Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync w/ openssl 0.9.7c. shlib minor bump for libcrypto. 

(ERR_release_err_state_table() added)
This commit is contained in:
itojun 2003-11-04 23:54:26 +00:00
parent 385718bc5c
commit aec01dda91
39 changed files with 350 additions and 437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
crypto/dist/openssl/CHANGES vendored
View File

@ -2,6 +2,57 @@
OpenSSL CHANGES
_______________
Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
[Steve Henson]
*) New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.
[Steve Henson]
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
[Steve Henson]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
*) Change AES_cbc_encrypt() so it outputs exact multiple of
blocks during encryption.
[Richard Levitte]
*) Various fixes to base64 BIO and non blocking I/O. On write
flushes were not handled properly if the BIO retried. On read
data was not being buffered properly and had various logic bugs.
This also affects blocking I/O when the data being decoded is a
certain size.
[Steve Henson]
*) Various S/MIME bugfixes and compatibility changes:
output correct application/pkcs7 MIME type if
PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
of files as .eml work). Correctly handle very long lines in MIME
parser.
[Steve Henson]
Changes between 0.9.7a and 0.9.7b [10 Apr 2003]
*) Countermeasure against the Klima-Pokorny-Rosa extension of
@ -120,6 +171,9 @@
Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
[NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
OpenSSL 0.9.7.]
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
code (06) was taken as the first octet of the session ID and the last
octet was ignored consequently. As a result SSLv2 client side session
@ -1938,6 +1992,57 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
[Steve Henson]
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
[Steve Henson]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
*) Countermeasure against the Klima-Pokorny-Rosa extension of
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
a protocol version number mismatch like a decryption error
in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
[Bodo Moeller]
*) Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases.
[Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
*) Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway). Make RSA blinding thread-safe
by remembering the creator's thread ID in rsa->blinding and
having all other threads use local one-time blinding factors
(this requires more computation than sharing rsa->blinding, but
avoids excessive locking; and if an RSA object is not shared
between threads, blinding will still be very fast).
[Bodo Moeller]
Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
*) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

2
crypto/dist/openssl/FAQ vendored
View File

@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.7b was released on April 10, 2003.
OpenSSL 0.9.7c was released on September 30, 2003.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:

10
crypto/dist/openssl/apps/progs.h vendored
View File

@ -90,9 +90,7 @@ FUNCTION functions[] = {
{FUNC_TYPE_MD,"md5",dgst_main},
{FUNC_TYPE_MD,"sha",dgst_main},
{FUNC_TYPE_MD,"sha1",dgst_main},
#ifndef OPENSSL_NO_MDC2
{FUNC_TYPE_MD,"mdc2",dgst_main},
#endif
{FUNC_TYPE_MD,"rmd160",dgst_main},
{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
@ -104,17 +102,13 @@ FUNCTION functions[] = {
{FUNC_TYPE_CIPHER,"des",enc_main},
{FUNC_TYPE_CIPHER,"des3",enc_main},
{FUNC_TYPE_CIPHER,"desx",enc_main},
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea",enc_main},
#endif
{FUNC_TYPE_CIPHER,"rc4",enc_main},
{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
{FUNC_TYPE_CIPHER,"rc2",enc_main},
{FUNC_TYPE_CIPHER,"bf",enc_main},
{FUNC_TYPE_CIPHER,"cast",enc_main},
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5",enc_main},
#endif
{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
{FUNC_TYPE_CIPHER,"des-ede",enc_main},
{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
@ -127,12 +121,10 @@ FUNCTION functions[] = {
{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
#endif
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
@ -148,11 +140,9 @@ FUNCTION functions[] = {
{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
#endif
{0,NULL,NULL}
};

6
crypto/dist/openssl/apps/s_apps.h vendored
View File

@ -112,13 +112,7 @@
#include <sys/types.h>
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_MSDOS
#define _kbhit kbhit
#endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */

4
crypto/dist/openssl/apps/smime.c vendored
View File

@ -168,6 +168,10 @@ int MAIN(int argc, char **argv)
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
else if (!strcmp (*args, "-nooldmime"))
flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
flags |= PKCS7_CRLFEOL;
else if (!strcmp (*args, "-crl_check"))
store_flags |= X509_V_FLAG_CRL_CHECK;
else if (!strcmp (*args, "-crl_check_all"))

2
crypto/dist/openssl/crypto/aes/aes.h vendored
View File

@ -98,7 +98,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num);
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char counter[AES_BLOCK_SIZE],
unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num);

2
crypto/dist/openssl/crypto/asn1/a_mbstr.c vendored
View File

@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg)
static int out_utf8(unsigned long value, void *arg)
{
long *outlen;
int *outlen;
outlen = arg;
*outlen += UTF8_putc(NULL, -1, value);
return 1;

