Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/openssl sync with 0.9.6e.
details: https://anonhg.NetBSD.org/src/rev/cf9406eab896
branches: trunk
changeset: 534627:cf9406eab896
user: itojun <itojun%NetBSD.org@localhost>
date: Wed Jul 31 01:29:37 2002 +0000
description:
sync with 0.9.6e.
diffstat:
crypto/dist/openssl/CHANGES | 37 ++++++++++++--
crypto/dist/openssl/FAQ | 57 +++++++++++++++++++++-
crypto/dist/openssl/crypto/des/des.h | 2 +-
crypto/dist/openssl/crypto/ebcdic.c | 2 +-
crypto/dist/openssl/crypto/evp/c_alld.c | 4 +
crypto/dist/openssl/crypto/evp/evp.h | 2 +-
crypto/dist/openssl/crypto/objects/obj_dat.c | 2 +-
crypto/dist/openssl/doc/apps/smime.pod | 1 -
crypto/dist/openssl/doc/crypto/BN_rand.pod | 2 +-
crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod | 2 +-
crypto/dist/openssl/doc/crypto/EVP_SignInit.pod | 2 +-
crypto/dist/openssl/doc/crypto/EVP_VerifyInit.pod | 2 +-
crypto/dist/openssl/doc/crypto/err.pod | 2 +-
crypto/dist/openssl/doc/crypto/rsa.pod | 2 +-
crypto/dist/openssl/doc/ssl/SSL_get_error.pod | 2 +-
crypto/dist/openssl/doc/ssl/ssl.pod | 1 +
crypto/dist/openssl/e_os.h | 9 ++-
crypto/dist/openssl/shlib/Makefile.hpux10-cc | 2 +-
crypto/dist/openssl/shlib/hpux10-cc.sh | 6 +-
crypto/dist/openssl/ssl/s2_lib.c | 4 +-
crypto/dist/openssl/ssl/s3_lib.c | 8 +-
crypto/dist/openssl/ssl/ssl.h | 20 ++++++-
crypto/dist/openssl/ssl/ssl_locl.h | 15 +++--
crypto/dist/openssl/util/pod2man.pl | 4 +-
24 files changed, 142 insertions(+), 48 deletions(-)
diffs (truncated from 529 to 300 lines):
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/CHANGES
--- a/crypto/dist/openssl/CHANGES Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/CHANGES Wed Jul 31 01:29:37 2002 +0000
@@ -2,17 +2,40 @@
OpenSSL CHANGES
_______________
- Changes in security patch
-
-Changes marked "(CHATS)" were sponsored by the Defense Advanced
-Research Projects Agency (DARPA) and Air Force Research Laboratory,
-Air Force Materiel Command, USAF, under agreement number
-F30602-01-2-0537.
+ Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
+
+ *) Fix cipher selection routines: ciphers without encryption had no flags
+ for the cipher strength set and where therefore not handled correctly
+ by the selection routines (PR #130).
+ [Lutz Jaenicke]
+
+ *) Fix EVP_dsa_sha macro.
+ [Nils Larsch]
+
+ *) New option
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+ that was added in OpenSSL 0.9.6d.
+
+ As the countermeasure turned out to be incompatible with some
+ broken SSL implementations, the new option is part of SSL_OP_ALL.
+ SSL_OP_ALL is usually employed when compatibility with weird SSL
+ implementations is desired (e.g. '-bugs' option to 's_client' and
+ 's_server'), so the new option is automatically set in many
+ applications.
+ [Bodo Moeller]
+
+ *) Changes in security patch:
+
+ Changes marked "(CHATS)" were sponsored by the Defense Advanced
+ Research Projects Agency (DARPA) and Air Force Research Laboratory,
+ Air Force Materiel Command, USAF, under agreement number
+ F30602-01-2-0537.
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
- supplied buffer. (CAN-2002-0659)
+ supplied buffer.
[Steve Henson, Adi Stav <stav%mercury.co.il@localhost>, James Yonan <jim%ntlp.com@localhost>]
*) Assertions for various potential buffer overflows, not known to
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/FAQ
--- a/crypto/dist/openssl/FAQ Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/FAQ Wed Jul 31 01:29:37 2002 +0000
@@ -38,6 +38,8 @@
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
+* What is special about OpenSSL on Redhat?
