diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_4_6/crypto/openssl/CHANGES *** crypto/openssl/CHANGES Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/CHANGES Fri Feb 21 11:32:47 2003 *************** *** 2,9 **** --- 2,115 ---- OpenSSL CHANGES _______________ + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + + Changes between 0.9.6g and 0.9.6h [5 Dec 2002] + + *) New function OPENSSL_cleanse(), which is used to cleanse a section of + memory from it's contents. This is done with a counter that will + place alternating values in each byte. This can be used to solve + two issues: 1) the removal of calls to memset() by highly optimizing + compilers, and 2) cleansing with other values than 0, since those can + be read through on certain media, for example a swap space on disk. + [Geoff Thorpe] + + *) Bugfix: client side session caching did not work with external caching, + because the session->cipher setting was not restored when reloading + from the external cache. This problem was masked, when + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. + (Found by Steve Haslam .) + [Lutz Jaenicke] + + *) Fix client_certificate (ssl/s2_clnt.c): The permissible total + length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. + [Zeev Lieber ] + + *) Undo an undocumented change introduced in 0.9.6e which caused + repeated calls to OpenSSL_add_all_ciphers() and + OpenSSL_add_all_digests() to be ignored, even after calling + EVP_cleanup(). + [Richard Levitte] + + *) Change the default configuration reader to deal with last line not + being properly terminated. + [Richard Levitte] + + *) Change X509_NAME_cmp() so it applies the special rules on handling + DN values that are of type PrintableString, as well as RDNs of type + emailAddress where the value has the type ia5String. + [stefank@valicert.com via Richard Levitte] + + *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half + the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently + doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be + the bitwise-OR of the two for use by the majority of applications + wanting this behaviour, and update the docs. The documented + behaviour and actual behaviour were inconsistent and had been + changing anyway, so this is more a bug-fix than a behavioural + change. + [Geoff Thorpe, diagnosed by Nadav Har'El] + + *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c + (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). + [Bodo Moeller] + + *) Fix initialization code race conditions in + SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(), + SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(), + SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(), + TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(), + ssl2_get_cipher_by_char(), + ssl3_get_cipher_by_char(). + [Patrick McCormick , Bodo Moeller] + + *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after + the cached sessions are flushed, as the remove_cb() might use ex_data + contents. Bug found by Sam Varshavchik + (see [openssl.org #212]). + [Geoff Thorpe, Lutz Jaenicke] + + *) Fix typo in OBJ_txt2obj which incorrectly passed the content + length, instead of the encoding length to d2i_ASN1_OBJECT. + [Steve Henson] + + Changes between 0.9.6f and 0.9.6g [9 Aug 2002] + + *) [In 0.9.6g-engine release:] + Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall'). + [Lynn Gazis ] + + Changes between 0.9.6e and 0.9.6f [8 Aug 2002] + + *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX + and get fix the header length calculation. + [Florian Weimer , + Alon Kantor (and others), + Steve Henson] + + *) Use proper error handling instead of 'assertions' in buffer + overflow checks added in 0.9.6e. This prevents DoS (the + assertions could call abort()). + [Arne Ansper , Bodo Moeller] + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. + [Steve Henson, Adi Stav , James Yonan ] + *) Fix cipher selection routines: ciphers without encryption had no flags for the cipher strength set and where therefore not handled correctly by the selection routines (PR #130). *************** *** 35,41 **** *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the ! supplied buffer. [Steve Henson, Adi Stav , James Yonan ] *) Assertions for various potential buffer overflows, not known to --- 141,147 ---- *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the ! supplied buffer. (CAN-2002-0659) [Steve Henson, Adi Stav , James Yonan ] *) Assertions for various potential buffer overflows, not known to *************** *** 140,147 **** value is 0. [Richard Levitte] ! *) [In 0.9.6c-engine release:] ! Fix a crashbug and a logic bug in hwcrhk_load_pubkey() [Toomas Kiisk via Richard Levitte] *) Add the configuration target linux-s390x. --- 246,253 ---- value is 0. [Richard Levitte] ! *) [In 0.9.6d-engine release:] ! Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). [Toomas Kiisk via Richard Levitte] *) Add the configuration target linux-s390x. diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_4_6/crypto/openssl/Configure *** crypto/openssl/Configure Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/Configure Fri Feb 21 11:32:47 2003 *************** *** 122,128 **** "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", ! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn", "dist", "cc:-O::(unknown):::::", # Basic configs that should work on any (32 and less bit) box --- 122,128 ---- "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", ! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown):::::", # Basic configs that should work on any (32 and less bit) box *************** *** 344,351 **** "linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", ! "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", ! "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --- 344,351 ---- "linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", ! "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)", ! "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", *************** *** 395,401 **** "aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::", "aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::", "aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:", ! "aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:", # # Cray T90 and similar (SDSC) --- 395,401 ---- "aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::", "aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::", "aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:", ! "aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:", # # Cray T90 and similar (SDSC) *************** *** 477,483 **** # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", ! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", --- 477,483 ---- # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", ! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::", *************** *** 495,506 **** --- 495,512 ---- "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", "darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + ##### A/UX + "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", + ##### Sony NEWS-OS 4.x "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", ##### VxWorks for various targets "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::", + ##### Compaq Non-Stop Kernel (Tandem) + "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::", + ); my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 *************** *** 577,582 **** --- 583,589 ---- my $target; my $options; my $symlink; + my $make_depend=0; my @argvcopy=@ARGV; my $argvstring=""; *************** *** 619,625 **** { $threads=1; } elsif (/^no-shared$/) { $no_shared=1; } ! elsif (/^shared$/) { $no_shared=0; } elsif (/^no-symlinks$/) { $symlink=0; } --- 626,632 ---- { $threads=1; } elsif (/^no-shared$/) { $no_shared=1; } ! elsif (/^shared$/ || /^-shared$/ || /^--shared$/) { $no_shared=0; } elsif (/^no-symlinks$/) { $symlink=0; } *************** *** 1188,1198 **** EOF close(OUT); } else { ! (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $? ! if $symlink; ! ### (system 'make depend') == 0 or exit $? if $depflags ne ""; ! # Run "make depend" manually if you want to be able to delete ! # the source code files of ciphers you left out. if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); &dofile("apps/der_chop",$perl,'^#!/', '#!%s'); --- 1195,1207 ---- EOF close(OUT); } else { ! my $make_command = "make -f Makefile.ssl PERL=\'$perl\'"; ! my $make_targets = ""; ! $make_targets .= " links" if $symlink; ! $make_targets .= " depend" if $depflags ne "" && $make_depend; ! $make_targets .= " gentests" if $symlink; ! (system $make_command.$make_targets) == 0 or exit $? ! if $make_targets ne ""; if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); &dofile("apps/der_chop",$perl,'^#!/', '#!%s'); *************** *** 1202,1207 **** --- 1211,1225 ---- &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); + } + if ($depflags ne "" && !$make_depend) { + print <. ! OpenSSL 0.9.6e was released on 30 May, 2002. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at . ! OpenSSL 0.9.7a was released on February 19, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at ! (Solaris 9 includes these devices by default). For /dev/random support ! for earlier Solaris versions, see Sun's statement at ! ! (the SUNWski package is available in patch 105710). On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for *************** *** 213,228 **** provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. - For Solaris 2.6, Tim Nibbe and others have suggested - installing the SUNski package from Sun patch 105710-01 (Sparc) which - adds a /dev/random device and make sure it gets used, usually through - $RANDFILE. There are probably similar patches for the other Solaris - versions. An official statement from Sun with respect to /dev/random - support can be found at - http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski - However, be warned that /dev/random is usually a blocking device, which - may have some effects on OpenSSL. - * Why do I get an "unable to write 'random state'" error message? --- 240,245 ---- *************** *** 386,391 **** --- 403,419 ---- On some SCO installations or versions, bc has a bug that gets triggered when you run the test suite (using "make test"). The message returned is "bc: 1 not implemented". + + The best way to deal with this is to find another implementation of bc + and compile/install it. GNU bc (see http://www.gnu.org/software/software.html + for download instructions) can be safely used, for example. + + + * Why does the OpenSSL test fail with "bc: stack empty"? + + On some DG/ux versions, bc seems to have a too small stack for calculations + that the OpenSSL bntest throws at it. This gets triggered when you run the + test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc and compile/install it. GNU bc (see http://www.gnu.org/software/software.html diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_4_6/crypto/openssl/INSTALL *** crypto/openssl/INSTALL Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/INSTALL Fri Feb 21 11:32:47 2003 *************** *** 129,136 **** standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your message will be recorded in the request tracker publicly readable ! via http://www.openssl.org/rt2.html and will be forwarded to a public ! mailing list). Include the output of "make report" in your message. Please check out the request tracker. Maybe the bug was already reported or has already been fixed. --- 129,136 ---- standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your message will be recorded in the request tracker publicly readable ! via http://www.openssl.org/support/rt2.html and will be forwarded to a ! public mailing list). Include the output of "make report" in your message. Please check out the request tracker. Maybe the bug was already reported or has already been fixed. *************** *** 151,157 **** in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of "make report" in order to be added to the request tracker at ! http://www.openssl.org/rt2.html. 4. If everything tests ok, install OpenSSL with --- 151,157 ---- in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of "make report" in order to be added to the request tracker at ! http://www.openssl.org/support/rt2.html. 4. If everything tests ok, install OpenSSL with *************** *** 285,287 **** --- 285,299 ---- targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_4_6/crypto/openssl/Makefile.org *** crypto/openssl/Makefile.org Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/Makefile.org Fri Feb 21 11:32:47 2003 *************** *** 247,253 **** for i in $(SHLIBDIRS); do \ prev=lib$$i$(SHLIB_EXT); \ for j in $${tmp:-x}; do \ ! ( set -x; ln -f -s $$prev lib$$i$$j ); \ prev=lib$$i$$j; \ done; \ done; \ --- 247,254 ---- for i in $(SHLIBDIRS); do \ prev=lib$$i$(SHLIB_EXT); \ for j in $${tmp:-x}; do \ ! ( set -x; \ ! rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ prev=lib$$i$$j; \ done; \ done; \ *************** *** 269,277 **** done DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ ! collect2=`gcc -print-prog-name=collect2 2>&1` && \ ! [ -n "$$collect2" ] && \ ! my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 --- 270,276 ---- done DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ ! my_ld=`${CC} -print-prog-name=ld 2>&1` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 *************** *** 528,533 **** --- 527,536 ---- fi; \ done; + gentests: + @(cd test && echo "generating dummy tests (if needed)..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); + dclean: rm -f *.bak @for i in $(DIRS) ;\ *************** *** 609,614 **** --- 612,620 ---- # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. tar: + find . -type d -print | xargs chmod 755 + find . -type f -print | xargs chmod a+r + find . -type f -perm -0100 -print | xargs chmod a+x find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ tardy --user_number=0 --user_name=openssl \ *************** *** 651,659 **** do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done @if [ -n "$(SHARED_LIBS)" ]; then \ --- 657,666 ---- do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done @if [ -n "$(SHARED_LIBS)" ]; then \ *************** *** 663,682 **** if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ c=`echo $$i | sed 's/^lib/cyg/'`; \ ! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ ! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ ! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! make -f $$here/Makefile link-shared ); \ fi install_docs: --- 670,693 ---- if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ c=`echo $$i | sed 's/^lib/cyg/'`; \ ! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ ! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ ! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! set $(MAKE); \ ! $$1 -f $$here/Makefile link-shared ); \ fi install_docs: *************** *** 685,706 **** $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 ! @for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ ! done ! @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ --- 696,718 ---- $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 ! @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ ! for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ ! done; \ ! for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_4_6/crypto/openssl/Makefile.ssl *** crypto/openssl/Makefile.ssl Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/Makefile.ssl Fri Feb 21 11:32:47 2003 *************** *** 4,26 **** ## Makefile for OpenSSL ## ! VERSION=0.9.6e MAJOR=0 MINOR=9.6 SHLIB_VERSION_NUMBER=0.9.6 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=0 SHLIB_MINOR=9.6 ! SHLIB_EXT= ! PLATFORM=dist ! OPTIONS= ! CONFIGURE_ARGS=dist ! SHLIB_TARGET= # INSTALL_PREFIX is for package builders so that they can configure # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. ! INSTALL_PREFIX=/home/nectar/SSL INSTALLTOP=/usr/local/ssl # Do not edit this manually. Use Configure --openssldir=DIR do change this! --- 4,26 ---- ## Makefile for OpenSSL ## ! VERSION=0.9.6i MAJOR=0 MINOR=9.6 SHLIB_VERSION_NUMBER=0.9.6 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=0 SHLIB_MINOR=9.6 ! SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) ! PLATFORM=FreeBSD-elf ! OPTIONS=386 ! CONFIGURE_ARGS=FreeBSD-elf 386 ! SHLIB_TARGET=bsd-gcc-shared # INSTALL_PREFIX is for package builders so that they can configure # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. ! INSTALL_PREFIX=/var/tmp/ssl INSTALLTOP=/usr/local/ssl # Do not edit this manually. Use Configure --openssldir=DIR do change this! *************** *** 55,63 **** # equal 4. # PKCS1_CHECK - pkcs1 tests. ! CC= cc #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM ! CFLAG= -O DEPFLAG= PEX_LIBS= EX_LIBS= --- 55,63 ---- # equal 4. # PKCS1_CHECK - pkcs1 tests. ! CC= gcc #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM ! CFLAG= -fPIC -DTHREADS -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM DEPFLAG= PEX_LIBS= EX_LIBS= *************** *** 69,75 **** TARFLAGS= --no-recursion # Set BN_ASM to bn_asm.o if you want to use the C version ! BN_ASM= bn_asm.o #BN_ASM= bn_asm.o #BN_ASM= asm/bn86-elf.o # elf, linux-elf #BN_ASM= asm/bn86-sol.o # solaris --- 69,75 ---- TARFLAGS= --no-recursion # Set BN_ASM to bn_asm.o if you want to use the C version ! BN_ASM= asm/bn86-elf.o asm/co86-elf.o #BN_ASM= bn_asm.o #BN_ASM= asm/bn86-elf.o # elf, linux-elf #BN_ASM= asm/bn86-sol.o # solaris *************** *** 85,95 **** # For x86 assembler: Set PROCESSOR to 386 if you want to support # the 80386. ! PROCESSOR= # Set DES_ENC to des_enc.o if you want to use the C version #There are 4 x86 assember options. ! DES_ENC= des_enc.o fcrypt_b.o #DES_ENC= des_enc.o fcrypt_b.o # C #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris --- 85,95 ---- # For x86 assembler: Set PROCESSOR to 386 if you want to support # the 80386. ! PROCESSOR= 386 # Set DES_ENC to des_enc.o if you want to use the C version #There are 4 x86 assember options. ! DES_ENC= asm/dx86-elf.o asm/yx86-elf.o #DES_ENC= des_enc.o fcrypt_b.o # C #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris *************** *** 98,104 **** # Set BF_ENC to bf_enc.o if you want to use the C version #There are 4 x86 assember options. ! BF_ENC= bf_enc.o #BF_ENC= bf_enc.o #BF_ENC= asm/bx86-elf.o # elf #BF_ENC= asm/bx86-sol.o # solaris --- 98,104 ---- # Set BF_ENC to bf_enc.o if you want to use the C version #There are 4 x86 assember options. ! BF_ENC= asm/bx86-elf.o #BF_ENC= bf_enc.o #BF_ENC= asm/bx86-elf.o # elf #BF_ENC= asm/bx86-sol.o # solaris *************** *** 107,113 **** # Set CAST_ENC to c_enc.o if you want to use the C version #There are 4 x86 assember options. ! CAST_ENC= c_enc.o #CAST_ENC= c_enc.o #CAST_ENC= asm/cx86-elf.o # elf #CAST_ENC= asm/cx86-sol.o # solaris --- 107,113 ---- # Set CAST_ENC to c_enc.o if you want to use the C version #There are 4 x86 assember options. ! CAST_ENC= asm/cx86-elf.o #CAST_ENC= c_enc.o #CAST_ENC= asm/cx86-elf.o # elf #CAST_ENC= asm/cx86-sol.o # solaris *************** *** 116,122 **** # Set RC4_ENC to rc4_enc.o if you want to use the C version #There are 4 x86 assember options. ! RC4_ENC= rc4_enc.o #RC4_ENC= rc4_enc.o #RC4_ENC= asm/rx86-elf.o # elf #RC4_ENC= asm/rx86-sol.o # solaris --- 116,122 ---- # Set RC4_ENC to rc4_enc.o if you want to use the C version #There are 4 x86 assember options. ! RC4_ENC= asm/rx86-elf.o #RC4_ENC= rc4_enc.o #RC4_ENC= asm/rx86-elf.o # elf #RC4_ENC= asm/rx86-sol.o # solaris *************** *** 125,131 **** # Set RC5_ENC to rc5_enc.o if you want to use the C version #There are 4 x86 assember options. ! RC5_ENC= rc5_enc.o #RC5_ENC= rc5_enc.o #RC5_ENC= asm/r586-elf.o # elf #RC5_ENC= asm/r586-sol.o # solaris --- 125,131 ---- # Set RC5_ENC to rc5_enc.o if you want to use the C version #There are 4 x86 assember options. ! RC5_ENC= asm/r586-elf.o #RC5_ENC= rc5_enc.o #RC5_ENC= asm/r586-elf.o # elf #RC5_ENC= asm/r586-sol.o # solaris *************** *** 133,153 **** #RC5_ENC= asm/r586bsdi.o # bsdi # Also need MD5_ASM defined ! MD5_ASM_OBJ= #MD5_ASM_OBJ= asm/mx86-elf.o # elf #MD5_ASM_OBJ= asm/mx86-sol.o # solaris #MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD #MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi # Also need SHA1_ASM defined ! SHA1_ASM_OBJ= #SHA1_ASM_OBJ= asm/sx86-elf.o # elf #SHA1_ASM_OBJ= asm/sx86-sol.o # solaris #SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD #SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi # Also need RMD160_ASM defined ! RMD160_ASM_OBJ= #RMD160_ASM_OBJ= asm/rm86-elf.o # elf #RMD160_ASM_OBJ= asm/rm86-sol.o # solaris #RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD --- 133,153 ---- #RC5_ENC= asm/r586bsdi.o # bsdi # Also need MD5_ASM defined ! MD5_ASM_OBJ= asm/mx86-elf.o #MD5_ASM_OBJ= asm/mx86-elf.o # elf #MD5_ASM_OBJ= asm/mx86-sol.o # solaris #MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD #MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi # Also need SHA1_ASM defined ! SHA1_ASM_OBJ= asm/sx86-elf.o #SHA1_ASM_OBJ= asm/sx86-elf.o # elf #SHA1_ASM_OBJ= asm/sx86-sol.o # solaris #SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD #SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi # Also need RMD160_ASM defined ! RMD160_ASM_OBJ= asm/rm86-elf.o #RMD160_ASM_OBJ= asm/rm86-elf.o # elf #RMD160_ASM_OBJ= asm/rm86-sol.o # solaris #RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD *************** *** 184,190 **** SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= ! SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= GENERAL= Makefile --- 184,190 ---- SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= ! SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so SHARED_LDFLAGS= GENERAL= Makefile *************** *** 249,255 **** for i in $(SHLIBDIRS); do \ prev=lib$$i$(SHLIB_EXT); \ for j in $${tmp:-x}; do \ ! ( set -x; ln -f -s $$prev lib$$i$$j ); \ prev=lib$$i$$j; \ done; \ done; \ --- 249,256 ---- for i in $(SHLIBDIRS); do \ prev=lib$$i$(SHLIB_EXT); \ for j in $${tmp:-x}; do \ ! ( set -x; \ ! rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ prev=lib$$i$$j; \ done; \ done; \ *************** *** 271,279 **** done DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ ! collect2=`gcc -print-prog-name=collect2 2>&1` && \ ! [ -n "$$collect2" ] && \ ! my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 --- 272,278 ---- done DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ ! my_ld=`${CC} -print-prog-name=ld 2>&1` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 *************** *** 530,535 **** --- 529,538 ---- fi; \ done; + gentests: + @(cd test && echo "generating dummy tests (if needed)..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); + dclean: rm -f *.bak @for i in $(DIRS) ;\ *************** *** 611,616 **** --- 614,622 ---- # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. tar: + find . -type d -print | xargs chmod 755 + find . -type f -print | xargs chmod a+r + find . -type f -perm -0100 -print | xargs chmod a+x find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ tardy --user_number=0 --user_name=openssl \ *************** *** 653,661 **** do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done @if [ -n "$(SHARED_LIBS)" ]; then \ --- 659,668 ---- do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done @if [ -n "$(SHARED_LIBS)" ]; then \ *************** *** 665,684 **** if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ c=`echo $$i | sed 's/^lib/cyg/'`; \ ! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ ! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ ! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! make -f $$here/Makefile link-shared ); \ fi install_docs: --- 672,695 ---- if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ ! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ c=`echo $$i | sed 's/^lib/cyg/'`; \ ! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ ! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ ! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ ! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ ! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ ! set $(MAKE); \ ! $$1 -f $$here/Makefile link-shared ); \ fi install_docs: *************** *** 687,708 **** $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 ! @for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ ! done ! @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ --- 698,720 ---- $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 ! @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ ! for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ ! done; \ ! for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ ! sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_4_6/crypto/openssl/NEWS *** crypto/openssl/NEWS Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/NEWS Fri Feb 21 11:32:47 2003 *************** *** 5,10 **** --- 5,41 ---- This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: + + o Important security related bugfixes. + + Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: + + o New configuration targets for Tandem OSS and A/UX. + o New OIDs for Microsoft attributes. + o Better handling of SSL session caching. + o Better comparison of distinguished names. + o Better handling of shared libraries in a mixed GNU/non-GNU environment. + o Support assembler code with Borland C. + o Fixes for length problems. + o Fixes for uninitialised variables. + o Fixes for memory leaks, some unusual crashes and some race conditions. + o Fixes for smaller building problems. + o Updates of manuals, FAQ and other instructive documents. + + Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: + + o Important building fixes on Unix. + + Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: + + o Various important bugfixes. + + Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: + + o Important security related bugfixes. + o Various SSL/TLS library bugfixes. + Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: o Various SSL/TLS library bugfixes. diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_4_6/crypto/openssl/README *** crypto/openssl/README Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/README Fri Feb 21 11:32:47 2003 *************** *** 1,7 **** ! OpenSSL 0.9.6e 30 July 2002 ! Copyright (c) 1998-2002 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. --- 1,7 ---- ! OpenSSL 0.9.6i Feb 19 2003 ! Copyright (c) 1998-2003 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_4_6/crypto/openssl/apps/Makefile.ssl *** crypto/openssl/apps/Makefile.ssl Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/apps/Makefile.ssl Fri Feb 21 11:32:48 2003 *************** *** 117,123 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 117,123 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 128,137 **** rm -f req $(DLIBSSL): ! (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}') $(DLIBCRYPTO): ! (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}') $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) --- 128,137 ---- rm -f req $(DLIBSSL): ! (cd ..; $(MAKE) DIRS=ssl all) $(DLIBCRYPTO): ! (cd ..; $(MAKE) DIRS=crypto all) $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_4_6/crypto/openssl/apps/apps.h *** crypto/openssl/apps/apps.h Sun Nov 26 06:32:47 2000 --- ../RELENG_4_6/crypto/openssl/apps/apps.h Fri Feb 21 11:32:48 2003 *************** *** 92,99 **** --- 92,101 ---- #define MAIN(a,v) main(a,v) #ifndef NON_MAIN + LHASH *config=NULL; BIO *bio_err=NULL; #else + extern LHASH *config; extern BIO *bio_err; #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/asn1pars.c ../RELENG_4_6/crypto/openssl/apps/asn1pars.c *** crypto/openssl/apps/asn1pars.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/asn1pars.c Fri Feb 21 11:32:48 2003 *************** *** 328,333 **** if (at != NULL) ASN1_TYPE_free(at); if (osk != NULL) sk_free(osk); OBJ_cleanup(); ! EXIT(ret); } --- 328,333 ---- if (at != NULL) ASN1_TYPE_free(at); if (osk != NULL) sk_free(osk); OBJ_cleanup(); ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_4_6/crypto/openssl/apps/ca.c *** crypto/openssl/apps/ca.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/ca.c Fri Feb 21 11:32:48 2003 *************** *** 543,549 **** goto err; } pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); ! if(key) memset(key,0,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); --- 543,549 ---- goto err; } pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); ! if(key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); *************** *** 606,617 **** --- 606,619 ---- that to access(). However, time's too short to do that just now. */ + #ifndef VXWORKS if (access(outdir,R_OK|W_OK|X_OK) != 0) { BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir); perror(outdir); goto err; } + #endif if (stat(outdir,&sb) != 0) { *************** *** 829,837 **** } if (verbose) { ! if ((f=BN_bn2hex(serial)) == NULL) goto err; ! BIO_printf(bio_err,"next serial number is %s\n",f); ! OPENSSL_free(f); } if ((attribs=CONF_get_section(conf,policy)) == NULL) --- 831,844 ---- } if (verbose) { ! if (BN_is_zero(serial)) ! BIO_printf(bio_err,"next serial number is 00\n"); ! else ! { ! if ((f=BN_bn2hex(serial)) == NULL) goto err; ! BIO_printf(bio_err,"next serial number is %s\n",f); ! OPENSSL_free(f); ! } } if ((attribs=CONF_get_section(conf,policy)) == NULL) *************** *** 1275,1281 **** X509_CRL_free(crl); CONF_free(conf); OBJ_cleanup(); ! EXIT(ret); } static void lookup_fail(char *name, char *tag) --- 1282,1288 ---- X509_CRL_free(crl); CONF_free(conf); OBJ_cleanup(); ! OPENSSL_EXIT(ret); } static void lookup_fail(char *name, char *tag) *************** *** 1340,1346 **** ret=ASN1_INTEGER_to_BN(ai,NULL); if (ret == NULL) { ! BIO_printf(bio_err,"error converting number from bin to BIGNUM"); goto err; } err: --- 1347,1353 ---- ret=ASN1_INTEGER_to_BN(ai,NULL); if (ret == NULL) { ! BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); goto err; } err: *************** *** 1728,1734 **** BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n"); row[DB_name]=X509_NAME_oneline(subject,NULL,0); ! row[DB_serial]=BN_bn2hex(serial); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err,"Memory allocation failure\n"); --- 1735,1744 ---- BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n"); row[DB_name]=X509_NAME_oneline(subject,NULL,0); ! if (BN_is_zero(serial)) ! row[DB_serial]=BUF_strdup("00"); ! else ! row[DB_serial]=BN_bn2hex(serial); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err,"Memory allocation failure\n"); *************** *** 2142,2148 **** row[i]=NULL; row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); ! row[DB_serial]=BN_bn2hex(bn); BN_free(bn); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { --- 2152,2161 ---- row[i]=NULL; row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); ! if (BN_is_zero(bn)) ! row[DB_serial]=BUF_strdup("00"); ! else ! row[DB_serial]=BN_bn2hex(bn); BN_free(bn); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ciphers.c ../RELENG_4_6/crypto/openssl/apps/ciphers.c *** crypto/openssl/apps/ciphers.c Sun Nov 26 06:32:47 2000 --- ../RELENG_4_6/crypto/openssl/apps/ciphers.c Fri Feb 21 11:32:48 2003 *************** *** 202,207 **** if (ctx != NULL) SSL_CTX_free(ctx); if (ssl != NULL) SSL_free(ssl); if (STDout != NULL) BIO_free_all(STDout); ! EXIT(ret); } --- 202,207 ---- if (ctx != NULL) SSL_CTX_free(ctx); if (ssl != NULL) SSL_free(ssl); if (STDout != NULL) BIO_free_all(STDout); ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl.c ../RELENG_4_6/crypto/openssl/apps/crl.c *** crypto/openssl/apps/crl.c Sun Nov 26 06:32:47 2000 --- ../RELENG_4_6/crypto/openssl/apps/crl.c Fri Feb 21 11:32:48 2003 *************** *** 364,370 **** X509_STORE_CTX_cleanup(&ctx); X509_STORE_free(store); } ! EXIT(ret); } static X509_CRL *load_crl(char *infile, int format) --- 364,370 ---- X509_STORE_CTX_cleanup(&ctx); X509_STORE_free(store); } ! OPENSSL_EXIT(ret); } static X509_CRL *load_crl(char *infile, int format) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl2p7.c ../RELENG_4_6/crypto/openssl/apps/crl2p7.c *** crypto/openssl/apps/crl2p7.c Sun Nov 26 06:32:47 2000 --- ../RELENG_4_6/crypto/openssl/apps/crl2p7.c Fri Feb 21 11:32:48 2003 *************** *** 166,172 **** BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); BIO_printf(bio_err," (can be used more than once)\n"); BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); ! EXIT(1); } ERR_load_crypto_strings(); --- 166,172 ---- BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); BIO_printf(bio_err," (can be used more than once)\n"); BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); ! OPENSSL_EXIT(1); } ERR_load_crypto_strings(); *************** *** 278,284 **** if (p7 != NULL) PKCS7_free(p7); if (crl != NULL) X509_CRL_free(crl); ! EXIT(ret); } /* --- 278,284 ---- if (p7 != NULL) PKCS7_free(p7); if (crl != NULL) X509_CRL_free(crl); ! OPENSSL_EXIT(ret); } /* diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_4_6/crypto/openssl/apps/dgst.c *** crypto/openssl/apps/dgst.