os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/SA-03:02/openssl47.patch
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

10210 lines
323 KiB
Diff
Raw Blame History

diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_4_7/crypto/openssl/CHANGES
*** crypto/openssl/CHANGES Sun Aug 11 09:13:52 2002
--- ../RELENG_4_7/crypto/openssl/CHANGES Fri Feb 21 07:24:19 2003
***************
*** 2,7 ****
--- 2,88 ----
OpenSSL CHANGES
_______________
+ Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
+
+ *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+ memory from it's contents. This is done with a counter that will
+ place alternating values in each byte. This can be used to solve
+ two issues: 1) the removal of calls to memset() by highly optimizing
+ compilers, and 2) cleansing with other values than 0, since those can
+ be read through on certain media, for example a swap space on disk.
+ [Geoff Thorpe]
+
+ *) Bugfix: client side session caching did not work with external caching,
+ because the session->cipher setting was not restored when reloading
+ from the external cache. This problem was masked, when
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+ (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+ [Lutz Jaenicke]
+
+ *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+ length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+ [Zeev Lieber <zeev-l@yahoo.com>]
+
+ *) Undo an undocumented change introduced in 0.9.6e which caused
+ repeated calls to OpenSSL_add_all_ciphers() and
+ OpenSSL_add_all_digests() to be ignored, even after calling
+ EVP_cleanup().
+ [Richard Levitte]
+
+ *) Change the default configuration reader to deal with last line not
+ being properly terminated.
+ [Richard Levitte]
+
+ *) Change X509_NAME_cmp() so it applies the special rules on handling
+ DN values that are of type PrintableString, as well as RDNs of type
+ emailAddress where the value has the type ia5String.
+ [stefank@valicert.com via Richard Levitte]
+
+ *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+ the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+ doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+ the bitwise-OR of the two for use by the majority of applications
+ wanting this behaviour, and update the docs. The documented
+ behaviour and actual behaviour were inconsistent and had been
+ changing anyway, so this is more a bug-fix than a behavioural
+ change.
+ [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
+ ssl2_get_cipher_by_char(),
+ ssl3_get_cipher_by_char().
+ [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+ *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+ the cached sessions are flushed, as the remove_cb() might use ex_data
+ contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+ (see [openssl.org #212]).
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+ length, instead of the encoding length to d2i_ASN1_OBJECT.
+ [Steve Henson]
+
Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
*) [In 0.9.6g-engine release:]
***************
*** 23,28 ****
--- 104,115 ----
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
*) Fix cipher selection routines: ciphers without encryption had no flags
for the cipher strength set and where therefore not handled correctly
by the selection routines (PR #130).
***************
*** 54,60 ****
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
! supplied buffer.
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
--- 141,147 ----
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
! supplied buffer. (CAN-2002-0659)
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
***************
*** 159,166 ****
value is 0.
[Richard Levitte]
! *) [In 0.9.6c-engine release:]
! Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
[Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
*) Add the configuration target linux-s390x.
--- 246,253 ----
value is 0.
[Richard Levitte]
! *) [In 0.9.6d-engine release:]
! Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
[Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
*) Add the configuration target linux-s390x.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_4_7/crypto/openssl/Configure
*** crypto/openssl/Configure Sun Aug 11 09:13:52 2002
--- ../RELENG_4_7/crypto/openssl/Configure Fri Feb 21 07:24:19 2003
***************
*** 122,128 ****
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
--- 122,128 ----
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
***************
*** 395,401 ****
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
! "aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
#
# Cray T90 and similar (SDSC)
--- 395,401 ----
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
! "aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
#
# Cray T90 and similar (SDSC)
***************
*** 477,483 ****
# Cygwin
"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
--- 477,483 ----
# Cygwin
"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
***************
*** 495,506 ****
--- 495,512 ----
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+ ##### A/UX
+ "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+
##### Sony NEWS-OS 4.x
"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
##### VxWorks for various targets
"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
+ ##### Compaq Non-Stop Kernel (Tandem)
+ "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
+
);
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
***************
*** 577,582 ****
--- 583,589 ----
my $target;
my $options;
my $symlink;
+ my $make_depend=0;
my @argvcopy=@ARGV;
my $argvstring="";
***************
*** 619,625 ****
{ $threads=1; }
elsif (/^no-shared$/)
{ $no_shared=1; }
! elsif (/^shared$/)
{ $no_shared=0; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
--- 626,632 ----
{ $threads=1; }
elsif (/^no-shared$/)
{ $no_shared=1; }
! elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
{ $no_shared=0; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
***************
*** 1188,1198 ****
EOF
close(OUT);
} else {
! (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
! if $symlink;
! ### (system 'make depend') == 0 or exit $? if $depflags ne "";
! # Run "make depend" manually if you want to be able to delete
! # the source code files of ciphers you left out.
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
--- 1195,1207 ----
EOF
close(OUT);
} else {
! my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
! my $make_targets = "";
! $make_targets .= " links" if $symlink;
! $make_targets .= " depend" if $depflags ne "" && $make_depend;
! $make_targets .= " gentests" if $symlink;
! (system $make_command.$make_targets) == 0 or exit $?
! if $make_targets ne "";
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
***************
*** 1202,1207 ****
--- 1211,1225 ----
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
+ }
+ if ($depflags ne "" && !$make_depend) {
+ print <<EOF;
+
+ Since you've disabled at least one algorithm, you need to do the following
+ before building:
+
+ make depend
+ EOF
}
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FAQ ../RELENG_4_7/crypto/openssl/FAQ
*** crypto/openssl/FAQ Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/FAQ Fri Feb 21 07:24:19 2003
***************
*** 9,14 ****
--- 9,15 ----
* Where can I get a compiled version of OpenSSL?
* Why aren't tools like 'autoconf' and 'libtool' used?
* What is an 'engine' version?
+ * How do I check the authenticity of the OpenSSL distribution?
[LEGAL] Legal questions
***************
*** 35,40 ****
--- 36,42 ----
* Why does the linker complain about undefined symbols?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+ * Why does the OpenSSL test fail with "bc: stack empty"?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
***************
*** 61,67 ****
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
! OpenSSL 0.9.6g was released on 9 August 2002.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
--- 63,69 ----
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
! OpenSSL 0.9.7a was released on February 19, 2003.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
***************
*** 132,137 ****
--- 134,152 ----
version 0.9.7 (not yet released) the changes were merged into the main
development line, so that the special release is no longer necessary.
+ * How do I check the authenticity of the OpenSSL distribution?
+
+ We provide MD5 digests and ASC signatures of each tarball.
+ Use MD5 to check that a tarball from a mirror site is identical:
+
+ md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
+
+ You can check authenticity using pgp or gpg. You need the OpenSSL team
+ member public key used to sign it (download it from a key server). Then
+ just do:
+
+ pgp TARBALL.asc
+
[LEGAL] =======================================================================
* Do I need patent licenses to use OpenSSL?
***************
*** 169,186 ****
Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
! device" that serves this purpose. On other systems, applications have
! to call the RAND_add() or RAND_seed() function with appropriate data
! before generating keys or performing public key encryption.
! (These functions initialize the pseudo-random number generator, PRNG.)
!
! Some broken applications do not do this. As of version 0.9.5, the
! OpenSSL functions that need randomness report an error if the random
! number generator has not been seeded with at least 128 bits of
! randomness. If this error occurs, please contact the author of the
! application you are using. It is likely that it never worked
! correctly. OpenSSL 0.9.5 and later make the error visible by refusing
! to perform potentially insecure encryption.
On systems without /dev/urandom and /dev/random, it is a good idea to
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
--- 184,213 ----
Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
! device" (/dev/urandom or /dev/random) that serves this purpose.
! All OpenSSL versions try to use /dev/urandom by default; starting with
! version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
! available.
!
! On other systems, applications have to call the RAND_add() or
! RAND_seed() function with appropriate data before generating keys or
! performing public key encryption. (These functions initialize the
! pseudo-random number generator, PRNG.) Some broken applications do
! not do this. As of version 0.9.5, the OpenSSL functions that need
! randomness report an error if the random number generator has not been
! seeded with at least 128 bits of randomness. If this error occurs and
! is not discussed in the documentation of the application you are
! using, please contact the author of that application; it is likely
! that it never worked correctly. OpenSSL 0.9.5 and later make the
! error visible by refusing to perform potentially insecure encryption.
!
! If you are using Solaris 8, you can add /dev/urandom and /dev/random
! devices by installing patch 112438 (Sparc) or 112439 (x86), which are
! available via the Patchfinder at <URL: http://sunsolve.sun.com>
! (Solaris 9 includes these devices by default). For /dev/random support
! for earlier Solaris versions, see Sun's statement at
! <URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
! (the SUNWski package is available in patch 105710).
On systems without /dev/urandom and /dev/random, it is a good idea to
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
***************
*** 213,228 ****
provide their own configuration options to specify the entropy source,
please check out the documentation coming the with application.
- For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
- installing the SUNski package from Sun patch 105710-01 (Sparc) which
- adds a /dev/random device and make sure it gets used, usually through
- $RANDFILE. There are probably similar patches for the other Solaris
- versions. An official statement from Sun with respect to /dev/random
- support can be found at
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
- However, be warned that /dev/random is usually a blocking device, which
- may have some effects on OpenSSL.
-
* Why do I get an "unable to write 'random state'" error message?
--- 240,245 ----
***************
*** 386,391 ****
--- 403,419 ----
On some SCO installations or versions, bc has a bug that gets triggered
when you run the test suite (using "make test"). The message returned is
"bc: 1 not implemented".
+
+ The best way to deal with this is to find another implementation of bc
+ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
+ for download instructions) can be safely used, for example.
+
+
+ * Why does the OpenSSL test fail with "bc: stack empty"?
+
+ On some DG/ux versions, bc seems to have a too small stack for calculations
+ that the OpenSSL bntest throws at it. This gets triggered when you run the
+ test suite (using "make test"). The message returned is "bc: stack empty".
The best way to deal with this is to find another implementation of bc
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_4_7/crypto/openssl/INSTALL
*** crypto/openssl/INSTALL Tue Jul 30 17:04:59 2002
--- ../RELENG_4_7/crypto/openssl/INSTALL Fri Feb 21 07:24:19 2003
***************
*** 129,136 ****
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
! via http://www.openssl.org/rt2.html and will be forwarded to a public
! mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
--- 129,136 ----
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
! via http://www.openssl.org/support/rt2.html and will be forwarded to a
! public mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
***************
*** 151,157 ****
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
! http://www.openssl.org/rt2.html.
4. If everything tests ok, install OpenSSL with
--- 151,157 ----
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
! http://www.openssl.org/support/rt2.html.
4. If everything tests ok, install OpenSSL with
***************
*** 285,287 ****
--- 285,299 ----
targets for shared library creation, like linux-shared. Those targets
can currently be used on their own just as well, but this is expected
to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_4_7/crypto/openssl/Makefile.org
*** crypto/openssl/Makefile.org Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/Makefile.org Fri Feb 21 07:24:19 2003
***************
*** 270,278 ****
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
! collect2=`gcc -print-prog-name=collect2 2>&1` && \
! [ -n "$$collect2" ] && \
! my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
--- 270,276 ----
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
! my_ld=`${CC} -print-prog-name=ld 2>&1` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
***************
*** 529,534 ****
--- 527,536 ----
fi; \
done;
+ gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
***************
*** 610,615 ****
--- 612,620 ----
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
***************
*** 652,660 ****
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
--- 657,666 ----
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
***************
*** 664,677 ****
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib/cyg/'`; \
! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
--- 670,686 ----
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib/cyg/'`; \
! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
***************
*** 687,699 ****
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
! @pod2man=`cd util; ./pod2mantest ignore`; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
--- 696,708 ----
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
! @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
***************
*** 703,709 ****
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
--- 712,718 ----
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_4_7/crypto/openssl/Makefile.ssl
*** crypto/openssl/Makefile.ssl Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/Makefile.ssl Fri Feb 21 07:24:19 2003
***************
*** 4,26 ****
## Makefile for OpenSSL
##
! VERSION=0.9.6g
MAJOR=0
MINOR=9.6
SHLIB_VERSION_NUMBER=0.9.6
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
SHLIB_MINOR=9.6
! SHLIB_EXT=
! PLATFORM=dist
! OPTIONS=
! CONFIGURE_ARGS=dist
! SHLIB_TARGET=
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
! INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
--- 4,26 ----
## Makefile for OpenSSL
##
! VERSION=0.9.6i
MAJOR=0
MINOR=9.6
SHLIB_VERSION_NUMBER=0.9.6
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
SHLIB_MINOR=9.6
! SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
! PLATFORM=FreeBSD-elf
! OPTIONS=386
! CONFIGURE_ARGS=FreeBSD-elf 386
! SHLIB_TARGET=bsd-gcc-shared
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
! INSTALL_PREFIX=/var/tmp/ssl
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
***************
*** 55,75 ****
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
! CC= cc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
! CFLAG= -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
AR=ar r
RANLIB= /usr/bin/ranlib
! PERL= /usr/local/bin/perl
TAR= tar
TARFLAGS= --no-recursion
# Set BN_ASM to bn_asm.o if you want to use the C version
! BN_ASM= bn_asm.o
#BN_ASM= bn_asm.o
#BN_ASM= asm/bn86-elf.o # elf, linux-elf
#BN_ASM= asm/bn86-sol.o # solaris
--- 55,75 ----
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
! CC= gcc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
! CFLAG= -fPIC -DTHREADS -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
DEPFLAG=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
AR=ar r
RANLIB= /usr/bin/ranlib
! PERL= /usr/local/bin/perl5
TAR= tar
TARFLAGS= --no-recursion
# Set BN_ASM to bn_asm.o if you want to use the C version
! BN_ASM= asm/bn86-elf.o asm/co86-elf.o
#BN_ASM= bn_asm.o
#BN_ASM= asm/bn86-elf.o # elf, linux-elf
#BN_ASM= asm/bn86-sol.o # solaris
***************
*** 85,95 ****
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
! PROCESSOR=
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
! DES_ENC= des_enc.o fcrypt_b.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
--- 85,95 ----
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
! PROCESSOR= 386
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
! DES_ENC= asm/dx86-elf.o asm/yx86-elf.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
***************
*** 98,104 ****
# Set BF_ENC to bf_enc.o if you want to use the C version
#There are 4 x86 assember options.
! BF_ENC= bf_enc.o
#BF_ENC= bf_enc.o
#BF_ENC= asm/bx86-elf.o # elf
#BF_ENC= asm/bx86-sol.o # solaris
--- 98,104 ----
# Set BF_ENC to bf_enc.o if you want to use the C version
#There are 4 x86 assember options.
! BF_ENC= asm/bx86-elf.o
#BF_ENC= bf_enc.o
#BF_ENC= asm/bx86-elf.o # elf
#BF_ENC= asm/bx86-sol.o # solaris
***************
*** 107,113 ****
# Set CAST_ENC to c_enc.o if you want to use the C version
#There are 4 x86 assember options.
! CAST_ENC= c_enc.o
#CAST_ENC= c_enc.o
#CAST_ENC= asm/cx86-elf.o # elf
#CAST_ENC= asm/cx86-sol.o # solaris
--- 107,113 ----
# Set CAST_ENC to c_enc.o if you want to use the C version
#There are 4 x86 assember options.
! CAST_ENC= asm/cx86-elf.o
#CAST_ENC= c_enc.o
#CAST_ENC= asm/cx86-elf.o # elf
#CAST_ENC= asm/cx86-sol.o # solaris
***************
*** 116,122 ****
# Set RC4_ENC to rc4_enc.o if you want to use the C version
#There are 4 x86 assember options.
! RC4_ENC= rc4_enc.o
#RC4_ENC= rc4_enc.o
#RC4_ENC= asm/rx86-elf.o # elf
#RC4_ENC= asm/rx86-sol.o # solaris
--- 116,122 ----
# Set RC4_ENC to rc4_enc.o if you want to use the C version
#There are 4 x86 assember options.
! RC4_ENC= asm/rx86-elf.o
#RC4_ENC= rc4_enc.o
#RC4_ENC= asm/rx86-elf.o # elf
#RC4_ENC= asm/rx86-sol.o # solaris
***************
*** 125,131 ****
# Set RC5_ENC to rc5_enc.o if you want to use the C version
#There are 4 x86 assember options.
! RC5_ENC= rc5_enc.o
#RC5_ENC= rc5_enc.o
#RC5_ENC= asm/r586-elf.o # elf
#RC5_ENC= asm/r586-sol.o # solaris
--- 125,131 ----
# Set RC5_ENC to rc5_enc.o if you want to use the C version
#There are 4 x86 assember options.
! RC5_ENC= asm/r586-elf.o
#RC5_ENC= rc5_enc.o
#RC5_ENC= asm/r586-elf.o # elf
#RC5_ENC= asm/r586-sol.o # solaris
***************
*** 133,153 ****
#RC5_ENC= asm/r586bsdi.o # bsdi
# Also need MD5_ASM defined
! MD5_ASM_OBJ=
#MD5_ASM_OBJ= asm/mx86-elf.o # elf
#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
# Also need SHA1_ASM defined
! SHA1_ASM_OBJ=
#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
# Also need RMD160_ASM defined
! RMD160_ASM_OBJ=
#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
--- 133,153 ----
#RC5_ENC= asm/r586bsdi.o # bsdi
# Also need MD5_ASM defined
! MD5_ASM_OBJ= asm/mx86-elf.o
#MD5_ASM_OBJ= asm/mx86-elf.o # elf
#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
# Also need SHA1_ASM defined
! SHA1_ASM_OBJ= asm/sx86-elf.o
#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
# Also need RMD160_ASM defined
! RMD160_ASM_OBJ= asm/rm86-elf.o
#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
***************
*** 184,190 ****
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
! SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
GENERAL= Makefile
--- 184,190 ----
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
! SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
SHARED_LDFLAGS=
GENERAL= Makefile
***************
*** 272,280 ****
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
! collect2=`gcc -print-prog-name=collect2 2>&1` && \
! [ -n "$$collect2" ] && \
! my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
--- 272,278 ----
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
! my_ld=`${CC} -print-prog-name=ld 2>&1` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
***************
*** 531,536 ****
--- 529,538 ----
fi; \
done;
+ gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
***************
*** 612,617 ****
--- 614,622 ----
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
***************
*** 654,662 ****
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
--- 659,668 ----
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
***************
*** 666,679 ****
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib/cyg/'`; \
! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
--- 672,688 ----
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
! cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib/cyg/'`; \
! cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
! chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
! cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
! chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
! mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
***************
*** 689,701 ****
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
! @pod2man=`cd util; ./pod2mantest ignore`; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
--- 698,710 ----
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
! @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
***************
*** 705,711 ****
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
--- 714,720 ----
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
! sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_4_7/crypto/openssl/NEWS
*** crypto/openssl/NEWS Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/NEWS Fri Feb 21 07:24:19 2003
***************
*** 5,10 ****
--- 5,28 ----
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+
+ o Important security related bugfixes.
+
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+
+ o New configuration targets for Tandem OSS and A/UX.
+ o New OIDs for Microsoft attributes.
+ o Better handling of SSL session caching.
+ o Better comparison of distinguished names.
+ o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+ o Support assembler code with Borland C.
+ o Fixes for length problems.
+ o Fixes for uninitialised variables.
+ o Fixes for memory leaks, some unusual crashes and some race conditions.
+ o Fixes for smaller building problems.
+ o Updates of manuals, FAQ and other instructive documents.
+
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
o Important building fixes on Unix.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/PROBLEMS ../RELENG_4_7/crypto/openssl/PROBLEMS
*** crypto/openssl/PROBLEMS Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/PROBLEMS Fri Feb 21 07:24:19 2003
***************
*** 40,42 ****
--- 40,58 ----
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
+
+
+ * Bugs in gcc 3.0 triggered
+
+ According to a problem report, there are bugs in gcc 3.0 that are
+ triggered by some of the code in OpenSSL, more specifically in
+ PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
+
+ header+=11;
+ if (*header != '4') return(0); header++;
+ if (*header != ',') return(0); header++;
+
+ What happens is that gcc might optimize a little too agressively, and
+ you end up with an extra incrementation when *header != '4'.
+
+ We recommend that you upgrade gcc to as high a 3.x version as you can.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_4_7/crypto/openssl/README
*** crypto/openssl/README Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/README Fri Feb 21 07:24:19 2003
***************
*** 1,7 ****
! OpenSSL 0.9.6g 9 August 2002
! Copyright (c) 1998-2002 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
--- 1,7 ----
! OpenSSL 0.9.6i Feb 19 2003
! Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/CA.pl ../RELENG_4_7/crypto/openssl/apps/CA.pl
*** crypto/openssl/apps/CA.pl Sun Aug 11 09:13:58 2002
--- ../RELENG_4_7/crypto/openssl/apps/CA.pl Fri Feb 21 07:24:19 2003
***************
*** 1,4 ****
! #!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
--- 1,4 ----
! #!/usr/local/bin/perl5
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_4_7/crypto/openssl/apps/Makefile.ssl
*** crypto/openssl/apps/Makefile.ssl Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/Makefile.ssl Fri Feb 21 07:24:19 2003
***************
*** 117,123 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 117,123 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 128,137 ****
rm -f req
$(DLIBSSL):
! (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
$(DLIBCRYPTO):
! (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(PROGRAM)
--- 128,137 ----
rm -f req
$(DLIBSSL):
! (cd ..; $(MAKE) DIRS=ssl all)
$(DLIBCRYPTO):
! (cd ..; $(MAKE) DIRS=crypto all)
$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(PROGRAM)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_4_7/crypto/openssl/apps/apps.h
*** crypto/openssl/apps/apps.h Sun Nov 26 05:32:47 2000
--- ../RELENG_4_7/crypto/openssl/apps/apps.h Fri Feb 21 07:24:19 2003
***************
*** 92,99 ****
--- 92,101 ----
#define MAIN(a,v) main(a,v)
#ifndef NON_MAIN
+ LHASH *config=NULL;
BIO *bio_err=NULL;
#else
+ extern LHASH *config;
extern BIO *bio_err;
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/asn1pars.c ../RELENG_4_7/crypto/openssl/apps/asn1pars.c
*** crypto/openssl/apps/asn1pars.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/asn1pars.c Fri Feb 21 07:24:19 2003
***************
*** 328,333 ****
if (at != NULL) ASN1_TYPE_free(at);
if (osk != NULL) sk_free(osk);
OBJ_cleanup();
! EXIT(ret);
}
--- 328,333 ----
if (at != NULL) ASN1_TYPE_free(at);
if (osk != NULL) sk_free(osk);
OBJ_cleanup();
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_4_7/crypto/openssl/apps/ca.c
*** crypto/openssl/apps/ca.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/ca.c Fri Feb 21 07:24:19 2003
***************
*** 543,549 ****
goto err;
}
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
! if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
--- 543,549 ----
goto err;
}
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
! if(key) OPENSSL_cleanse(key,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
***************
*** 606,617 ****
--- 606,619 ----
that to access(). However, time's too short to do that just
now.
