diff options
| author | djm <> | 2009-04-06 06:33:20 +0000 |
|---|---|---|
| committer | djm <> | 2009-04-06 06:33:20 +0000 |
| commit | ee26f086217016f09154412b171ad62a33a346f6 (patch) | |
| tree | 647f179fa8dcccf50c436cc0165a1d67476a936e | |
| parent | f929570d17be2469dc7104fcdf26fdaddf3dbb65 (diff) | |
| download | openbsd-ee26f086217016f09154412b171ad62a33a346f6.tar.gz openbsd-ee26f086217016f09154412b171ad62a33a346f6.tar.bz2 openbsd-ee26f086217016f09154412b171ad62a33a346f6.zip | |
resolve conflicts
79 files changed, 430 insertions, 245 deletions
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 424cd348bb..e3385226d4 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h | |||
| @@ -612,6 +612,7 @@ typedef struct BIT_STRING_BITNAME_st { | |||
| 612 | B_ASN1_GENERALIZEDTIME | 612 | B_ASN1_GENERALIZEDTIME |
| 613 | 613 | ||
| 614 | #define B_ASN1_PRINTABLE \ | 614 | #define B_ASN1_PRINTABLE \ |
| 615 | B_ASN1_NUMERICSTRING| \ | ||
| 615 | B_ASN1_PRINTABLESTRING| \ | 616 | B_ASN1_PRINTABLESTRING| \ |
| 616 | B_ASN1_T61STRING| \ | 617 | B_ASN1_T61STRING| \ |
| 617 | B_ASN1_IA5STRING| \ | 618 | B_ASN1_IA5STRING| \ |
| @@ -1217,6 +1218,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1217 | #define ASN1_R_BAD_OBJECT_HEADER 102 | 1218 | #define ASN1_R_BAD_OBJECT_HEADER 102 |
| 1218 | #define ASN1_R_BAD_PASSWORD_READ 103 | 1219 | #define ASN1_R_BAD_PASSWORD_READ 103 |
| 1219 | #define ASN1_R_BAD_TAG 104 | 1220 | #define ASN1_R_BAD_TAG 104 |
| 1221 | #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 | ||
| 1220 | #define ASN1_R_BN_LIB 105 | 1222 | #define ASN1_R_BN_LIB 105 |
| 1221 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 | 1223 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 |
| 1222 | #define ASN1_R_BUFFER_TOO_SMALL 107 | 1224 | #define ASN1_R_BUFFER_TOO_SMALL 107 |
| @@ -1306,6 +1308,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1306 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 | 1308 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 |
| 1307 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 | 1309 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 |
| 1308 | #define ASN1_R_UNEXPECTED_EOC 159 | 1310 | #define ASN1_R_UNEXPECTED_EOC 159 |
| 1311 | #define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 | ||
| 1309 | #define ASN1_R_UNKNOWN_FORMAT 160 | 1312 | #define ASN1_R_UNKNOWN_FORMAT 160 |
| 1310 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 | 1313 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 |
| 1311 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 | 1314 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 |
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c index f8a3e2e6cd..5f5de98eed 100644 --- a/src/lib/libcrypto/asn1/asn1_err.c +++ b/src/lib/libcrypto/asn1/asn1_err.c | |||
| @@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, | 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, |
| 196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, | 196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, |
| 197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, | 197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, |
| 198 | {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, | ||
| 198 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, | 199 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, |
| 199 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, | 200 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, |
| 200 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, | 201 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, |
| @@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 284 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, | 285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, |
| 285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, | 286 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, |
| 286 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, | 287 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, |
| 288 | {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, | ||
| 287 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, | 289 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, |
| 288 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, | 290 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, |
| 289 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, | 291 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, |
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c index 501b62a4b1..8657f73d66 100644 --- a/src/lib/libcrypto/asn1/asn1_par.c +++ b/src/lib/libcrypto/asn1/asn1_par.c | |||
| @@ -213,6 +213,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse | |||
| 213 | (tag == V_ASN1_T61STRING) || | 213 | (tag == V_ASN1_T61STRING) || |
| 214 | (tag == V_ASN1_IA5STRING) || | 214 | (tag == V_ASN1_IA5STRING) || |
| 215 | (tag == V_ASN1_VISIBLESTRING) || | 215 | (tag == V_ASN1_VISIBLESTRING) || |
| 216 | (tag == V_ASN1_NUMERICSTRING) || | ||
| 217 | (tag == V_ASN1_UTF8STRING) || | ||
| 216 | (tag == V_ASN1_UTCTIME) || | 218 | (tag == V_ASN1_UTCTIME) || |
| 217 | (tag == V_ASN1_GENERALIZEDTIME)) | 219 | (tag == V_ASN1_GENERALIZEDTIME)) |
| 218 | { | 220 | { |
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c index bc80b20d63..d8d9e76cc0 100644 --- a/src/lib/libcrypto/asn1/asn_mime.c +++ b/src/lib/libcrypto/asn1/asn_mime.c | |||
| @@ -152,7 +152,6 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) | |||
| 152 | 152 | ||
| 153 | static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) | 153 | static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) |
| 154 | { | 154 | { |
| 155 | const EVP_MD *md; | ||
| 156 | int i, have_unknown = 0, write_comma, md_nid; | 155 | int i, have_unknown = 0, write_comma, md_nid; |
| 157 | have_unknown = 0; | 156 | have_unknown = 0; |
| 158 | write_comma = 0; | 157 | write_comma = 0; |
| @@ -162,7 +161,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) | |||
| 162 | BIO_write(out, ",", 1); | 161 | BIO_write(out, ",", 1); |
| 163 | write_comma = 1; | 162 | write_comma = 1; |
| 164 | md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); | 163 | md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); |
| 165 | md = EVP_get_digestbynid(md_nid); | ||
| 166 | switch(md_nid) | 164 | switch(md_nid) |
| 167 | { | 165 | { |
| 168 | case NID_sha1: | 166 | case NID_sha1: |
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index ced641698e..48bc1c0d4d 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c | |||
| @@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len); | |||
| 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); | 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); |
| 70 | 70 | ||
| 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 72 | char inf, int tag, int aclass); | 72 | char inf, int tag, int aclass, int depth); |
| 73 | 73 | ||
| 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); | 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); |
| 75 | 75 | ||
| @@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, | |||
| 611 | 611 | ||
| 612 | err: | 612 | err: |
| 613 | ASN1_template_free(val, tt); | 613 | ASN1_template_free(val, tt); |
| 614 | *val = NULL; | ||
| 615 | return 0; | 614 | return 0; |
| 616 | } | 615 | } |
| 617 | 616 | ||
| @@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, | |||
| 758 | 757 | ||
| 759 | err: | 758 | err: |
| 760 | ASN1_template_free(val, tt); | 759 | ASN1_template_free(val, tt); |
| 761 | *val = NULL; | ||
| 762 | return 0; | 760 | return 0; |
| 763 | } | 761 | } |
| 764 | 762 | ||
| @@ -878,7 +876,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, | |||
| 878 | * internally irrespective of the type. So instead just check | 876 | * internally irrespective of the type. So instead just check |
| 879 | * for UNIVERSAL class and ignore the tag. | 877 | * for UNIVERSAL class and ignore the tag. |
| 880 | */ | 878 | */ |
| 881 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) | 879 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) |
| 882 | { | 880 | { |
| 883 | free_cont = 1; | 881 | free_cont = 1; |
| 884 | goto err; | 882 | goto err; |
| @@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, | |||
| 1012 | case V_ASN1_SET: | 1010 | case V_ASN1_SET: |
| 1013 | case V_ASN1_SEQUENCE: | 1011 | case V_ASN1_SEQUENCE: |
| 1014 | default: | 1012 | default: |
| 1013 | if (utype == V_ASN1_BMPSTRING && (len & 1)) | ||
| 1014 | { | ||
| 1015 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1016 | ASN1_R_BMPSTRING_IS_WRONG_LENGTH); | ||
| 1017 | goto err; | ||
| 1018 | } | ||
| 1019 | if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) | ||
| 1020 | { | ||
| 1021 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1022 | ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); | ||
| 1023 | goto err; | ||
| 1024 | } | ||
| 1015 | /* All based on ASN1_STRING and handled the same */ | 1025 | /* All based on ASN1_STRING and handled the same */ |
| 1016 | if (!*pval) | 1026 | if (!*pval) |
| 1017 | { | 1027 | { |
| @@ -1128,8 +1138,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) | |||
| 1128 | * if it is indefinite length. | 1138 | * if it is indefinite length. |
| 1129 | */ | 1139 | */ |
| 1130 | 1140 | ||
| 1141 | #ifndef ASN1_MAX_STRING_NEST | ||
| 1142 | /* This determines how many levels of recursion are permitted in ASN1 | ||
| 1143 | * string types. If it is not limited stack overflows can occur. If set | ||
| 1144 | * to zero no recursion is allowed at all. Although zero should be adequate | ||
| 1145 | * examples exist that require a value of 1. So 5 should be more than enough. | ||
| 1146 | */ | ||
| 1147 | #define ASN1_MAX_STRING_NEST 5 | ||
| 1148 | #endif | ||
| 1149 | |||
| 1150 | |||
| 1131 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 1151 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 1132 | char inf, int tag, int aclass) | 1152 | char inf, int tag, int aclass, int depth) |
| 1133 | { | 1153 | { |
| 1134 | const unsigned char *p, *q; | 1154 | const unsigned char *p, *q; |
| 1135 | long plen; | 1155 | long plen; |
| @@ -1171,13 +1191,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | |||
| 1171 | /* If indefinite length constructed update max length */ | 1191 | /* If indefinite length constructed update max length */ |
| 1172 | if (cst) | 1192 | if (cst) |
| 1173 | { | 1193 | { |
| 1174 | #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS | 1194 | if (depth >= ASN1_MAX_STRING_NEST) |
| 1175 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) | 1195 | { |
| 1196 | ASN1err(ASN1_F_ASN1_COLLECT, | ||
| 1197 | ASN1_R_NESTED_ASN1_STRING); | ||
| 1198 | return 0; | ||
| 1199 | } | ||
| 1200 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, | ||
| 1201 | depth + 1)) | ||
| 1176 | return 0; | 1202 | return 0; |
| 1177 | #else | ||
| 1178 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); | ||
| 1179 | return 0; | ||
| 1180 | #endif | ||
| 1181 | } | 1203 | } |