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/dgst.c Fri Feb 21 11:32:48 2003 *************** *** 327,333 **** end: if (buf != NULL) { ! memset(buf,0,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); --- 327,333 ---- end: if (buf != NULL) { ! OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); *************** *** 335,341 **** EVP_PKEY_free(sigkey); if(sigbuf) OPENSSL_free(sigbuf); if (bmd != NULL) BIO_free(bmd); ! EXIT(err); } void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, --- 335,341 ---- EVP_PKEY_free(sigkey); if(sigbuf) OPENSSL_free(sigbuf); if (bmd != NULL) BIO_free(bmd); ! OPENSSL_EXIT(err); } void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_4_6/crypto/openssl/apps/dh.c *** crypto/openssl/apps/dh.c Sun Nov 26 06:32:47 2000 --- ../RELENG_4_6/crypto/openssl/apps/dh.c Fri Feb 21 11:32:48 2003 *************** *** 319,324 **** if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); ! EXIT(ret); } #endif --- 319,324 ---- if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); ! OPENSSL_EXIT(ret); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_4_6/crypto/openssl/apps/dhparam.c *** crypto/openssl/apps/dhparam.c Sun Nov 26 06:32:47 2000 --- ../RELENG_4_6/crypto/openssl/apps/dhparam.c Fri Feb 21 11:32:48 2003 *************** *** 506,512 **** if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); ! EXIT(ret); } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ --- 506,512 ---- if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); ! OPENSSL_EXIT(ret); } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_4_6/crypto/openssl/apps/dsa.c *** crypto/openssl/apps/dsa.c Sun Nov 26 06:32:47 2000 --- ../RELENG_4_6/crypto/openssl/apps/dsa.c Fri Feb 21 11:32:48 2003 *************** *** 293,298 **** if(dsa != NULL) DSA_free(dsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); ! EXIT(ret); } #endif --- 293,298 ---- if(dsa != NULL) DSA_free(dsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); ! OPENSSL_EXIT(ret); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_4_6/crypto/openssl/apps/dsaparam.c *** crypto/openssl/apps/dsaparam.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/dsaparam.c Fri Feb 21 11:32:48 2003 *************** *** 357,363 **** if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); ! EXIT(ret); } static void MS_CALLBACK dsa_cb(int p, int n, void *arg) --- 357,363 ---- if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); ! OPENSSL_EXIT(ret); } static void MS_CALLBACK dsa_cb(int p, int n, void *arg) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_4_6/crypto/openssl/apps/enc.c *** crypto/openssl/apps/enc.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/enc.c Fri Feb 21 11:32:48 2003 *************** *** 506,514 **** * bug picked up by * Larry J. Hughes Jr. */ if (str == strbuf) ! memset(str,0,SIZE); else ! memset(str,0,strlen(str)); } if ((hiv != NULL) && !set_hex(hiv,iv,8)) { --- 506,514 ---- * bug picked up by * Larry J. Hughes Jr. */ if (str == strbuf) ! OPENSSL_cleanse(str,SIZE); else ! OPENSSL_cleanse(str,strlen(str)); } if ((hiv != NULL) && !set_hex(hiv,iv,8)) { *************** *** 604,610 **** if (benc != NULL) BIO_free(benc); if (b64 != NULL) BIO_free(b64); if(pass) OPENSSL_free(pass); ! EXIT(ret); } int set_hex(char *in, unsigned char *out, int size) --- 604,610 ---- if (benc != NULL) BIO_free(benc); if (b64 != NULL) BIO_free(b64); if(pass) OPENSSL_free(pass); ! OPENSSL_EXIT(ret); } int set_hex(char *in, unsigned char *out, int size) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/errstr.c ../RELENG_4_6/crypto/openssl/apps/errstr.c *** crypto/openssl/apps/errstr.c Sun Nov 26 06:32:48 2000 --- ../RELENG_4_6/crypto/openssl/apps/errstr.c Fri Feb 21 11:32:48 2003 *************** *** 121,125 **** ret++; } } ! EXIT(ret); } --- 121,125 ---- ret++; } } ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_4_6/crypto/openssl/apps/gendh.c *** crypto/openssl/apps/gendh.c Sun Nov 26 06:32:48 2000 --- ../RELENG_4_6/crypto/openssl/apps/gendh.c Fri Feb 21 11:32:48 2003 *************** *** 184,190 **** ERR_print_errors(bio_err); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); ! EXIT(ret); } static void MS_CALLBACK dh_cb(int p, int n, void *arg) --- 184,190 ---- ERR_print_errors(bio_err); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); ! OPENSSL_EXIT(ret); } static void MS_CALLBACK dh_cb(int p, int n, void *arg) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_4_6/crypto/openssl/apps/gendsa.c *** crypto/openssl/apps/gendsa.c Sun Nov 26 06:32:48 2000 --- ../RELENG_4_6/crypto/openssl/apps/gendsa.c Fri Feb 21 11:32:48 2003 *************** *** 220,225 **** if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); if(passout) OPENSSL_free(passout); ! EXIT(ret); } #endif --- 220,225 ---- if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); if(passout) OPENSSL_free(passout); ! OPENSSL_EXIT(ret); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_4_6/crypto/openssl/apps/genrsa.c *** crypto/openssl/apps/genrsa.c Sun Nov 26 06:32:48 2000 --- ../RELENG_4_6/crypto/openssl/apps/genrsa.c Fri Feb 21 11:32:48 2003 *************** *** 224,230 **** if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); ! EXIT(ret); } static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) --- 224,230 ---- if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); ! OPENSSL_EXIT(ret); } static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/nseq.c ../RELENG_4_6/crypto/openssl/apps/nseq.c *** crypto/openssl/apps/nseq.c Sun Nov 26 06:32:48 2000 --- ../RELENG_4_6/crypto/openssl/apps/nseq.c Fri Feb 21 11:32:48 2003 *************** *** 102,108 **** BIO_printf (bio_err, "-in file input file\n"); BIO_printf (bio_err, "-out file output file\n"); BIO_printf (bio_err, "-toseq output NS Sequence file\n"); ! EXIT(1); } if (infile) { --- 102,108 ---- BIO_printf (bio_err, "-in file input file\n"); BIO_printf (bio_err, "-out file output file\n"); BIO_printf (bio_err, "-toseq output NS Sequence file\n"); ! OPENSSL_EXIT(1); } if (infile) { *************** *** 162,167 **** BIO_free_all(out); NETSCAPE_CERT_SEQUENCE_free(seq); ! EXIT(ret); } --- 162,167 ---- BIO_free_all(out); NETSCAPE_CERT_SEQUENCE_free(seq); ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_4_6/crypto/openssl/apps/openssl.c *** crypto/openssl/apps/openssl.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/openssl.c Fri Feb 21 11:32:48 2003 *************** *** 77,87 **** static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); static LHASH *prog_init(void ); static int do_cmd(LHASH *prog,int argc,char *argv[]); - LHASH *config=NULL; char *default_config_file=NULL; /* Make sure there is only one when MONOLITH is defined */ #ifdef MONOLITH BIO *bio_err=NULL; #endif --- 77,87 ---- static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); static LHASH *prog_init(void ); static int do_cmd(LHASH *prog,int argc,char *argv[]); char *default_config_file=NULL; /* Make sure there is only one when MONOLITH is defined */ #ifdef MONOLITH + LHASH *config=NULL; BIO *bio_err=NULL; #endif *************** *** 215,221 **** BIO_free(bio_err); bio_err=NULL; } ! EXIT(ret); } #define LIST_STANDARD_COMMANDS "list-standard-commands" --- 215,221 ---- BIO_free(bio_err); bio_err=NULL; } ! OPENSSL_EXIT(ret); } #define LIST_STANDARD_COMMANDS "list-standard-commands" diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/passwd.c ../RELENG_4_6/crypto/openssl/apps/passwd.c *** crypto/openssl/apps/passwd.c Wed Jul 4 19:19:09 2001 --- ../RELENG_4_6/crypto/openssl/apps/passwd.c Fri Feb 21 11:32:48 2003 *************** *** 284,290 **** BIO_free(in); if (out) BIO_free_all(out); ! EXIT(ret); } --- 284,290 ---- BIO_free(in); if (out) BIO_free_all(out); ! OPENSSL_EXIT(ret); } *************** *** 498,503 **** int MAIN(int argc, char **argv) { fputs("Program not available.\n", stderr) ! EXIT(1); } #endif --- 498,503 ---- int MAIN(int argc, char **argv) { fputs("Program not available.\n", stderr) ! OPENSSL_EXIT(1); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_4_6/crypto/openssl/apps/pkcs12.c *** crypto/openssl/apps/pkcs12.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/pkcs12.c Fri Feb 21 11:32:48 2003 *************** *** 480,488 **** /* Exclude verified certificate */ for (i = 1; i < sk_X509_num (chain2) ; i++) sk_X509_push(certs, sk_X509_value (chain2, i)); ! } ! sk_X509_free(chain2); ! if (vret) { BIO_printf (bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); goto export_end; --- 480,489 ---- /* Exclude verified certificate */ for (i = 1; i < sk_X509_num (chain2) ; i++) sk_X509_push(certs, sk_X509_value (chain2, i)); ! /* Free first certificate */ ! X509_free(sk_X509_value(chain2, 0)); ! sk_X509_free(chain2); ! } else { BIO_printf (bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); goto export_end; *************** *** 509,516 **** } sk_X509_pop_free(certs, X509_free); certs = NULL; - /* ucert is part of certs so it is already freed */ - ucert = NULL; #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); --- 510,515 ---- *************** *** 598,604 **** if (certs) sk_X509_pop_free(certs, X509_free); if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if (ucert) X509_free(ucert); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); --- 597,602 ---- *************** *** 668,674 **** if (canames) sk_free(canames); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); ! EXIT(ret); } int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, --- 666,672 ---- if (canames) sk_free(canames); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); ! OPENSSL_EXIT(ret); } int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_4_6/crypto/openssl/apps/pkcs7.c *** crypto/openssl/apps/pkcs7.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/pkcs7.c Fri Feb 21 11:32:48 2003 *************** *** 154,160 **** BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); ! EXIT(1); } ERR_load_crypto_strings(); --- 154,160 ---- BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); ! OPENSSL_EXIT(1); } ERR_load_crypto_strings(); *************** *** 289,293 **** if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); ! EXIT(ret); } --- 289,293 ---- if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_4_6/crypto/openssl/apps/pkcs8.c *** crypto/openssl/apps/pkcs8.c Sun Nov 26 06:32:48 2000 --- ../RELENG_4_6/crypto/openssl/apps/pkcs8.c Fri Feb 21 11:32:48 2003 *************** *** 236,242 **** if(passout) p8pass = passout; else { p8pass = pass; ! EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1); } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, --- 236,243 ---- if(passout) p8pass = passout; else { p8pass = pass; ! if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1)) ! return (1); } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_4_6/crypto/openssl/apps/rand.c *** crypto/openssl/apps/rand.c Sun Nov 26 06:32:48 2000 --- ../RELENG_4_6/crypto/openssl/apps/rand.c Fri Feb 21 11:32:48 2003 *************** *** 144,148 **** ERR_print_errors(bio_err); if (out) BIO_free_all(out); ! EXIT(ret); } --- 144,148 ---- ERR_print_errors(bio_err); if (out) BIO_free_all(out); ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_4_6/crypto/openssl/apps/req.c *** crypto/openssl/apps/req.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/req.c Fri Feb 21 11:32:48 2003 *************** *** 422,428 **** if (template != NULL) { ! long errline; BIO_printf(bio_err,"Using configuration from %s\n",template); req_conf=CONF_load(NULL,template,&errline); --- 422,428 ---- if (template != NULL) { ! long errline = -1; BIO_printf(bio_err,"Using configuration from %s\n",template); req_conf=CONF_load(NULL,template,&errline); *************** *** 909,915 **** #ifndef NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif ! EXIT(ex); } static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) --- 909,915 ---- #ifndef NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif ! OPENSSL_EXIT(ex); } static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_4_6/crypto/openssl/apps/rsa.c *** crypto/openssl/apps/rsa.c Sun Nov 26 06:32:49 2000 --- ../RELENG_4_6/crypto/openssl/apps/rsa.c Fri Feb 21 11:32:48 2003 *************** *** 389,395 **** if(rsa != NULL) RSA_free(rsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); ! EXIT(ret); } #else /* !NO_RSA */ --- 389,395 ---- if(rsa != NULL) RSA_free(rsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); ! OPENSSL_EXIT(ret); } #else /* !NO_RSA */ diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_4_6/crypto/openssl/apps/s_client.c *** crypto/openssl/apps/s_client.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/s_client.c Fri Feb 21 11:32:48 2003 *************** *** 768,781 **** if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); ! if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); } ! if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); bio_c_out=NULL; } ! EXIT(ret); } --- 768,781 ---- if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); ! if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } ! if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); bio_c_out=NULL; } ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_4_6/crypto/openssl/apps/s_server.c *** crypto/openssl/apps/s_server.c Wed Jul 4 19:19:09 2001 --- ../RELENG_4_6/crypto/openssl/apps/s_server.c Fri Feb 21 11:32:48 2003 *************** *** 253,262 **** static int ebcdic_new(BIO *bi); static int ebcdic_free(BIO *a); static int ebcdic_read(BIO *b, char *out, int outl); ! static int ebcdic_write(BIO *b, char *in, int inl); ! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); static int ebcdic_gets(BIO *bp, char *buf, int size); ! static int ebcdic_puts(BIO *bp, char *str); #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) static BIO_METHOD methods_ebcdic= --- 253,262 ---- static int ebcdic_new(BIO *bi); static int ebcdic_free(BIO *a); static int ebcdic_read(BIO *b, char *out, int outl); ! static int ebcdic_write(BIO *b, const char *in, int inl); ! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); static int ebcdic_gets(BIO *bp, char *buf, int size); ! static int ebcdic_puts(BIO *bp, const char *str); #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) static BIO_METHOD methods_ebcdic= *************** *** 321,327 **** return(ret); } ! static int ebcdic_write(BIO *b, char *in, int inl) { EBCDIC_OUTBUFF *wbuf; int ret=0; --- 321,327 ---- return(ret); } ! static int ebcdic_write(BIO *b, const char *in, int inl) { EBCDIC_OUTBUFF *wbuf; int ret=0; *************** *** 354,360 **** return(ret); } ! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) { long ret; --- 354,360 ---- return(ret); } ! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret; *************** *** 373,379 **** static int ebcdic_gets(BIO *bp, char *buf, int size) { ! int i, ret; if (bp->next_bio == NULL) return(0); /* return(BIO_gets(bp->next_bio,buf,size));*/ for (i=0; inext_bio == NULL) return(0); /* return(BIO_gets(bp->next_bio,buf,size));*/ for (i=0; inext_bio == NULL) return(0); return ebcdic_write(bp, str, strlen(str)); --- 392,398 ---- return (ret < 0 && i == 0) ? ret : i; } ! static int ebcdic_puts(BIO *bp, const char *str) { if (bp->next_bio == NULL) return(0); return ebcdic_write(bp, str, strlen(str)); *************** *** 741,747 **** BIO_free(bio_s_out); bio_s_out=NULL; } ! EXIT(ret); } static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) --- 741,747 ---- BIO_free(bio_s_out); bio_s_out=NULL; } ! OPENSSL_EXIT(ret); } static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) *************** *** 1043,1049 **** BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { ! memset(buf,0,bufsize); OPENSSL_free(buf); } if (ret >= 0) --- 1043,1049 ---- BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { ! OPENSSL_cleanse(buf,bufsize); OPENSSL_free(buf); } if (ret >= 0) *************** *** 1250,1256 **** else { BIO_printf(bio_s_out,"read R BLOCK\n"); ! #ifndef MSDOS sleep(1); #endif continue; --- 1250,1256 ---- else { BIO_printf(bio_s_out,"read R BLOCK\n"); ! #if !defined(MSDOS) && !defined(VXWORKS) sleep(1); #endif continue; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_time.c ../RELENG_4_6/crypto/openssl/apps/s_time.c *** crypto/openssl/apps/s_time.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/s_time.c Fri Feb 21 11:32:48 2003 *************** *** 116,121 **** --- 116,126 ---- #include #endif + #ifdef VXWORKS + #include + #undef SIGALRM + #endif + /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ *************** *** 461,467 **** if (tm_cipher == NULL ) { fprintf( stderr, "No CIPHER specified\n" ); ! /* EXIT(1); */ } if (!(perform & 1)) goto next; --- 466,472 ---- if (tm_cipher == NULL ) { fprintf( stderr, "No CIPHER specified\n" ); ! /* OPENSSL_EXIT(1); */ } if (!(perform & 1)) goto next; *************** *** 628,634 **** SSL_CTX_free(tm_ctx); tm_ctx=NULL; } ! EXIT(ret); } /*********************************************************************** --- 633,639 ---- SSL_CTX_free(tm_ctx); tm_ctx=NULL; } ! OPENSSL_EXIT(ret); } /*********************************************************************** diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/sess_id.c ../RELENG_4_6/crypto/openssl/apps/sess_id.c *** crypto/openssl/apps/sess_id.c Sun Nov 26 06:32:49 2000 --- ../RELENG_4_6/crypto/openssl/apps/sess_id.c Fri Feb 21 11:32:48 2003 *************** *** 272,278 **** end: if (out != NULL) BIO_free_all(out); if (x != NULL) SSL_SESSION_free(x); ! EXIT(ret); } static SSL_SESSION *load_sess_id(char *infile, int format) --- 272,278 ---- end: if (out != NULL) BIO_free_all(out); if (x != NULL) SSL_SESSION_free(x); ! OPENSSL_EXIT(ret); } static SSL_SESSION *load_sess_id(char *infile, int format) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_4_6/crypto/openssl/apps/speed.c *** crypto/openssl/apps/speed.c Mon Feb 24 21:51:10 2003 --- ../RELENG_4_6/crypto/openssl/apps/speed.c Fri Feb 21 11:32:48 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/apps/speed.c,v 1.3.2.3.6.1 2002/07/31 02:54:40 nectar Exp $ */ /* most of this code has been pilfered from my libdes speed.c program */ --- 54,59 ---- *************** *** 691,697 **** BIO_printf(bio_err,"\n"); #endif ! #ifdef TIMES BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available options:\n"); BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); --- 689,695 ---- BIO_printf(bio_err,"\n"); #endif ! #if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available options:\n"); BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); *************** *** 1414,1420 **** if (dsa_key[i] != NULL) DSA_free(dsa_key[i]); #endif ! EXIT(mret); } static void print_message(char *s, long num, int length) --- 1412,1418 ---- if (dsa_key[i] != NULL) DSA_free(dsa_key[i]); #endif ! OPENSSL_EXIT(mret); } static void print_message(char *s, long num, int length) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_4_6/crypto/openssl/apps/spkac.c *** crypto/openssl/apps/spkac.c Sun Nov 26 06:32:49 2000 --- ../RELENG_4_6/crypto/openssl/apps/spkac.c Fri Feb 21 11:32:48 2003 *************** *** 288,292 **** BIO_free(key); EVP_PKEY_free(pkey); if(passin) OPENSSL_free(passin); ! EXIT(ret); } --- 288,292 ---- BIO_free(key); EVP_PKEY_free(pkey); if(passin) OPENSSL_free(passin); ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_4_6/crypto/openssl/apps/verify.c *** crypto/openssl/apps/verify.c Sun Nov 26 06:32:50 2000 --- ../RELENG_4_6/crypto/openssl/apps/verify.c Fri Feb 21 11:32:48 2003 *************** *** 213,219 **** if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); ! EXIT(ret); } static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose) --- 213,219 ---- if (cert_ctx != NULL) X509_STORE_free(cert_ctx); sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); ! OPENSSL_EXIT(ret); } static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/version.c ../RELENG_4_6/crypto/openssl/apps/version.c *** crypto/openssl/apps/version.c Sun Aug 20 04:45:59 2000 --- ../RELENG_4_6/crypto/openssl/apps/version.c Fri Feb 21 11:32:48 2003 *************** *** 128,132 **** } if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); end: ! EXIT(ret); } --- 128,132 ---- } if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); end: ! OPENSSL_EXIT(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_4_6/crypto/openssl/apps/x509.c *** crypto/openssl/apps/x509.c Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/apps/x509.c Fri Feb 21 11:32:48 2003 *************** *** 121,127 **** " -CAkey arg - set the CA key, must be PEM format\n", " missing, it is assumed to be in the CA file.\n", " -CAcreateserial - create serial number file if it does not exist\n", ! " -CAserial - serial file\n", " -text - print the certificate in text form\n", " -C - print out C code forms\n", " -md2/-md5/-sha1/-mdc2 - digest to use\n", --- 121,127 ---- " -CAkey arg - set the CA key, must be PEM format\n", " missing, it is assumed to be in the CA file.\n", " -CAcreateserial - create serial number file if it does not exist\n", ! " -CAserial arg - serial file\n", " -text - print the certificate in text form\n", " -C - print out C code forms\n", " -md2/-md5/-sha1/-mdc2 - digest to use\n", *************** *** 447,453 **** if (extfile) { ! long errorline; X509V3_CTX ctx2; if (!(extconf=CONF_load(NULL,extfile,&errorline))) { --- 447,453 ---- if (extfile) { ! long errorline = -1; X509V3_CTX ctx2; if (!(extconf=CONF_load(NULL,extfile,&errorline))) { *************** *** 961,967 **** sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); if (passin) OPENSSL_free(passin); ! EXIT(ret); } static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, --- 961,967 ---- sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); if (passin) OPENSSL_free(passin); ! OPENSSL_EXIT(ret); } static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_4_6/crypto/openssl/config *** crypto/openssl/config Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/config Fri Feb 21 11:32:47 2003 *************** *** 317,322 **** --- 317,326 ---- *CRAY*) echo "j90-cray-unicos"; exit 0; ;; + + NONSTOP_KERNEL*) + echo "nsr-tandem-nsk"; exit 0; + ;; esac # *************** *** 384,389 **** --- 388,396 ---- GCCVER=`(gcc -dumpversion) 2>/dev/null` if [ "$GCCVER" != "" ]; then CC=gcc + # then strip off whatever prefix egcs prepends the number with... + # Hopefully, this will work for any future prefixes as well. + GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'` # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion # does give us what we want though, so we use that. We just just the # major and minor version numbers. *************** *** 392,397 **** --- 399,405 ---- else CC=cc fi + GCCVER=${GCCVER:-0} if [ "$SYSTEM" = "HP-UX" ];then # By default gcc is a ILP32 compiler (with long long == 64). GCC_BITS="32" *************** *** 469,475 **** echo "WARNING! If you wish to build 64-bit library, then you have to" echo " invoke './Configure irix64-mips4-$CC' *manually*." echo " Type return if you want to continue, Ctrl-C to abort." ! read waste < /dev/tty CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 5000 ]; then --- 477,484 ---- echo "WARNING! If you wish to build 64-bit library, then you have to" echo " invoke './Configure irix64-mips4-$CC' *manually*." echo " Type return if you want to continue, Ctrl-C to abort." ! # Do not stop if /dev/tty is unavailable ! (read waste < /dev/tty) || true CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 5000 ]; then *************** *** 524,530 **** #echo "WARNING! If you wish to build 64-bit library, then you have to" #echo " invoke './Configure linux64-sparcv9' *manually*." #echo " Type return if you want to continue, Ctrl-C to abort." ! #read waste < /dev/tty OUT="linux-sparcv9" ;; sparc-*-linux2) KARCH=`awk '/^type/{print$3}' /proc/cpuinfo` --- 533,540 ---- #echo "WARNING! If you wish to build 64-bit library, then you have to" #echo " invoke './Configure linux64-sparcv9' *manually*." #echo " Type return if you want to continue, Ctrl-C to abort." ! # Do not stop if /dev/tty is unavailable ! #(read waste < /dev/tty) || true OUT="linux-sparcv9" ;; sparc-*-linux2) KARCH=`awk '/^type/{print$3}' /proc/cpuinfo` *************** *** 565,571 **** echo "WARNING! If you wish to build 64-bit library, then you have to" echo " invoke './Configure solaris64-sparcv9-cc' *manually*." echo " Type return if you want to continue, Ctrl-C to abort." ! read waste < /dev/tty fi OUT="solaris-sparcv9-$CC" ;; sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;; --- 575,582 ---- echo "WARNING! If you wish to build 64-bit library, then you have to" echo " invoke './Configure solaris64-sparcv9-cc' *manually*." echo " Type return if you want to continue, Ctrl-C to abort." ! # Do not stop if /dev/tty is unavailable ! (read waste < /dev/tty) || true fi OUT="solaris-sparcv9-$CC" ;; sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;; *************** *** 626,631 **** --- 637,643 ---- *-*-cygwin) OUT="Cygwin" ;; t3e-cray-unicosmk) OUT="cray-t3e" ;; j90-cray-unicos) OUT="cray-j90" ;; + nsr-tandem-nsk) OUT="tandem-c89" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/Makefile.ssl *** crypto/openssl/crypto/Makefile.ssl Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/crypto/Makefile.ssl Fri Feb 21 11:32:49 2003 *************** *** 34,41 **** GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a ! LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c ! LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o SRC= $(LIBSRC) --- 34,41 ---- GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a ! LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c ! LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o SRC= $(LIBSRC) *************** *** 129,135 **** depend: if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist ! $(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC) if [ ! -s buildinf.h ]; then rm buildinf.h; fi @for i in $(SDIRS) ;\ do \ --- 129,135 ---- depend: if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist ! $(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) if [ ! -s buildinf.h ]; then rm buildinf.h; fi @for i in $(SDIRS) ;\ do \ *************** *** 185,190 **** --- 185,193 ---- mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h + mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h + mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h + mem_clr.o: ../include/openssl/symhacks.h mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.ssl *** crypto/openssl/crypto/asn1/Makefile.ssl Mon Feb 24 21:51:12 2003 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.ssl Fri Feb 21 11:32:50 2003 *************** *** 104,110 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 104,110 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_sign.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_sign.c *** crypto/openssl/crypto/asn1/a_sign.c Mon Feb 24 21:51:12 2003 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_sign.c Fri Feb 21 11:32:50 2003 *************** *** 199,208 **** signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; err: ! memset(&ctx,0,sizeof(ctx)); if (buf_in != NULL) ! { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) ! { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } return(outl); } --- 199,208 ---- signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; err: ! OPENSSL_cleanse(&ctx,sizeof(ctx)); if (buf_in != NULL) ! { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) ! { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_strex.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strex.c *** crypto/openssl/crypto/asn1/a_strex.c Sun Nov 26 06:38:42 2000 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strex.c Fri Feb 21 11:32:50 2003 *************** *** 519,525 **** { ASN1_STRING stmp, *str = &stmp; int mbflag, type, ret; ! if(!*out || !in) return -1; type = in->type; if((type < 0) || (type > 30)) return -1; mbflag = tag2nbyte[type]; --- 519,525 ---- { ASN1_STRING stmp, *str = &stmp; int mbflag, type, ret; ! if(!in) return -1; type = in->type; if((type < 0) || (type > 30)) return -1; mbflag = tag2nbyte[type]; *************** *** 528,533 **** stmp.data = NULL; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; ! if(out) *out = stmp.data; return stmp.length; } --- 528,533 ---- stmp.data = NULL; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; ! *out = stmp.data; return stmp.length; } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_utctm.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_utctm.c *** crypto/openssl/crypto/asn1/a_utctm.c Mon Feb 24 21:51:12 2003 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_utctm.c Fri Feb 21 11:32:50 2003 *************** *** 246,251 **** --- 246,253 ---- ts=(struct tm *)localtime(&t); } #endif + if (ts == NULL) + return(NULL); p=(char *)s->data; if ((p == NULL) || (s->length < 14)) { diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_verify.