*/
+ #ifndef VXWORKS
if (access(outdir,R_OK|W_OK|X_OK) != 0)
{
BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
perror(outdir);
goto err;
}
+ #endif
if (stat(outdir,&sb) != 0)
{
***************
*** 829,837 ****
}
if (verbose)
{
! if ((f=BN_bn2hex(serial)) == NULL) goto err;
! BIO_printf(bio_err,"next serial number is %s\n",f);
! OPENSSL_free(f);
}
if ((attribs=CONF_get_section(conf,policy)) == NULL)
--- 831,844 ----
}
if (verbose)
{
! if (BN_is_zero(serial))
! BIO_printf(bio_err,"next serial number is 00\n");
! else
! {
! if ((f=BN_bn2hex(serial)) == NULL) goto err;
! BIO_printf(bio_err,"next serial number is %s\n",f);
! OPENSSL_free(f);
! }
}
if ((attribs=CONF_get_section(conf,policy)) == NULL)
***************
*** 1275,1281 ****
X509_CRL_free(crl);
CONF_free(conf);
OBJ_cleanup();
! EXIT(ret);
}
static void lookup_fail(char *name, char *tag)
--- 1282,1288 ----
X509_CRL_free(crl);
CONF_free(conf);
OBJ_cleanup();
! OPENSSL_EXIT(ret);
}
static void lookup_fail(char *name, char *tag)
***************
*** 1340,1346 ****
ret=ASN1_INTEGER_to_BN(ai,NULL);
if (ret == NULL)
{
! BIO_printf(bio_err,"error converting number from bin to BIGNUM");
goto err;
}
err:
--- 1347,1353 ----
ret=ASN1_INTEGER_to_BN(ai,NULL);
if (ret == NULL)
{
! BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
goto err;
}
err:
***************
*** 1728,1734 ****
BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
row[DB_name]=X509_NAME_oneline(subject,NULL,0);
! row[DB_serial]=BN_bn2hex(serial);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
--- 1735,1744 ----
BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
row[DB_name]=X509_NAME_oneline(subject,NULL,0);
! if (BN_is_zero(serial))
! row[DB_serial]=BUF_strdup("00");
! else
! row[DB_serial]=BN_bn2hex(serial);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
***************
*** 2142,2148 ****
row[i]=NULL;
row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
! row[DB_serial]=BN_bn2hex(bn);
BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
--- 2152,2161 ----
row[i]=NULL;
row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
! if (BN_is_zero(bn))
! row[DB_serial]=BUF_strdup("00");
! else
! row[DB_serial]=BN_bn2hex(bn);
BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ciphers.c ../RELENG_4_7/crypto/openssl/apps/ciphers.c
*** crypto/openssl/apps/ciphers.c Sun Nov 26 05:32:47 2000
--- ../RELENG_4_7/crypto/openssl/apps/ciphers.c Fri Feb 21 07:24:19 2003
***************
*** 202,207 ****
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
! EXIT(ret);
}
--- 202,207 ----
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl.c ../RELENG_4_7/crypto/openssl/apps/crl.c
*** crypto/openssl/apps/crl.c Sun Nov 26 05:32:47 2000
--- ../RELENG_4_7/crypto/openssl/apps/crl.c Fri Feb 21 07:24:19 2003
***************
*** 364,370 ****
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
! EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)
--- 364,370 ----
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
! OPENSSL_EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl2p7.c ../RELENG_4_7/crypto/openssl/apps/crl2p7.c
*** crypto/openssl/apps/crl2p7.c Sun Nov 26 05:32:47 2000
--- ../RELENG_4_7/crypto/openssl/apps/crl2p7.c Fri Feb 21 07:24:19 2003
***************
*** 166,172 ****
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
! EXIT(1);
}
ERR_load_crypto_strings();
--- 166,172 ----
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
! OPENSSL_EXIT(1);
}
ERR_load_crypto_strings();
***************
*** 278,284 ****
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
! EXIT(ret);
}
/*
--- 278,284 ----
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
! OPENSSL_EXIT(ret);
}
/*
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/der_chop ../RELENG_4_7/crypto/openssl/apps/der_chop
*** crypto/openssl/apps/der_chop Sun Aug 11 09:13:58 2002
--- ../RELENG_4_7/crypto/openssl/apps/der_chop Fri Feb 21 07:24:19 2003
***************
*** 1,4 ****
! #!/usr/local/bin/perl
#
# der_chop ... this is one total hack that Eric is really not proud of
# so don't look at it and don't ask for support
--- 1,4 ----
! #!/usr/local/bin/perl5
#
# der_chop ... this is one total hack that Eric is really not proud of
# so don't look at it and don't ask for support
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_4_7/crypto/openssl/apps/dgst.c
*** crypto/openssl/apps/dgst.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/dgst.c Fri Feb 21 07:24:19 2003
***************
*** 327,333 ****
end:
if (buf != NULL)
{
! memset(buf,0,BUFSIZE);
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
--- 327,333 ----
end:
if (buf != NULL)
{
! OPENSSL_cleanse(buf,BUFSIZE);
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
***************
*** 335,341 ****
EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
! EXIT(err);
}
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
--- 335,341 ----
EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
! OPENSSL_EXIT(err);
}
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_4_7/crypto/openssl/apps/dh.c
*** crypto/openssl/apps/dh.c Sun Nov 26 05:32:47 2000
--- ../RELENG_4_7/crypto/openssl/apps/dh.c Fri Feb 21 07:24:19 2003
***************
*** 319,324 ****
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
! EXIT(ret);
}
#endif
--- 319,324 ----
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
! OPENSSL_EXIT(ret);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_4_7/crypto/openssl/apps/dhparam.c
*** crypto/openssl/apps/dhparam.c Sun Nov 26 05:32:47 2000
--- ../RELENG_4_7/crypto/openssl/apps/dhparam.c Fri Feb 21 07:24:19 2003
***************
*** 506,512 ****
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
! EXIT(ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
--- 506,512 ----
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
! OPENSSL_EXIT(ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_4_7/crypto/openssl/apps/dsa.c
*** crypto/openssl/apps/dsa.c Sun Nov 26 05:32:47 2000
--- ../RELENG_4_7/crypto/openssl/apps/dsa.c Fri Feb 21 07:24:19 2003
***************
*** 293,298 ****
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
! EXIT(ret);
}
#endif
--- 293,298 ----
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
! OPENSSL_EXIT(ret);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_4_7/crypto/openssl/apps/dsaparam.c
*** crypto/openssl/apps/dsaparam.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/dsaparam.c Fri Feb 21 07:24:19 2003
***************
*** 357,363 ****
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
! EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
--- 357,363 ----
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
! OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_4_7/crypto/openssl/apps/enc.c
*** crypto/openssl/apps/enc.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/enc.c Fri Feb 21 07:24:19 2003
***************
*** 506,514 ****
* bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf)
! memset(str,0,SIZE);
else
! memset(str,0,strlen(str));
}
if ((hiv != NULL) && !set_hex(hiv,iv,8))
{
--- 506,514 ----
* bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf)
! OPENSSL_cleanse(str,SIZE);
else
! OPENSSL_cleanse(str,strlen(str));
}
if ((hiv != NULL) && !set_hex(hiv,iv,8))
{
***************
*** 604,610 ****
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
if(pass) OPENSSL_free(pass);
! EXIT(ret);
}
int set_hex(char *in, unsigned char *out, int size)
--- 604,610 ----
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
if(pass) OPENSSL_free(pass);
! OPENSSL_EXIT(ret);
}
int set_hex(char *in, unsigned char *out, int size)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/errstr.c ../RELENG_4_7/crypto/openssl/apps/errstr.c
*** crypto/openssl/apps/errstr.c Sun Nov 26 05:32:48 2000
--- ../RELENG_4_7/crypto/openssl/apps/errstr.c Fri Feb 21 07:24:19 2003
***************
*** 121,125 ****
ret++;
}
}
! EXIT(ret);
}
--- 121,125 ----
ret++;
}
}
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_4_7/crypto/openssl/apps/gendh.c
*** crypto/openssl/apps/gendh.c Sun Nov 26 05:32:48 2000
--- ../RELENG_4_7/crypto/openssl/apps/gendh.c Fri Feb 21 07:24:19 2003
***************
*** 184,190 ****
ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
! EXIT(ret);
}
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
--- 184,190 ----
ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
! OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_4_7/crypto/openssl/apps/gendsa.c
*** crypto/openssl/apps/gendsa.c Sun Nov 26 05:32:48 2000
--- ../RELENG_4_7/crypto/openssl/apps/gendsa.c Fri Feb 21 07:24:19 2003
***************
*** 220,225 ****
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) OPENSSL_free(passout);
! EXIT(ret);
}
#endif
--- 220,225 ----
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) OPENSSL_free(passout);
! OPENSSL_EXIT(ret);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_4_7/crypto/openssl/apps/genrsa.c
*** crypto/openssl/apps/genrsa.c Sun Nov 26 05:32:48 2000
--- ../RELENG_4_7/crypto/openssl/apps/genrsa.c Fri Feb 21 07:24:19 2003
***************
*** 224,230 ****
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
! EXIT(ret);
}
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
--- 224,230 ----
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
! OPENSSL_EXIT(ret);
}
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/nseq.c ../RELENG_4_7/crypto/openssl/apps/nseq.c
*** crypto/openssl/apps/nseq.c Sun Nov 26 05:32:48 2000
--- ../RELENG_4_7/crypto/openssl/apps/nseq.c Fri Feb 21 07:24:19 2003
***************
*** 102,108 ****
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
! EXIT(1);
}
if (infile) {
--- 102,108 ----
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
! OPENSSL_EXIT(1);
}
if (infile) {
***************
*** 162,167 ****
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
! EXIT(ret);
}
--- 162,167 ----
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_4_7/crypto/openssl/apps/openssl.c
*** crypto/openssl/apps/openssl.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/openssl.c Fri Feb 21 07:24:19 2003
***************
*** 77,87 ****
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
- LHASH *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
BIO *bio_err=NULL;
#endif
--- 77,87 ----
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
+ LHASH *config=NULL;
BIO *bio_err=NULL;
#endif
***************
*** 215,221 ****
BIO_free(bio_err);
bio_err=NULL;
}
! EXIT(ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
--- 215,221 ----
BIO_free(bio_err);
bio_err=NULL;
}
! OPENSSL_EXIT(ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/passwd.c ../RELENG_4_7/crypto/openssl/apps/passwd.c
*** crypto/openssl/apps/passwd.c Wed Jul 4 18:19:09 2001
--- ../RELENG_4_7/crypto/openssl/apps/passwd.c Fri Feb 21 07:24:19 2003
***************
*** 284,290 ****
BIO_free(in);
if (out)
BIO_free_all(out);
! EXIT(ret);
}
--- 284,290 ----
BIO_free(in);
if (out)
BIO_free_all(out);
! OPENSSL_EXIT(ret);
}
***************
*** 498,503 ****
int MAIN(int argc, char **argv)
{
fputs("Program not available.\n", stderr)
! EXIT(1);
}
#endif
--- 498,503 ----
int MAIN(int argc, char **argv)
{
fputs("Program not available.\n", stderr)
! OPENSSL_EXIT(1);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_4_7/crypto/openssl/apps/pkcs12.c
*** crypto/openssl/apps/pkcs12.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/pkcs12.c Fri Feb 21 07:24:19 2003
***************
*** 480,488 ****
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
! }
! sk_X509_free(chain2);
! if (vret) {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto export_end;
--- 480,489 ----
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
! /* Free first certificate */
! X509_free(sk_X509_value(chain2, 0));
! sk_X509_free(chain2);
! } else {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto export_end;
***************
*** 509,516 ****
}
sk_X509_pop_free(certs, X509_free);
certs = NULL;
- /* ucert is part of certs so it is already freed */
- ucert = NULL;
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
--- 510,515 ----
***************
*** 598,604 ****
if (certs) sk_X509_pop_free(certs, X509_free);
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
--- 597,602 ----
***************
*** 668,674 ****
if (canames) sk_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
! EXIT(ret);
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
--- 666,672 ----
if (canames) sk_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
! OPENSSL_EXIT(ret);
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_4_7/crypto/openssl/apps/pkcs7.c
*** crypto/openssl/apps/pkcs7.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/pkcs7.c Fri Feb 21 07:24:19 2003
***************
*** 154,160 ****
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
! EXIT(1);
}
ERR_load_crypto_strings();
--- 154,160 ----
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
! OPENSSL_EXIT(1);
}
ERR_load_crypto_strings();
***************
*** 289,293 ****
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
! EXIT(ret);
}
--- 289,293 ----
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_4_7/crypto/openssl/apps/pkcs8.c
*** crypto/openssl/apps/pkcs8.c Sun Nov 26 05:32:48 2000
--- ../RELENG_4_7/crypto/openssl/apps/pkcs8.c Fri Feb 21 07:24:19 2003
***************
*** 236,242 ****
if(passout) p8pass = passout;
else {
p8pass = pass;
! EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
}
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
--- 236,243 ----
if(passout) p8pass = passout;
else {
p8pass = pass;
! if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
! return (1);
}
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_4_7/crypto/openssl/apps/rand.c
*** crypto/openssl/apps/rand.c Sun Nov 26 05:32:48 2000
--- ../RELENG_4_7/crypto/openssl/apps/rand.c Fri Feb 21 07:24:19 2003
***************
*** 144,148 ****
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
! EXIT(ret);
}
--- 144,148 ----
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_4_7/crypto/openssl/apps/req.c
*** crypto/openssl/apps/req.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/req.c Fri Feb 21 07:24:19 2003
***************
*** 422,428 ****
if (template != NULL)
{
! long errline;
BIO_printf(bio_err,"Using configuration from %s\n",template);
req_conf=CONF_load(NULL,template,&errline);
--- 422,428 ----
if (template != NULL)
{
! long errline = -1;
BIO_printf(bio_err,"Using configuration from %s\n",template);
req_conf=CONF_load(NULL,template,&errline);
***************
*** 909,915 ****
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
! EXIT(ex);
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
--- 909,915 ----
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
! OPENSSL_EXIT(ex);
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_4_7/crypto/openssl/apps/rsa.c
*** crypto/openssl/apps/rsa.c Sun Nov 26 05:32:49 2000
--- ../RELENG_4_7/crypto/openssl/apps/rsa.c Fri Feb 21 07:24:19 2003
***************
*** 389,395 ****
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
! EXIT(ret);
}
#else /* !NO_RSA */
--- 389,395 ----
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
! OPENSSL_EXIT(ret);
}
#else /* !NO_RSA */
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_4_7/crypto/openssl/apps/s_client.c
*** crypto/openssl/apps/s_client.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/s_client.c Fri Feb 21 07:24:19 2003
***************
*** 768,781 ****
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
! if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
! if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
! EXIT(ret);
}
--- 768,781 ----
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
! if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
! if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_4_7/crypto/openssl/apps/s_server.c
*** crypto/openssl/apps/s_server.c Wed Jul 4 18:19:09 2001
--- ../RELENG_4_7/crypto/openssl/apps/s_server.c Fri Feb 21 07:24:19 2003
***************
*** 253,262 ****
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
! static int ebcdic_write(BIO *b, char *in, int inl);
! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
! static int ebcdic_puts(BIO *bp, char *str);
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
static BIO_METHOD methods_ebcdic=
--- 253,262 ----
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
! static int ebcdic_write(BIO *b, const char *in, int inl);
! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
! static int ebcdic_puts(BIO *bp, const char *str);
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
static BIO_METHOD methods_ebcdic=
***************
*** 321,327 ****
return(ret);
}
! static int ebcdic_write(BIO *b, char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
int ret=0;
--- 321,327 ----
return(ret);
}
! static int ebcdic_write(BIO *b, const char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
int ret=0;
***************
*** 354,360 ****
return(ret);
}
! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
{
long ret;
--- 354,360 ----
return(ret);
}
! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret;
***************
*** 373,379 ****
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
! int i, ret;
if (bp->next_bio == NULL) return(0);
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i=0; i<size-1; ++i)
--- 373,379 ----
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
! int i, ret=0;
if (bp->next_bio == NULL) return(0);
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i=0; i<size-1; ++i)
***************
*** 392,398 ****
return (ret < 0 && i == 0) ? ret : i;
}
! static int ebcdic_puts(BIO *bp, char *str)
{
if (bp->next_bio == NULL) return(0);
return ebcdic_write(bp, str, strlen(str));
--- 392,398 ----
return (ret < 0 && i == 0) ? ret : i;
}
! static int ebcdic_puts(BIO *bp, const char *str)
{
if (bp->next_bio == NULL) return(0);
return ebcdic_write(bp, str, strlen(str));
***************
*** 741,747 ****
BIO_free(bio_s_out);
bio_s_out=NULL;
}
! EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
--- 741,747 ----
BIO_free(bio_s_out);
bio_s_out=NULL;
}
! OPENSSL_EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
***************
*** 1043,1049 ****
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
if (buf != NULL)
{
! memset(buf,0,bufsize);
OPENSSL_free(buf);
}
if (ret >= 0)
--- 1043,1049 ----
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
if (buf != NULL)
{
! OPENSSL_cleanse(buf,bufsize);
OPENSSL_free(buf);
}
if (ret >= 0)
***************
*** 1250,1256 ****
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
! #ifndef MSDOS
sleep(1);
#endif
continue;
--- 1250,1256 ----
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
! #if !defined(MSDOS) && !defined(VXWORKS)
sleep(1);
#endif
continue;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_time.c ../RELENG_4_7/crypto/openssl/apps/s_time.c
*** crypto/openssl/apps/s_time.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/s_time.c Fri Feb 21 07:24:19 2003
***************
*** 116,121 ****
--- 116,126 ----
#include <sys/param.h>
#endif
+ #ifdef VXWORKS
+ #include <tickLib.h>
+ #undef SIGALRM
+ #endif
+
/* The following if from times(3) man page. It may need to be changed
*/
#ifndef HZ
***************
*** 461,467 ****
if (tm_cipher == NULL ) {
fprintf( stderr, "No CIPHER specified\n" );
! /* EXIT(1); */
}
if (!(perform & 1)) goto next;
--- 466,472 ----
if (tm_cipher == NULL ) {
fprintf( stderr, "No CIPHER specified\n" );
! /* OPENSSL_EXIT(1); */
}
if (!(perform & 1)) goto next;
***************
*** 628,634 ****
SSL_CTX_free(tm_ctx);
tm_ctx=NULL;
}
! EXIT(ret);
}
/***********************************************************************
--- 633,639 ----
SSL_CTX_free(tm_ctx);
tm_ctx=NULL;
}
! OPENSSL_EXIT(ret);
}
/***********************************************************************
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/sess_id.c ../RELENG_4_7/crypto/openssl/apps/sess_id.c
*** crypto/openssl/apps/sess_id.c Sun Nov 26 05:32:49 2000
--- ../RELENG_4_7/crypto/openssl/apps/sess_id.c Fri Feb 21 07:24:19 2003
***************
*** 272,278 ****
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
! EXIT(ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)
--- 272,278 ----
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
! OPENSSL_EXIT(ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_4_7/crypto/openssl/apps/speed.c
*** crypto/openssl/apps/speed.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/speed.c Fri Feb 21 07:24:19 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/apps/speed.c,v 1.3.2.4 2002/07/30 22:05:00 nectar Exp $
*/
/* most of this code has been pilfered from my libdes speed.c program */
--- 54,59 ----
***************
*** 691,697 ****
BIO_printf(bio_err,"\n");
#endif
! #ifdef TIMES
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
--- 689,695 ----
BIO_printf(bio_err,"\n");
#endif
! #if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
***************
*** 1414,1420 ****
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
! EXIT(mret);
}
static void print_message(char *s, long num, int length)
--- 1412,1418 ----
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
! OPENSSL_EXIT(mret);
}
static void print_message(char *s, long num, int length)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_4_7/crypto/openssl/apps/spkac.c
*** crypto/openssl/apps/spkac.c Sun Nov 26 05:32:49 2000
--- ../RELENG_4_7/crypto/openssl/apps/spkac.c Fri Feb 21 07:24:19 2003
***************
*** 288,292 ****
BIO_free(key);
EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin);
! EXIT(ret);
}
--- 288,292 ----
BIO_free(key);
EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin);
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_4_7/crypto/openssl/apps/verify.c
*** crypto/openssl/apps/verify.c Sun Nov 26 05:32:50 2000
--- ../RELENG_4_7/crypto/openssl/apps/verify.c Fri Feb 21 07:24:19 2003
***************
*** 213,219 ****
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
! EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
--- 213,219 ----
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
! OPENSSL_EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/version.c ../RELENG_4_7/crypto/openssl/apps/version.c
*** crypto/openssl/apps/version.c Sun Aug 20 03:45:59 2000
--- ../RELENG_4_7/crypto/openssl/apps/version.c Fri Feb 21 07:24:19 2003
***************
*** 128,132 ****
}
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
end:
! EXIT(ret);
}
--- 128,132 ----
}
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
end:
! OPENSSL_EXIT(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_4_7/crypto/openssl/apps/x509.c
*** crypto/openssl/apps/x509.c Tue Jul 30 17:05:00 2002
--- ../RELENG_4_7/crypto/openssl/apps/x509.c Fri Feb 21 07:24:19 2003
***************
*** 121,127 ****
" -CAkey arg - set the CA key, must be PEM format\n",
" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
! " -CAserial - serial file\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
--- 121,127 ----
" -CAkey arg - set the CA key, must be PEM format\n",
" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
! " -CAserial arg - serial file\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
***************
*** 447,453 ****
if (extfile)
{
! long errorline;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
{
--- 447,453 ----
if (extfile)
{
! long errorline = -1;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
{
***************
*** 961,967 ****
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if (passin) OPENSSL_free(passin);
! EXIT(ret);
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
--- 961,967 ----
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if (passin) OPENSSL_free(passin);
! OPENSSL_EXIT(ret);
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_4_7/crypto/openssl/config
*** crypto/openssl/config Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/config Fri Feb 21 07:24:19 2003
***************
*** 317,322 ****
--- 317,326 ----
*CRAY*)
echo "j90-cray-unicos"; exit 0;
;;
+
+ NONSTOP_KERNEL*)
+ echo "nsr-tandem-nsk"; exit 0;
+ ;;
esac
#
***************
*** 473,479 ****
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure irix64-mips4-$CC' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
! read waste < /dev/tty
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
--- 477,484 ----
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure irix64-mips4-$CC' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
! # Do not stop if /dev/tty is unavailable
! (read waste < /dev/tty) || true
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
***************
*** 528,534 ****
#echo "WARNING! If you wish to build 64-bit library, then you have to"
#echo " invoke './Configure linux64-sparcv9' *manually*."
#echo " Type return if you want to continue, Ctrl-C to abort."
! #read waste < /dev/tty
OUT="linux-sparcv9" ;;
sparc-*-linux2)
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
--- 533,540 ----
#echo "WARNING! If you wish to build 64-bit library, then you have to"
#echo " invoke './Configure linux64-sparcv9' *manually*."
#echo " Type return if you want to continue, Ctrl-C to abort."
! # Do not stop if /dev/tty is unavailable
! #(read waste < /dev/tty) || true
OUT="linux-sparcv9" ;;
sparc-*-linux2)
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
***************
*** 569,575 ****
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
! read waste < /dev/tty
fi
OUT="solaris-sparcv9-$CC" ;;
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
--- 575,582 ----
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
! # Do not stop if /dev/tty is unavailable
! (read waste < /dev/tty) || true
fi
OUT="solaris-sparcv9-$CC" ;;
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
***************
*** 630,635 ****
--- 637,643 ----
*-*-cygwin) OUT="Cygwin" ;;
t3e-cray-unicosmk) OUT="cray-t3e" ;;
j90-cray-unicos) OUT="cray-j90" ;;
+ nsr-tandem-nsk) OUT="tandem-c89" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/Makefile.ssl
*** crypto/openssl/crypto/Makefile.ssl Tue Jul 30 17:05:02 2002
--- ../RELENG_4_7/crypto/openssl/crypto/Makefile.ssl Fri Feb 21 07:24:20 2003
***************
*** 34,41 ****
GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
! LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
! LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
SRC= $(LIBSRC)
--- 34,41 ----
GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
! LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
! LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
SRC= $(LIBSRC)
***************
*** 129,135 ****
depend:
if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
! $(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
if [ ! -s buildinf.h ]; then rm buildinf.h; fi
@for i in $(SDIRS) ;\
do \
--- 129,135 ----
depend:
if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
! $(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
if [ ! -s buildinf.h ]; then rm buildinf.h; fi
@for i in $(SDIRS) ;\
do \
***************
*** 185,190 ****
--- 185,193 ----
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+ mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
+ mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ mem_clr.o: ../include/openssl/symhacks.h
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/asn1/Makefile.ssl
*** crypto/openssl/crypto/asn1/Makefile.ssl Tue Jul 30 17:05:03 2002
--- ../RELENG_4_7/crypto/openssl/crypto/asn1/Makefile.ssl Fri Feb 21 07:24:20 2003
***************
*** 104,110 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 104,110 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_sign.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_sign.c
*** crypto/openssl/crypto/asn1/a_sign.c Tue Jul 30 17:05:03 2002
--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_sign.c Fri Feb 21 07:24:20 2003
