wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Recent changes from 0.9.7-stable

Browse source
This commit is contained in:
Richard Levitte 2003-09-28 09:07:11 +00:00
parent 445aa1c44a
commit 7027553741
18 changed files with 136 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
INSTALL.W32
View file

@ -225,7 +225,7 @@
$ md c:\openssl\lib
$ md c:\openssl\include
$ md c:\openssl\include\openssl
$ copy /b inc32\* c:\openssl\include\openssl
$ copy /b inc32\openssl\* c:\openssl\include\openssl
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
$ copy /b out32dll\libeay32.lib c:\openssl\lib
$ copy /b out32dll\ssleay32.dll c:\openssl\bin

11
apps/pkcs8.c
View file

@ -235,7 +235,7 @@ int MAIN(int argc, char **argv)
return (1);
}
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -259,8 +259,7 @@ int MAIN(int argc, char **argv)
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
p8pass, strlen(p8pass),
NULL, 0, iter, p8inf))) {
BIO_printf(bio_err, "Error encrypting key\n",
outfile);
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -303,7 +302,7 @@ int MAIN(int argc, char **argv)
}
if (!p8) {
BIO_printf (bio_err, "Error reading key\n", outfile);
BIO_printf (bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -317,13 +316,13 @@ int MAIN(int argc, char **argv)
}
if (!p8inf) {
BIO_printf(bio_err, "Error decrypting key\n", outfile);
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
return (1);
}
if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
return (1);
}

8
apps/s_apps.h
View file

@ -112,6 +112,14 @@
#include <sys/types.h>
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_MSDOS
#define _kbhit kbhit
#endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */

18
apps/s_client.c
View file

@ -136,10 +136,6 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
@ -260,7 +256,7 @@ int MAIN(int argc, char **argv)
char *engine_id=NULL;
ENGINE *e=NULL;
#endif
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
@ -644,7 +640,7 @@ re_start:
if (!ssl_pending)
{
#ifndef OPENSSL_SYS_WINDOWS
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
@ -671,8 +667,8 @@ re_start:
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we make the assumption that we can
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
/* Under Windows/DOS we make the assumption that we can
* always write to the tty: therefore if we need to
* write to the tty we just fall through. Otherwise
* we timeout the select every second and see if there
@ -686,7 +682,7 @@ re_start:
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
#ifdef OPENSSL_SYS_WINCE
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if(!i && (!_kbhit() || !read_tty) ) continue;
#else
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
@ -855,8 +851,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
}
}
#ifdef OPENSSL_SYS_WINDOWS
#ifdef OPENSSL_SYS_WINCE
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
#else
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))

20
apps/s_server.c
View file

@ -140,10 +140,6 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
@ -917,7 +913,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
@ -991,7 +987,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (!read_from_sslcon)
{
FD_ZERO(&readfds);
#ifndef OPENSSL_SYS_WINDOWS
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
@ -1001,8 +997,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we can't select on stdin: only
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
/* Under DOS (non-djgpp) and Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
@ -1263,7 +1259,13 @@ static int init_ssl_connection(SSL *con)
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
#ifndef OPENSSL_NO_KRB5
if (con->kssl_ctx->client_princ != NULL)
{
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
con->kssl_ctx->client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
return(1);
}

23
crypto/bio/bss_file.c
View file

@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown=(int)num&BIO_CLOSE;
b->ptr=(char *)ptr;
b->init=1;
#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
#if defined(OPENSSL_SYS_WINDOWS)
if (num & BIO_FP_TEXT)
_setmode(fd,_O_TEXT);
else
_setmode(fd,_O_BINARY);
#elif defined(OPENSSL_SYS_MSDOS)
{
int fd = fileno((FILE*)ptr);
/* Set correct text/binary mode */
if (num & BIO_FP_TEXT)
_setmode(fileno((FILE *)ptr),_O_TEXT);
_setmode(fd,_O_TEXT);
/* Dangerous to set stdin/stdout to raw (unless redirected) */
else
_setmode(fileno((FILE *)ptr),_O_BINARY);
{
if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
{
if (isatty(fd) <= 0)
_setmode(fd,_O_BINARY);
}
else
_setmode(fd,_O_BINARY);
}
}
#elif defined(OPENSSL_SYS_OS2)
if (num & BIO_FP_TEXT)
setmode(fileno((FILE *)ptr), O_TEXT);

