From 10bb0dbfec8593a20b0c5db53c93bd2324c4c09e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 07:02:27 +0000 Subject: [PATCH 01/28] Changes by Jeffrey Altman to make RAND_poll() work better in Win32. Verified by zhu qun-ying . --- crypto/rand/rand_win.c | 174 +++++++++++++++++++++++++---------------- 1 file changed, 106 insertions(+), 68 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index d3fe50d341..9f2dcff9a9 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -171,13 +171,16 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include #include -#if 0 /* Some compilers use LMSTR, others (VC6, for example) use LPTSTR. - * This part is disabled until a fix is found. +#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE + * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was + * was added to the Platform SDK to allow the NET API to be used in + * non-Unicode applications provided that Unicode strings were still + * used for input. LMSTR is defined as LPWSTR. */ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) - (LMSTR, LMSTR, DWORD, DWORD, LPBYTE*); + (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); -#endif /* 0 */ +#endif /* 1 */ int RAND_poll(void) { @@ -191,12 +194,20 @@ int RAND_poll(void) CRYPTACQUIRECONTEXT acquire = 0; CRYPTGENRANDOM gen = 0; CRYPTRELEASECONTEXT release = 0; -#if 0 /* This part is disabled until a fix for the problem with the - * definition of NETSTATGET is found. +#if 1 /* There was previously a problem with NETSTATGET. Currently, this + * section is still experimental, but if all goes well, this conditional + * will be removed */ NETSTATGET netstatget = 0; NETFREE netfree = 0; -#endif /* 0 */ +#endif /* 1 */ + + /* Determine the OS version we are on so we can turn off things + * that do not work properly. + */ + OSVERSIONINFO osverinfo ; + osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; + GetVersionEx( &osverinfo ) ; /* load functions dynamically - not available on all systems */ advapi = LoadLibrary("ADVAPI32.DLL"); @@ -204,9 +215,9 @@ int RAND_poll(void) user = LoadLibrary("USER32.DLL"); netapi = LoadLibrary("NETAPI32.DLL"); -#if 0 /* This part is disabled until a fix for the problem with the - * definition of NETSTATGET is found. Also, note that VC6 doesn't - * understand strings starting with L". +#if 1 /* There was previously a problem with NETSTATGET. Currently, this + * section is still experimental, but if all goes well, this conditional + * will be removed */ if (netapi) { @@ -217,57 +228,68 @@ int RAND_poll(void) if (netstatget && netfree) { LPBYTE outbuf; - /* NetStatisticsGet() is a Unicode only function */ + /* NetStatisticsGet() is a Unicode only function + * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 + * contains 17 fields. We treat each field as a source of + * one byte of entropy. + */ + if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { - RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 0); + RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); netfree(outbuf); } if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { - RAND_add(outbuf, sizeof(STAT_SERVER_0), 0); + RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); netfree(outbuf); } } if (netapi) FreeLibrary(netapi); -#endif /* 0 */ +#endif /* 1 */ -#if 0 /* It appears like this can cause an exception deep within ADVAPI32.DLL - * at random times. Reported by Jeffrey Altman. - */ - /* Read Performance Statistics from NT/2000 registry */ - /* The size of the performance data can vary from call to call */ - /* so we must guess the size of the buffer to use and increase */ - /* its size if we get an ERROR_MORE_DATA return instead of */ - /* ERROR_SUCCESS. */ - { - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) + /* It appears like this can cause an exception deep within ADVAPI32.DLL + * at random times on Windows 2000. Reported by Jeffrey Altman. + * Only use it on NT. + */ + if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && + osverinfo.dwMajorVersion < 5) { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; + /* Read Performance Statistics from NT/2000 registry + * The size of the performance data can vary from call + * to call so we must guess the size of the buffer to use + * and increase its size if we get an ERROR_MORE_DATA + * return instead of ERROR_SUCCESS. + */ + LONG rc=ERROR_MORE_DATA; + char * buf=NULL; + DWORD bufsz=0; + DWORD length; - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", - NULL, NULL, buf, &length); + while (rc == ERROR_MORE_DATA) + { + buf = realloc(buf,bufsz+8192); + if (!buf) + break; + bufsz += 8192; + + length = bufsz; + rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", + NULL, NULL, buf, &length); + } + if (rc == ERROR_SUCCESS) + { + /* For entropy count assume only least significant + * byte of each DWORD is random. + */ + RAND_add(&length, sizeof(length), 0); + RAND_add(buf, length, length / 4.0); + } + if (buf) + free(buf); } - if (rc == ERROR_SUCCESS) - { - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, 0); - } - if (buf) - free(buf); - } -#endif /* 0 */ if (advapi) { @@ -282,12 +304,13 @@ int RAND_poll(void) if (acquire && gen && release) { /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (gen(hProvider, sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), 0); + RAND_add(buf, sizeof(buf), sizeof(buf)); #ifdef DEBUG printf("randomness from PROV_RSA_FULL\n"); #endif @@ -300,7 +323,7 @@ int RAND_poll(void) { if (gen(hProvider, sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), 0); + RAND_add(buf, sizeof(buf), sizeof(buf)); #ifdef DEBUG printf("randomness from PROV_INTEL_SEC\n"); #endif @@ -321,7 +344,7 @@ int RAND_poll(void) /* process ID */ w = GetCurrentProcessId(); - RAND_add(&w, sizeof(w), 0); + RAND_add(&w, sizeof(w), 1); if (user) { @@ -334,41 +357,37 @@ int RAND_poll(void) queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); if (win) - { + { /* window handle */ h = win(); RAND_add(&h, sizeof(h), 0); - } - + } if (cursor) { /* unfortunately, its not safe to call GetCursorInfo() * on NT4 even though it exists in SP3 (or SP6) and * higher. */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && osverinfo.dwMajorVersion < 5) cursor = 0; } - if (cursor) { /* cursor position */ + /* assume 2 bytes of entropy */ CURSORINFO ci; ci.cbSize = sizeof(CURSORINFO); if (cursor(&ci)) - RAND_add(&ci, ci.cbSize, 0); + RAND_add(&ci, ci.cbSize, 2); } if (queue) { /* message queue status */ + /* assume 1 byte of entropy */ w = queue(QS_ALLEVENTS); - RAND_add(&w, sizeof(w), 0); + RAND_add(&w, sizeof(w), 1); } FreeLibrary(user); @@ -406,7 +425,7 @@ int RAND_poll(void) MODULEENTRY32 m; snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CreateToolhelp32Snapshot"); + GetProcAddress(kernel, "CreateToolhelp32Snapshot"); heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); @@ -425,11 +444,18 @@ int RAND_poll(void) != NULL) { /* heap list and heap walking */ + /* HEAPLIST32 contains 3 fields that will change with + * each entry. Consider each field a source of 1 byte + * of entropy. + * HEAPENTRY32 contains 5 fields that will change with + * each entry. Consider each field a source of 1 byte + * of entropy. + */ hlist.dwSize = sizeof(HEAPLIST32); if (heaplist_first(handle, &hlist)) do { - RAND_add(&hlist, hlist.dwSize, 0); + RAND_add(&hlist, hlist.dwSize, 3); hentry.dwSize = sizeof(HEAPENTRY32); if (heap_first(&hentry, hlist.th32ProcessID, @@ -438,34 +464,46 @@ int RAND_poll(void) int entrycnt = 50; do RAND_add(&hentry, - hentry.dwSize, 0); + hentry.dwSize, 5); while (heap_next(&hentry) && --entrycnt > 0); } } while (heaplist_next(handle, &hlist)); - + /* process walking */ + /* PROCESSENTRY32 contains 9 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ p.dwSize = sizeof(PROCESSENTRY32); if (process_first(handle, &p)) do - RAND_add(&p, p.dwSize, 0); + RAND_add(&p, p.dwSize, 9); while (process_next(handle, &p)); - + /* thread walking */ + /* THREADENTRY32 contains 6 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ t.dwSize = sizeof(THREADENTRY32); if (thread_first(handle, &t)) do - RAND_add(&t, t.dwSize, 0); + RAND_add(&t, t.dwSize, 6); while (thread_next(handle, &t)); - + /* module walking */ + /* MODULEENTRY32 contains 9 fields that will change + * with each entry. Consider each field a source of + * 1 byte of entropy. + */ m.dwSize = sizeof(MODULEENTRY32); if (module_first(handle, &m)) do - RAND_add(&m, m.dwSize, 1); + RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m)); - + CloseHandle(handle); } From 6397710486a1f2a53e590972fa002171f4ff63c4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 07:15:52 +0000 Subject: [PATCH 02/28] I'm using GNU tar... --- Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index f93913f2af..c6f660954b 100644 --- a/Makefile.org +++ b/Makefile.org @@ -62,7 +62,7 @@ AR=ar r RANLIB= ranlib PERL= perl TAR= tar -TARFLAGS= --norecurse +TARFLAGS= --no-recursion # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o From 422e5a4807eeace088541f1d3a72003245ca2d93 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 07:16:40 +0000 Subject: [PATCH 03/28] make update --- TABLE | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/TABLE b/TABLE index 359ad0eccb..b272b927fa 100644 --- a/TABLE +++ b/TABLE @@ -140,6 +140,26 @@ $dso_scheme = $shared_target= $shared_cflag = +*** MPE/iX-gcc +$cc = gcc +$cflags = -D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB +$unistd = +$thread_cflag = (unknown) +$lflags = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses +$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = + *** Mingw32 $cc = gcc $cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall From d40898dfabe3b888f752a2a61e1bbcf06264e604 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 09:08:44 +0000 Subject: [PATCH 04/28] Time to build beta 3. Bump the version numbers accordingly. --- README | 2 +- crypto/opensslv.