***************
*** 199,208 ****
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
err:
! memset(&ctx,0,sizeof(ctx));
if (buf_in != NULL)
! { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL)
! { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
return(outl);
}
--- 199,208 ----
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
err:
! OPENSSL_cleanse(&ctx,sizeof(ctx));
if (buf_in != NULL)
! { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL)
! { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
return(outl);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_strex.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_strex.c
*** crypto/openssl/crypto/asn1/a_strex.c Sun Nov 26 05:38:42 2000
--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_strex.c Fri Feb 21 07:24:20 2003
***************
*** 519,525 ****
{
ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret;
! if(!*out || !in) return -1;
type = in->type;
if((type < 0) || (type > 30)) return -1;
mbflag = tag2nbyte[type];
--- 519,525 ----
{
ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret;
! if(!in) return -1;
type = in->type;
if((type < 0) || (type > 30)) return -1;
mbflag = tag2nbyte[type];
***************
*** 528,533 ****
stmp.data = NULL;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
if(ret < 0) return ret;
! if(out) *out = stmp.data;
return stmp.length;
}
--- 528,533 ----
stmp.data = NULL;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
if(ret < 0) return ret;
! *out = stmp.data;
return stmp.length;
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_utctm.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_utctm.c
*** crypto/openssl/crypto/asn1/a_utctm.c Tue Jul 30 17:05:03 2002
--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_utctm.c Fri Feb 21 07:24:20 2003
***************
*** 246,251 ****
--- 246,253 ----
ts=(struct tm *)localtime(&t);
}
#endif
+ if (ts == NULL)
+ return(NULL);
p=(char *)s->data;
if ((p == NULL) || (s->length < 14))
{
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_verify.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_verify.c
*** crypto/openssl/crypto/asn1/a_verify.c Sun Nov 26 05:32:59 2000
--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_verify.c Fri Feb 21 07:24:20 2003
***************
*** 100,106 ****
EVP_VerifyInit(&ctx,type);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
! memset(buf_in,0,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
--- 100,106 ----
EVP_VerifyInit(&ctx,type);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
! OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/n_pkey.c ../RELENG_4_7/crypto/openssl/crypto/asn1/n_pkey.c
*** crypto/openssl/crypto/asn1/n_pkey.c Sun Nov 26 05:33:00 2000
--- ../RELENG_4_7/crypto/openssl/crypto/asn1/n_pkey.c Fri Feb 21 07:24:20 2003
***************
*** 181,187 ****
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
! memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
--- 181,187 ----
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
! OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
***************
*** 292,298 ****
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
! memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
--- 292,298 ----
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
! OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/p8_pkey.c ../RELENG_4_7/crypto/openssl/crypto/asn1/p8_pkey.c
*** crypto/openssl/crypto/asn1/p8_pkey.c Sun Nov 26 05:33:01 2000
--- ../RELENG_4_7/crypto/openssl/crypto/asn1/p8_pkey.c Fri Feb 21 07:24:20 2003
***************
*** 119,126 ****
X509_ALGOR_free(a->pkeyalg);
/* Clear sensitive data */
if (a->pkey->value.octet_string)
! memset (a->pkey->value.octet_string->data,
! 0, a->pkey->value.octet_string->length);
ASN1_TYPE_free (a->pkey);
sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
OPENSSL_free (a);
--- 119,126 ----
X509_ALGOR_free(a->pkeyalg);
/* Clear sensitive data */
if (a->pkey->value.octet_string)
! OPENSSL_cleanse(a->pkey->value.octet_string->data,
! a->pkey->value.octet_string->length);
ASN1_TYPE_free (a->pkey);
sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
OPENSSL_free (a);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/bf/Makefile.ssl
*** crypto/openssl/crypto/bf/Makefile.ssl Wed Jul 4 18:19:13 2001
--- ../RELENG_4_7/crypto/openssl/crypto/bf/Makefile.ssl Fri Feb 21 07:24:20 2003
***************
*** 96,102 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 96,102 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/bftest.c ../RELENG_4_7/crypto/openssl/crypto/bf/bftest.c
*** crypto/openssl/crypto/bf/bftest.c Sun Nov 26 05:33:09 2000
--- ../RELENG_4_7/crypto/openssl/crypto/bf/bftest.c Fri Feb 21 07:24:21 2003
***************
*** 63,68 ****
--- 63,70 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_BF
int main(int argc, char *argv[])
{
***************
*** 275,281 ****
else
ret=test();
! exit(ret);
return(0);
}
--- 277,283 ----
else
ret=test();
! EXIT(ret);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/bio/Makefile.ssl
*** crypto/openssl/crypto/bio/Makefile.ssl Tue Jul 30 17:05:08 2002
--- ../RELENG_4_7/crypto/openssl/crypto/bio/Makefile.ssl Fri Feb 21 07:24:21 2003
***************
*** 78,84 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 78,84 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_4_7/crypto/openssl/crypto/bio/bio.h
*** crypto/openssl/crypto/bio/bio.h Tue Jul 30 17:05:08 2002
--- ../RELENG_4_7/crypto/openssl/crypto/bio/bio.h Fri Feb 21 07:24:21 2003
***************
*** 241,247 ****
long (_far *ctrl)();
int (_far *create)();
int (_far *destroy)();
! long (_fat *callback_ctrl)();
} BIO_METHOD;
#endif
--- 241,247 ----
long (_far *ctrl)();
int (_far *create)();
int (_far *destroy)();
! long (_far *callback_ctrl)();
} BIO_METHOD;
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/bn/Makefile.ssl
*** crypto/openssl/crypto/bn/Makefile.ssl Tue Jul 30 17:05:09 2002
--- ../RELENG_4_7/crypto/openssl/crypto/bn/Makefile.ssl Fri Feb 21 07:24:21 2003
***************
*** 159,165 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 159,165 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn.h ../RELENG_4_7/crypto/openssl/crypto/bn/bn.h
*** crypto/openssl/crypto/bn/bn.h Tue Jul 30 17:05:09 2002
--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn.h Fri Feb 21 07:24:21 2003
***************
*** 155,161 ****
#define BN_BYTES 4
#define BN_BITS2 32
#define BN_BITS4 16
! #ifdef _MSC_VER
/* VC++ doesn't like the LL suffix */
#define BN_MASK (0xffffffffffffffffL)
#else
--- 155,161 ----
#define BN_BYTES 4
#define BN_BITS2 32
#define BN_BITS4 16
! #if defined(_MSC_VER) || defined(__BORLANDC__)
/* VC++ doesn't like the LL suffix */
#define BN_MASK (0xffffffffffffffffL)
#else
***************
*** 413,419 ****
BN_CTX *ctx);
int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
--- 413,419 ----
BN_CTX *ctx);
int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lib.c ../RELENG_4_7/crypto/openssl/crypto/bn/bn_lib.c
*** crypto/openssl/crypto/bn/bn_lib.c Wed Jul 4 18:19:14 2001
--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn_lib.c Fri Feb 21 07:24:21 2003
***************
*** 263,274 ****
if (a == NULL) return;
if (a->d != NULL)
{
! memset(a->d,0,a->dmax*sizeof(a->d[0]));
if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
OPENSSL_free(a->d);
}
i=BN_get_flags(a,BN_FLG_MALLOCED);
! memset(a,0,sizeof(BIGNUM));
if (i)
OPENSSL_free(a);
}
--- 263,274 ----
if (a == NULL) return;
if (a->d != NULL)
{
! OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
OPENSSL_free(a->d);
}
i=BN_get_flags(a,BN_FLG_MALLOCED);
! OPENSSL_cleanse(a,sizeof(BIGNUM));
if (i)
OPENSSL_free(a);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_rand.c ../RELENG_4_7/crypto/openssl/crypto/bn/bn_rand.c
*** crypto/openssl/crypto/bn/bn_rand.c Tue Jul 30 17:05:10 2002
--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn_rand.c Fri Feb 21 07:24:21 2003
***************
*** 201,207 ****
err:
if (buf != NULL)
{
! memset(buf,0,bytes);
OPENSSL_free(buf);
}
return(ret);
--- 201,207 ----
err:
if (buf != NULL)
{
! OPENSSL_cleanse(buf,bytes);
OPENSSL_free(buf);
}
return(ret);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_word.c ../RELENG_4_7/crypto/openssl/crypto/bn/bn_word.c
*** crypto/openssl/crypto/bn/bn_word.c Sun Nov 26 05:33:19 2000
--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn_word.c Fri Feb 21 07:24:21 2003
***************
*** 123,129 ****
i=0;
for (;;)
{
! l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
a->d[i]=l;
if (w > l)
w=1;
--- 123,132 ----
i=0;
for (;;)
{
! if (i >= a->top)
! l=w;
! else
! l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
a->d[i]=l;
if (w > l)
w=1;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bntest.c ../RELENG_4_7/crypto/openssl/crypto/bn/bntest.c
*** crypto/openssl/crypto/bn/bntest.c Wed Jul 4 18:19:14 2001
--- ../RELENG_4_7/crypto/openssl/crypto/bn/bntest.c Fri Feb 21 07:24:21 2003
***************
*** 139,148 ****
ctx=BN_CTX_new();
! if (ctx == NULL) exit(1);
out=BIO_new(BIO_s_file());
! if (out == NULL) exit(1);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
--- 139,148 ----
ctx=BN_CTX_new();
! if (ctx == NULL) EXIT(1);
out=BIO_new(BIO_s_file());
! if (out == NULL) EXIT(1);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
***************
*** 152,158 ****
if (!BIO_write_filename(out,outfile))
{
perror(outfile);
! exit(1);
}
}
--- 152,158 ----
if (!BIO_write_filename(out,outfile))
{
perror(outfile);
! EXIT(1);
}
}
***************
*** 228,241 ****
BIO_free(out);
/**/
! exit(0);
err:
BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
* the failure, see test_bn in test/Makefile.ssl*/
BIO_flush(out);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
! exit(1);
return(1);
}
--- 228,241 ----
BIO_free(out);
/**/
! EXIT(0);
err:
BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
* the failure, see test_bn in test/Makefile.ssl*/
BIO_flush(out);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
! EXIT(1);
return(1);
}
***************
*** 746,752 ****
while ((l=ERR_get_error()))
fprintf(stderr,"ERROR:%s\n",
ERR_error_string(l,NULL));
! exit(1);
}
if (bp != NULL)
{
--- 746,752 ----
while ((l=ERR_get_error()))
fprintf(stderr,"ERROR:%s\n",
ERR_error_string(l,NULL));
! EXIT(1);
}
if (bp != NULL)
{
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/exptest.c ../RELENG_4_7/crypto/openssl/crypto/bn/exptest.c
*** crypto/openssl/crypto/bn/exptest.c Sun Aug 20 03:46:16 2000
--- ../RELENG_4_7/crypto/openssl/crypto/bn/exptest.c Fri Feb 21 07:24:21 2003
***************
*** 59,64 ****
--- 59,67 ----
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+
+ #include "../e_os.h"
+
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
***************
*** 86,92 ****
ERR_load_BN_strings();
ctx=BN_CTX_new();
! if (ctx == NULL) exit(1);
r_mont=BN_new();
r_recp=BN_new();
r_simple=BN_new();
--- 89,95 ----
ERR_load_BN_strings();
ctx=BN_CTX_new();
! if (ctx == NULL) EXIT(1);
r_mont=BN_new();
r_recp=BN_new();
r_simple=BN_new();
***************
*** 99,105 ****
out=BIO_new(BIO_s_file());
! if (out == NULL) exit(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
for (i=0; i<200; i++)
--- 102,108 ----
out=BIO_new(BIO_s_file());
! if (out == NULL) EXIT(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
for (i=0; i<200; i++)
***************
*** 124,130 ****
{
printf("BN_mod_exp_mont() problems\n");
ERR_print_errors(out);
! exit(1);
}
ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
--- 127,133 ----
{
printf("BN_mod_exp_mont() problems\n");
ERR_print_errors(out);
! EXIT(1);
}
ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
***************
*** 132,138 ****
{
printf("BN_mod_exp_recp() problems\n");
ERR_print_errors(out);
! exit(1);
}
ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
--- 135,141 ----
{
printf("BN_mod_exp_recp() problems\n");
ERR_print_errors(out);
! EXIT(1);
}
ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
***************
*** 140,146 ****
{
printf("BN_mod_exp_simple() problems\n");
ERR_print_errors(out);
! exit(1);
}
if (BN_cmp(r_simple, r_mont) == 0
--- 143,149 ----
{
printf("BN_mod_exp_simple() problems\n");
ERR_print_errors(out);
! EXIT(1);
}
if (BN_cmp(r_simple, r_mont) == 0
***************
*** 163,169 ****
printf("\nrecp ="); BN_print(out,r_recp);
printf("\nmont ="); BN_print(out,r_mont);
printf("\n");
! exit(1);
}
}
BN_free(r_mont);
--- 166,172 ----
printf("\nrecp ="); BN_print(out,r_recp);
printf("\nmont ="); BN_print(out,r_mont);
printf("\n");
! EXIT(1);
}
}
BN_free(r_mont);
***************
*** 177,187 ****
CRYPTO_mem_leaks(out);
BIO_free(out);
printf(" done\n");
! exit(0);
err:
ERR_load_crypto_strings();
ERR_print_errors(out);
! exit(1);
return(1);
}
--- 180,190 ----
CRYPTO_mem_leaks(out);
BIO_free(out);
printf(" done\n");
! EXIT(0);
err:
ERR_load_crypto_strings();
ERR_print_errors(out);
! EXIT(1);
return(1);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/buffer/Makefile.ssl
*** crypto/openssl/crypto/buffer/Makefile.ssl Wed Jul 4 18:19:16 2001
--- ../RELENG_4_7/crypto/openssl/crypto/buffer/Makefile.ssl Fri Feb 21 07:24:21 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/cast/Makefile.ssl
*** crypto/openssl/crypto/cast/Makefile.ssl Wed Jul 4 18:19:16 2001
--- ../RELENG_4_7/crypto/openssl/crypto/cast/Makefile.ssl Fri Feb 21 07:24:21 2003
***************
*** 97,103 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 97,103 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/casttest.c ../RELENG_4_7/crypto/openssl/crypto/cast/casttest.c
*** crypto/openssl/crypto/cast/casttest.c Sun Aug 20 03:46:18 2000
--- ../RELENG_4_7/crypto/openssl/crypto/cast/casttest.c Fri Feb 21 07:24:21 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_CAST
int main(int argc, char *argv[])
{
***************
*** 224,230 ****
}
#endif
! exit(err);
return(err);
}
#endif
--- 226,232 ----
}
#endif
! EXIT(err);
return(err);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/comp/Makefile.ssl
*** crypto/openssl/crypto/comp/Makefile.ssl Tue Jul 30 17:05:18 2002
--- ../RELENG_4_7/crypto/openssl/crypto/comp/Makefile.ssl Fri Feb 21 07:24:21 2003
***************
*** 71,77 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 71,77 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/conf/Makefile.ssl
*** crypto/openssl/crypto/conf/Makefile.ssl Tue Jul 30 17:05:19 2002
--- ../RELENG_4_7/crypto/openssl/crypto/conf/Makefile.ssl Fri Feb 21 07:24:21 2003
***************
*** 69,75 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 69,75 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_def.c ../RELENG_4_7/crypto/openssl/crypto/conf/conf_def.c
*** crypto/openssl/crypto/conf/conf_def.c Tue Jul 30 17:05:19 2002
--- ../RELENG_4_7/crypto/openssl/crypto/conf/conf_def.c Fri Feb 21 07:24:21 2003
***************
*** 224,232 ****
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
bufnum=0;
for (;;)
{
- again=0;
if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
{
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
--- 224,232 ----
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
bufnum=0;
+ again=0;
for (;;)
{
if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
{
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
***************
*** 237,243 ****
BIO_gets(in, p, BUFSIZE-1);
p[BUFSIZE-1]='\0';
ii=i=strlen(p);
! if (i == 0) break;
while (i > 0)
{
if ((p[i-1] != '\r') && (p[i-1] != '\n'))
--- 237,244 ----
BIO_gets(in, p, BUFSIZE-1);
p[BUFSIZE-1]='\0';
ii=i=strlen(p);
! if (i == 0 && !again) break;
! again=0;
while (i > 0)
{
if ((p[i-1] != '\r') && (p[i-1] != '\n'))
***************
*** 247,253 ****
}
/* we removed some trailing stuff so there is a new
* line on the end. */
! if (i == ii)
again=1; /* long line */
else
{
--- 248,254 ----
}
/* we removed some trailing stuff so there is a new
* line on the end. */
! if (ii && i == ii)
again=1; /* long line */
else
{
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.c ../RELENG_4_7/crypto/openssl/crypto/cryptlib.c
*** crypto/openssl/crypto/cryptlib.c Sun Aug 11 09:13:58 2002
--- ../RELENG_4_7/crypto/openssl/crypto/cryptlib.c Fri Feb 21 07:24:20 2003
***************
*** 58,63 ****
--- 58,64 ----
#include <stdio.h>
#include <string.h>
+ #include <assert.h>
#include "cryptlib.h"
#include <openssl/crypto.h>
#include <openssl/safestack.h>
***************
*** 89,94 ****
--- 90,96 ----
"ssl_session",
"ssl_sess_cert",
"ssl",
+ /* "ssl_method", */
"rand",
"rand2",
"debug_malloc",
***************
*** 204,213 ****
i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
/* If there was none, push, thereby creating a new one */
if (i == -1)
! i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
! if (!i)
{
dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
OPENSSL_free(pointer);
--- 206,223 ----
i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
/* If there was none, push, thereby creating a new one */
if (i == -1)
! /* Since sk_push() returns the number of items on the
! stack, not the location of the pushed item, we need
! to transform the returned number into a position,
! by decreasing it. */
! i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
! else
! /* If we found a place with a NULL pointer, put our pointer
! in it. */
! sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
! if (i == -1)
{
dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
OPENSSL_free(pointer);
***************
*** 399,414 ****
#endif
if (type < 0)
{
! int i = -type - 1;
! struct CRYPTO_dynlock_value *pointer
! = CRYPTO_get_dynlock_value(i);
!
! if (pointer && dynlock_lock_callback)
{
dynlock_lock_callback(mode, pointer, file, line);
- }
! CRYPTO_destroy_dynlockid(i);
}
else
if (locking_callback != NULL)
--- 409,425 ----
#endif
if (type < 0)
{
! if (dynlock_lock_callback != NULL)
{
+ struct CRYPTO_dynlock_value *pointer
+ = CRYPTO_get_dynlock_value(type);
+
+ assert(pointer != NULL);
+
dynlock_lock_callback(mode, pointer, file, line);
! CRYPTO_destroy_dynlockid(type);
! }
}
else
if (locking_callback != NULL)
***************
*** 459,465 ****
return("dynamic");
else if (type < CRYPTO_NUM_LOCKS)
return(lock_names[type]);
! else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
return("ERROR");
else
return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
--- 470,476 ----
return("dynamic");
else if (type < CRYPTO_NUM_LOCKS)
return(lock_names[type]);
! else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
return("ERROR");
else
return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/crypto.h ../RELENG_4_7/crypto/openssl/crypto/crypto.h
*** crypto/openssl/crypto/crypto.h Tue Jul 30 17:05:02 2002
--- ../RELENG_4_7/crypto/openssl/crypto/crypto.h Fri Feb 21 07:24:20 2003
***************
*** 95,129 ****
* names in cryptlib.c
*/
! #define CRYPTO_LOCK_ERR 1
! #define CRYPTO_LOCK_ERR_HASH 2
! #define CRYPTO_LOCK_X509 3
! #define CRYPTO_LOCK_X509_INFO 4
! #define CRYPTO_LOCK_X509_PKEY 5
#define CRYPTO_LOCK_X509_CRL 6
#define CRYPTO_LOCK_X509_REQ 7
#define CRYPTO_LOCK_DSA 8
#define CRYPTO_LOCK_RSA 9
#define CRYPTO_LOCK_EVP_PKEY 10
! #define CRYPTO_LOCK_X509_STORE 11
! #define CRYPTO_LOCK_SSL_CTX 12
! #define CRYPTO_LOCK_SSL_CERT 13
! #define CRYPTO_LOCK_SSL_SESSION 14
! #define CRYPTO_LOCK_SSL_SESS_CERT 15
! #define CRYPTO_LOCK_SSL 16
! #define CRYPTO_LOCK_RAND 17
! #define CRYPTO_LOCK_RAND2 18
! #define CRYPTO_LOCK_MALLOC 19
! #define CRYPTO_LOCK_BIO 20
! #define CRYPTO_LOCK_GETHOSTBYNAME 21
! #define CRYPTO_LOCK_GETSERVBYNAME 22
! #define CRYPTO_LOCK_READDIR 23
! #define CRYPTO_LOCK_RSA_BLINDING 24
! #define CRYPTO_LOCK_DH 25
! #define CRYPTO_LOCK_MALLOC2 26
! #define CRYPTO_LOCK_DSO 27
! #define CRYPTO_LOCK_DYNLOCK 28
! #define CRYPTO_NUM_LOCKS 29
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
--- 95,132 ----
* names in cryptlib.c
*/
! #define CRYPTO_LOCK_ERR 1
! #define CRYPTO_LOCK_ERR_HASH 2
! #define CRYPTO_LOCK_X509 3
! #define CRYPTO_LOCK_X509_INFO 4
! #define CRYPTO_LOCK_X509_PKEY 5
#define CRYPTO_LOCK_X509_CRL 6
#define CRYPTO_LOCK_X509_REQ 7
#define CRYPTO_LOCK_DSA 8
#define CRYPTO_LOCK_RSA 9
#define CRYPTO_LOCK_EVP_PKEY 10
! #define CRYPTO_LOCK_X509_STORE 11
! #define CRYPTO_LOCK_SSL_CTX 12
! #define CRYPTO_LOCK_SSL_CERT 13
! #define CRYPTO_LOCK_SSL_SESSION 14
! #define CRYPTO_LOCK_SSL_SESS_CERT 15
! #define CRYPTO_LOCK_SSL 16
! /* for binary compatibility between 0.9.6 minor versions,
! * reuse an existing lock (later version use a new one): */
! # define CRYPTO_LOCK_SSL_METHOD CRYPTO_LOCK_SSL_CTX
! #define CRYPTO_LOCK_RAND 17
! #define CRYPTO_LOCK_RAND2 18
! #define CRYPTO_LOCK_MALLOC 19
! #define CRYPTO_LOCK_BIO 20
! #define CRYPTO_LOCK_GETHOSTBYNAME 21
! #define CRYPTO_LOCK_GETSERVBYNAME 22
! #define CRYPTO_LOCK_READDIR 23
! #define CRYPTO_LOCK_RSA_BLINDING 24
! #define CRYPTO_LOCK_DH 25
! #define CRYPTO_LOCK_MALLOC2 26
! #define CRYPTO_LOCK_DSO 27
! #define CRYPTO_LOCK_DYNLOCK 28
! #define CRYPTO_NUM_LOCKS 29
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
***************
*** 145,151 ****
#endif
#else
#define CRYPTO_w_lock(a)
! #define CRYPTO_w_unlock(a)
#define CRYPTO_r_lock(a)
#define CRYPTO_r_unlock(a)
#define CRYPTO_add(a,b,c) ((*(a))+=(b))
--- 148,154 ----
#endif
#else
#define CRYPTO_w_lock(a)
! #define CRYPTO_w_unlock(a)
#define CRYPTO_r_lock(a)
#define CRYPTO_r_unlock(a)
#define CRYPTO_add(a,b,c) ((*(a))+=(b))
***************
*** 341,346 ****
--- 344,351 ----
void CRYPTO_free(void *);
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
+
+ void OPENSSL_cleanse(void *ptr, size_t len);
void CRYPTO_set_mem_debug_options(long bits);
long CRYPTO_get_mem_debug_options(void);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/des/Makefile.ssl
*** crypto/openssl/crypto/des/Makefile.ssl Wed Jul 4 18:19:18 2001
--- ../RELENG_4_7/crypto/openssl/crypto/des/Makefile.ssl Fri Feb 21 07:24:21 2003
***************
*** 130,136 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 130,136 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 192,199 ****
qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
! read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
! read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
--- 192,202 ----
qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
! read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
! read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
! read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
! read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
! read2pwd.o: des_locl.h
read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
***************
*** 206,212 ****
rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
set_key.o: ../../include/openssl/opensslconf.h des_locl.h
! str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
! str2key.o: ../../include/openssl/opensslconf.h des_locl.h
xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
--- 209,218 ----
rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
set_key.o: ../../include/openssl/opensslconf.h des_locl.h
! str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
! str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
! str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
! str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
! str2key.o: des_locl.h
xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.c ../RELENG_4_7/crypto/openssl/crypto/des/des.c
*** crypto/openssl/crypto/des/des.c Sun Nov 26 05:33:25 2000
--- ../RELENG_4_7/crypto/openssl/crypto/des/des.c Fri Feb 21 07:24:21 2003
***************
*** 86,91 ****
--- 86,92 ----
#endif
#include <sys/stat.h>
#endif
+ #include <openssl/crypto.h>
#include <openssl/des.h>
#include <openssl/rand.h>
***************
*** 423,429 ****
k2[i-8]=k;
}
des_set_key_unchecked(&k2,ks2);
! memset(k2,0,sizeof(k2));
}
else if (longk || flag3)
{
--- 424,430 ----
k2[i-8]=k;
}
des_set_key_unchecked(&k2,ks2);
! OPENSSL_cleanse(k2,sizeof(k2));
}
else if (longk || flag3)
{
***************
*** 431,437 ****
{
des_string_to_2keys(key,&kk,&k2);
des_set_key_unchecked(&k2,ks2);
! memset(k2,0,sizeof(k2));
}
else
des_string_to_key(key,&kk);
--- 432,438 ----
{
des_string_to_2keys(key,&kk,&k2);
des_set_key_unchecked(&k2,ks2);
! OPENSSL_cleanse(k2,sizeof(k2));
}
else
des_string_to_key(key,&kk);
***************
*** 453,460 ****
}
des_set_key_unchecked(&kk,ks);
! memset(key,0,sizeof(key));
! memset(kk,0,sizeof(kk));
/* woops - A bug that does not showup under unix :-( */
memset(iv,0,sizeof(iv));
memset(iv2,0,sizeof(iv2));
--- 454,461 ----
}
des_set_key_unchecked(&kk,ks);
! OPENSSL_cleanse(key,sizeof(key));
! OPENSSL_cleanse(kk,sizeof(kk));
/* woops - A bug that does not showup under unix :-( */
memset(iv,0,sizeof(iv));
memset(iv2,0,sizeof(iv2));
***************
*** 662,679 ****
if (l) fclose(CKSUM_OUT);
}
problems:
! memset(buf,0,sizeof(buf));
! memset(obuf,0,sizeof(obuf));
! memset(ks,0,sizeof(ks));
! memset(ks2,0,sizeof(ks2));
! memset(iv,0,sizeof(iv));
! memset(iv2,0,sizeof(iv2));
! memset(kk,0,sizeof(kk));
! memset(k2,0,sizeof(k2));
! memset(uubuf,0,sizeof(uubuf));
! memset(b,0,sizeof(b));
! memset(bb,0,sizeof(bb));
! memset(cksum,0,sizeof(cksum));
if (Exit) EXIT(Exit);
}
--- 663,680 ----
if (l) fclose(CKSUM_OUT);
}
problems:
! OPENSSL_cleanse(buf,sizeof(buf));
! OPENSSL_cleanse(obuf,sizeof(obuf));
! OPENSSL_cleanse(ks,sizeof(ks));
! OPENSSL_cleanse(ks2,sizeof(ks2));
! OPENSSL_cleanse(iv,sizeof(iv));
! OPENSSL_cleanse(iv2,sizeof(iv2));
! OPENSSL_cleanse(kk,sizeof(kk));
! OPENSSL_cleanse(k2,sizeof(k2));
! OPENSSL_cleanse(uubuf,sizeof(uubuf));
! OPENSSL_cleanse(b,sizeof(b));
! OPENSSL_cleanse(bb,sizeof(bb));
! OPENSSL_cleanse(cksum,sizeof(cksum));
if (Exit) EXIT(Exit);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read2pwd.c ../RELENG_4_7/crypto/openssl/crypto/des/read2pwd.c
*** crypto/openssl/crypto/des/read2pwd.c Mon Jan 10 00:21:37 2000
--- ../RELENG_4_7/crypto/openssl/crypto/des/read2pwd.c Fri Feb 21 07:24:21 2003
***************
*** 57,62 ****
--- 57,63 ----
*/
#include "des_locl.h"
+ #include <openssl/crypto.h>
int des_read_password(des_cblock *key, const char *prompt, int verify)
{
***************
*** 65,72 ****
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_key(buf,key);
! memset(buf,0,BUFSIZ);
! memset(buff,0,BUFSIZ);
return(ok);
}
--- 66,73 ----
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_key(buf,key);
! OPENSSL_cleanse(buf,BUFSIZ);
! OPENSSL_cleanse(buff,BUFSIZ);
return(ok);
}
***************
*** 78,84 ****
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_2keys(buf,key1,key2);
! memset(buf,0,BUFSIZ);
! memset(buff,0,BUFSIZ);
return(ok);
}
--- 79,85 ----
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_2keys(buf,key1,key2);
! OPENSSL_cleanse(buf,BUFSIZ);
! OPENSSL_cleanse(buff,BUFSIZ);
return(ok);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read_pwd.c ../RELENG_4_7/crypto/openssl/crypto/des/read_pwd.c
*** crypto/openssl/crypto/des/read_pwd.c Tue Jul 30 17:05:20 2002
--- ../RELENG_4_7/crypto/openssl/crypto/des/read_pwd.c Fri Feb 21 07:24:21 2003
***************
*** 218,224 ****
int ret;
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
! memset(buff,0,BUFSIZ);
return(ret);
}
--- 218,224 ----
int ret;
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
! OPENSSL_cleanse(buff,BUFSIZ);
return(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/str2key.c ../RELENG_4_7/crypto/openssl/crypto/des/str2key.c
*** crypto/openssl/crypto/des/str2key.c Sun Aug 20 03:46:20 2000
--- ../RELENG_4_7/crypto/openssl/crypto/des/str2key.c Fri Feb 21 07:24:21 2003
***************
*** 56,61 ****
--- 56,62 ----
* [including the GNU Public Licence.]