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_verify.c *** crypto/openssl/crypto/asn1/a_verify.c Sun Nov 26 06:32:59 2000 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_verify.c Fri Feb 21 11:32:50 2003 *************** *** 100,106 **** EVP_VerifyInit(&ctx,type); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); ! memset(buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, --- 100,106 ---- EVP_VerifyInit(&ctx,type); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); ! OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1_lib.c ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1_lib.c *** crypto/openssl/crypto/asn1/asn1_lib.c Mon Feb 24 21:51:12 2003 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1_lib.c Fri Feb 21 11:32:50 2003 *************** *** 57,62 **** --- 57,63 ---- */ #include + #include #include "cryptlib.h" #include #include *************** *** 141,147 **** static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) { unsigned char *p= *pp; ! long ret=0; int i; if (max-- < 1) return(0); --- 142,148 ---- static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) { unsigned char *p= *pp; ! unsigned long ret=0; int i; if (max-- < 1) return(0); *************** *** 170,179 **** else ret=i; } ! if (ret < 0) return 0; *pp=p; ! *rl=ret; return(1); } --- 171,180 ---- else ret=i; } ! if (ret > LONG_MAX) return 0; *pp=p; ! *rl=(long)ret; return(1); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/n_pkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/n_pkey.c *** crypto/openssl/crypto/asn1/n_pkey.c Sun Nov 26 06:33:00 2000 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/n_pkey.c Fri Feb 21 11:32:50 2003 *************** *** 181,187 **** } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); ! memset(buf,0,256); EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL); --- 181,187 ---- } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); ! OPENSSL_cleanse(buf,256); EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL); *************** *** 292,298 **** } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); ! memset(buf,0,256); EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL); --- 292,298 ---- } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); ! OPENSSL_cleanse(buf,256); EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/p8_pkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/p8_pkey.c *** crypto/openssl/crypto/asn1/p8_pkey.c Sun Nov 26 06:33:01 2000 --- ../RELENG_4_6/crypto/openssl/crypto/asn1/p8_pkey.c Fri Feb 21 11:32:50 2003 *************** *** 119,126 **** X509_ALGOR_free(a->pkeyalg); /* Clear sensitive data */ if (a->pkey->value.octet_string) ! memset (a->pkey->value.octet_string->data, ! 0, a->pkey->value.octet_string->length); ASN1_TYPE_free (a->pkey); sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free); OPENSSL_free (a); --- 119,126 ---- X509_ALGOR_free(a->pkeyalg); /* Clear sensitive data */ if (a->pkey->value.octet_string) ! OPENSSL_cleanse(a->pkey->value.octet_string->data, ! a->pkey->value.octet_string->length); ASN1_TYPE_free (a->pkey); sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free); OPENSSL_free (a); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.ssl *** crypto/openssl/crypto/bf/Makefile.ssl Wed Jul 4 19:19:13 2001 --- ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.ssl Fri Feb 21 11:32:50 2003 *************** *** 96,102 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 96,102 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/bftest.c ../RELENG_4_6/crypto/openssl/crypto/bf/bftest.c *** crypto/openssl/crypto/bf/bftest.c Sun Nov 26 06:33:09 2000 --- ../RELENG_4_6/crypto/openssl/crypto/bf/bftest.c Fri Feb 21 11:32:50 2003 *************** *** 63,68 **** --- 63,70 ---- #include #include + #include "../e_os.h" + #ifdef NO_BF int main(int argc, char *argv[]) { *************** *** 275,281 **** else ret=test(); ! exit(ret); return(0); } --- 277,283 ---- else ret=test(); ! EXIT(ret); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.ssl *** crypto/openssl/crypto/bio/Makefile.ssl Mon Feb 24 21:51:12 2003 --- ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.ssl Fri Feb 21 11:32:50 2003 *************** *** 78,84 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 78,84 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/b_print.c ../RELENG_4_6/crypto/openssl/crypto/bio/b_print.c *** crypto/openssl/crypto/bio/b_print.c Mon Feb 24 21:51:12 2003 --- ../RELENG_4_6/crypto/openssl/crypto/bio/b_print.c Fri Feb 21 11:32:50 2003 *************** *** 109,115 **** * o ... (for OpenSSL) */ ! #if HAVE_LONG_DOUBLE #define LDOUBLE long double #else #define LDOUBLE double --- 109,115 ---- * o ... (for OpenSSL) */ ! #ifdef HAVE_LONG_DOUBLE #define LDOUBLE long double #else #define LDOUBLE double diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_4_6/crypto/openssl/crypto/bio/bio.h *** crypto/openssl/crypto/bio/bio.h Mon Feb 24 21:51:12 2003 --- ../RELENG_4_6/crypto/openssl/crypto/bio/bio.h Fri Feb 21 11:32:50 2003 *************** *** 241,247 **** long (_far *ctrl)(); int (_far *create)(); int (_far *destroy)(); ! long (_fat *callback_ctrl)(); } BIO_METHOD; #endif --- 241,247 ---- long (_far *ctrl)(); int (_far *create)(); int (_far *destroy)(); ! long (_far *callback_ctrl)(); } BIO_METHOD; #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.ssl *** crypto/openssl/crypto/bn/Makefile.ssl Mon Feb 24 21:51:13 2003 --- ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.ssl Fri Feb 21 11:32:50 2003 *************** *** 159,165 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 159,165 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn.h ../RELENG_4_6/crypto/openssl/crypto/bn/bn.h *** crypto/openssl/crypto/bn/bn.h Mon Feb 24 21:51:13 2003 --- ../RELENG_4_6/crypto/openssl/crypto/bn/bn.h Fri Feb 21 11:32:50 2003 *************** *** 155,161 **** #define BN_BYTES 4 #define BN_BITS2 32 #define BN_BITS4 16 ! #ifdef _MSC_VER /* VC++ doesn't like the LL suffix */ #define BN_MASK (0xffffffffffffffffL) #else --- 155,161 ---- #define BN_BYTES 4 #define BN_BITS2 32 #define BN_BITS4 16 ! #if defined(_MSC_VER) || defined(__BORLANDC__) /* VC++ doesn't like the LL suffix */ #define BN_MASK (0xffffffffffffffffL) #else *************** *** 413,419 **** BN_CTX *ctx); int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); ! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); --- 413,419 ---- BN_CTX *ctx); int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); ! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lib.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_lib.c *** crypto/openssl/crypto/bn/bn_lib.c Wed Jul 4 19:19:14 2001 --- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_lib.c Fri Feb 21 11:32:50 2003 *************** *** 263,274 **** if (a == NULL) return; if (a->d != NULL) { ! memset(a->d,0,a->dmax*sizeof(a->d[0])); if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); ! memset(a,0,sizeof(BIGNUM)); if (i) OPENSSL_free(a); } --- 263,274 ---- if (a == NULL) return; if (a->d != NULL) { ! OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); ! OPENSSL_cleanse(a,sizeof(BIGNUM)); if (i) OPENSSL_free(a); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_rand.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_rand.c *** crypto/openssl/crypto/bn/bn_rand.c Mon Feb 24 21:51:13 2003 --- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_rand.c Fri Feb 21 11:32:50 2003 *************** *** 201,207 **** err: if (buf != NULL) { ! memset(buf,0,bytes); OPENSSL_free(buf); } return(ret); --- 201,207 ---- err: if (buf != NULL) { ! OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } return(ret); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_word.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_word.c *** crypto/openssl/crypto/bn/bn_word.c Sun Nov 26 06:33:19 2000 --- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_word.c Fri Feb 21 11:32:50 2003 *************** *** 123,129 **** i=0; for (;;) { ! l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; a->d[i]=l; if (w > l) w=1; --- 123,132 ---- i=0; for (;;) { ! if (i >= a->top) ! l=w; ! else ! l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; a->d[i]=l; if (w > l) w=1; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bntest.c ../RELENG_4_6/crypto/openssl/crypto/bn/bntest.c *** crypto/openssl/crypto/bn/bntest.c Wed Jul 4 19:19:14 2001 --- ../RELENG_4_6/crypto/openssl/crypto/bn/bntest.c Fri Feb 21 11:32:50 2003 *************** *** 139,148 **** ctx=BN_CTX_new(); ! if (ctx == NULL) exit(1); out=BIO_new(BIO_s_file()); ! if (out == NULL) exit(1); if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); --- 139,148 ---- ctx=BN_CTX_new(); ! if (ctx == NULL) EXIT(1); out=BIO_new(BIO_s_file()); ! if (out == NULL) EXIT(1); if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); *************** *** 152,158 **** if (!BIO_write_filename(out,outfile)) { perror(outfile); ! exit(1); } } --- 152,158 ---- if (!BIO_write_filename(out,outfile)) { perror(outfile); ! EXIT(1); } } *************** *** 228,241 **** BIO_free(out); /**/ ! exit(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); ! exit(1); return(1); } --- 228,241 ---- BIO_free(out); /**/ ! EXIT(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); ! EXIT(1); return(1); } *************** *** 746,752 **** while ((l=ERR_get_error())) fprintf(stderr,"ERROR:%s\n", ERR_error_string(l,NULL)); ! exit(1); } if (bp != NULL) { --- 746,752 ---- while ((l=ERR_get_error())) fprintf(stderr,"ERROR:%s\n", ERR_error_string(l,NULL)); ! EXIT(1); } if (bp != NULL) { diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/exptest.c ../RELENG_4_6/crypto/openssl/crypto/bn/exptest.c *** crypto/openssl/crypto/bn/exptest.c Sun Aug 20 04:46:16 2000 --- ../RELENG_4_6/crypto/openssl/crypto/bn/exptest.c Fri Feb 21 11:32:50 2003 *************** *** 59,64 **** --- 59,67 ---- #include #include #include + + #include "../e_os.h" + #include #include #include *************** *** 86,92 **** ERR_load_BN_strings(); ctx=BN_CTX_new(); ! if (ctx == NULL) exit(1); r_mont=BN_new(); r_recp=BN_new(); r_simple=BN_new(); --- 89,95 ---- ERR_load_BN_strings(); ctx=BN_CTX_new(); ! if (ctx == NULL) EXIT(1); r_mont=BN_new(); r_recp=BN_new(); r_simple=BN_new(); *************** *** 99,105 **** out=BIO_new(BIO_s_file()); ! if (out == NULL) exit(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); for (i=0; i<200; i++) --- 102,108 ---- out=BIO_new(BIO_s_file()); ! if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); for (i=0; i<200; i++) *************** *** 124,130 **** { printf("BN_mod_exp_mont() problems\n"); ERR_print_errors(out); ! exit(1); } ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); --- 127,133 ---- { printf("BN_mod_exp_mont() problems\n"); ERR_print_errors(out); ! EXIT(1); } ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); *************** *** 132,138 **** { printf("BN_mod_exp_recp() problems\n"); ERR_print_errors(out); ! exit(1); } ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); --- 135,141 ---- { printf("BN_mod_exp_recp() problems\n"); ERR_print_errors(out); ! EXIT(1); } ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); *************** *** 140,146 **** { printf("BN_mod_exp_simple() problems\n"); ERR_print_errors(out); ! exit(1); } if (BN_cmp(r_simple, r_mont) == 0 --- 143,149 ---- { printf("BN_mod_exp_simple() problems\n"); ERR_print_errors(out); ! EXIT(1); } if (BN_cmp(r_simple, r_mont) == 0 *************** *** 163,169 **** printf("\nrecp ="); BN_print(out,r_recp); printf("\nmont ="); BN_print(out,r_mont); printf("\n"); ! exit(1); } } BN_free(r_mont); --- 166,172 ---- printf("\nrecp ="); BN_print(out,r_recp); printf("\nmont ="); BN_print(out,r_mont); printf("\n"); ! EXIT(1); } } BN_free(r_mont); *************** *** 177,187 **** CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); ! exit(0); err: ERR_load_crypto_strings(); ERR_print_errors(out); ! exit(1); return(1); } --- 180,190 ---- CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); ! EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors(out); ! EXIT(1); return(1); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.ssl *** crypto/openssl/crypto/buffer/Makefile.ssl Wed Jul 4 19:19:16 2001 --- ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.ssl Fri Feb 21 11:32:51 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.ssl *** crypto/openssl/crypto/cast/Makefile.ssl Wed Jul 4 19:19:16 2001 --- ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.ssl Fri Feb 21 11:32:51 2003 *************** *** 97,103 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 97,103 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/casttest.c ../RELENG_4_6/crypto/openssl/crypto/cast/casttest.c *** crypto/openssl/crypto/cast/casttest.c Sun Aug 20 04:46:18 2000 --- ../RELENG_4_6/crypto/openssl/crypto/cast/casttest.c Fri Feb 21 11:32:51 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_CAST int main(int argc, char *argv[]) { *************** *** 224,230 **** } #endif ! exit(err); return(err); } #endif --- 226,232 ---- } #endif ! EXIT(err); return(err); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.ssl *** crypto/openssl/crypto/comp/Makefile.ssl Mon Feb 24 21:51:13 2003 --- ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.ssl Fri Feb 21 11:32:51 2003 *************** *** 71,77 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 71,77 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.ssl *** crypto/openssl/crypto/conf/Makefile.ssl Mon Feb 24 21:51:13 2003 --- ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.ssl Fri Feb 21 11:32:51 2003 *************** *** 69,75 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 69,75 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_def.c ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.c *** crypto/openssl/crypto/conf/conf_def.c Mon Feb 24 21:51:14 2003 --- ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.c Fri Feb 21 11:32:51 2003 *************** *** 224,232 **** section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; for (;;) { - again=0; if (!BUF_MEM_grow(buff,bufnum+BUFSIZE)) { CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); --- 224,232 ---- section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; + again=0; for (;;) { if (!BUF_MEM_grow(buff,bufnum+BUFSIZE)) { CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); *************** *** 237,243 **** BIO_gets(in, p, BUFSIZE-1); p[BUFSIZE-1]='\0'; ii=i=strlen(p); ! if (i == 0) break; while (i > 0) { if ((p[i-1] != '\r') && (p[i-1] != '\n')) --- 237,244 ---- BIO_gets(in, p, BUFSIZE-1); p[BUFSIZE-1]='\0'; ii=i=strlen(p); ! if (i == 0 && !again) break; ! again=0; while (i > 0) { if ((p[i-1] != '\r') && (p[i-1] != '\n')) *************** *** 247,253 **** } /* we removed some trailing stuff so there is a new * line on the end. */ ! if (i == ii) again=1; /* long line */ else { --- 248,254 ---- } /* we removed some trailing stuff so there is a new * line on the end. */ ! if (ii && i == ii) again=1; /* long line */ else { diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.c ../RELENG_4_6/crypto/openssl/crypto/cryptlib.c *** crypto/openssl/crypto/cryptlib.c Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/crypto/cryptlib.c Fri Feb 21 11:32:49 2003 *************** *** 58,63 **** --- 58,64 ---- #include #include + #include #include "cryptlib.h" #include #include *************** *** 89,94 **** --- 90,96 ---- "ssl_session", "ssl_sess_cert", "ssl", + /* "ssl_method", */ "rand", "rand2", "debug_malloc", *************** *** 204,213 **** i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); /* If there was none, push, thereby creating a new one */ if (i == -1) ! i=sk_CRYPTO_dynlock_push(dyn_locks,pointer); CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ! if (!i) { dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); OPENSSL_free(pointer); --- 206,223 ---- i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); /* If there was none, push, thereby creating a new one */ if (i == -1) ! /* Since sk_push() returns the number of items on the ! stack, not the location of the pushed item, we need ! to transform the returned number into a position, ! by decreasing it. */ ! i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; ! else ! /* If we found a place with a NULL pointer, put our pointer ! in it. */ ! sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ! if (i == -1) { dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); OPENSSL_free(pointer); *************** *** 399,414 **** #endif if (type < 0) { ! int i = -type - 1; ! struct CRYPTO_dynlock_value *pointer ! = CRYPTO_get_dynlock_value(i); ! ! if (pointer && dynlock_lock_callback) { dynlock_lock_callback(mode, pointer, file, line); - } ! CRYPTO_destroy_dynlockid(i); } else if (locking_callback != NULL) --- 409,425 ---- #endif if (type < 0) { ! if (dynlock_lock_callback != NULL) { + struct CRYPTO_dynlock_value *pointer + = CRYPTO_get_dynlock_value(type); + + assert(pointer != NULL); + dynlock_lock_callback(mode, pointer, file, line); ! CRYPTO_destroy_dynlockid(type); ! } } else if (locking_callback != NULL) *************** *** 459,465 **** return("dynamic"); else if (type < CRYPTO_NUM_LOCKS) return(lock_names[type]); ! else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks)) return("ERROR"); else return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); --- 470,476 ---- return("dynamic"); else if (type < CRYPTO_NUM_LOCKS) return(lock_names[type]); ! else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks)) return("ERROR"); else return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); *************** *** 491,501 **** #endif #endif - - void OpenSSLDie(const char *file,int line,const char *assertion) - { - fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", - file,line,assertion); - abort(); - } - --- 502,504 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.h ../RELENG_4_6/crypto/openssl/crypto/cryptlib.h *** crypto/openssl/crypto/cryptlib.h Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/crypto/cryptlib.h Fri Feb 21 11:32:49 2003 *************** *** 93,102 **** #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) #define HEX_SIZE(type) ((sizeof(type)*2) - /* die if we have to */ - void OpenSSLDie(const char *file,int line,const char *assertion); - #define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) - #ifdef __cplusplus } #endif --- 93,98 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/crypto.h ../RELENG_4_6/crypto/openssl/crypto/crypto.h *** crypto/openssl/crypto/crypto.h Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/crypto/crypto.h Fri Feb 21 11:32:49 2003 *************** *** 95,129 **** * names in cryptlib.c */ ! #define CRYPTO_LOCK_ERR 1 ! #define CRYPTO_LOCK_ERR_HASH 2 ! #define CRYPTO_LOCK_X509 3 ! #define CRYPTO_LOCK_X509_INFO 4 ! #define CRYPTO_LOCK_X509_PKEY 5 #define CRYPTO_LOCK_X509_CRL 6 #define CRYPTO_LOCK_X509_REQ 7 #define CRYPTO_LOCK_DSA 8 #define CRYPTO_LOCK_RSA 9 #define CRYPTO_LOCK_EVP_PKEY 10 ! #define CRYPTO_LOCK_X509_STORE 11 ! #define CRYPTO_LOCK_SSL_CTX 12 ! #define CRYPTO_LOCK_SSL_CERT 13 ! #define CRYPTO_LOCK_SSL_SESSION 14 ! #define CRYPTO_LOCK_SSL_SESS_CERT 15 ! #define CRYPTO_LOCK_SSL 16 ! #define CRYPTO_LOCK_RAND 17 ! #define CRYPTO_LOCK_RAND2 18 ! #define CRYPTO_LOCK_MALLOC 19 ! #define CRYPTO_LOCK_BIO 20 ! #define CRYPTO_LOCK_GETHOSTBYNAME 21 ! #define CRYPTO_LOCK_GETSERVBYNAME 22 ! #define CRYPTO_LOCK_READDIR 23 ! #define CRYPTO_LOCK_RSA_BLINDING 24 ! #define CRYPTO_LOCK_DH 25 ! #define CRYPTO_LOCK_MALLOC2 26 ! #define CRYPTO_LOCK_DSO 27 ! #define CRYPTO_LOCK_DYNLOCK 28 ! #define CRYPTO_NUM_LOCKS 29 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 --- 95,132 ---- * names in cryptlib.c */ ! #define CRYPTO_LOCK_ERR 1 ! #define CRYPTO_LOCK_ERR_HASH 2 ! #define CRYPTO_LOCK_X509 3 ! #define CRYPTO_LOCK_X509_INFO 4 ! #define CRYPTO_LOCK_X509_PKEY 5 #define CRYPTO_LOCK_X509_CRL 6 #define CRYPTO_LOCK_X509_REQ 7 #define CRYPTO_LOCK_DSA 8 #define CRYPTO_LOCK_RSA 9 #define CRYPTO_LOCK_EVP_PKEY 10 ! #define CRYPTO_LOCK_X509_STORE 11 ! #define CRYPTO_LOCK_SSL_CTX 12 ! #define CRYPTO_LOCK_SSL_CERT 13 ! #define CRYPTO_LOCK_SSL_SESSION 14 ! #define CRYPTO_LOCK_SSL_SESS_CERT 15 ! #define CRYPTO_LOCK_SSL 16 ! /* for binary compatibility between 0.9.6 minor versions, ! * reuse an existing lock (later version use a new one): */ ! # define CRYPTO_LOCK_SSL_METHOD CRYPTO_LOCK_SSL_CTX ! #define CRYPTO_LOCK_RAND 17 ! #define CRYPTO_LOCK_RAND2 18 ! #define CRYPTO_LOCK_MALLOC 19 ! #define CRYPTO_LOCK_BIO 20 ! #define CRYPTO_LOCK_GETHOSTBYNAME 21 ! #define CRYPTO_LOCK_GETSERVBYNAME 22 ! #define CRYPTO_LOCK_READDIR 23 ! #define CRYPTO_LOCK_RSA_BLINDING 24 ! #define CRYPTO_LOCK_DH 25 ! #define CRYPTO_LOCK_MALLOC2 26 ! #define CRYPTO_LOCK_DSO 27 ! #define CRYPTO_LOCK_DYNLOCK 28 ! #define CRYPTO_NUM_LOCKS 29 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 *************** *** 145,151 **** #endif #else #define CRYPTO_w_lock(a) ! #define CRYPTO_w_unlock(a) #define CRYPTO_r_lock(a) #define CRYPTO_r_unlock(a) #define CRYPTO_add(a,b,c) ((*(a))+=(b)) --- 148,154 ---- #endif #else #define CRYPTO_w_lock(a) ! #define CRYPTO_w_unlock(a) #define CRYPTO_r_lock(a) #define CRYPTO_r_unlock(a) #define CRYPTO_add(a,b,c) ((*(a))+=(b)) *************** *** 341,346 **** --- 344,351 ---- void CRYPTO_free(void *); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); + + void OPENSSL_cleanse(void *ptr, size_t len); void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.ssl *** crypto/openssl/crypto/des/Makefile.ssl Wed Jul 4 19:19:18 2001 --- ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.ssl Fri Feb 21 11:32:51 2003 *************** *** 130,136 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 130,136 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 192,199 **** qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h ! read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h ! read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h --- 192,202 ---- qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h ! read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h ! read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ! read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h ! read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ! read2pwd.o: des_locl.h read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h *************** *** 206,212 **** rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h set_key.o: ../../include/openssl/opensslconf.h des_locl.h ! str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h ! str2key.o: ../../include/openssl/opensslconf.h des_locl.h xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h --- 209,218 ---- rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h set_key.o: ../../include/openssl/opensslconf.h des_locl.h ! str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h ! str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ! str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h ! str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ! str2key.o: des_locl.h xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.c ../RELENG_4_6/crypto/openssl/crypto/des/des.c *** crypto/openssl/crypto/des/des.c Sun Nov 26 06:33:25 2000 --- ../RELENG_4_6/crypto/openssl/crypto/des/des.c Fri Feb 21 11:32:51 2003 *************** *** 86,91 **** --- 86,92 ---- #endif #include #endif + #include #include #include *************** *** 423,429 **** k2[i-8]=k; } des_set_key_unchecked(&k2,ks2); ! memset(k2,0,sizeof(k2)); } else if (longk || flag3) { --- 424,430 ---- k2[i-8]=k; } des_set_key_unchecked(&k2,ks2); ! OPENSSL_cleanse(k2,sizeof(k2)); } else if (longk || flag3) { *************** *** 431,437 **** { des_string_to_2keys(key,&kk,&k2); des_set_key_unchecked(&k2,ks2); ! memset(k2,0,sizeof(k2)); } else des_string_to_key(key,&kk); --- 432,438 ---- { des_string_to_2keys(key,&kk,&k2); des_set_key_unchecked(&k2,ks2); ! OPENSSL_cleanse(k2,sizeof(k2)); } else des_string_to_key(key,&kk); *************** *** 453,460 **** } des_set_key_unchecked(&kk,ks); ! memset(key,0,sizeof(key)); ! memset(kk,0,sizeof(kk)); /* woops - A bug that does not showup under unix :-( */ memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); --- 454,461 ---- } des_set_key_unchecked(&kk,ks); ! OPENSSL_cleanse(key,sizeof(key)); ! OPENSSL_cleanse(kk,sizeof(kk)); /* woops - A bug that does not showup under unix :-( */ memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); *************** *** 662,679 **** if (l) fclose(CKSUM_OUT); } problems: ! memset(buf,0,sizeof(buf)); ! memset(obuf,0,sizeof(obuf)); ! memset(ks,0,sizeof(ks)); ! memset(ks2,0,sizeof(ks2)); ! memset(iv,0,sizeof(iv)); ! memset(iv2,0,sizeof(iv2)); ! memset(kk,0,sizeof(kk)); ! memset(k2,0,sizeof(k2)); ! memset(uubuf,0,sizeof(uubuf)); ! memset(b,0,sizeof(b)); ! memset(bb,0,sizeof(bb)); ! memset(cksum,0,sizeof(cksum)); if (Exit) EXIT(Exit); } --- 663,680 ---- if (l) fclose(CKSUM_OUT); } problems: ! OPENSSL_cleanse(buf,sizeof(buf)); ! OPENSSL_cleanse(obuf,sizeof(obuf)); ! OPENSSL_cleanse(ks,sizeof(ks)); ! OPENSSL_cleanse(ks2,sizeof(ks2)); ! OPENSSL_cleanse(iv,sizeof(iv)); ! OPENSSL_cleanse(iv2,sizeof(iv2)); ! OPENSSL_cleanse(kk,sizeof(kk)); ! OPENSSL_cleanse(k2,sizeof(k2)); ! OPENSSL_cleanse(uubuf,sizeof(uubuf)); ! OPENSSL_cleanse(b,sizeof(b)); ! OPENSSL_cleanse(bb,sizeof(bb)); ! OPENSSL_cleanse(cksum,sizeof(cksum)); if (Exit) EXIT(Exit); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read2pwd.c ../RELENG_4_6/crypto/openssl/crypto/des/read2pwd.c *** crypto/openssl/crypto/des/read2pwd.c Mon Jan 10 01:21:37 2000 --- ../RELENG_4_6/crypto/openssl/crypto/des/read2pwd.c Fri Feb 21 11:32:51 2003 *************** *** 57,62 **** --- 57,63 ---- */ #include "des_locl.h" + #include int des_read_password(des_cblock *key, const char *prompt, int verify) { *************** *** 65,72 **** if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_key(buf,key); ! memset(buf,0,BUFSIZ); ! memset(buff,0,BUFSIZ); return(ok); } --- 66,73 ---- if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_key(buf,key); ! OPENSSL_cleanse(buf,BUFSIZ); ! OPENSSL_cleanse(buff,BUFSIZ); return(ok); } *************** *** 78,84 **** if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_2keys(buf,key1,key2); ! memset(buf,0,BUFSIZ); ! memset(buff,0,BUFSIZ); return(ok); } --- 79,85 ---- if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_2keys(buf,key1,key2); ! OPENSSL_cleanse(buf,BUFSIZ); ! OPENSSL_cleanse(buff,BUFSIZ); return(ok); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read_pwd.c ../RELENG_4_6/crypto/openssl/crypto/des/read_pwd.c *** crypto/openssl/crypto/des/read_pwd.c Mon Feb 24 21:51:14 2003 --- ../RELENG_4_6/crypto/openssl/crypto/des/read_pwd.c Fri Feb 21 11:32:51 2003 *************** *** 218,224 **** int ret; ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); ! memset(buff,0,BUFSIZ); return(ret); } --- 218,224 ---- int ret; ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); ! OPENSSL_cleanse(buff,BUFSIZ); return(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/str2key.c ../RELENG_4_6/crypto/openssl/crypto/des/str2key.c *** crypto/openssl/crypto/des/str2key.c Sun Aug 20 04:46:20 2000 --- ../RELENG_4_6/crypto/openssl/crypto/des/str2key.c Fri Feb 21 11:32:51 2003 *************** *** 56,61 **** --- 56,62 ---- * [including the GNU Public Licence.] */ + #include #include "des_locl.h" void des_string_to_key(const char *str, des_cblock *key) *************** *** 88,94 **** des_set_odd_parity(key); des_set_key_unchecked(key,ks); des_cbc_cksum((const unsigned char*)str,key,length,ks,key); ! memset(ks,0,sizeof(ks)); des_set_odd_parity(key); } --- 89,95 ---- des_set_odd_parity(key); des_set_key_unchecked(key,ks); des_cbc_cksum((const unsigned char*)str,key,length,ks,key); ! OPENSSL_cleanse(ks,sizeof(ks)); des_set_odd_parity(key); } *************** *** 149,155 **** des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1); des_set_key_unchecked(key2,ks); des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2); ! memset(ks,0,sizeof(ks)); des_set_odd_parity(key1); des_set_odd_parity(key2); } --- 150,156 ---- des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1); des_set_key_unchecked(key2,ks); des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2); ! OPENSSL_cleanse(ks,sizeof(ks)); des_set_odd_parity(key1); des_set_odd_parity(key2); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.ssl *** crypto/openssl/crypto/dh/Makefile.ssl Wed Jul 4 19:19:21 2001 --- ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.ssl Fri Feb 21 11:32:51 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dhtest.c ../RELENG_4_6/crypto/openssl/crypto/dh/dhtest.c *** crypto/openssl/crypto/dh/dhtest.c Mon Feb 24 21:51:14 2003 --- ../RELENG_4_6/crypto/openssl/crypto/dh/dhtest.c Fri Feb 21 11:32:51 2003 *************** *** 59,64 **** --- 59,67 ---- #include #include #include + + #include "../e_os.h" + #ifdef WINDOWS #include "../bio/bss_file.c" #endif *************** *** 107,113 **** RAND_seed(rnd_seed, sizeof rnd_seed); out=BIO_new(BIO_s_file()); ! if (out == NULL) exit(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); --- 110,116 ---- RAND_seed(rnd_seed, sizeof rnd_seed); out=BIO_new(BIO_s_file()); ! if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); *************** *** 188,194 **** if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); ! exit(ret); return(ret); } --- 191,197 ---- if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); ! EXIT(ret); return(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.ssl *** crypto/openssl/crypto/dsa/Makefile.ssl Wed Jul 4 19:19:22 2001 --- ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.ssl Fri Feb 21 11:32:52 2003 *************** *** 70,76 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 70,76 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_4_6/crypto/openssl/crypto/dsa/dsatest.c *** crypto/openssl/crypto/dsa/dsatest.c Sun Aug 20 04:46:22 2000 --- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsatest.c Fri Feb 21 11:32:52 2003 *************** *** 61,66 **** --- 61,69 ---- #include #include #include + + #include "../e_os.h" + #include #include #include *************** *** 207,216 **** BIO_free(bio_err); bio_err = NULL; } ! exit(!ret); return(0); } static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; --- 210,225 ---- BIO_free(bio_err); bio_err = NULL; } ! EXIT(!ret); return(0); } + static int cb_exit(int ec) + { + EXIT(ec); + return(0); /* To keep some compilers quiet */ + } + static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; *************** *** 226,232 **** if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); ! exit(1); } } #endif --- 235,241 ---- if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); ! cb_exit(1); } } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dso/Makefile.ssl *** crypto/openssl/crypto/dso/Makefile.ssl Wed Jul 4 19:19:23 2001 --- ../RELENG_4_6/crypto/openssl/crypto/dso/Makefile.ssl Fri Feb 21 11:32:52 2003 *************** *** 70,76 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 70,76 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.ssl *** crypto/openssl/crypto/err/Makefile.ssl Mon Feb 24 21:51:15 2003 --- ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.ssl Fri Feb 21 11:32:52 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.ssl *** crypto/openssl/crypto/evp/Makefile.ssl Wed Jul 4 19:19:24 2001 --- ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.ssl Fri Feb 21 11:32:52 2003 *************** *** 87,93 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 87,93 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_enc.c ../RELENG_4_6/crypto/openssl/crypto/evp/bio_enc.c *** crypto/openssl/crypto/evp/bio_enc.c Mon Feb 24 21:51:15 2003 --- ../RELENG_4_6/crypto/openssl/crypto/evp/bio_enc.c Fri Feb 21 11:32:52 2003 *************** *** 128,134 **** if (a == NULL) return(0); b=(BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); ! memset(a->ptr,0,sizeof(BIO_ENC_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; --- 128,134 ---- if (a == NULL) return(0); b=(BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); ! OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_ok.c ../RELENG_4_6/crypto/openssl/crypto/evp/bio_ok.c *** crypto/openssl/crypto/evp/bio_ok.c Sun Nov 26 06:33:32 2000 --- ../RELENG_4_6/crypto/openssl/crypto/evp/bio_ok.c Fri Feb 21 11:32:52 2003 *************** *** 208,214 **** static int ok_free(BIO *a) { if (a == NULL) return(0); ! memset(a->ptr,0,sizeof(BIO_OK_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; --- 208,214 ---- static int ok_free(BIO *a) { if (a == NULL) return(0); ! OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_allc.c ../RELENG_4_6/crypto/openssl/crypto/evp/c_allc.c *** crypto/openssl/crypto/evp/c_allc.c Mon Feb 24 21:51:15 2003 --- ../RELENG_4_6/crypto/openssl/crypto/evp/c_allc.c Fri Feb 21 11:32:52 2003 *************** *** 64,73 **** void OpenSSL_add_all_ciphers(void) { - static int done=0; - - if (done) return; - done=1; #ifndef NO_DES EVP_add_cipher(EVP_des_cfb()); EVP_add_cipher(EVP_des_ede_cfb()); --- 64,69 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_alld.c ../RELENG_4_6/crypto/openssl/crypto/evp/c_alld.c *** crypto/openssl/crypto/evp/c_alld.c Mon Feb 24 21:51:15 2003 --- ../RELENG_4_6/crypto/openssl/crypto/evp/c_alld.c Fri Feb 21 11:32:52 2003 *************** *** 64,73 **** void OpenSSL_add_all_digests(void) { - static int done=0; - - if (done) return; - done=1; #ifndef NO_MD2 EVP_add_digest(EVP_md2()); #endif --- 64,69 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_idea.