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 35c662cc3c..df67c76146 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.6-beta2 17 Sep 2000 + OpenSSL 0.9.6-beta3 (Final beta) 21 Sep 2000 Copyright (c) 1998-2000 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 938fc80b7e..4dcc1b500a 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x00906002L -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6-beta2 17 Sep 2000" +#define OPENSSL_VERSION_NUMBER 0x00906003L +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6-beta3 21 Sep 2000" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT From ef63568e941bc1fc0e27249dfcc3c5e94a9882e8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 10:27:35 +0000 Subject: [PATCH 05/28] Prepare STATUS for the beta 3 reports. --- STATUS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 163cc472a3..5ad4c08d93 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/20 15:22:02 $ + ______________ $Date: 2000/09/21 10:27:35 $ DEVELOPMENT STATE @@ -84,6 +84,7 @@ alpha-gcc (V4.0E, gcc 2.8.1) - success ultrix-cc (V4.5) - success ultrix-gcc (V4.5, gcc 2.8.1) - success + 0.9.6-beta3 is available: o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From 6e3dfc1f3ba62e1c3c34f99d12e2131b941679fa Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 12:54:41 +0000 Subject: [PATCH 06/28] Tests so far. --- STATUS | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 5ad4c08d93..5c6288e817 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 10:27:35 $ + ______________ $Date: 2000/09/21 12:54:41 $ DEVELOPMENT STATE @@ -85,6 +85,23 @@ ultrix-cc (V4.5) - success ultrix-gcc (V4.5, gcc 2.8.1) - success 0.9.6-beta3 is available: + aix-cc (4.3) - success + aix-cc [engine] (4.3) - success + linux-elf (RedHat 6.2) - success + linux-elf [engine] (RedHat 6.2) - success + solaris-sparcv9-gcc (5.7, gcc 2.95.2) - success + solaris-sparcv9-cc (5.6, SunWS C 4.2) - success + solaris-sparcv9-cc [engine] (5.6, SunWS C 4.2)- success + WinNT (4 SP6, VC6 SP2) - success + WinNT (4 SP6, Cygwin) - success + The files used for testing must have CR/LF + as line endings. + WinNT (4 SP6, Mingw32) - failed + mingw32a.mak contains a few lines that + generate an error. + WinNT (4 SP6, VC6 SP4) - failed + Complains about unresolved external symbol + __imp__RegQueryValueEx. o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From 9cfab47b183fde902adc2a5565c2fb97e1ac6425 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 14:26:12 +0000 Subject: [PATCH 07/28] Tests so far. --- STATUS | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/STATUS b/STATUS index 5c6288e817..c2a5d7e999 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 12:54:41 $ + ______________ $Date: 2000/09/21 14:26:12 $ DEVELOPMENT STATE @@ -92,16 +92,23 @@ solaris-sparcv9-gcc (5.7, gcc 2.95.2) - success solaris-sparcv9-cc (5.6, SunWS C 4.2) - success solaris-sparcv9-cc [engine] (5.6, SunWS C 4.2)- success - WinNT (4 SP6, VC6 SP2) - success - WinNT (4 SP6, Cygwin) - success + VC-WIN32 (NT4 SP6, VC6 SP2) - success + VC-WIN32 (NT4 SP6, Cygwin) - success The files used for testing must have CR/LF as line endings. - WinNT (4 SP6, Mingw32) - failed + VC-WIN32 (NT4 SP6, Mingw32) - failed mingw32a.mak contains a few lines that generate an error. - WinNT (4 SP6, VC6 SP4) - failed + VC-NT (NT4 SP6, VC6 SP4) - failed static Complains about unresolved external symbol - __imp__RegQueryValueEx. + __imp__RegQueryValueEx. This only + happens when building the static + libraries. + VC-WIN32 (W2K Pro SP1, VC6 SP3, PSDK Jul2000)- success + hpux-parisc-gcc (B.10.20, gcc 2.95.2) - success + hpux-parisc-cc (B.10.20, cc A.10.32.30) - success + hpux-parisc-gcc [engine] (B.10.20, gcc 2.95.2)- success + hpux-parisc-cc [engine] (B.10.20, cc A.10.32.30)- success o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From c759ddd6769f00bc1625acb9f63e190d17775108 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 14:51:45 +0000 Subject: [PATCH 08/28] More reports. --- STATUS | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/STATUS b/STATUS index c2a5d7e999..b37c746bd1 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 14:26:12 $ + ______________ $Date: 2000/09/21 14:51:45 $ DEVELOPMENT STATE @@ -87,9 +87,11 @@ 0.9.6-beta3 is available: aix-cc (4.3) - success aix-cc [engine] (4.3) - success + linux-elf (RedHat 5.2, gcc 2.7.2.3) - success linux-elf (RedHat 6.2) - success linux-elf [engine] (RedHat 6.2) - success solaris-sparcv9-gcc (5.7, gcc 2.95.2) - success + solaris-sparcv9-gcc (5.6, gcc 2.95.2) - success solaris-sparcv9-cc (5.6, SunWS C 4.2) - success solaris-sparcv9-cc [engine] (5.6, SunWS C 4.2)- success VC-WIN32 (NT4 SP6, VC6 SP2) - success @@ -99,11 +101,13 @@ VC-WIN32 (NT4 SP6, Mingw32) - failed mingw32a.mak contains a few lines that generate an error. - VC-NT (NT4 SP6, VC6 SP4) - failed static + VC-NT static libs (NT4 SP6, VC6 SP4) - failed Complains about unresolved external symbol __imp__RegQueryValueEx. This only happens when building the static - libraries. + libraries. Tests pass as soon as + you make sure advapi32.lib gets + liked in. VC-WIN32 (W2K Pro SP1, VC6 SP3, PSDK Jul2000)- success hpux-parisc-gcc (B.10.20, gcc 2.95.2) - success hpux-parisc-cc (B.10.20, cc A.10.32.30) - success From d17698648803c53733700c09173b329982bd58a4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 15:16:20 +0000 Subject: [PATCH 09/28] Ugly hack to make sure static libraries are usable. Without this, anything that just links with libeay32.lib or libssl32.lib will get an error saying the __imp__RegQueryValueEx is unresolved. The right thing would really be to fix crypto/rand/rand_win.c to load ADVAPI32.DLL dynamically, but that won't be done just before a release. --- util/pl/VC-32.