diff options
44 files changed, 607 insertions, 158 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES index 38bfd34aa..5cae85c9c 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,16 @@ OpenSSL CHANGES _______________ + Changes between 1.0.0c and 1.0.0d [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + Changes between 1.0.0b and 1.0.0c [2 Dec 2010] *) Disable code workaround for ancient and obsolete Netscape browsers @@ -872,11 +882,34 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] + Changes between 0.9.8q and 0.9.8r [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + + Changes between 0.9.8p and 0.9.8q [2 Dec 2010] + + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + + *) Fixed J-PAKE implementation error, originally discovered by + Sebastien Martini, further info and confirmation from Stefan + Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 + [Ben Laurie] + + Changes between 0.9.8o and 0.9.8p [16 Nov 2010] *) Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can be shared by multiple threads. CVE-2010-3864 + [Steve Henson] *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 [Steve Henson] diff --git a/openssl/FAQ b/openssl/FAQ index 50e931408..0e008cbdd 100644 --- a/openssl/FAQ +++ b/openssl/FAQ @@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0c was released on Dec 2nd, 2010. +OpenSSL 1.0.0d was released on Feb 8th, 2011. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: diff --git a/openssl/LICENSE b/openssl/LICENSE index a2c4adcbe..e47d101f1 100644 --- a/openssl/LICENSE +++ b/openssl/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/openssl/Makefile b/openssl/Makefile index 009688314..5b918c486 100644 --- a/openssl/Makefile +++ b/openssl/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.0c +VERSION=1.0.0d MAJOR=1 MINOR=0.0 SHLIB_VERSION_NUMBER=1.0.0 diff --git a/openssl/NEWS b/openssl/NEWS index 139c1e02b..a9c9b7803 100644 --- a/openssl/NEWS +++ b/openssl/NEWS @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d: + + o Fix for security issue CVE-2011-0014 + Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: o Fix for security issue CVE-2010-4180 @@ -24,7 +28,7 @@ o Fix for security issue CVE-2010-1633. o GOST MAC and CFB fixes. - Major changes between OpenSSL 0.9.8n and OpenSSL 1.0: + Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0: o RFC3280 path validation: sufficient to process PKITS tests. o Integrated support for PVK files and keyblobs. @@ -47,6 +51,19 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + + o Fix for security issue CVE-2011-0014 + + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 + + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + + o Fix for security issue CVE-2010-3864. + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: o Fix for security issue CVE-2010-0742. diff --git a/openssl/README b/openssl/README index 509350db7..e3858eab8 100644 --- a/openssl/README +++ b/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 1.0.0c 2 Dec 2010 + OpenSSL 1.0.0d - Copyright (c) 1998-2010 The OpenSSL Project + Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/openssl/VMS/mkshared.com b/openssl/VMS/mkshared.com index c8acd2ade..2f9167eea 100644 --- a/openssl/VMS/mkshared.com +++ b/openssl/VMS/mkshared.com @@ -38,7 +38,7 @@ $ libopt = "''libdir'LIBCRYPTO.OPT" $ libmap = "''libdir'LIBCRYPTO.MAP" $ libgoal= "''libdir'LIBCRYPTO.EXE" $ libref = "" -$ gosub create_nonvax_shr +$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" $ libdir = "[.''ARCH'.EXE.SSL]" @@ -47,7 +47,26 @@ $ libopt = "''libdir'LIBSSL.OPT" $ libmap = "''libdir'LIBSSL.MAP" $ libgoal= "''libdir'LIBSSL.EXE" $ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" -$ gosub create_nonvax_shr +$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr +$ arch_vax = 0 +$ libid = "Crypto" +$ libnum = "[.UTIL]LIBEAY.NUM" +$ libdir = "[.''ARCH'.EXE.CRYPTO]" +$ libolb = "''libdir'LIBCRYPTO32.OLB" +$ libopt = "''libdir'LIBCRYPTO32.OPT" +$ libmap = "''libdir'LIBCRYPTO32.MAP" +$ libgoal= "''libdir'LIBCRYPTO32.EXE" +$ libref = "" +$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr +$ libid = "SSL" +$ libnum = "[.UTIL]SSLEAY.NUM" +$ libdir = "[.''ARCH'.EXE.SSL]" +$ libolb = "''libdir'LIBSSL32.OLB" +$ libopt = "''libdir'LIBSSL32.OPT" +$ libmap = "''libdir'LIBSSL32.MAP" +$ libgoal= "''libdir'LIBSSL32.EXE" +$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO32.EXE" +$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr $ else $ arch_vax = 1 $ libtit = "CRYPTO_TRANSFER_VECTOR" @@ -62,7 +81,7 @@ $ libmap = "''libdir'LIBCRYPTO.MAP" $ libgoal= "''libdir'LIBCRYPTO.EXE" $ libref = "" $ libvec = "LIBCRYPTO" -$ gosub create_vax_shr +$ if f$search(libdir+libolb) .nes. "" then gosub create_vax_shr $ libtit = "SSL_TRANSFER_VECTOR" $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" @@ -75,11 +94,11 @@ $ libmap = "''libdir'LIBSSL.MAP" $ libgoal= "''libdir'LIBSSL.EXE" $ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" $ libvec = "LIBSSL" -$ gosub create_vax_shr +$ if f$search(libdir+libolb) .nes. "" then gosub create_vax_shr $ endif $ exit $ -$! ----- Soubroutines to build the shareable libraries +$! ----- Subroutines to build the shareable libraries $! For each supported architecture, there's a main shareable library $! creator, which is called from the main code above. $! The creator will define a number of variables to tell the next levels of diff --git a/openssl/apps/makeapps.com b/openssl/apps/makeapps.com index 58f286562..7a728e6a5 100644 --- a/openssl/apps/makeapps.com +++ b/openssl/apps/makeapps.com @@ -39,6 +39,13 @@ $! