Changes between 0.9.6g and 0.9.6h [xx XXX xxxx]
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_client_method(), TLSv1_server_method().
+ [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+ *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+ the cached sessions are flushed, as the remove_cb() might use ex_data
+ contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+ (see [openssl.org #212]).
+ [Geoff Thorpe, Lutz Jaenicke]
+
*) Fix typo in OBJ_txt2obj which incorrectly passed the content
length, instead of the encoding length to d2i_ASN1_OBJECT.
[Steve Henson]
* Why does the linker complain about undefined symbols?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL test fail with "bc: stack empty"?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
for download instructions) can be safely used, for example.
+* Why does the OpenSSL test fail with "bc: stack empty"?
+
+On some DG/ux versions, bc seems to have a too small stack for calculations
+that the OpenSSL bntest throws at it. This gets triggered when you run the
+test suite (using "make test"). The message returned is "bc: stack empty".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
- collect2=`gcc -print-prog-name=collect2 2>&1` && \
- [ -n "$$collect2" ] && \
- my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+ my_ld=`gcc -print-prog-name=ld 2>&1` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man=`cd util; ./pod2mantest ignore`; \
+ @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
$!
$! Show user the result
$!
-$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
$!
$! Special Threads For OpenVMS v7.1 Or Later
$!
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
- }
- sk_X509_free(chain2);
- if (vret) {
+ /* Free first certificate */
+ X509_free(sk_X509_value(chain2, 0));
+ sk_X509_free(chain2);
+ } else {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto export_end;
}
sk_X509_pop_free(certs, X509_free);
certs = NULL;
- /* ucert is part of certs so it is already freed */
- ucert = NULL;
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
if (certs) sk_X509_pop_free(certs, X509_free);
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, char *str);
+static int ebcdic_puts(BIO *bp, const char *str);
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
static BIO_METHOD methods_ebcdic=
return(ret);
}
-static int ebcdic_write(BIO *b, char *in, int inl)
+static int ebcdic_write(BIO *b, const char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
int ret=0;
return(ret);
}
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret;
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
- int i, ret;
+ int i, ret=0;
if (bp->next_bio == NULL) return(0);
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i=0; i<size-1; ++i)
return (ret < 0 && i == 0) ? ret : i;
}
-static int ebcdic_puts(BIO *bp, char *str)
+static int ebcdic_puts(BIO *bp, const char *str)
{
if (bp->next_bio == NULL) return(0);
return ebcdic_write(bp, str, strlen(str));
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
-#ifdef TIMES
+#if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
{
ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret;
- if(!*out || !in) return -1;
+ if(!in) return -1;
type = in->type;
if((type < 0) || (type > 30)) return -1;
mbflag = tag2nbyte[type];
stmp.data = NULL;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
if(ret < 0) return ret;
- if(out) *out = stmp.data;
+ *out = stmp.data;
return stmp.length;
}
ts=(struct tm *)localtime(&t);
}
#endif
+ if (ts == NULL)
+ return(NULL);
p=(char *)s->data;
if ((p == NULL) || (s->length < 14))
{
"ssl_session",
"ssl_sess_cert",
"ssl",
+ /* "ssl_method", */
"rand",
"rand2",
"debug_malloc",
$!
$! Show user the result
$!
-$ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC
+$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
$!
$! Else The User Entered An Invalid Arguement.
$!
$!
$! Show user the result
$!
-$ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
$!
$! Time to check the contents, and to make sure we get the correct library.
$!