+* Why does the OpenSSL test suite fail on MacOS X?
[PROG] Questions about programming with OpenSSL
@@ -59,7 +61,7 @@
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6d was released on 9 May, 2002.
+OpenSSL 0.9.6e was released on 30 May, 2002.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -215,8 +217,11 @@
installing the SUNski package from Sun patch 105710-01 (Sparc) which
adds a /dev/random device and make sure it gets used, usually through
$RANDFILE. There are probably similar patches for the other Solaris
-versions. However, be warned that /dev/random is usually a blocking
-device, which may have some effects on OpenSSL.
+versions. An official statement from Sun with respect to /dev/random
+support can be found at
+ http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+However, be warned that /dev/random is usually a blocking device, which
+may have some effects on OpenSSL.
* Why do I get an "unable to write 'random state'" error message?
@@ -451,6 +456,52 @@
and the changes are only valid for the current DOS session.
+* What is special about OpenSSL on Redhat?
+
+Red Hat Linux (release 7.0 and later) include a preinstalled limited
+version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
+is disabled in this version. The same may apply to other Linux distributions.
+Users may therefore wish to install more or all of the features left out.
+
+To do this you MUST ensure that you do not overwrite the openssl that is in
+/usr/bin on your Red Hat machine. Several packages depend on this file,
+including sendmail and ssh. /usr/local/bin is a good alternative choice. The
+libraries that come with Red Hat 7.0 onwards have different names and so are
+not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
+/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
+/lib/libcrypto.so.2 respectively).
+
+Please note that we have been advised by Red Hat attempting to recompile the
+openssl rpm with all the cryptography enabled will not work. All other
+packages depend on the original Red Hat supplied openssl package. It is also
+worth noting that due to the way Red Hat supplies its packages, updates to
+openssl on each distribution never change the package version, only the
+build number. For example, on Red Hat 7.1, the latest openssl package has
+version number 0.9.6 and build number 9 even though it contains all the
+relevant updates in packages up to and including 0.9.6b.
+
+A possible way around this is to persuade Red Hat to produce a non-US
+version of Red Hat Linux.
+
+FYI: Patent numbers and expiry dates of US patents:
+MDC-2: 4,908,861 13/03/2007
+IDEA: 5,214,703 25/05/2010
+RC5: 5,724,428 03/03/2015
+
+
+* Why does the OpenSSL test suite fail on MacOS X?
+
+If the failure happens when running 'make test' and the RC4 test fails,
+it's very probable that you have OpenSSL 0.9.6b delivered with the
+operating system (you can find out by running '/usr/bin/openssl version')
+and that you were trying to build OpenSSL 0.9.6d. The problem is that
+the loader ('ld') in MacOS X has a misfeature that's quite difficult to
+go around and has linked the programs "openssl" and the test programs
+with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
+libraries you just built.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/crypto/des/des.h
--- a/crypto/dist/openssl/crypto/des/des.h Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/crypto/des/des.h Wed Jul 31 01:29:37 2002 +0000
@@ -188,7 +188,7 @@
des_cblock *iv);
char *des_fcrypt(const char *buf,const char *salt, char *ret);
char *des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__NetBSD__)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN) && !defined(__NetBSD__)
char *crypt(const char *buf,const char *salt);
#endif
void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/crypto/ebcdic.c
--- a/crypto/dist/openssl/crypto/ebcdic.c Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/crypto/ebcdic.c Wed Jul 31 01:29:37 2002 +0000
@@ -211,7 +211,7 @@
}
#else /*CHARSET_EBCDIC*/
-#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
+#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
static void *dummy=&dummy;
#endif
#endif
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/crypto/evp/c_alld.c
--- a/crypto/dist/openssl/crypto/evp/c_alld.c Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/crypto/evp/c_alld.c Wed Jul 31 01:29:37 2002 +0000
@@ -64,6 +64,10 @@
void OpenSSL_add_all_digests(void)
{
+ static int done=0;
+
+ if (done) return;
