diff --git a/CHANGES b/CHANGES index 1df6bba112..d10e10f5db 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + 209. [cleanup] Upgraded openssl files to new version 0.9.5a + 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value of an isc_offset_t. diff --git a/lib/dns/sec/openssl/bn_err.c b/lib/dns/sec/openssl/bn_err.c index 3e94339922..47117b1609 100644 --- a/lib/dns/sec/openssl/bn_err.c +++ b/lib/dns/sec/openssl/bn_err.c @@ -54,7 +54,8 @@ */ /* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file. + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include diff --git a/lib/dns/sec/openssl/bn_mont.c b/lib/dns/sec/openssl/bn_mont.c index 4eea5d6a9f..cb3d245451 100644 --- a/lib/dns/sec/openssl/bn_mont.c +++ b/lib/dns/sec/openssl/bn_mont.c @@ -76,6 +76,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp,*tmp2; + int ret=0; BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); @@ -104,10 +105,10 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, } /* reduce from aRR to aR */ if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; - BN_CTX_end(ctx); - return(1); + ret=1; err: - return(0); + BN_CTX_end(ctx); + return(ret); } int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, diff --git a/lib/dns/sec/openssl/bn_mul.c b/lib/dns/sec/openssl/bn_mul.c index e511330ecd..86bebbee8f 100644 --- a/lib/dns/sec/openssl/bn_mul.c +++ b/lib/dns/sec/openssl/bn_mul.c @@ -64,6 +64,9 @@ #include "bn_lcl.h" #ifdef BN_RECURSION +/* Karatsuba recursive multiplication algorithm + * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ + /* r is 2*n2 words in size, * a and b are both n2 words in size. * n2 must be a power of 2. diff --git a/lib/dns/sec/openssl/dh_err.c b/lib/dns/sec/openssl/dh_err.c index 84deb6f5ec..b13e356200 100644 --- a/lib/dns/sec/openssl/dh_err.c +++ b/lib/dns/sec/openssl/dh_err.c @@ -54,7 +54,8 @@ */ /* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file. + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include diff --git a/lib/dns/sec/openssl/dsa_err.c b/lib/dns/sec/openssl/dsa_err.c index 47744ef0dc..06e233caa1 100644 --- a/lib/dns/sec/openssl/dsa_err.c +++ b/lib/dns/sec/openssl/dsa_err.c @@ -54,7 +54,8 @@ */ /* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file. + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. */ #include diff --git a/lib/dns/sec/openssl/dsa_key.c b/lib/dns/sec/openssl/dsa_key.c index fa1b46b5f9..1a247fb1eb 100644 --- a/lib/dns/sec/openssl/dsa_key.c +++ b/lib/dns/sec/openssl/dsa_key.c @@ -87,7 +87,8 @@ int DSA_generate_key(DSA *dsa) i=BN_num_bits(dsa->q); for (;;) { - BN_rand(priv_key,i,1,0); + if (!BN_rand(priv_key,i,1,0)) + goto err; if (BN_cmp(priv_key,dsa->q) >= 0) BN_sub(priv_key,priv_key,dsa->q); if (!BN_is_zero(priv_key)) break; diff --git a/lib/dns/sec/openssl/err.c b/lib/dns/sec/openssl/err.c index 36c13b2b5b..da67f60c7c 100644 --- a/lib/dns/sec/openssl/err.c +++ b/lib/dns/sec/openssl/err.c @@ -61,6 +61,7 @@ #include #include +#include #include #include #include "cryptlib.h" @@ -157,6 +158,54 @@ static ERR_STRING_DATA ERR_str_reasons[]= {0,NULL}, }; + + +#define NUM_SYS_STR_REASONS 127 +#define LEN_SYS_STR_REASON 32 + +static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; +/* SYS_str_reasons is filled with copies of strerror() results at + * initialization. + * 'errno' values up to 127 should cover all usual errors, + * others will be displayed numerically by ERR_error_string. + * It is crucial that we have something for each reason code + * that occurs in ERR_str_reasons, or bogus reason strings + * will be returned for SYSerr(), which always gets