5
crypto/dist/openssl/crypto/asn1/a_strnid.c vendored
View File

@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
/* Now the tables and helper functions for the string table:
*/
/* size limits: this stuff is taken straight from RFC2459 */
/* size limits: this stuff is taken straight from RFC3280 */
#define ub_name 32768
#define ub_common_name 64
@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
#define ub_organization_unit_name 64
#define ub_title 64
#define ub_email_address 128
#define ub_serial_number 64
/* This table must be kept in NID order */
@ -170,6 +172,7 @@ static ASN1_STRING_TABLE tbl_standard[] = {
{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},

55
crypto/dist/openssl/crypto/bio/bss_bio.c vendored
View File

@ -1,4 +1,57 @@
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Special method for a BIO where the other endpoint is also a BIO
* of this kind, handled by the same thread (i.e. the "peer" is actually
@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_C_DESTROY_BIO_PAIR:
/* Effects both BIOs in the pair -- call just once!
/* Affects both BIOs in the pair -- call just once!
* Or let BIO_free(bio1); BIO_free(bio2); do the job. */
bio_destroy_pair(bio);
ret = 1;

21
crypto/dist/openssl/crypto/bio/bss_file.c vendored
View File

@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown=(int)num&BIO_CLOSE;
b->ptr=(char *)ptr;
b->init=1;
#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
/* Set correct text/binary mode */
#if defined(OPENSSL_SYS_WINDOWS)
if (num & BIO_FP_TEXT)
_setmode(fileno((FILE *)ptr),_O_TEXT);
else
_setmode(fileno((FILE *)ptr),_O_BINARY);
#elif defined(OPENSSL_SYS_MSDOS)
{
int fd = fileno((FILE*)ptr);
/* Set correct text/binary mode */
if (num & BIO_FP_TEXT)
_setmode(fd,_O_TEXT);
/* Dangerous to set stdin/stdout to raw (unless redirected) */
else
{
if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
{
if (isatty(fd) <= 0)
_setmode(fd,_O_BINARY);
}
else
_setmode(fd,_O_BINARY);
}
}
#elif defined(OPENSSL_SYS_OS2)
if (num & BIO_FP_TEXT)
setmode(fileno((FILE *)ptr), O_TEXT);

3
crypto/dist/openssl/crypto/des/des_locl.h vendored
View File

@ -61,9 +61,6 @@
#include <openssl/e_os2.h>
#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
#define OPENSSL_SYS_MSDOS
#endif
#include <stdio.h>
#include <stdlib.h>

2
crypto/dist/openssl/crypto/des/destest.c vendored
View File

@ -425,7 +425,7 @@ int main(int argc, char *argv[])
#ifndef LIBDES_LIT
printf("Doing ede ecb\n");
for (i=0; i<(NUM_TESTS-1); i++)
for (i=0; i<(NUM_TESTS-2); i++)
{
DES_set_key_unchecked(&key_data[i],&ks);
DES_set_key_unchecked(&key_data[i+1],&ks2);

6
crypto/dist/openssl/crypto/dso/dso_dlfcn.c vendored
View File

@ -125,7 +125,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
# endif
# endif
#else
# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
# ifdef OPENSSL_SYS_SUNOS
# define DLOPEN_FLAG 1
# else
# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
# endif
#endif
/* For this DSO_METHOD, our meth_data STACK will contain;

8
crypto/dist/openssl/crypto/engine/engine.h vendored
View File

@ -520,10 +520,10 @@ void ENGINE_add_conf_module(void);
/**************************/
/* Binary/behaviour compatibility levels */
#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100
#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200
/* Binary versions older than this are too old for us (whether we're a loader or
* a loadee) */
#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100
#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200
/* When compiling an ENGINE entirely as an external shared library, loadable by
* the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
@ -612,6 +612,10 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
if(!fn(e,id)) return 0; \
return 1; }
#if defined(__OpenBSD__) || defined(__FreeBSD__)
void ENGINE_setup_bsd_cryptodev(void);
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.

26
crypto/dist/openssl/crypto/engine/vendor_defns/cswift.h vendored
View File

@ -32,19 +32,10 @@ typedef __uint32_t SW_U32;
typedef unsigned long SW_U32; /* 32 bit integer */
#endif
#if defined(OPENSSL_SYS_WIN32)
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
typedef longlong SW_U64
#else /* Unix variants */
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#endif
/* status codes */
#define SW_OK (0L)
@ -156,26 +147,9 @@ typedef struct _SW_LARGENUMBER {
/* bytes in network (big endian) order */
} SW_LARGENUMBER;
#if defined(OPENSSL_SYS_WIN32)
#include <windows.h>
typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
#define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
#define SW_CALLCONV _stdcall
#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
/* async callback mechanisms */
/* swiftCallbackLevel */
#define SW_MAC_CALLBACK_LEVEL_NO 0
#define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */
#define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */
typedef int SW_MAC_CALLBACK_LEVEL;
typedef int SW_OSHANDLE;
#define SW_OS_INVALID_HANDLE (-1)
#define SW_CALLCONV
#else /* Unix variants */
typedef int SW_OSHANDLE; /* handle to driver */
#define SW_OS_INVALID_HANDLE (-1)
#define SW_CALLCONV
#endif
typedef struct _SW_CRT {
SW_LARGENUMBER p; /* prime number p */