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 046f0e253c..6978104234 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -112,7 +112,8 @@ sub do_lib_rule if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; - $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs\n<<\n"; + $ex =' advapi32.lib'; + $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; } else { From 1cbb729fdc59d314d9f593f88a38f7667247b799 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 16:01:08 +0000 Subject: [PATCH 10/28] Oops, if the target only had USE_TOD, an error message was issued... --- apps/speed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/speed.c b/apps/speed.c index 15c9a1fdc7..627cab1d31 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -115,7 +115,7 @@ #include #endif -#if !defined(TIMES) && !defined(TIMEB) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif From a04cfb72d5d19ce3eba347654c018638496b3328 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 17:11:52 +0000 Subject: [PATCH 11/28] More reports --- STATUS | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/STATUS b/STATUS index b37c746bd1..ff212a8b8f 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 14:51:45 $ + ______________ $Date: 2000/09/21 17:11:52 $ DEVELOPMENT STATE @@ -107,12 +107,15 @@ happens when building the static libraries. Tests pass as soon as you make sure advapi32.lib gets - liked in. + linked in. [FIXED] VC-WIN32 (W2K Pro SP1, VC6 SP3, PSDK Jul2000)- success hpux-parisc-gcc (B.10.20, gcc 2.95.2) - success hpux-parisc-cc (B.10.20, cc A.10.32.30) - success hpux-parisc-gcc [engine] (B.10.20, gcc 2.95.2)- success hpux-parisc-cc [engine] (B.10.20, cc A.10.32.30)- success + FreeBSD (2.2.5) - failed + Only having USE_TOD made speed.c issue an + error. [FIXED] o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From 4aa4f333ed1f13809ee1106d49e81b6154d7745a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 17:21:15 +0000 Subject: [PATCH 12/28] Change IMPORTANT to WARNING for greater emphasis. --- doc/ssl/SSL_library_init.pod | 2 +- doc/ssl/SSL_read.pod | 2 +- doc/ssl/SSL_write.pod | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod index bf2a94c760..ecf3c4858e 100644 --- a/doc/ssl/SSL_library_init.pod +++ b/doc/ssl/SSL_library_init.pod @@ -24,7 +24,7 @@ for SSL_library_init(). SSL_library_init() must be called before any other action takes place. -=head1 IMPORTANT +=head1 WARNING SSL_library_init() only registers ciphers. Another important initialization is the seeding of the PRNG (Pseudo Random Number Generator), which has to diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index 708b20fdb5..072dc26cf2 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -38,7 +38,7 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -=head1 IMPORTANT +=head1 WARNING When an SSL_read() operation has to be repeated because of B or B, it must be repeated diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index 0a1adaba73..db67c187e0 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -38,7 +38,7 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -=head1 IMPORTANT +=head1 WARNING When an SSL_write() operation has to be repeated because of B or B, it must be repeated From 4b0f00b7cee1c82fd88a7f9a0095fa9f3da1e39b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 17:44:23 +0000 Subject: [PATCH 13/28] More reports --- STATUS | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index ff212a8b8f..527a64de43 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 17:11:52 $ + ______________ $Date: 2000/09/21 17:44:23 $ DEVELOPMENT STATE @@ -116,6 +116,14 @@ FreeBSD (2.2.5) - failed Only having USE_TOD made speed.c issue an error. [FIXED] + FreeBSD-alpha (4.1, gcc 2.95.2) - success + The USE_TOD fix needed to be applied. + There were warnings about -O3 triggering + known optimizer bugs on that + platform. + OpenBSD-x86 (2.7, gcc 2.95.2) - success + alpha-cc (OSF1 V4.0) - success + solaris-x86-gcc (5.8, gcc 2.95.2) - success o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 o OpenSSL 0.9.4: Released on August 09th, 1999 From 6cffb201f3133515bc4b2a5620b022a6a7982227 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 21 Sep 2000 18:57:00 +0000 Subject: [PATCH 14/28] Fix ASN1_TYPE bug. --- CHANGES | 12 ++++++++++++ crypto/asn1/a_type.c | 14 ++++++++------ crypto/asn1/asn1.h | 1 + 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 786ab5064c..7645d6f5f9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,18 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for + a general "ANY" type, as such it should be able to decode anything + including tagged types. However it didn't check the class so it would + wrongly interpret tagged types in the same way as their universal + counterpart and unknown types were just rejected. Changed so that the + tagged and unknown types are handled in the same way as a SEQUENCE: + that is the encoding is stored intact. There is also a new type + "V_ASN1_OTHER" which is used when the class is not universal, in this + case we have no idea what the actual type is so we just lump them all + together. + [Steve Henson] + *) On VMS, stdout