attributes");
if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
return 0;
- if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+ if (!(pkey = EVP_PKCS82PKEY (p8))) {
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return 0;
+ }
print_attribs (out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
} else if(operation == SMIME_SIGN) {
p7 = PKCS7_sign(signer, key, other, in, flags);
- BIO_reset(in);
+ if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
+ BIO_printf(bio_err, "Can't rewind input file\n");
+ goto end;
+ }
} else {
if(informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
echo " #define CFLAGS \"$(CC) $(CFLAG)\""; \
echo " #define PLATFORM \"$(PLATFORM)\""; \
- echo " #define DATE \"`date`\""; \
+ echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
echo "#endif" ) >buildinf.h
testapps:
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include <time.h>
else
a=algor2;
if (a == NULL) continue;
- if ( (a->parameter == NULL) ||
+ if (type->pkey_type == NID_dsaWithSHA1)
+ {
+ /* special case: RFC 2459 tells us to omit 'parameters'
+ * with id-dsa-with-sha1 */
+ ASN1_TYPE_free(a->parameter);
+ a->parameter = NULL;
+ }
+ else if ((a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
return(0);
}
- nid=OBJ_obj2nid(a);
- if ((nid == NID_undef) || no_name) {
+ if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
len=a->length;
p=a->data;
}
/* if we have a certificate then write it out now */
- if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+ if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
goto err;
/* we are ignoring anything else that is loaded into the X509_INFO
EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
-EVP_CipherFinal() returns 1 for a decryption failure or 1 for success.
+EVP_CipherFinal() returns 0 for a decryption failure or 1 for success.
EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
unsigned char md[EVP_MAX_MD_SIZE];
short version;
unsigned int mac_size;
- int clear=0,extra;
+ int clear=0;
+ size_t extra;
rr= &(s->s3->rrec);
sess=s->session;
extra=SSL3_RT_MAX_EXTRA;
else
extra=0;
- if (extra != (s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE))
+ if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
{
/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
* set after ssl3_setup_buffers() was done */
goto err;
}
- if (rr->length >
- (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
{
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
- if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
+ if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
{
/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
i=rr->length;
* rr->length bytes of encrypted compressed stuff. */
/* check is not needed I believe */
- if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
{
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
/* r->length is now just compressed */
if (s->expand != NULL)
{
- if (rr->length >
- (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
{
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
}
}
- if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
+ if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
{
al=SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
if (prefix_len <= 0)
goto err;
- if (s->s3->wbuf_len < prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+ if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
{
/* insufficient space */
SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
ret = 1;
err:
+ if (d) closedir(d);
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret;
}
r = BIO_nwrite0(io1, &dataptr);
assert(r > 0);
- if (r < num)
+ if (r < (int)num)
num = r;
r = BIO_read(io2, dataptr, (int)num);
if (r != (int)num) /* can't happen */
projects / oweals / openssl.git / commitdiff