| 1182 | else if (plen && !collect_data(buf, &p, plen)) | 1204 | else if (plen && !collect_data(buf, &p, plen)) |
| 1183 | return 0; | 1205 | return 0; |
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c index a4edb711ae..e7ab9cb3a3 100644 --- a/src/lib/libcrypto/bio/bss_mem.c +++ b/src/lib/libcrypto/bio/bss_mem.c | |||
| @@ -284,6 +284,7 @@ static int mem_gets(BIO *bp, char *buf, int size) | |||
| 284 | 284 | ||
| 285 | BIO_clear_retry_flags(bp); | 285 | BIO_clear_retry_flags(bp); |
| 286 | j=bm->length; | 286 | j=bm->length; |
| 287 | if ((size-1) < j) j=size-1; | ||
| 287 | if (j <= 0) | 288 | if (j <= 0) |
| 288 | { | 289 | { |
| 289 | *buf='\0'; | 290 | *buf='\0'; |
| @@ -292,17 +293,18 @@ static int mem_gets(BIO *bp, char *buf, int size) | |||
| 292 | p=bm->data; | 293 | p=bm->data; |
| 293 | for (i=0; i<j; i++) | 294 | for (i=0; i<j; i++) |
| 294 | { | 295 | { |
| 295 | if (p[i] == '\n') break; | 296 | if (p[i] == '\n') |
| 296 | } | 297 | { |
| 297 | if (i == j) | 298 | i++; |
| 298 | { | 299 | break; |
| 299 | BIO_set_retry_read(bp); | 300 | } |
| 300 | /* return(-1); change the semantics 0.6.6a */ | ||
| 301 | } | 301 | } |
| 302 | else | 302 | |
| 303 | i++; | 303 | /* |
| 304 | /* i is the max to copy */ | 304 | * i is now the max num of bytes to copy, either j or up to |
| 305 | if ((size-1) < i) i=size-1; | 305 | * and including the first newline |
| 306 | */ | ||
| 307 | |||
| 306 | i=mem_read(bp,buf,i); | 308 | i=mem_read(bp,buf,i); |
| 307 | if (i > 0) buf[i]='\0'; | 309 | if (i > 0) buf[i]='\0'; |
| 308 | ret=i; | 310 | ret=i; |
diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c index 472dd75821..30c3ceab46 100644 --- a/src/lib/libcrypto/bio/bss_sock.c +++ b/src/lib/libcrypto/bio/bss_sock.c | |||
| @@ -60,6 +60,9 @@ | |||
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | |||
| 64 | #ifndef OPENSSL_NO_SOCK | ||
| 65 | |||
| 63 | #include <openssl/bio.h> | 66 | #include <openssl/bio.h> |
| 64 | 67 | ||
| 65 | #ifdef WATT32 | 68 | #ifdef WATT32 |
| @@ -300,3 +303,5 @@ int BIO_sock_non_fatal_error(int err) | |||
| 300 | } | 303 | } |
| 301 | return(0); | 304 | return(0); |
| 302 | } | 305 | } |
| 306 | |||
| 307 | #endif /* #ifndef OPENSSL_NO_SOCK */ | ||
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c index b9463f9abb..f35883aa22 100644 --- a/src/lib/libcrypto/cms/cms_smime.c +++ b/src/lib/libcrypto/cms/cms_smime.c | |||
| @@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, | |||
| 298 | CMS_R_STORE_INIT_ERROR); | 298 | CMS_R_STORE_INIT_ERROR); |
| 299 | goto err; | 299 | goto err; |
| 300 | } | 300 | } |
| 301 | X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); | 301 | X509_STORE_CTX_set_default(&ctx, "smime_sign"); |
| 302 | if (crls) | 302 | if (crls) |
| 303 | X509_STORE_CTX_set0_crls(&ctx, crls); | 303 | X509_STORE_CTX_set0_crls(&ctx, crls); |
| 304 | 304 | ||
| @@ -425,7 +425,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, | |||
| 425 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) | 425 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) |
| 426 | { | 426 | { |
| 427 | si = sk_CMS_SignerInfo_value(sinfos, i); | 427 | si = sk_CMS_SignerInfo_value(sinfos, i); |
| 428 | if (!CMS_SignerInfo_verify_content(si, cmsbio)) | 428 | if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) |
| 429 | { | 429 | { |
| 430 | CMSerr(CMS_F_CMS_VERIFY, | 430 | CMSerr(CMS_F_CMS_VERIFY, |
| 431 | CMS_R_CONTENT_VERIFY_ERROR); | 431 | CMS_R_CONTENT_VERIFY_ERROR); |
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c index e286378cb1..ee9c677d9b 100644 --- a/src/lib/libcrypto/conf/conf_mod.c +++ b/src/lib/libcrypto/conf/conf_mod.c | |||
| @@ -588,7 +588,7 @@ int CONF_parse_list(const char *list_, int sep, int nospc, | |||
| 588 | { | 588 | { |
| 589 | if (nospc) | 589 | if (nospc) |
| 590 | { | 590 | { |
| 591 | while(isspace((unsigned char)*lstart)) | 591 | while(*lstart && isspace((unsigned char)*lstart)) |
| 592 | lstart++; | 592 | lstart++; |
| 593 | } | 593 | } |
| 594 | p = strchr(lstart, sep); | 594 | p = strchr(lstart, sep); |
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com index db9c882fb0..e72af90822 100644 --- a/src/lib/libcrypto/crypto-lib.com +++ b/src/lib/libcrypto/crypto-lib.com | |||
| @@ -169,7 +169,7 @@ $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" | |||
| 169 | $ LIB_MDC2 = "mdc2dgst,mdc2_one" | 169 | $ LIB_MDC2 = "mdc2dgst,mdc2_one" |
| 170 | $ LIB_HMAC = "hmac" | 170 | $ LIB_HMAC = "hmac" |
| 171 | $ LIB_RIPEMD = "rmd_dgst,rmd_one" | 171 | $ LIB_RIPEMD = "rmd_dgst,rmd_one" |
| 172 | $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - | 172 | $ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ - |
| 173 | "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - | 173 | "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - |
| 174 | "enc_read,enc_writ,ofb64enc,"+ - | 174 | "enc_read,enc_writ,ofb64enc,"+ - |
| 175 | "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - | 175 | "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - |
| @@ -191,7 +191,7 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - | |||
| 191 | "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - | 191 | "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - |
| 192 | "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - | 192 | "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - |
| 193 | "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - | 193 | "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - |
| 194 | "bn_depr,bn_const" | 194 | "bn_depr,bn_x931p,bn_const,bn_opt" |
| 195 | $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - | 195 | $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - |
| 196 | "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - | 196 | "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - |
| 197 | "ec2_smpl,ec2_mult" | 197 | "ec2_smpl,ec2_mult" |
| @@ -211,7 +211,7 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - | |||
| 211 | "tb_cipher,tb_digest,"+ - | 211 | "tb_cipher,tb_digest,"+ - |
| 212 | "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" | 212 | "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" |
| 213 | $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - | 213 | $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - |
| 214 | "aes_ctr,aes_ige" | 214 | "aes_ctr,aes_ige,aes_wrap" |
| 215 | $ LIB_BUFFER = "buffer,buf_str,buf_err" | 215 | $ LIB_BUFFER = "buffer,buf_str,buf_err" |
| 216 | $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - | 216 | $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - |
| 217 | "bss_mem,bss_null,bss_fd,"+ - | 217 | "bss_mem,bss_null,bss_fd,"+ - |
| @@ -246,7 +246,7 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - | |||
| 246 | $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - | 246 | $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - |
| 247 | "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - | 247 | "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - |
| 248 | "f_int,f_string,n_pkey,"+ - | 248 | "f_int,f_string,n_pkey,"+ - |
| 249 | "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - | 249 | "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - |
| 250 | "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - | 250 | "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - |
| 251 | "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" | 251 | "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" |
| 252 | $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - | 252 | $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - |
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h index 0a39742773..10475ac4b3 100644 --- a/src/lib/libcrypto/dh/dh.h +++ b/src/lib/libcrypto/dh/dh.h | |||
| @@ -122,7 +122,7 @@ struct dh_st | |||
| 122 | int version; | 122 | int version; |
| 123 | BIGNUM *p; | 123 | BIGNUM *p; |
| 124 | BIGNUM *g; | 124 | BIGNUM *g; |
| 125 | int length; /* optional */ | 125 | long length; /* optional */ |
| 126 | BIGNUM *pub_key; /* g^x */ | 126 | BIGNUM *pub_key; /* g^x */ |
| 127 | BIGNUM *priv_key; /* x */ | 127 | BIGNUM *priv_key; /* x */ |
| 128 | 128 | ||
| @@ -238,8 +238,6 @@ void ERR_load_DH_strings(void); | |||
| 238 | #define DH_R_KEY_SIZE_TOO_SMALL 104 | 238 | #define DH_R_KEY_SIZE_TOO_SMALL 104 |
| 239 | #define DH_R_MODULUS_TOO_LARGE 103 | 239 | #define DH_R_MODULUS_TOO_LARGE 103 |
| 240 | #define DH_R_NO_PRIVATE_VALUE 100 | 240 | #define DH_R_NO_PRIVATE_VALUE 100 |
| 241 | #define DH_R_INVALID_PUBKEY 102 | ||
| 242 | #define DH_R_MODULUS_TOO_LARGE 103 | ||
| 243 | 241 | ||
| 244 | #ifdef __cplusplus | 242 | #ifdef __cplusplus |
| 245 | } | 243 | } |
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c index b364362fca..13263c81c1 100644 --- a/src/lib/libcrypto/dh/dh_err.c +++ b/src/lib/libcrypto/dh/dh_err.c | |||
| @@ -90,8 +90,6 @@ static ERR_STRING_DATA DH_str_reasons[]= | |||
| 90 | {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, | 90 | {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, |
| 91 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | 91 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, |
| 92 | {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, | 92 | {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, |
| 93 | {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, | ||
| 94 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | ||
| 95 | {0,NULL} | 93 | {0,NULL} |
| 96 | }; | 94 | }; |
| 97 | 95 | ||
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index bb6f02c2e9..436be20bf1 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c | |||
| @@ -220,18 +220,18 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, | |||
| 220 | test1_exit(7); | 220 | test1_exit(7); |
| 221 | } | 221 | } |
| 222 | 222 | ||
| 223 | if(outl+outl2 != cn) | 223 | if(outl+outl2 != pn) |
| 224 | { | 224 | { |
| 225 | fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", | 225 | fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", |
| 226 | outl+outl2,cn); | 226 | outl+outl2,pn); |
| 227 | test1_exit(8); | 227 | test1_exit(8); |
| 228 | } | 228 | } |
| 229 | 229 | ||
| 230 | if(memcmp(out,plaintext,cn)) | 230 | if(memcmp(out,plaintext,pn)) |
| 231 | { | 231 | { |
| 232 | fprintf(stderr,"Plaintext mismatch\n"); | 232 | fprintf(stderr,"Plaintext mismatch\n"); |
| 233 | hexdump(stderr,"Got",out,cn); | 233 | hexdump(stderr,"Got",out,pn); |
| 234 | hexdump(stderr,"Expected",plaintext,cn); | 234 | hexdump(stderr,"Expected",plaintext,pn); |
| 235 | test1_exit(9); | 235 | test1_exit(9); |
| 236 | } | 236 | } |
| 237 | } | 237 | } |
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h index 09687b5136..c6207f76b2 100644 --- a/src/lib/libcrypto/opensslv.h +++ b/src/lib/libcrypto/opensslv.h | |||
| @@ -25,11 +25,11 @@ | |||
| 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | * major minor fix final patch/beta) | 26 | * major minor fix final patch/beta) |
| 27 | */ | 27 | */ |
| 28 | #define OPENSSL_VERSION_NUMBER 0x009080afL | 28 | #define OPENSSL_VERSION_NUMBER 0x009080bfL |
| 29 | #ifdef OPENSSL_FIPS | 29 | #ifdef OPENSSL_FIPS |