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_idea.c *** crypto/openssl/crypto/evp/e_idea.c Sun Nov 26 06:38:44 2000 --- ../RELENG_4_6/crypto/openssl/crypto/evp/e_idea.c Fri Feb 21 11:32:52 2003 *************** *** 103,109 **** idea_set_encrypt_key(key,&tmp); idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks)); ! memset((unsigned char *)&tmp,0, sizeof(IDEA_KEY_SCHEDULE)); } return 1; --- 103,109 ---- idea_set_encrypt_key(key,&tmp); idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks)); ! OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); } return 1; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp.h ../RELENG_4_6/crypto/openssl/crypto/evp/evp.h *** crypto/openssl/crypto/evp/evp.h Mon Feb 24 21:51:15 2003 --- ../RELENG_4_6/crypto/openssl/crypto/evp/evp.h Fri Feb 21 11:32:52 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/crypto/evp/evp.h,v 1.2.2.3.6.1 2002/07/31 02:54:49 nectar Exp $ */ #ifndef HEADER_ENVELOPE_H --- 54,59 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_key.c ../RELENG_4_6/crypto/openssl/crypto/evp/evp_key.c *** crypto/openssl/crypto/evp/evp_key.c Mon Feb 24 21:51:15 2003 --- ../RELENG_4_6/crypto/openssl/crypto/evp/evp_key.c Fri Feb 21 11:32:52 2003 *************** *** 152,159 **** } if ((nkey == 0) && (niv == 0)) break; } ! memset(&c,0,sizeof(c)); ! memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); return(type->key_len); } --- 152,159 ---- } if ((nkey == 0) && (niv == 0)) break; } ! OPENSSL_cleanse(&c,sizeof(c)); ! OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); return(type->key_len); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt.c ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt.c *** crypto/openssl/crypto/evp/p5_crpt.c Sun Nov 26 06:33:32 2000 --- ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt.c Fri Feb 21 11:32:52 2003 *************** *** 142,149 **** memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit(cctx, cipher, key, iv, en_de); ! memset(md_tmp, 0, EVP_MAX_MD_SIZE); ! memset(key, 0, EVP_MAX_KEY_LENGTH); ! memset(iv, 0, EVP_MAX_IV_LENGTH); return 1; } --- 142,149 ---- memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit(cctx, cipher, key, iv, en_de); ! OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); ! OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); ! OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return 1; } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt2.c ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt2.c *** crypto/openssl/crypto/evp/p5_crpt2.c Sun Nov 26 06:33:32 2000 --- ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt2.c Fri Feb 21 11:32:52 2003 *************** *** 228,234 **** iter = ASN1_INTEGER_get(kdf->iter); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); EVP_CipherInit(ctx, NULL, key, NULL, en_de); ! memset(key, 0, keylen); PBKDF2PARAM_free(kdf); return 1; --- 228,234 ---- iter = ASN1_INTEGER_get(kdf->iter); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); EVP_CipherInit(ctx, NULL, key, NULL, en_de); ! OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); return 1; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p_open.c ../RELENG_4_6/crypto/openssl/crypto/evp/p_open.c *** crypto/openssl/crypto/evp/p_open.c Sun Nov 26 06:33:32 2000 --- ../RELENG_4_6/crypto/openssl/crypto/evp/p_open.c Fri Feb 21 11:32:52 2003 *************** *** 101,107 **** ret=1; err: ! if (key != NULL) memset(key,0,size); OPENSSL_free(key); return(ret); } --- 101,107 ---- ret=1; err: ! if (key != NULL) OPENSSL_cleanse(key,size); OPENSSL_free(key); return(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.ssl *** crypto/openssl/crypto/hmac/Makefile.ssl Wed Jul 4 19:19:26 2001 --- ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.ssl Fri Feb 21 11:32:53 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/hmactest.c ../RELENG_4_6/crypto/openssl/crypto/hmac/hmactest.c *** crypto/openssl/crypto/hmac/hmactest.c Sun Aug 20 04:46:25 2000 --- ../RELENG_4_6/crypto/openssl/crypto/hmac/hmactest.c Fri Feb 21 11:32:53 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_HMAC int main(int argc, char *argv[]) { *************** *** 143,149 **** else printf("test %d ok\n",i); } ! exit(err); return(0); } --- 145,151 ---- else printf("test %d ok\n",i); } ! EXIT(err); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.ssl *** crypto/openssl/crypto/idea/Makefile.ssl Wed Jul 4 19:19:26 2001 --- ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.ssl Fri Feb 21 11:32:53 2003 *************** *** 69,75 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/ideatest.c ../RELENG_4_6/crypto/openssl/crypto/idea/ideatest.c *** crypto/openssl/crypto/idea/ideatest.c Wed Jul 4 19:19:26 2001 --- ../RELENG_4_6/crypto/openssl/crypto/idea/ideatest.c Fri Feb 21 11:32:53 2003 *************** *** 61,66 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_IDEA int main(int argc, char *argv[]) { *************** *** 168,174 **** else printf("ok\n"); ! exit(err); return(err); } --- 169,175 ---- else printf("ok\n"); ! EXIT(err); return(err); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.ssl *** crypto/openssl/crypto/lhash/Makefile.ssl Wed Jul 4 19:19:27 2001 --- ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.ssl Fri Feb 21 11:32:54 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.ssl *** crypto/openssl/crypto/md2/Makefile.ssl Mon Feb 24 21:51:15 2003 --- ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.ssl Fri Feb 21 11:32:54 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 79,86 **** # DO NOT DELETE THIS LINE -- make depend depends on it. ! md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h ! md2_dgst.o: ../../include/openssl/opensslv.h md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h --- 79,88 ---- # DO NOT DELETE THIS LINE -- make depend depends on it. ! md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/md2.h ! md2_dgst.o: ../../include/openssl/opensslconf.h ! md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h ! md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_dgst.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2_dgst.c *** crypto/openssl/crypto/md2/md2_dgst.c Sun Aug 20 04:46:28 2000 --- ../RELENG_4_6/crypto/openssl/crypto/md2/md2_dgst.c Fri Feb 21 11:32:54 2003 *************** *** 61,66 **** --- 61,67 ---- #include #include #include + #include const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; *************** *** 194,200 **** t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); ! memset(state,0,48*sizeof(MD2_INT)); } void MD2_Final(unsigned char *md, MD2_CTX *c) --- 195,201 ---- t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); ! OPENSSL_cleanse(state,48*sizeof(MD2_INT)); } void MD2_Final(unsigned char *md, MD2_CTX *c) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_one.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2_one.c *** crypto/openssl/crypto/md2/md2_one.c Sun Aug 20 04:46:28 2000 --- ../RELENG_4_6/crypto/openssl/crypto/md2/md2_one.c Fri Feb 21 11:32:54 2003 *************** *** 88,93 **** } #endif MD2_Final(md,&c); ! memset(&c,0,sizeof(c)); /* Security consideration */ return(md); } --- 88,93 ---- } #endif MD2_Final(md,&c); ! OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ return(md); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2test.c *** crypto/openssl/crypto/md2/md2test.c Sun Aug 20 04:46:28 2000 --- ../RELENG_4_6/crypto/openssl/crypto/md2/md2test.c Fri Feb 21 11:32:54 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_MD2 int main(int argc, char *argv[]) { *************** *** 119,125 **** R++; P++; } ! exit(err); return(0); } --- 121,127 ---- R++; P++; } ! EXIT(err); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md32_common.h ../RELENG_4_6/crypto/openssl/crypto/md32_common.h *** crypto/openssl/crypto/md32_common.h Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/crypto/md32_common.h Fri Feb 21 11:32:49 2003 *************** *** 602,607 **** c->num=0; /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack * but I'm not worried :-) ! memset((void *)c,0,sizeof(HASH_CTX)); */ } --- 602,607 ---- c->num=0; /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack * but I'm not worried :-) ! OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); */ } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md4/Makefile.ssl *** crypto/openssl/crypto/md4/Makefile.ssl Wed Jul 4 19:19:28 2001 --- ../RELENG_4_6/crypto/openssl/crypto/md4/Makefile.ssl Fri Feb 21 11:32:54 2003 *************** *** 69,75 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 69,75 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 82,85 **** md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h ! md4_one.o: ../../include/openssl/md4.h --- 82,87 ---- md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h ! md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/md4.h ! md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h ! md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4_one.c ../RELENG_4_6/crypto/openssl/crypto/md4/md4_one.c *** crypto/openssl/crypto/md4/md4_one.c Sun Nov 26 06:33:40 2000 --- ../RELENG_4_6/crypto/openssl/crypto/md4/md4_one.c Fri Feb 21 11:32:54 2003 *************** *** 59,64 **** --- 59,65 ---- #include #include #include + #include #ifdef CHARSET_EBCDIC #include *************** *** 89,95 **** } #endif MD4_Final(md,&c); ! memset(&c,0,sizeof(c)); /* security consideration */ return(md); } --- 90,96 ---- } #endif MD4_Final(md,&c); ! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4test.c ../RELENG_4_6/crypto/openssl/crypto/md4/md4test.c *** crypto/openssl/crypto/md4/md4test.c Sun Nov 26 06:33:40 2000 --- ../RELENG_4_6/crypto/openssl/crypto/md4/md4test.c Fri Feb 21 11:32:54 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_MD4 int main(int argc, char *argv[]) { *************** *** 115,121 **** R++; P++; } ! exit(err); return(0); } --- 117,123 ---- R++; P++; } ! EXIT(err); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.ssl *** crypto/openssl/crypto/md5/Makefile.ssl Wed Jul 4 19:19:29 2001 --- ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.ssl Fri Feb 21 11:32:54 2003 *************** *** 118,124 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 118,124 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 131,134 **** md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h ! md5_one.o: ../../include/openssl/md5.h --- 131,136 ---- md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h ! md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/md5.h ! md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h ! md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5_one.c ../RELENG_4_6/crypto/openssl/crypto/md5/md5_one.c *** crypto/openssl/crypto/md5/md5_one.c Sun Aug 20 04:46:29 2000 --- ../RELENG_4_6/crypto/openssl/crypto/md5/md5_one.c Fri Feb 21 11:32:54 2003 *************** *** 59,64 **** --- 59,65 ---- #include #include #include + #include #ifdef CHARSET_EBCDIC #include *************** *** 89,95 **** } #endif MD5_Final(md,&c); ! memset(&c,0,sizeof(c)); /* security consideration */ return(md); } --- 90,96 ---- } #endif MD5_Final(md,&c); ! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5test.c ../RELENG_4_6/crypto/openssl/crypto/md5/md5test.c *** crypto/openssl/crypto/md5/md5test.c Sun Aug 20 04:46:29 2000 --- ../RELENG_4_6/crypto/openssl/crypto/md5/md5test.c Fri Feb 21 11:32:54 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_MD5 int main(int argc, char *argv[]) { *************** *** 115,121 **** R++; P++; } ! exit(err); return(0); } --- 117,123 ---- R++; P++; } ! EXIT(err); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.ssl *** crypto/openssl/crypto/mdc2/Makefile.ssl Wed Jul 4 19:19:29 2001 --- ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.ssl Fri Feb 21 11:32:54 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2_one.c ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2_one.c *** crypto/openssl/crypto/mdc2/mdc2_one.c Sun Aug 20 04:46:29 2000 --- ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2_one.c Fri Feb 21 11:32:54 2003 *************** *** 69,75 **** MDC2_Init(&c); MDC2_Update(&c,d,n); MDC2_Final(md,&c); ! memset(&c,0,sizeof(c)); /* security consideration */ return(md); } --- 69,75 ---- MDC2_Init(&c); MDC2_Update(&c,d,n); MDC2_Final(md,&c); ! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2test.c ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2test.c *** crypto/openssl/crypto/mdc2/mdc2test.c Sun Aug 20 04:46:29 2000 --- ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2test.c Fri Feb 21 11:32:54 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #if defined(NO_DES) && !defined(NO_MDC2) #define NO_MDC2 #endif *************** *** 134,140 **** else printf("pad2 - ok\n"); ! exit(ret); return(ret); } #endif --- 136,142 ---- else printf("pad2 - ok\n"); ! EXIT(ret); return(ret); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_4_6/crypto/openssl/crypto/mem.c *** crypto/openssl/crypto/mem.c Sun Nov 26 06:32:53 2000 --- ../RELENG_4_6/crypto/openssl/crypto/mem.c Fri Feb 21 11:32:49 2003 *************** *** 173,178 **** --- 173,181 ---- void *CRYPTO_malloc_locked(int num, const char *file, int line) { void *ret = NULL; + extern unsigned char cleanse_ctr; + + if (num < 0) return NULL; allow_customize = 0; if (malloc_debug_func != NULL) *************** *** 187,192 **** --- 190,201 ---- if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); + /* Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do + * this for >2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } *************** *** 205,210 **** --- 214,222 ---- void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; + extern unsigned char cleanse_ctr; + + if (num < 0) return NULL; allow_customize = 0; if (malloc_debug_func != NULL) *************** *** 219,230 **** --- 231,253 ---- if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); + /* Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do + * this for >2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } void *CRYPTO_realloc(void *str, int num, const char *file, int line) { void *ret = NULL; + + if (str == NULL) + return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_clr.c ../RELENG_4_6/crypto/openssl/crypto/mem_clr.c *** crypto/openssl/crypto/mem_clr.c Wed Dec 31 19:00:00 1969 --- ../RELENG_4_6/crypto/openssl/crypto/mem_clr.c Fri Feb 21 11:32:49 2003 *************** *** 0 **** --- 1,75 ---- + /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */ + /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2002. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + #include + #include + + unsigned char cleanse_ctr = 0; + + void OPENSSL_cleanse(void *ptr, size_t len) + { + unsigned char *p = ptr; + size_t loop = len; + while(loop--) + { + *(p++) = cleanse_ctr; + cleanse_ctr += (17 + (unsigned char)((int)p & 0xF)); + } + if(memchr(ptr, cleanse_ctr, len)) + cleanse_ctr += 63; + } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_dbg.c ../RELENG_4_6/crypto/openssl/crypto/mem_dbg.c *** crypto/openssl/crypto/mem_dbg.c Wed Jul 4 19:19:11 2001 --- ../RELENG_4_6/crypto/openssl/crypto/mem_dbg.c Fri Feb 21 11:32:49 2003 *************** *** 102,107 **** --- 102,109 ---- int references; } APP_INFO; + static void app_info_free(APP_INFO *); + static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's * that are at the top of their thread's stack * (with `thread' as key); *************** *** 140,145 **** --- 142,159 ---- * thread named in disabling_thread). */ + static void app_info_free(APP_INFO *inf) + { + if (--(inf->references) <= 0) + { + if (inf->next != NULL) + { + app_info_free(inf->next); + } + OPENSSL_free(inf); + } + } + int CRYPTO_mem_ctrl(int mode) { int ret=mh_mode; *************** *** 496,504 **** mp->order, mp->addr, mp->num); #endif if (mp->app_info != NULL) ! { ! mp->app_info->references--; ! } OPENSSL_free(mp); } --- 510,516 ---- mp->order, mp->addr, mp->num); #endif if (mp->app_info != NULL) ! app_info_free(mp->app_info); OPENSSL_free(mp); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.ssl *** crypto/openssl/crypto/objects/Makefile.ssl Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.ssl Fri Feb 21 11:32:55 2003 *************** *** 76,82 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 76,82 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.c ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.c *** crypto/openssl/crypto/objects/obj_dat.c Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.c Fri Feb 21 11:32:55 2003 *************** *** 417,423 **** a2d_ASN1_OBJECT(p,i,s,-1); p=buf; ! op=d2i_ASN1_OBJECT(NULL,&p,i); OPENSSL_free(buf); return op; } --- 417,423 ---- a2d_ASN1_OBJECT(p,i,s,-1); p=buf; ! op=d2i_ASN1_OBJECT(NULL,&p,j); OPENSSL_free(buf); return op; } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.h *** crypto/openssl/crypto/objects/obj_dat.h Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.h Fri Feb 21 11:32:55 2003 *************** *** 62,73 **** * [including the GNU Public Licence.] */ ! #define NUM_NID 404 ! #define NUM_SN 402 ! #define NUM_LN 402 ! #define NUM_OBJ 376 ! static unsigned char lvalues[2951]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ --- 62,73 ---- * [including the GNU Public Licence.] */ ! #define NUM_NID 406 ! #define NUM_SN 404 ! #define NUM_LN 404 ! #define NUM_OBJ 378 ! static unsigned char lvalues[2971]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ *************** *** 444,449 **** --- 444,451 ---- 0x55,0x1D,0x24, /* [2941] OBJ_policy_constraints */ 0x55,0x1D,0x37, /* [2944] OBJ_target_information */ 0x55,0x1D,0x38, /* [2947] OBJ_no_rev_avail */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ *************** *** 1075,1080 **** --- 1077,1086 ---- &(lvalues[2944]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, &(lvalues[2947]),0}, + {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, + 10,&(lvalues[2950]),0}, + {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, + &(lvalues[2960]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ *************** *** 1417,1422 **** --- 1423,1430 ---- &(nid_objs[138]),/* "msEFS" */ &(nid_objs[171]),/* "msExtReq" */ &(nid_objs[137]),/* "msSGC" */ + &(nid_objs[404]),/* "msSmartcardLogin" */ + &(nid_objs[405]),/* "msUPN" */ &(nid_objs[173]),/* "name" */ &(nid_objs[369]),/* "noCheck" */ &(nid_objs[403]),/* "noRevAvail" */ *************** *** 1510,1516 **** --- 1518,1526 ---- &(nid_objs[171]),/* "Microsoft Extension Request" */ &(nid_objs[134]),/* "Microsoft Individual Code Signing" */ &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */ + &(nid_objs[404]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ + &(nid_objs[405]),/* "Microsoft Universal Principal Name" */ &(nid_objs[72]),/* "Netscape Base Url" */ &(nid_objs[76]),/* "Netscape CA Policy Url" */ &(nid_objs[74]),/* "Netscape CA Revocation Url" */ *************** *** 2196,2201 **** --- 2206,2213 ---- &(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ &(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ &(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ + &(nid_objs[404]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ + &(nid_objs[405]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ &(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ &(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ &(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.h *** crypto/openssl/crypto/objects/obj_mac.h Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.h Fri Feb 21 11:32:55 2003 *************** *** 780,785 **** --- 780,795 ---- #define NID_ms_efs 138 #define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + #define SN_ms_smartcard_login "msSmartcardLogin" + #define LN_ms_smartcard_login "Microsoft Smartcardlogin" + #define NID_ms_smartcard_login 404 + #define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + + #define SN_ms_upn "msUPN" + #define LN_ms_upn "Microsoft Universal Principal Name" + #define NID_ms_upn 405 + #define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + #define SN_idea_cbc "IDEA-CBC" #define LN_idea_cbc "idea-cbc" #define NID_idea_cbc 34 diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.num ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.num *** crypto/openssl/crypto/objects/obj_mac.num Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.num Fri Feb 21 11:32:55 2003 *************** *** 401,403 **** --- 401,405 ---- policy_constraints 401 target_information 402 no_rev_avail 403 + ms_smartcard_login 404 + ms_upn 405 diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_4_6/crypto/openssl/crypto/objects/objects.txt *** crypto/openssl/crypto/objects/objects.txt Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/objects/objects.txt Fri Feb 21 11:32:55 2003 *************** *** 246,251 **** --- 246,255 ---- 1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System + !Cname ms-smartcard-login + 1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin + !Cname ms-upn + 1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslconf.h ../RELENG_4_6/crypto/openssl/crypto/opensslconf.h *** crypto/openssl/crypto/opensslconf.h Sun Aug 20 04:46:04 2000 --- ../RELENG_4_6/crypto/openssl/crypto/opensslconf.h Fri Feb 21 11:32:49 2003 *************** *** 6,19 **** /* no ciphers excluded */ #endif #ifdef OPENSSL_THREAD_DEFINES #endif #ifdef OPENSSL_OTHER_DEFINES #endif /* crypto/opensslconf.h.in */ /* Generate 80386 code? */ ! #undef I386_ONLY #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) --- 6,28 ---- /* no ciphers excluded */ #endif #ifdef OPENSSL_THREAD_DEFINES + # ifndef THREADS + # define THREADS + # endif #endif #ifdef OPENSSL_OTHER_DEFINES + # ifndef DSO_DLFCN + # define DSO_DLFCN + # endif + # ifndef HAVE_DLFCN_H + # define HAVE_DLFCN_H + # endif #endif /* crypto/opensslconf.h.in */ /* Generate 80386 code? */ ! #define I386_ONLY #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) *************** *** 66,72 **** #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) #define CONFIG_HEADER_BN_H ! #undef BN_LLONG /* Should we define BN_DIV2W here? */ --- 75,81 ---- #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) #define CONFIG_HEADER_BN_H ! #define BN_LLONG /* Should we define BN_DIV2W here? */ *************** *** 85,91 **** #define CONFIG_HEADER_RC4_LOCL_H /* if this is defined data[i] is used instead of *data, this is a %20 * speedup on x86 */ ! #undef RC4_INDEX #endif #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) --- 94,100 ---- #define CONFIG_HEADER_RC4_LOCL_H /* if this is defined data[i] is used instead of *data, this is a %20 * speedup on x86 */ ! #define RC4_INDEX #endif #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) *************** *** 99,112 **** /* the following is tweaked from a config script, that is why it is a * protected undef/define */ #ifndef DES_PTR ! #undef DES_PTR #endif /* This helps C compiler generate the correct code for multiple functional * units. It reduces register dependancies at the expense of 2 more * registers */ #ifndef DES_RISC1 ! #undef DES_RISC1 #endif #ifndef DES_RISC2 --- 108,121 ---- /* the following is tweaked from a config script, that is why it is a * protected undef/define */ #ifndef DES_PTR ! #define DES_PTR #endif /* This helps C compiler generate the correct code for multiple functional * units. It reduces register dependancies at the expense of 2 more * registers */ #ifndef DES_RISC1 ! #define DES_RISC1 #endif #ifndef DES_RISC2 *************** *** 120,126 **** /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL ! #undef DES_UNROLL #endif /* These default values were supplied by --- 129,135 ---- /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL ! #define DES_UNROLL #endif /* These default values were supplied by diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_4_6/crypto/openssl/crypto/opensslv.h *** crypto/openssl/crypto/opensslv.h Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/crypto/opensslv.h Fri Feb 21 11:32:49 2003 *************** *** 25,32 **** * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ ! #define OPENSSL_VERSION_NUMBER 0x0090605fL ! #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6e 30 Jul 2002" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT --- 25,32 ---- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ ! #define OPENSSL_VERSION_NUMBER 0x0090609fL ! #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6i Feb 19 2003" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.ssl *** crypto/openssl/crypto/pem/Makefile.ssl Wed Jul 4 19:19:30 2001 --- ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.ssl Fri Feb 21 11:32:55 2003 *************** *** 69,75 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 69,75 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_info.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_info.c *** crypto/openssl/crypto/pem/pem_info.c Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_info.c Fri Feb 21 11:32:55 2003 *************** *** 358,364 **** ret=1; err: ! memset((char *)&ctx,0,sizeof(ctx)); ! memset(buf,0,PEM_BUFSIZE); return(ret); } --- 358,364 ---- ret=1; err: ! OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); ! OPENSSL_cleanse(buf,PEM_BUFSIZE); return(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_lib.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_lib.c *** crypto/openssl/crypto/pem/pem_lib.c Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_lib.c Fri Feb 21 11:32:55 2003 *************** *** 380,386 **** * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); ! if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); --- 380,386 ---- * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); ! if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); *************** *** 401,412 **** i=PEM_write_bio(bp,name,buf,data,i); if (i <= 0) ret=0; err: ! memset(key,0,sizeof(key)); ! memset(iv,0,sizeof(iv)); ! memset((char *)&ctx,0,sizeof(ctx)); ! memset(buf,0,PEM_BUFSIZE); ! memset(data,0,(unsigned int)dsize); ! OPENSSL_free(data); return(ret); } --- 401,415 ---- i=PEM_write_bio(bp,name,buf,data,i); if (i <= 0) ret=0; err: ! OPENSSL_cleanse(key,sizeof(key)); ! OPENSSL_cleanse(iv,sizeof(iv)); ! OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); ! OPENSSL_cleanse(buf,PEM_BUFSIZE); ! if (data != NULL) ! { ! OPENSSL_cleanse(data,(unsigned int)dsize); ! OPENSSL_free(data); ! } return(ret); } *************** *** 444,451 **** EVP_DecryptUpdate(&ctx,data,&i,data,j); o=EVP_DecryptFinal(&ctx,&(data[i]),&j); EVP_CIPHER_CTX_cleanup(&ctx); ! memset((char *)buf,0,sizeof(buf)); ! memset((char *)key,0,sizeof(key)); j+=i; if (!o) { --- 447,454 ---- EVP_DecryptUpdate(&ctx,data,&i,data,j); o=EVP_DecryptFinal(&ctx,&(data[i]),&j); EVP_CIPHER_CTX_cleanup(&ctx); ! OPENSSL_cleanse((char *)buf,sizeof(buf)); ! OPENSSL_cleanse((char *)key,sizeof(key)); j+=i; if (!o) { diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_seal.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_seal.c *** crypto/openssl/crypto/pem/pem_seal.c Sun Nov 26 06:33:44 2000 --- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_seal.c Fri Feb 21 11:32:55 2003 *************** *** 109,115 **** ret=npubk; err: if (s != NULL) OPENSSL_free(s); ! memset(key,0,EVP_MAX_KEY_LENGTH); return(ret); } --- 109,115 ---- ret=npubk; err: if (s != NULL) OPENSSL_free(s); ! OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH); return(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.ssl *** crypto/openssl/crypto/pkcs12/Makefile.ssl Wed Jul 4 19:19:31 2001 --- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.ssl Fri Feb 21 11:32:55 2003 *************** *** 74,80 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 74,80 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_crpt.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_crpt.c *** crypto/openssl/crypto/pkcs12/p12_crpt.c Sun Aug 20 04:46:32 2000 --- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_crpt.c Fri Feb 21 11:32:55 2003 *************** *** 118,124 **** } PBEPARAM_free(pbe); EVP_CipherInit(ctx, cipher, key, iv, en_de); ! memset(key, 0, EVP_MAX_KEY_LENGTH); ! memset(iv, 0, EVP_MAX_IV_LENGTH); return 1; } --- 118,124 ---- } PBEPARAM_free(pbe); EVP_CipherInit(ctx, cipher, key, iv, en_de); ! OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); ! OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return 1; } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_decr.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_decr.c *** crypto/openssl/crypto/pkcs12/p12_decr.c Sun Nov 26 06:33:45 2000 --- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_decr.c Fri Feb 21 11:32:55 2003 *************** *** 137,143 **** if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i, free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); else ret = d2i(NULL, &p, outlen); ! if (seq & 2) memset(out, 0, outlen); if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); OPENSSL_free (out); return ret; --- 137,143 ---- if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i, free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); else ret = d2i(NULL, &p, outlen); ! if (seq & 2) OPENSSL_cleanse(out, outlen); if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); OPENSSL_free (out); return ret; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_key.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_key.c *** crypto/openssl/crypto/pkcs12/p12_key.c Wed Jul 4 19:19:31 2001 --- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_key.c Fri Feb 21 11:32:55 2003 *************** *** 91,97 **** ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, id, iter, n, out, md_type); if(unipass) { ! memset(unipass, 0, uniplen); /* Clear password from memory */ OPENSSL_free(unipass); } return ret; --- 91,97 ---- ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, id, iter, n, out, md_type); if(unipass) { ! OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ OPENSSL_free(unipass); } return ret; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.ssl *** crypto/openssl/crypto/pkcs7/Makefile.ssl Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.ssl Fri Feb 21 11:32:55 2003 *************** *** 87,93 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 87,93 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/bio_ber.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/bio_ber.c *** crypto/openssl/crypto/pkcs7/bio_ber.c Sun Nov 26 06:33:47 2000 --- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/bio_ber.c Fri Feb 21 11:32:55 2003 *************** *** 145,151 **** if (a == NULL) return(0); b=(BIO_BER_CTX *)a->ptr; ! memset(a->ptr,0,sizeof(BIO_BER_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; --- 145,151 ---- if (a == NULL) return(0); b=(BIO_BER_CTX *)a->ptr; ! OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pk7_doit.