15
crypto/dist/openssl/crypto/engine/vendor_defns/hw_4758_cca.h vendored
View File

@ -12,20 +12,6 @@
/*
* Only WIN32 support for now
*/
#if defined(WIN32)
#define CCA_LIB_NAME "CSUNSAPI"
#define CSNDPKX "CSNDPKX_32"
#define CSNDKRR "CSNDKRR_32"
#define CSNDPKE "CSNDPKE_32"
#define CSNDPKD "CSNDPKD_32"
#define CSNDDSV "CSNDDSV_32"
#define CSNDDSG "CSNDDSG_32"
#define CSNBRNG "CSNBRNG_32"
#define SECURITYAPI __stdcall
#else
/* Fixme!!
Find out the values of these constants for other platforms.
*/
@ -40,7 +26,6 @@
#define CSNBRNG "CSNBRNG"
#define SECURITYAPI
#endif
/*
* security API prototypes

4
crypto/dist/openssl/crypto/engine/vendor_defns/sureware.h vendored
View File

@ -17,11 +17,7 @@
*
*
*/
#ifdef WIN32
#define SW_EXPORT __declspec ( dllexport )
#else
#define SW_EXPORT
#endif
/*
* List of exposed SureWare errors

42
crypto/dist/openssl/crypto/err/err.c vendored
View File

@ -225,6 +225,7 @@ struct st_ERR_FNS
ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
/* Works on the "thread_hash" error-state table */
LHASH *(*cb_thread_get)(int create);
void (*cb_thread_release)(LHASH **hash);
ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
void (*cb_thread_del_item)(const ERR_STATE *);
@ -239,6 +240,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
static LHASH *int_thread_get(int create);
static void int_thread_release(LHASH **hash);
static ERR_STATE *int_thread_get_item(const ERR_STATE *);
static ERR_STATE *int_thread_set_item(ERR_STATE *);
static void int_thread_del_item(const ERR_STATE *);
@ -252,6 +254,7 @@ static const ERR_FNS err_defaults =
int_err_set_item,
int_err_del_item,
int_thread_get,
int_thread_release,
int_thread_get_item,
int_thread_set_item,
int_thread_del_item,
@ -271,6 +274,7 @@ static const ERR_FNS *err_fns = NULL;
* and state in the loading application. */
static LHASH *int_error_hash = NULL;
static LHASH *int_thread_hash = NULL;
static int int_thread_hash_references = 0;
static int int_err_library_number= ERR_LIB_USER;
/* Internal function that checks whether "err_fns" is set and if not, sets it to
@ -417,11 +421,37 @@ static LHASH *int_thread_get(int create)
CRYPTO_pop_info();
}
if (int_thread_hash)
{
int_thread_hash_references++;
ret = int_thread_hash;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
return ret;
}
static void int_thread_release(LHASH **hash)
{
int i;
if (hash == NULL || *hash == NULL)
return;
i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
#ifdef REF_PRINT
fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"int_thread_release, bad reference count\n");
abort(); /* ok */
}
#endif
*hash = NULL;
}
static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
{
ERR_STATE *p;
@ -436,6 +466,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
p = (ERR_STATE *)lh_retrieve(hash, d);
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
return p;
}
@ -453,6 +484,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d)
p = (ERR_STATE *)lh_insert(hash, d);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
return p;
}
@ -469,13 +501,15 @@ static void int_thread_del_item(const ERR_STATE *d)
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
p = (ERR_STATE *)lh_delete(hash, d);
/* make sure we don't leak memory */
if (int_thread_hash && (lh_num_items(int_thread_hash) == 0))
if (int_thread_hash_references == 1
&& int_thread_hash && (lh_num_items(int_thread_hash) == 0))
{
lh_free(int_thread_hash);
int_thread_hash = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
if (p)
ERR_STATE_free(p);
}
@ -845,6 +879,12 @@ LHASH *ERR_get_err_state_table(void)
return ERRFN(thread_get)(0);
}
void ERR_release_err_state_table(LHASH **hash)
{
err_fns_check();
ERRFN(thread_release)(hash);
}
const char *ERR_lib_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p;