| 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j-fips 07 Jan 2009" | 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k-fips 25 Mar 2009" |
| 31 | #else | 31 | #else |
| 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j 07 Jan 2009" | 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k 25 Mar 2009" |
| 33 | #endif | 33 | #endif |
| 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 35 | ||
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index 6f8e01544b..6c193f1cbf 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h | |||
| @@ -215,7 +215,9 @@ typedef struct pem_ctx_st | |||
| 215 | 215 | ||
| 216 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ | 216 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ |
| 217 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ | 217 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ |
| 218 | #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ | ||
| 218 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ | 219 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ |
| 220 | #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ | ||
| 219 | 221 | ||
| 220 | #else | 222 | #else |
| 221 | 223 | ||
| @@ -355,6 +357,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 355 | 357 | ||
| 356 | #define DECLARE_PEM_read_fp(name, type) /**/ | 358 | #define DECLARE_PEM_read_fp(name, type) /**/ |
| 357 | #define DECLARE_PEM_write_fp(name, type) /**/ | 359 | #define DECLARE_PEM_write_fp(name, type) /**/ |
| 360 | #define DECLARE_PEM_write_fp_const(name, type) /**/ | ||
| 358 | #define DECLARE_PEM_write_cb_fp(name, type) /**/ | 361 | #define DECLARE_PEM_write_cb_fp(name, type) /**/ |
| 359 | 362 | ||
| 360 | #else | 363 | #else |
| @@ -392,6 +395,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 392 | 395 | ||
| 393 | #define DECLARE_PEM_read_bio(name, type) /**/ | 396 | #define DECLARE_PEM_read_bio(name, type) /**/ |
| 394 | #define DECLARE_PEM_write_bio(name, type) /**/ | 397 | #define DECLARE_PEM_write_bio(name, type) /**/ |
| 398 | #define DECLARE_PEM_write_bio_const(name, type) /**/ | ||
| 395 | #define DECLARE_PEM_write_cb_bio(name, type) /**/ | 399 | #define DECLARE_PEM_write_cb_bio(name, type) /**/ |
| 396 | 400 | ||
| 397 | #endif | 401 | #endif |
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c index e863de52ce..9522342fa5 100644 --- a/src/lib/libcrypto/pkcs12/p12_crt.c +++ b/src/lib/libcrypto/pkcs12/p12_crt.c | |||
| @@ -170,6 +170,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | |||
| 170 | 170 | ||
| 171 | p12 = PKCS12_add_safes(safes, 0); | 171 | p12 = PKCS12_add_safes(safes, 0); |
| 172 | 172 | ||
| 173 | if (!p12) | ||
| 174 | goto err; | ||
| 175 | |||
| 173 | sk_PKCS7_pop_free(safes, PKCS7_free); | 176 | sk_PKCS7_pop_free(safes, PKCS7_free); |
| 174 | 177 | ||
| 175 | safes = NULL; | 178 | safes = NULL; |
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index c34db1d6fe..fd18ec3d95 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c | |||
| @@ -229,8 +229,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 229 | sk_X509_free(signers); | 229 | sk_X509_free(signers); |
| 230 | return 0; | 230 | return 0; |
| 231 | } | 231 | } |
| 232 | X509_STORE_CTX_set_purpose(&cert_ctx, | 232 | X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); |
| 233 | X509_PURPOSE_SMIME_SIGN); | ||
| 234 | } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { | 233 | } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { |
| 235 | PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); | 234 | PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); |
| 236 | sk_X509_free(signers); | 235 | sk_X509_free(signers); |
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c index 964d25833c..58c6173094 100644 --- a/src/lib/libcrypto/rand/rand_unix.c +++ b/src/lib/libcrypto/rand/rand_unix.c | |||
| @@ -226,7 +226,7 @@ int RAND_poll(void) | |||
| 226 | t.tv_sec = 0; | 226 | t.tv_sec = 0; |
| 227 | t.tv_usec = usec; | 227 | t.tv_usec = usec; |
| 228 | 228 | ||
| 229 | if (FD_SETSIZE > 0 && fd >= FD_SETSIZE) | 229 | if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) |
| 230 | { | 230 | { |
| 231 | /* can't use select, so just try to read once anyway */ | 231 | /* can't use select, so just try to read once anyway */ |
| 232 | try_read = 1; | 232 | try_read = 1; |
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index f63fbc1731..d108353bbc 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c | |||
| @@ -261,7 +261,7 @@ const char *RAND_file_name(char *buf, size_t size) | |||
| 261 | struct stat sb; | 261 | struct stat sb; |
| 262 | #endif | 262 | #endif |
| 263 | 263 | ||
| 264 | if (issetugid() == 0) | 264 | if (OPENSSL_issetugid() == 0) |
| 265 | s=getenv("RANDFILE"); | 265 | s=getenv("RANDFILE"); |
| 266 | if (s != NULL && *s && strlen(s) + 1 < size) | 266 | if (s != NULL && *s && strlen(s) + 1 < size) |
| 267 | { | 267 | { |
| @@ -270,7 +270,7 @@ const char *RAND_file_name(char *buf, size_t size) | |||
| 270 | } | 270 | } |
| 271 | else | 271 | else |
| 272 | { | 272 | { |
| 273 | if (issetugid() == 0) | 273 | if (OPENSSL_issetugid() == 0) |
| 274 | s=getenv("HOME"); | 274 | s=getenv("HOME"); |
| 275 | #ifdef DEFAULT_HOME | 275 | #ifdef DEFAULT_HOME |
| 276 | if (s == NULL) | 276 | if (s == NULL) |
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h index 6cfb5fe479..8728e6124d 100644 --- a/src/lib/libcrypto/symhacks.h +++ b/src/lib/libcrypto/symhacks.h | |||
| @@ -62,6 +62,10 @@ | |||
| 62 | VAX. */ | 62 | VAX. */ |
| 63 | #ifdef OPENSSL_SYS_VMS | 63 | #ifdef OPENSSL_SYS_VMS |
| 64 | 64 | ||
| 65 | /* Hack a long name in crypto/cryptlib.c */ | ||
| 66 | #undef int_CRYPTO_set_do_dynlock_callback | ||
| 67 | #define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb | ||
| 68 | |||
| 65 | /* Hack a long name in crypto/ex_data.c */ | 69 | /* Hack a long name in crypto/ex_data.c */ |
| 66 | #undef CRYPTO_get_ex_data_implementation | 70 | #undef CRYPTO_get_ex_data_implementation |
| 67 | #define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl | 71 | #define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl |
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c index 7ab249c3be..ac0100808f 100644 --- a/src/lib/libcrypto/ui/ui_lib.c +++ b/src/lib/libcrypto/ui/ui_lib.c | |||
| @@ -90,6 +90,7 @@ UI *UI_new_method(const UI_METHOD *method) | |||
| 90 | 90 | ||
| 91 | ret->strings=NULL; | 91 | ret->strings=NULL; |
| 92 | ret->user_data=NULL; | 92 | ret->user_data=NULL; |
| 93 | ret->flags=0; | ||
| 93 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); | 94 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); |
| 94 | return ret; | 95 | return ret; |
| 95 | } | 96 | } |
diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd index 691be7a440..560ebeaf82 100644 --- a/src/lib/libcrypto/util/domd +++ b/src/lib/libcrypto/util/domd | |||
| @@ -22,7 +22,7 @@ if [ "$MAKEDEPEND" = "gcc" ]; then | |||
| 22 | done | 22 | done |
| 23 | sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp | 23 | sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp |
| 24 | echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp | 24 | echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp |
| 25 | gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp | 25 | ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp |
| 26 | ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new | 26 | ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new |
| 27 | rm -f Makefile.tmp | 27 | rm -f Makefile.tmp |
| 28 | else | 28 | else |
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index 0eb54ddc89..74eb337227 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num | |||
| @@ -3667,7 +3667,8 @@ CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: | |||
| 3667 | RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA | 3667 | RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA |
| 3668 | int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: | 3668 | int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: |
| 3669 | int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE | 3669 | int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE |
| 3670 | int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION: | 3670 | int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION: |
| 3671 | int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION: | ||
| 3671 | FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: | 3672 | FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: |
| 3672 | EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: | 3673 | EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: |
| 3673 | BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: | 3674 | BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: |
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl index 166785db8d..8eb3c6c4bd 100644 --- a/src/lib/libcrypto/util/pl/VC-32.pl +++ b/src/lib/libcrypto/util/pl/VC-32.pl | |||
| @@ -164,7 +164,7 @@ if ($FLAVOR =~ /NT/) | |||
| 164 | $ex_libs="unicows.lib $ex_libs"; | 164 | $ex_libs="unicows.lib $ex_libs"; |
| 165 | } | 165 | } |
| 166 | # static library stuff | 166 | # static library stuff |
| 167 | $mklib='lib'; | 167 | $mklib='lib /nologo'; |
| 168 | $ranlib=''; | 168 | $ranlib=''; |
| 169 | $plib=""; | 169 | $plib=""; |
| 170 | $libp=".lib"; | 170 | $libp=".lib"; |
| @@ -184,7 +184,7 @@ if ($nasm) { | |||
| 184 | $asm.=' /Zi' if $debug; | 184 | $asm.=' /Zi' if $debug; |
| 185 | $afile='/Fo'; | 185 | $afile='/Fo'; |
| 186 | } else { | 186 | } else { |
| 187 | $asm='ml /Cp /coff /c /Cx'; | 187 | $asm='ml /nologo /Cp /coff /c /Cx'; |
| 188 | $asm.=" /Zi" if $debug; | 188 | $asm.=" /Zi" if $debug; |
| 189 | $afile='/Fo'; | 189 | $afile='/Fo'; |
| 190 | } | 190 | } |
| @@ -404,7 +404,7 @@ sub do_link_rule | |||
| 404 | if ($standalone == 1) | 404 | if ($standalone == 1) |
| 405 | { | 405 | { |
| 406 | $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; | 406 | $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; |
| 407 | $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); | 407 | $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); |
| 408 | $ret.="$files $libs\n<<\n"; | 408 | $ret.="$files $libs\n<<\n"; |
| 409 | } | 409 | } |
| 410 | elsif ($standalone == 2) | 410 | elsif ($standalone == 2) |
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index e4c682fc44..2faf92514a 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
| @@ -288,7 +288,8 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | |||
| 288 | if (!(nabit & STR_TYPE_CMP) || | 288 | if (!(nabit & STR_TYPE_CMP) || |
| 289 | !(nbbit & STR_TYPE_CMP)) | 289 | !(nbbit & STR_TYPE_CMP)) |
| 290 | return j; | 290 | return j; |
| 291 | j = asn1_string_memcmp(na->value, nb->value); | 291 | if (!asn1_string_memcmp(na->value, nb->value)) |
| 292 | j = 0; | ||
| 292 | } | 293 | } |
| 293 | else if (na->value->type == V_ASN1_PRINTABLESTRING) | 294 | else if (na->value->type == V_ASN1_PRINTABLESTRING) |
| 294 | j=nocase_spacenorm_cmp(na->value, nb->value); | 295 | j=nocase_spacenorm_cmp(na->value, nb->value); |
