From 8b98de6653d2918d9b855fc57736b85adbfceb24 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 18 Jul 2002 14:19:26 +0000 Subject: [PATCH] Merge in the latest chanegs from 0.9.6-stable. --- CHANGES | 5 +++ Configure | 2 +- FAQ | 43 +++++++++++++++++++++++-- INSTALL | 10 ++++-- INSTALL.W32 | 12 +++++++ NEWS | 2 +- PROBLEMS | 8 +---- README | 6 ++-- apps/pkcs7.c | 2 +- apps/smime.c | 6 ++-- crypto/ebcdic.c | 2 +- crypto/pem/pem2.h | 2 ++ crypto/perlasm/x86nasm.pl | 2 +- crypto/pkcs12/pkcs12.h | 4 +-- doc/apps/crl2pkcs7.pod | 5 +-- doc/crypto/DH_get_ex_new_index.pod | 2 +- doc/crypto/EVP_DigestInit.pod | 2 +- doc/crypto/EVP_SignInit.pod | 2 +- doc/crypto/EVP_VerifyInit.pod | 2 +- doc/crypto/err.pod | 2 +- doc/crypto/rsa.pod | 2 +- doc/ssl/SSL_CTX_sess_set_cache_size.pod | 4 +-- doc/ssl/SSL_CTX_sess_set_get_cb.pod | 2 +- doc/ssl/SSL_CTX_set_options.pod | 2 +- ms/do_masm.bat | 20 ++++++------ ms/do_nasm.bat | 21 ++++++------ ssl/s2_lib.c | 4 ++- ssl/s3_enc.c | 10 ++++-- ssl/s3_lib.c | 8 ++--- ssl/ssl_locl.h | 15 +++++---- ssl/t1_enc.c | 10 ++++-- util/mk1mf.pl | 2 +- util/pl/BC-32.pl | 36 ++++++++++----------- util/pl/VC-32.pl | 36 ++++++++++----------- 34 files changed, 184 insertions(+), 109 deletions(-) diff --git a/CHANGES b/CHANGES index 655517a4b2..349e3fd890 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.6d and 0.9.6e [XX xxx XXXX] + *) Fix cipher selection routines: ciphers without encryption had no flags + for the cipher strength set and where therefore not handled correctly + by the selection routines (PR #130). + [Lutz Jaenicke] + *) Fix EVP_dsa_sha macro. [Nils Larsch] diff --git a/Configure b/Configure index 3d5c95ddac..71709d630d 100755 --- a/Configure +++ b/Configure @@ -154,7 +154,7 @@ my %table=( "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 # but keep the assembler modules. "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/FAQ b/FAQ index 3b69d8bcc9..0aea6919d4 100644 --- a/FAQ +++ b/FAQ @@ -38,6 +38,7 @@ OpenSSL - Frequently Asked Questions * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? * Why does the OpenSSL compilation fail with "ar: command not found"? * Why does the OpenSSL compilation fail on Win32 with VC++? +* What is special about OpenSSL on Redhat? [PROG] Questions about programming with OpenSSL @@ -215,8 +216,11 @@ For Solaris 2.6, Tim Nibbe and others have suggested installing the SUNski package from Sun patch 105710-01 (Sparc) which adds a /dev/random device and make sure it gets used, usually through $RANDFILE. There are probably similar patches for the other Solaris -versions. However, be warned that /dev/random is usually a blocking -device, which may have some effects on OpenSSL. +versions. An official statement from Sun with respect to /dev/random +support can be found at + http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski +However, be warned that /dev/random is usually a blocking device, which +may have some effects on OpenSSL. * Why do I get an "unable to write 'random state'" error message? @@ -451,6 +455,41 @@ under 'Program Files'). This needs to be done prior to running NMAKE, and the changes are only valid for the current DOS session. +* What is special about OpenSSL on Redhat? + +Red Hat Linux 7.0 and following versions already have a limited version of +openssl already installed. This may well apply to other Linux distributions +also. This version does not have support for the IDEA, RC5 and MDC-2 +algorithms as these are patented within the United States. For information +these patent numbers and expiry dates are: + +MDC-2: 4,908,861 13/03/2007 +IDEA: 5,214,703 25/05/2010 +RC5: 5,724,428 03/03/2015 + +However, Europeans and other non-Americans may wish to install all the +features. + +To do this you MUST ensure that you do not overwrite the openssl that is in +/usr/bin on your Red Hat machine. Several packages depend on this file, +including sendmail and ssh. /usr/local/bin is a good alternative choice. The +libraries that come with Red Hat 7.0 onwards have different names and so are +not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and +/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and +/lib/libcrypto.so.2 respectively). + +Please note that we have been advised by Red Hat attempting to recompile the +openssl rpm with all the