may very well lead to a file that is written to in a record-oriented fashion. That means that every write() will write a separate record, which will be read separately by the diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 3620e60e99..cf716027d3 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -123,6 +123,8 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp) break; case V_ASN1_SET: case V_ASN1_SEQUENCE: + case V_ASN1_OTHER: + default: if (a->value.set == NULL) r=0; else @@ -159,6 +161,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length) inf=ASN1_get_object(&q,&len,&tag,&xclass,length); if (inf & 0x80) goto err; + /* If not universal tag we've no idea what it is */ + if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER; ASN1_TYPE_component_free(ret); @@ -245,6 +249,8 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length) break; case V_ASN1_SET: case V_ASN1_SEQUENCE: + case V_ASN1_OTHER: + default: /* Sets and sequences are left complete */ if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err; ret->value.set->type=tag; @@ -252,9 +258,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length) if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err; p+=len; break; - default: - ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE); - goto err; } ret->type=tag; @@ -333,10 +336,9 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a) case V_ASN1_UNIVERSALSTRING: case V_ASN1_BMPSTRING: case V_ASN1_UTF8STRING: - ASN1_STRING_free((ASN1_STRING *)a->value.ptr); - break; + case V_ASN1_OTHER: default: - /* MEMORY LEAK */ + ASN1_STRING_free((ASN1_STRING *)a->value.ptr); break; } a->type=0; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 3346377527..6f956b1963 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -83,6 +83,7 @@ extern "C" { #define V_ASN1_PRIMATIVE_TAG 0x1f #define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ +#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ #define V_ASN1_NEG 0x100 /* negative flag */ From 7f6e0a4c09c1b5ec6d20b51f572a023b92a37f2f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 20:09:16 +0000 Subject: [PATCH 15/28] More reports --- STATUS | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 527a64de43..8d1420a696 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 17:44:23 $ + ______________ $Date: 2000/09/21 20:09:16 $ DEVELOPMENT STATE @@ -108,11 +108,16 @@ libraries. Tests pass as soon as you make sure advapi32.lib gets linked in. [FIXED] + VC-NT dynamic libs (NT4 SP6, VC6 SP4) - success VC-WIN32 (W2K Pro SP1, VC6 SP3, PSDK Jul2000)- success hpux-parisc-gcc (B.10.20, gcc 2.95.2) - success hpux-parisc-cc (B.10.20, cc A.10.32.30) - success hpux-parisc-gcc [engine] (B.10.20, gcc 2.95.2)- success hpux-parisc-cc [engine] (B.10.20, cc A.10.32.30)- success + hpux-parisc2-cc (B.11.11) - success + hpux64-parisc2-cc (B.11.11) - success + Kevin Steves also mentions that "All the new + targets look good on my end with hp-ux 11.0." FreeBSD (2.2.5) - failed Only having USE_TOD made speed.c issue an error. [FIXED] From 6b3a4ffe36acee4d982153be563103cfb1cbadf0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 21 Sep 2000 20:49:47 +0000 Subject: [PATCH 16/28] More reports --- STATUS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/STATUS b/STATUS index 8d1420a696..8847c449e1 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 20:09:16 $ + ______________ $Date: 2000/09/21 20:49:47 $ DEVELOPMENT STATE @@ -118,6 +118,7 @@ hpux64-parisc2-cc (B.11.11) - success Kevin Steves also mentions that "All the new targets look good on my end with hp-ux 11.0." + MPE/iX-gcc - success FreeBSD (2.2.5) - failed Only having USE_TOD made speed.c issue an error. [FIXED] From 318e09356b4b563afd695d8a6b5ba8c582d5eb67 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 22 Sep 2000 06:06:25 +0000 Subject: [PATCH 17/28] Kris Kennaway tells us that FreeBSD/Alpha shouldn't use an optimization higher than -O. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 257b94ac62..340077873d 100755 --- a/Configure +++ b/Configure @@ -265,7 +265,7 @@ my %table=( "alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared", "alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared", -"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::", +"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::", #### Alpha Linux with GNU C and Compaq C setups # Special notes: From 28a63d3e6f29bdf75cf4163c7030117f34d038aa Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 22 Sep 2000 06:15:10 +0000 Subject: [PATCH 18/28] Problem on FreeBSD/Alpha fixed. --- STATUS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/STATUS b/STATUS index 8847c449e1..14b2807c2a 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/21 20:49:47 $ + ______________ $Date: 2000/09/22 06:15:10 $ DEVELOPMENT STATE @@ -126,7 +126,7 @@ The USE_TOD fix needed to be applied. There were warnings about -O3 triggering known optimizer bugs on that - platform. + platform. [FIXED] OpenBSD-x86 (2.7, gcc 2.95.2) - success alpha-cc (OSF1 V4.0) - success solaris-x86-gcc (5.8, gcc 2.95.2) - success From 3f8b90c34586f81ec58b16b11a78d5b4b5934575 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 22 Sep 2000 13:15:16 +0000 Subject: [PATCH 19/28] Catch V_ASN1_NULL. --- crypto/asn1/a_type.