aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssl/CHANGES13
-rwxr-xr-xcrypto/openssl/Configure4
-rw-r--r--crypto/openssl/FAQ2
-rw-r--r--crypto/openssl/FREEBSD-Xlist48
-rw-r--r--crypto/openssl/Makefile.org14
-rw-r--r--crypto/openssl/Makefile.ssl18
-rw-r--r--crypto/openssl/NEWS9
-rw-r--r--crypto/openssl/PROBLEMS8
-rw-r--r--crypto/openssl/README2
-rwxr-xr-xcrypto/openssl/apps/CA.pl2
-rw-r--r--crypto/openssl/apps/der_chop2
-rwxr-xr-xcrypto/openssl/config1
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c7
-rw-r--r--crypto/openssl/crypto/bio/b_print.c2
-rw-r--r--crypto/openssl/crypto/cryptlib.c8
-rw-r--r--crypto/openssl/crypto/cryptlib.h4
-rw-r--r--crypto/openssl/crypto/mem.c3
-rw-r--r--crypto/openssl/crypto/opensslv.h4
-rw-r--r--crypto/openssl/openssl.spec2
19 files changed, 92 insertions, 61 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index be4d128b834a..dc066c01315f 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,19 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
+
+ *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+ Alon Kantor <alonk@checkpoint.com> (and others),
+ Steve Henson]
+
+ *) Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()).
+ [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
*) Fix cipher selection routines: ciphers without encryption had no flags
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 871fb637d665..15cfbaa0331b 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -344,8 +344,8 @@ my %table=(
"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
+"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
index ad75299f8820..b49423960b5d 100644
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@@ -61,7 +61,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6e was released on 30 May, 2002.
+OpenSSL 0.9.6f was released on 8 August 2002.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
diff --git a/crypto/openssl/FREEBSD-Xlist b/crypto/openssl/FREEBSD-Xlist
index 2721c7a9f560..180281aecfb2 100644
--- a/crypto/openssl/FREEBSD-Xlist
+++ b/crypto/openssl/FREEBSD-Xlist
@@ -1,25 +1,29 @@
-$FreeBSD$
-*INSTALL.VMS
-*INSTALL.W32
-*VMS/
-*.bat
+INSTALL.MacOS
+INSTALL.VMS
+INSTALL.W32
+MacOS/
+VMS/
*.com
*/*.bat
*/*.com
-*apps/openssl-vms.cnf
-*crypto/bf/asm/b-win32.asm
-*crypto/bn/asm/bn-win32.asm
-*crypto/bn/asm/vms.mar
-*crypto/bn/asm/x86w16.asm
-*crypto/bn/asm/x86w32.asm
-*crypto/bn/vms-helper.c
-*crypto/cast/asm/c-win32.asm
-*crypto/des/asm/d-win32.asm
-*crypto/des/asm/y-win32.asm
-*crypto/des/des-lib.com
-*crypto/md5/asm/m5-win32.asm
-*crypto/rc4/asm/r4-win32.asm
-*crypto/rc5/asm/r5-win32.asm
-*crypto/ripemd/asm/rm-win32.asm
-*crypto/sha/asm/s1-win32.asm
-*ms/
+*/*/*.bat
+*/*/*.com
+apps/openssl-vms.cnf
+crypto/bn/asm/pa-risc2.s.old
+crypto/bn/asm/vms.mar
+crypto/bn/vms-helper.c
+crypto/dso/dso_vms.c
+crypto/dso/dso_win32.c
+crypto/threads/solaris.sh
+ms/
+rsaref/
+shlib/Makefile.hpux10-cc
+shlib/hpux10-cc.sh
+shlib/irix.sh
+shlib/solaris-sc4.sh
+shlib/solaris.sh
+shlib/sun.sh
+shlib/svr5-shared-gcc.sh
+shlib/svr5-shared-installed
+shlib/svr5-shared.sh
+util/cygwin.sh
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index 2ee1656498dd..72e986d667e2 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -247,7 +247,8 @@ link-shared:
for i in $(SHLIBDIRS); do \
prev=lib$$i$(SHLIB_EXT); \
for j in $${tmp:-x}; do \
- ( set -x; ln -f -s $$prev lib$$i$$j ); \
+ ( set -x; \
+ rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
prev=lib$$i$$j; \
done; \
done; \
@@ -676,7 +677,7 @@ install: all install_docs
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- make -f $$here/Makefile link-shared ); \
+ $(MAKE) -f $$here/Makefile link-shared ); \
fi
install_docs:
@@ -685,22 +686,23 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @for i in doc/apps/*.pod; do \
+ @pod2man=`cd ../../util; ./pod2mantest ignore`; \
+ for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+ sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
- done
+ done; \
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+ sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
index 4c1954d48d15..f6edb188f791 100644
--- a/crypto/openssl/Makefile.ssl
+++ b/crypto/openssl/Makefile.ssl
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.6e
+VERSION=0.9.6f
MAJOR=0
MINOR=9.6
SHLIB_VERSION_NUMBER=0.9.6
@@ -64,7 +64,7 @@ EX_LIBS=
EXE_EXT=
AR=ar r
RANLIB= /usr/bin/ranlib
-PERL= /usr/local/bin/perl5
+PERL= /usr/local/bin/perl
TAR= tar
TARFLAGS= --no-recursion
@@ -249,7 +249,8 @@ link-shared:
for i in $(SHLIBDIRS); do \
prev=lib$$i$(SHLIB_EXT); \
for j in $${tmp:-x}; do \
- ( set -x; ln -f -s $$prev lib$$i$$j ); \
+ ( set -x; \
+ rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
prev=lib$$i$$j; \
done; \
done; \
@@ -678,7 +679,7 @@ install: all install_docs
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- make -f $$here/Makefile link-shared ); \
+ $(MAKE) -f $$here/Makefile link-shared ); \
fi
install_docs:
@@ -687,22 +688,23 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @for i in doc/apps/*.pod; do \
+ @pod2man=`cd ../../util; ./pod2mantest ignore`; \
+ for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+ sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
- done
+ done; \
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+ sh -c "$(PERL) $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 0af2ded253c0..e597dcd213a8 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+
+ o Various important bugfixes.