cryptography enabled will not work. All other +packages depend on the original Red Hat supplied openssl package. It is also +worth noting that due to the way Red Hat supplies its packages, updates to +openssl on each distribution never change the package version, only the +build number. For example, on Red Hat 7.1, the latest openssl package has +version number 0.9.6 and build number 9 even though it contains all the +relevant updates in packages up to and including 0.9.6b. + +A possible way around this is to persuade Red Hat to produce a non-US +version of Red Hat Linux. + [PROG] ======================================================================== * Is OpenSSL thread-safe? diff --git a/INSTALL b/INSTALL index 619c474c1b..1e6ebb8b7c 100644 --- a/INSTALL +++ b/INSTALL @@ -131,8 +131,11 @@ the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your - message will be forwarded to a public mailing list). Include the - output of "make report" in your message. + message will be recorded in the request tracker publicly readable + via http://www.openssl.org/rt2.html and will be forwarded to a public + mailing list). Include the output of "make report" in your message. + Please check out the request tracker. Maybe the bug was already + reported or has already been fixed. [If you encounter assembler error messages, try the "no-asm" configuration option as an immediate fix.] @@ -150,7 +153,8 @@ try removing any compiler optimization flags from the CFLAGS line in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of - "make report". + "make report" in order to be added to the request tracker at + http://www.openssl.org/rt2.html. 4. If everything tests ok, install OpenSSL with diff --git a/INSTALL.W32 b/INSTALL.W32 index 966c1460f4..30b92510e9 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -94,6 +94,18 @@ You can also build a static version of the library using the Makefile ms\nt.mak + Borland C++ builder 5 + --------------------- + + * Configure for building with Borland Builder: + > perl Configure BC-32 + + * Create the appropriate makefile + > ms\do_nasm + + * Build + > make -f ms\bcb.mak + Borland C++ builder 3 and 4 --------------------------- diff --git a/NEWS b/NEWS index 908d063cfc..0af2ded253 100644 --- a/NEWS +++ b/NEWS @@ -56,7 +56,7 @@ o Bug fixes for Win32, HP/UX and Irix. o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and memory checking routines. - o Bug fixes for RSA operations in threaded enviroments. + o Bug fixes for RSA operations in threaded environments. o Bug fixes in misc. openssl applications. o Remove a few potential memory leaks. o Add tighter checks of BIGNUM routines. diff --git a/PROBLEMS b/PROBLEMS index 70e591a1d1..f072449fec 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -1,11 +1,5 @@ * System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X. - - - NOTE: The problem described here only applies when OpenSSL isn't built - with shared library support (i.e. without the "shared" configuration - option). If you build with shared library support, you will have no - problems as long as you set up DYLD_LIBRARY_PATH properly at all times. - +[NOTE: This is currently undergoing tests, and may be removed soon] This is really a misfeature in ld, which seems to look for .dylib libraries along the whole library path before it bothers looking for .a libraries. This diff --git a/README b/README index fb48e0dcbf..beb29ce892 100644 --- a/README +++ b/README @@ -146,11 +146,13 @@ - Problem Description (steps that will reproduce the problem, if known) - Stack Traceback (if the application dumps core) - Report the bug to the OpenSSL project at: + Report the bug to the OpenSSL project via the Request Tracker + (http://www.openssl.org/rt2.html) by mail to: openssl-bugs@openssl.org - Note that mail to openssl-bugs@openssl.org is forwarded to a public + Note that mail to openssl-bugs@openssl.org is recorded in the publicly + readable request tracker database and is forwarded to a public mailing list. Confidential mail may be sent to openssl-security@openssl.org (PGP key available from the key servers). diff --git a/apps/pkcs7.c b/apps/pkcs7.c index b348da2203..68590c0784 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -90,7 +90,7 @@ int MAIN(int argc, char **argv) int