1
crypto/dist/openssl/crypto/err/err.h vendored
View File

@ -263,6 +263,7 @@ ERR_STATE *ERR_get_state(void);
LHASH *ERR_get_string_table(void);
LHASH *ERR_get_err_state_table(void);
void ERR_release_err_state_table(LHASH **hash);
int ERR_get_next_error_library(void);

2
crypto/dist/openssl/crypto/md2/md2test.c vendored
View File

@ -59,7 +59,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/md2.h>
#include "../e_os.h"
@ -71,6 +70,7 @@ int main(int argc, char *argv[])
}
#else
#include <openssl/evp.h>
#include <openssl/md2.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>

105
crypto/dist/openssl/crypto/pkcs7/pk7_mime.c vendored
View File

@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -101,7 +101,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a,
static void mime_param_free(MIME_PARAM *param);
static int mime_bound_check(char *line, int linelen, char *bound, int blen);
static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
static int iscrlf(char c);
static int strip_eol(char *linebuf, int *plen);
static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
static void mime_hdr_free(MIME_HEADER *hdr);
@ -150,9 +150,17 @@ static PKCS7 *B64_read_PKCS7(BIO *bio)
int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
{
char linebuf[MAX_SMLEN];
char bound[33], c;
int i;
char *mime_prefix, *mime_eol;
if (flags & PKCS7_NOOLDMIMETYPE)
mime_prefix = "application/pkcs7-";
else
mime_prefix = "application/x-pkcs7-";
if (flags & PKCS7_CRLFEOL)
mime_eol = "\r\n";
else
mime_eol = "\n";
if((flags & PKCS7_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
@ -164,34 +172,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
bound[i] = c;
}
bound[32] = 0;
BIO_printf(bio, "MIME-Version: 1.0\n");
BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Type: multipart/signed;");
BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
BIO_printf(bio, "This is an S/MIME signed message\n\n");
BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
bound, mime_eol, mime_eol);
BIO_printf(bio, "This is an S/MIME signed message%s%s",
mime_eol, mime_eol);
/* Now write out the first part */
BIO_printf(bio, "------%s\n", bound);
if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
BIO_write(bio, linebuf, i);
BIO_printf(bio, "\n------%s\n", bound);
BIO_printf(bio, "------%s%s", bound, mime_eol);
SMIME_crlf_copy(data, bio, flags);
BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
/* Headers for signature */
BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
mime_eol);
BIO_printf(bio, "Content-Disposition: attachment;");
BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
mime_eol, mime_eol);
B64_write_PKCS7(bio, p7);
BIO_printf(bio,"\n------%s--\n\n", bound);
BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
mime_eol, mime_eol);
return 1;
}
/* MIME headers */
BIO_printf(bio, "MIME-Version: 1.0\n");
BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Disposition: attachment;");
BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
mime_eol, mime_eol);
B64_write_PKCS7(bio, p7);
BIO_printf(bio, "\n");
BIO_printf(bio, "%s", mime_eol);
return 1;
}
@ -316,12 +332,9 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
}
if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
eol = 0;
while(iscrlf(linebuf[len - 1])) {
len--;
eol = 1;
}
BIO_write(out, linebuf, len);
eol = strip_eol(linebuf, &len);
if (len)
BIO_write(out, linebuf, len);
if(eol) BIO_write(out, "\r\n", 2);
}
return 1;
@ -364,6 +377,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
{
char linebuf[MAX_SMLEN];
int len, blen;
int eol = 0, next_eol = 0;
BIO *bpart = NULL;
STACK_OF(BIO) *parts;
char state, part, first;
@ -383,26 +397,23 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
sk_BIO_push(parts, bpart);
return 1;
} else if(part) {
/* Strip CR+LF from linebuf */
next_eol = strip_eol(linebuf, &len);
if(first) {
first = 0;
if(bpart) sk_BIO_push(parts, bpart);
bpart = BIO_new(BIO_s_mem());
} else BIO_write(bpart, "\r\n", 2);
/* Strip CR+LF from linebuf */
while(iscrlf(linebuf[len - 1])) len--;
BIO_write(bpart, linebuf, len);
BIO_set_mem_eof_return(bpart, 0);
} else if (eol)
BIO_write(bpart, "\r\n", 2);
eol = next_eol;
if (len)
BIO_write(bpart, linebuf, len);
}
}
return 0;
}
static int iscrlf(char c)
{
if(c == '\r' || c == '\n') return 1;
return 0;
}
/* This is the big one: parse MIME header lines up to message body */
#define MIME_INVALID 0
@ -683,3 +694,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen)
}
return 0;
}
static int strip_eol(char *linebuf, int *plen)
{
int len = *plen;
char *p, c;
int is_eol = 0;
p = linebuf + len - 1;
for (p = linebuf + len - 1; len > 0; len--, p--)
{
c = *p;
if (c == '\n')
is_eol = 1;
else if (c != '\r')
break;
}
*plen = len;
return is_eol;
}

