Import of OpenSSL 0.9.6f.

svn path=/vendor-crypto/openssl/dist/; revision=101613

crypto/openssl/CHANGES

@@ -2,6 +2,19 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+	Alon Kantor <alonk@checkpoint.com> (and others),
+	Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+
  Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
 
   *) Fix cipher selection routines: ciphers without encryption had no flags

crypto/openssl/Configure

@@ -344,8 +344,8 @@ my %table=(
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

crypto/openssl/FAQ

@@ -61,7 +61,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6e was released on 30 May, 2002.
+OpenSSL 0.9.6f was released on 8 August 2002.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:

crypto/openssl/FREEBSD-Xlist

@@ -1,25 +1,29 @@
-$FreeBSD$
+INSTALL.MacOS
-*INSTALL.VMS
+INSTALL.VMS
-*INSTALL.W32
+INSTALL.W32
-*VMS/
+MacOS/
-*.bat
+VMS/
 *.com
 */*.bat
 */*.com
-*apps/openssl-vms.cnf
+*/*/*.bat
-*crypto/bf/asm/b-win32.asm
+*/*/*.com
-*crypto/bn/asm/bn-win32.asm
+apps/openssl-vms.cnf
-*crypto/bn/asm/vms.mar
+crypto/bn/asm/pa-risc2.s.old
-*crypto/bn/asm/x86w16.asm
+crypto/bn/asm/vms.mar
-*crypto/bn/asm/x86w32.asm
+crypto/bn/vms-helper.c
-*crypto/bn/vms-helper.c
+crypto/dso/dso_vms.c
-*crypto/cast/asm/c-win32.asm
+crypto/dso/dso_win32.c
-*crypto/des/asm/d-win32.asm
+crypto/threads/solaris.sh
-*crypto/des/asm/y-win32.asm
+ms/
-*crypto/des/des-lib.com
+rsaref/
-*crypto/md5/asm/m5-win32.asm
+shlib/Makefile.hpux10-cc
-*crypto/rc4/asm/r4-win32.asm
+shlib/hpux10-cc.sh
-*crypto/rc5/asm/r5-win32.asm
+shlib/irix.sh
-*crypto/ripemd/asm/rm-win32.asm
+shlib/solaris-sc4.sh
-*crypto/sha/asm/s1-win32.asm
+shlib/solaris.sh
-*ms/
+shlib/sun.sh
+shlib/svr5-shared-gcc.sh
+shlib/svr5-shared-installed
+shlib/svr5-shared.sh
+util/cygwin.sh

crypto/openssl/Makefile.org

@@ -247,7 +247,8 @@ link-shared:
 		for i in $(SHLIBDIRS); do \
 			prev=lib$$i$(SHLIB_EXT); \
 			for j in $${tmp:-x}; do \
-				( set -x; ln -f -s $$prev lib$$i$$j ); \
+				( set -x; \
+				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		done; \
@@ -676,7 +677,7 @@ install: all install_docs
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			make -f $$here/Makefile link-shared ); \
+			$(MAKE) -f $$here/Makefile link-shared ); \
 	fi
 
 install_docs:
@@ -685,22 +686,23 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@for i in doc/apps/*.pod; do \
+	@pod2man=`cd ../../util; ./pod2mantest ignore`; \
+	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+		sh -c "$(PERL) $$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done
+	done; \
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+		sh -c "$(PERL) $$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \

crypto/openssl/Makefile.ssl

@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=0.9.6e
+VERSION=0.9.6f
 MAJOR=0
 MINOR=9.6
 SHLIB_VERSION_NUMBER=0.9.6
@@ -64,7 +64,7 @@ EX_LIBS=
 EXE_EXT= 
 AR=ar r
 RANLIB= /usr/bin/ranlib
-PERL= /usr/local/bin/perl5
+PERL= /usr/local/bin/perl
 TAR= tar
 TARFLAGS= --no-recursion
 
