From 9e6c5d1742cb27b1af95f09cda6cf8b330590e03 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Sat, 10 Aug 2002 01:40:00 +0000 Subject: [PATCH] Import of OpenSSL 0.9.6f. --- crypto/openssl/CHANGES | 13 ++++++++ crypto/openssl/Configure | 4 +-- crypto/openssl/FAQ | 2 +- crypto/openssl/FREEBSD-Xlist | 48 +++++++++++++++------------ crypto/openssl/Makefile.org | 14 ++++---- crypto/openssl/Makefile.ssl | 18 +++++----- crypto/openssl/NEWS | 9 +++++ crypto/openssl/PROBLEMS | 8 +++++ crypto/openssl/README | 2 +- crypto/openssl/apps/CA.pl | 2 +- crypto/openssl/apps/der_chop | 2 +- crypto/openssl/config | 1 + crypto/openssl/crypto/asn1/asn1_lib.c | 7 ++-- crypto/openssl/crypto/bio/b_print.c | 2 +- crypto/openssl/crypto/cryptlib.c | 8 ----- crypto/openssl/crypto/cryptlib.h | 4 --- crypto/openssl/crypto/mem.c | 3 ++ crypto/openssl/crypto/opensslv.h | 4 +-- crypto/openssl/openssl.spec | 2 +- 19 files changed, 92 insertions(+), 61 deletions(-) diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index be4d128b834a..dc066c01315f 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,19 @@ OpenSSL CHANGES _______________ + Changes between 0.9.6e and 0.9.6f [8 Aug 2002] + + *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX + and get fix the header length calculation. + [Florian Weimer , + Alon Kantor (and others), + Steve Henson] + + *) Use proper error handling instead of 'assertions' in buffer + overflow checks added in 0.9.6e. This prevents DoS (the + assertions could call abort()). + [Arne Ansper , Bodo Moeller] + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] *) Fix cipher selection routines: ciphers without encryption had no flags diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 871fb637d665..15cfbaa0331b 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -344,8 +344,8 @@ my %table=( "linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", -"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", -"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)", +"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ index ad75299f8820..b49423960b5d 100644 --- a/crypto/openssl/FAQ +++ b/crypto/openssl/FAQ @@ -61,7 +61,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.6e was released on 30 May, 2002. +OpenSSL 0.9.6f was released on 8 August 2002. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ - done + done; \ @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ + sh -c "$(PERL) $$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl index 4c1954d48d15..f6edb188f791 100644 --- a/crypto/openssl/Makefile.ssl +++ b/crypto/openssl/Makefile.ssl @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.6e +VERSION=0.9.6f MAJOR=0 MINOR=9.6 SHLIB_VERSION_NUMBER=0.9.6 @@ -64,7 +64,7 @@ EX_LIBS= EXE_EXT= AR=ar r RANLIB= /usr/bin/ranlib -PERL= /usr/local/bin/perl5 +PERL= /usr/local/bin/perl TAR= tar TARFLAGS= --no-recursion @@ -249,7 +249,8 @@ link-shared: for i in $(SHLIBDIRS); do \ prev=lib$$i$(SHLIB_EXT); \ for j in $${tmp:-x}; do \ - ( set -x; ln -f -s $$prev lib$$i$$j ); \ + ( set -x; \ + rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ prev=lib$$i$$j; \ done; \ done; \ @@ -678,7 +679,7 @@ install: all install_docs done; \ ( here="`pwd`"; \ cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - make -f $$here/Makefile link-shared ); \ + $(MAKE) -f $$here/Makefile link-shared ); \ fi install_docs: @@ -687,22 +688,23 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @for i in doc/apps/*.pod; do \ + @pod2man=`cd ../../util; ./pod2mantest ignore`; \ + for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ + sh -c "$(PERL) $$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ - done + done; \ @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ + sh -c "$(PERL) $$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 0af2ded253c0..e597dcd213a8 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: + + o Various important bugfixes. + + Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: + + o Important security related bugfixes. + o Various SSL/TLS library bugfixes. + Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: o Various SSL/TLS library bugfixes. diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS index f072449feca8..7e6af8ad4d87 100644 --- a/crypto/openssl/PROBLEMS +++ b/crypto/openssl/PROBLEMS @@ -32,3 +32,11 @@ may differ on your machine. As long as Apple doesn't fix the problem with ld, this problem building OpenSSL will remain as