* names in cryptlib.c
*/
-#define CRYPTO_LOCK_ERR 1
-#define CRYPTO_LOCK_ERR_HASH 2
-#define CRYPTO_LOCK_X509 3
-#define CRYPTO_LOCK_X509_INFO 4
-#define CRYPTO_LOCK_X509_PKEY 5
+#define CRYPTO_LOCK_ERR 1
+#define CRYPTO_LOCK_ERR_HASH 2
+#define CRYPTO_LOCK_X509 3
+#define CRYPTO_LOCK_X509_INFO 4
+#define CRYPTO_LOCK_X509_PKEY 5
#define CRYPTO_LOCK_X509_CRL 6
#define CRYPTO_LOCK_X509_REQ 7
#define CRYPTO_LOCK_DSA 8
#define CRYPTO_LOCK_RSA 9
#define CRYPTO_LOCK_EVP_PKEY 10
-#define CRYPTO_LOCK_X509_STORE 11
-#define CRYPTO_LOCK_SSL_CTX 12
-#define CRYPTO_LOCK_SSL_CERT 13
-#define CRYPTO_LOCK_SSL_SESSION 14
-#define CRYPTO_LOCK_SSL_SESS_CERT 15
-#define CRYPTO_LOCK_SSL 16
-#define CRYPTO_LOCK_RAND 17
-#define CRYPTO_LOCK_RAND2 18
-#define CRYPTO_LOCK_MALLOC 19
-#define CRYPTO_LOCK_BIO 20
-#define CRYPTO_LOCK_GETHOSTBYNAME 21
-#define CRYPTO_LOCK_GETSERVBYNAME 22
-#define CRYPTO_LOCK_READDIR 23
-#define CRYPTO_LOCK_RSA_BLINDING 24
-#define CRYPTO_LOCK_DH 25
-#define CRYPTO_LOCK_MALLOC2 26
-#define CRYPTO_LOCK_DSO 27
-#define CRYPTO_LOCK_DYNLOCK 28
-#define CRYPTO_LOCK_ENGINE 29
-#define CRYPTO_NUM_LOCKS 30
+#define CRYPTO_LOCK_X509_STORE 11
+#define CRYPTO_LOCK_SSL_CTX 12
+#define CRYPTO_LOCK_SSL_CERT 13
+#define CRYPTO_LOCK_SSL_SESSION 14
+#define CRYPTO_LOCK_SSL_SESS_CERT 15
+#define CRYPTO_LOCK_SSL 16
+/* for binary compatibility between 0.9.6 minor versions,
+ * reuse an existing lock (later version use a new one): */
+# define CRYPTO_LOCK_SSL_METHOD CRYPTO_LOCK_SSL_CTX
+#define CRYPTO_LOCK_RAND 17
+#define CRYPTO_LOCK_RAND2 18
+#define CRYPTO_LOCK_MALLOC 19
+#define CRYPTO_LOCK_BIO 20
+#define CRYPTO_LOCK_GETHOSTBYNAME 21
+#define CRYPTO_LOCK_GETSERVBYNAME 22
+#define CRYPTO_LOCK_READDIR 23
+#define CRYPTO_LOCK_RSA_BLINDING 24
+#define CRYPTO_LOCK_DH 25
+#define CRYPTO_LOCK_MALLOC2 26
+#define CRYPTO_LOCK_DSO 27
+#define CRYPTO_LOCK_DYNLOCK 28
+#define CRYPTO_LOCK_ENGINE 29
+#define CRYPTO_NUM_LOCKS 30
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
#endif
#else
#define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
+#define CRYPTO_w_unlock(a)
#define CRYPTO_r_lock(a)
#define CRYPTO_r_unlock(a)
#define CRYPTO_add(a,b,c) ((*(a))+=(b))
+++ /dev/null
-/* General stuff */
-COPYRIGHT - Copyright info.
-MODES.DES - A description of the features of the different modes of DES.
-FILES - This file.
-INSTALL - How to make things compile.
-Imakefile - For use with kerberos.
-README - What this package is.
-VERSION - Which version this is and what was changed.
-KERBEROS - Kerberos version 4 notes.
-Makefile.PL - An old makefile to build with perl5, not current.
-Makefile.ssl - The SSLeay makefile
-Makefile.uni - The normal unix makefile.
-GNUmakefile - The makefile for use with glibc.
-makefile.bc - A Borland C makefile
-times - Some outputs from 'speed' on some machines.
-vms.com - For use when compiling under VMS
-
-/* My SunOS des(1) replacement */
-des.c - des(1) source code.