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_doit.c *** crypto/openssl/crypto/pkcs7/pk7_doit.c Mon Feb 24 21:51:16 2003 --- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_doit.c Fri Feb 21 11:32:55 2003 *************** *** 241,247 **** M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); } OPENSSL_free(tmp); ! memset(key, 0, keylen); if (out == NULL) out=btmp; --- 241,247 ---- M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); } OPENSSL_free(tmp); ! OPENSSL_cleanse(key, keylen); if (out == NULL) out=btmp; *************** *** 448,454 **** } EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); ! memset(tmp,0,jj); if (out == NULL) out=etmp; --- 448,454 ---- } EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); ! OPENSSL_cleanse(tmp,jj); if (out == NULL) out=etmp; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.ssl *** crypto/openssl/crypto/rand/Makefile.ssl Wed Jul 4 19:19:33 2001 --- ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.ssl Fri Feb 21 11:32:56 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/md_rand.c ../RELENG_4_6/crypto/openssl/crypto/rand/md_rand.c *** crypto/openssl/crypto/rand/md_rand.c Mon Feb 24 21:51:17 2003 --- ../RELENG_4_6/crypto/openssl/crypto/rand/md_rand.c Fri Feb 21 11:32:56 2003 *************** *** 177,186 **** static void ssleay_rand_cleanup(void) { ! memset(state,0,sizeof(state)); state_num=0; state_index=0; ! memset(md,0,MD_DIGEST_LENGTH); md_count[0]=0; md_count[1]=0; entropy=0; --- 177,186 ---- static void ssleay_rand_cleanup(void) { ! OPENSSL_cleanse(state,sizeof(state)); state_num=0; state_index=0; ! OPENSSL_cleanse(md,MD_DIGEST_LENGTH); md_count[0]=0; md_count[1]=0; entropy=0; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_egd.c ../RELENG_4_6/crypto/openssl/crypto/rand/rand_egd.c *** crypto/openssl/crypto/rand/rand_egd.c Mon Feb 24 21:51:17 2003 --- ../RELENG_4_6/crypto/openssl/crypto/rand/rand_egd.c Fri Feb 21 11:32:56 2003 *************** *** 59,65 **** /* Query the EGD . */ ! #if defined(WIN32) || defined(VMS) || defined(__VMS) int RAND_egd(const char *path) { return(-1); --- 59,65 ---- /* Query the EGD . */ ! #if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) || defined(VXWORKS) int RAND_egd(const char *path) { return(-1); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_win.c ../RELENG_4_6/crypto/openssl/crypto/rand/rand_win.c *** crypto/openssl/crypto/rand/rand_win.c Mon Feb 24 21:51:17 2003 --- ../RELENG_4_6/crypto/openssl/crypto/rand/rand_win.c Fri Feb 21 11:32:56 2003 *************** *** 254,259 **** --- 254,263 ---- * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. */ + /* Wolfgang Marczy reports that + * the RegQueryValueEx call below can hang on NT4.0 (SP6). + * So we don't use this at all for now. */ + #if 0 if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && osverinfo.dwMajorVersion < 5) { *************** *** 283,295 **** { /* For entropy count assume only least significant * byte of each DWORD is random. ! */ RAND_add(&length, sizeof(length), 0); RAND_add(buf, length, length / 4.0); } if (buf) free(buf); } if (advapi) { --- 287,309 ---- { /* For entropy count assume only least significant * byte of each DWORD is random. ! */ RAND_add(&length, sizeof(length), 0); RAND_add(buf, length, length / 4.0); + + /* Close the Registry Key to allow Windows to cleanup/close + * the open handle + * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened + * when the RegQueryValueEx above is done. However, if + * it is not explicitly closed, it can cause disk + * partition manipulation problems. + */ + RegCloseKey(HKEY_PERFORMANCE_DATA); } if (buf) free(buf); } + #endif if (advapi) { *************** *** 461,467 **** hlist.th32ProcessID, hlist.th32HeapID)) { ! int entrycnt = 50; do RAND_add(&hentry, hentry.dwSize, 5); --- 475,481 ---- hlist.th32ProcessID, hlist.th32HeapID)) { ! int entrycnt = 80; do RAND_add(&hentry, hentry.dwSize, 5); *************** *** 718,725 **** --- 732,741 ---- /* put in some default random data, we need more than just this */ l=curr_pid; RAND_add(&l,sizeof(l),0); + #ifndef VXWORKS l=getuid(); RAND_add(&l,sizeof(l),0); + #endif l=time(NULL); RAND_add(&l,sizeof(l),0); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randfile.c ../RELENG_4_6/crypto/openssl/crypto/rand/randfile.c *** crypto/openssl/crypto/rand/randfile.c Mon Feb 24 21:51:17 2003 --- ../RELENG_4_6/crypto/openssl/crypto/rand/randfile.c Fri Feb 21 11:32:56 2003 *************** *** 61,66 **** --- 61,68 ---- #include #include + #include "openssl/e_os.h" + #ifdef VMS #include #endif *************** *** 73,79 **** # include #endif - #include "openssl/e_os.h" #include #include --- 75,80 ---- *************** *** 124,130 **** } } fclose(in); ! memset(buf,0,BUFSIZE); err: return(ret); } --- 125,131 ---- } } fclose(in); ! OPENSSL_cleanse(buf,BUFSIZE); err: return(ret); } *************** *** 189,195 **** #endif /* VMS */ fclose(out); ! memset(buf,0,BUFSIZE); err: return (rand_err ? -1 : ret); } --- 190,196 ---- #endif /* VMS */ fclose(out); ! OPENSSL_cleanse(buf,BUFSIZE); err: return (rand_err ? -1 : ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randtest.c ../RELENG_4_6/crypto/openssl/crypto/rand/randtest.c *** crypto/openssl/crypto/rand/randtest.c Sun Aug 20 04:46:35 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rand/randtest.c Fri Feb 21 11:32:56 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + /* some FIPS 140-1 random number test */ /* some simple tests */ *************** *** 202,207 **** } printf("test 4 done\n"); err=((err)?1:0); ! exit(err); return(err); } --- 204,209 ---- } printf("test 4 done\n"); err=((err)?1:0); ! EXIT(err); return(err); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.ssl *** crypto/openssl/crypto/rc2/Makefile.ssl Wed Jul 4 19:19:33 2001 --- ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.ssl Fri Feb 21 11:32:56 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/rc2test.c ../RELENG_4_6/crypto/openssl/crypto/rc2/rc2test.c *** crypto/openssl/crypto/rc2/rc2test.c Sun Aug 20 04:46:36 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rc2/rc2test.c Fri Feb 21 11:32:56 2003 *************** *** 63,68 **** --- 63,70 ---- #include #include + #include "../e_os.h" + #ifdef NO_RC2 int main(int argc, char *argv[]) { *************** *** 203,209 **** printf("ok\n"); #endif ! exit(err); return(err); } --- 205,211 ---- printf("ok\n"); #endif ! EXIT(err); return(err); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.ssl *** crypto/openssl/crypto/rc4/Makefile.ssl Wed Jul 4 19:19:34 2001 --- ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.ssl Fri Feb 21 11:32:56 2003 *************** *** 97,103 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 97,103 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4.c ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4.c *** crypto/openssl/crypto/rc4/rc4.c Mon Jan 10 01:21:50 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4.c Fri Feb 21 11:32:56 2003 *************** *** 155,161 **** i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); if (i != 0) { ! memset(buf,0,BUFSIZ); fprintf(stderr,"bad password read\n"); exit(1); } --- 155,161 ---- i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); if (i != 0) { ! OPENSSL_cleanse(buf,BUFSIZ); fprintf(stderr,"bad password read\n"); exit(1); } *************** *** 163,169 **** } MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md); ! memset(keystr,0,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); for(;;) --- 163,169 ---- } MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md); ! OPENSSL_cleanse(keystr,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); for(;;) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4test.c ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4test.c *** crypto/openssl/crypto/rc4/rc4test.c Sun Aug 20 04:46:36 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4test.c Fri Feb 21 11:32:56 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_RC4 int main(int argc, char *argv[]) { *************** *** 195,201 **** } } printf("done\n"); ! exit(err); return(0); } #endif --- 197,203 ---- } } printf("done\n"); ! EXIT(err); return(0); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.ssl *** crypto/openssl/crypto/rc5/Makefile.ssl Wed Jul 4 19:19:34 2001 --- ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.ssl Fri Feb 21 11:32:56 2003 *************** *** 94,100 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 94,100 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5test.c ../RELENG_4_6/crypto/openssl/crypto/rc5/rc5test.c *** crypto/openssl/crypto/rc5/rc5test.c Sun Aug 20 04:46:37 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rc5/rc5test.c Fri Feb 21 11:32:56 2003 *************** *** 63,68 **** --- 63,70 ---- #include #include + #include "../e_os.h" + #ifdef NO_RC5 int main(int argc, char *argv[]) { *************** *** 318,324 **** } if (err == 0) printf("cbc RC5 ok\n"); ! exit(err); return(err); } --- 320,326 ---- } if (err == 0) printf("cbc RC5 ok\n"); ! EXIT(err); return(err); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.ssl *** crypto/openssl/crypto/ripemd/Makefile.ssl Wed Jul 4 19:19:35 2001 --- ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.ssl Fri Feb 21 11:32:56 2003 *************** *** 92,98 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 92,98 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 106,109 **** rmd_dgst.o: ../../include/openssl/opensslconf.h rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h ! rmd_one.o: ../../include/openssl/ripemd.h --- 106,111 ---- rmd_dgst.o: ../../include/openssl/opensslconf.h rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h ! rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h ! rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h ! rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd_one.c ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_one.c *** crypto/openssl/crypto/ripemd/rmd_one.c Sun Aug 20 04:46:39 2000 --- ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_one.c Fri Feb 21 11:32:56 2003 *************** *** 59,64 **** --- 59,65 ---- #include #include #include + #include unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, unsigned char *md) *************** *** 70,76 **** RIPEMD160_Init(&c); RIPEMD160_Update(&c,d,n); RIPEMD160_Final(md,&c); ! memset(&c,0,sizeof(c)); /* security consideration */ return(md); } --- 71,77 ---- RIPEMD160_Init(&c); RIPEMD160_Update(&c,d,n); RIPEMD160_Final(md,&c); ! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmdtest.c ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmdtest.c *** crypto/openssl/crypto/ripemd/rmdtest.c Sun Aug 20 04:46:39 2000 --- ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmdtest.c Fri Feb 21 11:32:56 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_RIPEMD int main(int argc, char *argv[]) { *************** *** 124,130 **** R++; P++; } ! exit(err); return(0); } --- 126,132 ---- R++; P++; } ! EXIT(err); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.ssl *** crypto/openssl/crypto/rsa/Makefile.ssl Wed Jul 4 19:19:35 2001 --- ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.ssl Fri Feb 21 11:32:56 2003 *************** *** 70,76 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 70,76 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa.h ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa.h *** crypto/openssl/crypto/rsa/rsa.h Mon Feb 24 21:51:17 2003 --- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa.h Fri Feb 21 11:32:56 2003 *************** *** 169,174 **** --- 168,175 ---- #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 + + #define RSA_PKCS1_PADDING_SIZE 11 #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) #define RSA_get_app_data(s) RSA_get_ex_data(s,0) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_eay.c *** crypto/openssl/crypto/rsa/rsa_eay.c Mon Feb 24 21:51:17 2003 --- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_eay.c Fri Feb 21 11:32:56 2003 *************** *** 185,191 **** BN_clear_free(&ret); if (buf != NULL) { ! memset(buf,0,num); OPENSSL_free(buf); } return(r); --- 184,190 ---- BN_clear_free(&ret); if (buf != NULL) { ! OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); *************** *** 269,275 **** BN_clear_free(&f); if (buf != NULL) { ! memset(buf,0,num); OPENSSL_free(buf); } return(r); --- 268,274 ---- BN_clear_free(&f); if (buf != NULL) { ! OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); *************** *** 368,374 **** BN_clear_free(&ret); if (buf != NULL) { ! memset(buf,0,num); OPENSSL_free(buf); } return(r); --- 367,373 ---- BN_clear_free(&ret); if (buf != NULL) { ! OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); *************** *** 465,471 **** BN_clear_free(&ret); if (buf != NULL) { ! memset(buf,0,num); OPENSSL_free(buf); } return(r); --- 464,470 ---- BN_clear_free(&ret); if (buf != NULL) { ! OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_pk1.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_pk1.c *** crypto/openssl/crypto/rsa/rsa_pk1.c Sun Aug 20 04:46:40 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_pk1.c Fri Feb 21 11:32:56 2003 *************** *** 68,74 **** int j; unsigned char *p; ! if (flen > (tlen-11)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return(0); --- 68,74 ---- int j; unsigned char *p; ! if (flen > (tlen-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return(0); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_saos.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_saos.c *** crypto/openssl/crypto/rsa/rsa_saos.c Sun Nov 26 06:33:52 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_saos.c Fri Feb 21 11:32:56 2003 *************** *** 76,82 **** i=i2d_ASN1_OCTET_STRING(&sig,NULL); j=RSA_size(rsa); ! if ((i-RSA_PKCS1_PADDING) > j) { RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); --- 76,82 ---- i=i2d_ASN1_OCTET_STRING(&sig,NULL); j=RSA_size(rsa); ! if (i > (j-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); *************** *** 95,101 **** else *siglen=i; ! memset(s,0,(unsigned int)j+1); OPENSSL_free(s); return(ret); } --- 95,101 ---- else *siglen=i; ! OPENSSL_cleanse(s,(unsigned int)j+1); OPENSSL_free(s); return(ret); } *************** *** 137,143 **** ret=1; err: if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); ! memset(s,0,(unsigned int)siglen); OPENSSL_free(s); return(ret); } --- 137,143 ---- ret=1; err: if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); ! OPENSSL_cleanse(s,(unsigned int)siglen); OPENSSL_free(s); return(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_sign.c *** crypto/openssl/crypto/rsa/rsa_sign.c Sun Nov 26 06:33:52 2000 --- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_sign.c Fri Feb 21 11:32:56 2003 *************** *** 109,115 **** i=i2d_X509_SIG(&sig,NULL); } j=RSA_size(rsa); ! if ((i-RSA_PKCS1_PADDING) > j) { RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); --- 109,115 ---- i=i2d_X509_SIG(&sig,NULL); } j=RSA_size(rsa); ! if (i > (j-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); *************** *** 131,137 **** *siglen=i; if(type != NID_md5_sha1) { ! memset(s,0,(unsigned int)j+1); OPENSSL_free(s); } return(ret); --- 131,137 ---- *siglen=i; if(type != NID_md5_sha1) { ! OPENSSL_cleanse(s,(unsigned int)j+1); OPENSSL_free(s); } return(ret); *************** *** 214,220 **** } err: if (sig != NULL) X509_SIG_free(sig); ! memset(s,0,(unsigned int)siglen); OPENSSL_free(s); return(ret); } --- 214,220 ---- } err: if (sig != NULL) X509_SIG_free(sig); ! OPENSSL_cleanse(s,(unsigned int)siglen); OPENSSL_free(s); return(ret); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.ssl *** crypto/openssl/crypto/sha/Makefile.ssl Wed Jul 4 19:19:36 2001 --- ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.ssl Fri Feb 21 11:32:57 2003 *************** *** 92,98 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 92,98 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 103,113 **** # DO NOT DELETE THIS LINE -- make depend depends on it. ! sha1_one.o: ../../include/openssl/sha.h sha1dgst.o: ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha1dgst.o: ../md32_common.h sha_locl.h sha_dgst.o: ../../include/openssl/opensslconf.h sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha_dgst.o: ../md32_common.h sha_locl.h ! sha_one.o: ../../include/openssl/sha.h --- 103,117 ---- # DO NOT DELETE THIS LINE -- make depend depends on it. ! sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h ! sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ! sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sha1dgst.o: ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha1dgst.o: ../md32_common.h sha_locl.h sha_dgst.o: ../../include/openssl/opensslconf.h sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha_dgst.o: ../md32_common.h sha_locl.h ! sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h ! sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ! sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1_one.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha1_one.c *** crypto/openssl/crypto/sha/sha1_one.c Mon Jan 10 01:21:52 2000 --- ../RELENG_4_6/crypto/openssl/crypto/sha/sha1_one.c Fri Feb 21 11:32:57 2003 *************** *** 59,64 **** --- 59,65 ---- #include #include #include + #include #ifndef NO_SHA1 unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) *************** *** 70,76 **** SHA1_Init(&c); SHA1_Update(&c,d,n); SHA1_Final(md,&c); ! memset(&c,0,sizeof(c)); return(md); } #endif --- 71,77 ---- SHA1_Init(&c); SHA1_Update(&c,d,n); SHA1_Final(md,&c); ! OPENSSL_cleanse(&c,sizeof(c)); return(md); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1test.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha1test.c *** crypto/openssl/crypto/sha/sha1test.c Sun Aug 20 04:46:45 2000 --- ../RELENG_4_6/crypto/openssl/crypto/sha/sha1test.c Fri Feb 21 11:32:57 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_SHA int main(int argc, char *argv[]) { *************** *** 152,158 **** } else printf("test 3 ok\n"); ! exit(err); return(0); } --- 154,160 ---- } else printf("test 3 ok\n"); ! EXIT(err); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha_one.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha_one.c *** crypto/openssl/crypto/sha/sha_one.c Mon Jan 10 01:21:52 2000 --- ../RELENG_4_6/crypto/openssl/crypto/sha/sha_one.c Fri Feb 21 11:32:57 2003 *************** *** 59,64 **** --- 59,65 ---- #include #include #include + #include #ifndef NO_SHA0 unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) *************** *** 70,76 **** SHA_Init(&c); SHA_Update(&c,d,n); SHA_Final(md,&c); ! memset(&c,0,sizeof(c)); return(md); } #endif --- 71,77 ---- SHA_Init(&c); SHA_Update(&c,d,n); SHA_Final(md,&c); ! OPENSSL_cleanse(&c,sizeof(c)); return(md); } #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/shatest.c ../RELENG_4_6/crypto/openssl/crypto/sha/shatest.c *** crypto/openssl/crypto/sha/shatest.c Sun Aug 20 04:46:45 2000 --- ../RELENG_4_6/crypto/openssl/crypto/sha/shatest.c Fri Feb 21 11:32:57 2003 *************** *** 60,65 **** --- 60,67 ---- #include #include + #include "../e_os.h" + #ifdef NO_SHA int main(int argc, char *argv[]) { *************** *** 152,158 **** } else printf("test 3 ok\n"); ! exit(err); return(0); } --- 154,160 ---- } else printf("test 3 ok\n"); ! EXIT(err); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/stack/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.ssl *** crypto/openssl/crypto/stack/Makefile.ssl Wed Jul 4 19:19:37 2001 --- ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.ssl Fri Feb 21 11:32:57 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/threads/mttest.c ../RELENG_4_6/crypto/openssl/crypto/threads/mttest.c *** crypto/openssl/crypto/threads/mttest.c Sun Nov 26 06:33:57 2000 --- ../RELENG_4_6/crypto/openssl/crypto/threads/mttest.c Fri Feb 21 11:32:57 2003 *************** *** 77,82 **** --- 77,86 ---- #ifdef PTHREADS #include #endif + #ifdef VXWORKS + #include + #include + #endif #include #include #include *************** *** 105,114 **** --- 109,120 ---- void solaris_locking_callback(int mode,int type,char *file,int line); void win32_locking_callback(int mode,int type,char *file,int line); void pthreads_locking_callback(int mode,int type,char *file,int line); + void vxworks_locking_callback(int mode,int type,char *file,int line); unsigned long irix_thread_id(void ); unsigned long solaris_thread_id(void ); unsigned long pthreads_thread_id(void ); + unsigned long vxworks_thread_id(void ); BIO *bio_err=NULL; BIO *bio_stdout=NULL; *************** *** 1097,1100 **** --- 1103,1221 ---- #endif /* PTHREADS */ + #ifdef VXWORKS + + #define DEFAULT_TASK_NAME NULL + #define DEFAULT_TASK_PRIORITY 100 + #define DEFAULT_TASK_OPTIONS 0 + #define DEFAULT_TASK_STACK_BYTES 32768 + + static SEM_ID *lock_cs; + static long *lock_count; + + extern int sysClkRateGet(); + + void thread_setup(void) + { + int i; + + lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(SEM_ID)); + lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i=0; ireferences,c_ctx->references); + } + + unsigned long vxworks_thread_id(void) + { + return((unsigned long)taskIdSelf()); + } + #endif /* VXWORKS */ diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/tmdiff.c ../RELENG_4_6/crypto/openssl/crypto/tmdiff.c *** crypto/openssl/crypto/tmdiff.c Mon Feb 24 21:51:11 2003 --- ../RELENG_4_6/crypto/openssl/crypto/tmdiff.c Fri Feb 21 11:32:49 2003 *************** *** 105,110 **** --- 105,115 ---- #include #endif + #ifdef VXWORKS + #include + #include + #endif + /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ # ifndef CLK_TCK diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.ssl *** crypto/openssl/crypto/txt_db/Makefile.ssl Wed Jul 4 19:19:38 2001 --- ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.ssl Fri Feb 21 11:32:57 2003 *************** *** 68,74 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 68,74 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/uid.c ../RELENG_4_6/crypto/openssl/crypto/uid.c *** crypto/openssl/crypto/uid.c Wed Jul 4 19:22:30 2001 --- ../RELENG_4_6/crypto/openssl/crypto/uid.c Fri Feb 21 11:32:49 2003 *************** *** 64,70 **** return issetugid(); } ! #elif defined(WIN32) int OPENSSL_issetugid(void) { --- 64,70 ---- return issetugid(); } ! #elif defined(WIN32) || defined(VXWORKS) int OPENSSL_issetugid(void) { diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.ssl *** crypto/openssl/crypto/x509/Makefile.ssl Mon Feb 24 21:51:18 2003 --- ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.ssl Fri Feb 21 11:32:57 2003 *************** *** 78,84 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 78,84 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/by_file.c ../RELENG_4_6/crypto/openssl/crypto/x509/by_file.c *** crypto/openssl/crypto/x509/by_file.c Sun Aug 20 04:46:47 2000 --- ../RELENG_4_6/crypto/openssl/crypto/x509/by_file.c Fri Feb 21 11:32:57 2003 *************** *** 100,116 **** case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { ! ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), ! X509_FILETYPE_PEM) != 0); if (!ok) { X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); - } - else - { - file=(char *)Getenv(X509_get_default_cert_file_env()); - ok = (X509_load_cert_crl_file(ctx,file, - X509_FILETYPE_PEM) != 0); } } else --- 100,117 ---- case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { ! file = (char *)Getenv(X509_get_default_cert_file_env()); ! if (file) ! ok = (X509_load_cert_crl_file(ctx,file, ! X509_FILETYPE_PEM) != 0); ! ! if (!ok) ! ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), ! X509_FILETYPE_PEM) != 0); ! if (!ok) { X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); } } else diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_cmp.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_cmp.c *** crypto/openssl/crypto/x509/x509_cmp.c Wed Jul 4 19:19:39 2001 --- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_cmp.c Fri Feb 21 11:32:57 2003 *************** *** 57,62 **** --- 57,63 ---- */ #include + #include #include "cryptlib.h" #include #include *************** *** 157,162 **** --- 158,256 ---- } #endif + + /* Case insensitive string comparision */ + static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) + { + int i; + + if (a->length != b->length) + return (a->length - b->length); + + for (i=0; ilength; i++) + { + int ca, cb; + + ca = tolower(a->data[i]); + cb = tolower(b->data[i]); + + if (ca != cb) + return(ca-cb); + } + return 0; + } + + /* Case insensitive string comparision with space normalization + * Space normalization - ignore leading, trailing spaces, + * multiple spaces between characters are replaced by single space + */ + static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) + { + unsigned char *pa = NULL, *pb = NULL; + int la, lb; + + la = a->length; + lb = b->length; + pa = a->data; + pb = b->data; + + /* skip leading spaces */ + while (la > 0 && isspace(*pa)) + { + la--; + pa++; + } + while (lb > 0 && isspace(*pb)) + { + lb--; + pb++; + } + + /* skip trailing spaces */ + while (la > 0 && isspace(pa[la-1])) + la--; + while (lb > 0 && isspace(pb[lb-1])) + lb--; + + /* compare strings with space normalization */ + while (la > 0 && lb > 0) + { + int ca, cb; + + /* compare character */ + ca = tolower(*pa); + cb = tolower(*pb); + if (ca != cb) + return (ca - cb); + + pa++; pb++; + la--; lb--; + + if (la <= 0 || lb <= 0) + break; + + /* is white space next character ? */ + if (isspace(*pa) && isspace(*pb)) + { + /* skip remaining white spaces */ + while (la > 0 && isspace(*pa)) + { + la--; + pa++; + } + while (lb > 0 && isspace(*pb)) + { + lb--; + pb++; + } + } + } + if (la > 0 || lb > 0) + return la - lb; + + return 0; + } + int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { int i,j; *************** *** 170,179 **** { na=sk_X509_NAME_ENTRY_value(a->entries,i); nb=sk_X509_NAME_ENTRY_value(b->entries,i); ! j=na->value->length-nb->value->length; if (j) return(j); ! j=memcmp(na->value->data,nb->value->data, ! na->value->length); if (j) return(j); j=na->set-nb->set; if (j) return(j); --- 264,283 ---- { na=sk_X509_NAME_ENTRY_value(a->entries,i); nb=sk_X509_NAME_ENTRY_value(b->entries,i); ! j=na->value->type-nb->value->type; if (j) return(j); ! if (na->value->type == V_ASN1_PRINTABLESTRING) ! j=nocase_spacenorm_cmp(na->value, nb->value); ! else if (na->value->type == V_ASN1_IA5STRING ! && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) ! j=nocase_cmp(na->value, nb->value); ! else ! { ! j=na->value->length-nb->value->length; ! if (j) return(j); ! j=memcmp(na->value->data,nb->value->data, ! na->value->length); ! } if (j) return(j); j=na->set-nb->set; if (j) return(j); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_vfy.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.c *** crypto/openssl/crypto/x509/x509_vfy.c Mon Feb 24 21:51:18 2003 --- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.c Fri Feb 21 11:32:57 2003 *************** *** 567,573 **** { char *str; ASN1_TIME atm; ! time_t offset; char buff1[24],buff2[24],*p; int i,j; --- 567,573 ---- { char *str; ASN1_TIME atm; ! long offset; char buff1[24],buff2[24],*p; int i,j; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.ssl *** crypto/openssl/crypto/x509v3/Makefile.ssl Mon Feb 24 21:51:18 2003 --- ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.ssl Fri Feb 21 11:32:58 2003 *************** *** 72,78 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 72,78 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/selfsign.c ../RELENG_4_6/crypto/openssl/demos/selfsign.c *** crypto/openssl/demos/selfsign.c Sun Aug 20 04:46:50 2000 --- ../RELENG_4_6/crypto/openssl/demos/selfsign.c Fri Feb 21 11:32:58 2003 *************** *** 106,112 **** } rsa=NULL; ! X509_set_version(x,3); ASN1_INTEGER_set(X509_get_serialNumber(x),serial); X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); --- 106,112 ---- } rsa=NULL; ! X509_set_version(x,2); ASN1_INTEGER_set(X509_get_serialNumber(x),serial); X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/passwd.pod ../RELENG_4_6/crypto/openssl/doc/apps/passwd.pod *** crypto/openssl/doc/apps/passwd.pod Sun Nov 26 06:34:06 2000 --- ../RELENG_4_6/crypto/openssl/doc/apps/passwd.pod Fri Feb 21 11:32:58 2003 *************** *** 69,75 **** B prints B. ! B prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>. B prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. --- 69,75 ---- B prints B. ! B prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. B prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_4_6/crypto/openssl/doc/apps/req.pod *** crypto/openssl/doc/apps/req.pod Sun Nov 26 06:34:06 2000 --- ../RELENG_4_6/crypto/openssl/doc/apps/req.pod Fri Feb 21 11:32:58 2003 *************** *** 457,469 **** The header and footer lines in the B format are normally: ! -----BEGIN CERTIFICATE REQUEST---- ! -----END CERTIFICATE REQUEST---- some software (some versions of Netscape certificate server) instead needs: ! -----BEGIN NEW CERTIFICATE REQUEST---- ! -----END NEW CERTIFICATE REQUEST---- which is produced with the B<-newhdr> option but is otherwise compatible. Either form is accepted transparently on input. --- 457,469 ---- The header and footer lines in the B format are normally: ! -----BEGIN CERTIFICATE REQUEST----- ! -----END CERTIFICATE REQUEST----- some software (some versions of Netscape certificate server) instead needs: ! -----BEGIN NEW CERTIFICATE REQUEST----- ! -----END NEW CERTIFICATE REQUEST----- which is produced with the B<-newhdr> option but is otherwise compatible. Either form is accepted transparently on input. diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/smime.pod ../RELENG_4_6/crypto/openssl/doc/apps/smime.pod *** crypto/openssl/doc/apps/smime.pod Mon Feb 24 21:51:19 2003 --- ../RELENG_4_6/crypto/openssl/doc/apps/smime.pod Fri Feb 21 11:32:58 2003 *************** *** 340,347 **** signature by line wrapping the base64 encoded structure and surrounding it with: ! -----BEGIN PKCS7---- ! -----END PKCS7---- and using the command, --- 340,347 ---- signature by line wrapping the base64 encoded structure and surrounding it with: ! -----BEGIN PKCS7----- ! -----END PKCS7----- and using the command, diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_4_6/crypto/openssl/doc/apps/x509.pod *** crypto/openssl/doc/apps/x509.pod Sun Nov 26 06:34:06 2000 --- ../RELENG_4_6/crypto/openssl/doc/apps/x509.pod Fri Feb 21 11:32:58 2003 *************** *** 321,327 **** ".srl" appended. For example if the CA certificate file is called "mycacert.pem" it expects to find a serial number file called "mycacert.srl". ! =item B<-CAcreateserial filename> with this option the CA serial number file is created if it does not exist: it will contain the serial number "02" and the certificate being signed will --- 321,327 ---- ".srl" appended. For example if the CA certificate file is called "mycacert.pem" it expects to find a serial number file called "mycacert.srl". ! =item B<-CAcreateserial> with this option the CA serial number file is created if it does not exist: it will contain the serial number "02" and the certificate being signed will *************** *** 532,556 **** Set a certificate to be trusted for SSL client use and change set its alias to "Steve's Class 1 CA" ! openssl x509 -in cert.pem -addtrust sslclient \ ! -alias "Steve's Class 1 CA" -out trust.pem =head1 NOTES The PEM format uses the header and footer lines: ! -----BEGIN CERTIFICATE---- ! -----END CERTIFICATE---- it will also handle files containing: ! -----BEGIN X509 CERTIFICATE---- ! -----END X509 CERTIFICATE---- Trusted certificates have the lines ! -----BEGIN TRUSTED CERTIFICATE---- ! -----END TRUSTED CERTIFICATE---- The conversion to UTF8 format used with the name options assumes that T61Strings use the ISO8859-1 character set. This is wrong but Netscape --- 532,556 ---- Set a certificate to be trusted for SSL client use and change set its alias to "Steve's Class 1 CA" ! openssl x509 -in cert.pem -addtrust clientAuth \ ! -setalias "Steve's Class 1 CA" -out trust.pem =head1 NOTES The PEM format uses the header and footer lines: ! -----BEGIN CERTIFICATE----- ! -----END CERTIFICATE----- it will also handle files containing: ! -----BEGIN X509 CERTIFICATE----- ! -----END X509 CERTIFICATE----- Trusted certificates have the lines ! -----BEGIN TRUSTED CERTIFICATE----- ! -----END TRUSTED CERTIFICATE----- The conversion to UTF8 format used with the name options assumes that T61Strings use the ISO8859-1 character set. This is wrong but Netscape diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/c-indentation.el ../RELENG_4_6/crypto/openssl/doc/c-indentation.el *** crypto/openssl/doc/c-indentation.el Sun Nov 26 06:34:04 2000 --- ../RELENG_4_6/crypto/openssl/doc/c-indentation.el Fri Feb 21 11:32:58 2003 *************** *** 13,24 **** ; ; Apparently statement blocks that are not introduced by a statement ; such as "if" and that are not the body of a function cannot ! ; be handled too well by CC mode with this indentation style. ! ; The style defined below does not indent them at all. ! ; To insert tabs manually, prefix them with ^Q (the "quoted-insert" ! ; command of Emacs). If you know a solution to this problem ! ; or find other problems with this indentation style definition, ! ; please send e-mail to bodo@openssl.org. (c-add-style "eay" '((c-basic-offset . 