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index cf716027d3..e72a6b29e0 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -315,6 +315,8 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a) case V_ASN1_OBJECT: ASN1_OBJECT_free(a->value.object); break; + case V_ASN1_NULL: + break; case V_ASN1_INTEGER: case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: From dbba890cf11f5ec1e44166a51e0a4062ccdc5279 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 Sep 2000 21:32:08 +0000 Subject: [PATCH 20/28] Only use the new informational verify codes if we specifically ask for them. Fix typo in docs. --- CHANGES | 8 ++++++++ NEWS | 1 + crypto/x509/x509_vfy.c | 19 +++++++++---------- doc/apps/smime.pod | 2 +- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 7645d6f5f9..26fb7f8a89 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is + not set then we don't setup the error code for issuer check errors + to avoid possibly overwriting other errors which the callback does + handle. If an application does set the flag then we assume it knows + what it is doing and can handle the new informational codes + appropriately. + [Steve Henson] + *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for a general "ANY" type, as such it should be able to decode anything including tagged types. However it didn't check the class so it would diff --git a/NEWS b/NEWS index 674703e80c..ce1ba34436 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,7 @@ o MD4 now included. o Bugfix for SSL rollback padding check. o Support for external crypto device[1]. + o Enhanced EVP interafce. [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index db62c9f6a3..0f4110cc64 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) ret = X509_check_issued(issuer, x); if (ret == X509_V_OK) return 1; - else - { - ctx->error = ret; - ctx->current_cert = x; - ctx->current_issuer = issuer; - if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb) - return ctx->verify_cb(0, ctx); - else - return 0; - } + /* If we haven't asked for issuer errors don't set ctx */ + if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) + return 0; + + ctx->error = ret; + ctx->current_cert = x; + ctx->current_issuer = issuer; + if (ctx->verify_cb) + return ctx->verify_cb(0, ctx); return 0; } diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 4ab53322c5..ce99b5c345 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -325,7 +325,7 @@ Send encrypted mail using triple DES: Sign and encrypt mail: openssl smime -sign -in ml.txt -signer my.pem -text \ - | openssl -encrypt -out mail.msg \ + | openssl smime -encrypt -out mail.msg \ -from steve@openssl.org -to someone@somewhere \ -subject "Signed and Encrypted message" -des3 user.pem From f1192b7f2e2b6683333ee99ff7def5bb413dc3d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 22 Sep 2000 21:39:33 +0000 Subject: [PATCH 21/28] Avoid protocol rollback. --- CHANGES | 10 ++++++++++ ssl/s23_srvr.c | 21 +++++++++++++-------- ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 26fb7f8a89..390c17e212 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,16 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) In ssl23_get_client_hello, generate an error message when faced + with an initial SSL 3.0/TLS record that is too small to contain the + first two bytes of the ClientHello message, i.e. client_version. + (Note that this is a pathologic case that probably has never happened + in real life.) The previous approach was to use the version number + from the record header as a subsitute; but our protocol choice + should not depend on that one because it is not authenticated + by the Finished messages. + [Bodo Moeller] + *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is not set then we don't setup the error code for issuer check errors to avoid possibly overwriting other errors which the callback does diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index a81544a1b6..050618235f 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s) * SSLv3 or tls1 header */ - v[0]=p[1]; /* major version */ + v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ /* We must look at client_version inside the Client Hello message - * to get the correct minor version: */ - v[1]=p[10]; - /* However if we have only a pathologically small fragment of the - * Client Hello message, we simply use the version from the - * record header -- this is incorrect but unlikely to fail in - * practice */ + * to get the correct minor version. + * However if we have only a pathologically small fragment of the + * Client Hello message, this would be difficult, we'd have + * to read at least one additional record to find out. + * This doesn't usually happen in real life, so we just complain + * for now. + */ if (p[3] == 0 && p[4] < 6) - v[1]=p[2]; + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); + goto err; + } + v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) diff --git a/ssl/ssl.h b/ssl/ssl.h index 6ffeca4d31..fdbdc70ba7 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 +#define SSL_R_RECORD_TOO_SMALL 1093 