an errno + * value and never one of those 'standard' reason codes. */ + +static void build_SYS_str_reasons() + { + /* Malloc cannot be used here, use static storage instead */ + static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; + int i; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH); + + for (i = 1; i <= NUM_SYS_STR_REASONS; i++) + { + ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; + + str->error = (unsigned long)i; + if (str->string == NULL) + { + char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); + char *src = strerror(i); + if (src != NULL) + { + strncpy(*dest, src, sizeof *dest); + (*dest)[sizeof *dest - 1] = '\0'; + str->string = *dest; + } + } + if (str->string == NULL) + str->string = "unknown"; + } + + /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, + * as required by ERR_load_strings. */ + + CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH); + } #endif #define err_clear_data(p,i) \ @@ -194,14 +243,16 @@ void ERR_load_ERR_strings(void) CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return; } - init=0; CRYPTO_w_unlock(CRYPTO_LOCK_ERR); #ifndef NO_ERR ERR_load_strings(0,ERR_str_libraries); ERR_load_strings(0,ERR_str_reasons); ERR_load_strings(ERR_LIB_SYS,ERR_str_functs); + build_SYS_str_reasons(); + ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons); #endif + init=0; } } diff --git a/lib/dns/sec/openssl/include/openssl/bn.h b/lib/dns/sec/openssl/include/openssl/bn.h index d315783057..d875fe5f92 100644 --- a/lib/dns/sec/openssl/include/openssl/bn.h +++ b/lib/dns/sec/openssl/include/openssl/bn.h @@ -95,7 +95,7 @@ extern "C" { * For machines with only one compiler (or shared libraries), this should * be on. Again this in only really a problem on machines * using "long long's", are 32bit, and are not using my assembler code. */ -#if defined(MSDOS) || defined(WINDOWS) || defined(linux) +#if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux) #define BN_DIV2W #endif diff --git a/lib/dns/sec/openssl/include/openssl/lhash.h b/lib/dns/sec/openssl/include/openssl/lhash.h index 58a9d99e6f..8c52bb9376 100644 --- a/lib/dns/sec/openssl/include/openssl/lhash.h +++ b/lib/dns/sec/openssl/include/openssl/lhash.h @@ -124,6 +124,7 @@ void *lh_retrieve(LHASH *lh, void *data); void lh_doall(LHASH *lh, void (*func)(/*void *b*/)); void lh_doall_arg(LHASH *lh, void (*func)(void *a,void *b),void *arg); unsigned long lh_strhash(const char *c); +unsigned long lh_num_items(LHASH *lh); #ifndef NO_FP_API void lh_stats(LHASH *lh, FILE *out); diff --git a/lib/dns/sec/openssl/include/openssl/rand.h b/lib/dns/sec/openssl/include/openssl/rand.h index 0f6a0888d7..59aa67cee3 100644 --- a/lib/dns/sec/openssl/include/openssl/rand.h +++ b/lib/dns/sec/openssl/include/openssl/rand.h @@ -70,8 +70,13 @@ typedef struct rand_meth_st void (*cleanup)(void); void (*add)(const void *buf, int num, double entropy); int (*pseudorand)(unsigned char *buf, int num); + int (*status)(void); } RAND_METHOD; +#ifdef BN_DEBUG +extern int rand_predictable; +#endif + void RAND_set_rand_method(RAND_METHOD *meth); RAND_METHOD *RAND_get_rand_method(void ); RAND_METHOD *RAND_SSLeay(void); @@ -85,8 +90,10 @@ int RAND_write_file(const char *file); const char *RAND_file_name(char *file,int num); int RAND_status(void); int RAND_egd(const char *path); -#ifdef WINDOWS +#if defined(WINDOWS) || defined(WIN32) +#include void RAND_screen(void); +int RAND_event(UINT, WPARAM, LPARAM); #endif void ERR_load_RAND_strings(void); diff --git a/lib/dns/sec/openssl/lhash.c b/lib/dns/sec/openssl/lhash.c index 49ac94c2c4..252b59310c 100644 --- a/lib/dns/sec/openssl/lhash.c +++ b/lib/dns/sec/openssl/lhash.c @@ -163,7 +163,7 @@ void lh_free(LHASH *lh) unsigned int i; LHASH_NODE *n,*nn; - if(lh == NULL) + if (lh == NULL) return; for (i=0; inum_nodes; i++) @@ -426,21 +426,6 @@ static LHASH_NODE **getrn(LHASH *lh, void *data, unsigned long *rhash) return(ret); } -/* -unsigned long lh_strhash(char *str) - { - int i,l; - unsigned long ret=0; - unsigned short *s; - - if (str == NULL) return(0); - l=(strlen(str)+1)/2; - s=(unsigned short *)str; - for (i=0; i>16)^ret); } +unsigned long lh_num_items(LHASH *lh) + { + return lh ? lh->num_items : 0; + } diff --git a/lib/dns/sec/openssl/md5_locl.h b/lib/dns/sec/openssl/md5_locl.h index b89f53f9f3..40c2c8196b 100644 --- a/lib/dns/sec/openssl/md5_locl.h +++ b/lib/dns/sec/openssl/md5_locl.h @@ -141,11 +141,7 @@ void dst__openssl_md5_block_data_order (MD5_CTX *c, const void *p,int num); /* BEW */ #define FLAT_INC -#ifndef FLAT_INC -#include "../md32_common.h" -#else #include "md32_common.h" -#endif /* #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) diff --git a/lib/dns/sec/openssl/md_rand.c b/lib/dns/sec/openssl/md_rand.c index d3c47481a9..4b93e9a99d 100644 --- a/lib/dns/sec/openssl/md_rand.c +++ b/lib/dns/sec/openssl/md_rand.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #define ENTROPY_NEEDED 16 /* require 128 bits = 16 bytes of randomness */ @@ -133,6 +186,10 @@ #include +#ifdef BN_DEBUG +# define PREDICT +#endif + /* #define NORAND 1 */ /* #define PREDICT 1 */ @@ -144,6 +201,10 @@ static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; +#ifdef PREDICT +int rand_predictable=0; +#endif + const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; static void ssleay_rand_cleanup(void); @@ -151,6 +212,7 @@ static void ssleay_rand_seed(const void *buf, int num); static void ssleay_rand_add(const void *buf, int num, double add_entropy); static int ssleay_rand_bytes(unsigned char *buf, int num); static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); +static int ssleay_rand_status(void); RAND_METHOD rand_ssleay_meth={ ssleay_rand_seed, @@ -158,6 +220,7 @@ RAND_METHOD rand_ssleay_meth={ ssleay_rand_cleanup, ssleay_rand_add, ssleay_rand_pseudo_bytes, + ssleay_rand_status }; RAND_METHOD *RAND_SSLeay(void) @@ -309,6 +372,10 @@ static void ssleay_rand_initialize(void) FILE *fh; #endif +#ifdef NORAND + return; +#endif + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); /* put in some default random data, we need more than just this */ #ifndef GETPID_IS_MEANINGLESS @@ -357,13 +424,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif #ifdef PREDICT - { - static unsigned char val=0; + if (rand_predictable) + { + static unsigned char val=0; - for (i=0; i= ENTROPY_NEEDED); + ret = entropy >= ENTROPY_NEEDED; + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + return ret; } #ifdef WINDOWS #include #include +int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) + { + double add_entropy=0; + SYSTEMTIME t; + + switch (iMsg) + { + case WM_KEYDOWN: + { + static WPARAM key; + if (key != wParam) + add_entropy = 0.05; + key = wParam; + } + break; + case WM_MOUSEMOVE: + { + static int lastx,lasty,lastdx,lastdy; + int x,y,dx,dy; + + x=LOWORD(lParam); + y=HIWORD(lParam); + dx=lastx-x; + dy=lasty-y; + if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) + add_entropy=.2; + lastx=x, lasty=y; + lastdx=dx, lastdy=dy; + } + break; + } + + GetSystemTime(&t); + RAND_add(&iMsg, sizeof(iMsg), add_entropy); + RAND_add(&wParam, sizeof(wParam), 0); + RAND_add(&lParam, sizeof(lParam), 0); + RAND_add(&t, sizeof(t), 0); + + return (RAND_status()); + } + /***************************************************************************** * Initialisation function for the SSL random generator. Takes the contents * of the screen as random seed. diff --git a/lib/dns/sec/openssl/mem_dbg.c b/lib/dns/sec/openssl/mem_dbg.c index 91de8ddb68..15783c4e4e 100644 --- a/lib/dns/sec/openssl/mem_dbg.c +++ b/lib/dns/sec/openssl/mem_dbg.c @@ -644,19 +644,54 @@ void CRYPTO_mem_leaks(BIO *b) MEM_LEAK ml; char buf[80]; - if (mh == NULL) return; + if (mh == NULL && amih == NULL) + return; ml.bio=b; ml.bytes=0; ml.chunks=0; - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); - lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ + if (mh != NULL) + lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); if (ml.chunks != 0) { sprintf(buf,"%ld bytes leaked in %d chunks\n", ml.bytes,ml.chunks); BIO_puts(b,buf); } + else + { + /* Make sure that, if we found no leaks, memory-leak debugging itself + * does not introduce memory leaks (which might irritate + * external debugging tools). + * (When someone enables leak checking, but does not call + * this function, we declare it to be their fault.) + * + * XXX This should be in CRYPTO_mem_leaks_cb, + * and CRYPTO_mem_leaks should be implemented by + * using CRYPTO_mem_leaks_cb. + * (Also their should be a variant of lh_doall_arg + * that takes a function pointer instead of a void *; + * this would obviate the ugly and illegal + * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. + * Otherwise the code police will come and get us.) + */ + CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + if (mh != NULL) + { + lh_free(mh); + mh = NULL; + } + if (amih != NULL) + { + if (lh_num_items(amih) == 0) + { + lh_free(amih); + amih = NULL; + } + } + CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + } + MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ #if 0 lh_stats_bio(mh,b); diff --git a/lib/dns/sec/openssl/rand_lib.c b/lib/dns/sec/openssl/rand_lib.c index a43180e385..5faf841f75 100644 --- a/lib/dns/sec/openssl/rand_lib.c +++ b/lib/dns/sec/openssl/rand_lib.c @@ -111,3 +111,10 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) return rand_meth->pseudorand(buf,num); return(-1); } + +int RAND_status(void) + { + if (rand_meth != NULL) + return rand_meth->status(); + return 0; + } diff --git a/lib/dns/sec/openssl/sha_locl.h b/lib/dns/sec/openssl/sha_locl.h index 82d316f794..ecbe65e8d2 100644 --- a/lib/dns/sec/openssl/sha_locl.h +++ b/lib/dns/sec/openssl/sha_locl.h @@ -132,11 +132,7 @@ # error "Either SHA_0 or SHA_1 must be defined." #endif -#ifndef FLAT_INC -#include "../md32_common.h" -#else #include "md32_common.h" -#endif #define INIT_DATA_h0 0x67452301UL #define INIT_DATA_h1 0xefcdab89UL diff --git a/lib/dns/sec/rename.h b/lib/dns/sec/rename.h index 2611815edb..f29b7349d9 100644 --- a/lib/dns/sec/rename.h +++ b/lib/dns/sec/rename.h @@ -248,6 +248,7 @@ #define lh_new dst__openssl_lh_new #define lh_retrieve dst__openssl_lh_retrieve #define lh_strhash dst__openssl_lh_strhash +#define lh_num_items dst__openssl_lh_num_items #define md5_block_host_order dst__openssl_md5_block_host_order #define md5_block_data_order dst__openssl_md5_block_data_order #define sha1_block_data_order dst__openssl_sha1_block_data_order @@ -305,6 +306,7 @@ #define DSA_version dst__openssl_DSA_version #define lh_version dst__openssl_lh_version #define RAND_version dst__openssl_RAND_version +#define RAND_event dst__RAND_event #define MD5_version dst__openssl_MD5_version #define SHA1_version dst__openssl_SHA1_version #define STACK_version dst__openssl_STACK_version