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index a37f844d3c..efdf7c3ba7 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c | |||
| @@ -61,7 +61,7 @@ | |||
| 61 | 61 | ||
| 62 | #include <stdio.h> | 62 | #include <stdio.h> |
| 63 | #include <stdlib.h> | 63 | #include <stdlib.h> |
| 64 | #include <assert.h> | 64 | |
| 65 | #include "cryptlib.h" | 65 | #include "cryptlib.h" |
| 66 | #include <openssl/conf.h> | 66 | #include <openssl/conf.h> |
| 67 | #include <openssl/asn1.h> | 67 | #include <openssl/asn1.h> |
| @@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi) | |||
| 128 | /* | 128 | /* |
| 129 | * Extract the AFI from an IPAddressFamily. | 129 | * Extract the AFI from an IPAddressFamily. |
| 130 | */ | 130 | */ |
| 131 | unsigned v3_addr_get_afi(const IPAddressFamily *f) | 131 | unsigned int v3_addr_get_afi(const IPAddressFamily *f) |
| 132 | { | 132 | { |
| 133 | return ((f != NULL && | 133 | return ((f != NULL && |
| 134 | f->addressFamily != NULL && | 134 | f->addressFamily != NULL && |
| @@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr, | |||
| 147 | const int length, | 147 | const int length, |
| 148 | const unsigned char fill) | 148 | const unsigned char fill) |
| 149 | { | 149 | { |
| 150 | assert(bs->length >= 0 && bs->length <= length); | 150 | OPENSSL_assert(bs->length >= 0 && bs->length <= length); |
| 151 | if (bs->length > 0) { | 151 | if (bs->length > 0) { |
| 152 | memcpy(addr, bs->data, bs->length); | 152 | memcpy(addr, bs->data, bs->length); |
| 153 | if ((bs->flags & 7) != 0) { | 153 | if ((bs->flags & 7) != 0) { |
| @@ -190,6 +190,8 @@ static int i2r_address(BIO *out, | |||
| 190 | BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); | 190 | BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); |
| 191 | if (i < 16) | 191 | if (i < 16) |
| 192 | BIO_puts(out, ":"); | 192 | BIO_puts(out, ":"); |
| 193 | if (i == 0) | ||
| 194 | BIO_puts(out, ":"); | ||
| 193 | break; | 195 | break; |
| 194 | default: | 196 | default: |
| 195 | for (i = 0; i < bs->length; i++) | 197 | for (i = 0; i < bs->length; i++) |
| @@ -243,7 +245,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, | |||
| 243 | int i; | 245 | int i; |
| 244 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | 246 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { |
| 245 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); | 247 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); |
| 246 | const unsigned afi = v3_addr_get_afi(f); | 248 | const unsigned int afi = v3_addr_get_afi(f); |
| 247 | switch (afi) { | 249 | switch (afi) { |
| 248 | case IANA_AFI_IPV4: | 250 | case IANA_AFI_IPV4: |
| 249 | BIO_printf(out, "%*sIPv4", indent, ""); | 251 | BIO_printf(out, "%*sIPv4", indent, ""); |
| @@ -453,7 +455,7 @@ static int make_addressRange(IPAddressOrRange **result, | |||
| 453 | if ((aor = IPAddressOrRange_new()) == NULL) | 455 | if ((aor = IPAddressOrRange_new()) == NULL) |
| 454 | return 0; | 456 | return 0; |
| 455 | aor->type = IPAddressOrRange_addressRange; | 457 | aor->type = IPAddressOrRange_addressRange; |
| 456 | assert(aor->u.addressRange == NULL); | 458 | OPENSSL_assert(aor->u.addressRange == NULL); |
| 457 | if ((aor->u.addressRange = IPAddressRange_new()) == NULL) | 459 | if ((aor->u.addressRange = IPAddressRange_new()) == NULL) |
| 458 | goto err; | 460 | goto err; |
| 459 | if (aor->u.addressRange->min == NULL && | 461 | if (aor->u.addressRange->min == NULL && |
| @@ -522,7 +524,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, | |||
| 522 | 524 | ||
| 523 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | 525 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { |
| 524 | f = sk_IPAddressFamily_value(addr, i); | 526 | f = sk_IPAddressFamily_value(addr, i); |
| 525 | assert(f->addressFamily->data != NULL); | 527 | OPENSSL_assert(f->addressFamily->data != NULL); |
| 526 | if (f->addressFamily->length == keylen && | 528 | if (f->addressFamily->length == keylen && |
| 527 | !memcmp(f->addressFamily->data, key, keylen)) | 529 | !memcmp(f->addressFamily->data, key, keylen)) |
| 528 | return f; | 530 | return f; |
| @@ -654,7 +656,7 @@ static void extract_min_max(IPAddressOrRange *aor, | |||
| 654 | unsigned char *max, | 656 | unsigned char *max, |
| 655 | int length) | 657 | int length) |
| 656 | { | 658 | { |
| 657 | assert(aor != NULL && min != NULL && max != NULL); | 659 | OPENSSL_assert(aor != NULL && min != NULL && max != NULL); |
| 658 | switch (aor->type) { | 660 | switch (aor->type) { |
| 659 | case IPAddressOrRange_addressPrefix: | 661 | case IPAddressOrRange_addressPrefix: |
| 660 | addr_expand(min, aor->u.addressPrefix, length, 0x00); | 662 | addr_expand(min, aor->u.addressPrefix, length, 0x00); |
| @@ -880,7 +882,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) | |||
| 880 | } | 882 | } |
| 881 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); | 883 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); |
| 882 | sk_IPAddressFamily_sort(addr); | 884 | sk_IPAddressFamily_sort(addr); |
| 883 | assert(v3_addr_is_canonical(addr)); | 885 | OPENSSL_assert(v3_addr_is_canonical(addr)); |
| 884 | return 1; | 886 | return 1; |
| 885 | } | 887 | } |
| 886 | 888 | ||
| @@ -1127,7 +1129,10 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) | |||
| 1127 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { | 1129 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { |
| 1128 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); | 1130 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); |
| 1129 | int j = sk_IPAddressFamily_find(b, fa); | 1131 | int j = sk_IPAddressFamily_find(b, fa); |
| 1130 | IPAddressFamily *fb = sk_IPAddressFamily_value(b, j); | 1132 | IPAddressFamily *fb; |
| 1133 | fb = sk_IPAddressFamily_value(b, j); | ||
| 1134 | if (fb == NULL) | ||
| 1135 | return 0; | ||
| 1131 | if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, | 1136 | if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, |
| 1132 | fa->ipAddressChoice->u.addressesOrRanges, | 1137 | fa->ipAddressChoice->u.addressesOrRanges, |
| 1133 | length_from_afi(v3_addr_get_afi(fb)))) | 1138 | length_from_afi(v3_addr_get_afi(fb)))) |
| @@ -1164,9 +1169,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1164 | int i, j, ret = 1; | 1169 | int i, j, ret = 1; |
| 1165 | X509 *x = NULL; | 1170 | X509 *x = NULL; |
| 1166 | 1171 | ||
| 1167 | assert(chain != NULL && sk_X509_num(chain) > 0); | 1172 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); |
| 1168 | assert(ctx != NULL || ext != NULL); | 1173 | OPENSSL_assert(ctx != NULL || ext != NULL); |
| 1169 | assert(ctx == NULL || ctx->verify_cb != NULL); | 1174 | OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); |
| 1170 | 1175 | ||
| 1171 | /* | 1176 | /* |
| 1172 | * Figure out where to start. If we don't have an extension to | 1177 | * Figure out where to start. If we don't have an extension to |
| @@ -1178,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1178 | } else { | 1183 | } else { |
| 1179 | i = 0; | 1184 | i = 0; |
| 1180 | x = sk_X509_value(chain, i); | 1185 | x = sk_X509_value(chain, i); |
| 1181 | assert(x != NULL); | 1186 | OPENSSL_assert(x != NULL); |
| 1182 | if ((ext = x->rfc3779_addr) == NULL) | 1187 | if ((ext = x->rfc3779_addr) == NULL) |
| 1183 | goto done; | 1188 | goto done; |
| 1184 | } | 1189 | } |
| @@ -1197,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1197 | */ | 1202 | */ |
| 1198 | for (i++; i < sk_X509_num(chain); i++) { | 1203 | for (i++; i < sk_X509_num(chain); i++) { |
| 1199 | x = sk_X509_value(chain, i); | 1204 | x = sk_X509_value(chain, i); |
| 1200 | assert(x != NULL); | 1205 | OPENSSL_assert(x != NULL); |
| 1201 | if (!v3_addr_is_canonical(x->rfc3779_addr)) | 1206 | if (!v3_addr_is_canonical(x->rfc3779_addr)) |
| 1202 | validation_err(X509_V_ERR_INVALID_EXTENSION); | 1207 | validation_err(X509_V_ERR_INVALID_EXTENSION); |
| 1203 | if (x->rfc3779_addr == NULL) { | 1208 | if (x->rfc3779_addr == NULL) { |
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c index 95596055ab..ad0506d75c 100644 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ b/src/lib/libcrypto/x509v3/v3_cpols.c | |||
| @@ -181,7 +181,11 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, | |||
| 181 | pol = POLICYINFO_new(); | 181 | pol = POLICYINFO_new(); |
| 182 | pol->policyid = pobj; | 182 | pol->policyid = pobj; |
| 183 | } | 183 | } |
| 184 | sk_POLICYINFO_push(pols, pol); | 184 | if (!sk_POLICYINFO_push(pols, pol)){ |
| 185 | POLICYINFO_free(pol); | ||
| 186 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); | ||
| 187 | goto err; | ||
| 188 | } | ||
| 185 | } | 189 | } |
| 186 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | 190 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); |
| 187 | return pols; | 191 | return pols; |
| @@ -447,3 +451,4 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) | |||
| 447 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); | 451 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); |
| 448 | } | 452 | } |
| 449 | 453 | ||
| 454 | IMPLEMENT_STACK_OF(X509_POLICY_NODE) | ||
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index c888c56c26..04d332e338 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES | |||
| @@ -2,11 +2,51 @@ | |||
| 2 | OpenSSL CHANGES | 2 | OpenSSL CHANGES |
| 3 | _______________ | 3 | _______________ |
| 4 | 4 | ||
| 5 | Changes between 0.9.8i and 0.9.8j [07 Jan 2009] | 5 | Changes between 0.9.8j and 0.9.8k [25 Mar 2009] |
| 6 | 6 | ||
| 7 | *) Properly check EVP_VerifyFinal() and similar return values | 7 | *) Don't set val to NULL when freeing up structures, it is freed up by |
| 8 | (CVE-2008-5077). | 8 | underlying code. If sizeof(void *) > sizeof(long) this can result in |
| 9 | [Ben Laurie, Bodo Moeller, Google Security Team] | 9 | zeroing past the valid field. (CVE-2009-0789) |
| 10 | [Paolo Ganci <Paolo.Ganci@AdNovum.CH>] | ||
| 11 | |||
| 12 | *) Fix bug where return value of CMS_SignerInfo_verify_content() was not | ||
| 13 | checked correctly. This would allow some invalid signed attributes to | ||
| 14 | appear to verify correctly. (CVE-2009-0591) | ||
| 15 | [Ivan Nestlerode <inestlerode@us.ibm.com>] | ||
| 16 | |||
| 17 | *) Reject UniversalString and BMPString types with invalid lengths. This | ||
| 18 | prevents a crash in ASN1_STRING_print_ex() which assumes the strings have | ||
| 19 | a legal length. (CVE-2009-0590) | ||
| 20 | [Steve Henson] | ||
| 21 | |||
| 22 | *) Set S/MIME signing as the default purpose rather than setting it | ||
| 23 | unconditionally. This allows applications to override it at the store | ||
| 24 | level. | ||
| 25 | [Steve Henson] | ||
| 26 | |||
| 27 | *) Permit restricted recursion of ASN1 strings. This is needed in practice | ||
| 28 | to handle some structures. | ||
| 29 | [Steve Henson] | ||
| 30 | |||
| 31 | *) Improve efficiency of mem_gets: don't search whole buffer each time | ||
| 32 | for a '\n' | ||
| 33 | [Jeremy Shapiro <jnshapir@us.ibm.com>] | ||
| 34 | |||
| 35 | *) New -hex option for openssl rand. | ||