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 642c3f93e7..17b4caf528 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, {SSL_R_RECORD_TOO_LARGE ,"record too large"}, +{SSL_R_RECORD_TOO_SMALL ,"record too small"}, {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, From 5a5accdd643c95865c9f48cfedca974286167fe4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 22 Sep 2000 21:45:49 +0000 Subject: [PATCH 22/28] typo --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 390c17e212..b041211314 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,7 @@ first two bytes of the ClientHello message, i.e. client_version. (Note that this is a pathologic case that probably has never happened in real life.) The previous approach was to use the version number - from the record header as a subsitute; but our protocol choice + from the record header as a substitute; but our protocol choice should not depend on that one because it is not authenticated by the Finished messages. [Bodo Moeller] From 03dbae0d209be516e693102b9f64b16c9b19a3ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 23 Sep 2000 02:06:08 +0000 Subject: [PATCH 23/28] URL to "latest" Mingw release (which is almost a year old :() --- INSTALL.W32 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 2ef764a614..e30e8ee6c9 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -108,8 +108,8 @@ * Compiler installation: - Mingw32 is available from . GNU make is at + Mingw32 is available from . GNU make is at . Install both of them in C:\egcs-1.1.2 and run C:\egcs-1.1.2\mingw32.bat to set the PATH. From fc55bf3b201f07a0652cfcca50025227bd18ff68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 23 Sep 2000 05:04:19 +0000 Subject: [PATCH 24/28] tlhelp32.h is currently missing in Mingw32 (release 2.95.2 and 2.95.2-1) --- ms/tlhelp32.h | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 ms/tlhelp32.h diff --git a/ms/tlhelp32.h b/ms/tlhelp32.h new file mode 100644 index 0000000000..8f4222e34f --- /dev/null +++ b/ms/tlhelp32.h @@ -0,0 +1,136 @@ +/* + tlhelp32.h - Include file for Tool help functions. + + Written by Mumit Khan + + This file is part of a free library for the Win32 API. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +*/ +#ifndef _TLHELP32_H +#define _TLHELP32_H +#ifdef __cplusplus +extern "C" { +#endif +#define HF32_DEFAULT 1 +#define HF32_SHARED 2 +#define LF32_FIXED 0x1 +#define LF32_FREE 0x2 +#define LF32_MOVEABLE 0x4 +#define MAX_MODULE_NAME32 255 +#define TH32CS_SNAPHEAPLIST 0x1 +#define TH32CS_SNAPPROCESS 0x2 +#define TH32CS_SNAPTHREAD 0x4 +#define TH32CS_SNAPMODULE 0x8 +#define TH32CS_SNAPALL (TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE) +#define TH32CS_INHERIT 0x80000000 +typedef struct tagHEAPLIST32 { + DWORD dwSize; + DWORD th32ProcessID; + DWORD th32HeapID; + DWORD dwFlags; +} HEAPLIST32,*PHEAPLIST32,*LPHEAPLIST32; +typedef struct tagHEAPENTRY32 { + DWORD dwSize; + HANDLE hHandle; + DWORD dwAddress; + DWORD dwBlockSize; + DWORD dwFlags; + DWORD dwLockCount; + DWORD dwResvd; + DWORD th32ProcessID; + DWORD th32HeapID; +} HEAPENTRY32,*PHEAPENTRY32,*LPHEAPENTRY32; +typedef struct tagPROCESSENTRY32W { + DWORD dwSize; + DWORD cntUsage; + DWORD th32ProcessID; + DWORD th32DefaultHeapID; + DWORD th32ModuleID; + DWORD cntThreads; + DWORD th32ParentProcessID; + LONG pcPriClassBase; + DWORD dwFlags; + WCHAR szExeFile[MAX_PATH]; +} PROCESSENTRY32W,*PPROCESSENTRY32W,*LPPROCESSENTRY32W; +typedef struct tagPROCESSENTRY32 { + DWORD dwSize; + DWORD cntUsage; + DWORD th32ProcessID; + DWORD th32DefaultHeapID; + DWORD th32ModuleID; + DWORD cntThreads; + DWORD th32ParentProcessID; + LONG pcPriClassBase; + DWORD dwFlags; + CHAR szExeFile[MAX_PATH]; +} PROCESSENTRY32,*PPROCESSENTRY32,*LPPROCESSENTRY32; +typedef struct tagTHREADENTRY32 { + DWORD dwSize; + DWORD cntUsage; + DWORD th32ThreadID; + DWORD th32OwnerProcessID; + LONG tpBasePri; + LONG tpDeltaPri; + DWORD dwFlags; +} THREADENTRY32,*PTHREADENTRY32,*LPTHREADENTRY32; +typedef struct tagMODULEENTRY32W { + DWORD dwSize; + DWORD th32ModuleID; + DWORD th32ProcessID; + DWORD GlblcntUsage; + DWORD ProccntUsage; + BYTE *modBaseAddr; + DWORD modBaseSize; + HMODULE hModule; + WCHAR szModule[MAX_MODULE_NAME32 + 1]; + WCHAR szExePath[MAX_PATH]; +} MODULEENTRY32W,*PMODULEENTRY32W,*LPMODULEENTRY32W; +typedef struct tagMODULEENTRY32 { + DWORD dwSize; + DWORD th32ModuleID; + DWORD th32ProcessID; + DWORD GlblcntUsage; + DWORD ProccntUsage; + BYTE *modBaseAddr; + DWORD modBaseSize; + HMODULE hModule; + char szModule[MAX_MODULE_NAME32 + 1]; + char szExePath[MAX_PATH]; +} MODULEENTRY32,*PMODULEENTRY32,*LPMODULEENTRY32; +BOOL WINAPI Heap32First(LPHEAPENTRY32,DWORD,DWORD); +BOOL WINAPI Heap32ListFirst(HANDLE,LPHEAPLIST32); +BOOL WINAPI Heap32ListNext(HANDLE,LPHEAPLIST32); +BOOL WINAPI Heap32Next(LPHEAPENTRY32); +BOOL WINAPI Module32First(HANDLE,LPMODULEENTRY32); +BOOL WINAPI Module32FirstW(HANDLE,LPMODULEENTRY32W); +BOOL WINAPI Module32Next(HANDLE,LPMODULEENTRY32); +BOOL WINAPI Module32NextW(HANDLE,LPMODULEENTRY32W); +BOOL WINAPI Process32First(HANDLE,LPPROCESSENTRY32); +BOOL WINAPI Process32FirstW(HANDLE,LPPROCESSENTRY32W); +BOOL WINAPI Process32Next(HANDLE,LPPROCESSENTRY32); +BOOL WINAPI