informat,outformat; char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; - int ret=0; + int ret=1; char *engine=NULL; apps_startup(); diff --git a/apps/smime.c b/apps/smime.c index 1e84253f88..cb19c1ea7b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -500,9 +500,9 @@ int MAIN(int argc, char **argv) } else if(operation == SMIME_PK7OUT) { PEM_write_bio_PKCS7(out, p7); } else { - if(to) BIO_printf(out, "To: %s\n", to); - if(from) BIO_printf(out, "From: %s\n", from); - if(subject) BIO_printf(out, "Subject: %s\n", subject); + if(to) BIO_printf(out, "To: %s\r\n", to); + if(from) BIO_printf(out, "From: %s\r\n", from); + if(subject) BIO_printf(out, "Subject: %s\r\n", subject); if(outformat == FORMAT_SMIME) SMIME_write_PKCS7(out, p7, in, flags); else if(outformat == FORMAT_PEM) diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index 91a7a8bcb4..a83536ba5e 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) } #else /*CHARSET_EBCDIC*/ -#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) +#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN) static void *dummy=&dummy; #endif #endif diff --git a/crypto/pem/pem2.h b/crypto/pem/pem2.h index 4e484bcd82..f31790d69c 100644 --- a/crypto/pem/pem2.h +++ b/crypto/pem/pem2.h @@ -61,7 +61,9 @@ extern "C" { #endif +#ifndef HEADER_PEM_H void ERR_load_PEM_strings(void); +#endif #ifdef __cplusplus } diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index b4da364bbf..519d8a5867 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -209,7 +209,7 @@ sub using486 sub main'file { - push(@out, "segment .text\n"); + push(@out, "segment .text use32\n"); } sub main'function_begin diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index fefa1a6a1f..08bf15ae37 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -141,8 +141,8 @@ union { #define PKCS12_ERROR 0 #define PKCS12_OK 1 -#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type) -#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type) +#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) +#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type #define M_PKCS12_x5092certbag(x509) \ diff --git a/doc/apps/crl2pkcs7.pod b/doc/apps/crl2pkcs7.pod index da199b044a..3797bc0df4 100644 --- a/doc/apps/crl2pkcs7.pod +++ b/doc/apps/crl2pkcs7.pod @@ -6,12 +6,13 @@ crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. =head1 SYNOPSIS -B B +B B [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-out filename>] -[B<-print_certs>] +[B<-certfile filename>] +[B<-nocrl>] =head1 DESCRIPTION diff --git a/doc/crypto/DH_get_ex_new_index.pod b/doc/crypto/DH_get_ex_new_index.pod index 82e2548bcd..fa5eab2650 100644 --- a/doc/crypto/DH_get_ex_new_index.pod +++ b/doc/crypto/DH_get_ex_new_index.pod @@ -26,7 +26,7 @@ as described in L. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index b8a231c642..b99ecd25d9 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -192,7 +192,7 @@ in code that must be recompiled if the size of B increases. L, L, L, L, L, L, -L, L +L, L =head1 HISTORY diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 7f9265d0a6..51d05ffe9d 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -75,7 +75,7 @@ L, L, L, L, L, L, L, L, L, -L, L +L, L =head1 HISTORY diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod index 736a0f4a82..5d0d1fb151 100644 --- a/doc/crypto/EVP_VerifyInit.pod +++ b/doc/crypto/EVP_VerifyInit.pod @@ -62,7 +62,7 @@ L, L, L, L, L, L, L, L, L, -L, L +L, L =head1 HISTORY diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index 264e30103d..6f729554d2 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -172,7 +172,7 @@ ERR_get_string_table(void) respectively. =head1 SEE ALSO L, -L, +L, L, L, L, diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index ef0d4df205..b7ee57f2dd 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -111,7 +111,7 @@ L, L, L, L, L, -L, +L, L =cut diff --git a/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/doc/ssl/SSL_CTX_sess_set_cache_size.pod index d59a7db636..c8b99f4eef 100644 --- a/doc/ssl/SSL_CTX_sess_set_cache_size.pod +++ b/doc/ssl/SSL_CTX_sess_set_cache_size.pod @@ -27,7 +27,7 @@ case is the size 0, which is used for unlimited size. When the maximum number of sessions is reached, no more new sessions are added to the cache. New space may be added by calling -L to remove +L to remove expired