*/
+ #include <openssl/crypto.h>
#include "des_locl.h"
void des_string_to_key(const char *str, des_cblock *key)
***************
*** 88,94 ****
des_set_odd_parity(key);
des_set_key_unchecked(key,ks);
des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
! memset(ks,0,sizeof(ks));
des_set_odd_parity(key);
}
--- 89,95 ----
des_set_odd_parity(key);
des_set_key_unchecked(key,ks);
des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
! OPENSSL_cleanse(ks,sizeof(ks));
des_set_odd_parity(key);
}
***************
*** 149,155 ****
des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
des_set_key_unchecked(key2,ks);
des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
! memset(ks,0,sizeof(ks));
des_set_odd_parity(key1);
des_set_odd_parity(key2);
}
--- 150,156 ----
des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
des_set_key_unchecked(key2,ks);
des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
! OPENSSL_cleanse(ks,sizeof(ks));
des_set_odd_parity(key1);
des_set_odd_parity(key2);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/dh/Makefile.ssl
*** crypto/openssl/crypto/dh/Makefile.ssl Wed Jul 4 18:19:21 2001
--- ../RELENG_4_7/crypto/openssl/crypto/dh/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dhtest.c ../RELENG_4_7/crypto/openssl/crypto/dh/dhtest.c
*** crypto/openssl/crypto/dh/dhtest.c Tue Jul 30 17:05:23 2002
--- ../RELENG_4_7/crypto/openssl/crypto/dh/dhtest.c Fri Feb 21 07:24:22 2003
***************
*** 59,64 ****
--- 59,67 ----
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+
+ #include "../e_os.h"
+
#ifdef WINDOWS
#include "../bio/bss_file.c"
#endif
***************
*** 107,113 ****
RAND_seed(rnd_seed, sizeof rnd_seed);
out=BIO_new(BIO_s_file());
! if (out == NULL) exit(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
--- 110,116 ----
RAND_seed(rnd_seed, sizeof rnd_seed);
out=BIO_new(BIO_s_file());
! if (out == NULL) EXIT(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
***************
*** 188,194 ****
if(b != NULL) DH_free(b);
if(a != NULL) DH_free(a);
BIO_free(out);
! exit(ret);
return(ret);
}
--- 191,197 ----
if(b != NULL) DH_free(b);
if(a != NULL) DH_free(a);
BIO_free(out);
! EXIT(ret);
return(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/dsa/Makefile.ssl
*** crypto/openssl/crypto/dsa/Makefile.ssl Wed Jul 4 18:19:22 2001
--- ../RELENG_4_7/crypto/openssl/crypto/dsa/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 70,76 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 70,76 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_4_7/crypto/openssl/crypto/dsa/dsatest.c
*** crypto/openssl/crypto/dsa/dsatest.c Sun Aug 20 03:46:22 2000
--- ../RELENG_4_7/crypto/openssl/crypto/dsa/dsatest.c Fri Feb 21 07:24:22 2003
***************
*** 61,66 ****
--- 61,69 ----
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
+
+ #include "../e_os.h"
+
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/bio.h>
***************
*** 207,216 ****
BIO_free(bio_err);
bio_err = NULL;
}
! exit(!ret);
return(0);
}
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
--- 210,225 ----
BIO_free(bio_err);
bio_err = NULL;
}
! EXIT(!ret);
return(0);
}
+ static int cb_exit(int ec)
+ {
+ EXIT(ec);
+ return(0); /* To keep some compilers quiet */
+ }
+
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
***************
*** 226,232 ****
if (!ok && (p == 0) && (num > 1))
{
BIO_printf((BIO *)arg,"error in dsatest\n");
! exit(1);
}
}
#endif
--- 235,241 ----
if (!ok && (p == 0) && (num > 1))
{
BIO_printf((BIO *)arg,"error in dsatest\n");
! cb_exit(1);
}
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/dso/Makefile.ssl
*** crypto/openssl/crypto/dso/Makefile.ssl Wed Jul 4 18:19:23 2001
--- ../RELENG_4_7/crypto/openssl/crypto/dso/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 70,76 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 70,76 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/err/Makefile.ssl
*** crypto/openssl/crypto/err/Makefile.ssl Tue Jul 30 17:05:25 2002
--- ../RELENG_4_7/crypto/openssl/crypto/err/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/evp/Makefile.ssl
*** crypto/openssl/crypto/evp/Makefile.ssl Wed Jul 4 18:19:24 2001
--- ../RELENG_4_7/crypto/openssl/crypto/evp/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 87,93 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 87,93 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_enc.c ../RELENG_4_7/crypto/openssl/crypto/evp/bio_enc.c
*** crypto/openssl/crypto/evp/bio_enc.c Tue Jul 30 17:05:26 2002
--- ../RELENG_4_7/crypto/openssl/crypto/evp/bio_enc.c Fri Feb 21 07:24:22 2003
***************
*** 128,134 ****
if (a == NULL) return(0);
b=(BIO_ENC_CTX *)a->ptr;
EVP_CIPHER_CTX_cleanup(&(b->cipher));
! memset(a->ptr,0,sizeof(BIO_ENC_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
--- 128,134 ----
if (a == NULL) return(0);
b=(BIO_ENC_CTX *)a->ptr;
EVP_CIPHER_CTX_cleanup(&(b->cipher));
! OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_ok.c ../RELENG_4_7/crypto/openssl/crypto/evp/bio_ok.c
*** crypto/openssl/crypto/evp/bio_ok.c Sun Nov 26 05:33:32 2000
--- ../RELENG_4_7/crypto/openssl/crypto/evp/bio_ok.c Fri Feb 21 07:24:22 2003
***************
*** 208,214 ****
static int ok_free(BIO *a)
{
if (a == NULL) return(0);
! memset(a->ptr,0,sizeof(BIO_OK_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
--- 208,214 ----
static int ok_free(BIO *a)
{
if (a == NULL) return(0);
! OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_allc.c ../RELENG_4_7/crypto/openssl/crypto/evp/c_allc.c
*** crypto/openssl/crypto/evp/c_allc.c Tue Jul 30 17:05:26 2002
--- ../RELENG_4_7/crypto/openssl/crypto/evp/c_allc.c Fri Feb 21 07:24:22 2003
***************
*** 64,73 ****
void OpenSSL_add_all_ciphers(void)
{
- static int done=0;
-
- if (done) return;
- done=1;
#ifndef NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_ede_cfb());
--- 64,69 ----
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_alld.c ../RELENG_4_7/crypto/openssl/crypto/evp/c_alld.c
*** crypto/openssl/crypto/evp/c_alld.c Tue Jul 30 17:05:26 2002
--- ../RELENG_4_7/crypto/openssl/crypto/evp/c_alld.c Fri Feb 21 07:24:22 2003
***************
*** 64,73 ****
void OpenSSL_add_all_digests(void)
{
- static int done=0;
-
- if (done) return;
- done=1;
#ifndef NO_MD2
EVP_add_digest(EVP_md2());
#endif
--- 64,69 ----
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_idea.c ../RELENG_4_7/crypto/openssl/crypto/evp/e_idea.c
*** crypto/openssl/crypto/evp/e_idea.c Sun Nov 26 05:38:44 2000
--- ../RELENG_4_7/crypto/openssl/crypto/evp/e_idea.c Fri Feb 21 07:24:22 2003
***************
*** 103,109 ****
idea_set_encrypt_key(key,&tmp);
idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
! memset((unsigned char *)&tmp,0,
sizeof(IDEA_KEY_SCHEDULE));
}
return 1;
--- 103,109 ----
idea_set_encrypt_key(key,&tmp);
idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
! OPENSSL_cleanse((unsigned char *)&tmp,
sizeof(IDEA_KEY_SCHEDULE));
}
return 1;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp.h ../RELENG_4_7/crypto/openssl/crypto/evp/evp.h
*** crypto/openssl/crypto/evp/evp.h Tue Jul 30 17:05:27 2002
--- ../RELENG_4_7/crypto/openssl/crypto/evp/evp.h Fri Feb 21 07:24:22 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/crypto/evp/evp.h,v 1.2.2.4 2002/07/30 22:05:27 nectar Exp $
*/
#ifndef HEADER_ENVELOPE_H
--- 54,59 ----
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_key.c ../RELENG_4_7/crypto/openssl/crypto/evp/evp_key.c
*** crypto/openssl/crypto/evp/evp_key.c Tue Jul 30 17:05:27 2002
--- ../RELENG_4_7/crypto/openssl/crypto/evp/evp_key.c Fri Feb 21 07:24:22 2003
***************
*** 152,159 ****
}
if ((nkey == 0) && (niv == 0)) break;
}
! memset(&c,0,sizeof(c));
! memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
return(type->key_len);
}
--- 152,159 ----
}
if ((nkey == 0) && (niv == 0)) break;
}
! OPENSSL_cleanse(&c,sizeof(c));
! OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
return(type->key_len);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt.c ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt.c
*** crypto/openssl/crypto/evp/p5_crpt.c Sun Nov 26 05:33:32 2000
--- ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt.c Fri Feb 21 07:24:22 2003
***************
*** 142,149 ****
memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit(cctx, cipher, key, iv, en_de);
! memset(md_tmp, 0, EVP_MAX_MD_SIZE);
! memset(key, 0, EVP_MAX_KEY_LENGTH);
! memset(iv, 0, EVP_MAX_IV_LENGTH);
return 1;
}
--- 142,149 ----
memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit(cctx, cipher, key, iv, en_de);
! OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
! OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
! OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1;
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt2.c ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt2.c
*** crypto/openssl/crypto/evp/p5_crpt2.c Sun Nov 26 05:33:32 2000
--- ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt2.c Fri Feb 21 07:24:22 2003
***************
*** 228,234 ****
iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
EVP_CipherInit(ctx, NULL, key, NULL, en_de);
! memset(key, 0, keylen);
PBKDF2PARAM_free(kdf);
return 1;
--- 228,234 ----
iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
EVP_CipherInit(ctx, NULL, key, NULL, en_de);
! OPENSSL_cleanse(key, keylen);
PBKDF2PARAM_free(kdf);
return 1;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p_open.c ../RELENG_4_7/crypto/openssl/crypto/evp/p_open.c
*** crypto/openssl/crypto/evp/p_open.c Sun Nov 26 05:33:32 2000
--- ../RELENG_4_7/crypto/openssl/crypto/evp/p_open.c Fri Feb 21 07:24:22 2003
***************
*** 101,107 ****
ret=1;
err:
! if (key != NULL) memset(key,0,size);
OPENSSL_free(key);
return(ret);
}
--- 101,107 ----
ret=1;
err:
! if (key != NULL) OPENSSL_cleanse(key,size);
OPENSSL_free(key);
return(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/hmac/Makefile.ssl
*** crypto/openssl/crypto/hmac/Makefile.ssl Wed Jul 4 18:19:26 2001
--- ../RELENG_4_7/crypto/openssl/crypto/hmac/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/hmactest.c ../RELENG_4_7/crypto/openssl/crypto/hmac/hmactest.c
*** crypto/openssl/crypto/hmac/hmactest.c Sun Aug 20 03:46:25 2000
--- ../RELENG_4_7/crypto/openssl/crypto/hmac/hmactest.c Fri Feb 21 07:24:22 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_HMAC
int main(int argc, char *argv[])
{
***************
*** 143,149 ****
else
printf("test %d ok\n",i);
}
! exit(err);
return(0);
}
--- 145,151 ----
else
printf("test %d ok\n",i);
}
! EXIT(err);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/idea/Makefile.ssl
*** crypto/openssl/crypto/idea/Makefile.ssl Tue Jul 30 17:05:30 2002
--- ../RELENG_4_7/crypto/openssl/crypto/idea/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 69,75 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/ideatest.c ../RELENG_4_7/crypto/openssl/crypto/idea/ideatest.c
*** crypto/openssl/crypto/idea/ideatest.c Tue Jul 30 17:05:31 2002
--- ../RELENG_4_7/crypto/openssl/crypto/idea/ideatest.c Fri Feb 21 07:24:22 2003
***************
*** 61,66 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_IDEA
int main(int argc, char *argv[])
{
***************
*** 168,174 ****
else
printf("ok\n");
! exit(err);
return(err);
}
--- 169,175 ----
else
printf("ok\n");
! EXIT(err);
return(err);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/lhash/Makefile.ssl
*** crypto/openssl/crypto/lhash/Makefile.ssl Wed Jul 4 18:19:27 2001
--- ../RELENG_4_7/crypto/openssl/crypto/lhash/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/md2/Makefile.ssl
*** crypto/openssl/crypto/md2/Makefile.ssl Tue Jul 30 17:05:32 2002
--- ../RELENG_4_7/crypto/openssl/crypto/md2/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 79,86 ****
# DO NOT DELETE THIS LINE -- make depend depends on it.
! md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
! md2_dgst.o: ../../include/openssl/opensslv.h
md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- 79,88 ----
# DO NOT DELETE THIS LINE -- make depend depends on it.
! md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/md2.h
! md2_dgst.o: ../../include/openssl/opensslconf.h
! md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
! md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_dgst.c ../RELENG_4_7/crypto/openssl/crypto/md2/md2_dgst.c
*** crypto/openssl/crypto/md2/md2_dgst.c Sun Aug 20 03:46:28 2000
--- ../RELENG_4_7/crypto/openssl/crypto/md2/md2_dgst.c Fri Feb 21 07:24:22 2003
***************
*** 61,66 ****
--- 61,67 ----
#include <string.h>
#include <openssl/md2.h>
#include <openssl/opensslv.h>
+ #include <openssl/crypto.h>
const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
***************
*** 194,200 ****
t=(t+i)&0xff;
}
memcpy(sp1,state,16*sizeof(MD2_INT));
! memset(state,0,48*sizeof(MD2_INT));
}
void MD2_Final(unsigned char *md, MD2_CTX *c)
--- 195,201 ----
t=(t+i)&0xff;
}
memcpy(sp1,state,16*sizeof(MD2_INT));
! OPENSSL_cleanse(state,48*sizeof(MD2_INT));
}
void MD2_Final(unsigned char *md, MD2_CTX *c)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_one.c ../RELENG_4_7/crypto/openssl/crypto/md2/md2_one.c
*** crypto/openssl/crypto/md2/md2_one.c Sun Aug 20 03:46:28 2000
--- ../RELENG_4_7/crypto/openssl/crypto/md2/md2_one.c Fri Feb 21 07:24:22 2003
***************
*** 88,93 ****
}
#endif
MD2_Final(md,&c);
! memset(&c,0,sizeof(c)); /* Security consideration */
return(md);
}
--- 88,93 ----
}
#endif
MD2_Final(md,&c);
! OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */
return(md);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_4_7/crypto/openssl/crypto/md2/md2test.c
*** crypto/openssl/crypto/md2/md2test.c Sun Aug 20 03:46:28 2000
--- ../RELENG_4_7/crypto/openssl/crypto/md2/md2test.c Fri Feb 21 07:24:22 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <stdlib.h>
#include <string.h>
+ #include "../e_os.h"
+
#ifdef NO_MD2
int main(int argc, char *argv[])
{
***************
*** 119,125 ****
R++;
P++;
}
! exit(err);
return(0);
}
--- 121,127 ----
R++;
P++;
}
! EXIT(err);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md32_common.h ../RELENG_4_7/crypto/openssl/crypto/md32_common.h
*** crypto/openssl/crypto/md32_common.h Tue Jul 30 17:05:02 2002
--- ../RELENG_4_7/crypto/openssl/crypto/md32_common.h Fri Feb 21 07:24:20 2003
***************
*** 602,607 ****
c->num=0;
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
* but I'm not worried :-)
! memset((void *)c,0,sizeof(HASH_CTX));
*/
}
--- 602,607 ----
c->num=0;
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
* but I'm not worried :-)
! OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
*/
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/md4/Makefile.ssl
*** crypto/openssl/crypto/md4/Makefile.ssl Wed Jul 4 18:19:28 2001
--- ../RELENG_4_7/crypto/openssl/crypto/md4/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 69,75 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 69,75 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 82,85 ****
md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
! md4_one.o: ../../include/openssl/md4.h
--- 82,87 ----
md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
! md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/md4.h
! md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
! md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4_one.c ../RELENG_4_7/crypto/openssl/crypto/md4/md4_one.c
*** crypto/openssl/crypto/md4/md4_one.c Sun Nov 26 05:33:40 2000
--- ../RELENG_4_7/crypto/openssl/crypto/md4/md4_one.c Fri Feb 21 07:24:22 2003
***************
*** 59,64 ****
--- 59,65 ----
#include <stdio.h>
#include <string.h>
#include <openssl/md4.h>
+ #include <openssl/crypto.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>
***************
*** 89,95 ****
}
#endif
MD4_Final(md,&c);
! memset(&c,0,sizeof(c)); /* security consideration */
return(md);
}
--- 90,96 ----
}
#endif
MD4_Final(md,&c);
! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4test.c ../RELENG_4_7/crypto/openssl/crypto/md4/md4test.c
*** crypto/openssl/crypto/md4/md4test.c Sun Nov 26 05:33:40 2000
--- ../RELENG_4_7/crypto/openssl/crypto/md4/md4test.c Fri Feb 21 07:24:22 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_MD4
int main(int argc, char *argv[])
{
***************
*** 115,121 ****
R++;
P++;
}
! exit(err);
return(0);
}
--- 117,123 ----
R++;
P++;
}
! EXIT(err);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/md5/Makefile.ssl
*** crypto/openssl/crypto/md5/Makefile.ssl Wed Jul 4 18:19:29 2001
--- ../RELENG_4_7/crypto/openssl/crypto/md5/Makefile.ssl Fri Feb 21 07:24:22 2003
***************
*** 118,124 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 118,124 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 131,134 ****
md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
! md5_one.o: ../../include/openssl/md5.h
--- 131,136 ----
md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
! md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/md5.h
! md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
! md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5_one.c ../RELENG_4_7/crypto/openssl/crypto/md5/md5_one.c
*** crypto/openssl/crypto/md5/md5_one.c Sun Aug 20 03:46:29 2000
--- ../RELENG_4_7/crypto/openssl/crypto/md5/md5_one.c Fri Feb 21 07:24:23 2003
***************
*** 59,64 ****
--- 59,65 ----
#include <stdio.h>
#include <string.h>
#include <openssl/md5.h>
+ #include <openssl/crypto.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>
***************
*** 89,95 ****
}
#endif
MD5_Final(md,&c);
! memset(&c,0,sizeof(c)); /* security consideration */
return(md);
}
--- 90,96 ----
}
#endif
MD5_Final(md,&c);
! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5test.c ../RELENG_4_7/crypto/openssl/crypto/md5/md5test.c
*** crypto/openssl/crypto/md5/md5test.c Sun Aug 20 03:46:29 2000
--- ../RELENG_4_7/crypto/openssl/crypto/md5/md5test.c Fri Feb 21 07:24:23 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_MD5
int main(int argc, char *argv[])
{
***************
*** 115,121 ****
R++;
P++;
}
! exit(err);
return(0);
}
--- 117,123 ----
R++;
P++;
}
! EXIT(err);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/mdc2/Makefile.ssl
*** crypto/openssl/crypto/mdc2/Makefile.ssl Wed Jul 4 18:19:29 2001
--- ../RELENG_4_7/crypto/openssl/crypto/mdc2/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2_one.c ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2_one.c
*** crypto/openssl/crypto/mdc2/mdc2_one.c Sun Aug 20 03:46:29 2000
--- ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2_one.c Fri Feb 21 07:24:23 2003
***************
*** 69,75 ****
MDC2_Init(&c);
MDC2_Update(&c,d,n);
MDC2_Final(md,&c);
! memset(&c,0,sizeof(c)); /* security consideration */
return(md);
}
--- 69,75 ----
MDC2_Init(&c);
MDC2_Update(&c,d,n);
MDC2_Final(md,&c);
! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2test.c ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2test.c
*** crypto/openssl/crypto/mdc2/mdc2test.c Sun Aug 20 03:46:29 2000
--- ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2test.c Fri Feb 21 07:24:23 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <stdlib.h>
#include <string.h>
+ #include "../e_os.h"
+
#if defined(NO_DES) && !defined(NO_MDC2)
#define NO_MDC2
#endif
***************
*** 134,140 ****
else
printf("pad2 - ok\n");
! exit(ret);
return(ret);
}
#endif
--- 136,142 ----
else
printf("pad2 - ok\n");
! EXIT(ret);
return(ret);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_4_7/crypto/openssl/crypto/mem.c
*** crypto/openssl/crypto/mem.c Sun Aug 11 09:13:58 2002
--- ../RELENG_4_7/crypto/openssl/crypto/mem.c Fri Feb 21 07:24:20 2003
***************
*** 173,178 ****
--- 173,181 ----
void *CRYPTO_malloc_locked(int num, const char *file, int line)
{
void *ret = NULL;
+ extern unsigned char cleanse_ctr;
+
+ if (num < 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
***************
*** 187,192 ****
--- 190,201 ----
if (malloc_debug_func != NULL)
malloc_debug_func(ret, num, file, line, 1);
+ /* Create a dependency on the value of 'cleanse_ctr' so our memory
+ * sanitisation function can't be optimised out. NB: We only do
+ * this for >2Kb so the overhead doesn't bother us. */
+ if(ret && (num > 2048))
+ ((unsigned char *)ret)[0] = cleanse_ctr;
+
return ret;
}
***************
*** 205,210 ****
--- 214,222 ----
void *CRYPTO_malloc(int num, const char *file, int line)
{
void *ret = NULL;
+ extern unsigned char cleanse_ctr;
+
+ if (num < 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
***************
*** 219,224 ****
--- 231,242 ----
if (malloc_debug_func != NULL)
malloc_debug_func(ret, num, file, line, 1);
+ /* Create a dependency on the value of 'cleanse_ctr' so our memory
+ * sanitisation function can't be optimised out. NB: We only do
+ * this for >2Kb so the overhead doesn't bother us. */
+ if(ret && (num > 2048))
+ ((unsigned char *)ret)[0] = cleanse_ctr;
+
return ret;
}
***************
*** 228,233 ****
--- 246,253 ----
if (str == NULL)
return CRYPTO_malloc(num, file, line);
+
+ if (num < 0) return NULL;
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_clr.c ../RELENG_4_7/crypto/openssl/crypto/mem_clr.c
*** crypto/openssl/crypto/mem_clr.c Wed Dec 31 18:00:00 1969
--- ../RELENG_4_7/crypto/openssl/crypto/mem_clr.c Thu Feb 20 14:42:07 2003
***************
*** 0 ****
--- 1,75 ----
+ /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2002.
+ */
+ /* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ #include <string.h>
+ #include <openssl/crypto.h>
+
+ unsigned char cleanse_ctr = 0;
+
+ void OPENSSL_cleanse(void *ptr, size_t len)
+ {
+ unsigned char *p = ptr;
+ size_t loop = len;
+ while(loop--)
+ {
+ *(p++) = cleanse_ctr;
+ cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
+ }
+ if(memchr(ptr, cleanse_ctr, len))
+ cleanse_ctr += 63;
+ }
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_dbg.c ../RELENG_4_7/crypto/openssl/crypto/mem_dbg.c
*** crypto/openssl/crypto/mem_dbg.c Wed Jul 4 18:19:11 2001
--- ../RELENG_4_7/crypto/openssl/crypto/mem_dbg.c Fri Feb 21 07:24:20 2003
***************
*** 102,107 ****
--- 102,109 ----
int references;
} APP_INFO;
+ static void app_info_free(APP_INFO *);
+
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
* that are at the top of their thread's stack
* (with `thread' as key);
***************
*** 140,145 ****
--- 142,159 ----
* thread named in disabling_thread).
*/
+ static void app_info_free(APP_INFO *inf)
+ {
+ if (--(inf->references) <= 0)
+ {
+ if (inf->next != NULL)
+ {
+ app_info_free(inf->next);
+ }
+ OPENSSL_free(inf);
+ }
+ }
+
int CRYPTO_mem_ctrl(int mode)
{
int ret=mh_mode;
***************
*** 496,504 ****
mp->order, mp->addr, mp->num);
#endif
if (mp->app_info != NULL)
! {
! mp->app_info->references--;
! }
OPENSSL_free(mp);
}
--- 510,516 ----
mp->order, mp->addr, mp->num);
#endif
if (mp->app_info != NULL)
! app_info_free(mp->app_info);
OPENSSL_free(mp);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/objects/Makefile.ssl
*** crypto/openssl/crypto/objects/Makefile.ssl Tue Jul 30 17:05:35 2002
--- ../RELENG_4_7/crypto/openssl/crypto/objects/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 76,82 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 76,82 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.c ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.c
*** crypto/openssl/crypto/objects/obj_dat.c Tue Jul 30 17:05:35 2002
--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.c Fri Feb 21 07:24:23 2003
***************
*** 417,423 ****
a2d_ASN1_OBJECT(p,i,s,-1);
p=buf;
! op=d2i_ASN1_OBJECT(NULL,&p,i);
OPENSSL_free(buf);
return op;
}
--- 417,423 ----
a2d_ASN1_OBJECT(p,i,s,-1);
p=buf;
! op=d2i_ASN1_OBJECT(NULL,&p,j);
OPENSSL_free(buf);
return op;
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.h
*** crypto/openssl/crypto/objects/obj_dat.h Tue Jul 30 17:05:35 2002
--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.h Fri Feb 21 07:24:23 2003
***************
*** 62,73 ****
* [including the GNU Public Licence.]
*/
! #define NUM_NID 404
! #define NUM_SN 402
! #define NUM_LN 402
! #define NUM_OBJ 376
! static unsigned char lvalues[2951]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
--- 62,73 ----
* [including the GNU Public Licence.]