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! P5, if defined, sets a choice of programs to compile. $! +$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P6. +$! For 32 bit architectures (VAX), P6 is ignored. +$! Currently supported values are: +$! +$! 32 To ge a library compiled with /POINTER_SIZE=32 +$! 64 To ge a library compiled with /POINTER_SIZE=64 +$! $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) @@ -73,11 +80,11 @@ $ PROGRAMS := OPENSSL $! $! Define The CRYPTO Library. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB $! $! Define The SSL Library. $! -$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB +$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'LIB32'.OLB $! $! Define The OBJ Directory. $! @@ -563,6 +570,58 @@ $! End The P1 Check. $! $ ENDIF $! +$! Check To See If P6 Is Blank. +$! +$ IF (P6.EQS."") +$ THEN +$ POINTER_SIZE = "" +$ ELSE +$! +$! Check is P6 Is Valid +$! +$ IF (P6.EQS."32") +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ IF ARCH .EQS. "VAX" +$ THEN +$ LIB32 = "" +$ ELSE +$ LIB32 = "32" +$ ENDIF +$ ELSE +$ IF (P6.EQS."64") +$ THEN +$ LIB32 = "" +$ IF ARCH .EQS. "VAX" +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = "/POINTER_SIZE=64" +$ ENDIF +$ ELSE +$! +$! Tell The User Entered An Invalid Option.. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P6," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size" +$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size" +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$! End The Valid Arguement Check. +$! +$ ENDIF +$ ENDIF +$! +$! End The P6 Check. +$! +$ ENDIF +$! $! Check To See If P2 Is Blank. $! $ IF (P2.EQS."") @@ -690,7 +749,7 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + - "/NOLIST/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS $! diff --git a/openssl/crypto/asn1/a_strex.c b/openssl/crypto/asn1/a_strex.c index 7fc14d329..264ebf239 100644 --- a/openssl/crypto/asn1/a_strex.c +++ b/openssl/crypto/asn1/a_strex.c @@ -74,6 +74,11 @@ #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) + /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. @@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch if(!io_ch(arg, tmphex, 3)) return -1; return 3; } + /* If we get this far and do any escaping at all must escape + * the escape character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if(!io_ch(arg, "\\\\", 2)) return -1; + return 2; + } if(!io_ch(arg, &chtmp, 1)) return -1; return 1; } @@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = { 4, -1, 2 /* 28-30 */ }; -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of diff --git a/openssl/crypto/asn1/a_strnid.c b/openssl/crypto/asn1/a_strnid.c index 753021a7a..2fc48c155 100644 --- a/openssl/crypto/asn1/a_strnid.c +++ b/openssl/crypto/asn1/a_strnid.c @@ -95,7 +95,7 @@ unsigned long ASN1_STRING_get_default_mask(void) * default: the default value, Printable, T61, BMP. */ -int ASN1_STRING_set_default_mask_asc(char *p) +int ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; diff --git a/openssl/crypto/asn1/ameth_lib.c b/openssl/crypto/asn1/ameth_lib.c index 9a8b6cc22..5a581b90e 100644 --- a/openssl/crypto/asn1/ameth_lib.c +++ b/openssl/crypto/asn1/ameth_lib.c @@ -172,7 +172,6 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) { const EVP_PKEY_ASN1_METHOD *t; - ENGINE *e; for (;;) { @@ -184,6 +183,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) if (pe) { #ifndef OPENSSL_NO_ENGINE + ENGINE *e; /* type will contain the final unaliased type */ e = ENGINE_get_pkey_asn1_meth_engine(type); if (e) diff --git a/openssl/crypto/asn1/asn1.h b/openssl/crypto/asn1/asn1.h index f7718b5a9..59540e4e7 100644 --- a/openssl/crypto/asn1/asn1.h +++ b/openssl/crypto/asn1/asn1.h @@ -1067,7 +1067,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); -int ASN1_STRING_set_default_mask_asc(char *p); +int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask); diff --git a/openssl/crypto/bio/bss_dgram.c b/openssl/crypto/bio/bss_dgram.c index eb7e36546..07d012a46 100644 --- a/openssl/crypto/bio/bss_dgram.c +++ b/openssl/crypto/bio/bss_dgram.c @@ -340,7 +340,7 @@ static int dgram_write(BIO *b, const char *in, int inl) if (data->peer.sa.sa_family == AF_INET) peerlen = sizeof(data->peer.sa_in); -#if OPENSSL_USE_IVP6 +#if OPENSSL_USE_IPV6 else if (data->peer.sa.sa_family == AF_INET6) peerlen = sizeof(data->peer.sa_in6); #endif diff --git a/openssl/crypto/bio/bss_file.c b/openssl/crypto/bio/bss_file.c index 8bfa0bcd9..b954fe7eb 100644 --- a/openssl/crypto/bio/bss_file.c +++ b/openssl/crypto/bio/bss_file.c @@ -123,6 +123,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) #if defined(_WIN32) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename)+1; + DWORD flags; /* * Basically there are three cases to cover: a) filename is @@ -136,17 +137,22 @@ BIO *BIO_new_file(const char *filename, const char *mode) * ERROR_NO_UNICODE_TRANSLATION, in which case we fall * back to fopen... */ - if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if ((sz=MultiByteToWideChar(CP_UTF8,(flags=MB_ERR_INVALID_CHARS), + filename,len_0,NULL,0))>0 || + (GetLastError()==ERROR_INVALID_FLAGS && + (sz=MultiByteToWideChar(CP_UTF8,(flags=0), filename,len_0,NULL,0))>0) + ) { WCHAR wmode[8]; WCHAR *wfilename = _alloca(sz*sizeof(WCHAR)); - if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + if (MultiByteToWideChar(CP_UTF8,flags, filename,len_0,wfilename,sz) && MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1, wmode,sizeof(wmode)/sizeof(wmode[0])) && - (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT + (file=_wfopen(wfilename,wmode))==NULL && + (errno==ENOENT || errno==EBADF) ) /* UTF-8 decode succeeded, but no file, filename * could still have been locale-ized... */ file = fopen(filename,mode); diff --git a/openssl/crypto/comp/c_rle.c b/openssl/crypto/comp/c_rle.c index efd366fa2..18bceae51 100644 --- a/openssl/crypto/comp/c_rle.c +++ b/openssl/crypto/comp/c_rle.c @@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, { int i; - if (olen < (ilen-1)) + if (ilen == 0 || olen < (ilen-1)) { /* ZZZZZZZZZZZZZZZZZZZZZZ */ return(-1); @@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, } return(ilen-1); } - diff --git a/openssl/crypto/crypto-lib.com b/openssl/crypto/crypto-lib.com index 96d9d5354..6719c8aed 100644 --- a/openssl/crypto/crypto-lib.com +++ b/openssl/crypto/crypto-lib.com @@ -47,6 +47,13 @@ $! P6, if defined, sets a choice of crypto methods to compile. $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! +$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P7. +$! For 32 bit architectures (VAX), P7 is ignored. +$! Currently supported values are: +$! +$! 32 To ge a library compiled with /POINTER_SIZE=32 +$! 64 To ge a library compiled with /POINTER_SIZE=64 +$! $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) @@ -140,11 +147,11 @@ $ ENDIF $! $! Define The Library Name. $! -$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB +$ LIB_NAME := 'EXE_DIR'LIBCRYPTO'LIB32'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB +$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO'LIB32'.OLB $! $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... $! @@ -907,6 +914,58 @@ $! End The P5 Check. $! $ ENDIF $! +$! Check To See If P7 Is Blank. +$! +$ IF (P7.EQS."") +$ THEN +$ POINTER_SIZE = "" +$ ELSE +$! +$! Check is P7 Is Valid +$! +$ IF (P7.EQS."32") +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ IF ARCH .EQS. "VAX" +$ THEN +$ LIB32 = "" +$ ELSE +$ LIB32 = "32" +$ ENDIF +$ ELSE +$ IF (P7.EQS."64") +$ THEN +$ LIB32 = "" +$ IF ARCH .EQS. "VAX" +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = "/POINTER_SIZE=64" +$ ENDIF +$ ELSE +$! +$! Tell The User Entered An Invalid Option.. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P7," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size" +$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size" +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$! End The Valid Arguement Check. +$! +$ ENDIF +$ ENDIF +$! +$! End The P7 Check. +$! +$ ENDIF +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."") @@ -1034,7 +1093,7 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + - "/NOLIST/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS diff --git a/openssl/crypto/dsa/dsa_ossl.c b/openssl/crypto/dsa/dsa_ossl.c index 1fb665ec5..a3ddd7d28 100644 --- a/openssl/crypto/dsa/dsa_ossl.c +++ b/openssl/crypto/dsa/dsa_ossl.c @@ -148,15 +148,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) s=BN_new(); if (s == NULL) goto err; - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dlen > SHA256_DIGEST_LENGTH) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -325,15 +316,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); return -1; } - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dgst_len > SHA256_DIGEST_LENGTH) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return -1; - } - BN_init(&u1); BN_init(&u2); BN_init(&t1); diff --git a/openssl/crypto/ec/ec2_smpl.c b/openssl/crypto/ec/ec2_smpl.c index cf357b462..af94458ca 100644 --- a/openssl/crypto/ec/ec2_smpl.c +++ b/openssl/crypto/ec/ec2_smpl.c @@ -937,6 +937,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/openssl/crypto/ec/ec_key.c b/openssl/crypto/ec/ec_key.c index 12fb0e6d6..522802c07 100644 --- a/openssl/crypto/ec/ec_key.c +++ b/openssl/crypto/ec/ec_key.c @@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey) ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } - + + if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) + { + ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); + goto err; + } + if ((ctx = BN_CTX_new()) == NULL) goto err; if ((point = EC_POINT_new(eckey->group)) == NULL) diff --git a/openssl/crypto/ec/ecp_smpl.c b/openssl/crypto/ec/ecp_smpl.c index 4d26f8bdf..66a92e2a9 100644 --- a/openssl/crypto/ec/ecp_smpl.c +++ b/openssl/crypto/ec/ecp_smpl.c @@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT * { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + return 1; if (a->Z_is_one && b->Z_is_one) { diff --git a/openssl/crypto/engine/engine.h b/openssl/crypto/engine/engine.h index 7fbd95f63..943aeae21 100644 --- a/openssl/crypto/engine/engine.h +++ b/openssl/crypto/engine/engine.h @@ -677,6 +677,7 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -700,6 +701,8 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ diff --git a/openssl/crypto/install.com b/openssl/crypto/install.com index b3290165c..8bc1e180e 100644 --- a/openssl/crypto/install.com +++ b/openssl/crypto/install.com @@ -106,7 +106,7 @@ $ EXHEADER_CMS := cms.h $ EXHEADER_PQUEUE := pqueue.h $ EXHEADER_TS := ts.h $ EXHEADER_JPAKE := jpake.h -$ LIBS := LIBCRYPTO +$ LIBS := LIBCRYPTO,LIBCRYPTO32 $ $ EXE_DIR := [-.'ARCH'.EXE.CRYPTO] $ diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index 79c679cbf..e7fca8345 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000003f +#define OPENSSL_VERSION_NUMBER 0x1000004fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c-fips 2 Dec 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0d-fips 