sessions. If the size of the session cache is reduced and more sessions are already @@ -46,6 +46,6 @@ SSL_CTX_sess_get_cache_size() returns the currently valid size. L, L, L, -L +L =cut diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod index 6e0ef00632..7c0b2baf6c 100644 --- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod @@ -79,7 +79,7 @@ L. L, L, L, -L, +L, L =cut diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 320fc93074..5c07e53f66 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -35,7 +35,7 @@ operation (|). Options can only be added but can never be reset. SSL_CTX_set_options() and SSL_set_options() affect the (external) protocol behaviour of the SSL library. The (internal) behaviour of the API can be changed by using the similar -L and SSL_set_modes() functions. +L and SSL_set_mode() functions. During a handshake, the option settings of the SSL object are used. When a new SSL object is created from a context using SSL_new(), the current diff --git a/ms/do_masm.bat b/ms/do_masm.bat index 5b64fecdb0..f4c958c561 100755 --- a/ms/do_masm.bat +++ b/ms/do_masm.bat @@ -3,54 +3,54 @@ echo Generating x86 for MASM assember echo Bignum cd crypto\bn\asm -perl x86.pl win32 > bn-win32.asm +perl x86.pl win32 > bn_win32.asm cd ..\..\.. echo DES cd crypto\des\asm -perl des-586.pl win32 > d-win32.asm +perl des-586.pl win32 > d_win32.asm cd ..\..\.. echo "crypt(3)" cd crypto\des\asm -perl crypt586.pl win32 > y-win32.asm +perl crypt586.pl win32 > y_win32.asm cd ..\..\.. echo Blowfish cd crypto\bf\asm -perl bf-586.pl win32 > b-win32.asm +perl bf-586.pl win32 > b_win32.asm cd ..\..\.. echo CAST5 cd crypto\cast\asm -perl cast-586.pl win32 > c-win32.asm +perl cast-586.pl win32 > c_win32.asm cd ..\..\.. echo RC4 cd crypto\rc4\asm -perl rc4-586.pl win32 > r4-win32.asm +perl rc4-586.pl win32 > r4_win32.asm cd ..\..\.. echo MD5 cd crypto\md5\asm -perl md5-586.pl win32 > m5-win32.asm +perl md5-586.pl win32 > m5_win32.asm cd ..\..\.. echo SHA1 cd crypto\sha\asm -perl sha1-586.pl win32 > s1-win32.asm +perl sha1-586.pl win32 > s1_win32.asm cd ..\..\.. echo RIPEMD160 cd crypto\ripemd\asm -perl rmd-586.pl win32 > rm-win32.asm +perl rmd-586.pl win32 > rm_win32.asm cd ..\..\.. echo RC5\32 cd crypto\rc5\asm -perl rc5-586.pl win32 > r5-win32.asm +perl rc5-586.pl win32 > r5_win32.asm cd ..\..\.. echo on diff --git a/ms/do_nasm.bat b/ms/do_nasm.bat index 8859c15457..557f8a66d7 100755 --- a/ms/do_nasm.bat +++ b/ms/do_nasm.bat @@ -4,54 +4,54 @@ echo Generating x86 for NASM assember echo Bignum cd crypto\bn\asm -perl x86.pl win32n > bn-win32.asm +perl x86.pl win32n > bn_win32.asm cd ..\..\.. echo DES cd crypto\des\asm -perl des-586.pl win32n > d-win32.asm +perl des-586.pl win32n > d_win32.asm cd ..\..\.. echo "crypt(3)" cd crypto\des\asm -perl crypt586.pl win32n > y-win32.asm +perl crypt586.pl win32n > y_win32.asm cd ..\..\.. echo Blowfish cd crypto\bf\asm -perl bf-586.pl win32n > b-win32.asm +perl bf-586.pl win32n > b_win32.asm cd ..\..\.. echo CAST5 cd crypto\cast\asm -perl cast-586.pl win32n > c-win32.asm +perl cast-586.pl win32n > c_win32.asm cd ..\..\.. echo RC4 cd crypto\rc4\asm -perl rc4-586.pl win32n > r4-win32.asm +perl rc4-586.pl win32n > r4_win32.asm cd ..\..\.. echo MD5 cd crypto\md5\asm -perl md5-586.pl win32n > m5-win32.asm +perl md5-586.pl win32n > m5_win32.asm cd ..\..\.. echo SHA1 cd crypto\sha\asm -perl sha1-586.pl win32n > s1-win32.asm +perl sha1-586.pl win32n > s1_win32.asm cd ..\..\.. echo RIPEMD160 cd crypto\ripemd\asm -perl rmd-586.pl win32n > rm-win32.asm +perl rmd-586.pl win32n > rm_win32.asm cd ..\..\.. echo RC5\32 cd crypto\rc5\asm -perl rc5-586.pl win32n > r5-win32.asm +perl rc5-586.pl win32n > r5_win32.asm cd ..\..