*/
! #define NUM_NID 406
! #define NUM_SN 404
! #define NUM_LN 404
! #define NUM_OBJ 378
! static unsigned char lvalues[2971]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
***************
*** 444,449 ****
--- 444,451 ----
0x55,0x1D,0x24, /* [2941] OBJ_policy_constraints */
0x55,0x1D,0x37, /* [2944] OBJ_target_information */
0x55,0x1D,0x38, /* [2947] OBJ_no_rev_avail */
+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */
+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
***************
*** 1075,1080 ****
--- 1077,1086 ----
&(lvalues[2944]),0},
{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
&(lvalues[2947]),0},
+ {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
+ 10,&(lvalues[2950]),0},
+ {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
+ &(lvalues[2960]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
***************
*** 1417,1422 ****
--- 1423,1430 ----
&(nid_objs[138]),/* "msEFS" */
&(nid_objs[171]),/* "msExtReq" */
&(nid_objs[137]),/* "msSGC" */
+ &(nid_objs[404]),/* "msSmartcardLogin" */
+ &(nid_objs[405]),/* "msUPN" */
&(nid_objs[173]),/* "name" */
&(nid_objs[369]),/* "noCheck" */
&(nid_objs[403]),/* "noRevAvail" */
***************
*** 1510,1516 ****
--- 1518,1526 ----
&(nid_objs[171]),/* "Microsoft Extension Request" */
&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+ &(nid_objs[404]),/* "Microsoft Smartcardlogin" */
&(nid_objs[136]),/* "Microsoft Trust List Signing" */
+ &(nid_objs[405]),/* "Microsoft Universal Principal Name" */
&(nid_objs[72]),/* "Netscape Base Url" */
&(nid_objs[76]),/* "Netscape CA Policy Url" */
&(nid_objs[74]),/* "Netscape CA Revocation Url" */
***************
*** 2196,2201 ****
--- 2206,2213 ----
&(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */
&(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */
&(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */
+ &(nid_objs[404]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */
+ &(nid_objs[405]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */
&(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */
&(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */
&(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.h
*** crypto/openssl/crypto/objects/obj_mac.h Tue Jul 30 17:05:35 2002
--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.h Fri Feb 21 07:24:23 2003
***************
*** 780,785 ****
--- 780,795 ----
#define NID_ms_efs 138
#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+ #define SN_ms_smartcard_login "msSmartcardLogin"
+ #define LN_ms_smartcard_login "Microsoft Smartcardlogin"
+ #define NID_ms_smartcard_login 404
+ #define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+ #define SN_ms_upn "msUPN"
+ #define LN_ms_upn "Microsoft Universal Principal Name"
+ #define NID_ms_upn 405
+ #define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
#define SN_idea_cbc "IDEA-CBC"
#define LN_idea_cbc "idea-cbc"
#define NID_idea_cbc 34
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.num ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.num
*** crypto/openssl/crypto/objects/obj_mac.num Tue Jul 30 17:05:37 2002
--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.num Fri Feb 21 07:24:23 2003
***************
*** 401,403 ****
--- 401,405 ----
policy_constraints 401
target_information 402
no_rev_avail 403
+ ms_smartcard_login 404
+ ms_upn 405
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_4_7/crypto/openssl/crypto/objects/objects.txt
*** crypto/openssl/crypto/objects/objects.txt Tue Jul 30 17:05:37 2002
--- ../RELENG_4_7/crypto/openssl/crypto/objects/objects.txt Fri Feb 21 07:24:23 2003
***************
*** 246,251 ****
--- 246,255 ----
1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto
!Cname ms-efs
1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System
+ !Cname ms-smartcard-login
+ 1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin
+ !Cname ms-upn
+ 1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name
1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc
: IDEA-ECB : idea-ecb
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslconf.h ../RELENG_4_7/crypto/openssl/crypto/opensslconf.h
*** crypto/openssl/crypto/opensslconf.h Sun Aug 20 03:46:04 2000
--- ../RELENG_4_7/crypto/openssl/crypto/opensslconf.h Fri Feb 21 07:24:20 2003
***************
*** 6,19 ****
/* no ciphers excluded */
#endif
#ifdef OPENSSL_THREAD_DEFINES
#endif
#ifdef OPENSSL_OTHER_DEFINES
#endif
/* crypto/opensslconf.h.in */
/* Generate 80386 code? */
! #undef I386_ONLY
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
--- 6,28 ----
/* no ciphers excluded */
#endif
#ifdef OPENSSL_THREAD_DEFINES
+ # ifndef THREADS
+ # define THREADS
+ # endif
#endif
#ifdef OPENSSL_OTHER_DEFINES
+ # ifndef DSO_DLFCN
+ # define DSO_DLFCN
+ # endif
+ # ifndef HAVE_DLFCN_H
+ # define HAVE_DLFCN_H
+ # endif
#endif
/* crypto/opensslconf.h.in */
/* Generate 80386 code? */
! #define I386_ONLY
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
***************
*** 66,72 ****
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
#define CONFIG_HEADER_BN_H
! #undef BN_LLONG
/* Should we define BN_DIV2W here? */
--- 75,81 ----
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
#define CONFIG_HEADER_BN_H
! #define BN_LLONG
/* Should we define BN_DIV2W here? */
***************
*** 85,91 ****
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
* speedup on x86 */
! #undef RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
--- 94,100 ----
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
* speedup on x86 */
! #define RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
***************
*** 99,112 ****
/* the following is tweaked from a config script, that is why it is a
* protected undef/define */
#ifndef DES_PTR
! #undef DES_PTR
#endif
/* This helps C compiler generate the correct code for multiple functional
* units. It reduces register dependancies at the expense of 2 more
* registers */
#ifndef DES_RISC1
! #undef DES_RISC1
#endif
#ifndef DES_RISC2
--- 108,121 ----
/* the following is tweaked from a config script, that is why it is a
* protected undef/define */
#ifndef DES_PTR
! #define DES_PTR
#endif
/* This helps C compiler generate the correct code for multiple functional
* units. It reduces register dependancies at the expense of 2 more
* registers */
#ifndef DES_RISC1
! #define DES_RISC1
#endif
#ifndef DES_RISC2
***************
*** 120,126 ****
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
* Very mucy CPU dependant */
#ifndef DES_UNROLL
! #undef DES_UNROLL
#endif
/* These default values were supplied by
--- 129,135 ----
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
* Very mucy CPU dependant */
#ifndef DES_UNROLL
! #define DES_UNROLL
#endif
/* These default values were supplied by
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_4_7/crypto/openssl/crypto/opensslv.h
*** crypto/openssl/crypto/opensslv.h Sun Aug 11 09:13:58 2002
--- ../RELENG_4_7/crypto/openssl/crypto/opensslv.h Fri Feb 21 07:24:20 2003
***************
*** 25,32 ****
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
! #define OPENSSL_VERSION_NUMBER 0x0090607fL
! #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6g 9 Aug 2002"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
--- 25,32 ----
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
! #define OPENSSL_VERSION_NUMBER 0x0090609fL
! #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6i Feb 19 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/pem/Makefile.ssl
*** crypto/openssl/crypto/pem/Makefile.ssl Wed Jul 4 18:19:30 2001
--- ../RELENG_4_7/crypto/openssl/crypto/pem/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 69,75 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 69,75 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_info.c ../RELENG_4_7/crypto/openssl/crypto/pem/pem_info.c
*** crypto/openssl/crypto/pem/pem_info.c Tue Jul 30 17:05:39 2002
--- ../RELENG_4_7/crypto/openssl/crypto/pem/pem_info.c Fri Feb 21 07:24:23 2003
***************
*** 358,364 ****
ret=1;
err:
! memset((char *)&ctx,0,sizeof(ctx));
! memset(buf,0,PEM_BUFSIZE);
return(ret);
}
--- 358,364 ----
ret=1;
err:
! OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
! OPENSSL_cleanse(buf,PEM_BUFSIZE);
return(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_lib.c ../RELENG_4_7/crypto/openssl/crypto/pem/pem_lib.c
*** crypto/openssl/crypto/pem/pem_lib.c Tue Jul 30 17:05:39 2002
--- ../RELENG_4_7/crypto/openssl/crypto/pem/pem_lib.c Fri Feb 21 07:24:23 2003
***************
*** 380,386 ****
* NOT taken from the BytesToKey function */
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
! if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
--- 380,386 ----
* NOT taken from the BytesToKey function */
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
! if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
***************
*** 401,412 ****
i=PEM_write_bio(bp,name,buf,data,i);
if (i <= 0) ret=0;
err:
! memset(key,0,sizeof(key));
! memset(iv,0,sizeof(iv));
! memset((char *)&ctx,0,sizeof(ctx));
! memset(buf,0,PEM_BUFSIZE);
! memset(data,0,(unsigned int)dsize);
! OPENSSL_free(data);
return(ret);
}
--- 401,415 ----
i=PEM_write_bio(bp,name,buf,data,i);
if (i <= 0) ret=0;
err:
! OPENSSL_cleanse(key,sizeof(key));
! OPENSSL_cleanse(iv,sizeof(iv));
! OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
! OPENSSL_cleanse(buf,PEM_BUFSIZE);
! if (data != NULL)
! {
! OPENSSL_cleanse(data,(unsigned int)dsize);
! OPENSSL_free(data);
! }
return(ret);
}
***************
*** 444,451 ****
EVP_DecryptUpdate(&ctx,data,&i,data,j);
o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
! memset((char *)buf,0,sizeof(buf));
! memset((char *)key,0,sizeof(key));
j+=i;
if (!o)
{
--- 447,454 ----
EVP_DecryptUpdate(&ctx,data,&i,data,j);
o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
! OPENSSL_cleanse((char *)buf,sizeof(buf));
! OPENSSL_cleanse((char *)key,sizeof(key));
j+=i;
if (!o)
{
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_seal.c ../RELENG_4_7/crypto/openssl/crypto/pem/pem_seal.c
*** crypto/openssl/crypto/pem/pem_seal.c Sun Nov 26 05:33:44 2000
--- ../RELENG_4_7/crypto/openssl/crypto/pem/pem_seal.c Fri Feb 21 07:24:23 2003
***************
*** 109,115 ****
ret=npubk;
err:
if (s != NULL) OPENSSL_free(s);
! memset(key,0,EVP_MAX_KEY_LENGTH);
return(ret);
}
--- 109,115 ----
ret=npubk;
err:
if (s != NULL) OPENSSL_free(s);
! OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
return(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/pkcs12/Makefile.ssl
*** crypto/openssl/crypto/pkcs12/Makefile.ssl Wed Jul 4 18:19:31 2001
--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 74,80 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 74,80 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_crpt.c ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_crpt.c
*** crypto/openssl/crypto/pkcs12/p12_crpt.c Sun Aug 20 03:46:32 2000
--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_crpt.c Fri Feb 21 07:24:23 2003
***************
*** 118,124 ****
}
PBEPARAM_free(pbe);
EVP_CipherInit(ctx, cipher, key, iv, en_de);
! memset(key, 0, EVP_MAX_KEY_LENGTH);
! memset(iv, 0, EVP_MAX_IV_LENGTH);
return 1;
}
--- 118,124 ----
}
PBEPARAM_free(pbe);
EVP_CipherInit(ctx, cipher, key, iv, en_de);
! OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
! OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1;
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_decr.c ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_decr.c
*** crypto/openssl/crypto/pkcs12/p12_decr.c Sun Nov 26 05:33:45 2000
--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_decr.c Fri Feb 21 07:24:23 2003
***************
*** 137,143 ****
if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
else ret = d2i(NULL, &p, outlen);
! if (seq & 2) memset(out, 0, outlen);
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
OPENSSL_free (out);
return ret;
--- 137,143 ----
if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
else ret = d2i(NULL, &p, outlen);
! if (seq & 2) OPENSSL_cleanse(out, outlen);
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
OPENSSL_free (out);
return ret;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_key.c ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_key.c
*** crypto/openssl/crypto/pkcs12/p12_key.c Wed Jul 4 18:19:31 2001
--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_key.c Fri Feb 21 07:24:23 2003
***************
*** 91,97 ****
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
id, iter, n, out, md_type);
if(unipass) {
! memset(unipass, 0, uniplen); /* Clear password from memory */
OPENSSL_free(unipass);
}
return ret;
--- 91,97 ----
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
id, iter, n, out, md_type);
if(unipass) {
! OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
OPENSSL_free(unipass);
}
return ret;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/pkcs7/Makefile.ssl
*** crypto/openssl/crypto/pkcs7/Makefile.ssl Tue Jul 30 17:05:42 2002
--- ../RELENG_4_7/crypto/openssl/crypto/pkcs7/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 87,93 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 87,93 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/bio_ber.c ../RELENG_4_7/crypto/openssl/crypto/pkcs7/bio_ber.c
*** crypto/openssl/crypto/pkcs7/bio_ber.c Sun Nov 26 05:33:47 2000
--- ../RELENG_4_7/crypto/openssl/crypto/pkcs7/bio_ber.c Fri Feb 21 07:24:23 2003
***************
*** 145,151 ****
if (a == NULL) return(0);
b=(BIO_BER_CTX *)a->ptr;
! memset(a->ptr,0,sizeof(BIO_BER_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
--- 145,151 ----
if (a == NULL) return(0);
b=(BIO_BER_CTX *)a->ptr;
! OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pk7_doit.c ../RELENG_4_7/crypto/openssl/crypto/pkcs7/pk7_doit.c
*** crypto/openssl/crypto/pkcs7/pk7_doit.c Tue Jul 30 17:05:42 2002
--- ../RELENG_4_7/crypto/openssl/crypto/pkcs7/pk7_doit.c Fri Feb 21 07:24:23 2003
***************
*** 241,247 ****
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
}
OPENSSL_free(tmp);
! memset(key, 0, keylen);
if (out == NULL)
out=btmp;
--- 241,247 ----
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
}
OPENSSL_free(tmp);
! OPENSSL_cleanse(key, keylen);
if (out == NULL)
out=btmp;
***************
*** 448,454 ****
}
EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
! memset(tmp,0,jj);
if (out == NULL)
out=etmp;
--- 448,454 ----
}
EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
! OPENSSL_cleanse(tmp,jj);
if (out == NULL)
out=etmp;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rand/Makefile.ssl
*** crypto/openssl/crypto/rand/Makefile.ssl Wed Jul 4 18:19:33 2001
--- ../RELENG_4_7/crypto/openssl/crypto/rand/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/md_rand.c ../RELENG_4_7/crypto/openssl/crypto/rand/md_rand.c
*** crypto/openssl/crypto/rand/md_rand.c Tue Jul 30 17:05:42 2002
--- ../RELENG_4_7/crypto/openssl/crypto/rand/md_rand.c Fri Feb 21 07:24:23 2003
***************
*** 177,186 ****
static void ssleay_rand_cleanup(void)
{
! memset(state,0,sizeof(state));
state_num=0;
state_index=0;
! memset(md,0,MD_DIGEST_LENGTH);
md_count[0]=0;
md_count[1]=0;
entropy=0;
--- 177,186 ----
static void ssleay_rand_cleanup(void)
{
! OPENSSL_cleanse(state,sizeof(state));
state_num=0;
state_index=0;
! OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
md_count[0]=0;
md_count[1]=0;
entropy=0;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_egd.c ../RELENG_4_7/crypto/openssl/crypto/rand/rand_egd.c
*** crypto/openssl/crypto/rand/rand_egd.c Tue Jul 30 17:05:42 2002
--- ../RELENG_4_7/crypto/openssl/crypto/rand/rand_egd.c Fri Feb 21 07:24:23 2003
***************
*** 59,65 ****
/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
*/
! #if defined(WIN32) || defined(VMS) || defined(__VMS)
int RAND_egd(const char *path)
{
return(-1);
--- 59,65 ----
/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
*/
! #if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) || defined(VXWORKS)
int RAND_egd(const char *path)
{
return(-1);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_win.c ../RELENG_4_7/crypto/openssl/crypto/rand/rand_win.c
*** crypto/openssl/crypto/rand/rand_win.c Tue Jul 30 17:05:43 2002
--- ../RELENG_4_7/crypto/openssl/crypto/rand/rand_win.c Fri Feb 21 07:24:23 2003
***************
*** 254,259 ****
--- 254,263 ----
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
+ /* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
+ * the RegQueryValueEx call below can hang on NT4.0 (SP6).
+ * So we don't use this at all for now. */
+ #if 0
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
{
***************
*** 283,295 ****
{
/* For entropy count assume only least significant
* byte of each DWORD is random.
! */
RAND_add(&length, sizeof(length), 0);
RAND_add(buf, length, length / 4.0);
}
if (buf)
free(buf);
}
if (advapi)
{
--- 287,309 ----
{
/* For entropy count assume only least significant
* byte of each DWORD is random.
! */
RAND_add(&length, sizeof(length), 0);
RAND_add(buf, length, length / 4.0);
+
+ /* Close the Registry Key to allow Windows to cleanup/close
+ * the open handle
+ * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+ * when the RegQueryValueEx above is done. However, if
+ * it is not explicitly closed, it can cause disk
+ * partition manipulation problems.
+ */
+ RegCloseKey(HKEY_PERFORMANCE_DATA);
}
if (buf)
free(buf);
}
+ #endif
if (advapi)
{
***************
*** 461,467 ****
hlist.th32ProcessID,
hlist.th32HeapID))
{
! int entrycnt = 50;
do
RAND_add(&hentry,
hentry.dwSize, 5);
--- 475,481 ----
hlist.th32ProcessID,
hlist.th32HeapID))
{
! int entrycnt = 80;
do
RAND_add(&hentry,
hentry.dwSize, 5);
***************
*** 718,725 ****
--- 732,741 ----
/* put in some default random data, we need more than just this */
l=curr_pid;
RAND_add(&l,sizeof(l),0);
+ #ifndef VXWORKS
l=getuid();
RAND_add(&l,sizeof(l),0);
+ #endif
l=time(NULL);
RAND_add(&l,sizeof(l),0);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randfile.c ../RELENG_4_7/crypto/openssl/crypto/rand/randfile.c
*** crypto/openssl/crypto/rand/randfile.c Tue Jul 30 17:05:43 2002
--- ../RELENG_4_7/crypto/openssl/crypto/rand/randfile.c Fri Feb 21 07:24:23 2003
***************
*** 61,66 ****
--- 61,68 ----
#include <stdlib.h>
#include <string.h>
+ #include "openssl/e_os.h"
+
#ifdef VMS
#include <unixio.h>
#endif
***************
*** 73,79 ****
# include <sys/stat.h>
#endif
- #include "openssl/e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
--- 75,80 ----
***************
*** 124,130 ****
}
}
fclose(in);
! memset(buf,0,BUFSIZE);
err:
return(ret);
}
--- 125,131 ----
}
}
fclose(in);
! OPENSSL_cleanse(buf,BUFSIZE);
err:
return(ret);
}
***************
*** 189,195 ****
#endif /* VMS */
fclose(out);
! memset(buf,0,BUFSIZE);
err:
return (rand_err ? -1 : ret);
}
--- 190,196 ----
#endif /* VMS */
fclose(out);
! OPENSSL_cleanse(buf,BUFSIZE);
err:
return (rand_err ? -1 : ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randtest.c ../RELENG_4_7/crypto/openssl/crypto/rand/randtest.c
*** crypto/openssl/crypto/rand/randtest.c Sun Aug 20 03:46:35 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rand/randtest.c Fri Feb 21 07:24:23 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <stdlib.h>
#include <openssl/rand.h>
+ #include "../e_os.h"
+
/* some FIPS 140-1 random number test */
/* some simple tests */
***************
*** 202,207 ****
}
printf("test 4 done\n");
err=((err)?1:0);
! exit(err);
return(err);
}
--- 204,209 ----
}
printf("test 4 done\n");
err=((err)?1:0);
! EXIT(err);
return(err);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rc2/Makefile.ssl
*** crypto/openssl/crypto/rc2/Makefile.ssl Wed Jul 4 18:19:33 2001
--- ../RELENG_4_7/crypto/openssl/crypto/rc2/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/rc2test.c ../RELENG_4_7/crypto/openssl/crypto/rc2/rc2test.c
*** crypto/openssl/crypto/rc2/rc2test.c Sun Aug 20 03:46:36 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rc2/rc2test.c Fri Feb 21 07:24:23 2003
***************
*** 63,68 ****
--- 63,70 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_RC2
int main(int argc, char *argv[])
{
***************
*** 203,209 ****
printf("ok\n");
#endif
! exit(err);
return(err);
}
--- 205,211 ----
printf("ok\n");
#endif
! EXIT(err);
return(err);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rc4/Makefile.ssl
*** crypto/openssl/crypto/rc4/Makefile.ssl Wed Jul 4 18:19:34 2001
--- ../RELENG_4_7/crypto/openssl/crypto/rc4/Makefile.ssl Fri Feb 21 07:24:23 2003
***************
*** 97,103 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 97,103 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4.c ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4.c
*** crypto/openssl/crypto/rc4/rc4.c Mon Jan 10 00:21:50 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4.c Fri Feb 21 07:24:23 2003
***************
*** 155,161 ****
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
if (i != 0)
{
! memset(buf,0,BUFSIZ);
fprintf(stderr,"bad password read\n");
exit(1);
}
--- 155,161 ----
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
if (i != 0)
{
! OPENSSL_cleanse(buf,BUFSIZ);
fprintf(stderr,"bad password read\n");
exit(1);
}
***************
*** 163,169 ****
}
MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
! memset(keystr,0,strlen(keystr));
RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
for(;;)
--- 163,169 ----
}
MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
! OPENSSL_cleanse(keystr,strlen(keystr));
RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
for(;;)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4test.c ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4test.c
*** crypto/openssl/crypto/rc4/rc4test.c Sun Aug 20 03:46:36 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4test.c Fri Feb 21 07:24:23 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <stdlib.h>
#include <string.h>
+ #include "../e_os.h"
+
#ifdef NO_RC4
int main(int argc, char *argv[])
{
***************
*** 195,201 ****
}
}
printf("done\n");
! exit(err);
return(0);
}
#endif
--- 197,203 ----
}
}
printf("done\n");
! EXIT(err);
return(0);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rc5/Makefile.ssl
*** crypto/openssl/crypto/rc5/Makefile.ssl Wed Jul 4 18:19:34 2001
--- ../RELENG_4_7/crypto/openssl/crypto/rc5/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 94,100 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 94,100 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5test.c ../RELENG_4_7/crypto/openssl/crypto/rc5/rc5test.c
*** crypto/openssl/crypto/rc5/rc5test.c Sun Aug 20 03:46:37 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rc5/rc5test.c Fri Feb 21 07:24:24 2003
***************
*** 63,68 ****
--- 63,70 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_RC5
int main(int argc, char *argv[])
{
***************
*** 318,324 ****
}
if (err == 0) printf("cbc RC5 ok\n");
! exit(err);
return(err);
}
--- 320,326 ----
}
if (err == 0) printf("cbc RC5 ok\n");
! EXIT(err);
return(err);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/ripemd/Makefile.ssl
*** crypto/openssl/crypto/ripemd/Makefile.ssl Wed Jul 4 18:19:35 2001
--- ../RELENG_4_7/crypto/openssl/crypto/ripemd/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 92,98 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 92,98 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 106,109 ****
rmd_dgst.o: ../../include/openssl/opensslconf.h
rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
! rmd_one.o: ../../include/openssl/ripemd.h
--- 106,111 ----
rmd_dgst.o: ../../include/openssl/opensslconf.h
rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
! rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
! rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
! rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd_one.c ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmd_one.c
*** crypto/openssl/crypto/ripemd/rmd_one.c Sun Aug 20 03:46:39 2000
--- ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmd_one.c Fri Feb 21 07:24:24 2003
***************
*** 59,64 ****
--- 59,65 ----
#include <stdio.h>
#include <string.h>
#include <openssl/ripemd.h>
+ #include <openssl/crypto.h>
unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
unsigned char *md)
***************
*** 70,76 ****
RIPEMD160_Init(&c);
RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c);
! memset(&c,0,sizeof(c)); /* security consideration */
return(md);
}
--- 71,77 ----
RIPEMD160_Init(&c);
RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c);
! OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmdtest.c ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmdtest.c
*** crypto/openssl/crypto/ripemd/rmdtest.c Sun Aug 20 03:46:39 2000
--- ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmdtest.c Fri Feb 21 07:24:24 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_RIPEMD
int main(int argc, char *argv[])
{
***************
*** 124,130 ****
R++;
P++;
}
! exit(err);
return(0);
}
--- 126,132 ----
R++;
P++;
}
! EXIT(err);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rsa/Makefile.ssl
*** crypto/openssl/crypto/rsa/Makefile.ssl Wed Jul 4 18:19:35 2001
--- ../RELENG_4_7/crypto/openssl/crypto/rsa/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 70,76 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 70,76 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa.h ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa.h
*** crypto/openssl/crypto/rsa/rsa.h Tue Jul 30 17:05:44 2002
--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa.h Fri Feb 21 07:24:24 2003
***************
*** 169,174 ****
--- 168,175 ----
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
+
+ #define RSA_PKCS1_PADDING_SIZE 11
#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_eay.c
*** crypto/openssl/crypto/rsa/rsa_eay.c Tue Jul 30 17:05:44 2002
--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_eay.c Fri Feb 21 07:24:24 2003
***************
*** 185,191 ****
BN_clear_free(&ret);
if (buf != NULL)
{
! memset(buf,0,num);
OPENSSL_free(buf);
}
return(r);
--- 184,190 ----
BN_clear_free(&ret);
if (buf != NULL)
{
! OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
***************
*** 269,275 ****
BN_clear_free(&f);
if (buf != NULL)
{
! memset(buf,0,num);
OPENSSL_free(buf);
}
return(r);
--- 268,274 ----
BN_clear_free(&f);
if (buf != NULL)
{
! OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
***************
*** 368,374 ****
BN_clear_free(&ret);
if (buf != NULL)
{
! memset(buf,0,num);
OPENSSL_free(buf);
}
return(r);
--- 367,373 ----
BN_clear_free(&ret);
if (buf != NULL)
{
! OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
***************
*** 465,471 ****
BN_clear_free(&ret);
if (buf != NULL)
{
! memset(buf,0,num);
OPENSSL_free(buf);
}
return(r);
--- 464,470 ----
BN_clear_free(&ret);
if (buf != NULL)
{
! OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_pk1.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_pk1.c
*** crypto/openssl/crypto/rsa/rsa_pk1.c Sun Aug 20 03:46:40 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_pk1.c Fri Feb 21 07:24:24 2003
***************
*** 68,74 ****
int j;
unsigned char *p;
! if (flen > (tlen-11))
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return(0);
--- 68,74 ----
int j;
unsigned char *p;
! if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return(0);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_saos.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_saos.c
*** crypto/openssl/crypto/rsa/rsa_saos.c Sun Nov 26 05:33:52 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_saos.c Fri Feb 21 07:24:24 2003
***************
*** 76,82 ****
i=i2d_ASN1_OCTET_STRING(&sig,NULL);
j=RSA_size(rsa);
! if ((i-RSA_PKCS1_PADDING) > j)
{
RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
return(0);
--- 76,82 ----
i=i2d_ASN1_OCTET_STRING(&sig,NULL);
j=RSA_size(rsa);
! if (i > (j-RSA_PKCS1_PADDING_SIZE))
{
RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
return(0);
***************
*** 95,101 ****
else
*siglen=i;
! memset(s,0,(unsigned int)j+1);
OPENSSL_free(s);
return(ret);
}
--- 95,101 ----
else
*siglen=i;
! OPENSSL_cleanse(s,(unsigned int)j+1);
OPENSSL_free(s);
return(ret);
}
***************
*** 137,143 ****
ret=1;
err:
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
! memset(s,0,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
--- 137,143 ----
ret=1;
err:
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
! OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_sign.c
*** crypto/openssl/crypto/rsa/rsa_sign.c Sun Nov 26 05:33:52 2000
--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_sign.c Fri Feb 21 07:24:24 2003
***************
*** 109,115 ****
i=i2d_X509_SIG(&sig,NULL);
}
j=RSA_size(rsa);
! if ((i-RSA_PKCS1_PADDING) > j)
{
RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
return(0);
--- 109,115 ----
i=i2d_X509_SIG(&sig,NULL);
}
j=RSA_size(rsa);
! if (i > (j-RSA_PKCS1_PADDING_SIZE))
{
RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
return(0);
***************
*** 131,137 ****
*siglen=i;
if(type != NID_md5_sha1) {
! memset(s,0,(unsigned int)j+1);
OPENSSL_free(s);
}
return(ret);
--- 131,137 ----
*siglen=i;
if(type != NID_md5_sha1) {
! OPENSSL_cleanse(s,(unsigned int)j+1);
OPENSSL_free(s);
}
return(ret);
***************
*** 214,220 ****
}
err:
if (sig != NULL) X509_SIG_free(sig);
! memset(s,0,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
--- 214,220 ----
}
err:
if (sig != NULL) X509_SIG_free(sig);
! OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/sha/Makefile.ssl
*** crypto/openssl/crypto/sha/Makefile.ssl Wed Jul 4 18:19:36 2001
--- ../RELENG_4_7/crypto/openssl/crypto/sha/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 92,98 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 92,98 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 103,113 ****