+
+ Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+
+ o Important security related bugfixes.
+ o Various SSL/TLS library bugfixes.
+
Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
o Various SSL/TLS library bugfixes.
diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS
index f072449feca8..7e6af8ad4d87 100644
--- a/crypto/openssl/PROBLEMS
+++ b/crypto/openssl/PROBLEMS
@@ -32,3 +32,11 @@ may differ on your machine.
As long as Apple doesn't fix the problem with ld, this problem building
OpenSSL will remain as is.
+
+* Parallell make leads to errors
+
+While running tests, running a parallell make is a bad idea. Many test
+scripts use the same name for output and input files, which means different
+will interfere with each other and lead to test failure.
+
+The solution is simple for now: don't run parallell make when testing.
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 48d492ebf234..df4267cf0c89 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 0.9.6e 30 July 2002
+ OpenSSL 0.9.6f 8 August 2002
Copyright (c) 1998-2002 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
index 2f7655288728..f1ac7e772690 100755
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl5
+#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop
index fbd2889842e2..9070b032fc38 100644
--- a/crypto/openssl/apps/der_chop
+++ b/crypto/openssl/apps/der_chop
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl5
+#!/usr/local/bin/perl
#
# der_chop ... this is one total hack that Eric is really not proud of
# so don't look at it and don't ask for support
diff --git a/crypto/openssl/config b/crypto/openssl/config
index 4f7b41877fec..5f4ed18f0eca 100755
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@@ -392,6 +392,7 @@ if [ "$GCCVER" != "" ]; then
else
CC=cc
fi
+GCCVER=${GCCVER:-0}
if [ "$SYSTEM" = "HP-UX" ];then
# By default gcc is a ILP32 compiler (with long long == 64).
GCC_BITS="32"
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index a3681c0e23c7..e4a56a926af7 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
@@ -141,7 +142,7 @@ err:
static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
{
unsigned char *p= *pp;
- long ret=0;
+ unsigned long ret=0;
int i;
if (max-- < 1) return(0);
@@ -170,10 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
else
ret=i;
}
- if (ret < 0)
+ if (ret > LONG_MAX)
return 0;
*pp=p;
- *rl=ret;
+ *rl=(long)ret;
return(1);
}
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c
index 90011db54496..fa4e350a7f93 100644
--- a/crypto/openssl/crypto/bio/b_print.c
+++ b/crypto/openssl/crypto/bio/b_print.c
@@ -109,7 +109,7 @@
* o ... (for OpenSSL)
*/
-#if HAVE_LONG_DOUBLE
+#ifdef HAVE_LONG_DOUBLE
#define LDOUBLE long double
#else
#define LDOUBLE double
diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c
index 832c6c012d83..8fd2d4d26b82 100644
--- a/crypto/openssl/crypto/cryptlib.c
+++ b/crypto/openssl/crypto/cryptlib.c
@@ -491,11 +491,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
#endif
#endif
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
- {
- fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
- file,line,assertion);
- abort();
- }
-
diff --git a/crypto/openssl/crypto/cryptlib.h b/crypto/openssl/crypto/cryptlib.h
index 576cbd6e3596..075b79db0580 100644
--- a/crypto/openssl/crypto/cryptlib.h
+++ b/crypto/openssl/crypto/cryptlib.h
@@ -93,10 +93,6 @@ extern "C" {
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) ((sizeof(type)*2)
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
-
#ifdef __cplusplus
}
#endif
diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c
index 3b5b2bbc6814..9df2a367e7e2 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/openssl/crypto/mem.c
@@ -226,6 +226,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
{
void *ret = NULL;
+ if (str == NULL)
+ return CRYPTO_malloc(num, file, line);
+
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret = realloc_func(str,num);
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index 7ee8f76dc90e..f1465ece09b9 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090605fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6e 30 Jul 2002"
+#define OPENSSL_VERSION_NUMBER 0x0090606fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6f 8 Aug 2002"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec
index 7eb93ecaf8ac..dd22218984cb 100644
--- a/crypto/openssl/openssl.spec
+++ b/crypto/openssl/openssl.spec
@@ -1,7 +1,7 @@
%define libmaj 0
%define libmin 9
%define librel 6
-%define librev d
+%define librev f
Release: 1
%define openssldir /var/ssl