| 36 | [Matthieu Herrb] | ||
| 37 | |||
| 38 | *) Print out UTF8String and NumericString when parsing ASN1. | ||
| 39 | [Steve Henson] | ||
| 40 | |||
| 41 | *) Support NumericString type for name components. | ||
| 42 | [Steve Henson] | ||
| 43 | |||
| 44 | *) Allow CC in the environment to override the automatically chosen | ||
| 45 | compiler. Note that nothing is done to ensure flags work with the | ||
| 46 | chosen compiler. | ||
| 47 | [Ben Laurie] | ||
| 48 | |||
| 49 | Changes between 0.9.8i and 0.9.8j [07 Jan 2009] | ||
| 10 | 50 | ||
| 11 | *) Properly check EVP_VerifyFinal() and similar return values | 51 | *) Properly check EVP_VerifyFinal() and similar return values |
| 12 | (CVE-2008-5077). | 52 | (CVE-2008-5077). |
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index 09b58f2113..c6dbfae482 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure | |||
| @@ -101,6 +101,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta | |||
| 101 | # SHA512_ASM sha512_block is implemented in assembler | 101 | # SHA512_ASM sha512_block is implemented in assembler |
| 102 | # AES_ASM ASE_[en|de]crypt is implemented in assembler | 102 | # AES_ASM ASE_[en|de]crypt is implemented in assembler |
| 103 | 103 | ||
| 104 | # Minimum warning options... any contributions to OpenSSL should at least get | ||
| 105 | # past these. | ||
| 106 | |||
| 107 | my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; | ||
| 108 | |||
| 104 | my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; | 109 | my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; |
| 105 | 110 | ||
| 106 | # MD2_CHAR slags pentium pros | 111 | # MD2_CHAR slags pentium pros |
| @@ -154,15 +159,15 @@ my %table=( | |||
| 154 | "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", | 159 | "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", |
| 155 | "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | 160 | "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", |
| 156 | "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | 161 | "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", |
| 157 | "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", | 162 | "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", |
| 158 | "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", | 163 | "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", |
| 159 | "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | 164 | "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", |
| 160 | "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | 165 | "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", |
| 161 | "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", | 166 | "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", |
| 162 | "debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -Wsign-compare -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 167 | "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 163 | "debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 168 | "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 169 | "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 164 | "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", | 170 | "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", |
| 165 | "debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", | ||
| 166 | "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", | 171 | "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", |
| 167 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 172 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 168 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 173 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| @@ -948,6 +953,10 @@ print "Configuring for $target\n"; | |||
| 948 | 953 | ||
| 949 | my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); | 954 | my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); |
| 950 | my $cc = $fields[$idx_cc]; | 955 | my $cc = $fields[$idx_cc]; |
| 956 | # Allow environment CC to override compiler... | ||
| 957 | if($ENV{CC}) { | ||
| 958 | $cc = $ENV{CC}; | ||
| 959 | } | ||
| 951 | my $cflags = $fields[$idx_cflags]; | 960 | my $cflags = $fields[$idx_cflags]; |
| 952 | my $unistd = $fields[$idx_unistd]; | 961 | my $unistd = $fields[$idx_unistd]; |
| 953 | my $thread_cflag = $fields[$idx_thread_cflag]; | 962 | my $thread_cflag = $fields[$idx_thread_cflag]; |
| @@ -1048,7 +1057,6 @@ foreach (sort (keys %disabled)) | |||
| 1048 | print "\n"; | 1057 | print "\n"; |
| 1049 | } | 1058 | } |
| 1050 | 1059 | ||
| 1051 | |||
| 1052 | my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; | 1060 | my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; |
| 1053 | 1061 | ||
| 1054 | $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); | 1062 | $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); |
| @@ -1443,6 +1451,8 @@ while (<IN>) | |||
| 1443 | } | 1451 | } |
| 1444 | } | 1452 | } |
| 1445 | $sdirs = 0 unless /\\$/; | 1453 | $sdirs = 0 unless /\\$/; |
| 1454 | s/fips // if (/^DIRS=/ && !$fips); | ||
| 1455 | s/engines // if (/^DIRS=/ && $disabled{"engine"}); | ||
| 1446 | s/^VERSION=.*/VERSION=$version/; | 1456 | s/^VERSION=.*/VERSION=$version/; |
| 1447 | s/^MAJOR=.*/MAJOR=$major/; | 1457 | s/^MAJOR=.*/MAJOR=$major/; |
| 1448 | s/^MINOR=.*/MINOR=$minor/; | 1458 | s/^MINOR=.*/MINOR=$minor/; |
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ index ce71246fb8..942a671f2c 100644 --- a/src/lib/libssl/src/FAQ +++ b/src/lib/libssl/src/FAQ | |||
| @@ -78,7 +78,7 @@ OpenSSL - Frequently Asked Questions | |||
| 78 | * Which is the current version of OpenSSL? | 78 | * Which is the current version of OpenSSL? |
| 79 | 79 | ||
| 80 | The current version is available from <URL: http://www.openssl.org>. | 80 | The current version is available from <URL: http://www.openssl.org>. |
| 81 | OpenSSL 0.9.8j was released on Jan 7th, 2009. | 81 | OpenSSL 0.9.8k was released on Mar 25th, 2009. |
| 82 | 82 | ||
| 83 | In addition to the current stable release, you can also access daily | 83 | In addition to the current stable release, you can also access daily |
| 84 | snapshots of the OpenSSL development version at <URL: | 84 | snapshots of the OpenSSL development version at <URL: |
diff --git a/src/lib/libssl/src/Makefile b/src/lib/libssl/src/Makefile index fe0fe16843..57d742e4d4 100644 --- a/src/lib/libssl/src/Makefile +++ b/src/lib/libssl/src/Makefile | |||
| @@ -4,7 +4,7 @@ | |||
| 4 | ## Makefile for OpenSSL | 4 | ## Makefile for OpenSSL |
| 5 | ## | 5 | ## |
| 6 | 6 | ||
| 7 | VERSION=0.9.8j | 7 | VERSION=0.9.8k |
| 8 | MAJOR=0 | 8 | MAJOR=0 |
| 9 | MINOR=9.8 | 9 | MINOR=9.8 |
| 10 | SHLIB_VERSION_NUMBER=0.9.8 | 10 | SHLIB_VERSION_NUMBER=0.9.8 |
| @@ -133,7 +133,7 @@ FIPSCANLIB= | |||
| 133 | 133 | ||
| 134 | BASEADDR=0xFB00000 | 134 | BASEADDR=0xFB00000 |
| 135 | 135 | ||
| 136 | DIRS= crypto fips ssl engines apps test tools | 136 | DIRS= crypto ssl engines apps test tools |
| 137 | SHLIBDIRS= crypto ssl | 137 | SHLIBDIRS= crypto ssl |
| 138 | 138 | ||
| 139 | # dirs in crypto to build | 139 | # dirs in crypto to build |
| @@ -506,6 +506,9 @@ links: | |||
| 506 | @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl | 506 | @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl |
| 507 | @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) | 507 | @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) |
| 508 | @set -e; target=links; $(RECURSIVE_BUILD_CMD) | 508 | @set -e; target=links; $(RECURSIVE_BUILD_CMD) |
| 509 | @if [ -z "$(FIPSCANLIB)" ]; then \ | ||
| 510 | set -e; target=links; dir=fips ; $(BUILD_CMD) ; \ | ||
| 511 | fi | ||
| 509 | 512 | ||
| 510 | gentests: | 513 | gentests: |
| 511 | @(cd test && echo "generating dummy tests (if needed)..." && \ | 514 | @(cd test && echo "generating dummy tests (if needed)..." && \ |
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org index 4be7dad7d6..d1b56b2f58 100644 --- a/src/lib/libssl/src/Makefile.org +++ b/src/lib/libssl/src/Makefile.org | |||
| @@ -504,6 +504,9 @@ links: | |||
| 504 | @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl | 504 | @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl |
| 505 | @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) | 505 | @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) |
| 506 | @set -e; target=links; $(RECURSIVE_BUILD_CMD) | 506 | @set -e; target=links; $(RECURSIVE_BUILD_CMD) |
| 507 | @if [ -z "$(FIPSCANLIB)" ]; then \ | ||
| 508 | set -e; target=links; dir=fips ; $(BUILD_CMD) ; \ | ||
| 509 | fi | ||
| 507 | 510 | ||
| 508 | gentests: | 511 | gentests: |
| 509 | @(cd test && echo "generating dummy tests (if needed)..." && \ | 512 | @(cd test && echo "generating dummy tests (if needed)..." && \ |
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS index 322c3848f2..37156fc593 100644 --- a/src/lib/libssl/src/NEWS +++ b/src/lib/libssl/src/NEWS | |||
| @@ -5,6 +5,11 @@ | |||
| 5 | This file gives a brief overview of the major changes between each OpenSSL | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | release. For more details please read the CHANGES file. | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | ||
| 8 | Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: | ||
| 9 | |||
| 10 | o Fix various build issues. | ||
| 11 | o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) | ||
| 12 | |||
| 8 | Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: | 13 | Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: |
| 9 | 14 | ||
| 10 | o Fix security issue (CVE-2008-5077) | 15 | o Fix security issue (CVE-2008-5077) |
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README index b3baac4a36..99a6a7b4bf 100644 --- a/src/lib/libssl/src/README +++ b/src/lib/libssl/src/README | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | OpenSSL 0.9.8j | 2 | OpenSSL 0.9.8k |
| 3 | 3 | ||
| 4 | Copyright (c) 1998-2008 The OpenSSL Project | 4 | Copyright (c) 1998-2008 The OpenSSL Project |
| 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c index 367eb177e1..498722a5a2 100644 --- a/src/lib/libssl/src/apps/apps.c +++ b/src/lib/libssl/src/apps/apps.c | |||
| @@ -2428,7 +2428,7 @@ static void readbn(BIGNUM **bn, BIO *bconn) | |||
| 2428 | int l; | 2428 | int l; |
| 2429 | 2429 | ||
| 2430 | l = BIO_gets(bconn, buf, sizeof buf); | 2430 | l = BIO_gets(bconn, buf, sizeof buf); |
| 2431 | assert(l >= 0); | 2431 | assert(l > 0); |
| 2432 | assert(buf[l-1] == '\n'); | 2432 | assert(buf[l-1] == '\n'); |
| 2433 | buf[l-1] = '\0'; | 2433 | buf[l-1] = '\0'; |
| 2434 | BN_hex2bn(bn, buf); | 2434 | BN_hex2bn(bn, buf); |
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index d74a8bcfcf..df0a0cb19d 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c | |||
| @@ -83,7 +83,7 @@ | |||
| 83 | # else | 83 | # else |
| 84 | # include <unixlib.h> | 84 | # include <unixlib.h> |
| 85 | # endif | 85 | # endif |
| 86 | # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) | 86 | # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM) |