8 Feb 2011" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c 2 Dec 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0d 8 Feb 2011" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/stack/safestack.h b/openssl/crypto/stack/safestack.h index a498f1b10..39914bdde 100644 --- a/openssl/crypto/stack/safestack.h +++ b/openssl/crypto/stack/safestack.h @@ -2033,75 +2033,75 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) #define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) #define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) -#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) #define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) #define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) #define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) #define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) #define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ ((int (*)(const char * const *,const char * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) #define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) #define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) #define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) #define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) #define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) -#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i)) +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) #define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) -#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i) +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) #define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) -#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) #define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) #define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) #define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) -#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr)) +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) #define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ ((int (*)(const void * const *,const void * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) #define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) #define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) -#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st)) +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) #define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) #define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i)) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) #define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) -#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) #define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) #define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) #define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) #define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) #define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) diff --git a/openssl/crypto/ts/ts_verify_ctx.c b/openssl/crypto/ts/ts_verify_ctx.c index b079b50fc..609b7735d 100644 --- a/openssl/crypto/ts/ts_verify_ctx.c +++ b/openssl/crypto/ts/ts_verify_ctx.c @@ -56,7 +56,6 @@ * */ -#include <assert.h> #include "cryptlib.h" #include <openssl/objects.h> #include <openssl/ts.h> @@ -74,7 +73,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) { - assert(ctx != NULL); + OPENSSL_assert(ctx != NULL); memset(ctx, 0, sizeof(TS_VERIFY_CTX)); } @@ -116,7 +115,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) ASN1_OCTET_STRING *msg; const ASN1_INTEGER *nonce; - assert(req != NULL); + OPENSSL_assert(req != NULL); if (ret) TS_VERIFY_CTX_cleanup(ret); else diff --git a/openssl/crypto/x509v3/v3_addr.c b/openssl/crypto/x509v3/v3_addr.c index 9087d66e0..0d70e8696 100644 --- a/openssl/crypto/x509v3/v3_addr.c +++ b/openssl/crypto/x509v3/v3_addr.c @@ -177,12 +177,18 @@ static int i2r_address(BIO *out, unsigned char addr[ADDR_RAW_BUF_LEN]; int i, n; + if (bs->length < 0) + return 0; switch (afi) { case IANA_AFI_IPV4: + if (bs->length > 4) + return 0; addr_expand(addr, bs, 4, fill); BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: + if (bs->length > 16) + return 0; addr_expand(addr, bs, 16, fill); for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; diff --git a/openssl/crypto/x509v3/v3_asid.c b/openssl/crypto/x509v3/v3_asid.c index 56702f86b..3f434c060 100644 --- a/openssl/crypto/x509v3/v3_asid.c +++ b/openssl/crypto/x509v3/v3_asid.c @@ -61,7 +61,6 @@ #include <stdio.h> #include <string.h> -#include <assert.h> #include "cryptlib.h" #include <openssl/conf.h> #include <openssl/asn1.h> @@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, { const ASIdOrRange *a = *a_, *b = *b_; - assert((a->type == ASIdOrRange_id && a->u.id != NULL) || + OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || (a->type == ASIdOrRange_range && a->u.range != NULL && a->u.range->min != NULL && a->u.range->max != NULL)); - assert((b->type == ASIdOrRange_id && b->u.id != NULL) || + OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || (b->type == ASIdOrRange_range && b->u.range != NULL && b->u.range->min != NULL && b->u.range->max != NULL)); @@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which) if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.inherit == NULL); + OPENSSL_assert((*choice)->u.inherit == NULL); if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) return 0; (*choice)->type = ASIdentifierChoice_inherit; @@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid, if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - assert((*choice)->u.asIdsOrRanges == NULL); + OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); if ((*choice)->u.asIdsOrRanges == NULL) return 0; @@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) { - assert(aor != NULL && min != NULL && max != NULL); + OPENSSL_assert(aor != NULL && min != NULL && max != NULL); switch (aor->type) { case ASIdOrRange_id: *min = aor->u.id; @@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) int v3_asid_is_canonical(ASIdentifiers *asid) { return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) || + (ASIdentifierChoice_is_canonical(asid->asnum) && ASIdentifierChoice_is_canonical(asid->rdi))); } @@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * We have a list. Sort it. */ - assert(choice->type == ASIdentifierChoice_asIdsOrRanges); + OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges); sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); /* @@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Make sure we're properly sorted (paranoia). */ - assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); + OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); /* * Check for overlaps. @@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) } } - assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ + OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ ret = 1; @@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; - assert(chain != NULL && sk_X509_num(chain) > 0); - assert(ctx != NULL || ext != NULL); - assert(ctx == NULL || ctx->verify_cb != NULL); + OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); + OPENSSL_assert(ctx != NULL || ext != NULL); + OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); /* * Figure out where to start. If we don't have an extension to @@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if ((ext = x->rfc3779_asid) == NULL) goto done; } @@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid == NULL) { if (child_as != NULL || child_rdi != NULL) validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, /* * Trust anchor can't inherit. */ - assert(x != NULL); + OPENSSL_assert(x != NULL); if (x->rfc3779_asid != NULL) { if (x->rfc3779_asid->asnum != NULL && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) diff --git a/openssl/engines/e_capi.c b/openssl/engines/e_capi.c index 5871491fd..24b620fc0 100644 --- a/openssl/engines/e_capi.c +++ b/openssl/engines/e_capi.c @@ -1814,6 +1814,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) #include <openssl/engine.h> #ifndef OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +OPENSSL_EXPORT int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } IMPLEMENT_DYNAMIC_CHECK_FN() #else diff --git a/openssl/engines/e_gmp.c b/openssl/engines/e_gmp.c index c1f5601b6..a3d47151e 100644 --- a/openssl/engines/e_gmp.c +++ b/openssl/engines/e_gmp.c @@ -471,6 +471,8 @@ static int bind_fn(ENGINE *e, const char *id) IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #else OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +OPENSSL_EXPORT int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } #endif #endif /* !OPENSSL_NO_DYNAMIC_ENGINE */ diff --git a/openssl/engines/e_padlock.c b/openssl/engines/e_padlock.c index 381a74605..7d0941980 100644 --- a/openssl/engines/e_padlock.c +++ b/openssl/engines/e_padlock.c @@ -108,6 +108,8 @@ static ENGINE *ENGINE_padlock (void); # endif #endif +#ifdef OPENSSL_NO_DYNAMIC_ENGINE + void ENGINE_load_padlock (void) { /* On non-x86 CPUs it just returns. */ @@ -120,6 +122,8 @@ void ENGINE_load_padlock (void) #endif } +#endif + #ifdef COMPILE_HW_PADLOCK /* We do these includes here to avoid header problems on platforms that do not have the VIA padlock anyway... */ @@ -1218,6 +1222,8 @@ static RAND_METHOD padlock_rand = { #else /* !COMPILE_HW_PADLOCK */ #ifndef OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +OPENSSL_EXPORT int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } IMPLEMENT_DYNAMIC_CHECK_FN() #endif diff --git a/openssl/engines/makeengines.com b/openssl/engines/makeengines.com index 6cf423607..0d3174257 100644 --- a/openssl/engines/makeengines.com +++ b/openssl/engines/makeengines.com @@ -28,6 +28,13 @@ $! $! P6 if defined, denotes which engines to build. If not defined, $! all available engines are built. $! +$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P7. +$! For 32 bit architectures (VAX), P7 is ignored. +$! Currently supported values are: +$! +$! 32 To ge a library compiled with /POINTER_SIZE=32 +$! 64 To ge a library compiled with /POINTER_SIZE=64 +$! $!----------------------------------------------------------------------------- $! $! Set the default TCP/IP library to link against if needed @@ -81,7 +88,7 @@ $ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR' $! $! Set the goal files, and create them if necessary $! -$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB $ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB' $! $! OK, time to check options and initialise @@ -92,6 +99,7 @@ $ OPT_DEBUG = P2 $ OPT_COMPILER = P3 $ OPT_TCPIP_LIB = P4 $ OPT_SPECIAL_THREADS = P5 +$ OPT_POINTER_SIZE = P7 $ $ GOSUB CHECK_OPTIONS $ GOSUB INITIALISE @@ -557,6 +565,58 @@ $! End The OPT_SPECIAL_THREADS Check. $! $ ENDIF $! +$! Check To See If OPT_POINTER_SIZE Is Blank. +$! +$ IF (OPT_POINTER_SIZE.EQS."") +$ THEN +$ POINTER_SIZE = "" +$ ELSE +$! +$! Check is OPT_POINTER_SIZE Is Valid +$! +$ IF (OPT_POINTER_SIZE.EQS."32") +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ IF ARCH .EQS. "VAX" +$ THEN +$ LIB32 = "" +$ ELSE +$ LIB32 = "32" +$ ENDIF +$ ELSE +$ IF (OPT_POINTER_SIZE.EQS."64") +$ THEN +$ LIB32 = "" +$ IF ARCH .EQS. "VAX" +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = "/POINTER_SIZE=64" +$ ENDIF +$ ELSE +$! +$! Tell The User Entered An Invalid Option.. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",OPT_POINTER_SIZE," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size" +$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size" +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$! End The Valid Arguement Check. +$! +$ ENDIF +$ ENDIF +$! +$! End The OPT_POINTER_SIZE Check. +$! +$ ENDIF +$! $! Check To See If OPT_COMPILER Is Blank. $! $ IF (OPT_COMPILER.EQS."") @@ -684,7 +744,7 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + - "/NOLIST/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS])" + - CCEXTRAFLAGS @@ -720,7 +780,7 @@ $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.VENDOR_DEFNS])" + - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -752,7 +812,7 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.VENDOR_DEFNS])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. diff --git a/openssl/makevms.com b/openssl/makevms.com index 20211b73b..8c59c67ca 100644 --- a/openssl/makevms.com +++ b/openssl/makevms.com @@ -32,8 +32,13 @@ $! APPS Just build the "[.xxx.EXE.APPS]" application programs for Open $! ENGINES Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL. $! $! -$! P2 is ignored (it was used to denote if RSAref should be used or not, -$! and is simply kept so surrounding scripts don't get confused) +$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P2. +$! For 32 bit architectures (VAX), P2 is ignored. +$! Currently supported values are: +$! +$! 32 To ge a library compiled with /POINTER_SIZE=32 +$! 64 To ge a library compiled with /POINTER_SIZE=64 +$! $! $! Specify DEBUG or NODEBUG as P3 to compile with or without debugging $! information. @@ -581,7 +586,7 @@ $ TIME = F$TIME() $! $! Write The [.CRYPTO._xxx]BUILDINF.H File. $! -$! WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */" +$ WRITE H_FILE "#define CFLAGS ""/POINTER_SIZE=''POINTER_SIZE'""" $ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'""" $ WRITE H_FILE "#define DATE ""''TIME'"" " $! @@ -726,14 +731,14 @@ $! That's All, Time To RETURN. $! $ RETURN $! -$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library. +$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO''LIB32'.OLB" Library. $! $ CRYPTO: $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO.OLB Library." +$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO''LIB32'.OLB Library." $! $! Go To The [.CRYPTO] Directory. $! @@ -741,11 +746,11 @@ $ SET DEFAULT SYS$DISK:[.CRYPTO] $! $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. $! -$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" +$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" $! $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications. $! -$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'" +$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" $! $! Go Back To The Main Directory. $! @@ -755,14 +760,14 @@ $! Time To RETURN. $! $ RETURN $! -$! Build The "[.xxx.EXE.SSL]LIBSSL.OLB" Library. +$! Build The "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library. $! $ SSL: $! $! Tell The User What We Are Doing. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL.OLB Library." +$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL''LIB32'.OLB Library." $! $! Go To The [.SSL] Directory. $! @@ -770,7 +775,7 @@ $ SET DEFAULT SYS$DISK:[.SSL] $! $! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library. $! -$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'" $! $! Go Back To The Main Directory. $! @@ -795,7 +800,7 @@ $ SET DEFAULT SYS$DISK:[.SSL] $! $! Build The [.xxx.EXE.SSL]SSL_TASK.EXE $! -$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'" $! $! Go Back To The Main Directory. $! @@ -820,7 +825,7 @@ $ SET DEFAULT SYS$DISK:[.TEST] $! $! Build The Test Programs. $! -$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'" $! $! Go Back To The Main Directory. $! @@ -845,7 +850,7 @@ $ SET DEFAULT SYS$DISK:[.APPS] $! $! Build The Application Programs. $! -$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' +$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "" "''POINTER_SIZE'" $! $! Go Back To The Main Directory. $! @@ -870,7 +875,7 @@ $ SET DEFAULT SYS$DISK:[.ENGINES] $! $! Build The Application Programs. $! -$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'" +$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" $! $! Go Back To The Main Directory. $! @@ -927,9 +932,9 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>" +$ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [Pointer size] [Debug option] <Compiler>" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG " +$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG " $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Target ",P1," Is Invalid. The Valid Target Options Are:" $ WRITE SYS$OUTPUT "" @@ -966,6 +971,58 @@ $! End The P1 Check. $! $ ENDIF $! +$! Check To See If P2 Is Blank. +$! +$ IF (P2.EQS."") +$ THEN +$ POINTER_SIZE = "" +$ ELSE +$! +$! Check is P2 Is Valid +$! +$ IF (P2.EQS."32") +$ THEN +$ POINTER_SIZE = "32" +$ IF ARCH .EQS. "VAX" +$ THEN +$ LIB32 = "" +$ ELSE +$ LIB32 = "32" +$ ENDIF +$ ELSE +$ IF (P2.EQS."64") +$ THEN +$ LIB32 = "" +$ IF ARCH .EQS. "VAX" +$ THEN +$ POINTER_SIZE = "32" +$ ELSE +$ POINTER_SIZE = "64" +$ ENDIF +$ ELSE +$! +$! Tell The User Entered An Invalid Option.. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size" +$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size" +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$! End The Valid Arguement Check. +$! +$ ENDIF +$ ENDIF +$! +$! End The P2 Check. +$! +$ ENDIF +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."NODEBUG") diff --git a/openssl/openssl.spec b/openssl/openssl.spec index 9b9072a7d..bcfb32612 100644 --- a/openssl/openssl.spec +++ b/openssl/openssl.spec @@ -2,15 +2,15 @@ %define libmaj 1 %define libmin 0 %define librel 0 -%define librev c +%define librev d Release: 1 %define openssldir /var/ssl Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: %{libmaj}.%{libmin}.%{librel} -#Version: %{libmaj}.%{libmin}.%{librel}%{librev} +#Version: %{libmaj}.%{libmin}.%{librel} +Version: %{libmaj}.%{libmin}.%{librel}%{librev} Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz Copyright: Freely distributable Group: System Environment/Libraries diff --git a/openssl/ssl/d1_enc.c b/openssl/ssl/d1_enc.c index 8fa57347a..becbab91c 100644 --- a/openssl/ssl/d1_enc.c +++ b/openssl/ssl/d1_enc.c @@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) - { - SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return 0; - } + return -1; } EVP_Cipher(ds,rec->data,rec->input,l); diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index 1fd58bf59..c10514222 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -414,7 +414,8 @@ dtls1_process_record(SSL *s) goto err; /* otherwise enc_err == -1 */ - goto err; + al=SSL_AD_BAD_RECORD_MAC; + goto f_err; } #ifdef TLS_DEBUG diff --git a/openssl/ssl/install.com b/openssl/ssl/install.com index 7f5606759..fe1d7268e 100644 --- a/openssl/ssl/install.com +++ b/openssl/ssl/install.com @@ -43,7 +43,7 @@ $ IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN - $ $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h $ E_EXE := ssl_task -$ LIBS := LIBSSL +$ LIBS := LIBSSL,LIBSSL32 $ $ XEXE_DIR := [-.'ARCH'.EXE.SSL] $ diff --git a/openssl/ssl/s2_srvr.c b/openssl/ssl/s2_srvr.c index 947167687..bc885e8e7 100644 --- a/openssl/ssl/s2_srvr.c +++ b/openssl/ssl/s2_srvr.c @@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s) p+=3; n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; - n2s(p,i); s->session->key_arg_length=i; - if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + n2s(p,i); + if(i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); return -1; } + s->session->key_arg_length=i; s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; } diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com index c5ca9e1df..35bdd34de 100644 --- a/openssl/ssl/ssl-lib.com +++ b/openssl/ssl/ssl-lib.com @@ -42,6 +42,13 @@ $! SOCKETSHR for SOCKETSHR+NETLIB $! $! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! +$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P6. +$! For 32 bit architectures (VAX), P6 is ignored. +$! Currently supported values are: +$! +$! 32 To ge a library compiled with /POINTER_SIZE=32 +$! 64 To ge a library compiled with /POINTER_SIZE=64 +$! $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That Is, If We Need To Link To One.) @@ -118,11 +125,11 @@ $ ENDIF $! $! Define The Library Name. $! -$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB +$ SSL_LIB := 'EXE_DIR'LIBSSL'LIB32'.OLB $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB $! $! Check To See What We Are To Do. $! @@ -156,7 +163,7 @@ $! Compile The Library. $! $ LIBRARY: $! -$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library... +$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library... $! $ IF (F$SEARCH(SSL_LIB).EQS."") $ THEN @@ -653,6 +660,58 @@ $! End The P5 Check. $! $ ENDIF $! +$! Check To See If P6 Is Blank. +$! +$ IF (P6.EQS."") +$ THEN +$ POINTER_SIZE = "" +$ ELSE +$! +$! Check is P6 Is Valid +$! +$ IF (P6.EQS."32") +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ IF ARCH .EQS. "VAX" +$ THEN +$ LIB32 = "" +$ ELSE +$ LIB32 = "32" +$ ENDIF +$ ELSE +$ IF (P6.EQS."64") +$ THEN +$ LIB32 = "" +$ IF ARCH .EQS. "VAX" +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = "/POINTER_SIZE=64" +$ ENDIF +$ ELSE +$! +$! Tell The User Entered An Invalid Option.. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P6," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size" +$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size" +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$! End The Valid Arguement Check. +$! +$ ENDIF +$ ENDIF +$! +$! End The P6 Check. +$! +$ ENDIF +$! $! Check To See If P3 Is Blank. $! $ IF (P3.EQS."") @@ -780,7 +839,7 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - +$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + - "/NOLIST/PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS $! diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index 5cdd7e572..85371c87b 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } n2s(data, idsize); dsize -= 2 + idsize; + size -= 2 + idsize; if (dsize < 0) { *al = SSL_AD_DECODE_ERROR; @@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } /* Read in request_extensions */ + if (size < 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } n2s(data,dsize); size -= 2; - if (dsize > size) + if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0; diff --git a/openssl/test/maketests.com b/openssl/test/maketests.com index 3d8129bf2..5dd797e35 100644 --- a/openssl/test/maketests.com +++ b/openssl/test/maketests.com @@ -36,6 +36,13 @@ $! SOCKETSHR for SOCKETSHR+NETLIB $! $! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! +$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P5. +$! For 32 bit architectures (VAX), P5 is ignored. +$! Currently supported values are: +$! +$! 32 To ge a library compiled with /POINTER_SIZE=32 +$! 64 To ge a library compiled with /POINTER_SIZE=64 +$! $! $! Define A TCP/IP Library That We Will Need To Link To. $! (That is, If Wee Need To Link To One.) @@ -72,11 +79,11 @@ $ WRITE SYS$OUTPUT "Compiling On ''ARCH'." $! $! Define The CRYPTO-LIB We Are To Use. $! -$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB +$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB $! $! Define The SSL We Are To Use. $! -$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB +$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'LIB32'.OLB $! $! Create the OBJ and EXE Directories, if needed. $! @@ -496,7 +503,59 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P2 Check. +$! End The P1 Check. +$! +$ ENDIF +$! +$! Check To See If P5 Is Blank. +$! +$ IF (P5.EQS."") +$ THEN +$ POINTER_SIZE = "" +$ ELSE +$! +$! Check is P5 Is Valid +$! +$ IF (P5.EQS."32") +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ IF ARCH .EQS. "VAX" +$ THEN +$ LIB32 = "" +$ ELSE +$ LIB32 = "32" +$ ENDIF +$ ELSE +$ IF (P5.EQS."64") +$ THEN +$ LIB32 = "" +$ IF ARCH .EQS. "VAX" +$ THEN +$ POINTER_SIZE = "/POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = "/POINTER_SIZE=64" +$ ENDIF +$ ELSE +$! +$! Tell The User Entered An Invalid Option.. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size" +$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size" +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ GOTO TIDY +$! +$! End The Valid Arguement Check. +$! +$ ENDIF +$ ENDIF +$! +$! End The P5 Check. $! $ ENDIF $! @@ -627,7 +686,7 @@ $! $ CC = "CC" $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC /DECC" -$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + - +$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89 ''POINTER_SIZE'" + - "/NOLIST /PREFIX=ALL" + - "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS $! diff --git a/openssl/util/mk1mf.pl b/openssl/util/mk1mf.pl index 68a415a39..afe8c7326 100644 --- a/openssl/util/mk1mf.pl +++ b/openssl/util/mk1mf.pl @@ -679,7 +679,7 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); -foreach (split(/\s+/,$otherlibs)) +foreach (split(" ",$otherlibs)) { my $uc = $_; $uc =~ tr /a-z/A-Z/; diff --git a/openssl/util/mkerr.pl b/openssl/util/mkerr.pl index 15b774f27..d8ea43a5d 100644 --- a/openssl/util/mkerr.pl +++ b/openssl/util/mkerr.pl @@ -391,7 +391,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", diff --git a/openssl/util/mkstack.pl b/openssl/util/mkstack.pl index 6a43757c9..f708610a7 100644 --- a/openssl/util/mkstack.pl +++ b/openssl/util/mkstack.pl @@ -104,25 +104,25 @@ EOF #define sk_${t1}_new(cmp) ((STACK_OF($t1) *)sk_new(CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_new_null() ((STACK_OF($t1) *)sk_new_null()) -#define sk_${t1}_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) -#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_PTR_OF(STACK_OF($t1), st), i)) +#define sk_${t1}_push(st, val) sk_push(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_find(st, val) sk_find(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_STACK_OF($t1, st), i)) #define sk_${t1}_num(st) SKM_sk_num($t1, st) -#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_FREE_FUNC2($t1, free_func)) -#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val), i) +#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF($t1, st), CHECKED_SK_FREE_FUNC2($t1, free_func)) +#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val), i) #define sk_${t1}_free(st) SKM_sk_free(${t1}, st) -#define sk_${t1}_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), i, CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_set(st, i, val) sk_set(CHECKED_STACK_OF($t1, st), i, CHECKED_PTR_OF($t2, val)) #define sk_${t1}_zero(st) SKM_sk_zero($t1, (st)) -#define sk_${t1}_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val)) +#define sk_${t1}_unshift(st, val) sk_unshift(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val)) #define sk_${t1}_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF($t1), st), CHECKED_CONST_PTR_OF($t2, val)) #define sk_${t1}_delete(st, i) SKM_sk_delete($t1, (st), (i)) -#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, ptr)) +#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, ptr)) #define sk_${t1}_set_cmp_func(st, cmp) \\ ((int (*)(const $t2 * const *,const $t2 * const *)) \\ - sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_CMP_FUNC($t2, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF($t1, st), CHECKED_SK_CMP_FUNC($t2, cmp))) #define sk_${t1}_dup(st) SKM_sk_dup($t1, st) #define sk_${t1}_shift(st) SKM_sk_shift($t1, (st)) -#define sk_${t1}_pop(st) ($t2 *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st)) +#define sk_${t1}_pop(st) ($t2 *)sk_pop(CHECKED_STACK_OF($t1, st)) #define sk_${t1}_sort(st) SKM_sk_sort($t1, (st)) #define sk_${t1}_is_sorted(st) SKM_sk_is_sorted($t1, (st)) diff --git a/packages.txt b/packages.txt index 0df8958d8..d9b9cb17c 100644 --- a/packages.txt +++ b/packages.txt @@ -65,7 +65,7 @@ libxcb git version libxkbfile-1.0.7
mesa git version
mkfontscale git version
-openssl-1.0.0c
+openssl-1.0.0d
pixman git version
pthreads-w32-2-8-0-release
randrproto git version
|