# DO NOT DELETE THIS LINE -- make depend depends on it.
! sha1_one.o: ../../include/openssl/sha.h
sha1dgst.o: ../../include/openssl/opensslconf.h
sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
sha1dgst.o: ../md32_common.h sha_locl.h
sha_dgst.o: ../../include/openssl/opensslconf.h
sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
sha_dgst.o: ../md32_common.h sha_locl.h
! sha_one.o: ../../include/openssl/sha.h
--- 103,117 ----
# DO NOT DELETE THIS LINE -- make depend depends on it.
! sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
! sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
! sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
sha1dgst.o: ../../include/openssl/opensslconf.h
sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
sha1dgst.o: ../md32_common.h sha_locl.h
sha_dgst.o: ../../include/openssl/opensslconf.h
sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
sha_dgst.o: ../md32_common.h sha_locl.h
! sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
! sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
! sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1_one.c ../RELENG_4_7/crypto/openssl/crypto/sha/sha1_one.c
*** crypto/openssl/crypto/sha/sha1_one.c Mon Jan 10 00:21:52 2000
--- ../RELENG_4_7/crypto/openssl/crypto/sha/sha1_one.c Fri Feb 21 07:24:24 2003
***************
*** 59,64 ****
--- 59,65 ----
#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
+ #include <openssl/crypto.h>
#ifndef NO_SHA1
unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
***************
*** 70,76 ****
SHA1_Init(&c);
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
! memset(&c,0,sizeof(c));
return(md);
}
#endif
--- 71,77 ----
SHA1_Init(&c);
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
! OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1test.c ../RELENG_4_7/crypto/openssl/crypto/sha/sha1test.c
*** crypto/openssl/crypto/sha/sha1test.c Sun Aug 20 03:46:45 2000
--- ../RELENG_4_7/crypto/openssl/crypto/sha/sha1test.c Fri Feb 21 07:24:24 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_SHA
int main(int argc, char *argv[])
{
***************
*** 152,158 ****
}
else
printf("test 3 ok\n");
! exit(err);
return(0);
}
--- 154,160 ----
}
else
printf("test 3 ok\n");
! EXIT(err);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha_one.c ../RELENG_4_7/crypto/openssl/crypto/sha/sha_one.c
*** crypto/openssl/crypto/sha/sha_one.c Mon Jan 10 00:21:52 2000
--- ../RELENG_4_7/crypto/openssl/crypto/sha/sha_one.c Fri Feb 21 07:24:24 2003
***************
*** 59,64 ****
--- 59,65 ----
#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
+ #include <openssl/crypto.h>
#ifndef NO_SHA0
unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
***************
*** 70,76 ****
SHA_Init(&c);
SHA_Update(&c,d,n);
SHA_Final(md,&c);
! memset(&c,0,sizeof(c));
return(md);
}
#endif
--- 71,77 ----
SHA_Init(&c);
SHA_Update(&c,d,n);
SHA_Final(md,&c);
! OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/shatest.c ../RELENG_4_7/crypto/openssl/crypto/sha/shatest.c
*** crypto/openssl/crypto/sha/shatest.c Sun Aug 20 03:46:45 2000
--- ../RELENG_4_7/crypto/openssl/crypto/sha/shatest.c Fri Feb 21 07:24:24 2003
***************
*** 60,65 ****
--- 60,67 ----
#include <string.h>
#include <stdlib.h>
+ #include "../e_os.h"
+
#ifdef NO_SHA
int main(int argc, char *argv[])
{
***************
*** 152,158 ****
}
else
printf("test 3 ok\n");
! exit(err);
return(0);
}
--- 154,160 ----
}
else
printf("test 3 ok\n");
! EXIT(err);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/stack/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/stack/Makefile.ssl
*** crypto/openssl/crypto/stack/Makefile.ssl Wed Jul 4 18:19:37 2001
--- ../RELENG_4_7/crypto/openssl/crypto/stack/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/threads/mttest.c ../RELENG_4_7/crypto/openssl/crypto/threads/mttest.c
*** crypto/openssl/crypto/threads/mttest.c Sun Nov 26 05:33:57 2000
--- ../RELENG_4_7/crypto/openssl/crypto/threads/mttest.c Fri Feb 21 07:24:24 2003
***************
*** 77,82 ****
--- 77,86 ----
#ifdef PTHREADS
#include <pthread.h>
#endif
+ #ifdef VXWORKS
+ #include <taskLib.h>
+ #include <semLib.h>
+ #endif
#include <openssl/lhash.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
***************
*** 105,114 ****
--- 109,120 ----
void solaris_locking_callback(int mode,int type,char *file,int line);
void win32_locking_callback(int mode,int type,char *file,int line);
void pthreads_locking_callback(int mode,int type,char *file,int line);
+ void vxworks_locking_callback(int mode,int type,char *file,int line);
unsigned long irix_thread_id(void );
unsigned long solaris_thread_id(void );
unsigned long pthreads_thread_id(void );
+ unsigned long vxworks_thread_id(void );
BIO *bio_err=NULL;
BIO *bio_stdout=NULL;
***************
*** 1097,1100 ****
--- 1103,1221 ----
#endif /* PTHREADS */
+ #ifdef VXWORKS
+
+ #define DEFAULT_TASK_NAME NULL
+ #define DEFAULT_TASK_PRIORITY 100
+ #define DEFAULT_TASK_OPTIONS 0
+ #define DEFAULT_TASK_STACK_BYTES 32768
+
+ static SEM_ID *lock_cs;
+ static long *lock_count;
+
+ extern int sysClkRateGet();
+
+ void thread_setup(void)
+ {
+ int i;
+
+ lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(SEM_ID));
+ lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i=0; i<CRYPTO_num_locks(); i++)
+ {
+ lock_count[i]=0;
+ lock_cs[i] = semMCreate(SEM_Q_PRIORITY | SEM_INVERSION_SAFE);
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())vxworks_thread_id);
+ CRYPTO_set_locking_callback((void (*)())vxworks_locking_callback);
+ }
+
+ void thread_cleanup(void)
+ {
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ fprintf(stderr,"cleanup\n");
+ for (i=0; i<CRYPTO_num_locks(); i++)
+ {
+ semDelete(lock_cs[i]);
+ fprintf(stderr,"%8ld:%s\n",lock_count[i],
+ CRYPTO_get_lock_name(i));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+
+ fprintf(stderr,"done cleanup\n");
+ }
+
+ void vxworks_locking_callback(int mode, int type, char *file, int line)
+ {
+ #ifdef undef
+ fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode&CRYPTO_LOCK)?"l":"u",
+ (type&CRYPTO_READ)?"r":"w",file,line);
+ #endif
+ /*
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
+ */
+ if (mode & CRYPTO_LOCK)
+ {
+ semTake(lock_cs[type], WAIT_FOREVER);
+ lock_count[type]++;
+ }
+ else
+ {
+ semGive(lock_cs[type]);
+ }
+ }
+
+
+ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+ {
+ SSL_CTX *ssl_ctx[2];
+ int thread_ctx[MAX_THREAD_NUMBER];
+ int i;
+
+ ssl_ctx[0]=s_ctx;
+ ssl_ctx[1]=c_ctx;
+
+ /*
+ thr_setconcurrency(thread_number);
+ */
+ for (i=0; i<thread_number; i++)
+ {
+ thread_ctx[i] = taskSpawn(DEFAULT_TASK_NAME,
+ DEFAULT_TASK_PRIORITY,
+ DEFAULT_TASK_OPTIONS,
+ DEFAULT_TASK_STACK_BYTES,
+ (FUNCPTR)ndoit,
+ (int)ssl_ctx, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+
+ printf("Spawned task %d (%x)\n", i, thread_ctx[i]);
+ }
+
+ printf("reaping\n");
+ for (i=0; i<thread_number; i++)
+ {
+ while(taskIdVerify(thread_ctx[i]) != ERROR)
+ {
+ taskDelay(sysClkRateGet()/10);
+ }
+ printf("Reaped task %d (%x)\n", i, thread_ctx[i]);
+ }
+
+ printf("vxworks threads done (%d,%d)\n",
+ s_ctx->references,c_ctx->references);
+ }
+
+ unsigned long vxworks_thread_id(void)
+ {
+ return((unsigned long)taskIdSelf());
+ }
+ #endif /* VXWORKS */
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/tmdiff.c ../RELENG_4_7/crypto/openssl/crypto/tmdiff.c
*** crypto/openssl/crypto/tmdiff.c Tue Jul 30 17:05:02 2002
--- ../RELENG_4_7/crypto/openssl/crypto/tmdiff.c Fri Feb 21 07:24:20 2003
***************
*** 105,110 ****
--- 105,115 ----
#include <windows.h>
#endif
+ #ifdef VXWORKS
+ #include <tickLib.h>
+ #include <drv/timer/timerDev.h>
+ #endif
+
/* The following if from times(3) man page. It may need to be changed */
#ifndef HZ
# ifndef CLK_TCK
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/txt_db/Makefile.ssl
*** crypto/openssl/crypto/txt_db/Makefile.ssl Wed Jul 4 18:19:38 2001
--- ../RELENG_4_7/crypto/openssl/crypto/txt_db/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 68,74 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 68,74 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/uid.c ../RELENG_4_7/crypto/openssl/crypto/uid.c
*** crypto/openssl/crypto/uid.c Wed Jul 4 18:22:30 2001
--- ../RELENG_4_7/crypto/openssl/crypto/uid.c Fri Feb 21 07:24:20 2003
***************
*** 64,70 ****
return issetugid();
}
! #elif defined(WIN32)
int OPENSSL_issetugid(void)
{
--- 64,70 ----
return issetugid();
}
! #elif defined(WIN32) || defined(VXWORKS)
int OPENSSL_issetugid(void)
{
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/x509/Makefile.ssl
*** crypto/openssl/crypto/x509/Makefile.ssl Tue Jul 30 17:05:47 2002
--- ../RELENG_4_7/crypto/openssl/crypto/x509/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 78,84 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 78,84 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/by_file.c ../RELENG_4_7/crypto/openssl/crypto/x509/by_file.c
*** crypto/openssl/crypto/x509/by_file.c Sun Aug 20 03:46:47 2000
--- ../RELENG_4_7/crypto/openssl/crypto/x509/by_file.c Fri Feb 21 07:24:24 2003
***************
*** 100,116 ****
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
! ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
! X509_FILETYPE_PEM) != 0);
if (!ok)
{
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
- }
- else
- {
- file=(char *)Getenv(X509_get_default_cert_file_env());
- ok = (X509_load_cert_crl_file(ctx,file,
- X509_FILETYPE_PEM) != 0);
}
}
else
--- 100,117 ----
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
! file = (char *)Getenv(X509_get_default_cert_file_env());
! if (file)
! ok = (X509_load_cert_crl_file(ctx,file,
! X509_FILETYPE_PEM) != 0);
!
! if (!ok)
! ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
! X509_FILETYPE_PEM) != 0);
!
if (!ok)
{
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
}
}
else
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_cmp.c ../RELENG_4_7/crypto/openssl/crypto/x509/x509_cmp.c
*** crypto/openssl/crypto/x509/x509_cmp.c Wed Jul 4 18:19:39 2001
--- ../RELENG_4_7/crypto/openssl/crypto/x509/x509_cmp.c Fri Feb 21 07:24:24 2003
***************
*** 57,62 ****
--- 57,63 ----
*/
#include <stdio.h>
+ #include <ctype.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/objects.h>
***************
*** 157,162 ****
--- 158,256 ----
}
#endif
+
+ /* Case insensitive string comparision */
+ static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+ {
+ int i;
+
+ if (a->length != b->length)
+ return (a->length - b->length);
+
+ for (i=0; i<a->length; i++)
+ {
+ int ca, cb;
+
+ ca = tolower(a->data[i]);
+ cb = tolower(b->data[i]);
+
+ if (ca != cb)
+ return(ca-cb);
+ }
+ return 0;
+ }
+
+ /* Case insensitive string comparision with space normalization
+ * Space normalization - ignore leading, trailing spaces,
+ * multiple spaces between characters are replaced by single space
+ */
+ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+ {
+ unsigned char *pa = NULL, *pb = NULL;
+ int la, lb;
+
+ la = a->length;
+ lb = b->length;
+ pa = a->data;
+ pb = b->data;
+
+ /* skip leading spaces */
+ while (la > 0 && isspace(*pa))
+ {
+ la--;
+ pa++;
+ }
+ while (lb > 0 && isspace(*pb))
+ {
+ lb--;
+ pb++;
+ }
+
+ /* skip trailing spaces */
+ while (la > 0 && isspace(pa[la-1]))
+ la--;
+ while (lb > 0 && isspace(pb[lb-1]))
+ lb--;
+
+ /* compare strings with space normalization */
+ while (la > 0 && lb > 0)
+ {
+ int ca, cb;
+
+ /* compare character */
+ ca = tolower(*pa);
+ cb = tolower(*pb);
+ if (ca != cb)
+ return (ca - cb);
+
+ pa++; pb++;
+ la--; lb--;
+
+ if (la <= 0 || lb <= 0)
+ break;
+
+ /* is white space next character ? */
+ if (isspace(*pa) && isspace(*pb))
+ {
+ /* skip remaining white spaces */
+ while (la > 0 && isspace(*pa))
+ {
+ la--;
+ pa++;
+ }
+ while (lb > 0 && isspace(*pb))
+ {
+ lb--;
+ pb++;
+ }
+ }
+ }
+ if (la > 0 || lb > 0)
+ return la - lb;
+
+ return 0;
+ }
+
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
***************
*** 170,179 ****
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
! j=na->value->length-nb->value->length;
if (j) return(j);
! j=memcmp(na->value->data,nb->value->data,
! na->value->length);
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);
--- 264,283 ----
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
! j=na->value->type-nb->value->type;
if (j) return(j);
! if (na->value->type == V_ASN1_PRINTABLESTRING)
! j=nocase_spacenorm_cmp(na->value, nb->value);
! else if (na->value->type == V_ASN1_IA5STRING
! && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
! j=nocase_cmp(na->value, nb->value);
! else
! {
! j=na->value->length-nb->value->length;
! if (j) return(j);
! j=memcmp(na->value->data,nb->value->data,
! na->value->length);
! }
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_vfy.c ../RELENG_4_7/crypto/openssl/crypto/x509/x509_vfy.c
*** crypto/openssl/crypto/x509/x509_vfy.c Tue Jul 30 17:05:47 2002
--- ../RELENG_4_7/crypto/openssl/crypto/x509/x509_vfy.c Fri Feb 21 07:24:24 2003
***************
*** 567,573 ****
{
char *str;
ASN1_TIME atm;
! time_t offset;
char buff1[24],buff2[24],*p;
int i,j;
--- 567,573 ----
{
char *str;
ASN1_TIME atm;
! long offset;
char buff1[24],buff2[24],*p;
int i,j;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/x509v3/Makefile.ssl
*** crypto/openssl/crypto/x509v3/Makefile.ssl Tue Jul 30 17:05:48 2002
--- ../RELENG_4_7/crypto/openssl/crypto/x509v3/Makefile.ssl Fri Feb 21 07:24:24 2003
***************
*** 72,78 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 72,78 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/selfsign.c ../RELENG_4_7/crypto/openssl/demos/selfsign.c
*** crypto/openssl/demos/selfsign.c Sun Aug 20 03:46:50 2000
--- ../RELENG_4_7/crypto/openssl/demos/selfsign.c Fri Feb 21 07:24:24 2003
***************
*** 106,112 ****
}
rsa=NULL;
! X509_set_version(x,3);
ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
--- 106,112 ----
}
rsa=NULL;
! X509_set_version(x,2);
ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/passwd.pod ../RELENG_4_7/crypto/openssl/doc/apps/passwd.pod
*** crypto/openssl/doc/apps/passwd.pod Sun Nov 26 05:34:06 2000
--- ../RELENG_4_7/crypto/openssl/doc/apps/passwd.pod Fri Feb 21 07:24:25 2003
***************
*** 69,75 ****
B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
--- 69,75 ----
B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_4_7/crypto/openssl/doc/apps/req.pod
*** crypto/openssl/doc/apps/req.pod Sun Nov 26 05:34:06 2000
--- ../RELENG_4_7/crypto/openssl/doc/apps/req.pod Fri Feb 21 07:24:25 2003
***************
*** 457,469 ****
The header and footer lines in the B<PEM> format are normally:
! -----BEGIN CERTIFICATE REQUEST----
! -----END CERTIFICATE REQUEST----
some software (some versions of Netscape certificate server) instead needs:
! -----BEGIN NEW CERTIFICATE REQUEST----
! -----END NEW CERTIFICATE REQUEST----
which is produced with the B<-newhdr> option but is otherwise compatible.
Either form is accepted transparently on input.
--- 457,469 ----
The header and footer lines in the B<PEM> format are normally:
! -----BEGIN CERTIFICATE REQUEST-----
! -----END CERTIFICATE REQUEST-----
some software (some versions of Netscape certificate server) instead needs:
! -----BEGIN NEW CERTIFICATE REQUEST-----
! -----END NEW CERTIFICATE REQUEST-----
which is produced with the B<-newhdr> option but is otherwise compatible.
Either form is accepted transparently on input.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/smime.pod ../RELENG_4_7/crypto/openssl/doc/apps/smime.pod
*** crypto/openssl/doc/apps/smime.pod Tue Jul 30 17:05:51 2002
--- ../RELENG_4_7/crypto/openssl/doc/apps/smime.pod Fri Feb 21 07:24:25 2003
***************
*** 340,347 ****
signature by line wrapping the base64 encoded structure and surrounding
it with:
! -----BEGIN PKCS7----
! -----END PKCS7----
and using the command,
--- 340,347 ----
signature by line wrapping the base64 encoded structure and surrounding
it with:
! -----BEGIN PKCS7-----
! -----END PKCS7-----
and using the command,
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_4_7/crypto/openssl/doc/apps/x509.pod
*** crypto/openssl/doc/apps/x509.pod Sun Nov 26 05:34:06 2000
--- ../RELENG_4_7/crypto/openssl/doc/apps/x509.pod Fri Feb 21 07:24:25 2003
***************
*** 321,327 ****
".srl" appended. For example if the CA certificate file is called
"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
! =item B<-CAcreateserial filename>
with this option the CA serial number file is created if it does not exist:
it will contain the serial number "02" and the certificate being signed will
--- 321,327 ----
".srl" appended. For example if the CA certificate file is called
"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
! =item B<-CAcreateserial>
with this option the CA serial number file is created if it does not exist:
it will contain the serial number "02" and the certificate being signed will
***************
*** 532,556 ****
Set a certificate to be trusted for SSL client use and change set its alias to
"Steve's Class 1 CA"
! openssl x509 -in cert.pem -addtrust sslclient \
! -alias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
The PEM format uses the header and footer lines:
! -----BEGIN CERTIFICATE----
! -----END CERTIFICATE----
it will also handle files containing:
! -----BEGIN X509 CERTIFICATE----
! -----END X509 CERTIFICATE----
Trusted certificates have the lines
! -----BEGIN TRUSTED CERTIFICATE----
! -----END TRUSTED CERTIFICATE----
The conversion to UTF8 format used with the name options assumes that
T61Strings use the ISO8859-1 character set. This is wrong but Netscape
--- 532,556 ----
Set a certificate to be trusted for SSL client use and change set its alias to
"Steve's Class 1 CA"
! openssl x509 -in cert.pem -addtrust clientAuth \
! -setalias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
The PEM format uses the header and footer lines:
! -----BEGIN CERTIFICATE-----
! -----END CERTIFICATE-----
it will also handle files containing:
! -----BEGIN X509 CERTIFICATE-----
! -----END X509 CERTIFICATE-----
Trusted certificates have the lines
! -----BEGIN TRUSTED CERTIFICATE-----
! -----END TRUSTED CERTIFICATE-----
The conversion to UTF8 format used with the name options assumes that
T61Strings use the ISO8859-1 character set. This is wrong but Netscape
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/c-indentation.el ../RELENG_4_7/crypto/openssl/doc/c-indentation.el
*** crypto/openssl/doc/c-indentation.el Sun Nov 26 05:34:04 2000
--- ../RELENG_4_7/crypto/openssl/doc/c-indentation.el Fri Feb 21 07:24:25 2003
***************
*** 13,24 ****
;
; Apparently statement blocks that are not introduced by a statement
; such as "if" and that are not the body of a function cannot
! ; be handled too well by CC mode with this indentation style.
! ; The style defined below does not indent them at all.
! ; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
! ; command of Emacs). If you know a solution to this problem
! ; or find other problems with this indentation style definition,
! ; please send e-mail to bodo@openssl.org.
(c-add-style "eay"
'((c-basic-offset . 8)
--- 13,22 ----
;
; Apparently statement blocks that are not introduced by a statement
; such as "if" and that are not the body of a function cannot
! ; be handled too well by CC mode with this indentation style,
! ; so you have to indent them manually (you can use C-q tab).
! ;
! ; For suggesting improvements, please send e-mail to bodo@openssl.org.
(c-add-style "eay"
'((c-basic-offset . 8)
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_CTX_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_CTX_new.pod
*** crypto/openssl/doc/crypto/BN_CTX_new.pod Sun Aug 20 03:46:55 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_CTX_new.pod Fri Feb 21 07:24:25 2003
***************
*** 42,48 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_start(3)|BN_CTX_start(3)>
=head1 HISTORY
--- 42,48 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_start(3)|BN_CTX_start(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add.pod
*** crypto/openssl/doc/crypto/BN_add.pod Sun Aug 20 03:46:55 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add.pod Fri Feb 21 07:24:25 2003
***************
*** 86,92 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
=head1 HISTORY
--- 86,92 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add_word.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add_word.pod
*** crypto/openssl/doc/crypto/BN_add_word.pod Sun Aug 20 03:46:55 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add_word.pod Fri Feb 21 07:24:25 2003
***************
*** 46,52 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
--- 46,52 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_bn2bin.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_bn2bin.pod
*** crypto/openssl/doc/crypto/BN_bn2bin.pod Tue Jul 30 17:05:51 2002
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_bn2bin.pod Fri Feb 21 07:24:25 2003
***************
*** 80,86 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
L<BN_num_bytes(3)|BN_num_bytes(3)>
--- 80,86 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
L<BN_num_bytes(3)|BN_num_bytes(3)>
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_copy.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_copy.pod
*** crypto/openssl/doc/crypto/BN_copy.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_copy.pod Fri Feb 21 07:24:25 2003
***************
*** 25,31 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>
=head1 HISTORY
--- 25,31 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_generate_prime.pod
*** crypto/openssl/doc/crypto/BN_generate_prime.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_generate_prime.pod Fri Feb 21 07:24:25 2003
***************
*** 70,76 ****
Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
probabilistic primality test with B<checks> iterations. If
! B<checks == BN_prime_check>, a number of iterations is used that
yields a false positive rate of at most 2^-80 for random input.
If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
--- 70,76 ----
Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
probabilistic primality test with B<checks> iterations. If
! B<checks == BN_prime_checks>, a number of iterations is used that
yields a false positive rate of at most 2^-80 for random input.
If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
***************
*** 90,96 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
=head1 HISTORY
--- 90,96 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_inverse.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_inverse.pod
*** crypto/openssl/doc/crypto/BN_mod_inverse.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_inverse.pod Fri Feb 21 07:24:25 2003
***************
*** 27,33 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
--- 27,33 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
*** crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod Sun Nov 26 05:34:07 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod Fri Feb 21 07:24:25 2003
***************
*** 81,87 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
--- 81,87 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
*** crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod Sun Nov 26 05:34:07 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod Fri Feb 21 07:24:25 2003
***************
*** 69,75 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
--- 69,75 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_new.pod
*** crypto/openssl/doc/crypto/BN_new.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_new.pod Fri Feb 21 07:24:25 2003
***************
*** 42,48 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>
=head1 HISTORY
--- 42,48 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_rand.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_rand.pod
*** crypto/openssl/doc/crypto/BN_rand.pod Tue Jul 30 17:05:51 2002
--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_rand.pod Fri Feb 21 07:24:25 2003
***************
*** 45,51 ****
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
=head1 HISTORY
--- 45,51 ----
=head1 SEE ALSO
! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_key.pod
*** crypto/openssl/doc/crypto/DH_generate_key.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_key.pod Fri Feb 21 07:24:25 2003
***************
*** 40,46 ****
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
=head1 HISTORY
--- 40,46 ----
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_parameters.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_parameters.pod
*** crypto/openssl/doc/crypto/DH_generate_parameters.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_parameters.pod Fri Feb 21 07:24:25 2003
***************
*** 59,65 ****
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
=head1 HISTORY
--- 59,66 ----
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
! L<DH_free(3)|DH_free(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DH_new.pod
*** crypto/openssl/doc/crypto/DH_new.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DH_new.pod Fri Feb 21 07:24:25 2003
***************
*** 29,35 ****
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<err(3)|err(3)>,
L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
L<DH_generate_key(3)|DH_generate_key(3)>
--- 29,35 ----
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
L<DH_generate_key(3)|DH_generate_key(3)>
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_SIG_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_SIG_new.pod
*** crypto/openssl/doc/crypto/DSA_SIG_new.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_SIG_new.pod Fri Feb 21 07:24:25 2003
***************
*** 30,36 ****
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
--- 30,37 ----
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
! L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_do_sign.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_do_sign.pod
*** crypto/openssl/doc/crypto/DSA_do_sign.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_do_sign.pod Fri Feb 21 07:24:25 2003
***************
*** 36,42 ****
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
L<DSA_sign(3)|DSA_sign(3)>
--- 36,42 ----
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
L<DSA_sign(3)|DSA_sign(3)>
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_dup_DH.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_dup_DH.pod
*** crypto/openssl/doc/crypto/DSA_dup_DH.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_dup_DH.pod Fri Feb 21 07:24:25 2003
***************
*** 27,33 ****
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
=head1 HISTORY
--- 27,33 ----
=head1 SEE ALSO
! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_key.pod
*** crypto/openssl/doc/crypto/DSA_generate_key.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_key.pod Fri Feb 21 07:24:25 2003
***************
*** 24,30 ****
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
=head1 HISTORY
--- 24,31 ----
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
! L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_parameters.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
*** crypto/openssl/doc/crypto/DSA_generate_parameters.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_parameters.pod Fri Feb 21 07:24:25 2003
***************
*** 90,96 ****
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
L<DSA_free(3)|DSA_free(3)>
=head1 HISTORY
--- 90,96 ----
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_free(3)|DSA_free(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_new.pod
*** crypto/openssl/doc/crypto/DSA_new.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_new.pod Fri Feb 21 07:24:25 2003
***************
*** 30,36 ****
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
L<DSA_generate_key(3)|DSA_generate_key(3)>
--- 30,36 ----
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
L<DSA_generate_key(3)|DSA_generate_key(3)>
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_sign.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_sign.pod
*** crypto/openssl/doc/crypto/DSA_sign.pod Sun Aug 20 03:46:56 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_sign.pod Fri Feb 21 07:24:25 2003
***************
*** 55,61 ****
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
--- 55,61 ----
=head1 SEE ALSO
! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_4_7/crypto/openssl/doc/crypto/EVP_SealInit.pod
*** crypto/openssl/doc/crypto/EVP_SealInit.pod Sun Nov 26 05:34:08 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/EVP_SealInit.pod Fri Feb 21 07:24:25 2003
***************
*** 12,18 ****
int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
! int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
=head1 DESCRIPTION
--- 12,18 ----
int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
! void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
=head1 DESCRIPTION
***************
*** 43,50 ****
EVP_SealInit() returns 0 on error or B<npubk> if successful.
! EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
! failure.
=head1 NOTES
--- 43,49 ----
EVP_SealInit() returns 0 on error or B<npubk> if successful.
! EVP_SealUpdate() returns 1 for success and 0 for failure.
=head1 NOTES
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RAND_bytes.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RAND_bytes.pod
*** crypto/openssl/doc/crypto/RAND_bytes.pod Sun Aug 20 03:46:57 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RAND_bytes.pod Fri Feb 21 07:24:25 2003
***************
*** 35,41 ****
=head1 SEE ALSO
! L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
=head1 HISTORY
--- 35,42 ----
=head1 SEE ALSO
! L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
! L<RAND_add(3)|RAND_add(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_check_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_check_key.pod
*** crypto/openssl/doc/crypto/RSA_check_key.pod Tue Jul 30 17:05:51 2002
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_check_key.pod Fri Feb 21 07:24:25 2003
***************
*** 39,45 ****
=head1 SEE ALSO
! L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
=head1 HISTORY
--- 39,45 ----
=head1 SEE ALSO
! L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_generate_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_generate_key.pod
*** crypto/openssl/doc/crypto/RSA_generate_key.pod Tue Jul 30 17:05:51 2002
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_generate_key.pod Fri Feb 21 07:24:25 2003
***************
*** 59,65 ****
=head1 SEE ALSO
! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
=head1 HISTORY
--- 59,66 ----
=head1 SEE ALSO
! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
! L<RSA_free(3)|RSA_free(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_print.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_print.pod
*** crypto/openssl/doc/crypto/RSA_print.pod Sun Nov 26 05:34:08 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_print.pod Fri Feb 21 07:24:25 2003
***************
*** 2,10 ****
=head1 NAME
! RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
! DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
! parameters
=head1 SYNOPSIS
--- 2,10 ----
=head1 NAME
! RSA_print, RSA_print_fp,
! DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
! DHparams_print, DHparams_print_fp - print cryptographic parameters
=head1 SYNOPSIS
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_private_encrypt.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
*** crypto/openssl/doc/crypto/RSA_private_encrypt.pod Sun Aug 20 03:46:57 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_private_encrypt.pod Fri Feb 21 07:24:25 2003
***************
*** 59,65 ****
=head1 SEE ALSO
! L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
--- 59,66 ----
=head1 SEE ALSO
! L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
! L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_public_encrypt.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
*** crypto/openssl/doc/crypto/RSA_public_encrypt.pod Sun Nov 26 05:34:09 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_public_encrypt.pod Fri Feb 21 07:24:25 2003
***************
*** 72,78 ****
=head1 SEE ALSO
! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
=head1 NOTES
--- 72,79 ----
=head1 SEE ALSO
! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
! L<RSA_size(3)|RSA_size(3)>
=head1 NOTES
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign.pod
*** crypto/openssl/doc/crypto/RSA_sign.pod Sun Aug 20 03:46:57 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign.pod Fri Feb 21 07:24:25 2003
***************
*** 50,57 ****
=head1 SEE ALSO
! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
! L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
=head1 HISTORY
--- 50,57 ----
=head1 SEE ALSO
! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
! L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
*** crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod Sun Aug 20 03:46:57 2000
--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod Fri Feb 21 07:24:25 2003
***************
*** 47,54 ****
=head1 SEE ALSO
! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
! L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
--- 47,54 ----
=head1 SEE ALSO
! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
! L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/openssl.txt ../RELENG_4_7/crypto/openssl/doc/openssl.txt
*** crypto/openssl/doc/openssl.txt Sun Nov 26 05:34:04 2000
--- ../RELENG_4_7/crypto/openssl/doc/openssl.txt Fri Feb 21 07:24:25 2003
***************
*** 344,350 ****
Examples:
! subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
subjectAltName=email:my@other.address,RID:1.2.3.4
Issuer Alternative Name.