2
crypto/dist/openssl/crypto/pkcs7/pk7_smime.c vendored
View File

@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

2
crypto/dist/openssl/crypto/pkcs7/pkcs7.h vendored
View File

@ -254,6 +254,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
#define PKCS7_BINARY 0x80
#define PKCS7_NOATTR 0x100
#define PKCS7_NOSMIMECAP 0x200
#define PKCS7_NOOLDMIMETYPE 0x400
#define PKCS7_CRLFEOL 0x800
/* Flags: for compatibility with older code */

10
crypto/dist/openssl/crypto/rand/rand_lcl.h vendored
View File

@ -116,17 +116,7 @@
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
#define USE_SHA1_RAND
#elif !defined(OPENSSL_NO_MD5)
#define USE_MD5_RAND
#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
#define USE_MDC2_RAND
#elif !defined(OPENSSL_NO_MD2)
#define USE_MD2_RAND
#else
#error No message digest algorithm available
#endif
#endif
#include <openssl/evp.h>

11
crypto/dist/openssl/crypto/rsa/rsa.h vendored
View File

@ -152,11 +152,6 @@ struct rsa_st
#define RSA_FLAG_CACHE_PUBLIC 0x02
#define RSA_FLAG_CACHE_PRIVATE 0x04
#define RSA_FLAG_BLINDING 0x08
#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
* RSA implementation now uses blinding by
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
#define RSA_FLAG_THREAD_SAFE 0x10
/* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
@ -169,6 +164,12 @@ struct rsa_st
*/
#define RSA_FLAG_SIGN_VER 0x40
#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
* RSA implementation now uses blinding by
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3

2
crypto/dist/openssl/crypto/rsa/rsa_eay.c vendored
View File

@ -484,6 +484,8 @@ err:
if (ctx != NULL) BN_CTX_free(ctx);
BN_clear_free(&f);
BN_clear_free(&ret);
if (local_blinding)
BN_BLINDING_free(blinding);
if (buf != NULL)
{
OPENSSL_cleanse(buf,num);

8
crypto/dist/openssl/crypto/rsa/rsa_lib.c vendored
View File

@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa)
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
{
BIGNUM *A,*Ai;
BIGNUM *A,*Ai = NULL;
BN_CTX *ctx;
int ret=0;
@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
else
ctx=p_ctx;
/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
if (rsa->blinding != NULL)
{
BN_BLINDING_free(rsa->blinding);
rsa->blinding = NULL;
}
/* NB: similar code appears in setup_blinding (rsa_eay.c);
* this should be placed in a new function of its own, but for reasons
@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
rsa->blinding->thread_id = CRYPTO_thread_id();
rsa->flags |= RSA_FLAG_BLINDING;
rsa->flags &= ~RSA_FLAG_NO_BLINDING;
BN_free(Ai);
ret=1;
err:
if (Ai != NULL) BN_free(Ai);
BN_CTX_end(ctx);
if (ctx != p_ctx) BN_CTX_free(ctx);
return(ret);

1
crypto/dist/openssl/crypto/x509/x509_trs.c vendored
View File

@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = {
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
};

4
crypto/dist/openssl/crypto/x509/x509_vfy.c vendored
View File

@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
return 1;
if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
last = 0;
else
last = sk_X509_num(ctx->chain) - 1;
else
last = 0;
for(i = 0; i <= last; i++)
{
ctx->error_depth = i;

18
crypto/dist/openssl/demos/engines/ibmca/ica_openssl_api.h vendored
View File

@ -158,31 +158,13 @@ icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
#if (_AIX)
static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
#elif (WIN32)
static const char *IBMCA_LIBNAME = "cryptica";
#else
static const char *IBMCA_LIBNAME = "ica";
#endif
#if (WIN32)
/*
The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
offsets must be in big-endian format.
*/
#define CORRECT_ENDIANNESS(b) ( \
(((unsigned long) (b) & 0x000000ff) << 24) | \
(((unsigned long) (b) & 0x0000ff00) << 8) | \
(((unsigned long) (b) & 0x00ff0000) >> 8) | \
(((unsigned long) (b) & 0xff000000) >> 24) \
)
#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
#else
#define CORRECT_ENDIANNESS(b) (b)
#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
#define ME_KEY_TYPE KEYTYPE_MODEXPO
#endif

2
crypto/dist/openssl/demos/engines/zencod/hw_zencod.h vendored
View File

@ -46,7 +46,7 @@ typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
/*
* Key managment tools
* Key management tools
*/
typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);

