From 2b4a238b5b633cb9f7a11cd77c576cc15b3fe0ad Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 28 Dec 2002 02:01:45 +0000 Subject: [PATCH] Recent changes from 0.9.6-stable. --- INSTALL | 6 +++--- crypto/cryptlib.c | 29 ++++++++++++++++++++--------- crypto/des/des.c | 1 + crypto/dsa/dsatest.c | 1 + crypto/x509/x509_vfy.c | 2 +- ssl/s23_clnt.c | 5 ++++- ssl/s2_clnt.c | 5 +++++ ssl/s3_clnt.c | 5 ++++- test/testssl | 16 ++++++++++++---- test/testssl.com | 32 +++++++++++++++++++++++--------- 10 files changed, 74 insertions(+), 28 deletions(-) diff --git a/INSTALL b/INSTALL index 44e32817a4..d25798f31d 100644 --- a/INSTALL +++ b/INSTALL @@ -132,8 +132,8 @@ standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your message will be recorded in the request tracker publicly readable - via http://www.openssl.org/rt2.html and will be forwarded to a public - mailing list). Include the output of "make report" in your message. + via http://www.openssl.org/support/rt2.html and will be forwarded to a + public mailing list). Include the output of "make report" in your message. Please check out the request tracker. Maybe the bug was already reported or has already been fixed. @@ -154,7 +154,7 @@ in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of "make report" in order to be added to the request tracker at - http://www.openssl.org/rt2.html. + http://www.openssl.org/support/rt2.html. 4. If everything tests ok, install OpenSSL with diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 808196891b..29d4fddfca 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -58,6 +58,7 @@ #include #include +#include #include "cryptlib.h" #include #include @@ -206,10 +207,18 @@ int CRYPTO_get_new_dynlockid(void) i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); /* If there was none, push, thereby creating a new one */ if (i == -1) - i=sk_CRYPTO_dynlock_push(dyn_locks,pointer); + /* Since sk_push() returns the number of items on the + stack, not the location of the pushed item, we need + to transform the returned number into a position, + by decreasing it. */ + i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; + else + /* If we found a place with a NULL pointer, put our pointer + in it. */ + sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - if (!i) + if (i == -1) { dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); OPENSSL_free(pointer); @@ -401,15 +410,17 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) #endif if (type < 0) { - struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(type); - - if (pointer && dynlock_lock_callback) + if (dynlock_lock_callback != NULL) { - dynlock_lock_callback(mode, pointer, file, line); - } + struct CRYPTO_dynlock_value *pointer + = CRYPTO_get_dynlock_value(type); - CRYPTO_destroy_dynlockid(type); + assert(pointer != NULL); + + dynlock_lock_callback(mode, pointer, file, line); + + CRYPTO_destroy_dynlockid(type); + } } else if (locking_callback != NULL) diff --git a/crypto/des/des.c b/crypto/des/des.c index 22596648e8..470432e10f 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -86,6 +86,7 @@ #endif #include #endif +#include #include #include diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 2361ad61cb..2a25f3fe47 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -217,6 +217,7 @@ end: static int cb_exit(int ec) { EXIT(ec); + return(0); /* To keep some compilers quiet */ } static void MS_CALLBACK dsa_cb(int p, int n, void *arg) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 90b18a0464..9ad9276ff7 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -897,7 +897,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) ctx->chain=NULL; } CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data)); - OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA)); + memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); } void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 105e16aeae..8c198d44b3 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -105,7 +105,7 @@ SSL_METHOD *SSLv23_client_method(void) int ssl23_connect(SSL *s) { - BUF_MEM *buf; + BUF_MEM *buf=NULL; unsigned long Time=time(NULL); void (*cb)()=NULL; int ret= -1; @@ -159,6 +159,7 @@ int ssl23_connect(SSL *s) goto end; } s->init_buf=buf; + buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } @@ -207,6 +208,8 @@ int ssl23_connect(SSL *s) } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 5c40996e1c..61adfcf199 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -208,10 +208,13 @@ int ssl2_connect(SSL *s) if (!BUF_MEM_grow(buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { + if (buf == s->init_buf) + buf=NULL; ret= -1; goto end; } s->init_buf=buf; + buf=NULL; s->init_num=0; s->state=SSL2_ST_SEND_CLIENT_HELLO_A; s->ctx->stats.sess_connect++; @@ -338,6 +341,8 @@ int ssl2_connect(SSL *s) } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c32a95581d..60c97ee629 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -164,7 +164,7 @@ SSL_METHOD *SSLv3_client_method(void) int ssl3_connect(SSL *s) { - BUF_MEM *buf; + BUF_MEM *buf=NULL; unsigned long Time=time(NULL),l; long num1; void (*cb)()=NULL; @@ -225,6 +225,7 @@ int ssl3_connect(SSL *s) goto end; } s->init_buf=buf; + buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } @@ -503,6 +504,8 @@ int ssl3_connect(SSL *s) } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); diff --git a/test/testssl b/test/testssl index 2151a6438c..ad4f45f1fa 100644 --- a/test/testssl +++ b/test/testssl @@ -112,8 +112,12 @@ $ssltest -bio_pair -server_auth -client_auth $CA || exit 1 ############################################################################# -echo test tls1 with 1024bit anonymous DH, multiple handshakes -$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1 +if ../apps/openssl no-dh; then + echo skipping anonymous DH tests +else + echo test tls1 with 1024bit anonymous DH, multiple handshakes + $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1 +fi if ../apps/openssl no-rsa; then echo skipping RSA tests @@ -121,8 +125,12 @@ else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1 - echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1 + if ../apps/openssl no-dh; then + echo skipping RSA+DHE tests + else + echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes + ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1 + fi fi exit 0 diff --git a/test/testssl.com b/test/testssl.com index 785f262f5a..26308f7715 100644 --- a/test/testssl.com +++ b/test/testssl.com @@ -159,16 +159,25 @@ $ if $severity .ne. 1 then goto exit3 $ $!########################################################################### $ -$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" -$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 -$ $ set noon $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY +$ no_rsa=$SEVERITY +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-dh +$ no_dh=$SEVERITY $ set on -$ if save_severity +$ +$ if no_dh +$ then +$ write sys$output "skipping anonymous DH tests" +$ else +$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" +$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ if no_rsa $ then $ write sys$output "skipping RSA tests" $ else @@ -176,9 +185,14 @@ $ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" $ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time $ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" -$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 +$ if no_dh +$ then +$ write sys$output "skipping RSA+DHE tests" +$ else +$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif $ endif $ $ RET = 1