@@ -249,7 +249,8 @@ link-shared:
 		for i in $(SHLIBDIRS); do \
 			prev=lib$$i$(SHLIB_EXT); \
 			for j in $${tmp:-x}; do \
-				( set -x; ln -f -s $$prev lib$$i$$j ); \
+				( set -x; \
+				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		done; \
@@ -678,7 +679,7 @@ install: all install_docs
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			make -f $$here/Makefile link-shared ); \
+			$(MAKE) -f $$here/Makefile link-shared ); \
 	fi
 
 install_docs:
@@ -687,22 +688,23 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@for i in doc/apps/*.pod; do \
+	@pod2man=`cd ../../util; ./pod2mantest ignore`; \
+	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+		sh -c "$(PERL) $$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done
+	done; \
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+		sh -c "$(PERL) $$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \

crypto/openssl/NEWS

@@ -5,6 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+
+      o Various important bugfixes.
+
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+
+      o Important security related bugfixes.
+      o Various SSL/TLS library bugfixes.
+
   Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
 
       o Various SSL/TLS library bugfixes.

crypto/openssl/PROBLEMS

@@ -32,3 +32,11 @@ may differ on your machine.
 As long as Apple doesn't fix the problem with ld, this problem building
 OpenSSL will remain as is.
 
+
+* Parallell make leads to errors
+
+While running tests, running a parallell make is a bad idea.  Many test
+scripts use the same name for output and input files, which means different
+will interfere with each other and lead to test failure.
+
+The solution is simple for now: don't run parallell make when testing.

crypto/openssl/README

@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.6e 30 July 2002
+ OpenSSL 0.9.6f 8 August 2002
 
  Copyright (c) 1998-2002 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

crypto/openssl/apps/CA.pl

@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl5
+#!/usr/local/bin/perl
 #
 # CA - wrapper around ca to make it easier to use ... basically ca requires
 #      some setup stuff to be done before you can use it and this makes

crypto/openssl/apps/der_chop

@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl5
+#!/usr/local/bin/perl
 #
 # der_chop ... this is one total hack that Eric is really not proud of
 #              so don't look at it and don't ask for support

crypto/openssl/config

@@ -392,6 +392,7 @@ if [ "$GCCVER" != "" ]; then
 else
   CC=cc
 fi
+GCCVER=${GCCVER:-0}
 if [ "$SYSTEM" = "HP-UX" ];then
   # By default gcc is a ILP32 compiler (with long long == 64).
   GCC_BITS="32"

crypto/openssl/crypto/asn1/asn1_lib.c

@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
@@ -141,7 +142,7 @@ err:
 static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	{
 	unsigned char *p= *pp;
-	long ret=0;
+	unsigned long ret=0;
 	int i;
 
 	if (max-- < 1) return(0);
@@ -170,10 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		else
 			ret=i;
 		}
-	if (ret < 0)
+	if (ret > LONG_MAX)
 		return 0;
 	*pp=p;
-	*rl=ret;
+	*rl=(long)ret;
 	return(1);
 	}
 

crypto/openssl/crypto/bio/b_print.c

@@ -109,7 +109,7 @@
  * o ...                                       (for OpenSSL)
  */
 
-#if HAVE_LONG_DOUBLE
+#ifdef HAVE_LONG_DOUBLE
 #define LDOUBLE long double
 #else
 #define LDOUBLE double

crypto/openssl/crypto/cryptlib.c

@@ -491,11 +491,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
 #endif
 
 #endif
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
-    {
-    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-	    file,line,assertion);
-    abort();
-    }
-

crypto/openssl/crypto/cryptlib.h

@@ -93,10 +93,6 @@ extern "C" {
 #define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
 #define HEX_SIZE(type)         ((sizeof(type)*2)
 
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
-
 #ifdef  __cplusplus
 }
 #endif

crypto/openssl/crypto/mem.c

@@ -226,6 +226,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
 	{
 	void *ret = NULL;
 
+	if (str == NULL)
+		return CRYPTO_malloc(num, file, line);
+
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);
 	ret = realloc_func(str,num);

crypto/openssl/crypto/opensslv.h

@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x0090605fL
+#define OPENSSL_VERSION_NUMBER	0x0090606fL
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6e 30 Jul 2002"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6f 8 Aug 2002"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 

crypto/openssl/openssl.spec

@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 6
-%define librev d
+%define librev f
 Release: 1
 
 %define openssldir /var/ssl