Process32NextW(HANDLE,LPPROCESSENTRY32W); +BOOL WINAPI Thread32First(HANDLE,LPTHREADENTRY32); +BOOL WINAPI Thread32Next(HANDLE,LPTHREADENTRY32); +BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD,LPCVOID,LPVOID,DWORD,LPDWORD); +HANDLE WINAPI CreateToolhelp32Snapshot(DWORD,DWORD); +#ifdef UNICODE +#define LPMODULEENTRY32 LPMODULEENTRY32W +#define LPPROCESSENTRY32 LPPROCESSENTRY32W +#define MODULEENTRY32 MODULEENTRY32W +#define Module32First Module32FirstW +#define Module32Next Module32NextW +#define PMODULEENTRY32 PMODULEENTRY32W +#define PPROCESSENTRY32 PPROCESSENTRY32W +#define PROCESSENTRY32 PROCESSENTRY32W +#define Process32First Process32FirstW +#define Process32Next Process32NextW +#endif /* UNICODE */ +#ifdef __cplusplus +} +#endif +#endif /* _TLHELP32_H */ + From d49da3aa5b8475d70cb4fc43a55b4d8cc6b976a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 23 Sep 2000 05:17:40 +0000 Subject: [PATCH 25/28] Add some missing info. --- CHANGES | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index b041211314..221f7238cf 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,9 @@ by the Finished messages. [Bodo Moeller] + *) More robust randomness gathering functions for Windows. + [Jeffrey Altman ] + *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is not set then we don't setup the error code for issuer check errors to avoid possibly overwriting other errors which the callback does @@ -63,6 +66,7 @@ *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). + [Bodo Möller] *) Add DSO method for VMS. [Richard Levitte] @@ -296,7 +300,7 @@ [Steve Henson] *) Changes needed for Tandem NSK. - [Scott Uroff scott@xypro.com] + [Scott Uroff ] *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in RSA_padding_check_SSLv23(), special padding was never detected From bb28bcdf987ed9a5599de7e14be6c1e900dad4d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 23 Sep 2000 05:19:16 +0000 Subject: [PATCH 26/28] Workaround for tlhelp32.h: place the missing header file in outinc --- ms/mingw32.bat | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ms/mingw32.bat b/ms/mingw32.bat index 1726c55bcd..db70b8580e 100644 --- a/ms/mingw32.bat +++ b/ms/mingw32.bat @@ -76,6 +76,8 @@ rem Create files -- this can be skipped if using the GNU file utilities make -f ms/mingw32f.mak echo You can ignore the error messages above +copy ms\tlhelp32.h outinc + echo Building the libraries make -f ms/mingw32a.mak if errorlevel 1 goto end From 90d7fc1de4c0cf30758ee526c6a5ebab25f9fbed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 23 Sep 2000 05:46:41 +0000 Subject: [PATCH 27/28] tlhelp32.h --- STATUS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/STATUS b/STATUS index 14b2807c2a..91668316c1 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/22 06:15:10 $ + ______________ $Date: 2000/09/23 05:46:41 $ DEVELOPMENT STATE @@ -33,7 +33,7 @@ DSO method always DSO_METHOD_null [FIXED] CygWin32 - test failed MingW32 - failed - thelp32.h + thelp32.h [FIXED] aix-gcc (AIX 4.3.2) - passed VMS/Alpha - failed Some things were missing [FIXED] From 69431c29982d923a60a9429262c3bccc7496d196 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 23 Sep 2000 07:16:17 +0000 Subject: [PATCH 28/28] more manpage links. --- doc/crypto/EVP_OpenInit.pod | 2 +- doc/crypto/EVP_SealInit.pod | 2 +- doc/crypto/EVP_VerifyInit.pod | 1 + doc/crypto/evp.pod | 37 +++++++++++++++++++++++++++++++++++ doc/ssl/ssl.pod | 11 ++++++++--- 5 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 doc/crypto/evp.pod diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod index 1a3f2e410d..2e710da945 100644 --- a/doc/crypto/EVP_OpenInit.pod +++ b/doc/crypto/EVP_OpenInit.pod @@ -54,7 +54,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. =head1 SEE ALSO -L,L +L, L, L, L diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index f7f7613965..0451eb648a 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -67,7 +67,7 @@ with B set to NULL. =head1 SEE ALSO -L,L +L, L, L, L diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod index 76d893b53b..736a0f4a82 100644 --- a/doc/crypto/EVP_VerifyInit.pod +++ b/doc/crypto/EVP_VerifyInit.pod @@ -57,6 +57,7 @@ might. =head1 SEE ALSO +L, L, L, L, L, L, L, diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod new file mode 100644 index 0000000000..f089dd49a2 --- /dev/null +++ b/doc/crypto/evp.pod @@ -0,0 +1,37 @@ +=pod + +=head1 NAME + +evp - high-level cryptographic functions + +=head1 SYNOPSIS + + #include + +=head1 DESCRIPTION + +The EVP library provided a high-level interface to cryptographic +functions. + +BI<...> and BI<...> provide public key encryption +and decryption to implement digital "envelopes". + +The BI<...> and BI<...> functions implement +digital signatures. + +Symmetric encryption is available with the BI<...> +functions. The BI<...> functions provide message digests. + +Algorithms are loaded with OpenSSL_add_all_algorithms(3). + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 41d6114649..8ffe5904d5 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -625,12 +625,17 @@ connection defined in the B structure. L, L, L, L, -L, L, +L, L, +L, +L, L, L, +L, L, -L, L, +L, +L, +L, L, L, L, -L, +L, L, L, L, L, L