8
crypto/dist/openssl/doc/apps/ca.pod vendored
View File

@ -359,7 +359,7 @@ the same as the B<-md> option. The message digest to use. Mandatory.
the text database file to use. Mandatory. This file must be present
though initially it will be empty.
=item B<serialfile>
=item B<serial>
a text file containing the next serial number to use in hex. Mandatory.
This file must be present and contain a valid serial number.
@ -400,7 +400,7 @@ here, except the B<no_signame> and B<no_sigdump> are permanently set
and cannot be disabled (this is because the certificate signature cannot
be displayed because the certificate has not been signed at this point).
For convenience the values B<default_ca> are accepted by both to produce
For convenience the values B<ca_default> are accepted by both to produce
a reasonable output.
If neither option is present the format used in earlier versions of
@ -513,8 +513,8 @@ A sample configuration file with the relevant sections for B<ca>:
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
nameopt = default_ca # Subject name display option
certopt = default_ca # Certificate display option
nameopt = ca_default # Subject name display option
certopt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]

2
crypto/dist/openssl/doc/apps/s_client.pod vendored
View File

@ -168,7 +168,7 @@ command for more information.
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
supported keyword is "smtp".
supported keywords are "smtp" and "pop3".
=item B<-engine id>

263
crypto/dist/openssl/e_os.h vendored
View File

@ -88,181 +88,34 @@ extern "C" {
#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
#endif
#if defined(OPENSSL_SYS_VXWORKS)
# define NO_SYS_PARAM_H
# define NO_CHMOD
# define NO_SYSLOG
#endif
#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
# if macintosh==1
# ifndef MAC_OS_GUSI_SOURCE
# define MAC_OS_pre_X
# define NO_SYS_TYPES_H
typedef long ssize_t;
# endif
# define NO_SYS_PARAM_H
# define NO_CHMOD
# define NO_SYSLOG
# undef DEVRANDOM
# define GETPID_IS_MEANINGLESS
# endif
#endif
/********************************************************************
The Microsoft section
********************************************************************/
/* The following is used becaue of the small stack in some
* Microsoft operating systems */
#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
# define MS_STATIC static
#else
# define MS_STATIC
#endif
#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
# define WIN32
#endif
#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
# define WIN16
#endif
#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
# define WINDOWS
#endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
# define MSDOS
#endif
#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
# define GETPID_IS_MEANINGLESS
#endif
#ifdef WIN32
#define get_last_sys_error() GetLastError()
#define clear_sys_error() SetLastError(0)
#if !defined(WINNT)
#define WIN_CONSOLE_BUG
#endif
#else
#define get_last_sys_error() errno
#define clear_sys_error() errno=0
#endif
#if defined(WINDOWS)
#define get_last_socket_error() WSAGetLastError()
#define clear_socket_error() WSASetLastError(0)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
#define EADDRINUSE WSAEADDRINUSE
#elif defined(__DJGPP__)
#define WATT32
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define closesocket(s) close_s(s)
#define readsocket(s,b,n) read_s(s,b,n)
#define writesocket(s,b,n) send(s,b,n,0)
#elif defined(MAC_OS_pre_X)
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define closesocket(s) MacSocket_close(s)
#define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true)
#define writesocket(s,b,n) MacSocket_send((s),(b),(n))
#elif defined(OPENSSL_SYS_VMS)
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define ioctlsocket(a,b,c) ioctl(a,b,c)
#define closesocket(s) close(s)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
#else
#define get_last_socket_error() errno
#define clear_socket_error() errno=0
#define ioctlsocket(a,b,c) ioctl(a,b,c)
#define closesocket(s) close(s)
#define readsocket(s,b,n) read((s),(b),(n))
#define writesocket(s,b,n) write((s),(b),(n))
#endif
#ifdef WIN16
# define OPENSSL_NO_FP_API
# define MS_CALLBACK _far _loadds
# define MS_FAR _far
#else
# define MS_CALLBACK
# define MS_FAR
#endif
#if (defined(WINDOWS) || defined(MSDOS))