4
crypto/engine/engine.h
View file

@ -538,10 +538,10 @@ void ENGINE_add_conf_module(void);
/**************************/
/* Binary/behaviour compatibility levels */
#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100
#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200
/* Binary versions older than this are too old for us (whether we're a loader or
* a loadee) */
#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100
#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200
/* When compiling an ENGINE entirely as an external shared library, loadable by
* the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure

42
crypto/err/err.c
View file

@ -225,6 +225,7 @@ struct st_ERR_FNS
ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
/* Works on the "thread_hash" error-state table */
LHASH *(*cb_thread_get)(int create);
void (*cb_thread_release)(LHASH **hash);
ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
void (*cb_thread_del_item)(const ERR_STATE *);
@ -239,6 +240,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
static LHASH *int_thread_get(int create);
static void int_thread_release(LHASH **hash);
static ERR_STATE *int_thread_get_item(const ERR_STATE *);
static ERR_STATE *int_thread_set_item(ERR_STATE *);
static void int_thread_del_item(const ERR_STATE *);
@ -252,6 +254,7 @@ static const ERR_FNS err_defaults =
int_err_set_item,
int_err_del_item,
int_thread_get,
int_thread_release,
int_thread_get_item,
int_thread_set_item,
int_thread_del_item,
@ -271,6 +274,7 @@ static const ERR_FNS *err_fns = NULL;
* and state in the loading application. */
static LHASH *int_error_hash = NULL;
static LHASH *int_thread_hash = NULL;
static int int_thread_hash_references = 0;
static int int_err_library_number= ERR_LIB_USER;
/* Internal function that checks whether "err_fns" is set and if not, sets it to
@ -417,11 +421,37 @@ static LHASH *int_thread_get(int create)
CRYPTO_pop_info();
}
if (int_thread_hash)
{
int_thread_hash_references++;
ret = int_thread_hash;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
return ret;
}
static void int_thread_release(LHASH **hash)
{
int i;
if (hash == NULL || *hash == NULL)
return;
i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
#ifdef REF_PRINT
fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"int_thread_release, bad reference count\n");
abort(); /* ok */
}
#endif
*hash = NULL;
}
static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
{
ERR_STATE *p;
@ -436,6 +466,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
p = (ERR_STATE *)lh_retrieve(hash, d);
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
return p;
}
@ -453,6 +484,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d)
p = (ERR_STATE *)lh_insert(hash, d);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
return p;
}
@ -469,13 +501,15 @@ static void int_thread_del_item(const ERR_STATE *d)
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
p = (ERR_STATE *)lh_delete(hash, d);
/* make sure we don't leak memory */
if (int_thread_hash && (lh_num_items(int_thread_hash) == 0))
if (int_thread_hash_references == 1
&& int_thread_hash && (lh_num_items(int_thread_hash) == 0))
{
lh_free(int_thread_hash);
int_thread_hash = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
if (p)
ERR_STATE_free(p);
}
@ -845,6 +879,12 @@ LHASH *ERR_get_err_state_table(void)
return ERRFN(thread_get)(0);
}
void ERR_release_err_state_table(LHASH **hash)
{
err_fns_check();
ERRFN(thread_release)(hash);
}
const char *ERR_lib_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p;

1
crypto/err/err.h
View file

@ -280,6 +280,7 @@ ERR_STATE *ERR_get_state(void);
#ifndef OPENSSL_NO_LHASH
LHASH *ERR_get_string_table(void);
LHASH *ERR_get_err_state_table(void);
void ERR_release_err_state_table(LHASH **hash);
#endif
int ERR_get_next_error_library(void);

2
crypto/md5/asm/md5-586.pl
View file

@ -293,7 +293,7 @@ sub md5_block
&mov(&DWP(12,$tmp2,"",0),$D);
&cmp($tmp1,$X) unless $normal; # check count
&jge(&label("start")) unless $normal;
&jae(&label("start")) unless $normal;
&pop("eax"); # pop the temp variable off the stack
&pop("ebx");