8) --- 13,22 ---- ; ; Apparently statement blocks that are not introduced by a statement ; such as "if" and that are not the body of a function cannot ! ; be handled too well by CC mode with this indentation style, ! ; so you have to indent them manually (you can use C-q tab). ! ; ! ; For suggesting improvements, please send e-mail to bodo@openssl.org. (c-add-style "eay" '((c-basic-offset . 8) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_CTX_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_CTX_new.pod *** crypto/openssl/doc/crypto/BN_CTX_new.pod Sun Aug 20 04:46:55 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_CTX_new.pod Fri Feb 21 11:32:58 2003 *************** *** 42,48 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 42,48 ---- =head1 SEE ALSO ! L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add.pod *** crypto/openssl/doc/crypto/BN_add.pod Sun Aug 20 04:46:55 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add.pod Fri Feb 21 11:32:58 2003 *************** *** 86,92 **** =head1 SEE ALSO ! L, L, L, L, L =head1 HISTORY --- 86,92 ---- =head1 SEE ALSO ! L, L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add_word.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add_word.pod *** crypto/openssl/doc/crypto/BN_add_word.pod Sun Aug 20 04:46:55 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add_word.pod Fri Feb 21 11:32:58 2003 *************** *** 46,52 **** =head1 SEE ALSO ! L, L, L =head1 HISTORY --- 46,52 ---- =head1 SEE ALSO ! L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_bn2bin.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_bn2bin.pod *** crypto/openssl/doc/crypto/BN_bn2bin.pod Mon Feb 24 21:51:19 2003 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_bn2bin.pod Fri Feb 21 11:32:58 2003 *************** *** 80,86 **** =head1 SEE ALSO ! L, L, L, L, L --- 80,86 ---- =head1 SEE ALSO ! L, L, L, L, L diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_copy.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_copy.pod *** crypto/openssl/doc/crypto/BN_copy.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_copy.pod Fri Feb 21 11:32:58 2003 *************** *** 25,31 **** =head1 SEE ALSO ! L, L =head1 HISTORY --- 25,31 ---- =head1 SEE ALSO ! L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_generate_prime.pod *** crypto/openssl/doc/crypto/BN_generate_prime.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_generate_prime.pod Fri Feb 21 11:32:58 2003 *************** *** 70,76 **** Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin probabilistic primality test with B iterations. If ! B, a number of iterations is used that yields a false positive rate of at most 2^-80 for random input. If B is not B, B is called --- 70,76 ---- Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin probabilistic primality test with B iterations. If ! B, a number of iterations is used that yields a false positive rate of at most 2^-80 for random input. If B is not B, B is called *************** *** 90,96 **** =head1 SEE ALSO ! L, L, L =head1 HISTORY --- 90,96 ---- =head1 SEE ALSO ! L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_inverse.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_inverse.pod *** crypto/openssl/doc/crypto/BN_mod_inverse.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_inverse.pod Fri Feb 21 11:32:58 2003 *************** *** 27,33 **** =head1 SEE ALSO ! L, L, L =head1 HISTORY --- 27,33 ---- =head1 SEE ALSO ! L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod *** crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod Sun Nov 26 06:34:07 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod Fri Feb 21 11:32:58 2003 *************** *** 81,87 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 81,87 ---- =head1 SEE ALSO ! L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod *** crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod Sun Nov 26 06:34:07 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod Fri Feb 21 11:32:58 2003 *************** *** 69,75 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 69,75 ---- =head1 SEE ALSO ! L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_new.pod *** crypto/openssl/doc/crypto/BN_new.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_new.pod Fri Feb 21 11:32:58 2003 *************** *** 42,48 **** =head1 SEE ALSO ! L, L =head1 HISTORY --- 42,48 ---- =head1 SEE ALSO ! L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_rand.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_rand.pod *** crypto/openssl/doc/crypto/BN_rand.pod Mon Feb 24 21:51:19 2003 --- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_rand.pod Fri Feb 21 11:32:58 2003 *************** *** 45,51 **** =head1 SEE ALSO ! L, L, L, L, L =head1 HISTORY --- 45,51 ---- =head1 SEE ALSO ! L, L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_key.pod *** crypto/openssl/doc/crypto/DH_generate_key.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_key.pod Fri Feb 21 11:32:58 2003 *************** *** 40,46 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 40,46 ---- =head1 SEE ALSO ! L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_parameters.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_parameters.pod *** crypto/openssl/doc/crypto/DH_generate_parameters.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_parameters.pod Fri Feb 21 11:32:58 2003 *************** *** 59,65 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 59,66 ---- =head1 SEE ALSO ! L, L, L, ! L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod *** crypto/openssl/doc/crypto/DH_get_ex_new_index.pod Mon Feb 24 21:51:20 2003 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod Fri Feb 21 11:32:58 2003 *************** *** 34,72 **** available since OpenSSL 0.9.5. =cut - =pod - - =head1 NAME - - DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures - - =head1 SYNOPSIS - - #include - - int DH_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int DH_set_ex_data(DH *d, int idx, void *arg); - - char *DH_get_ex_data(DH *d, int idx); - - =head1 DESCRIPTION - - These functions handle application specific data in DH - structures. Their usage is identical to that of - RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() - as described in L. - - =head1 SEE ALSO - - L, L - - =head1 HISTORY - - DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are - available since OpenSSL 0.9.5. - - =cut --- 34,36 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_new.pod *** crypto/openssl/doc/crypto/DH_new.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_new.pod Fri Feb 21 11:32:58 2003 *************** *** 29,35 **** =head1 SEE ALSO ! L, L, L, L --- 29,35 ---- =head1 SEE ALSO ! L, L, L, L diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_SIG_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_SIG_new.pod *** crypto/openssl/doc/crypto/DSA_SIG_new.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_SIG_new.pod Fri Feb 21 11:32:58 2003 *************** *** 30,36 **** =head1 SEE ALSO ! L, L, L =head1 HISTORY --- 30,37 ---- =head1 SEE ALSO ! L, L, ! L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_do_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_do_sign.pod *** crypto/openssl/doc/crypto/DSA_do_sign.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_do_sign.pod Fri Feb 21 11:32:58 2003 *************** *** 36,42 **** =head1 SEE ALSO ! L, L, L, L, L --- 36,42 ---- =head1 SEE ALSO ! L, L, L, L, L diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_dup_DH.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_dup_DH.pod *** crypto/openssl/doc/crypto/DSA_dup_DH.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_dup_DH.pod Fri Feb 21 11:32:58 2003 *************** *** 27,33 **** =head1 SEE ALSO ! L, L, L =head1 HISTORY --- 27,33 ---- =head1 SEE ALSO ! L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_key.pod *** crypto/openssl/doc/crypto/DSA_generate_key.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_key.pod Fri Feb 21 11:32:58 2003 *************** *** 24,30 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 24,31 ---- =head1 SEE ALSO ! L, L, L, ! L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_parameters.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_parameters.pod *** crypto/openssl/doc/crypto/DSA_generate_parameters.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_parameters.pod Fri Feb 21 11:32:58 2003 *************** *** 90,96 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 90,96 ---- =head1 SEE ALSO ! L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_new.pod *** crypto/openssl/doc/crypto/DSA_new.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_new.pod Fri Feb 21 11:32:58 2003 *************** *** 30,36 **** =head1 SEE ALSO ! L, L, L, L --- 30,36 ---- =head1 SEE ALSO ! L, L, L, L diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_sign.pod *** crypto/openssl/doc/crypto/DSA_sign.pod Sun Aug 20 04:46:56 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_sign.pod Fri Feb 21 11:32:58 2003 *************** *** 55,61 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 55,61 ---- =head1 SEE ALSO ! L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SealInit.pod *** crypto/openssl/doc/crypto/EVP_SealInit.pod Sun Nov 26 06:34:08 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SealInit.pod Fri Feb 21 11:32:58 2003 *************** *** 12,18 **** int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); ! int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); =head1 DESCRIPTION --- 12,18 ---- int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); ! void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); =head1 DESCRIPTION *************** *** 43,50 **** EVP_SealInit() returns 0 on error or B if successful. ! EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for ! failure. =head1 NOTES --- 43,49 ---- EVP_SealInit() returns 0 on error or B if successful. ! EVP_SealUpdate() returns 1 for success and 0 for failure. =head1 NOTES diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RAND_bytes.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RAND_bytes.pod *** crypto/openssl/doc/crypto/RAND_bytes.pod Sun Aug 20 04:46:57 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RAND_bytes.pod Fri Feb 21 11:32:58 2003 *************** *** 35,41 **** =head1 SEE ALSO ! L, L, L =head1 HISTORY --- 35,42 ---- =head1 SEE ALSO ! L, L, ! L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_check_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_check_key.pod *** crypto/openssl/doc/crypto/RSA_check_key.pod Mon Feb 24 21:51:20 2003 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_check_key.pod Fri Feb 21 11:32:58 2003 *************** *** 39,45 **** =head1 SEE ALSO ! L, L =head1 HISTORY --- 39,45 ---- =head1 SEE ALSO ! L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_generate_key.pod *** crypto/openssl/doc/crypto/RSA_generate_key.pod Mon Feb 24 21:51:20 2003 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_generate_key.pod Fri Feb 21 11:32:58 2003 *************** *** 59,65 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 59,66 ---- =head1 SEE ALSO ! L, L, L, ! L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_print.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_print.pod *** crypto/openssl/doc/crypto/RSA_print.pod Sun Nov 26 06:34:08 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_print.pod Fri Feb 21 11:32:58 2003 *************** *** 2,10 **** =head1 NAME ! RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, ! DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic ! parameters =head1 SYNOPSIS --- 2,10 ---- =head1 NAME ! RSA_print, RSA_print_fp, ! DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, ! DHparams_print, DHparams_print_fp - print cryptographic parameters =head1 SYNOPSIS diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_private_encrypt.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_private_encrypt.pod *** crypto/openssl/doc/crypto/RSA_private_encrypt.pod Sun Aug 20 04:46:57 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_private_encrypt.pod Fri Feb 21 11:32:58 2003 *************** *** 59,65 **** =head1 SEE ALSO ! L, L, L, L =head1 HISTORY --- 59,66 ---- =head1 SEE ALSO ! L, L, ! L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_public_encrypt.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_public_encrypt.pod *** crypto/openssl/doc/crypto/RSA_public_encrypt.pod Sun Nov 26 06:34:09 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_public_encrypt.pod Fri Feb 21 11:32:58 2003 *************** *** 72,78 **** =head1 SEE ALSO ! L, L, L, L =head1 NOTES --- 72,79 ---- =head1 SEE ALSO ! L, L, L, ! L =head1 NOTES diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign.pod *** crypto/openssl/doc/crypto/RSA_sign.pod Sun Aug 20 04:46:57 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign.pod Fri Feb 21 11:32:58 2003 *************** *** 50,57 **** =head1 SEE ALSO ! L, L, L, ! L, L =head1 HISTORY --- 50,57 ---- =head1 SEE ALSO ! L, L, ! L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod *** crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod Sun Aug 20 04:46:57 2000 --- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod Fri Feb 21 11:32:58 2003 *************** *** 47,54 **** =head1 SEE ALSO ! L, L, L, ! L, L, L =head1 HISTORY --- 47,54 ---- =head1 SEE ALSO ! L, L, ! L, L, L, L =head1 HISTORY diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/openssl.txt ../RELENG_4_6/crypto/openssl/doc/openssl.txt *** crypto/openssl/doc/openssl.txt Sun Nov 26 06:34:04 2000 --- ../RELENG_4_6/crypto/openssl/doc/openssl.txt Fri Feb 21 11:32:58 2003 *************** *** 344,350 **** Examples: ! subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/ subjectAltName=email:my@other.address,RID:1.2.3.4 Issuer Alternative Name. --- 344,350 ---- Examples: ! subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ subjectAltName=email:my@other.address,RID:1.2.3.4 Issuer Alternative Name. diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_add_session.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod *** crypto/openssl/doc/ssl/SSL_CTX_add_session.pod Wed Jul 4 19:22:31 2001 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod Fri Feb 21 11:32:59 2003 *************** *** 37,42 **** --- 37,50 ---- identical (the SSL_SESSION object is identical), SSL_CTX_add_session() is a no-op, and the return value is 0. + If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE + flag then the internal cache will not be populated automatically by new + sessions negotiated by the SSL/TLS implementation, even though the internal + cache will be searched automatically for session-resume requests (the + latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the + application can use SSL_CTX_add_session() directly to have full control + over the sessions that can be resumed if desired. + =head1 RETURN VALUES diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod *** crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod Fri Feb 21 11:32:59 2003 *************** *** 51,106 **** L =cut - =pod - - =head1 NAME - - SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions - - =head1 SYNOPSIS - - #include - - int SSL_CTX_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); - - void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx); - - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - - =head1 DESCRIPTION - - Several OpenSSL structures can have application specific data attached to them. - These functions are used internally by OpenSSL to manipulate application - specific data attached to a specific structure. - - SSL_CTX_get_ex_new_index() is used to register a new index for application - specific data. - - SSL_CTX_set_ex_data() is used to store application data at B for B - into the B object. - - SSL_CTX_get_ex_data() is used to retrieve the information for B from - B. - - A detailed description for the B<*_get_ex_new_index()> functionality - can be found in L. - The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in - L. - - =head1 SEE ALSO - - L, - L, - L - - =cut --- 51,53 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_new.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_new.pod *** crypto/openssl/doc/ssl/SSL_CTX_new.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_new.pod Fri Feb 21 11:32:59 2003 *************** *** 92,192 **** L, L =cut - =pod - - =head1 NAME - - SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions - - =head1 SYNOPSIS - - #include - - SSL_CTX *SSL_CTX_new(SSL_METHOD *method); - - =head1 DESCRIPTION - - SSL_CTX_new() creates a new B object as framework to establish - TLS/SSL enabled connections. - - =head1 NOTES - - The SSL_CTX object uses B as connection method. The methods exist - in a generic type (for client and server use), a server only type, and a - client only type. B can be of the following types: - - =over 4 - - =item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) - - A TLS/SSL connection established with these methods will only understand - the SSLv2 protocol. A client will send out SSLv2 client hello messages - and will also indicate that it only understand SSLv2. A server will only - understand SSLv2 client hello messages. - - =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) - - A TLS/SSL connection established with these methods will only understand the - SSLv3 protocol. A client will send out SSLv3 client hello messages - and will indicate that it only understands SSLv3. A server will only understand - SSLv3 client hello messages. This especially means, that it will - not understand SSLv2 client hello messages which are widely used for - compatibility reasons, see SSLv23_*_method(). - - =item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) - - A TLS/SSL connection established with these methods will only understand the - TLSv1 protocol. A client will send out TLSv1 client hello messages - and will indicate that it only understands TLSv1. A server will only understand - TLSv1 client hello messages. This especially means, that it will - not understand SSLv2 client hello messages which are widely used for - compatibility reasons, see SSLv23_*_method(). It will also not understand - SSLv3 client hello messages. - - =item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) - - A TLS/SSL connection established with these methods will understand the SSLv2, - SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages - and will indicate that it also understands SSLv3 and TLSv1. A server will - understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best - choice when compatibility is a concern. - - =back - - If a generic method is used, it is necessary to explicitly set client or - server mode with L - or SSL_set_accept_state(). - - The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, - SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B or - B functions. Using these options it is possible to choose - e.g. SSLv23_server_method() and be able to negotiate with all possible - clients, but to only allow newer protocols like SSLv3 or TLSv1. - - SSL_CTX_new() initializes the list of ciphers, the session cache setting, - the callbacks, the keys and certificates, and the options to its default - values. - - =head1 RETURN VALUES - - The following return values can occur: - - =over 4 - - =item NULL - - The creation of a new SSL_CTX object failed. Check the error stack to - find out the reason. - - =item Pointer to an SSL_CTX object - - The return value points to an allocated SSL_CTX object. - - =back - - =head1 SEE ALSO - - L, L, - L, L - - =cut --- 92,94 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod *** crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod Fri Feb 21 11:32:59 2003 *************** *** 26,37 **** object. In order to reuse a session, a client must send the session's id to the ! server. It can only send exactly one id. The server then decides whether it ! agrees in reusing the session or starts the handshake for a new session. ! ! A server will lookup up the session in its internal session storage. If ! the session is not found in internal storage or internal storage is ! deactivated, the server will try the external storage if available. Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see --- 26,39 ---- object. In order to reuse a session, a client must send the session's id to the ! server. It can only send exactly one id. The server then either ! agrees to reuse the session or it starts a full handshake (to create a new ! session). ! ! A server will lookup up the session in its internal session storage. If the ! session is not found in internal storage or lookups for the internal storage ! have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try ! the external storage if available. Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see *************** *** 57,65 **** =item SSL_SESS_CACHE_SERVER Server sessions are added to the session cache. When a client proposes a ! session to be reused, the session is looked up in the internal session cache. ! If the session is found, the server will try to reuse the session. ! This is the default. =item SSL_SESS_CACHE_BOTH --- 59,68 ---- =item SSL_SESS_CACHE_SERVER Server sessions are added to the session cache. When a client proposes a ! session to be reused, the server looks for the corresponding session in (first) ! the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), ! then (second) in the external cache if available. If the session is found, the ! server will try to reuse the session. This is the default. =item SSL_SESS_CACHE_BOTH *************** *** 77,88 **** =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ! By setting this flag sessions are cached in the internal storage but ! they are not looked up automatically. If an external session cache ! is enabled, sessions are looked up in the external cache. As automatic ! lookup only applies for SSL/TLS servers, the flag has no effect on clients. =back The default mode is SSL_SESS_CACHE_SERVER. --- 80,111 ---- =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ! By setting this flag, session-resume operations in an SSL/TLS server will not ! automatically look up sessions in the internal cache, even if sessions are ! automatically stored there. If external session caching callbacks are in use, ! this flag guarantees that all lookups are directed to the external cache. ! As automatic lookup only applies for SSL/TLS servers, the flag has no effect on clients. + =item SSL_SESS_CACHE_NO_INTERNAL_STORE + + Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER, + sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. + Normally a new session is added to the internal cache as well as any external + session caching (callback) that is configured for the SSL_CTX. This flag will + prevent sessions being stored in the internal cache (though the application can + add them manually using L). Note: + in any SSL/TLS servers where external caching is configured, any successful + session lookups in the external cache (ie. for session-resume requests) would + normally be copied into the local cache before processing continues - this flag + prevents these additions to the internal cache as well. + + =item SSL_SESS_CACHE_NO_INTERNAL + + Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and + SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time. + + =back The default mode is SSL_SESS_CACHE_SERVER. *************** *** 98,108 **** --- 121,137 ---- L, L, L, + L, L, L, L, L, L, L + + =head1 HISTORY + + SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL + were introduced in OpenSSL 0.9.6h. =cut diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod *** crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod Fri Feb 21 11:32:59 2003 *************** *** 235,241 **** * At this point, err contains the last verification error. We can use * it for something special */ ! if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) { X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); printf("issuer= %s\n", buf); --- 235,241 ---- * At this point, err contains the last verification error. We can use * it for something special */ ! if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); printf("issuer= %s\n", buf); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod *** crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod Fri Feb 21 11:32:59 2003 *************** *** 59,122 **** L =cut - =pod - - =head1 NAME - - SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - internal application specific data functions - - =head1 SYNOPSIS - - #include - - int SSL_SESSION_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); - - void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx); - - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - - =head1 DESCRIPTION - - Several OpenSSL structures can have application specific data attached to them. - These functions are used internally by OpenSSL to manipulate application - specific data attached to a specific structure. - - SSL_SESSION_get_ex_new_index() is used to register a new index for application - specific data. - - SSL_SESSION_set_ex_data() is used to store application data at B for B - into the B object. - - SSL_SESSION_get_ex_data() is used to retrieve the information for B from - B. - - A detailed description for the B<*_get_ex_new_index()> functionality - can be found in L. - The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in - L. - - =head1 WARNINGS - - The application data is only maintained for sessions held in memory. The - application data is not included when dumping the session with - i2d_SSL_SESSION() (and all functions indirectly calling the dump functions - like PEM_write_SSL_SESSION() and PEM_write_bio_SSL_SESSION()) and can - therefore not be restored. - - =head1 SEE ALSO - - L, - L, - L - - =cut --- 59,61 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod *** crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod Fri Feb 21 11:32:59 2003 *************** *** 57,118 **** L =cut - =pod - - =head1 NAME - - SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions - - =head1 SYNOPSIS - - #include - - int SSL_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int SSL_set_ex_data(SSL *ssl, int idx, void *arg); - - void *SSL_get_ex_data(SSL *ssl, int idx); - - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - - =head1 DESCRIPTION - - Several OpenSSL structures can have application specific data attached to them. - These functions are used internally by OpenSSL to manipulate application - specific data attached to a specific structure. - - SSL_get_ex_new_index() is used to register a new index for application - specific data. - - SSL_set_ex_data() is used to store application data at B for B into - the B object. - - SSL_get_ex_data() is used to retrieve the information for B from - B. - - A detailed description for the B<*_get_ex_new_index()> functionality - can be found in L. - The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in - L. - - =head1 EXAMPLES - - An example on how to use the functionality is included in the example - verify_callback() in L. - - =head1 SEE ALSO - - L, - L, - L, - L - - =cut --- 57,59 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_new.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_new.pod *** crypto/openssl/doc/ssl/SSL_new.