Recent changes from 0.9.6-stable.
This commit is contained in:
parent
f0c5491e9e
commit
2b4a238b5b
10 changed files with 74 additions and 28 deletions
6
INSTALL
6
INSTALL
|
@ -132,8 +132,8 @@
|
|||
standard headers). If it is a problem with OpenSSL itself, please
|
||||
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||
message will be recorded in the request tracker publicly readable
|
||||
via http://www.openssl.org/rt2.html and will be forwarded to a public
|
||||
mailing list). Include the output of "make report" in your message.
|
||||
via http://www.openssl.org/support/rt2.html and will be forwarded to a
|
||||
public mailing list). Include the output of "make report" in your message.
|
||||
Please check out the request tracker. Maybe the bug was already
|
||||
reported or has already been fixed.
|
||||
|
||||
|
@ -154,7 +154,7 @@
|
|||
in Makefile.ssl and run "make clean; make". Please send a bug
|
||||
report to <openssl-bugs@openssl.org>, including the output of
|
||||
"make report" in order to be added to the request tracker at
|
||||
http://www.openssl.org/rt2.html.
|
||||
http://www.openssl.org/support/rt2.html.
|
||||
|
||||
4. If everything tests ok, install OpenSSL with
|
||||
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/safestack.h>
|
||||
|
@ -206,10 +207,18 @@ int CRYPTO_get_new_dynlockid(void)
|
|||
i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
|
||||
/* If there was none, push, thereby creating a new one */
|
||||
if (i == -1)
|
||||
i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
|
||||
/* Since sk_push() returns the number of items on the
|
||||
stack, not the location of the pushed item, we need
|
||||
to transform the returned number into a position,
|
||||
by decreasing it. */
|
||||
i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
|
||||
else
|
||||
/* If we found a place with a NULL pointer, put our pointer
|
||||
in it. */
|
||||
sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
|
||||
|
||||
if (!i)
|
||||
if (i == -1)
|
||||
{
|
||||
dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
|
||||
OPENSSL_free(pointer);
|
||||
|
@ -401,15 +410,17 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
|
|||
#endif
|
||||
if (type < 0)
|
||||
{
|
||||
struct CRYPTO_dynlock_value *pointer
|
||||
= CRYPTO_get_dynlock_value(type);
|
||||
|
||||
if (pointer && dynlock_lock_callback)
|
||||
if (dynlock_lock_callback != NULL)
|
||||
{
|
||||
dynlock_lock_callback(mode, pointer, file, line);
|
||||
}
|
||||
struct CRYPTO_dynlock_value *pointer
|
||||
= CRYPTO_get_dynlock_value(type);
|
||||
|
||||
CRYPTO_destroy_dynlockid(type);
|
||||
assert(pointer != NULL);
|
||||
|
||||
dynlock_lock_callback(mode, pointer, file, line);
|
||||
|
||||
CRYPTO_destroy_dynlockid(type);
|
||||
}
|
||||
}
|
||||
else
|
||||
if (locking_callback != NULL)
|
||||
|
|
|
@ -86,6 +86,7 @@
|
|||
#endif
|
||||
#include <sys/stat.h>
|
||||
#endif
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
|
|
|
@ -217,6 +217,7 @@ end:
|
|||
static int cb_exit(int ec)
|
||||
{
|
||||
EXIT(ec);
|
||||
return(0); /* To keep some compilers quiet */
|
||||
}
|
||||
|
||||
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
|
||||
|
|
|
@ -897,7 +897,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
|
|||
ctx->chain=NULL;
|
||||
}
|
||||
CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
|
||||
OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
|
||||
memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
|
||||
}
|
||||
|
||||
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
|
||||
|
|
|
@ -105,7 +105,7 @@ SSL_METHOD *SSLv23_client_method(void)
|
|||
|
||||
int ssl23_connect(SSL *s)
|
||||
{
|
||||
BUF_MEM *buf;
|
||||
BUF_MEM *buf=NULL;
|
||||
unsigned long Time=time(NULL);
|
||||
void (*cb)()=NULL;
|
||||
int ret= -1;
|
||||
|
@ -159,6 +159,7 @@ int ssl23_connect(SSL *s)
|
|||
goto end;
|
||||
}
|
||||
s->init_buf=buf;
|
||||
buf=NULL;
|
||||
}
|
||||
|
||||
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
|
||||
|
@ -207,6 +208,8 @@ int ssl23_connect(SSL *s)
|
|||
}
|
||||
end:
|
||||
s->in_handshake--;
|
||||
if (buf != NULL)