# ifdef __DJGPP__
# include <unistd.h>
# include <sys/stat.h>
# include <sys/socket.h>
# include <tcp.h>
# include <netdb.h>
# define _setmode setmode
# define _O_TEXT O_TEXT
# define _O_BINARY O_BINARY
# endif /* __DJGPP__ */
# ifndef S_IFDIR
# define S_IFDIR _S_IFDIR
# endif
# ifndef S_IFMT
# define S_IFMT _S_IFMT
# endif
# if !defined(WINNT) && !defined(__DJGPP__)
# define NO_SYSLOG
# endif
# define NO_DIRENT
# ifdef WINDOWS
# include <windows.h>
# include <stddef.h>
# include <errno.h>
# include <string.h>
# include <malloc.h>
# endif
# include <io.h>
# include <fcntl.h>
# define ssize_t long
# if defined (__BORLANDC__)
# define _setmode setmode
# define _O_TEXT O_TEXT
# define _O_BINARY O_BINARY
# define _int64 __int64
# define _kbhit kbhit
# endif
# if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
# define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
# else
# define EXIT(n) return(n)
# endif
# define LIST_SEPARATOR_CHAR ';'
# ifndef X_OK
# define X_OK 0
# endif
# ifndef W_OK
# define W_OK 2
# endif
# ifndef R_OK
# define R_OK 4
# endif
# define OPENSSL_CONF "openssl.cnf"
# define SSLEAY_CONF OPENSSL_CONF
# define NUL_DEV "nul"
# define RFILE ".rnd"
# define DEFAULT_HOME "C:"
#else /* The non-microsoft world world */
/* !defined VMS */
# ifdef OPENSSL_UNISTD
@ -273,12 +126,6 @@ extern "C" {
# ifndef NO_SYS_TYPES_H
# include <sys/types.h>
# endif
# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
* (unless when compiling with -D_POSIX_SOURCE,
* which doesn't work for us) */
# define ssize_t int /* ditto */
# endif
# define OPENSSL_CONF "openssl.cnf"
# define SSLEAY_CONF OPENSSL_CONF
@ -289,77 +136,29 @@ extern "C" {
# define SSLeay_getpid() getpid()
#endif
/*************/
#ifdef USE_SOCKETS
# if defined(WINDOWS) || defined(MSDOS)
/* windows world */
# define SSLeay_Write(a,b,c) write_s(a,b,c,0)
# define SSLeay_Read(a,b,c) read_s(a,b,c)
# define SHUTDOWN(fd) close_s(fd)
# define SHUTDOWN2(fd) close_s(fd)
# elif defined(MAC_OS_pre_X)
# include "MacSocket.h"
# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c))
# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true)
# define SHUTDOWN(fd) MacSocket_close(fd)
# define SHUTDOWN2(fd) MacSocket_close(fd)
# else
# ifndef NO_SYS_PARAM_H
# include <sys/param.h>
# endif
# include <netdb.h>
# if defined(OPENSSL_SYS_VMS_NODECC)
# include <socket.h>
# include <in.h>
# include <inet.h>
# else
# include <sys/socket.h>
# ifdef FILIO_H
# include <sys/filio.h> /* Added for FIONBIO under unixware */
# endif
# include <netinet/in.h>
# include <arpa/inet.h>
# endif
# if defined(NeXT) || defined(_NEXT_SOURCE)
# include <sys/fcntl.h>
# include <sys/types.h>
# endif
# ifdef __QNX__
# include <sys/select.h>
# endif
# if defined(sun)
# include <sys/filio.h>
# else
# ifndef VMS
# include <sys/ioctl.h>
# else
/* ioctl is only in VMS > 7.0 and when socketshr is not used */
# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
# include <sys/ioctl.h>
# endif
# endif
# endif
# ifdef VMS
# include <unixio.h>
# if defined(TCPIP_TYPE_SOCKETSHR)
# include <socketshr.h>
# endif
# endif
# define SSLeay_Read(a,b,c) read((a),(b),(c))
# define SSLeay_Write(a,b,c) write((a),(b),(c))
@ -368,26 +167,9 @@ extern "C" {
# ifndef INVALID_SOCKET
# define INVALID_SOCKET (-1)
# endif /* INVALID_SOCKET */
# endif
#endif
#if defined(__ultrix)
# ifndef ssize_t
# define ssize_t int
# endif
#endif
#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
/* include headers first, so our defines don't break it */
#include <stdlib.h>
#include <string.h>
/* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
extern char *sys_errlist[]; extern int sys_nerr;
# define strerror(errnum) \
(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
#endif
#ifndef OPENSSL_EXIT
# if defined(MONOLITH) && !defined(OPENSSL_C)
@ -402,56 +184,13 @@ extern char *sys_errlist[]; extern int sys_nerr;
/* do we need to do this for getenv.
* Just define getenv for use under windows */
#ifdef WIN16
/* How to do this needs to be thought out a bit more.... */
/*char *GETENV(char *);
#define Getenv GETENV*/
#define Getenv getenv
#else
#define Getenv getenv
#endif
#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */
#ifdef sgi
#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */
#endif
#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
# include <io.h>
# include <fcntl.h>
# define NO_SYSLOG
# define strcasecmp stricmp
#endif
/* vxworks */
#if defined(OPENSSL_SYS_VXWORKS)
#include <ioLib.h>
#include <tickLib.h>
#include <sysLib.h>
#define TTY_STRUCT int
#define sleep(a) taskDelay((a) * sysClkRateGet())
#if defined(ioctlsocket)
#undef ioctlsocket
#endif
#define ioctlsocket(a,b,c) ioctl((a),(b),*(c))
#include <vxWorks.h>
#include <sockLib.h>
#include <taskLib.h>
#define getpid taskIdSelf
/* NOTE: these are implemented by helpers in database app!
* if the database is not linked, we need to implement them
* elswhere */
struct hostent *gethostbyname(const char *name);
struct hostent *gethostbyaddr(const char *addr, int length, int type);
struct servent *getservbyname(const char *name, const char *proto);
#endif
/* end vxworks */
#ifdef __cplusplus