--- 344,350 ----
Examples:
! subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
subjectAltName=email:my@other.address,RID:1.2.3.4
Issuer Alternative Name.
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_add_session.pod ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
*** crypto/openssl/doc/ssl/SSL_CTX_add_session.pod Wed Jul 4 18:22:31 2001
--- ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod Fri Feb 21 07:24:26 2003
***************
*** 37,42 ****
--- 37,50 ----
identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
is a no-op, and the return value is 0.
+ If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
+ flag then the internal cache will not be populated automatically by new
+ sessions negotiated by the SSL/TLS implementation, even though the internal
+ cache will be searched automatically for session-resume requests (the
+ latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
+ application can use SSL_CTX_add_session() directly to have full control
+ over the sessions that can be resumed if desired.
+
=head1 RETURN VALUES
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
*** crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod Tue Jul 30 17:05:54 2002
--- ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod Fri Feb 21 07:24:26 2003
***************
*** 26,37 ****
object.
In order to reuse a session, a client must send the session's id to the
! server. It can only send exactly one id. The server then decides whether it
! agrees in reusing the session or starts the handshake for a new session.
!
! A server will lookup up the session in its internal session storage. If
! the session is not found in internal storage or internal storage is
! deactivated, the server will try the external storage if available.
Since a client may try to reuse a session intended for use in a different
context, the session id context must be set by the server (see
--- 26,39 ----
object.
In order to reuse a session, a client must send the session's id to the
! server. It can only send exactly one id. The server then either
! agrees to reuse the session or it starts a full handshake (to create a new
! session).
!
! A server will lookup up the session in its internal session storage. If the
! session is not found in internal storage or lookups for the internal storage
! have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
! the external storage if available.
Since a client may try to reuse a session intended for use in a different
context, the session id context must be set by the server (see
***************
*** 57,65 ****
=item SSL_SESS_CACHE_SERVER
Server sessions are added to the session cache. When a client proposes a
! session to be reused, the session is looked up in the internal session cache.
! If the session is found, the server will try to reuse the session.
! This is the default.
=item SSL_SESS_CACHE_BOTH
--- 59,68 ----
=item SSL_SESS_CACHE_SERVER
Server sessions are added to the session cache. When a client proposes a
! session to be reused, the server looks for the corresponding session in (first)
! the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
! then (second) in the external cache if available. If the session is found, the
! server will try to reuse the session. This is the default.
=item SSL_SESS_CACHE_BOTH
***************
*** 77,88 ****
=item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
! By setting this flag sessions are cached in the internal storage but
! they are not looked up automatically. If an external session cache
! is enabled, sessions are looked up in the external cache. As automatic
! lookup only applies for SSL/TLS servers, the flag has no effect on
clients.
=back
The default mode is SSL_SESS_CACHE_SERVER.
--- 80,111 ----
=item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
! By setting this flag, session-resume operations in an SSL/TLS server will not
! automatically look up sessions in the internal cache, even if sessions are
! automatically stored there. If external session caching callbacks are in use,
! this flag guarantees that all lookups are directed to the external cache.
! As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
clients.
+ =item SSL_SESS_CACHE_NO_INTERNAL_STORE
+
+ Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
+ sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
+ Normally a new session is added to the internal cache as well as any external
+ session caching (callback) that is configured for the SSL_CTX. This flag will
+ prevent sessions being stored in the internal cache (though the application can
+ add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
+ in any SSL/TLS servers where external caching is configured, any successful
+ session lookups in the external cache (ie. for session-resume requests) would
+ normally be copied into the local cache before processing continues - this flag
+ prevents these additions to the internal cache as well.
+
+ =item SSL_SESS_CACHE_NO_INTERNAL
+
+ Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
+ SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
+
+
=back
The default mode is SSL_SESS_CACHE_SERVER.
***************
*** 98,108 ****
--- 121,137 ----
L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_session_reused(3)|SSL_session_reused(3)>,
+ L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+
+ =head1 HISTORY
+
+ SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
+ were introduced in OpenSSL 0.9.6h.
=cut
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
*** crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod Tue Jul 30 17:05:54 2002
--- ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod Fri Feb 21 07:24:26 2003
***************
*** 235,241 ****
* At this point, err contains the last verification error. We can use
* it for something special
*/
! if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
{
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
printf("issuer= %s\n", buf);
--- 235,241 ----
* At this point, err contains the last verification error. We can use
* it for something special
*/
! if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
{
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
printf("issuer= %s\n", buf);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/ssl.pod ../RELENG_4_7/crypto/openssl/doc/ssl/ssl.pod
*** crypto/openssl/doc/ssl/ssl.pod Tue Jul 30 17:05:55 2002
--- ../RELENG_4_7/crypto/openssl/doc/ssl/ssl.pod Fri Feb 21 07:24:26 2003
***************
*** 347,353 ****
long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
! The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
session instead of a context.
=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
--- 347,353 ----
long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
! The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
session instead of a context.
=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/e_os.h ../RELENG_4_7/crypto/openssl/e_os.h
*** crypto/openssl/e_os.h Tue Jul 30 17:04:59 2002
--- ../RELENG_4_7/crypto/openssl/e_os.h Fri Feb 21 07:24:19 2003
***************
*** 219,228 ****
# define _kbhit kbhit
# endif
! # if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
! # define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
# else
! # define EXIT(n) return(n);
# endif
# define LIST_SEPARATOR_CHAR ';'
# ifndef X_OK
--- 219,229 ----
# define _kbhit kbhit
# endif
! # if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
! # define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
! # define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
# else
! # define EXIT(n) return(n)
# endif
# define LIST_SEPARATOR_CHAR ';'
# ifndef X_OK
***************
*** 275,292 ****
the status is tagged as an error, which I believe is what is wanted here.
-- Richard Levitte
*/
! # if !defined(MONOLITH) || defined(OPENSSL_C)
! # define EXIT(n) do { int __VMS_EXIT = n; \
if (__VMS_EXIT == 0) \
__VMS_EXIT = 1; \
else \
__VMS_EXIT = (n << 3) | 2; \
__VMS_EXIT |= 0x10000000; \
! exit(__VMS_EXIT); \
! return(__VMS_EXIT); } while(0)
! # else
! # define EXIT(n) return(n)
! # endif
# define NO_SYS_PARAM_H
# else
/* !defined VMS */
--- 276,288 ----
the status is tagged as an error, which I believe is what is wanted here.
-- Richard Levitte
*/
! # define EXIT(n) do { int __VMS_EXIT = n; \
if (__VMS_EXIT == 0) \
__VMS_EXIT = 1; \
else \
__VMS_EXIT = (n << 3) | 2; \
__VMS_EXIT |= 0x10000000; \
! exit(__VMS_EXIT); } while(0)
# define NO_SYS_PARAM_H
# else
/* !defined VMS */
***************
*** 317,327 ****
# define RFILE ".rnd"
# define LIST_SEPARATOR_CHAR ':'
# define NUL_DEV "/dev/null"
! # ifndef MONOLITH
! # define EXIT(n) exit(n); return(n)
! # else
! # define EXIT(n) return(n)
! # endif
# endif
# define SSLeay_getpid() getpid()
--- 313,319 ----
# define RFILE ".rnd"
# define LIST_SEPARATOR_CHAR ':'
# define NUL_DEV "/dev/null"
! # define EXIT(n) exit(n)
# endif
# define SSLeay_getpid() getpid()
***************
*** 439,444 ****
--- 431,444 ----
extern char *sys_errlist[]; extern int sys_nerr;
# define strerror(errnum) \
(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
+ #endif
+
+ #ifndef OPENSSL_EXIT
+ # if defined(MONOLITH) && !defined(OPENSSL_C)
+ # define OPENSSL_EXIT(n) return(n)
+ # else
+ # define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
+ # endif
#endif
/***********************************************/
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_4_7/crypto/openssl/openssl.spec
*** crypto/openssl/openssl.spec Sun Aug 11 09:13:53 2002
--- ../RELENG_4_7/crypto/openssl/openssl.spec Fri Feb 21 07:24:19 2003
***************
*** 1,7 ****
%define libmaj 0
%define libmin 9
%define librel 6
! %define librev g
Release: 1
%define openssldir /var/ssl
--- 1,7 ----
%define libmaj 0
%define libmin 9
%define librel 6
! %define librev i
Release: 1
%define openssldir /var/ssl
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/Makefile.ssl ../RELENG_4_7/crypto/openssl/ssl/Makefile.ssl
*** crypto/openssl/ssl/Makefile.ssl Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/Makefile.ssl Fri Feb 21 07:24:27 2003
***************
*** 84,90 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 84,90 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_clnt.c ../RELENG_4_7/crypto/openssl/ssl/s23_clnt.c
*** crypto/openssl/ssl/s23_clnt.c Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s23_clnt.c Fri Feb 21 07:24:27 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/ssl/s23_clnt.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
*/
#include <stdio.h>
--- 54,59 ----
***************
*** 89,106 ****
if (init)
{
! memcpy((char *)&SSLv23_client_data,
! (char *)sslv23_base_method(),sizeof(SSL_METHOD));
! SSLv23_client_data.ssl_connect=ssl23_connect;
! SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
! init=0;
}
return(&SSLv23_client_data);
}
int ssl23_connect(SSL *s)
{
! BUF_MEM *buf;
unsigned long Time=time(NULL);
void (*cb)()=NULL;
int ret= -1;
--- 87,111 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv23_client_data,
! (char *)sslv23_base_method(),sizeof(SSL_METHOD));
! SSLv23_client_data.ssl_connect=ssl23_connect;
! SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_client_data);
}
int ssl23_connect(SSL *s)
{
! BUF_MEM *buf=NULL;
unsigned long Time=time(NULL);
void (*cb)()=NULL;
int ret= -1;
***************
*** 154,159 ****
--- 159,165 ----
goto end;
}
s->init_buf=buf;
+ buf=NULL;
}
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
***************
*** 202,207 ****
--- 208,215 ----
}
end:
s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_lib.c ../RELENG_4_7/crypto/openssl/ssl/s23_lib.c
*** crypto/openssl/ssl/s23_lib.c Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s23_lib.c Fri Feb 21 07:24:27 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/ssl/s23_lib.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
*/
#include <stdio.h>
--- 54,59 ----
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_meth.c ../RELENG_4_7/crypto/openssl/ssl/s23_meth.c
*** crypto/openssl/ssl/s23_meth.c Wed Jul 4 18:19:44 2001
--- ../RELENG_4_7/crypto/openssl/ssl/s23_meth.c Fri Feb 21 07:24:27 2003
***************
*** 80,91 ****
if (init)
{
! memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
! sizeof(SSL_METHOD));
! SSLv23_data.ssl_connect=ssl23_connect;
! SSLv23_data.ssl_accept=ssl23_accept;
! SSLv23_data.get_ssl_method=ssl23_get_method;
! init=0;
}
return(&SSLv23_data);
}
--- 80,98 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
! sizeof(SSL_METHOD));
! SSLv23_data.ssl_connect=ssl23_connect;
! SSLv23_data.ssl_accept=ssl23_accept;
! SSLv23_data.get_ssl_method=ssl23_get_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_data);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_srvr.c ../RELENG_4_7/crypto/openssl/ssl/s23_srvr.c
*** crypto/openssl/ssl/s23_srvr.c Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s23_srvr.c Fri Feb 21 07:24:27 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/ssl/s23_srvr.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
--- 54,59 ----
***************
*** 141,151 ****
if (init)
{
! memcpy((char *)&SSLv23_server_data,
! (char *)sslv23_base_method(),sizeof(SSL_METHOD));
! SSLv23_server_data.ssl_accept=ssl23_accept;
! SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
! init=0;
}
return(&SSLv23_server_data);
}
--- 139,156 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv23_server_data,
! (char *)sslv23_base_method(),sizeof(SSL_METHOD));
! SSLv23_server_data.ssl_accept=ssl23_accept;
! SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_server_data);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_4_7/crypto/openssl/ssl/s2_clnt.c
*** crypto/openssl/ssl/s2_clnt.c Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s2_clnt.c Fri Feb 21 07:24:27 2003
***************
*** 146,156 ****
if (init)
{
! memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
! sizeof(SSL_METHOD));
! SSLv2_client_data.ssl_connect=ssl2_connect;
! SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
! init=0;
}
return(&SSLv2_client_data);
}
--- 145,162 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
! sizeof(SSL_METHOD));
! SSLv2_client_data.ssl_connect=ssl2_connect;
! SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_client_data);
}
***************
*** 202,211 ****
--- 208,220 ----
if (!BUF_MEM_grow(buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
+ if (buf == s->init_buf)
+ buf=NULL;
ret= -1;
goto end;
}
s->init_buf=buf;
+ buf=NULL;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
s->ctx->stats.sess_connect++;
***************
*** 332,337 ****
--- 341,348 ----
}
end:
s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
***************
*** 746,753 ****
if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
{
i=ssl2_read(s,(char *)&(buf[s->init_num]),
! SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
! if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
s->init_num += i;
--- 757,764 ----
if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
{
i=ssl2_read(s,(char *)&(buf[s->init_num]),
! SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
! if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
s->init_num += i;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_enc.c ../RELENG_4_7/crypto/openssl/ssl/s2_enc.c
*** crypto/openssl/ssl/s2_enc.c Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s2_enc.c Fri Feb 21 07:24:27 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/ssl/s2_enc.c,v 1.2.2.5 2002/08/11 14:13:59 nectar Exp $
*/
#include "ssl_locl.h"
--- 54,59 ----
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_lib.c ../RELENG_4_7/crypto/openssl/ssl/s2_lib.c
*** crypto/openssl/ssl/s2_lib.c Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s2_lib.c Fri Feb 21 07:24:27 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/ssl/s2_lib.c,v 1.2.2.5 2002/08/11 14:13:59 nectar Exp $
*/
#include "ssl_locl.h"
--- 54,59 ----
***************
*** 309,315 ****
s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
! memset(s2,0,sizeof *s2);
OPENSSL_free(s2);
s->s2=NULL;
}
--- 307,313 ----
s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
! OPENSSL_cleanse(s2,sizeof *s2);
OPENSSL_free(s2);
s->s2=NULL;
}
***************
*** 378,392 ****
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
! for (i=0; i<SSL2_NUM_CIPHERS; i++)
! sorted[i]= &(ssl2_ciphers[i]);
!
! qsort( (char *)sorted,
! SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
! FP_ICC ssl_cipher_ptr_id_cmp);
!
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- init=0;
}
id=0x02000000L|((unsigned long)p[0]<<16L)|
--- 376,394 ----
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
! if (init)
! {
! for (i=0; i<SSL2_NUM_CIPHERS; i++)
! sorted[i]= &(ssl2_ciphers[i]);
!
! qsort((char *)sorted,
! SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
! FP_ICC ssl_cipher_ptr_id_cmp);
!
! init=0;
! }
!
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
}
id=0x02000000L|((unsigned long)p[0]<<16L)|
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_meth.c ../RELENG_4_7/crypto/openssl/ssl/s2_meth.c
*** crypto/openssl/ssl/s2_meth.c Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s2_meth.c Fri Feb 21 07:24:27 2003
***************
*** 54,61 ****
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD: src/crypto/openssl/ssl/s2_meth.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
*/
#include "ssl_locl.h"
--- 54,59 ----
***************
*** 79,90 ****
if (init)
{
! memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
! sizeof(SSL_METHOD));
! SSLv2_data.ssl_connect=ssl2_connect;
! SSLv2_data.ssl_accept=ssl2_accept;
! SSLv2_data.get_ssl_method=ssl2_get_method;
! init=0;
}
return(&SSLv2_data);
}
--- 77,95 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
! sizeof(SSL_METHOD));
! SSLv2_data.ssl_connect=ssl2_connect;
! SSLv2_data.ssl_accept=ssl2_accept;
! SSLv2_data.get_ssl_method=ssl2_get_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_data);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_srvr.c ../RELENG_4_7/crypto/openssl/ssl/s2_srvr.c
*** crypto/openssl/ssl/s2_srvr.c Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s2_srvr.c Fri Feb 21 07:24:27 2003
***************
*** 146,156 ****
if (init)
{
! memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
! sizeof(SSL_METHOD));
! SSLv2_server_data.ssl_accept=ssl2_accept;
! SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
! init=0;
}
return(&SSLv2_server_data);
}
--- 145,162 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
! sizeof(SSL_METHOD));
! SSLv2_server_data.ssl_accept=ssl2_accept;
! SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_server_data);
}
***************
*** 1002,1008 ****
len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
! SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
goto end;
}
j = (int)len - s->init_num;
--- 1008,1014 ----
len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
! SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
goto end;
}
j = (int)len - s->init_num;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_clnt.c ../RELENG_4_7/crypto/openssl/ssl/s3_clnt.c
*** crypto/openssl/ssl/s3_clnt.c Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s3_clnt.c Fri Feb 21 07:24:27 2003
***************
*** 146,163 ****
if (init)
{
! init=0;
! memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
! sizeof(SSL_METHOD));
! SSLv3_client_data.ssl_connect=ssl3_connect;
! SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
}
return(&SSLv3_client_data);
}
int ssl3_connect(SSL *s)
{
! BUF_MEM *buf;
unsigned long Time=time(NULL),l;
long num1;
void (*cb)()=NULL;
--- 146,170 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
! sizeof(SSL_METHOD));
! SSLv3_client_data.ssl_connect=ssl3_connect;
! SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_client_data);
}
int ssl3_connect(SSL *s)
{
! BUF_MEM *buf=NULL;
unsigned long Time=time(NULL),l;
long num1;
void (*cb)()=NULL;
***************
*** 218,223 ****
--- 225,231 ----
goto end;
}
s->init_buf=buf;
+ buf=NULL;
}
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
***************
*** 496,501 ****
--- 504,511 ----
}
end:
s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
***************
*** 632,654 ****
/* get the session-id */
j= *(p++);
! if(j > sizeof s->session->session_id)
! {
! al=SSL_AD_ILLEGAL_PARAMETER;
! SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
! SSL_R_SSL3_SESSION_ID_TOO_LONG);
! goto f_err;
! }
!
! if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
! /* SSLref returns 16 :-( */
! if (j < SSL2_SSL_SESSION_ID_LENGTH)
! {
! al=SSL_AD_ILLEGAL_PARAMETER;
! SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
! goto f_err;
! }
}
if (j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
--- 642,652 ----
/* get the session-id */
j= *(p++);
! if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
{
! al=SSL_AD_ILLEGAL_PARAMETER;
! SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
! goto f_err;
}
if (j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
***************
*** 656,661 ****
--- 654,660 ----
if(s->sid_ctx_length != s->session->sid_ctx_length
|| memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
{
+ /* actually a client application bug */
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
***************
*** 699,705 ****
goto f_err;
}
! if (s->hit && (s->session->cipher != c))
{
if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
--- 698,709 ----
goto f_err;
}
! /* Depending on the session caching (internal/external), the cipher
! and/or cipher_id values may not be set. Make sure that
! cipher_id is set and use it for comparison. */
! if (s->session->cipher)
! s->session->cipher_id = s->session->cipher->id;
! if (s->hit && (s->session->cipher_id != c->id))
{
if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
***************
*** 1460,1466 ****
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
! memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
}
else
#endif
--- 1464,1470 ----
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
! OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
}
else
#endif
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_4_7/crypto/openssl/ssl/s3_enc.c
*** crypto/openssl/ssl/s3_enc.c Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s3_enc.c Fri Feb 21 07:24:27 2003
***************
*** 174,180 ****
km+=MD5_DIGEST_LENGTH;
}
! memset(smd,0,SHA_DIGEST_LENGTH);
}
int ssl3_change_cipher_state(SSL *s, int which)
--- 174,180 ----
km+=MD5_DIGEST_LENGTH;
}
! OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
}
int ssl3_change_cipher_state(SSL *s, int which)
***************
*** 318,325 ****
EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
! memset(&(exp_key[0]),0,sizeof(exp_key));
! memset(&(exp_iv[0]),0,sizeof(exp_iv));
return(1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
--- 318,325 ----
EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
! OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
! OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
return(1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
***************
*** 390,396 ****
{
if (s->s3->tmp.key_block != NULL)
{
! memset(s->s3->tmp.key_block,0,
s->s3->tmp.key_block_length);
OPENSSL_free(s->s3->tmp.key_block);
s->s3->tmp.key_block=NULL;
--- 390,396 ----
{
if (s->s3->tmp.key_block != NULL)
{
! OPENSSL_cleanse(s->s3->tmp.key_block,
s->s3->tmp.key_block_length);
OPENSSL_free(s->s3->tmp.key_block);
s->s3->tmp.key_block=NULL;
***************
*** 456,461 ****
--- 456,462 ----
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0;
}
+ /* otherwise, rec->length >= bs */
}
EVP_Cipher(ds,rec->data,rec->input,l);
***************
*** 464,470 ****
{
i=rec->data[l-1]+1;
/* SSL 3.0 bounds the number of padding bytes by the block size;
! * padding bytes (except that last) are arbitrary */
if (i > bs)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
--- 465,471 ----
{
i=rec->data[l-1]+1;
/* SSL 3.0 bounds the number of padding bytes by the block size;
! * padding bytes (except the last one) are arbitrary */
if (i > bs)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
***************
*** 473,478 ****
--- 474,480 ----
* (see http://www.openssl.org/~bodo/tls-cbc.txt) */
return -1;
}
+ /* now i <= bs <= rec->length */
rec->length-=i;
}
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_lib.c ../RELENG_4_7/crypto/openssl/ssl/s3_lib.c
*** crypto/openssl/ssl/s3_lib.c Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s3_lib.c Fri Feb 21 07:24:27 2003
***************
*** 732,738 ****
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
! memset(s->s3,0,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
}
--- 732,738 ----
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
! OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
}
***************
*** 1084,1099 ****
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
! for (i=0; i<SSL3_NUM_CIPHERS; i++)
! sorted[i]= &(ssl3_ciphers[i]);
! qsort( (char *)sorted,
! SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
! FP_ICC ssl_cipher_ptr_id_cmp);
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
- init=0;
}
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
--- 1084,1102 ----
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
! if (init)
! {
! for (i=0; i<SSL3_NUM_CIPHERS; i++)
! sorted[i]= &(ssl3_ciphers[i]);
! qsort(sorted,
! SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
! FP_ICC ssl_cipher_ptr_id_cmp);
+ init=0;
+ }
+
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
}
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_meth.c ../RELENG_4_7/crypto/openssl/ssl/s3_meth.c
*** crypto/openssl/ssl/s3_meth.c Mon Jan 10 00:22:00 2000
--- ../RELENG_4_7/crypto/openssl/ssl/s3_meth.c Fri Feb 21 07:24:27 2003
***************
*** 76,87 ****
if (init)
{
! memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
! sizeof(SSL_METHOD));
! SSLv3_data.ssl_connect=ssl3_connect;
! SSLv3_data.ssl_accept=ssl3_accept;
! SSLv3_data.get_ssl_method=ssl3_get_method;
! init=0;
}
return(&SSLv3_data);
}
--- 76,94 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
! sizeof(SSL_METHOD));
! SSLv3_data.ssl_connect=ssl3_connect;
! SSLv3_data.ssl_accept=ssl3_accept;
! SSLv3_data.get_ssl_method=ssl3_get_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_data);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_pkt.c ../RELENG_4_7/crypto/openssl/ssl/s3_pkt.c
*** crypto/openssl/ssl/s3_pkt.c Tue Jul 30 17:06:01 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s3_pkt.c Fri Feb 21 07:24:27 2003
***************
*** 238,243 ****
--- 238,245 ----
unsigned int mac_size;
int clear=0;
size_t extra;
+ int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= &(s->s3->rrec);
sess=s->session;
***************
*** 353,360 ****
/* SSLerr() and ssl3_send_alert() have been called */
goto err;
! /* otherwise enc_err == -1 */
! goto decryption_failed_or_bad_record_mac;
}
#ifdef TLS_DEBUG
--- 355,365 ----
/* SSLerr() and ssl3_send_alert() have been called */
goto err;
! /* Otherwise enc_err == -1, which indicates bad padding
! * (rec->length has not been changed in this case).