3
crypto/perlasm/x86ms.pl
View file

@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
sub main'ja { &out1("ja",@_); }
sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jnz { &out1("jnz",@_); }

3
crypto/perlasm/x86nasm.pl
View file

@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); }
sub main'jz { &out1("jz NEAR",@_); }
sub main'jge { &out1("jge NEAR",@_); }
sub main'jl { &out1("jl NEAR",@_); }
sub main'ja { &out1("ja NEAR",@_); }
sub main'jae { &out1("jae NEAR",@_); }
sub main'jb { &out1("jb NEAR",@_); }
sub main'jbe { &out1("jbe NEAR",@_); }
sub main'jc { &out1("jc NEAR",@_); }
sub main'jnc { &out1("jnc NEAR",@_); }
sub main'jnz { &out1("jnz NEAR",@_); }

3
crypto/perlasm/x86unix.pl
View file

@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
sub main'ja { &out1("ja",@_); }
sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jno { &out1("jno",@_); }

2
crypto/x509v3/v3_prn.c
View file

@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
j=X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
return 0;
if(!X509V3_EXT_print(bp, ex, flag, 12))
if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
{
BIO_printf(bp, "%*s", indent + 4, "");
M_ASN1_OCTET_STRING_print(bp,ex->value);

35
ssl/kssl.c
View file

@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
"bad ticket from krb5_rd_req.\n");
}
else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
&krb5ticket->enc_part2->client->realm,
krb5ticket->enc_part2->client->data))
&krb5ticket->enc_part2->client->realm,
krb5ticket->enc_part2->client->data,
krb5ticket->enc_part2->client->length))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
"kssl_ctx_setprinc() fails.\n");
@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
}
/* Given a (krb5_data *) entity (and optional realm),
/* Given an array of (krb5_data *) entity (and optional realm),
** set the plain (char *) client_princ or service_host member
** of the kssl_ctx struct.
*/
krb5_error_code
kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
krb5_data *realm, krb5_data *entity)
krb5_data *realm, krb5_data *entity, int nentities)
{
char **princ;
int length;
int i;
if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR;
@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
}
if (*princ) free(*princ);
length = entity->length + ((realm)? realm->length + 2: 1);
/* Add up all the entity->lengths */
length = 0;
for (i=0; i < nentities; i++)
{
length += entity[i].length;
}
/* Add in space for the '/' character(s) (if any) */
length += nentities-1;
/* Space for the ('@'+realm+NULL | NULL) */
length += ((realm)? realm->length + 2: 1);
if ((*princ = calloc(1, length)) == NULL)
return KSSL_CTX_ERR;
else
{
strncpy(*princ, entity->data, entity->length);
(*princ)[entity->length]='\0';
{
for (i = 0; i < nentities; i++)
{
strncat(*princ, entity[i].data, entity[i].length);
if (i < nentities-1)
{
strcat (*princ, "/");
}
}
if (realm)
{
strcat (*princ, "@");
(void) strncat(*princ, realm->data, realm->length);
(*princ)[entity->length+1+realm->length]='\0';
}
}

2
ssl/kssl.h
View file

@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void);
KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
void kssl_ctx_show(KSSL_CTX *kssl_ctx);
krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
krb5_data *realm, krb5_data *entity);
krb5_data *realm, krb5_data *entity, int nentities);
krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
krb5_data *authenp, KSSL_ERR *kssl_err);
krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,

1
ssl/s3_clnt.c
View file

@ -1779,6 +1779,7 @@ static int ssl3_send_client_verify(SSL *s)
*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
l2n3(n,d);
s->state=SSL3_ST_CW_CERT_VRFY_B;
s->init_num=(int)n+4;
s->init_off=0;
}

1
ssl/s3_srvr.c
View file

@ -1366,6 +1366,7 @@ static int ssl3_send_certificate_request(SSL *s)
s->init_num += 4;
#endif
s->state = SSL3_ST_SW_CERT_REQ_B;
}
/* SSL3_ST_SW_CERT_REQ_B */