\.. echo on @@ -62,6 +62,7 @@ rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak +perl util\mk1mf.pl nasm BC-NT >ms\bcb.mak perl util\mkdef.pl 16 libeay > ms\libeay16.def perl util\mkdef.pl 32 libeay > ms\libeay32.def diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index a590dbfa5c..8bcd7f4903 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -76,7 +76,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, + SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, + 0, 0, 0, SSL_ALL_CIPHERS, @@ -196,6 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL, SSL2_CK_NULL, 0, + SSL_STRONG_NONE, 0, 0, 0, diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 1944814ca7..79fa4f97c2 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -368,10 +368,16 @@ int ssl3_setup_key_block(SSL *s) */ s->s3->need_empty_fragments = 1; + if (s->session->cipher != NULL) + { + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) + s->s3->need_empty_fragments = 0; + #ifndef NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) + s->s3->need_empty_fragments = 0; #endif + } } return(1); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 57a3fa4f81..9951ebb419 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA, SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA, SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 516d3cc5ae..9297cd2dc3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -283,16 +283,17 @@ #define SSL_NOT_EXP 0x00000001L #define SSL_EXPORT 0x00000002L -#define SSL_STRONG_MASK 0x0000007cL -#define SSL_EXP40 0x00000004L +#define SSL_STRONG_MASK 0x000000fcL +#define SSL_STRONG_NONE 0x00000004L +#define SSL_EXP40 0x00000008L #define SSL_MICRO (SSL_EXP40) -#define SSL_EXP56 0x00000008L +#define SSL_EXP56 0x00000010L #define SSL_MINI (SSL_EXP56) -#define SSL_LOW 0x00000010L -#define SSL_MEDIUM 0x00000020L -#define SSL_HIGH 0x00000040L +#define SSL_LOW 0x00000020L +#define SSL_MEDIUM 0x00000040L +#define SSL_HIGH 0x00000080L -/* we have used 0000007f - 25 bits left to go */ +/* we have used 000000ff - 24 bits left to go */ /* * Macros to check the export status and cipher strength for export ciphers. diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 000bfa7248..f3ecc5f586 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -440,10 +440,16 @@ printf("\nkey block\n"); */ s->s3->need_empty_fragments = 1; + if (s->session->cipher != NULL) + { + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) + s->s3->need_empty_fragments = 0; + #ifndef NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) + s->s3->need_empty_fragments = 0; #endif + } } return(1); diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 46755fa287..4cc7881d8d 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -98,7 +98,7 @@ $out_def="out"; $inc_def="outinc"; $tmp_def="tmp"; -$mkdir="mkdir"; +$mkdir="-mkdir"; ($ssl,$crypto)=("ssl","crypto"); $RSAglue="RSAglue"; diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index 20cb3a9c50..c268c49550 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -65,24 +65,24 @@ $bf_enc_src=''; if (!$no_asm) { - $bn_mulw_obj='crypto\bn\asm\bn-win32.obj'; - $bn_mulw_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; + $bn_mulw_obj='crypto\bn\asm\bn_win32.obj'; + $bn_mulw_src='crypto\bn\asm\bn_win32.asm'; + $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; + $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; + $bf_enc_obj='crypto\bf\asm\b_win32.obj'; + $bf_enc_src='crypto\bf\asm\b_win32.asm'; + $cast_enc_obj='crypto\cast\asm\c_win32.obj'; + $cast_enc_src='crypto\cast\asm\c_win32.asm'; + $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj'; + $rc4_enc_src='crypto\rc4\asm\r4_win32.asm'; + $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj'; + $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; + $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; + $md5_asm_src='crypto\md5\asm\m5_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; + $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 7c6674b971..8dea921541 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -67,24 +67,24 @@ $bf_enc_src=''; if (!$no_asm) { - $bn_asm_obj='crypto\bn\asm\bn-win32.obj'; - $bn_asm_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; + $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; + $bf_enc_obj='crypto\bf\asm\b_win32.obj'; + $bf_enc_src='crypto\bf\asm\b_win32.asm'; + $cast_enc_obj='crypto\cast\asm\c_win32.obj'; + $cast_enc_src='crypto\cast\asm\c_win32.asm'; + $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj'; + $rc4_enc_src='crypto\rc4\asm\r4_win32.asm'; + $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj'; + $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; + $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; + $md5_asm_src='crypto\md5\asm\m5_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; + $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; }