From: Richard Levitte Date: Fri, 15 Nov 2002 13:57:00 +0000 (+0000) Subject: Recent changes from 0.9.6-stable. X-Git-Tag: OpenSSL-engine-0_9_6h~11 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6ceffdd121df9391f30b75e67d07db8607b5d825;p=oweals%2Fopenssl.git Recent changes from 0.9.6-stable. --- diff --git a/CHANGES b/CHANGES index cabad0f066..7fca062af0 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Fix client_certificate (ssl/s2_clnt.c): The permissible total + length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. + [Zeev Lieber ] + *) Change the default configuration reader to deal with last line not being properly terminated. [Richard Levitte] diff --git a/Configure b/Configure index bcb61e1ed5..b589b0669a 100755 --- a/Configure +++ b/Configure @@ -132,7 +132,7 @@ my %table=( "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown):::::", # Basic configs that should work on any (32 and less bit) box @@ -487,7 +487,7 @@ my %table=( # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", diff --git a/TABLE b/TABLE index a8626a2e29..fdce85a0d9 100644 --- a/TABLE +++ b/TABLE @@ -1267,7 +1267,7 @@ $ranlib = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe +$cflags = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe $unistd = $thread_cflag = -D_REENTRANT $lflags = -ldl diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 63e11f7354..b8423af2f1 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 404 -#define NUM_SN 402 -#define NUM_LN 402 -#define NUM_OBJ 376 +#define NUM_NID 406 +#define NUM_SN 404 +#define NUM_LN 404 +#define NUM_OBJ 378 -static unsigned char lvalues[2951]={ +static unsigned char lvalues[2971]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -444,6 +444,8 @@ static unsigned char lvalues[2951]={ 0x55,0x1D,0x24, /* [2941] OBJ_policy_constraints */ 0x55,0x1D,0x37, /* [2944] OBJ_target_information */ 0x55,0x1D,0x38, /* [2947] OBJ_no_rev_avail */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1075,6 +1077,10 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2944]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, &(lvalues[2947]),0}, +{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, + 10,&(lvalues[2950]),0}, +{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, + &(lvalues[2960]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1417,6 +1423,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[138]),/* "msEFS" */ &(nid_objs[171]),/* "msExtReq" */ &(nid_objs[137]),/* "msSGC" */ +&(nid_objs[404]),/* "msSmartcardLogin" */ +&(nid_objs[405]),/* "msUPN" */ &(nid_objs[173]),/* "name" */ &(nid_objs[369]),/* "noCheck" */ &(nid_objs[403]),/* "noRevAvail" */ @@ -1510,7 +1518,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[171]),/* "Microsoft Extension Request" */ &(nid_objs[134]),/* "Microsoft Individual Code Signing" */ &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */ +&(nid_objs[404]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ +&(nid_objs[405]),/* "Microsoft Universal Principal Name" */ &(nid_objs[72]),/* "Netscape Base Url" */ &(nid_objs[76]),/* "Netscape CA Policy Url" */ &(nid_objs[74]),/* "Netscape CA Revocation Url" */ @@ -2196,6 +2206,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ &(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ &(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ +&(nid_objs[404]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ +&(nid_objs[405]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ &(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ &(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ &(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index a2a960ee37..8e8952d293 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -780,6 +780,16 @@ #define NID_ms_efs 138 #define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define NID_ms_smartcard_login 404 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft Universal Principal Name" +#define NID_ms_upn 405 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + #define SN_idea_cbc "IDEA-CBC" #define LN_idea_cbc "idea-cbc" #define NID_idea_cbc 34 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index a6baa8c5f9..1e73da1781 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -401,3 +401,5 @@ role 400 policy_constraints 401 target_information 402 no_rev_avail 403 +ms_smartcard_login 404 +ms_upn 405 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index fb73408f46..a5f6c3759b 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -246,6 +246,10 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc 1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System +!Cname ms-smartcard-login +1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin +!Cname ms-upn +1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 3f56f6480b..5c40996e1c 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -752,8 +752,8 @@ static int client_certificate(SSL *s) if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) { i=ssl2_read(s,(char *)&(buf[s->init_num]), - SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num); - if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num)) + SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num); + if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num)) return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); s->init_num += i; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 5927a2842c..22a0b097ac 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -695,7 +695,7 @@ static int ssl3_get_server_hello(SSL *s) goto f_err; } - if (s->hit && (s->session->cipher != c)) + if (s->hit && (s->session->cipher_id != c->id)) { if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))