| 87 | # include <sys/file.h> | 87 | # include <sys/file.h> |
| 88 | # endif | 88 | # endif |
| 89 | #endif | 89 | #endif |
diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c index 5725a20d07..04bd57c6e8 100644 --- a/src/lib/libssl/src/apps/dhparam.c +++ b/src/lib/libssl/src/apps/dhparam.c | |||
| @@ -505,7 +505,7 @@ bad: | |||
| 505 | printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); | 505 | printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); |
| 506 | printf("\t\t{ DH_free(dh); return(NULL); }\n"); | 506 | printf("\t\t{ DH_free(dh); return(NULL); }\n"); |
| 507 | if (dh->length) | 507 | if (dh->length) |
| 508 | printf("\tdh->length = %d;\n", dh->length); | 508 | printf("\tdh->length = %ld;\n", dh->length); |
| 509 | printf("\treturn(dh);\n\t}\n"); | 509 | printf("\treturn(dh);\n\t}\n"); |
| 510 | OPENSSL_free(data); | 510 | OPENSSL_free(data); |
| 511 | } | 511 | } |
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c index 47c6eb604d..f4f9a4c4a4 100644 --- a/src/lib/libssl/src/apps/enc.c +++ b/src/lib/libssl/src/apps/enc.c | |||
| @@ -533,7 +533,8 @@ bad: | |||
| 533 | BIO_printf(bio_err,"invalid hex iv value\n"); | 533 | BIO_printf(bio_err,"invalid hex iv value\n"); |
| 534 | goto end; | 534 | goto end; |
| 535 | } | 535 | } |
| 536 | if ((hiv == NULL) && (str == NULL)) | 536 | if ((hiv == NULL) && (str == NULL) |
| 537 | && EVP_CIPHER_iv_length(cipher) != 0) | ||
| 537 | { | 538 | { |
| 538 | /* No IV was explicitly set and no IV was generated | 539 | /* No IV was explicitly set and no IV was generated |
| 539 | * during EVP_BytesToKey. Hence the IV is undefined, | 540 | * during EVP_BytesToKey. Hence the IV is undefined, |
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c index 1d0dd9bfbc..17bd81fb79 100644 --- a/src/lib/libssl/src/apps/engine.c +++ b/src/lib/libssl/src/apps/engine.c | |||
| @@ -252,7 +252,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent | |||
| 252 | /* Now decide on the output */ | 252 | /* Now decide on the output */ |
| 253 | if(xpos == 0) | 253 | if(xpos == 0) |
| 254 | /* Do an indent */ | 254 | /* Do an indent */ |
| 255 | xpos = BIO_printf(bio_out, indent); | 255 | xpos = BIO_puts(bio_out, indent); |
| 256 | else | 256 | else |
| 257 | /* Otherwise prepend a ", " */ | 257 | /* Otherwise prepend a ", " */ |
| 258 | xpos += BIO_printf(bio_out, ", "); | 258 | xpos += BIO_printf(bio_out, ", "); |
| @@ -263,7 +263,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent | |||
| 263 | (xpos + (int)strlen(name) > line_wrap)) | 263 | (xpos + (int)strlen(name) > line_wrap)) |
| 264 | { | 264 | { |
| 265 | BIO_printf(bio_out, "\n"); | 265 | BIO_printf(bio_out, "\n"); |
| 266 | xpos = BIO_printf(bio_out, indent); | 266 | xpos = BIO_puts(bio_out, indent); |
| 267 | } | 267 | } |
| 268 | xpos += BIO_printf(bio_out, "%s", name); | 268 | xpos += BIO_printf(bio_out, "%s", name); |
| 269 | } | 269 | } |
diff --git a/src/lib/libssl/src/apps/rand.c b/src/lib/libssl/src/apps/rand.c index fa35505c18..44a1d46a03 100644 --- a/src/lib/libssl/src/apps/rand.c +++ b/src/lib/libssl/src/apps/rand.c | |||
| @@ -68,8 +68,8 @@ | |||
| 68 | 68 | ||
| 69 | /* -out file - write to file | 69 | /* -out file - write to file |
| 70 | * -rand file:file - PRNG seed files | 70 | * -rand file:file - PRNG seed files |
| 71 | * -base64 - encode output | 71 | * -base64 - base64 encode output |
| 72 | * -hex - hex encode output | 72 | * -hex - hex encode output |
| 73 | * num - write 'num' bytes | 73 | * num - write 'num' bytes |
| 74 | */ | 74 | */ |
| 75 | 75 | ||
| @@ -172,7 +172,7 @@ int MAIN(int argc, char **argv) | |||
| 172 | BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); | 172 | BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); |
| 173 | #endif | 173 | #endif |
| 174 | BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); | 174 | BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
| 175 | BIO_printf(bio_err, "-base64 - encode output\n"); | 175 | BIO_printf(bio_err, "-base64 - base64 encode output\n"); |
| 176 | BIO_printf(bio_err, "-hex - hex encode output\n"); | 176 | BIO_printf(bio_err, "-hex - hex encode output\n"); |
| 177 | goto err; | 177 | goto err; |
| 178 | } | 178 | } |
| @@ -225,13 +225,15 @@ int MAIN(int argc, char **argv) | |||
| 225 | goto err; | 225 | goto err; |
| 226 | if (!hex) | 226 | if (!hex) |
| 227 | BIO_write(out, buf, chunk); | 227 | BIO_write(out, buf, chunk); |
| 228 | else { | 228 | else |
| 229 | int i; | 229 | { |
| 230 | for (i = 0; i < chunk; i++) | 230 | for (i = 0; i < chunk; i++) |
| 231 | BIO_printf(out, "%02x", buf[i]); | 231 | BIO_printf(out, "%02x", buf[i]); |
| 232 | } | 232 | } |
| 233 | num -= chunk; | 233 | num -= chunk; |
| 234 | } | 234 | } |
| 235 | if (hex) | ||
| 236 | BIO_puts(out, "\n"); | ||
| 235 | (void)BIO_flush(out); | 237 | (void)BIO_flush(out); |
| 236 | 238 | ||
| 237 | app_RAND_write_file(NULL, bio_err); | 239 | app_RAND_write_file(NULL, bio_err); |
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c index d904d34021..6debce4419 100644 --- a/src/lib/libssl/src/apps/x509.c +++ b/src/lib/libssl/src/apps/x509.c | |||
| @@ -114,7 +114,7 @@ static const char *x509_usage[]={ | |||
| 114 | " -alias - output certificate alias\n", | 114 | " -alias - output certificate alias\n", |
| 115 | " -noout - no certificate output\n", | 115 | " -noout - no certificate output\n", |
| 116 | " -ocspid - print OCSP hash values for the subject name and public key\n", | 116 | " -ocspid - print OCSP hash values for the subject name and public key\n", |
| 117 | " -ocspurl - print OCSP Responder URL(s)\n", | 117 | " -ocsp_uri - print OCSP Responder URL(s)\n", |
| 118 | " -trustout - output a \"trusted\" certificate\n", | 118 | " -trustout - output a \"trusted\" certificate\n", |
| 119 | " -clrtrust - clear all trusted purposes\n", | 119 | " -clrtrust - clear all trusted purposes\n", |
| 120 | " -clrreject - clear all rejected purposes\n", | 120 | " -clrreject - clear all rejected purposes\n", |
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config index dde9275b76..68e7ea1737 100644 --- a/src/lib/libssl/src/config +++ b/src/lib/libssl/src/config | |||
| @@ -29,7 +29,7 @@ EXE="" | |||
| 29 | for i | 29 | for i |
| 30 | do | 30 | do |
| 31 | case "$i" in | 31 | case "$i" in |
| 32 | -d*) PREFIX="debug-";; | 32 | -d) PREFIX="debug-";; |
| 33 | -t*) TEST="true";; | 33 | -t*) TEST="true";; |
| 34 | -h*) TEST="true"; cat <<EOF | 34 | -h*) TEST="true"; cat <<EOF |
| 35 | Usage: config [options] | 35 | Usage: config [options] |
| @@ -399,11 +399,8 @@ exit 0 | |||
| 399 | # this is where the translation occurs into SSLeay terms | 399 | # this is where the translation occurs into SSLeay terms |
| 400 | # --------------------------------------------------------------------------- | 400 | # --------------------------------------------------------------------------- |
| 401 | 401 | ||
| 402 | # figure out if gcc is available and if so we use it otherwise | ||
| 403 | # we fallback to whatever cc does on the system | ||
| 404 | GCCVER=`(gcc -dumpversion) 2>/dev/null` | 402 | GCCVER=`(gcc -dumpversion) 2>/dev/null` |
| 405 | if [ "$GCCVER" != "" ]; then | 403 | if [ "$GCCVER" != "" ]; then |
| 406 | CC=gcc | ||
| 407 | # then strip off whatever prefix egcs prepends the number with... | 404 | # then strip off whatever prefix egcs prepends the number with... |
| 408 | # Hopefully, this will work for any future prefixes as well. | 405 | # Hopefully, this will work for any future prefixes as well. |
| 409 | GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'` | 406 | GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'` |
| @@ -412,8 +409,17 @@ if [ "$GCCVER" != "" ]; then | |||
| 412 | # major and minor version numbers. | 409 | # major and minor version numbers. |
| 413 | # peak single digit before and after first dot, e.g. 2.95.1 gives 29 | 410 | # peak single digit before and after first dot, e.g. 2.95.1 gives 29 |
| 414 | GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'` | 411 | GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'` |
| 415 | else | 412 | fi |
| 416 | CC=cc | 413 | |
| 414 | # Only set CC if not supplied already | ||
| 415 | if [ -z "$CC" ]; then | ||
| 416 | # figure out if gcc is available and if so we use it otherwise | ||
| 417 | # we fallback to whatever cc does on the system | ||
| 418 | if [ "$GCCVER" != "" ]; then | ||
| 419 | CC=gcc | ||
| 420 | else | ||
| 421 | CC=cc | ||
| 422 | fi | ||
| 417 | fi | 423 | fi |
| 418 | GCCVER=${GCCVER:-0} | 424 | GCCVER=${GCCVER:-0} |
| 419 | if [ "$SYSTEM" = "HP-UX" ];then | 425 | if [ "$SYSTEM" = "HP-UX" ];then |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h index 424cd348bb..e3385226d4 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1.h +++ b/src/lib/libssl/src/crypto/asn1/asn1.h | |||
| @@ -612,6 +612,7 @@ typedef struct BIT_STRING_BITNAME_st { | |||
| 612 | B_ASN1_GENERALIZEDTIME | 612 | B_ASN1_GENERALIZEDTIME |
| 613 | 613 | ||
| 614 | #define B_ASN1_PRINTABLE \ | 614 | #define B_ASN1_PRINTABLE \ |
| 615 | B_ASN1_NUMERICSTRING| \ | ||
| 615 | B_ASN1_PRINTABLESTRING| \ | 616 | B_ASN1_PRINTABLESTRING| \ |
| 616 | B_ASN1_T61STRING| \ | 617 | B_ASN1_T61STRING| \ |
| 617 | B_ASN1_IA5STRING| \ | 618 | B_ASN1_IA5STRING| \ |
| @@ -1217,6 +1218,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1217 | #define ASN1_R_BAD_OBJECT_HEADER 102 | 1218 | #define ASN1_R_BAD_OBJECT_HEADER 102 |
| 1218 | #define ASN1_R_BAD_PASSWORD_READ 103 | 1219 | #define ASN1_R_BAD_PASSWORD_READ 103 |
| 1219 | #define ASN1_R_BAD_TAG 104 | 1220 | #define ASN1_R_BAD_TAG 104 |
| 1221 | #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 | ||
| 1220 | #define ASN1_R_BN_LIB 105 | 1222 | #define ASN1_R_BN_LIB 105 |
| 1221 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 | 1223 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 |
| 1222 | #define ASN1_R_BUFFER_TOO_SMALL 107 | 1224 | #define ASN1_R_BUFFER_TOO_SMALL 107 |
| @@ -1306,6 +1308,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1306 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 | 1308 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 |
| 1307 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 | 1309 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 |
| 1308 | #define ASN1_R_UNEXPECTED_EOC 159 | 1310 | #define ASN1_R_UNEXPECTED_EOC 159 |
| 1311 | #define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 | ||
| 1309 | #define ASN1_R_UNKNOWN_FORMAT 160 | 1312 | #define ASN1_R_UNKNOWN_FORMAT 160 |
| 1310 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 | 1313 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 |
| 1311 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 | 1314 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c index f8a3e2e6cd..5f5de98eed 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_err.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c | |||
| @@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, | 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, |
| 196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, | 196 | {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, |