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_new.pod Fri Feb 21 11:32:59 2003 *************** *** 42,87 **** L =cut - =pod - - =head1 NAME - - SSL_new - create a new SSL structure for a connection - - =head1 SYNOPSIS - - #include - - SSL *SSL_new(SSL_CTX *ctx); - - =head1 DESCRIPTION - - SSL_new() creates a new B structure which is needed to hold the - data for a TLS/SSL connection. The new structure inherits the settings - of the underlying context B: connection method (SSLv2/v3/TLSv1), - options, verification settings, timeout settings. - - =head1 RETURN VALUES - - The following return values can occur: - - =over 4 - - =item NULL - - The creation of a new SSL structure failed. Check the error stack to - find out the reason. - - =item Pointer to an SSL structure - - The return value points to an allocated SSL structure. - - =back - - =head1 SEE ALSO - - L, L, - L, - L - - =cut --- 42,44 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/ssl.pod ../RELENG_4_6/crypto/openssl/doc/ssl/ssl.pod *** crypto/openssl/doc/ssl/ssl.pod Mon Feb 24 21:51:21 2003 --- ../RELENG_4_6/crypto/openssl/doc/ssl/ssl.pod Fri Feb 21 11:32:59 2003 *************** *** 347,353 **** long B(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); ! The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL session instead of a context. =item void B(SSL_CTX *ctx, int mode, int (*cb);(void)) --- 347,353 ---- long B(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); ! The same as B, except it operates on an SSL session instead of a context. =item void B(SSL_CTX *ctx, int mode, int (*cb);(void)) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/e_os.h ../RELENG_4_6/crypto/openssl/e_os.h *** crypto/openssl/e_os.h Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/e_os.h Fri Feb 21 11:32:47 2003 *************** *** 219,228 **** # define _kbhit kbhit # endif ! # if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST) ! # define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); } # else ! # define EXIT(n) return(n); # endif # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK --- 219,229 ---- # define _kbhit kbhit # endif ! # if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST) ! # define EXIT(n) _wsetexit(_WINEXITNOPERSIST) ! # define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) # else ! # define EXIT(n) return(n) # endif # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK *************** *** 275,292 **** the status is tagged as an error, which I believe is what is wanted here. -- Richard Levitte */ ! # if !defined(MONOLITH) || defined(OPENSSL_C) ! # define EXIT(n) do { int __VMS_EXIT = n; \ if (__VMS_EXIT == 0) \ __VMS_EXIT = 1; \ else \ __VMS_EXIT = (n << 3) | 2; \ __VMS_EXIT |= 0x10000000; \ ! exit(__VMS_EXIT); \ ! return(__VMS_EXIT); } while(0) ! # else ! # define EXIT(n) return(n) ! # endif # define NO_SYS_PARAM_H # else /* !defined VMS */ --- 276,288 ---- the status is tagged as an error, which I believe is what is wanted here. -- Richard Levitte */ ! # define EXIT(n) do { int __VMS_EXIT = n; \ if (__VMS_EXIT == 0) \ __VMS_EXIT = 1; \ else \ __VMS_EXIT = (n << 3) | 2; \ __VMS_EXIT |= 0x10000000; \ ! exit(__VMS_EXIT); } while(0) # define NO_SYS_PARAM_H # else /* !defined VMS */ *************** *** 317,327 **** # define RFILE ".rnd" # define LIST_SEPARATOR_CHAR ':' # define NUL_DEV "/dev/null" ! # ifndef MONOLITH ! # define EXIT(n) exit(n); return(n) ! # else ! # define EXIT(n) return(n) ! # endif # endif # define SSLeay_getpid() getpid() --- 313,319 ---- # define RFILE ".rnd" # define LIST_SEPARATOR_CHAR ':' # define NUL_DEV "/dev/null" ! # define EXIT(n) exit(n) # endif # define SSLeay_getpid() getpid() *************** *** 439,444 **** --- 431,444 ---- extern char *sys_errlist[]; extern int sys_nerr; # define strerror(errnum) \ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) + #endif + + #ifndef OPENSSL_EXIT + # if defined(MONOLITH) && !defined(OPENSSL_C) + # define OPENSSL_EXIT(n) return(n) + # else + # define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0) + # endif #endif /***********************************************/ diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_4_6/crypto/openssl/openssl.spec *** crypto/openssl/openssl.spec Mon Feb 24 21:51:09 2003 --- ../RELENG_4_6/crypto/openssl/openssl.spec Fri Feb 21 11:32:47 2003 *************** *** 1,7 **** %define libmaj 0 %define libmin 9 %define librel 6 ! %define librev d Release: 1 %define openssldir /var/ssl --- 1,7 ---- %define libmaj 0 %define libmin 9 %define librel 6 ! %define librev i Release: 1 %define openssldir /var/ssl diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/Makefile.ssl ../RELENG_4_6/crypto/openssl/ssl/Makefile.ssl *** crypto/openssl/ssl/Makefile.ssl Mon Feb 24 21:51:22 2003 --- ../RELENG_4_6/crypto/openssl/ssl/Makefile.ssl Fri Feb 21 11:32:59 2003 *************** *** 84,90 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 84,90 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s23_clnt.c *** crypto/openssl/ssl/s23_clnt.c Mon Feb 24 21:51:22 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s23_clnt.c Fri Feb 21 11:33:00 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/ssl/s23_clnt.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $ */ #include --- 54,59 ---- *************** *** 89,106 **** if (init) { ! memcpy((char *)&SSLv23_client_data, ! (char *)sslv23_base_method(),sizeof(SSL_METHOD)); ! SSLv23_client_data.ssl_connect=ssl23_connect; ! SSLv23_client_data.get_ssl_method=ssl23_get_client_method; ! init=0; } return(&SSLv23_client_data); } int ssl23_connect(SSL *s) { ! BUF_MEM *buf; unsigned long Time=time(NULL); void (*cb)()=NULL; int ret= -1; --- 87,111 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv23_client_data, ! (char *)sslv23_base_method(),sizeof(SSL_METHOD)); ! SSLv23_client_data.ssl_connect=ssl23_connect; ! SSLv23_client_data.get_ssl_method=ssl23_get_client_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_client_data); } int ssl23_connect(SSL *s) { ! BUF_MEM *buf=NULL; unsigned long Time=time(NULL); void (*cb)()=NULL; int ret= -1; *************** *** 154,159 **** --- 159,165 ---- goto end; } s->init_buf=buf; + buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } *************** *** 202,207 **** --- 208,215 ---- } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_lib.c ../RELENG_4_6/crypto/openssl/ssl/s23_lib.c *** crypto/openssl/ssl/s23_lib.c Wed Jul 4 19:19:44 2001 --- ../RELENG_4_6/crypto/openssl/ssl/s23_lib.c Fri Feb 21 11:33:00 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/ssl/s23_lib.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $ */ #include --- 54,59 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_meth.c ../RELENG_4_6/crypto/openssl/ssl/s23_meth.c *** crypto/openssl/ssl/s23_meth.c Wed Jul 4 19:19:44 2001 --- ../RELENG_4_6/crypto/openssl/ssl/s23_meth.c Fri Feb 21 11:33:00 2003 *************** *** 80,91 **** if (init) { ! memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), ! sizeof(SSL_METHOD)); ! SSLv23_data.ssl_connect=ssl23_connect; ! SSLv23_data.ssl_accept=ssl23_accept; ! SSLv23_data.get_ssl_method=ssl23_get_method; ! init=0; } return(&SSLv23_data); } --- 80,98 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), ! sizeof(SSL_METHOD)); ! SSLv23_data.ssl_connect=ssl23_connect; ! SSLv23_data.ssl_accept=ssl23_accept; ! SSLv23_data.get_ssl_method=ssl23_get_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_data); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s23_srvr.c *** crypto/openssl/ssl/s23_srvr.c Mon Feb 24 21:51:22 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s23_srvr.c Fri Feb 21 11:33:00 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/ssl/s23_srvr.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. --- 54,59 ---- *************** *** 141,151 **** if (init) { ! memcpy((char *)&SSLv23_server_data, ! (char *)sslv23_base_method(),sizeof(SSL_METHOD)); ! SSLv23_server_data.ssl_accept=ssl23_accept; ! SSLv23_server_data.get_ssl_method=ssl23_get_server_method; ! init=0; } return(&SSLv23_server_data); } --- 139,156 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv23_server_data, ! (char *)sslv23_base_method(),sizeof(SSL_METHOD)); ! SSLv23_server_data.ssl_accept=ssl23_accept; ! SSLv23_server_data.get_ssl_method=ssl23_get_server_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_server_data); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s2_clnt.c *** crypto/openssl/ssl/s2_clnt.c Mon Feb 24 21:51:22 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s2_clnt.c Fri Feb 21 11:33:00 2003 *************** *** 146,156 **** if (init) { ! memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), ! sizeof(SSL_METHOD)); ! SSLv2_client_data.ssl_connect=ssl2_connect; ! SSLv2_client_data.get_ssl_method=ssl2_get_client_method; ! init=0; } return(&SSLv2_client_data); } --- 145,162 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), ! sizeof(SSL_METHOD)); ! SSLv2_client_data.ssl_connect=ssl2_connect; ! SSLv2_client_data.get_ssl_method=ssl2_get_client_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_client_data); } *************** *** 202,211 **** --- 208,220 ---- if (!BUF_MEM_grow(buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { + if (buf == s->init_buf) + buf=NULL; ret= -1; goto end; } s->init_buf=buf; + buf=NULL; s->init_num=0; s->state=SSL2_ST_SEND_CLIENT_HELLO_A; s->ctx->stats.sess_connect++; *************** *** 332,337 **** --- 341,348 ---- } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); *************** *** 519,525 **** } s->s2->conn_id_length=s->s2->tmp.conn_id_length; ! die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } --- 530,541 ---- } s->s2->conn_id_length=s->s2->tmp.conn_id_length; ! if (s->s2->conn_id_length > sizeof s->s2->conn_id) ! { ! ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); ! return -1; ! } memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } *************** *** 621,627 **** /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; ! die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ --- 637,648 ---- /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; ! if (i > SSL_MAX_KEY_ARG_LENGTH) ! { ! ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); ! return -1; ! } if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ *************** *** 629,635 **** sess->master_key_length=i; if (i > 0) { ! die(i <= sizeof sess->master_key); if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); --- 650,661 ---- sess->master_key_length=i; if (i > 0) { ! if (i > sizeof sess->master_key) ! { ! ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); ! return -1; ! } if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); *************** *** 673,679 **** d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ ! die(karg <= sizeof sess->key_arg); memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; --- 699,710 ---- d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ ! if (karg > sizeof sess->key_arg) ! { ! ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); ! return -1; ! } memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; *************** *** 694,700 **** { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; ! die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; --- 725,735 ---- { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; ! if (s->s2->conn_id_length > sizeof s->s2->conn_id) ! { ! SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR); ! return -1; ! } memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; *************** *** 722,729 **** if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) { i=ssl2_read(s,(char *)&(buf[s->init_num]), ! SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num); ! if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num)) return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); s->init_num += i; --- 757,764 ---- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) { i=ssl2_read(s,(char *)&(buf[s->init_num]), ! SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num); ! if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num)) return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); s->init_num += i; *************** *** 951,960 **** { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { ! die(s->session->session_id_length ! <= sizeof s->session->session_id); ! if (memcmp(buf,s->session->session_id, ! (unsigned int)s->session->session_id_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); --- 986,994 ---- { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { ! if ((s->session->session_id_length > sizeof s->session->session_id) ! || (0 != memcmp(buf, s->session->session_id, ! (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_enc.c ../RELENG_4_6/crypto/openssl/ssl/s2_enc.c *** crypto/openssl/ssl/s2_enc.c Mon Feb 24 21:51:22 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s2_enc.c Fri Feb 21 11:33:00 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/ssl/s2_enc.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $ */ #include "ssl_locl.h" --- 54,59 ---- *************** *** 98,104 **** num=c->key_len; s->s2->key_material_length=num*2; ! ssl2_generate_key_material(s); EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); --- 96,103 ---- num=c->key_len; s->s2->key_material_length=num*2; ! if (ssl2_generate_key_material(s) <= 0) ! return 0; EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_lib.c ../RELENG_4_6/crypto/openssl/ssl/s2_lib.c *** crypto/openssl/ssl/s2_lib.c Mon Feb 24 21:51:22 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s2_lib.c Fri Feb 21 11:33:00 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/ssl/s2_lib.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $ */ #include "ssl_locl.h" --- 54,59 ---- *************** *** 309,315 **** s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); ! memset(s2,0,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } --- 307,313 ---- s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); ! OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } *************** *** 378,392 **** { CRYPTO_w_lock(CRYPTO_LOCK_SSL); ! for (i=0; is2->key_material; ! die(s->s2->key_material_length <= sizeof s->s2->key_material); for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { MD5_Init(&ctx); - die(s->session->master_key_length >= 0 - && s->session->master_key_length - < sizeof s->session->master_key); MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); MD5_Update(&ctx,&c,1); c++; --- 432,455 ---- #endif km=s->s2->key_material; ! ! if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) ! { ! SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); ! return 0; ! } ! for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { + if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material) + { + /* MD5_Final() below would write beyond buffer */ + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); + return 0; + } + MD5_Init(&ctx); MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); MD5_Update(&ctx,&c,1); c++; *************** *** 446,451 **** --- 458,465 ---- MD5_Final(km,&ctx); km+=MD5_DIGEST_LENGTH; } + + return 1; } void ssl2_return_error(SSL *s, int err) *************** *** 470,487 **** buf[2]=(s->error_code)&0xff; /* state=s->rwstate;*/ ! error=s->error; s->error=0; ! die(error >= 0 && error <= 3); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ if (i < 0) s->error=error; else if (i != s->error) s->error=error-i; - /* else - s->error=0; */ } int ssl2_shutdown(SSL *s) --- 484,503 ---- buf[2]=(s->error_code)&0xff; /* state=s->rwstate;*/ ! ! error=s->error; /* number of bytes left to write */ s->error=0; ! if (error < 0 || error > sizeof buf) /* can't happen */ ! return; ! i=ssl2_write(s,&(buf[3-error]),error); + /* if (i == error) s->rwstate=state; */ if (i < 0) s->error=error; else if (i != s->error) s->error=error-i; } int ssl2_shutdown(SSL *s) diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_meth.c ../RELENG_4_6/crypto/openssl/ssl/s2_meth.c *** crypto/openssl/ssl/s2_meth.c Wed Jul 4 19:19:45 2001 --- ../RELENG_4_6/crypto/openssl/ssl/s2_meth.c Fri Feb 21 11:33:00 2003 *************** *** 54,61 **** * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD: src/crypto/openssl/ssl/s2_meth.c,v 1.2.2.3 2001/07/04 23:19:45 kris Exp $ */ #include "ssl_locl.h" --- 54,59 ---- *************** *** 79,90 **** if (init) { ! memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), ! sizeof(SSL_METHOD)); ! SSLv2_data.ssl_connect=ssl2_connect; ! SSLv2_data.ssl_accept=ssl2_accept; ! SSLv2_data.get_ssl_method=ssl2_get_method; ! init=0; } return(&SSLv2_data); } --- 77,95 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), ! sizeof(SSL_METHOD)); ! SSLv2_data.ssl_connect=ssl2_connect; ! SSLv2_data.ssl_accept=ssl2_accept; ! SSLv2_data.get_ssl_method=ssl2_get_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_data); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s2_srvr.c *** crypto/openssl/ssl/s2_srvr.c Mon Feb 24 21:51:22 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s2_srvr.c Fri Feb 21 11:33:00 2003 *************** *** 146,156 **** if (init) { ! memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), ! sizeof(SSL_METHOD)); ! SSLv2_server_data.ssl_accept=ssl2_accept; ! SSLv2_server_data.get_ssl_method=ssl2_get_server_method; ! init=0; } return(&SSLv2_server_data); } --- 145,162 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), ! sizeof(SSL_METHOD)); ! SSLv2_server_data.ssl_accept=ssl2_accept; ! SSLv2_server_data.get_ssl_method=ssl2_get_server_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_server_data); } *************** *** 400,407 **** SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); } else ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ! SSL_R_PEER_ERROR); return(-1); } --- 406,412 ---- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); } else ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR); return(-1); } *************** *** 409,416 **** if (cp == NULL) { ssl2_return_error(s,SSL2_PE_NO_CIPHER); ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ! SSL_R_NO_CIPHER_MATCH); return(-1); } s->session->cipher= cp; --- 414,420 ---- if (cp == NULL) { ssl2_return_error(s,SSL2_PE_NO_CIPHER); ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); return(-1); } s->session->cipher= cp; *************** *** 421,428 **** n2s(p,i); s->session->key_arg_length=i; if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) { ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ! SSL_R_KEY_ARG_TOO_LONG); return -1; } s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; --- 425,432 ---- n2s(p,i); s->session->key_arg_length=i; if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) { ! ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); return -1; } s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; *************** *** 430,440 **** /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; ! die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); keya=s->session->key_arg_length; len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); return -1; } --- 434,450 ---- /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; ! if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) ! { ! ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); ! return -1; ! } keya=s->session->key_arg_length; len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); return -1; } *************** *** 511,517 **** #endif if (is_export) i+=s->s2->tmp.clear; ! die(i <= SSL_MAX_MASTER_KEY_LENGTH); s->session->master_key_length=i; memcpy(s->session->master_key,p,(unsigned int)i); return(1); --- 521,533 ---- #endif if (is_export) i+=s->s2->tmp.clear; ! ! if (i > SSL_MAX_MASTER_KEY_LENGTH) ! { ! ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); ! return -1; ! } s->session->master_key_length=i; memcpy(s->session->master_key,p,(unsigned int)i); return(1); *************** *** 561,566 **** --- 577,583 ---- if ( (i < SSL2_MIN_CHALLENGE_LENGTH) || (i > SSL2_MAX_CHALLENGE_LENGTH)) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); return(-1); } *************** *** 572,577 **** --- 589,595 ---- len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); return -1; } *************** *** 659,665 **** p+=s->s2->tmp.session_id_length; /* challenge */ ! die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); return(1); mem_err: --- 677,688 ---- p+=s->s2->tmp.session_id_length; /* challenge */ ! if (s->s2->challenge_length > sizeof s->s2->challenge) ! { ! ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR); ! return -1; ! } memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); return(1); mem_err: *************** *** 811,817 **** } /* SSL2_ST_GET_CLIENT_FINISHED_B */ ! die(s->s2->conn_id_length <= sizeof s->s2->conn_id); len = 1 + (unsigned long)s->s2->conn_id_length; n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); --- 834,845 ---- } /* SSL2_ST_GET_CLIENT_FINISHED_B */ ! if (s->s2->conn_id_length > sizeof s->s2->conn_id) ! { ! ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); ! SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR); ! return -1; ! } len = 1 + (unsigned long)s->s2->conn_id_length; n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); *************** *** 837,843 **** { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_VERIFY; ! die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); /* p+=s->s2->challenge_length; */ --- 865,875 ---- { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_VERIFY; ! if (s->s2->challenge_length > sizeof s->s2->challenge) ! { ! SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR); ! return -1; ! } memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); /* p+=s->s2->challenge_length; */ *************** *** 857,866 **** p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_FINISHED; ! die(s->session->session_id_length ! <= sizeof s->session->session_id); ! memcpy(p,s->session->session_id, ! (unsigned int)s->session->session_id_length); /* p+=s->session->session_id_length; */ s->state=SSL2_ST_SEND_SERVER_FINISHED_B; --- 889,900 ---- p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_FINISHED; ! if (s->session->session_id_length > sizeof s->session->session_id) ! { ! SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR); ! return -1; ! } ! memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); /* p+=s->session->session_id_length; */ s->state=SSL2_ST_SEND_SERVER_FINISHED_B; *************** *** 974,980 **** len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { ! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); goto end; } j = (int)len - s->init_num; --- 1008,1014 ---- len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { ! SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); goto end; } j = (int)len - s->init_num; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s3_clnt.c *** crypto/openssl/ssl/s3_clnt.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s3_clnt.c Fri Feb 21 11:33:00 2003 *************** *** 146,163 **** if (init) { ! init=0; ! memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), ! sizeof(SSL_METHOD)); ! SSLv3_client_data.ssl_connect=ssl3_connect; ! SSLv3_client_data.get_ssl_method=ssl3_get_client_method; } return(&SSLv3_client_data); } int ssl3_connect(SSL *s) { ! BUF_MEM *buf; unsigned long Time=time(NULL),l; long num1; void (*cb)()=NULL; --- 146,170 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), ! sizeof(SSL_METHOD)); ! SSLv3_client_data.ssl_connect=ssl3_connect; ! SSLv3_client_data.get_ssl_method=ssl3_get_client_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_client_data); } int ssl3_connect(SSL *s) { ! BUF_MEM *buf=NULL; unsigned long Time=time(NULL),l; long num1; void (*cb)()=NULL; *************** *** 218,223 **** --- 225,231 ---- goto end; } s->init_buf=buf; + buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } *************** *** 496,501 **** --- 504,511 ---- } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); *************** *** 546,552 **** *(p++)=i; if (i != 0) { ! die(i <= sizeof s->session->session_id); memcpy(p,s->session->session_id,i); p+=i; } --- 556,566 ---- *(p++)=i; if (i != 0) { ! if (i > sizeof s->session->session_id) ! { ! SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_INTERNAL_ERROR); ! goto err; ! } memcpy(p,s->session->session_id,i); p+=i; } *************** *** 628,650 **** /* get the session-id */ j= *(p++); ! if(j > sizeof s->session->session_id) ! { ! al=SSL_AD_ILLEGAL_PARAMETER; ! SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ! SSL_R_SSL3_SESSION_ID_TOO_LONG); ! goto f_err; ! } ! ! if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) { ! /* SSLref returns 16 :-( */ ! if (j < SSL2_SSL_SESSION_ID_LENGTH) ! { ! al=SSL_AD_ILLEGAL_PARAMETER; ! SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); ! goto f_err; ! } } if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) --- 642,652 ---- /* get the session-id */ j= *(p++); ! if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { ! al=SSL_AD_ILLEGAL_PARAMETER; ! SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); ! goto f_err; } if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) *************** *** 652,657 **** --- 654,660 ---- if(s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) { + /* actually a client application bug */ al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; *************** *** 695,701 **** goto f_err; } ! if (s->hit && (s->session->cipher != c)) { if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) --- 698,709 ---- goto f_err; } ! /* Depending on the session caching (internal/external), the cipher ! and/or cipher_id values may not be set. Make sure that ! cipher_id is set and use it for comparison. */ ! if (s->session->cipher) ! s->session->cipher_id = s->session->cipher->id; ! if (s->hit && (s->session->cipher_id != c->id)) { if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) *************** *** 1456,1462 **** s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); ! memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); } else #endif --- 1464,1470 ---- s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); ! OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); } else #endif diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_4_6/crypto/openssl/ssl/s3_enc.c *** crypto/openssl/ssl/s3_enc.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s3_enc.c Fri Feb 21 11:33:00 2003 *************** *** 174,180 **** km+=MD5_DIGEST_LENGTH; } ! memset(smd,0,SHA_DIGEST_LENGTH); } int ssl3_change_cipher_state(SSL *s, int which) --- 174,180 ---- km+=MD5_DIGEST_LENGTH; } ! OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); } int ssl3_change_cipher_state(SSL *s, int which) *************** *** 318,325 **** EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); ! memset(&(exp_key[0]),0,sizeof(exp_key)); ! memset(&(exp_iv[0]),0,sizeof(exp_iv)); return(1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); --- 318,325 ---- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); ! OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); ! OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); return(1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); *************** *** 390,396 **** { if (s->s3->tmp.key_block != NULL) { ! memset(s->s3->tmp.key_block,0, s->s3->tmp.key_block_length); OPENSSL_free(s->s3->tmp.key_block); s->s3->tmp.key_block=NULL; --- 390,396 ---- { if (s->s3->tmp.key_block != NULL) { ! OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length); OPENSSL_free(s->s3->tmp.key_block); s->s3->tmp.key_block=NULL; *************** *** 456,461 **** --- 456,462 ---- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); return 0; } + /* otherwise, rec->length >= bs */ } EVP_Cipher(ds,rec->data,rec->input,l); *************** *** 464,470 **** { i=rec->data[l-1]+1; /* SSL 3.0 bounds the number of padding bytes by the block size; ! * padding bytes (except that last) are arbitrary */ if (i > bs) { /* Incorrect padding. SSLerr() and ssl3_alert are done --- 465,471 ---- { i=rec->data[l-1]+1; /* SSL 3.0 bounds the number of padding bytes by the block size; ! * padding bytes (except the last one) are arbitrary */ if (i > bs) { /* Incorrect padding. SSLerr() and ssl3_alert are done *************** *** 473,478 **** --- 474,480 ---- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ return -1; } + /* now i <= bs <= rec->length */ rec->length-=i; } } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_lib.c ../RELENG_4_6/crypto/openssl/ssl/s3_lib.c *** crypto/openssl/ssl/s3_lib.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s3_lib.c Fri Feb 21 11:33:00 2003 *************** *** 732,738 **** #endif if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); ! memset(s->s3,0,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; } --- 732,738 ---- #endif if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); ! OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; } *************** *** 1084,1099 **** { CRYPTO_w_lock(CRYPTO_LOCK_SSL); ! for (i=0; is3->rrec); sess=s->session; *************** *** 353,360 **** /* SSLerr() and ssl3_send_alert() have been called */ goto err; ! /* otherwise enc_err == -1 */ ! goto decryption_failed_or_bad_record_mac; } #ifdef TLS_DEBUG --- 355,365 ---- /* SSLerr() and ssl3_send_alert() have been called */ goto err; ! /* Otherwise enc_err == -1, which indicates bad padding ! * (rec->length has not been changed in this case). ! * To minimize information leaked via timing, we will perform ! * the MAC computation anyway. */ ! decryption_failed_or_bad_record_mac = 1; } #ifdef TLS_DEBUG *************** *** 380,407 **** SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else ! goto decryption_failed_or_bad_record_mac; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ ! if (rr->length < mac_size) { #if 0 /* OK only for stream ciphers */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else ! goto decryption_failed_or_bad_record_mac; #endif } - rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); ! if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { ! goto decryption_failed_or_bad_record_mac; } } /* r->length is now just compressed */ if (s->expand != NULL) { --- 385,430 ---- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else ! decryption_failed_or_bad_record_mac = 1; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ ! if (rr->length >= mac_size) { + rr->length -= mac_size; + mac = &rr->data[rr->length]; + } + else + { + /* record (minus padding) is too short to contain a MAC */ #if 0 /* OK only for stream ciphers */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else ! decryption_failed_or_bad_record_mac = 1; ! rr->length = 0; #endif } i=s->method->ssl3_enc->mac(s,md,0); ! if (mac == NULL || memcmp(md, mac, mac_size) != 0) { ! decryption_failed_or_bad_record_mac = 1; } } + if (decryption_failed_or_bad_record_mac) + { + /* A separate 'decryption_failed' alert was introduced with TLS 1.0, + * SSL 3.0 only has 'bad_record_mac'. But unless a decryption + * failure is directly visible from the ciphertext anyway, + * we should not reveal which kind of error occured -- this + * might become visible to an attacker (e.g. via a logfile) */ + al=SSL_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + goto f_err; + } + /* r->length is now just compressed */ if (s->expand != NULL) { *************** *** 443,456 **** return(1); - decryption_failed_or_bad_record_mac: - /* Separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: --- 466,471 ---- diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s3_srvr.c *** crypto/openssl/ssl/s3_srvr.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/s3_srvr.c Fri Feb 21 11:33:00 2003 *************** *** 151,161 **** if (init) { ! memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), ! sizeof(SSL_METHOD)); ! SSLv3_server_data.ssl_accept=ssl3_accept; ! SSLv3_server_data.get_ssl_method=ssl3_get_server_method; ! init=0; } return(&SSLv3_server_data); } --- 151,168 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), ! sizeof(SSL_METHOD)); ! SSLv3_server_data.ssl_accept=ssl3_accept; ! SSLv3_server_data.get_ssl_method=ssl3_get_server_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_server_data); } *************** *** 949,955 **** s->session->session_id_length=0; sl=s->session->session_id_length; ! die(sl <= sizeof s->session->session_id); *(p++)=sl; memcpy(p,s->session->session_id,sl); p+=sl; --- 956,966 ---- s->session->session_id_length=0; sl=s->session->session_id_length; ! if (sl > sizeof s->session->session_id) ! { ! SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_INTERNAL_ERROR); ! return -1; ! } *(p++)=sl; memcpy(p,s->session->session_id,sl); p+=sl; *************** *** 1460,1466 **** s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p,i); ! memset(p,0,i); } else #endif --- 1471,1477 ---- s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p,i); ! OPENSSL_cleanse(p,i); } else #endif *************** *** 1523,1529 **** s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,p,i); ! memset(p,0,i); } else #endif --- 1534,1540 ---- s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,p,i); ! OPENSSL_cleanse(p,i); } else #endif *************** *** 1555,1561 **** SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, ! 512, /* 512? */ &ok); if (!ok) return((int)n); --- 1566,1572 ---- SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, ! 