10
crypto/dist/openssl/ssl/s3_srvr.c vendored
View File

@ -431,9 +431,7 @@ int ssl3_accept(SSL *s)
if (ret == 2)
s->state = SSL3_ST_SR_CLNT_HELLO_C;
else {
/* could be sent for a DH cert, even if we
* have not asked for it :-) */
if (s->s3->tmp.cert_request)
if (s->s3->tmp.cert_request)
{
ret=ssl3_get_client_certificate(s);
if (ret <= 0) goto end;
@ -847,9 +845,9 @@ static int ssl3_get_client_hello(SSL *s)
}
/* TLS does not mind if there is extra stuff */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
* (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
* in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
* (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
* in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
if (s->version == SSL3_VERSION)
{
if (p < (d+n))

4
crypto/dist/openssl/ssl/ssl_sess.c vendored
View File

@ -79,11 +79,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
/* Need to lock this all up rather than just use CRYPTO_add so that
* somebody doesn't free ssl->session between when we check it's
* non-null and when we up the reference count. */
CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
sess = ssl->session;
if(sess)
sess->references++;
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
return(sess);
}

6
distrib/sets/lists/base/shl.mi
View File

@ -1,8 +1,8 @@
# $NetBSD: shl.mi,v 1.242 2003/10/27 17:15:22 pooka Exp $
# $NetBSD: shl.mi,v 1.243 2003/11/04 23:54:27 itojun Exp $
# Note: libtermcap and libtermlib are hardlinked and share the same version.
./lib/libc.so.12.106 base-sys-shlib
./lib/libcrypt.so.0.1 base-sys-shlib
./lib/libcrypto.so.2.0 base-crypto-shlib
./lib/libcrypto.so.2.1 base-crypto-shlib
./lib/libedit.so.2.8 base-sys-shlib
./lib/libevent.so.0.1 base-sys-shlib
./lib/libipsec.so.2.0 base-net-shlib
@ -36,7 +36,7 @@
./usr/lib/libcdk.so.1.0 base-sys-shlib
./usr/lib/libcom_err.so.4.1 base-krb5-shlib
./usr/lib/libcrypt.so.0.1 base-sys-shlib
./usr/lib/libcrypto.so.2.0 base-crypto-shlib
./usr/lib/libcrypto.so.2.1 base-crypto-shlib
./usr/lib/libcurses.so.5.10 base-sys-shlib
./usr/lib/libdes.so.7.0 base-crypto-shlib
./usr/lib/libedit.so.2.8 base-sys-shlib

4
distrib/sets/lists/comp/obsolete.mi
View File

@ -1,4 +1,4 @@
# $NetBSD: obsolete.mi,v 1.101 2003/10/15 17:10:20 jmc Exp $
# $NetBSD: obsolete.mi,v 1.102 2003/11/04 23:54:27 itojun Exp $
./usr/bin/genclass
./usr/bin/gettextize
./usr/include/bfd
@ -770,7 +770,6 @@
./usr/share/man/cat3/list_next.0
./usr/share/man/cat3/list_remove.0
./usr/share/man/cat3/mdc2.0
./usr/share/man/cat3/pw_dup.0
./usr/share/man/cat3/rc4.0
./usr/share/man/cat3/regsterrpc.0
./usr/share/man/cat3/ripemd.0
@ -878,7 +877,6 @@
./usr/share/man/man3/list_next.3
./usr/share/man/man3/list_remove.3
./usr/share/man/man3/mdc2.3
./usr/share/man/man3/pw_dup.3
./usr/share/man/man3/rc4.3
./usr/share/man/man3/regsterrpc.3
./usr/share/man/man3/ripemd.3

4
lib/libcrypto/shlib_version
View File

@ -1,8 +1,8 @@
# $NetBSD: shlib_version,v 1.7 2003/07/24 14:16:33 itojun Exp $
# $NetBSD: shlib_version,v 1.8 2003/11/04 23:54:27 itojun Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
# Also remember to update lib/libdes/shlib_version when changing
# (since it just installs a symbolic link to libcrypto)
#
major=2
minor=0
minor=1