| 197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, | 197 | {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, |
| 198 | {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, | ||
| 198 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, | 199 | {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, |
| 199 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, | 200 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, |
| 200 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, | 201 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, |
| @@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 284 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, | 285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, |
| 285 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, | 286 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, |
| 286 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, | 287 | {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, |
| 288 | {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, | ||
| 287 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, | 289 | {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, |
| 288 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, | 290 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, |
| 289 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, | 291 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c index 501b62a4b1..8657f73d66 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_par.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c | |||
| @@ -213,6 +213,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse | |||
| 213 | (tag == V_ASN1_T61STRING) || | 213 | (tag == V_ASN1_T61STRING) || |
| 214 | (tag == V_ASN1_IA5STRING) || | 214 | (tag == V_ASN1_IA5STRING) || |
| 215 | (tag == V_ASN1_VISIBLESTRING) || | 215 | (tag == V_ASN1_VISIBLESTRING) || |
| 216 | (tag == V_ASN1_NUMERICSTRING) || | ||
| 217 | (tag == V_ASN1_UTF8STRING) || | ||
| 216 | (tag == V_ASN1_UTCTIME) || | 218 | (tag == V_ASN1_UTCTIME) || |
| 217 | (tag == V_ASN1_GENERALIZEDTIME)) | 219 | (tag == V_ASN1_GENERALIZEDTIME)) |
| 218 | { | 220 | { |
diff --git a/src/lib/libssl/src/crypto/asn1/asn_mime.c b/src/lib/libssl/src/crypto/asn1/asn_mime.c index bc80b20d63..d8d9e76cc0 100644 --- a/src/lib/libssl/src/crypto/asn1/asn_mime.c +++ b/src/lib/libssl/src/crypto/asn1/asn_mime.c | |||
| @@ -152,7 +152,6 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) | |||
| 152 | 152 | ||
| 153 | static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) | 153 | static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) |
| 154 | { | 154 | { |
| 155 | const EVP_MD *md; | ||
| 156 | int i, have_unknown = 0, write_comma, md_nid; | 155 | int i, have_unknown = 0, write_comma, md_nid; |
| 157 | have_unknown = 0; | 156 | have_unknown = 0; |
| 158 | write_comma = 0; | 157 | write_comma = 0; |
| @@ -162,7 +161,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) | |||
| 162 | BIO_write(out, ",", 1); | 161 | BIO_write(out, ",", 1); |
| 163 | write_comma = 1; | 162 | write_comma = 1; |
| 164 | md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); | 163 | md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); |
| 165 | md = EVP_get_digestbynid(md_nid); | ||
| 166 | switch(md_nid) | 164 | switch(md_nid) |
| 167 | { | 165 | { |
| 168 | case NID_sha1: | 166 | case NID_sha1: |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index ced641698e..48bc1c0d4d 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
| @@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len); | |||
| 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); | 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); |
| 70 | 70 | ||
| 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 72 | char inf, int tag, int aclass); | 72 | char inf, int tag, int aclass, int depth); |
| 73 | 73 | ||
| 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); | 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); |
| 75 | 75 | ||
| @@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, | |||
| 611 | 611 | ||
| 612 | err: | 612 | err: |
| 613 | ASN1_template_free(val, tt); | 613 | ASN1_template_free(val, tt); |
| 614 | *val = NULL; | ||
| 615 | return 0; | 614 | return 0; |
| 616 | } | 615 | } |
| 617 | 616 | ||
| @@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, | |||
| 758 | 757 | ||
| 759 | err: | 758 | err: |
| 760 | ASN1_template_free(val, tt); | 759 | ASN1_template_free(val, tt); |
| 761 | *val = NULL; | ||
| 762 | return 0; | 760 | return 0; |
| 763 | } | 761 | } |
| 764 | 762 | ||
| @@ -878,7 +876,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, | |||
| 878 | * internally irrespective of the type. So instead just check | 876 | * internally irrespective of the type. So instead just check |
| 879 | * for UNIVERSAL class and ignore the tag. | 877 | * for UNIVERSAL class and ignore the tag. |
| 880 | */ | 878 | */ |
| 881 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) | 879 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) |
| 882 | { | 880 | { |
| 883 | free_cont = 1; | 881 | free_cont = 1; |
| 884 | goto err; | 882 | goto err; |
| @@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, | |||
| 1012 | case V_ASN1_SET: | 1010 | case V_ASN1_SET: |
| 1013 | case V_ASN1_SEQUENCE: | 1011 | case V_ASN1_SEQUENCE: |
| 1014 | default: | 1012 | default: |
| 1013 | if (utype == V_ASN1_BMPSTRING && (len & 1)) | ||
| 1014 | { | ||
| 1015 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1016 | ASN1_R_BMPSTRING_IS_WRONG_LENGTH); | ||
| 1017 | goto err; | ||
| 1018 | } | ||
| 1019 | if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) | ||
| 1020 | { | ||
| 1021 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1022 | ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); | ||
| 1023 | goto err; | ||
| 1024 | } | ||
| 1015 | /* All based on ASN1_STRING and handled the same */ | 1025 | /* All based on ASN1_STRING and handled the same */ |
| 1016 | if (!*pval) | 1026 | if (!*pval) |
| 1017 | { | 1027 | { |
| @@ -1128,8 +1138,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) | |||
| 1128 | * if it is indefinite length. | 1138 | * if it is indefinite length. |
| 1129 | */ | 1139 | */ |
| 1130 | 1140 | ||
| 1141 | #ifndef ASN1_MAX_STRING_NEST | ||
| 1142 | /* This determines how many levels of recursion are permitted in ASN1 | ||
| 1143 | * string types. If it is not limited stack overflows can occur. If set | ||
| 1144 | * to zero no recursion is allowed at all. Although zero should be adequate | ||
| 1145 | * examples exist that require a value of 1. So 5 should be more than enough. | ||
| 1146 | */ | ||
| 1147 | #define ASN1_MAX_STRING_NEST 5 | ||
| 1148 | #endif | ||
| 1149 | |||
| 1150 | |||
| 1131 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 1151 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 1132 | char inf, int tag, int aclass) | 1152 | char inf, int tag, int aclass, int depth) |
| 1133 | { | 1153 | { |
| 1134 | const unsigned char *p, *q; | 1154 | const unsigned char *p, *q; |
| 1135 | long plen; | 1155 | long plen; |
| @@ -1171,13 +1191,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | |||
| 1171 | /* If indefinite length constructed update max length */ | 1191 | /* If indefinite length constructed update max length */ |
| 1172 | if (cst) | 1192 | if (cst) |
| 1173 | { | 1193 | { |
| 1174 | #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS | 1194 | if (depth >= ASN1_MAX_STRING_NEST) |
| 1175 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) | 1195 | { |
| 1196 | ASN1err(ASN1_F_ASN1_COLLECT, | ||
| 1197 | ASN1_R_NESTED_ASN1_STRING); | ||
| 1198 | return 0; | ||
| 1199 | } | ||
| 1200 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, | ||
| 1201 | depth + 1)) | ||
| 1176 | return 0; | 1202 | return 0; |
| 1177 | #else | ||
| 1178 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); | ||
| 1179 | return 0; | ||
| 1180 | #endif | ||
| 1181 | } | 1203 | } |
| 1182 | else if (plen && !collect_data(buf, &p, plen)) | 1204 | else if (plen && !collect_data(buf, &p, plen)) |
| 1183 | return 0; | 1205 | return 0; |
diff --git a/src/lib/libssl/src/crypto/bio/bss_mem.c b/src/lib/libssl/src/crypto/bio/bss_mem.c index a4edb711ae..e7ab9cb3a3 100644 --- a/src/lib/libssl/src/crypto/bio/bss_mem.c +++ b/src/lib/libssl/src/crypto/bio/bss_mem.c | |||
| @@ -284,6 +284,7 @@ static int mem_gets(BIO *bp, char *buf, int size) | |||
| 284 | 284 | ||
| 285 | BIO_clear_retry_flags(bp); | 285 | BIO_clear_retry_flags(bp); |
| 286 | j=bm->length; | 286 | j=bm->length; |
| 287 | if ((size-1) < j) j=size-1; | ||
| 287 | if (j <= 0) | 288 | if (j <= 0) |
| 288 | { | 289 | { |
| 289 | *buf='\0'; | 290 | *buf='\0'; |
| @@ -292,17 +293,18 @@ static int mem_gets(BIO *bp, char *buf, int size) | |||
| 292 | p=bm->data; | 293 | p=bm->data; |
| 293 | for (i=0; i<j; i++) | 294 | for (i=0; i<j; i++) |
| 294 | { | 295 | { |
| 295 | if (p[i] == '\n') break; | 296 | if (p[i] == '\n') |
| 296 | } | 297 | { |
| 297 | if (i == j) | 298 | i++; |
| 298 | { | 299 | break; |
| 299 | BIO_set_retry_read(bp); | 300 | } |
| 300 | /* return(-1); change the semantics 0.6.6a */ | ||
| 301 | } | 301 | } |
| 302 | else | 302 | |
| 303 | i++; | 303 | /* |
| 304 | /* i is the max to copy */ | 304 | * i is now the max num of bytes to copy, either j or up to |
| 305 | if ((size-1) < i) i=size-1; | 305 | * and including the first newline |
| 306 | */ | ||
| 307 | |||
| 306 | i=mem_read(bp,buf,i); | 308 | i=mem_read(bp,buf,i); |
| 307 | if (i > 0) buf[i]='\0'; | 309 | if (i > 0) buf[i]='\0'; |
| 308 | ret=i; | 310 | ret=i; |
diff --git a/src/lib/libssl/src/crypto/bio/bss_sock.c b/src/lib/libssl/src/crypto/bio/bss_sock.c index 472dd75821..30c3ceab46 100644 --- a/src/lib/libssl/src/crypto/bio/bss_sock.c +++ b/src/lib/libssl/src/crypto/bio/bss_sock.c | |||
| @@ -60,6 +60,9 @@ | |||
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | |||
| 64 | #ifndef OPENSSL_NO_SOCK | ||
| 65 | |||
| 63 | #include <openssl/bio.h> | 66 | #include <openssl/bio.h> |
| 64 | 67 | ||
| 65 | #ifdef WATT32 | 68 | #ifdef WATT32 |
| @@ -300,3 +303,5 @@ int BIO_sock_non_fatal_error(int err) | |||
| 300 | } | 303 | } |
| 301 | return(0); | 304 | return(0); |
| 302 | } | 305 | } |
| 306 | |||
| 307 | #endif /* #ifndef OPENSSL_NO_SOCK */ | ||
diff --git a/src/lib/libssl/src/crypto/cms/cms_smime.c b/src/lib/libssl/src/crypto/cms/cms_smime.c index b9463f9abb..f35883aa22 100644 --- a/src/lib/libssl/src/crypto/cms/cms_smime.c +++ b/src/lib/libssl/src/crypto/cms/cms_smime.c | |||
| @@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, | |||
| 298 | CMS_R_STORE_INIT_ERROR); | 298 | CMS_R_STORE_INIT_ERROR); |
| 299 | goto err; | 299 | goto err; |
| 300 | } | 300 | } |
| 301 | X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); | 301 | X509_STORE_CTX_set_default(&ctx, "smime_sign"); |
| 302 | if (crls) | 302 | if (crls) |
| 303 | X509_STORE_CTX_set0_crls(&ctx, crls); | 303 | X509_STORE_CTX_set0_crls(&ctx, crls); |