514, /* 514? */ &ok); if (!ok) return((int)n); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_4_6/crypto/openssl/ssl/ssl.h *** crypto/openssl/ssl/ssl.h Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/ssl.h Fri Feb 21 11:33:00 2003 *************** *** 551,560 **** #define SSL_SESS_CACHE_SERVER 0x0002 #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 ! /* This one, when set, makes the server session-id lookup not look ! * in the cache. If there is an application get_session callback ! * defined, this will still get called. */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ --- 551,561 ---- #define SSL_SESS_CACHE_SERVER 0x0002 #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 ! /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 + #define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 + #define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ *************** *** 1285,1290 **** --- 1286,1292 ---- /* Function codes. */ #define SSL_F_CLIENT_CERTIFICATE 100 + #define SSL_F_CLIENT_FINISHED 238 #define SSL_F_CLIENT_HELLO 101 #define SSL_F_CLIENT_MASTER_KEY 102 #define SSL_F_D2I_SSL_SESSION 103 *************** *** 1298,1304 **** --- 1300,1308 ---- #define SSL_F_I2D_SSL_SESSION 111 #define SSL_F_READ_N 112 #define SSL_F_REQUEST_CERTIFICATE 113 + #define SSL_F_SERVER_FINISH 239 #define SSL_F_SERVER_HELLO 114 + #define SSL_F_SERVER_VERIFY 240 #define SSL_F_SSL23_ACCEPT 115 #define SSL_F_SSL23_CLIENT_HELLO 116 #define SSL_F_SSL23_CONNECT 117 *************** *** 1310,1315 **** --- 1314,1320 ---- #define SSL_F_SSL2_ACCEPT 122 #define SSL_F_SSL2_CONNECT 123 #define SSL_F_SSL2_ENC_INIT 124 + #define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 #define SSL_F_SSL2_PEEK 234 #define SSL_F_SSL2_READ 125 #define SSL_F_SSL2_READ_INTERNAL 236 *************** *** 1345,1350 **** --- 1350,1356 ---- #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 + #define SSL_F_SSL3_SEND_SERVER_HELLO 242 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 #define SSL_F_SSL3_SETUP_BUFFERS 156 #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 *************** *** 1559,1564 **** --- 1565,1571 ---- #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 + #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 #define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_asn1.c ../RELENG_4_6/crypto/openssl/ssl/ssl_asn1.c *** crypto/openssl/ssl/ssl_asn1.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/ssl_asn1.c Fri Feb 21 11:33:00 2003 *************** *** 273,282 **** i=SSL2_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) ! os.length=i; ret->session_id_length=os.length; - die(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); --- 273,283 ---- i=SSL2_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) ! os.length = i; ! if (os.length > sizeof ret->session_id) /* can't happen */ ! os.length = sizeof ret->session_id; ret->session_id_length=os.length; memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_err.c ../RELENG_4_6/crypto/openssl/ssl/ssl_err.c *** crypto/openssl/ssl/ssl_err.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/ssl_err.c Fri Feb 21 11:33:00 2003 *************** *** 67,72 **** --- 67,73 ---- static ERR_STRING_DATA SSL_str_functs[]= { {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, + {ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"}, {ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, *************** *** 80,86 **** --- 81,89 ---- {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, {ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, + {ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"}, {ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, + {ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"}, {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, *************** *** 92,97 **** --- 95,101 ---- {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, + {ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"}, {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, *************** *** 127,132 **** --- 131,137 ---- {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, + {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"}, {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, *************** *** 344,349 **** --- 349,355 ---- {SSL_R_SHORT_READ ,"short read"}, {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, + {SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"}, {SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_4_6/crypto/openssl/ssl/ssl_lib.c *** crypto/openssl/ssl/ssl_lib.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/ssl_lib.c Fri Feb 21 11:33:00 2003 *************** *** 1245,1257 **** abort(); /* ok */ } #endif CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); if (a->sessions != NULL) ! { ! SSL_CTX_flush_sessions(a,0); ! lh_free(a->sessions); ! } if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) --- 1245,1268 ---- abort(); /* ok */ } #endif + + /* + * Free internal session cache. However: the remove_cb() may reference + * the ex_data of SSL_CTX, thus the ex_data store can only be removed + * after the sessions were flushed. + * As the ex_data handling routines might also touch the session cache, + * the most secure solution seems to be: empty (flush) the cache, then + * free ex_data, then finally free the cache. + * (See ticket [openssl.org #212].) + */ + if (a->sessions != NULL) + SSL_CTX_flush_sessions(a,0); + CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); if (a->sessions != NULL) ! lh_free(a->sessions); ! if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) *************** *** 1472,1478 **** i=s->ctx->session_cache_mode; if ((i & mode) && (!s->hit) ! && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { --- 1483,1489 ---- i=s->ctx->session_cache_mode; if ((i & mode) && (!s->hit) ! && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_locl.h ../RELENG_4_6/crypto/openssl/ssl/ssl_locl.h *** crypto/openssl/ssl/ssl_locl.h Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/ssl_locl.h Fri Feb 21 11:33:00 2003 *************** *** 500,506 **** int ssl_verify_alarm_type(long type); int ssl2_enc_init(SSL *s, int client); ! void ssl2_generate_key_material(SSL *s); void ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); --- 500,506 ---- int ssl_verify_alarm_type(long type); int ssl2_enc_init(SSL *s, int client); ! int ssl2_generate_key_material(SSL *s); void ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_sess.c ../RELENG_4_6/crypto/openssl/ssl/ssl_sess.c *** crypto/openssl/ssl/ssl_sess.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/ssl_sess.c Fri Feb 21 11:33:00 2003 *************** *** 200,206 **** ss->session_id_length=0; } ! die(s->sid_ctx_length <= sizeof ss->sid_ctx); memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); ss->sid_ctx_length=s->sid_ctx_length; s->session=ss; --- 200,211 ---- ss->session_id_length=0; } ! if (s->sid_ctx_length > sizeof ss->sid_ctx) ! { ! SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_INTERNAL_ERROR); ! SSL_SESSION_free(ss); ! return 0; ! } memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); ss->sid_ctx_length=s->sid_ctx_length; s->session=ss; *************** *** 253,261 **** if (copy) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); ! /* The following should not return 1, otherwise, ! * things are very strange */ ! SSL_CTX_add_session(s->ctx,ret); } if (ret == NULL) goto err; --- 258,269 ---- if (copy) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); ! /* Add the externally cached session to the internal ! * cache as well if and only if we are supposed to. */ ! if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) ! /* The following should not return 1, otherwise, ! * things are very strange */ ! SSL_CTX_add_session(s->ctx,ret); } if (ret == NULL) goto err; *************** *** 469,481 **** CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data); ! memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); ! memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); ! memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); ! memset(ss,0,sizeof(*ss)); OPENSSL_free(ss); } --- 477,489 ---- CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data); ! OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH); ! OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH); ! OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); ! OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_4_6/crypto/openssl/ssl/ssltest.c *** crypto/openssl/ssl/ssltest.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/ssltest.c Fri Feb 21 11:33:00 2003 *************** *** 224,235 **** verbose = 0; debug = 0; cipher = 0; ! CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); argc--; --- 224,236 ---- verbose = 0; debug = 0; cipher = 0; ! ! bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); ! CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); argc--; *************** *** 247,258 **** debug=1; else if (strcmp(*argv,"-reuse") == 0) reuse=1; - #ifndef NO_DH else if (strcmp(*argv,"-dhe1024") == 0) dhe1024=1; else if (strcmp(*argv,"-dhe1024dsa") == 0) dhe1024dsa=1; #endif else if (strcmp(*argv,"-no_dhe") == 0) no_dhe=1; else if (strcmp(*argv,"-ssl2") == 0) --- 248,269 ---- debug=1; else if (strcmp(*argv,"-reuse") == 0) reuse=1; else if (strcmp(*argv,"-dhe1024") == 0) + { + #ifndef NO_DH dhe1024=1; + #else + fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); + #endif + } else if (strcmp(*argv,"-dhe1024dsa") == 0) + { + #ifndef NO_DH dhe1024dsa=1; + #else + fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); #endif + } else if (strcmp(*argv,"-no_dhe") == 0) no_dhe=1; else if (strcmp(*argv,"-ssl2") == 0) *************** *** 355,361 **** "the test anyway (and\n-d to see what happens), " "or add one of -ssl2, -ssl3, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); ! exit(1); } if (print_time) --- 366,372 ---- "the test anyway (and\n-d to see what happens), " "or add one of -ssl2, -ssl3, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); ! EXIT(1); } if (print_time) *************** *** 620,625 **** --- 631,638 ---- int i, r; clock_t c_clock = clock(); + memset(cbuf, 0, sizeof(cbuf)); + if (debug) if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", *************** *** 704,709 **** --- 717,724 ---- int i, r; clock_t s_clock = clock(); + memset(sbuf, 0, sizeof(sbuf)); + if (debug) if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", *************** *** 946,951 **** --- 961,969 ---- int done=0; int c_write,s_write; int do_server=0,do_client=0; + + memset(cbuf,0,sizeof(cbuf)); + memset(sbuf,0,sizeof(sbuf)); c_to_s=BIO_new(BIO_s_mem()); s_to_c=BIO_new(BIO_s_mem()); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_clnt.c ../RELENG_4_6/crypto/openssl/ssl/t1_clnt.c *** crypto/openssl/ssl/t1_clnt.c Mon Jan 10 01:22:00 2000 --- ../RELENG_4_6/crypto/openssl/ssl/t1_clnt.c Fri Feb 21 11:33:00 2003 *************** *** 79,89 **** if (init) { ! memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), ! sizeof(SSL_METHOD)); ! TLSv1_client_data.ssl_connect=ssl3_connect; ! TLSv1_client_data.get_ssl_method=tls1_get_client_method; ! init=0; } return(&TLSv1_client_data); } --- 79,96 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), ! sizeof(SSL_METHOD)); ! TLSv1_client_data.ssl_connect=ssl3_connect; ! TLSv1_client_data.get_ssl_method=tls1_get_client_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_client_data); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_enc.c ../RELENG_4_6/crypto/openssl/ssl/t1_enc.c *** crypto/openssl/ssl/t1_enc.c Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/ssl/t1_enc.c Fri Feb 21 11:33:00 2003 *************** *** 158,164 **** } HMAC_cleanup(&ctx); HMAC_cleanup(&ctx_tmp); ! memset(A1,0,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, --- 158,164 ---- } HMAC_cleanup(&ctx); HMAC_cleanup(&ctx_tmp); ! OPENSSL_cleanse(A1,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, *************** *** 372,381 **** printf("\n"); #endif ! memset(tmp1,0,sizeof(tmp1)); ! memset(tmp2,0,sizeof(tmp1)); ! memset(iv1,0,sizeof(iv1)); ! memset(iv2,0,sizeof(iv2)); return(1); err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); --- 372,381 ---- printf("\n"); #endif ! OPENSSL_cleanse(tmp1,sizeof(tmp1)); ! OPENSSL_cleanse(tmp2,sizeof(tmp1)); ! OPENSSL_cleanse(iv1,sizeof(iv1)); ! OPENSSL_cleanse(iv2,sizeof(iv2)); return(1); err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); *************** *** 426,432 **** { int z; for (z=0; zsession->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); ! memset(p2,0,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); --- 426,432 ---- { int z; for (z=0; zsession->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); ! OPENSSL_cleanse(p2,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_meth.c ../RELENG_4_6/crypto/openssl/ssl/t1_meth.c *** crypto/openssl/ssl/t1_meth.c Mon Jan 10 01:22:00 2000 --- ../RELENG_4_6/crypto/openssl/ssl/t1_meth.c Fri Feb 21 11:33:00 2003 *************** *** 76,88 **** if (init) { ! memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), ! sizeof(SSL_METHOD)); ! TLSv1_data.ssl_connect=ssl3_connect; ! TLSv1_data.ssl_accept=ssl3_accept; ! TLSv1_data.get_ssl_method=tls1_get_method; ! init=0; } return(&TLSv1_data); } --- 76,96 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), ! sizeof(SSL_METHOD)); ! TLSv1_data.ssl_connect=ssl3_connect; ! TLSv1_data.ssl_accept=ssl3_accept; ! TLSv1_data.get_ssl_method=tls1_get_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } + return(&TLSv1_data); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_srvr.c ../RELENG_4_6/crypto/openssl/ssl/t1_srvr.c *** crypto/openssl/ssl/t1_srvr.c Mon Jan 10 01:22:00 2000 --- ../RELENG_4_6/crypto/openssl/ssl/t1_srvr.c Fri Feb 21 11:33:00 2003 *************** *** 80,90 **** if (init) { ! memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), ! sizeof(SSL_METHOD)); ! TLSv1_server_data.ssl_accept=ssl3_accept; ! TLSv1_server_data.get_ssl_method=tls1_get_server_method; ! init=0; } return(&TLSv1_server_data); } --- 80,97 ---- if (init) { ! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); ! ! if (init) ! { ! memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), ! sizeof(SSL_METHOD)); ! TLSv1_server_data.ssl_accept=ssl3_accept; ! TLSv1_server_data.get_ssl_method=tls1_get_server_method; ! init=0; ! } ! ! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_server_data); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_4_6/crypto/openssl/test/Makefile.ssl *** crypto/openssl/test/Makefile.ssl Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/test/Makefile.ssl Fri Feb 21 11:33:01 2003 *************** *** 85,91 **** all: exe ! exe: $(EXE) files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO --- 85,91 ---- all: exe ! exe: $(EXE) dummytest files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO *************** *** 93,98 **** --- 93,102 ---- links: @@$(TOP)/util/point.sh Makefile.ssl Makefile + generate: $(SRC) + $(SRC): + @$(TOP)/util/point.sh dummytest.c $@ + errors: install: *************** *** 109,115 **** test_ss test_ca test_ssl apps: ! @(cd ../apps; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all) test_des: ./$(DESTEST) --- 113,119 ---- test_ss test_ca test_ssl apps: ! @(cd ..; $(MAKE) DIRS=apps all) test_des: ./$(DESTEST) *************** *** 233,239 **** lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new --- 237,243 ---- lint -DLINT $(INCLUDES) $(SRC)>fluff depend: ! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new *************** *** 243,252 **** rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log $(DLIBSSL): ! (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}') $(DLIBCRYPTO): ! (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}') $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) --- 247,256 ---- rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log $(DLIBSSL): ! (cd ..; $(MAKE) DIRS=ssl all) $(DLIBCRYPTO): ! (cd ..; $(MAKE) DIRS=crypto all) $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) *************** *** 317,325 **** $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) # DO NOT DELETE THIS LINE -- make depend depends on it. ! bftest.o: ../include/openssl/blowfish.h bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h --- 321,333 ---- $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + dummytest: dummytest.o $(DLIBCRYPTO) + $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + # DO NOT DELETE THIS LINE -- make depend depends on it. ! bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h ! bftest.o: ../include/openssl/opensslconf.h bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h *************** *** 339,367 **** bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h bntest.o: ../include/openssl/x509_vfy.h ! casttest.o: ../include/openssl/cast.h destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h destest.o: ../include/openssl/opensslconf.h ! dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h ! dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h ! dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ! dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ! dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ! dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h ! dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h ! dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h ! dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h ! dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h ! dsatest.o: ../include/openssl/symhacks.h ! exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h ! exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h ! exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h ! exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h ! exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h ! exptest.o: ../include/openssl/symhacks.h ! hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h --- 347,377 ---- bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h bntest.o: ../include/openssl/x509_vfy.h ! casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h ! casttest.o: ../include/openssl/opensslconf.h destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h destest.o: ../include/openssl/opensslconf.h ! dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h ! dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h ! dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h ! dhtest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h ! dhtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h ! dhtest.o: ../include/openssl/symhacks.h ! dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h ! dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h ! dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h ! dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ! dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ! dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ! exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h ! exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ! exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h ! exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ! exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ! exptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ! hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h *************** *** 376,392 **** hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ! ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h ! md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h ! md4test.o: ../include/openssl/md4.h ! md5test.o: ../include/openssl/md5.h ! mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h ! randtest.o: ../include/openssl/rand.h rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h ! rc5test.o: ../include/openssl/rc5.h ! rmdtest.o: ../include/openssl/ripemd.h rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h --- 386,411 ---- hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ! ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h ! ideatest.o: ../include/openssl/opensslconf.h ! md2test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md2.h ! md2test.o: ../include/openssl/opensslconf.h ! md4test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md4.h ! md4test.o: ../include/openssl/opensslconf.h ! md5test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md5.h ! md5test.o: ../include/openssl/opensslconf.h ! mdc2test.o: ../e_os.h ../include/openssl/des.h ../include/openssl/e_os2.h mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h ! randtest.o: ../e_os.h ../include/openssl/e_os2.h ! randtest.o: ../include/openssl/opensslconf.h ../include/openssl/rand.h ! rc2test.o: ../e_os.h ../include/openssl/e_os2.h rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h + rc4test.o: ../e_os.h ../include/openssl/e_os2.h rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h ! rc5test.o: ../e_os.h ../include/openssl/e_os2.h ! rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h ! rmdtest.o: ../e_os.h ../include/openssl/e_os2.h ! rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/ripemd.h rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h *************** *** 394,401 **** rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ! sha1test.o: ../include/openssl/sha.h ! shatest.o: ../include/openssl/sha.h ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h --- 413,422 ---- rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ! sha1test.o: ../e_os.h ../include/openssl/e_os2.h ! sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h ! shatest.o: ../e_os.h ../include/openssl/e_os2.h ! shatest.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/methtest.c ../RELENG_4_6/crypto/openssl/test/methtest.c *** crypto/openssl/test/methtest.c Mon Jan 10 01:22:01 2000 --- ../RELENG_4_6/crypto/openssl/test/methtest.c Fri Feb 21 11:33:01 2003 *************** *** 96,105 **** METH_init(top); METH_control(tmp1,METH_CONTROL_DUMP,stdout); METH_control(tmp2,METH_CONTROL_DUMP,stdout); ! exit(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); ! exit(1); return(0); } --- 96,105 ---- METH_init(top); METH_control(tmp1,METH_CONTROL_DUMP,stdout); METH_control(tmp2,METH_CONTROL_DUMP,stdout); ! EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); ! EXIT(1); return(0); } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testssl ../RELENG_4_6/crypto/openssl/test/testssl *** crypto/openssl/test/testssl Sun Aug 20 04:47:04 2000 --- ../RELENG_4_6/crypto/openssl/test/testssl Fri Feb 21 11:33:01 2003 *************** *** 112,119 **** ############################################################################# ! echo test tls1 with 1024bit anonymous DH, multiple handshakes ! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1 if ../apps/openssl no-rsa; then echo skipping RSA tests --- 112,123 ---- ############################################################################# ! if ../apps/openssl no-dh; then ! echo skipping anonymous DH tests ! else ! echo test tls1 with 1024bit anonymous DH, multiple handshakes ! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1 ! fi if ../apps/openssl no-rsa; then echo skipping RSA tests *************** *** 121,128 **** echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1 ! echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ! ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1 fi exit 0 --- 125,136 ---- echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1 ! if ../apps/openssl no-dh; then ! echo skipping RSA+DHE tests ! else ! echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ! ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1 ! fi fi exit 0 diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash ../RELENG_4_6/crypto/openssl/tools/c_rehash *** crypto/openssl/tools/c_rehash Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/tools/c_rehash Fri Feb 21 11:33:01 2003 *************** *** 100,106 **** sub link_hash_cert { my $fname = $_[0]; ! my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; --- 100,107 ---- sub link_hash_cert { my $fname = $_[0]; ! $fname =~ s/'/'\\''/g; ! my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; *************** *** 130,136 **** sub link_hash_crl { my $fname = $_[0]; ! my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; --- 131,138 ---- sub link_hash_crl { my $fname = $_[0]; ! $fname =~ s/'/'\\''/g; ! my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash.in ../RELENG_4_6/crypto/openssl/tools/c_rehash.in *** crypto/openssl/tools/c_rehash.in Wed Jul 4 19:19:48 2001 --- ../RELENG_4_6/crypto/openssl/tools/c_rehash.in Fri Feb 21 11:33:01 2003 *************** *** 100,106 **** sub link_hash_cert { my $fname = $_[0]; ! my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; --- 100,107 ---- sub link_hash_cert { my $fname = $_[0]; ! $fname =~ s/'/'\\''/g; ! my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; *************** *** 130,136 **** sub link_hash_crl { my $fname = $_[0]; ! my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; --- 131,138 ---- sub link_hash_crl { my $fname = $_[0]; ! $fname =~ s/'/'\\''/g; ! my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_4_6/crypto/openssl/util/libeay.num *** crypto/openssl/util/libeay.num Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/util/libeay.num Fri Feb 21 11:33:01 2003 *************** *** 301,308 **** EVP_des_ede_ofb 309 EXIST::FUNCTION:DES EVP_des_ofb 310 EXIST::FUNCTION:DES EVP_desx_cbc 311 EXIST::FUNCTION:DES ! EVP_dss 312 EXIST::FUNCTION:SHA,DSA ! EVP_dss1 313 EXIST::FUNCTION:SHA,DSA EVP_enc_null 314 EXIST::FUNCTION: EVP_get_cipherbyname 315 EXIST::FUNCTION: EVP_get_digestbyname 316 EXIST::FUNCTION: --- 301,308 ---- EVP_des_ede_ofb 309 EXIST::FUNCTION:DES EVP_des_ofb 310 EXIST::FUNCTION:DES EVP_desx_cbc 311 EXIST::FUNCTION:DES ! EVP_dss 312 EXIST::FUNCTION:DSA,SHA ! EVP_dss1 313 EXIST::FUNCTION:DSA,SHA EVP_enc_null 314 EXIST::FUNCTION: EVP_get_cipherbyname 315 EXIST::FUNCTION: EVP_get_digestbyname 316 EXIST::FUNCTION: *************** *** 1212,1218 **** str_dup 1240 NOEXIST::FUNCTION: i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION: i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION: ! BIO_s_log 1243 EXIST:!WIN16,!WIN32,!macintosh:FUNCTION: BIO_f_reliable 1244 EXIST::FUNCTION: PKCS7_dataFinal 1245 EXIST::FUNCTION: PKCS7_dataDecode 1246 EXIST::FUNCTION: --- 1212,1218 ---- str_dup 1240 NOEXIST::FUNCTION: i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION: i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION: ! BIO_s_log 1243 EXIST:!WIN32,!macintosh,!WIN16:FUNCTION: BIO_f_reliable 1244 EXIST::FUNCTION: PKCS7_dataFinal 1245 EXIST::FUNCTION: PKCS7_dataDecode 1246 EXIST::FUNCTION: *************** *** 1934,1936 **** --- 1934,1937 ---- BN_pseudo_rand_range 2523 EXIST::FUNCTION: X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: ERR_load_COMP_strings 2525 EXIST::FUNCTION: + OPENSSL_cleanse 3245 EXIST::FUNCTION: diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_4_6/crypto/openssl/util/mk1mf.pl *** crypto/openssl/util/mk1mf.pl Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/util/mk1mf.pl Fri Feb 21 11:33:01 2003 *************** *** 206,212 **** $cflags.=" -DNO_MD5" if $no_md5; $cflags.=" -DNO_SHA" if $no_sha; $cflags.=" -DNO_SHA1" if $no_sha1; ! $cflags.=" -DNO_RIPEMD" if $no_rmd160; $cflags.=" -DNO_MDC2" if $no_mdc2; $cflags.=" -DNO_BF" if $no_bf; $cflags.=" -DNO_CAST" if $no_cast; --- 206,212 ---- $cflags.=" -DNO_MD5" if $no_md5; $cflags.=" -DNO_SHA" if $no_sha; $cflags.=" -DNO_SHA1" if $no_sha1; ! $cflags.=" -DNO_RIPEMD" if $no_ripemd; $cflags.=" -DNO_MDC2" if $no_mdc2; $cflags.=" -DNO_BF" if $no_bf; $cflags.=" -DNO_CAST" if $no_cast; *************** *** 674,680 **** @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; ! @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; --- 674,680 ---- @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; ! @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; *************** *** 883,889 **** elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; ! $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; } elsif (/^rsaref$/) { $rsaref=1; } elsif (/^gcc$/) { $gcc=1; } --- 883,889 ---- elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; ! $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; } elsif (/^rsaref$/) { $rsaref=1; } elsif (/^gcc$/) { $gcc=1; } diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkcerts.sh ../RELENG_4_6/crypto/openssl/util/mkcerts.sh *** crypto/openssl/util/mkcerts.sh Mon Jan 10 01:22:05 2000 --- ../RELENG_4_6/crypto/openssl/util/mkcerts.sh Fri Feb 21 11:33:01 2003 *************** *** 1,4 **** ! #!bin/sh # This script will re-make all the required certs. # cd apps --- 1,4 ---- ! #!/bin/sh # This script will re-make all the required certs. # cd apps *************** *** 12,19 **** # CAbits=1024 ! SSLEAY="../apps/ssleay" ! CONF="-config ../apps/ssleay.cnf" # create pca request. echo creating $CAbits bit PCA cert request --- 12,19 ---- # CAbits=1024 ! SSLEAY="../apps/openssl" ! CONF="-config ../apps/openssl.cnf" # create pca request. echo creating $CAbits bit PCA cert request diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkerr.pl ../RELENG_4_6/crypto/openssl/util/mkerr.pl *** crypto/openssl/util/mkerr.pl Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/util/mkerr.pl Fri Feb 21 11:33:01 2003 *************** *** 320,326 **** print OUT <<"EOF"; /* $cfile */ /* ==================================================================== ! * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions --- 320,326 ---- print OUT <<"EOF"; /* $cfile */ /* ==================================================================== ! * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pl/BC-32.pl ../RELENG_4_6/crypto/openssl/util/pl/BC-32.pl *** crypto/openssl/util/pl/BC-32.pl Mon Feb 24 21:51:23 2003 --- ../RELENG_4_6/crypto/openssl/util/pl/BC-32.pl Fri Feb 21 11:33:01 2003 *************** *** 52,60 **** $shlib_ex_obj=""; $app_ex_obj="c0x32.obj"; ! $asm='n_o_T_a_s_m'; $asm.=" /Zi" if $debug; ! $afile='/Fo'; $bn_mulw_obj=''; $bn_mulw_src=''; --- 52,60 ---- $shlib_ex_obj=""; $app_ex_obj="c0x32.obj"; ! $asm='nasmw -f obj'; $asm.=" /Zi" if $debug; ! $afile='-o'; $bn_mulw_obj=''; $bn_mulw_src=''; diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2mantest ../RELENG_4_6/crypto/openssl/util/pod2mantest *** crypto/openssl/util/pod2mantest Tue Jul 30 22:55:10 2002 --- ../RELENG_4_6/crypto/openssl/util/pod2mantest Fri Feb 21 11:33:01 2003 *************** *** 11,17 **** IFS=: ! try_without_dir=false # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. for dir in dummy:$PATH; do if [ "$try_without_dir" = true ]; then --- 11,18 ---- IFS=: ! ! try_without_dir=true # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. for dir in dummy:$PATH; do if [ "$try_without_dir" = true ]; then *************** *** 29,37 **** if [ ! "$pod2man" = '' ]; then failure=none ! if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then ! failure=MultilineTest fi --- 30,45 ---- if [ ! "$pod2man" = '' ]; then failure=none + if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then + : + else + failure=BasicTest + fi ! if [ "$failure" = none ]; then ! if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then ! failure=MultilineTest ! fi fi *************** *** 45,53 **** done echo "No working pod2man found. Consider installing a new version." >&2 ! if [ "$1" = ignore ]; then ! echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 ! echo "../../util/pod2man.pl" ! exit 0 ! fi ! exit 1 --- 53,57 ---- done echo "No working pod2man found. Consider installing a new version." >&2 ! echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 ! echo "$1 ../../util/pod2man.pl" *** secure/lib/libcrypto/Makefile Mon Feb 24 21:52:33 2003 --- ../RELENG_4_6/secure/lib/libcrypto/Makefile Fri Feb 21 11:33:02 2003 *************** *** 1,4 **** ! # $FreeBSD: src/secure/lib/libcrypto/Makefile,v 1.15.2.11.6.1 2002/07/31 02:55:11 nectar Exp $ .include "Makefile.inc" --- 1,4 ---- ! # $FreeBSD: src/secure/lib/libcrypto/Makefile,v 1.15.2.11.6.2 2003/02/21 16:33:02 nectar Exp $ .include "Makefile.inc" *************** *** 35,42 **** MAINTAINER= kris # base sources ! SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \ ! tmdiff.c uid.c # asn1 --- 35,42 ---- MAINTAINER= kris # base sources ! SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \ ! mem_dbg.c tmdiff.c uid.c # asn1