is. + +* Parallell make leads to errors + +While running tests, running a parallell make is a bad idea. Many test +scripts use the same name for output and input files, which means different +will interfere with each other and lead to test failure. + +The solution is simple for now: don't run parallell make when testing. diff --git a/crypto/openssl/README b/crypto/openssl/README index 48d492ebf234..df4267cf0c89 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.6e 30 July 2002 + OpenSSL 0.9.6f 8 August 2002 Copyright (c) 1998-2002 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl index 2f7655288728..f1ac7e772690 100755 --- a/crypto/openssl/apps/CA.pl +++ b/crypto/openssl/apps/CA.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl5 +#!/usr/local/bin/perl # # CA - wrapper around ca to make it easier to use ... basically ca requires # some setup stuff to be done before you can use it and this makes diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop index fbd2889842e2..9070b032fc38 100644 --- a/crypto/openssl/apps/der_chop +++ b/crypto/openssl/apps/der_chop @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl5 +#!/usr/local/bin/perl # # der_chop ... this is one total hack that Eric is really not proud of # so don't look at it and don't ask for support diff --git a/crypto/openssl/config b/crypto/openssl/config index 4f7b41877fec..5f4ed18f0eca 100755 --- a/crypto/openssl/config +++ b/crypto/openssl/config @@ -392,6 +392,7 @@ if [ "$GCCVER" != "" ]; then else CC=cc fi +GCCVER=${GCCVER:-0} if [ "$SYSTEM" = "HP-UX" ];then # By default gcc is a ILP32 compiler (with long long == 64). GCC_BITS="32" diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c index a3681c0e23c7..e4a56a926af7 100644 --- a/crypto/openssl/crypto/asn1/asn1_lib.c +++ b/crypto/openssl/crypto/asn1/asn1_lib.c @@ -57,6 +57,7 @@ */ #include +#include #include "cryptlib.h" #include #include @@ -141,7 +142,7 @@ err: static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) { unsigned char *p= *pp; - long ret=0; + unsigned long ret=0; int i; if (max-- < 1) return(0); @@ -170,10 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) else ret=i; } - if (ret < 0) + if (ret > LONG_MAX) return 0; *pp=p; - *rl=ret; + *rl=(long)ret; return(1); } diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c index 90011db54496..fa4e350a7f93 100644 --- a/crypto/openssl/crypto/bio/b_print.c +++ b/crypto/openssl/crypto/bio/b_print.c @@ -109,7 +109,7 @@ * o ... (for OpenSSL) */ -#if HAVE_LONG_DOUBLE +#ifdef HAVE_LONG_DOUBLE #define LDOUBLE long double #else #define LDOUBLE double diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index 832c6c012d83..8fd2d4d26b82 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -491,11 +491,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif - -void OpenSSLDie(const char *file,int line,const char *assertion) - { - fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", - file,line,assertion); - abort(); - } - diff --git a/crypto/openssl/crypto/cryptlib.h b/crypto/openssl/crypto/cryptlib.h index 576cbd6e3596..075b79db0580 100644 --- a/crypto/openssl/crypto/cryptlib.h +++ b/crypto/openssl/crypto/cryptlib.h @@ -93,10 +93,6 @@ extern "C" { #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) #define HEX_SIZE(type) ((sizeof(type)*2) -/* die if we have to */ -void OpenSSLDie(const char *file,int line,const char *assertion); -#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) - #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c index 3b5b2bbc6814..9df2a367e7e2 100644 --- a/crypto/openssl/crypto/mem.c +++ b/crypto/openssl/crypto/mem.c @@ -226,6 +226,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) { void *ret = NULL; + if (str == NULL) + return CRYPTO_malloc(num, file, line); + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_func(str,num); diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index 7ee8f76dc90e..f1465ece09b9 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090605fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6e 30 Jul 2002" +#define OPENSSL_VERSION_NUMBER 0x0090606fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6f 8 Aug 2002" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec index 7eb93ecaf8ac..dd22218984cb 100644 --- a/crypto/openssl/openssl.spec +++ b/crypto/openssl/openssl.spec @@ -1,7 +1,7 @@ %define libmaj 0 %define libmin 9 %define librel 6 -%define librev d +%define librev f Release: 1 %define openssldir /var/ssl