! * To minimize information leaked via timing, we will perform
! * the MAC computation anyway. */
! decryption_failed_or_bad_record_mac = 1;
}
#ifdef TLS_DEBUG
***************
*** 380,407 ****
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
! goto decryption_failed_or_bad_record_mac;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
! if (rr->length < mac_size)
{
#if 0 /* OK only for stream ciphers */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
! goto decryption_failed_or_bad_record_mac;
#endif
}
- rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0);
! if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
{
! goto decryption_failed_or_bad_record_mac;
}
}
/* r->length is now just compressed */
if (s->expand != NULL)
{
--- 385,430 ----
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
! decryption_failed_or_bad_record_mac = 1;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
! if (rr->length >= mac_size)
{
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
+ }
+ else
+ {
+ /* record (minus padding) is too short to contain a MAC */
#if 0 /* OK only for stream ciphers */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
! decryption_failed_or_bad_record_mac = 1;
! rr->length = 0;
#endif
}
i=s->method->ssl3_enc->mac(s,md,0);
! if (mac == NULL || memcmp(md, mac, mac_size) != 0)
{
! decryption_failed_or_bad_record_mac = 1;
}
}
+ if (decryption_failed_or_bad_record_mac)
+ {
+ /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+ * failure is directly visible from the ciphertext anyway,
+ * we should not reveal which kind of error occured -- this
+ * might become visible to an attacker (e.g. via a logfile) */
+ al=SSL_AD_BAD_RECORD_MAC;
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ goto f_err;
+ }
+
/* r->length is now just compressed */
if (s->expand != NULL)
{
***************
*** 443,456 ****
return(1);
- decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
--- 466,471 ----
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_srvr.c ../RELENG_4_7/crypto/openssl/ssl/s3_srvr.c
*** crypto/openssl/ssl/s3_srvr.c Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/s3_srvr.c Fri Feb 21 07:24:27 2003
***************
*** 151,161 ****
if (init)
{
! memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
! sizeof(SSL_METHOD));
! SSLv3_server_data.ssl_accept=ssl3_accept;
! SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
! init=0;
}
return(&SSLv3_server_data);
}
--- 151,168 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
! sizeof(SSL_METHOD));
! SSLv3_server_data.ssl_accept=ssl3_accept;
! SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_server_data);
}
***************
*** 1464,1470 ****
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
p,i);
! memset(p,0,i);
}
else
#endif
--- 1471,1477 ----
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
p,i);
! OPENSSL_cleanse(p,i);
}
else
#endif
***************
*** 1527,1533 ****
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,p,i);
! memset(p,0,i);
}
else
#endif
--- 1534,1540 ----
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,p,i);
! OPENSSL_cleanse(p,i);
}
else
#endif
***************
*** 1559,1565 ****
SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B,
-1,
! 512, /* 512? */
&ok);
if (!ok) return((int)n);
--- 1566,1572 ----
SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B,
-1,
! 514, /* 514? */
&ok);
if (!ok) return((int)n);
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_4_7/crypto/openssl/ssl/ssl.h
*** crypto/openssl/ssl/ssl.h Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/ssl.h Fri Feb 21 07:24:27 2003
***************
*** 551,560 ****
#define SSL_SESS_CACHE_SERVER 0x0002
#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
! /* This one, when set, makes the server session-id lookup not look
! * in the cache. If there is an application get_session callback
! * defined, this will still get called. */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
#define SSL_CTX_sess_number(ctx) \
--- 551,561 ----
#define SSL_SESS_CACHE_SERVER 0x0002
#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
! /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
+ #define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
+ #define SSL_SESS_CACHE_NO_INTERNAL \
+ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
#define SSL_CTX_sess_number(ctx) \
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_4_7/crypto/openssl/ssl/ssl_lib.c
*** crypto/openssl/ssl/ssl_lib.c Tue Jul 30 17:06:03 2002
--- ../RELENG_4_7/crypto/openssl/ssl/ssl_lib.c Fri Feb 21 07:24:27 2003
***************
*** 1245,1257 ****
abort(); /* ok */
}
#endif
CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
if (a->sessions != NULL)
! {
! SSL_CTX_flush_sessions(a,0);
! lh_free(a->sessions);
! }
if (a->cert_store != NULL)
X509_STORE_free(a->cert_store);
if (a->cipher_list != NULL)
--- 1245,1268 ----
abort(); /* ok */
}
#endif
+
+ /*
+ * Free internal session cache. However: the remove_cb() may reference
+ * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+ * after the sessions were flushed.
+ * As the ex_data handling routines might also touch the session cache,
+ * the most secure solution seems to be: empty (flush) the cache, then
+ * free ex_data, then finally free the cache.
+ * (See ticket [openssl.org #212].)
+ */
+ if (a->sessions != NULL)
+ SSL_CTX_flush_sessions(a,0);
+
CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
if (a->sessions != NULL)
! lh_free(a->sessions);
!
if (a->cert_store != NULL)
X509_STORE_free(a->cert_store);
if (a->cipher_list != NULL)
***************
*** 1472,1478 ****
i=s->ctx->session_cache_mode;
if ((i & mode) && (!s->hit)
! && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
|| SSL_CTX_add_session(s->ctx,s->session))
&& (s->ctx->new_session_cb != NULL))
{
--- 1483,1489 ----
i=s->ctx->session_cache_mode;
if ((i & mode) && (!s->hit)
! && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
|| SSL_CTX_add_session(s->ctx,s->session))
&& (s->ctx->new_session_cb != NULL))
{
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_sess.c ../RELENG_4_7/crypto/openssl/ssl/ssl_sess.c
*** crypto/openssl/ssl/ssl_sess.c Sun Aug 11 09:13:59 2002
--- ../RELENG_4_7/crypto/openssl/ssl/ssl_sess.c Fri Feb 21 07:24:27 2003
***************
*** 258,266 ****
if (copy)
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
! /* The following should not return 1, otherwise,
! * things are very strange */
! SSL_CTX_add_session(s->ctx,ret);
}
if (ret == NULL)
goto err;
--- 258,269 ----
if (copy)
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
! /* Add the externally cached session to the internal
! * cache as well if and only if we are supposed to. */
! if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
! /* The following should not return 1, otherwise,
! * things are very strange */
! SSL_CTX_add_session(s->ctx,ret);
}
if (ret == NULL)
goto err;
***************
*** 474,486 ****
CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
! memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
! memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
! memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
! memset(ss,0,sizeof(*ss));
OPENSSL_free(ss);
}
--- 477,489 ----
CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
! OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
! OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
! OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
! OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_4_7/crypto/openssl/ssl/ssltest.c
*** crypto/openssl/ssl/ssltest.c Tue Jul 30 17:06:03 2002
--- ../RELENG_4_7/crypto/openssl/ssl/ssltest.c Fri Feb 21 07:24:27 2003
***************
*** 224,235 ****
verbose = 0;
debug = 0;
cipher = 0;
!
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
RAND_seed(rnd_seed, sizeof rnd_seed);
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
argc--;
--- 224,236 ----
verbose = 0;
debug = 0;
cipher = 0;
!
! bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
!
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
RAND_seed(rnd_seed, sizeof rnd_seed);
bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
argc--;
***************
*** 247,258 ****
debug=1;
else if (strcmp(*argv,"-reuse") == 0)
reuse=1;
- #ifndef NO_DH
else if (strcmp(*argv,"-dhe1024") == 0)
dhe1024=1;
else if (strcmp(*argv,"-dhe1024dsa") == 0)
dhe1024dsa=1;
#endif
else if (strcmp(*argv,"-no_dhe") == 0)
no_dhe=1;
else if (strcmp(*argv,"-ssl2") == 0)
--- 248,269 ----
debug=1;
else if (strcmp(*argv,"-reuse") == 0)
reuse=1;
else if (strcmp(*argv,"-dhe1024") == 0)
+ {
+ #ifndef NO_DH
dhe1024=1;
+ #else
+ fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+ #endif
+ }
else if (strcmp(*argv,"-dhe1024dsa") == 0)
+ {
+ #ifndef NO_DH
dhe1024dsa=1;
+ #else
+ fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
#endif
+ }
else if (strcmp(*argv,"-no_dhe") == 0)
no_dhe=1;
else if (strcmp(*argv,"-ssl2") == 0)
***************
*** 355,361 ****
"the test anyway (and\n-d to see what happens), "
"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
"to avoid protocol mismatch.\n");
! exit(1);
}
if (print_time)
--- 366,372 ----
"the test anyway (and\n-d to see what happens), "
"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
"to avoid protocol mismatch.\n");
! EXIT(1);
}
if (print_time)
***************
*** 620,625 ****
--- 631,638 ----
int i, r;
clock_t c_clock = clock();
+ memset(cbuf, 0, sizeof(cbuf));
+
if (debug)
if (SSL_in_init(c_ssl))
printf("client waiting in SSL_connect - %s\n",
***************
*** 704,709 ****
--- 717,724 ----
int i, r;
clock_t s_clock = clock();
+ memset(sbuf, 0, sizeof(sbuf));
+
if (debug)
if (SSL_in_init(s_ssl))
printf("server waiting in SSL_accept - %s\n",
***************
*** 946,951 ****
--- 961,969 ----
int done=0;
int c_write,s_write;
int do_server=0,do_client=0;
+
+ memset(cbuf,0,sizeof(cbuf));
+ memset(sbuf,0,sizeof(sbuf));
c_to_s=BIO_new(BIO_s_mem());
s_to_c=BIO_new(BIO_s_mem());
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_clnt.c ../RELENG_4_7/crypto/openssl/ssl/t1_clnt.c
*** crypto/openssl/ssl/t1_clnt.c Mon Jan 10 00:22:00 2000
--- ../RELENG_4_7/crypto/openssl/ssl/t1_clnt.c Fri Feb 21 07:24:27 2003
***************
*** 79,89 ****
if (init)
{
! memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
! sizeof(SSL_METHOD));
! TLSv1_client_data.ssl_connect=ssl3_connect;
! TLSv1_client_data.get_ssl_method=tls1_get_client_method;
! init=0;
}
return(&TLSv1_client_data);
}
--- 79,96 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
! sizeof(SSL_METHOD));
! TLSv1_client_data.ssl_connect=ssl3_connect;
! TLSv1_client_data.get_ssl_method=tls1_get_client_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&TLSv1_client_data);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_enc.c ../RELENG_4_7/crypto/openssl/ssl/t1_enc.c
*** crypto/openssl/ssl/t1_enc.c Tue Jul 30 17:06:03 2002
--- ../RELENG_4_7/crypto/openssl/ssl/t1_enc.c Fri Feb 21 07:24:27 2003
***************
*** 158,164 ****
}
HMAC_cleanup(&ctx);
HMAC_cleanup(&ctx_tmp);
! memset(A1,0,sizeof(A1));
}
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
--- 158,164 ----
}
HMAC_cleanup(&ctx);
HMAC_cleanup(&ctx_tmp);
! OPENSSL_cleanse(A1,sizeof(A1));
}
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
***************
*** 372,381 ****
printf("\n");
#endif
! memset(tmp1,0,sizeof(tmp1));
! memset(tmp2,0,sizeof(tmp1));
! memset(iv1,0,sizeof(iv1));
! memset(iv2,0,sizeof(iv2));
return(1);
err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
--- 372,381 ----
printf("\n");
#endif
! OPENSSL_cleanse(tmp1,sizeof(tmp1));
! OPENSSL_cleanse(tmp2,sizeof(tmp1));
! OPENSSL_cleanse(iv1,sizeof(iv1));
! OPENSSL_cleanse(iv2,sizeof(iv2));
return(1);
err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
***************
*** 426,432 ****
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif
tls1_generate_key_block(s,p1,p2,num);
! memset(p2,0,num);
OPENSSL_free(p2);
#ifdef TLS_DEBUG
printf("\nkey block\n");
--- 426,432 ----
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif
tls1_generate_key_block(s,p1,p2,num);
! OPENSSL_cleanse(p2,num);
OPENSSL_free(p2);
#ifdef TLS_DEBUG
printf("\nkey block\n");
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_meth.c ../RELENG_4_7/crypto/openssl/ssl/t1_meth.c
*** crypto/openssl/ssl/t1_meth.c Mon Jan 10 00:22:00 2000
--- ../RELENG_4_7/crypto/openssl/ssl/t1_meth.c Fri Feb 21 07:24:27 2003
***************
*** 76,88 ****
if (init)
{
! memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
! sizeof(SSL_METHOD));
! TLSv1_data.ssl_connect=ssl3_connect;
! TLSv1_data.ssl_accept=ssl3_accept;
! TLSv1_data.get_ssl_method=tls1_get_method;
! init=0;
}
return(&TLSv1_data);
}
--- 76,96 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
! sizeof(SSL_METHOD));
! TLSv1_data.ssl_connect=ssl3_connect;
! TLSv1_data.ssl_accept=ssl3_accept;
! TLSv1_data.get_ssl_method=tls1_get_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
+
return(&TLSv1_data);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_srvr.c ../RELENG_4_7/crypto/openssl/ssl/t1_srvr.c
*** crypto/openssl/ssl/t1_srvr.c Mon Jan 10 00:22:00 2000
--- ../RELENG_4_7/crypto/openssl/ssl/t1_srvr.c Fri Feb 21 07:24:27 2003
***************
*** 80,90 ****
if (init)
{
! memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
! sizeof(SSL_METHOD));
! TLSv1_server_data.ssl_accept=ssl3_accept;
! TLSv1_server_data.get_ssl_method=tls1_get_server_method;
! init=0;
}
return(&TLSv1_server_data);
}
--- 80,97 ----
if (init)
{
! CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
!
! if (init)
! {
! memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
! sizeof(SSL_METHOD));
! TLSv1_server_data.ssl_accept=ssl3_accept;
! TLSv1_server_data.get_ssl_method=tls1_get_server_method;
! init=0;
! }
!
! CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&TLSv1_server_data);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_4_7/crypto/openssl/test/Makefile.ssl
*** crypto/openssl/test/Makefile.ssl Tue Jul 30 17:06:05 2002
--- ../RELENG_4_7/crypto/openssl/test/Makefile.ssl Fri Feb 21 07:24:27 2003
***************
*** 85,91 ****
all: exe
! exe: $(EXE)
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
--- 85,91 ----
all: exe
! exe: $(EXE) dummytest
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
***************
*** 93,98 ****
--- 93,102 ----
links:
@@$(TOP)/util/point.sh Makefile.ssl Makefile
+ generate: $(SRC)
+ $(SRC):
+ @$(TOP)/util/point.sh dummytest.c $@
+
errors:
install:
***************
*** 109,115 ****
test_ss test_ca test_ssl
apps:
! @(cd ../apps; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all)
test_des:
./$(DESTEST)
--- 113,119 ----
test_ss test_ca test_ssl
apps:
! @(cd ..; $(MAKE) DIRS=apps all)
test_des:
./$(DESTEST)
***************
*** 233,239 ****
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- 237,243 ----
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
! $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
***************
*** 243,252 ****
rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
$(DLIBSSL):
! (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
$(DLIBCRYPTO):
! (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
--- 247,256 ----
rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
$(DLIBSSL):
! (cd ..; $(MAKE) DIRS=ssl all)
$(DLIBCRYPTO):
! (cd ..; $(MAKE) DIRS=crypto all)
$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
***************
*** 317,325 ****
$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
# DO NOT DELETE THIS LINE -- make depend depends on it.
! bftest.o: ../include/openssl/blowfish.h
bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
--- 321,333 ----
$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+ dummytest: dummytest.o $(DLIBCRYPTO)
+ $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
# DO NOT DELETE THIS LINE -- make depend depends on it.
! bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
! bftest.o: ../include/openssl/opensslconf.h
bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
***************
*** 339,367 ****
bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
bntest.o: ../include/openssl/x509_vfy.h
! casttest.o: ../include/openssl/cast.h
destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
destest.o: ../include/openssl/opensslconf.h
! dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
! dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h
! dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
! dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
! dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
! dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
! dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
! dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
! dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
! dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
! dsatest.o: ../include/openssl/symhacks.h
! exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
! exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
! exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
! exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
! exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
! exptest.o: ../include/openssl/symhacks.h
! hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
--- 347,377 ----
bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
bntest.o: ../include/openssl/x509_vfy.h
! casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
! casttest.o: ../include/openssl/opensslconf.h
destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
destest.o: ../include/openssl/opensslconf.h
! dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
! dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
! dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
! dhtest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
! dhtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
! dhtest.o: ../include/openssl/symhacks.h
! dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
! dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
! dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
! dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
! dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
! dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
! exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
! exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
! exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
! exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
! exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
! exptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
! hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
***************
*** 376,392 ****
hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
! ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
! md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
! md4test.o: ../include/openssl/md4.h
! md5test.o: ../include/openssl/md5.h
! mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
! randtest.o: ../include/openssl/rand.h
rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
! rc5test.o: ../include/openssl/rc5.h
! rmdtest.o: ../include/openssl/ripemd.h
rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
--- 386,411 ----
hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
! ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
! ideatest.o: ../include/openssl/opensslconf.h
! md2test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md2.h
! md2test.o: ../include/openssl/opensslconf.h
! md4test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md4.h
! md4test.o: ../include/openssl/opensslconf.h
! md5test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md5.h
! md5test.o: ../include/openssl/opensslconf.h
! mdc2test.o: ../e_os.h ../include/openssl/des.h ../include/openssl/e_os2.h
mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
! randtest.o: ../e_os.h ../include/openssl/e_os2.h
! randtest.o: ../include/openssl/opensslconf.h ../include/openssl/rand.h
! rc2test.o: ../e_os.h ../include/openssl/e_os2.h
rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+ rc4test.o: ../e_os.h ../include/openssl/e_os2.h
rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
! rc5test.o: ../e_os.h ../include/openssl/e_os2.h
! rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h
! rmdtest.o: ../e_os.h ../include/openssl/e_os2.h
! rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/ripemd.h
rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
***************
*** 394,401 ****
rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
! sha1test.o: ../include/openssl/sha.h
! shatest.o: ../include/openssl/sha.h
ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
--- 413,422 ----
rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
! sha1test.o: ../e_os.h ../include/openssl/e_os2.h
! sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
! shatest.o: ../e_os.h ../include/openssl/e_os2.h
! shatest.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/methtest.c ../RELENG_4_7/crypto/openssl/test/methtest.c
*** crypto/openssl/test/methtest.c Mon Jan 10 00:22:01 2000
--- ../RELENG_4_7/crypto/openssl/test/methtest.c Fri Feb 21 07:24:27 2003
***************
*** 96,105 ****
METH_init(top);
METH_control(tmp1,METH_CONTROL_DUMP,stdout);
METH_control(tmp2,METH_CONTROL_DUMP,stdout);
! exit(0);
err:
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
! exit(1);
return(0);
}
--- 96,105 ----
METH_init(top);
METH_control(tmp1,METH_CONTROL_DUMP,stdout);
METH_control(tmp2,METH_CONTROL_DUMP,stdout);
! EXIT(0);
err:
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
! EXIT(1);
return(0);
}
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testssl ../RELENG_4_7/crypto/openssl/test/testssl
*** crypto/openssl/test/testssl Sun Aug 20 03:47:04 2000
--- ../RELENG_4_7/crypto/openssl/test/testssl Fri Feb 21 07:24:27 2003
***************
*** 112,119 ****
#############################################################################
! echo test tls1 with 1024bit anonymous DH, multiple handshakes
! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
if ../apps/openssl no-rsa; then
echo skipping RSA tests
--- 112,123 ----
#############################################################################
! if ../apps/openssl no-dh; then
! echo skipping anonymous DH tests
! else
! echo test tls1 with 1024bit anonymous DH, multiple handshakes
! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
! fi
if ../apps/openssl no-rsa; then
echo skipping RSA tests
***************
*** 121,128 ****
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
! echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
! ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
fi
exit 0
--- 125,136 ----
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
! if ../apps/openssl no-dh; then
! echo skipping RSA+DHE tests
! else
! echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
! ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
! fi
fi
exit 0
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash ../RELENG_4_7/crypto/openssl/tools/c_rehash
*** crypto/openssl/tools/c_rehash Sun Aug 11 09:14:00 2002
--- ../RELENG_4_7/crypto/openssl/tools/c_rehash Fri Feb 21 07:24:27 2003
***************
*** 1,4 ****
! #!/usr/local/bin/perl
# Perl c_rehash script, scan all files in a directory
--- 1,4 ----
! #!/usr/local/bin/perl5
# Perl c_rehash script, scan all files in a directory
***************
*** 100,106 ****
sub link_hash_cert {
my $fname = $_[0];
! my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
--- 100,107 ----
sub link_hash_cert {
my $fname = $_[0];
! $fname =~ s/'/'\\''/g;
! my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
***************
*** 130,136 ****
sub link_hash_crl {
my $fname = $_[0];
! my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
--- 131,138 ----
sub link_hash_crl {
my $fname = $_[0];
! $fname =~ s/'/'\\''/g;
! my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash.in ../RELENG_4_7/crypto/openssl/tools/c_rehash.in
*** crypto/openssl/tools/c_rehash.in Wed Jul 4 18:19:48 2001
--- ../RELENG_4_7/crypto/openssl/tools/c_rehash.in Fri Feb 21 07:24:27 2003
***************
*** 100,106 ****
sub link_hash_cert {
my $fname = $_[0];
! my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
--- 100,107 ----
sub link_hash_cert {
my $fname = $_[0];
! $fname =~ s/'/'\\''/g;
! my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
***************
*** 130,136 ****
sub link_hash_crl {
my $fname = $_[0];
! my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
--- 131,138 ----
sub link_hash_crl {
my $fname = $_[0];
! $fname =~ s/'/'\\''/g;
! my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_4_7/crypto/openssl/util/libeay.num
*** crypto/openssl/util/libeay.num Tue Jul 30 17:06:09 2002
--- ../RELENG_4_7/crypto/openssl/util/libeay.num Fri Feb 21 07:24:27 2003
***************
*** 301,308 ****
EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
EVP_des_ofb 310 EXIST::FUNCTION:DES
EVP_desx_cbc 311 EXIST::FUNCTION:DES
! EVP_dss 312 EXIST::FUNCTION:SHA,DSA
! EVP_dss1 313 EXIST::FUNCTION:SHA,DSA
EVP_enc_null 314 EXIST::FUNCTION:
EVP_get_cipherbyname 315 EXIST::FUNCTION:
EVP_get_digestbyname 316 EXIST::FUNCTION:
--- 301,308 ----
EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
EVP_des_ofb 310 EXIST::FUNCTION:DES
EVP_desx_cbc 311 EXIST::FUNCTION:DES
! EVP_dss 312 EXIST::FUNCTION:DSA,SHA
! EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
EVP_enc_null 314 EXIST::FUNCTION:
EVP_get_cipherbyname 315 EXIST::FUNCTION:
EVP_get_digestbyname 316 EXIST::FUNCTION:
***************
*** 1212,1218 ****
str_dup 1240 NOEXIST::FUNCTION:
i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION:
i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION:
! BIO_s_log 1243 EXIST:!WIN16,!WIN32,!macintosh:FUNCTION:
BIO_f_reliable 1244 EXIST::FUNCTION:
PKCS7_dataFinal 1245 EXIST::FUNCTION:
PKCS7_dataDecode 1246 EXIST::FUNCTION:
--- 1212,1218 ----
str_dup 1240 NOEXIST::FUNCTION:
i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION:
i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION:
! BIO_s_log 1243 EXIST:!WIN32,!macintosh,!WIN16:FUNCTION:
BIO_f_reliable 1244 EXIST::FUNCTION:
PKCS7_dataFinal 1245 EXIST::FUNCTION:
PKCS7_dataDecode 1246 EXIST::FUNCTION:
***************
*** 1934,1936 ****
--- 1934,1937 ----
BN_pseudo_rand_range 2523 EXIST::FUNCTION:
X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
ERR_load_COMP_strings 2525 EXIST::FUNCTION:
+ OPENSSL_cleanse 3245 EXIST::FUNCTION:
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_4_7/crypto/openssl/util/mk1mf.pl
*** crypto/openssl/util/mk1mf.pl Tue Jul 30 17:06:09 2002
--- ../RELENG_4_7/crypto/openssl/util/mk1mf.pl Fri Feb 21 07:24:27 2003
***************
*** 206,212 ****
$cflags.=" -DNO_MD5" if $no_md5;
$cflags.=" -DNO_SHA" if $no_sha;
$cflags.=" -DNO_SHA1" if $no_sha1;
! $cflags.=" -DNO_RIPEMD" if $no_rmd160;
$cflags.=" -DNO_MDC2" if $no_mdc2;
$cflags.=" -DNO_BF" if $no_bf;
$cflags.=" -DNO_CAST" if $no_cast;
--- 206,212 ----
$cflags.=" -DNO_MD5" if $no_md5;
$cflags.=" -DNO_SHA" if $no_sha;
$cflags.=" -DNO_SHA1" if $no_sha1;
! $cflags.=" -DNO_RIPEMD" if $no_ripemd;
$cflags.=" -DNO_MDC2" if $no_mdc2;
$cflags.=" -DNO_BF" if $no_bf;
$cflags.=" -DNO_CAST" if $no_cast;
***************
*** 674,680 ****
@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
! @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
--- 674,680 ----
@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
! @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
***************
*** 883,889 ****
elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
$no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
! $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
elsif (/^rsaref$/) { $rsaref=1; }
elsif (/^gcc$/) { $gcc=1; }
--- 883,889 ----
elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
$no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
! $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; }
elsif (/^rsaref$/) { $rsaref=1; }
elsif (/^gcc$/) { $gcc=1; }
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkcerts.sh ../RELENG_4_7/crypto/openssl/util/mkcerts.sh
*** crypto/openssl/util/mkcerts.sh Mon Jan 10 00:22:05 2000
--- ../RELENG_4_7/crypto/openssl/util/mkcerts.sh Fri Feb 21 07:24:27 2003
***************
*** 1,4 ****
! #!bin/sh
# This script will re-make all the required certs.
# cd apps
--- 1,4 ----
! #!/bin/sh
# This script will re-make all the required certs.
# cd apps
***************
*** 12,19 ****
#
CAbits=1024
! SSLEAY="../apps/ssleay"
! CONF="-config ../apps/ssleay.cnf"
# create pca request.
echo creating $CAbits bit PCA cert request
--- 12,19 ----
#
CAbits=1024
! SSLEAY="../apps/openssl"
! CONF="-config ../apps/openssl.cnf"
# create pca request.
echo creating $CAbits bit PCA cert request
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pl/BC-32.pl ../RELENG_4_7/crypto/openssl/util/pl/BC-32.pl
*** crypto/openssl/util/pl/BC-32.pl Tue Jul 30 17:06:10 2002
--- ../RELENG_4_7/crypto/openssl/util/pl/BC-32.pl Fri Feb 21 07:24:27 2003
***************
*** 52,60 ****
$shlib_ex_obj="";
$app_ex_obj="c0x32.obj";
! $asm='n_o_T_a_s_m';
$asm.=" /Zi" if $debug;
! $afile='/Fo';
$bn_mulw_obj='';
$bn_mulw_src='';
--- 52,60 ----
$shlib_ex_obj="";
$app_ex_obj="c0x32.obj";
! $asm='nasmw -f obj';
$asm.=" /Zi" if $debug;
! $afile='-o';
$bn_mulw_obj='';
$bn_mulw_src='';
diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2mantest ../RELENG_4_7/crypto/openssl/util/pod2mantest
*** crypto/openssl/util/pod2mantest Tue Jul 30 17:06:09 2002
--- ../RELENG_4_7/crypto/openssl/util/pod2mantest Fri Feb 21 07:24:27 2003
***************
*** 11,17 ****
IFS=:
! try_without_dir=false
# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
for dir in dummy:$PATH; do
if [ "$try_without_dir" = true ]; then
--- 11,18 ----
IFS=:
!
! try_without_dir=true
# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
for dir in dummy:$PATH; do
if [ "$try_without_dir" = true ]; then
***************
*** 29,37 ****
if [ ! "$pod2man" = '' ]; then
failure=none
! if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
! failure=MultilineTest
fi
--- 30,45 ----
if [ ! "$pod2man" = '' ]; then
failure=none
+ if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
+ :
+ else
+ failure=BasicTest
+ fi
! if [ "$failure" = none ]; then
! if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
! failure=MultilineTest
! fi
fi
***************
*** 45,53 ****
done
echo "No working pod2man found. Consider installing a new version." >&2
! if [ "$1" = ignore ]; then
! echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
! echo "../../util/pod2man.pl"
! exit 0
! fi
! exit 1
--- 53,57 ----
done
echo "No working pod2man found. Consider installing a new version." >&2
! echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
! echo "$1 ../../util/pod2man.pl"
*** secure/lib/libcrypto/Makefile Tue Jul 30 17:06:11 2002
--- ../RELENG_4_7/secure/lib/libcrypto/Makefile Fri Feb 21 07:25:04 2003
***************
*** 35,42 ****
MAINTAINER= kris
# base sources
! SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \
! tmdiff.c uid.c
# asn1
--- 35,42 ----
MAINTAINER= kris
# base sources
! SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
! mem_dbg.c tmdiff.c uid.c
# asn1
Reference in a new issue View git blame Copy permalink