|
||||
BUF_MEM_free(buf);
|
||||
if (cb != NULL)
|
||||
cb(s,SSL_CB_CONNECT_EXIT,ret);
|
||||
return(ret);
|
||||
|
|
|
@ -208,10 +208,13 @@ int ssl2_connect(SSL *s)
|
|||
if (!BUF_MEM_grow(buf,
|
||||
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
|
||||
{
|
||||
if (buf == s->init_buf)
|
||||
buf=NULL;
|
||||
ret= -1;
|
||||
goto end;
|
||||
}
|
||||
s->init_buf=buf;
|
||||
buf=NULL;
|
||||
s->init_num=0;
|
||||
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
|
||||
s->ctx->stats.sess_connect++;
|
||||
|
@ -338,6 +341,8 @@ int ssl2_connect(SSL *s)
|
|||
}
|
||||
end:
|
||||
s->in_handshake--;
|
||||
if (buf != NULL)
|
||||
BUF_MEM_free(buf);
|
||||
if (cb != NULL)
|
||||
cb(s,SSL_CB_CONNECT_EXIT,ret);
|
||||
return(ret);
|
||||
|
|
|
@ -164,7 +164,7 @@ SSL_METHOD *SSLv3_client_method(void)
|
|||
|
||||
int ssl3_connect(SSL *s)
|
||||
{
|
||||
BUF_MEM *buf;
|
||||
BUF_MEM *buf=NULL;
|
||||
unsigned long Time=time(NULL),l;
|
||||
long num1;
|
||||
void (*cb)()=NULL;
|
||||
|
@ -225,6 +225,7 @@ int ssl3_connect(SSL *s)
|
|||
goto end;
|
||||
}
|
||||
s->init_buf=buf;
|
||||
buf=NULL;
|
||||
}
|
||||
|
||||
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
|
||||
|
@ -503,6 +504,8 @@ int ssl3_connect(SSL *s)
|
|||
}
|
||||
end:
|
||||
s->in_handshake--;
|
||||
if (buf != NULL)
|
||||
BUF_MEM_free(buf);
|
||||
if (cb != NULL)
|
||||
cb(s,SSL_CB_CONNECT_EXIT,ret);
|
||||
return(ret);
|
||||
|
|
16
test/testssl
16
test/testssl
|
@ -112,8 +112,12 @@ $ssltest -bio_pair -server_auth -client_auth $CA || exit 1
|
|||
|
||||
#############################################################################
|
||||
|
||||
echo test tls1 with 1024bit anonymous DH, multiple handshakes
|
||||
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
|
||||
if ../apps/openssl no-dh; then
|
||||
echo skipping anonymous DH tests
|
||||
else
|
||||
echo test tls1 with 1024bit anonymous DH, multiple handshakes
|
||||
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
|
||||
fi
|
||||
|
||||
if ../apps/openssl no-rsa; then
|
||||
echo skipping RSA tests
|
||||
|
@ -121,8 +125,12 @@ else
|
|||
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
|
||||
|
||||
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
|
||||
if ../apps/openssl no-dh; then
|
||||
echo skipping RSA+DHE tests
|
||||
else
|
||||
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -159,16 +159,25 @@ $ if $severity .ne. 1 then goto exit3
|
|||
$
|
||||
$!###########################################################################
|
||||
$
|
||||
$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
|
||||
$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
|
||||
$ if $severity .ne. 1 then goto exit3
|
||||
$
|
||||
$ set noon
|
||||
$ define/user sys$output nla0:
|
||||
$ mcr 'exe_dir'openssl no-rsa
|
||||
$ save_severity=$SEVERITY
|
||||
$ no_rsa=$SEVERITY
|
||||
$ define/user sys$output nla0:
|
||||
$ mcr 'exe_dir'openssl no-dh
|
||||
$ no_dh=$SEVERITY
|
||||
$ set on
|
||||
$ if save_severity
|
||||
$
|
||||
$ if no_dh
|
||||
$ then
|
||||
$ write sys$output "skipping anonymous DH tests"
|
||||
$ else
|
||||
$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
|
||||
$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
|
||||
$ if $severity .ne. 1 then goto exit3
|
||||
$ endif
|
||||
$
|
||||
$ if no_rsa
|
||||
$ then
|
||||
$ write sys$output "skipping RSA tests"
|
||||
$ else
|
||||
|
@ -176,9 +185,14 @@ $ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
|
|||
$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
|
||||
$ if $severity .ne. 1 then goto exit3
|
||||
$
|
||||
$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
|
||||
$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
|
||||
$ if $severity .ne. 1 then goto exit3
|
||||
$ if no_dh
|
||||
$ then
|
||||
$ write sys$output "skipping RSA+DHE tests"
|
||||
$ else
|
||||
$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
|
||||
$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
|
||||
$ if $severity .ne. 1 then goto exit3
|
||||
$ endif
|
||||
$ endif
|
||||
$
|
||||
$ RET = 1
|
||||
|
|
Loading…
Reference in a new issue