+ done=1;
#ifndef NO_MD2
EVP_add_digest(EVP_md2());
#endif
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/crypto/evp/evp.h
--- a/crypto/dist/openssl/crypto/evp/evp.h Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/crypto/evp/evp.h Wed Jul 31 01:29:37 2002 +0000
@@ -188,7 +188,7 @@
EVP_rsa_octet_string(),EVP_mdc2())
#define EVP_dsa_sha() \
EVP_PKEY_MD_add(NID_dsaWithSHA,\
- EVP_dsa(),EVP_mdc2())
+ EVP_dsa(),EVP_sha())
#define EVP_dsa_sha1() \
EVP_PKEY_MD_add(NID_dsaWithSHA1,\
EVP_dsa(),EVP_sha1())
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/crypto/objects/obj_dat.c
--- a/crypto/dist/openssl/crypto/objects/obj_dat.c Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/crypto/objects/obj_dat.c Wed Jul 31 01:29:37 2002 +0000
@@ -228,7 +228,7 @@
if (added == NULL)
if (!init_added()) return(0);
if ((o=OBJ_dup(obj)) == NULL) goto err;
- ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+ if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
if ((o->length != 0) && (obj->data != NULL))
ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
if (o->sn != NULL)
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/apps/smime.pod
--- a/crypto/dist/openssl/doc/apps/smime.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/apps/smime.pod Wed Jul 31 01:29:37 2002 +0000
@@ -21,7 +21,6 @@
[B<-certfile file>]
[B<-signer file>]
[B<-recip file>]
-[B<-in file>]
[B<-inform SMIME|PEM|DER>]
[B<-passin arg>]
[B<-inkey file>]
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/crypto/BN_rand.pod
--- a/crypto/dist/openssl/doc/crypto/BN_rand.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/crypto/BN_rand.pod Wed Jul 31 01:29:37 2002 +0000
@@ -14,7 +14,7 @@
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
- int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
=head1 DESCRIPTION
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod
--- a/crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod Wed Jul 31 01:29:37 2002 +0000
@@ -192,7 +192,7 @@
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
=head1 HISTORY
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/crypto/EVP_SignInit.pod
--- a/crypto/dist/openssl/doc/crypto/EVP_SignInit.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/crypto/EVP_SignInit.pod Wed Jul 31 01:29:37 2002 +0000
@@ -75,7 +75,7 @@
L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
=head1 HISTORY
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/crypto/EVP_VerifyInit.pod
--- a/crypto/dist/openssl/doc/crypto/EVP_VerifyInit.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/crypto/EVP_VerifyInit.pod Wed Jul 31 01:29:37 2002 +0000
@@ -62,7 +62,7 @@
L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
=head1 HISTORY
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/crypto/err.pod
--- a/crypto/dist/openssl/doc/crypto/err.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/crypto/err.pod Wed Jul 31 01:29:37 2002 +0000
@@ -172,7 +172,7 @@
=head1 SEE ALSO
L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
-L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>,
+L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
L<ERR_get_error(3)|ERR_get_error(3)>,
L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
L<ERR_clear_error(3)|ERR_clear_error(3)>,
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/crypto/rsa.pod
--- a/crypto/dist/openssl/doc/crypto/rsa.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/crypto/rsa.pod Wed Jul 31 01:29:37 2002 +0000
@@ -110,7 +110,7 @@
L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
+L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)>
=cut
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/ssl/SSL_get_error.pod
--- a/crypto/dist/openssl/doc/ssl/SSL_get_error.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/ssl/SSL_get_error.pod Wed Jul 31 01:29:37 2002 +0000
@@ -13,7 +13,7 @@
=head1 DESCRIPTION
SSL_get_error() returns a result code (suitable for the C "switch"
-statement) for a preceding call to SSL_connect(), SSL_accept(),
+statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
SSL_read(), SSL_peek(), or SSL_write() on B<ssl>. The value returned by
that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
B<ret>.
diff -r e3658025f88e -r cf9406eab896 crypto/dist/openssl/doc/ssl/ssl.pod
--- a/crypto/dist/openssl/doc/ssl/ssl.pod Wed Jul 31 01:28:32 2002 +0000
+++ b/crypto/dist/openssl/doc/ssl/ssl.pod Wed Jul 31 01:29:37 2002 +0000
@@ -682,6 +682,7 @@
Home |
Main Index |
Thread Index |
Old Index