-des.man - des(1) manual.
-
-/* Testing and timing programs. */
-destest.c - Source for libdes.a test program.
-speed.c - Source for libdes.a timing program.
-rpw.c - Source for libdes.a testing password reading routines.
-
-/* libdes.a source code */
-des_crypt.man - libdes.a manual page.
-des.h - Public libdes.a header file.
-ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code.
-ecb3_enc.c - des_ecb3_encrypt() source.
-cbc_ckm.c - des_cbc_cksum() source.
-cbc_enc.c - des_cbc_encrypt() source.
-ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies
- the new iv values back in the passed iv vector.
-ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES.
-cbc3_enc.c - des_3cbc_encrypt() source, don't use this function.
-cfb_enc.c - des_cfb_encrypt() source.
-cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
- used as a stream cipher.
-cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
- used as a stream cipher and using triple DES.
-ofb_enc.c - des_cfb_encrypt() source.
-ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be
- used as a stream cipher.
-ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
- used as a stream cipher and using triple DES.
-enc_read.c - des_enc_read() source.
-enc_writ.c - des_enc_write() source.
-pcbc_enc.c - des_pcbc_encrypt() source.
-qud_cksm.c - quad_cksum() source.
-rand_key.c - des_random_key() source.
-read_pwd.c - Source for des_read_password() plus related functions.
-set_key.c - Source for des_set_key().
-str2key.c - Covert a string of any length into a key.
-fcrypt.c - A small, fast version of crypt(3).
-des_locl.h - Internal libdes.a header file.
-podd.h - Odd parity tables - used in des_set_key().
-sk.h - Lookup tables used in des_set_key().
-spr.h - What is left of the S tables - used in ecb_encrypt().
-des_ver.h - header file for the external definition of the
- version string.
-des.doc - SSLeay documentation for the library.
-
-/* The perl scripts - you can ignore these files they are only
- * included for the curious */
-des.pl - des in perl anyone? des_set_key and des_ecb_encrypt
- both done in a perl library.
-testdes.pl - Testing program for des.pl
-doIP - Perl script used to develop IP xor/shift code.
-doPC1 - Perl script used to develop PC1 xor/shift code.
-doPC2 - Generates sk.h.
-PC1 - Output of doPC1 should be the same as output from PC1.
-PC2 - used in development of doPC2.
-shifts.pl - Perl library used by my perl scripts.
-
-/* I started making a perl5 dynamic library for libdes
- * but did not fully finish, these files are part of that effort. */
-DES.pm
-DES.pod
-DES.xs
-t
-typemap
-
-/* The following are for use with sun RPC implementaions. */
-rpc_des.h
-rpc_enc.c
-
-/* The following are contibuted by Mark Murray <mark@grondar.za>. They
- * are not normally built into libdes due to machine specific routines
- * contained in them. They are for use in the most recent incarnation of
- * export kerberos v 4 (eBones). */
-supp.c
-new_rkey.c
-
-
memset(iv,0,sizeof(iv));
memset((char *)&ctx,0,sizeof(ctx));
memset(buf,0,PEM_BUFSIZE);
- memset(data,0,(unsigned int)dsize);
- OPENSSL_free(data);
+ if (data != NULL)
+ {
+ memset(data,0,(unsigned int)dsize);
+ OPENSSL_free(data);
+ }
return(ret);
}
/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
*/
-#if defined(WIN32) || defined(VMS) || defined(__VMS)
+#if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS)
int RAND_egd(const char *path)
{
return(-1);
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_start(3)|BN_CTX_start(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
L<BN_num_bytes(3)|BN_num_bytes(3)>
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DH_free(3)|DH_free(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
L<DH_generate_key(3)|DH_generate_key(3)>
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
L<DSA_sign(3)|DSA_sign(3)>
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_free(3)|DSA_free(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
L<DSA_generate_key(3)|DSA_generate_key(3)>
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
- int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
=head1 DESCRIPTION
EVP_SealInit() returns 0 on error or B<npubk> if successful.
-EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
-failure.
+EVP_SealUpdate() returns 1 for success and 0 for failure.
=head1 NOTES
=head1 SEE ALSO
-L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<RAND_add(3)|RAND_add(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_free(3)|RSA_free(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_size(3)|RSA_size(3)>
=head1 NOTES
=head1 SEE ALSO
-L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
=head1 HISTORY
=head1 SEE ALSO
-L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
Examples:
-subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
subjectAltName=email:my@other.address,RID:1.2.3.4
Issuer Alternative Name.
if (init)
{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&SSLv23_client_data,
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_client_data.ssl_connect=ssl23_connect;
SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_client_data);
}
if (init)
{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&SSLv23_server_data,
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_server_data.ssl_accept=ssl23_accept;
SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_server_data);
}
if (init)
{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_client_data.ssl_connect=ssl2_connect;
SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_client_data);
}
if (init)
{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_server_data.ssl_accept=ssl2_accept;
SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_server_data);
}
len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+ SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
goto end;
}
j = (int)len - s->init_num;
if (init)
{
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
sizeof(SSL_METHOD));
SSLv3_client_data.ssl_connect=ssl3_connect;
SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+ init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_client_data);
}
/* get the session-id */
j= *(p++);
- if(j > sizeof s->session->session_id)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
- }
-
- if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+ if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
{
- /* SSLref returns 16 :-( */
- if (j < SSL2_SSL_SESSION_ID_LENGTH)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
- goto f_err;
- }
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
}
if (j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
if(s->sid_ctx_length != s->session->sid_ctx_length
|| memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
{
+ /* actually a client application bug */
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
if (init)
{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
sizeof(SSL_METHOD));
SSLv3_server_data.ssl_accept=ssl3_accept;
SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_server_data);
}
$!
$! Show user the result
$!
-$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
$!
$! Else The User Entered An Invalid Arguement.
$!
abort(); /* ok */
}
#endif
+
+ /*
+ * Free internal session cache. However: the remove_cb() may reference
+ * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+ * after the sessions were flushed.
+ * As the ex_data handling routines might also touch the session cache,
+ * the most secure solution seems to be: empty (flush) the cache, then
+ * free ex_data, then finally free the cache.
+ * (See ticket [openssl.org #212].)
+ */
+ if (a->sessions != NULL)
+ SSL_CTX_flush_sessions(a,0);
+
CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
if (a->sessions != NULL)
- {
- SSL_CTX_flush_sessions(a,0);
- lh_free(a->sessions);
- }
+ lh_free(a->sessions);
+
if (a->cert_store != NULL)
X509_STORE_free(a->cert_store);
if (a->cipher_list != NULL)
if (init)
{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
sizeof(SSL_METHOD));
TLSv1_client_data.ssl_connect=ssl3_connect;
TLSv1_client_data.get_ssl_method=tls1_get_client_method;
init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&TLSv1_client_data);
}
if (init)
{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
sizeof(SSL_METHOD));
TLSv1_server_data.ssl_accept=ssl3_accept;
TLSv1_server_data.get_ssl_method=tls1_get_server_method;
init=0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&TLSv1_server_data);
}
$!
$! Show user the result
$!
-$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
$!
$! Else The User Entered An Invalid Arguement.
$!
IFS=:
-try_without_dir=false
+
+try_without_dir=true
# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
for dir in dummy:$PATH; do
if [ "$try_without_dir" = true ]; then
if [ ! "$pod2man" = '' ]; then
failure=none
+ if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
+ :
+ else
+ failure=BasicTest
+ fi
- if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
- failure=MultilineTest
+ if [ "$failure" = none ]; then
+ if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+ failure=MultilineTest
+ fi
fi
done
echo "No working pod2man found. Consider installing a new version." >&2
-if [ "$1" = ignore ]; then
- echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
- echo "../../util/pod2man.pl"
- exit 0
-fi
-exit 1
+echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+echo "$1 ../../util/pod2man.pl"
projects / openssl / commitdiff