| 304 | 304 | ||
| @@ -425,7 +425,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, | |||
| 425 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) | 425 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) |
| 426 | { | 426 | { |
| 427 | si = sk_CMS_SignerInfo_value(sinfos, i); | 427 | si = sk_CMS_SignerInfo_value(sinfos, i); |
| 428 | if (!CMS_SignerInfo_verify_content(si, cmsbio)) | 428 | if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) |
| 429 | { | 429 | { |
| 430 | CMSerr(CMS_F_CMS_VERIFY, | 430 | CMSerr(CMS_F_CMS_VERIFY, |
| 431 | CMS_R_CONTENT_VERIFY_ERROR); | 431 | CMS_R_CONTENT_VERIFY_ERROR); |
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c index e286378cb1..ee9c677d9b 100644 --- a/src/lib/libssl/src/crypto/conf/conf_mod.c +++ b/src/lib/libssl/src/crypto/conf/conf_mod.c | |||
| @@ -588,7 +588,7 @@ int CONF_parse_list(const char *list_, int sep, int nospc, | |||
| 588 | { | 588 | { |
| 589 | if (nospc) | 589 | if (nospc) |
| 590 | { | 590 | { |
| 591 | while(isspace((unsigned char)*lstart)) | 591 | while(*lstart && isspace((unsigned char)*lstart)) |
| 592 | lstart++; | 592 | lstart++; |
| 593 | } | 593 | } |
| 594 | p = strchr(lstart, sep); | 594 | p = strchr(lstart, sep); |
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com index db9c882fb0..e72af90822 100644 --- a/src/lib/libssl/src/crypto/crypto-lib.com +++ b/src/lib/libssl/src/crypto/crypto-lib.com | |||
| @@ -169,7 +169,7 @@ $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" | |||
| 169 | $ LIB_MDC2 = "mdc2dgst,mdc2_one" | 169 | $ LIB_MDC2 = "mdc2dgst,mdc2_one" |
| 170 | $ LIB_HMAC = "hmac" | 170 | $ LIB_HMAC = "hmac" |
| 171 | $ LIB_RIPEMD = "rmd_dgst,rmd_one" | 171 | $ LIB_RIPEMD = "rmd_dgst,rmd_one" |
| 172 | $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - | 172 | $ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ - |
| 173 | "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - | 173 | "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - |
| 174 | "enc_read,enc_writ,ofb64enc,"+ - | 174 | "enc_read,enc_writ,ofb64enc,"+ - |
| 175 | "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - | 175 | "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - |
| @@ -191,7 +191,7 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - | |||
| 191 | "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - | 191 | "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - |
| 192 | "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - | 192 | "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - |
| 193 | "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - | 193 | "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - |
| 194 | "bn_depr,bn_const" | 194 | "bn_depr,bn_x931p,bn_const,bn_opt" |
| 195 | $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - | 195 | $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - |
| 196 | "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - | 196 | "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - |
| 197 | "ec2_smpl,ec2_mult" | 197 | "ec2_smpl,ec2_mult" |
| @@ -211,7 +211,7 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - | |||
| 211 | "tb_cipher,tb_digest,"+ - | 211 | "tb_cipher,tb_digest,"+ - |
| 212 | "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" | 212 | "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" |
| 213 | $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - | 213 | $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - |
| 214 | "aes_ctr,aes_ige" | 214 | "aes_ctr,aes_ige,aes_wrap" |
| 215 | $ LIB_BUFFER = "buffer,buf_str,buf_err" | 215 | $ LIB_BUFFER = "buffer,buf_str,buf_err" |
| 216 | $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - | 216 | $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - |
| 217 | "bss_mem,bss_null,bss_fd,"+ - | 217 | "bss_mem,bss_null,bss_fd,"+ - |
| @@ -246,7 +246,7 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - | |||
| 246 | $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - | 246 | $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - |
| 247 | "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - | 247 | "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - |
| 248 | "f_int,f_string,n_pkey,"+ - | 248 | "f_int,f_string,n_pkey,"+ - |
| 249 | "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - | 249 | "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - |
| 250 | "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - | 250 | "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - |
| 251 | "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" | 251 | "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" |
| 252 | $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - | 252 | $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - |
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h index 0a39742773..10475ac4b3 100644 --- a/src/lib/libssl/src/crypto/dh/dh.h +++ b/src/lib/libssl/src/crypto/dh/dh.h | |||
| @@ -122,7 +122,7 @@ struct dh_st | |||
| 122 | int version; | 122 | int version; |
| 123 | BIGNUM *p; | 123 | BIGNUM *p; |
| 124 | BIGNUM *g; | 124 | BIGNUM *g; |
| 125 | int length; /* optional */ | 125 | long length; /* optional */ |
| 126 | BIGNUM *pub_key; /* g^x */ | 126 | BIGNUM *pub_key; /* g^x */ |
| 127 | BIGNUM *priv_key; /* x */ | 127 | BIGNUM *priv_key; /* x */ |
| 128 | 128 | ||
| @@ -238,8 +238,6 @@ void ERR_load_DH_strings(void); | |||
| 238 | #define DH_R_KEY_SIZE_TOO_SMALL 104 | 238 | #define DH_R_KEY_SIZE_TOO_SMALL 104 |
| 239 | #define DH_R_MODULUS_TOO_LARGE 103 | 239 | #define DH_R_MODULUS_TOO_LARGE 103 |
| 240 | #define DH_R_NO_PRIVATE_VALUE 100 | 240 | #define DH_R_NO_PRIVATE_VALUE 100 |
| 241 | #define DH_R_INVALID_PUBKEY 102 | ||
| 242 | #define DH_R_MODULUS_TOO_LARGE 103 | ||
| 243 | 241 | ||
| 244 | #ifdef __cplusplus | 242 | #ifdef __cplusplus |
| 245 | } | 243 | } |
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c index b364362fca..13263c81c1 100644 --- a/src/lib/libssl/src/crypto/dh/dh_err.c +++ b/src/lib/libssl/src/crypto/dh/dh_err.c | |||
| @@ -90,8 +90,6 @@ static ERR_STRING_DATA DH_str_reasons[]= | |||
| 90 | {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, | 90 | {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, |
| 91 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | 91 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, |
| 92 | {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, | 92 | {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, |
| 93 | {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, | ||
| 94 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | ||
| 95 | {0,NULL} | 93 | {0,NULL} |
| 96 | }; | 94 | }; |
| 97 | 95 | ||
diff --git a/src/lib/libssl/src/crypto/evp/evp_test.c b/src/lib/libssl/src/crypto/evp/evp_test.c index bb6f02c2e9..436be20bf1 100644 --- a/src/lib/libssl/src/crypto/evp/evp_test.c +++ b/src/lib/libssl/src/crypto/evp/evp_test.c | |||
| @@ -220,18 +220,18 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, | |||
| 220 | test1_exit(7); | 220 | test1_exit(7); |
| 221 | } | 221 | } |
| 222 | 222 | ||
| 223 | if(outl+outl2 != cn) | 223 | if(outl+outl2 != pn) |
| 224 | { | 224 | { |
| 225 | fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", | 225 | fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", |
| 226 | outl+outl2,cn); | 226 | outl+outl2,pn); |
| 227 | test1_exit(8); | 227 | test1_exit(8); |
| 228 | } | 228 | } |
| 229 | 229 | ||
| 230 | if(memcmp(out,plaintext,cn)) | 230 | if(memcmp(out,plaintext,pn)) |
| 231 | { | 231 | { |
| 232 | fprintf(stderr,"Plaintext mismatch\n"); | 232 | fprintf(stderr,"Plaintext mismatch\n"); |
| 233 | hexdump(stderr,"Got",out,cn); | 233 | hexdump(stderr,"Got",out,pn); |
| 234 | hexdump(stderr,"Expected",plaintext,cn); | 234 | hexdump(stderr,"Expected",plaintext,pn); |
| 235 | test1_exit(9); | 235 | test1_exit(9); |
| 236 | } | 236 | } |
| 237 | } | 237 | } |
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h index 09687b5136..c6207f76b2 100644 --- a/src/lib/libssl/src/crypto/opensslv.h +++ b/src/lib/libssl/src/crypto/opensslv.h | |||
| @@ -25,11 +25,11 @@ | |||
| 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | * major minor fix final patch/beta) | 26 | * major minor fix final patch/beta) |
| 27 | */ | 27 | */ |
| 28 | #define OPENSSL_VERSION_NUMBER 0x009080afL | 28 | #define OPENSSL_VERSION_NUMBER 0x009080bfL |
| 29 | #ifdef OPENSSL_FIPS | 29 | #ifdef OPENSSL_FIPS |
| 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j-fips 07 Jan 2009" | 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k-fips 25 Mar 2009" |
| 31 | #else | 31 | #else |
| 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j 07 Jan 2009" | 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k 25 Mar 2009" |
| 33 | #endif | 33 | #endif |
| 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 35 | ||
diff --git a/src/lib/libssl/src/crypto/pem/pem.h b/src/lib/libssl/src/crypto/pem/pem.h index 6f8e01544b..6c193f1cbf 100644 --- a/src/lib/libssl/src/crypto/pem/pem.h +++ b/src/lib/libssl/src/crypto/pem/pem.h | |||
| @@ -215,7 +215,9 @@ typedef struct pem_ctx_st | |||
| 215 | 215 | ||
| 216 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ | 216 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ |
| 217 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ | 217 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ |
| 218 | #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ | ||
| 218 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ | 219 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ |
| 220 | #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ | ||
| 219 | 221 | ||
| 220 | #else | 222 | #else |
| 221 | 223 | ||
| @@ -355,6 +357,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 355 | 357 | ||
| 356 | #define DECLARE_PEM_read_fp(name, type) /**/ | 358 | #define DECLARE_PEM_read_fp(name, type) /**/ |
| 357 | #define DECLARE_PEM_write_fp(name, type) /**/ | 359 | #define DECLARE_PEM_write_fp(name, type) /**/ |
| 360 | #define DECLARE_PEM_write_fp_const(name, type) /**/ | ||
| 358 | #define DECLARE_PEM_write_cb_fp(name, type) /**/ | 361 | #define DECLARE_PEM_write_cb_fp(name, type) /**/ |
| 359 | 362 | ||
| 360 | #else | 363 | #else |
| @@ -392,6 +395,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 392 | 395 | ||
| 393 | #define DECLARE_PEM_read_bio(name, type) /**/ | 396 | #define DECLARE_PEM_read_bio(name, type) /**/ |
| 394 | #define DECLARE_PEM_write_bio(name, type) /**/ | 397 | #define DECLARE_PEM_write_bio(name, type) /**/ |
| 398 | #define DECLARE_PEM_write_bio_const(name, type) /**/ | ||
| 395 | #define DECLARE_PEM_write_cb_bio(name, type) /**/ | 399 | #define DECLARE_PEM_write_cb_bio(name, type) /**/ |
| 396 | 400 | ||
| 397 | #endif | 401 | #endif |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c index e863de52ce..9522342fa5 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c | |||
| @@ -170,6 +170,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | |||
| 170 | 170 | ||
| 171 | p12 = PKCS12_add_safes(safes, 0); | 171 | p12 = PKCS12_add_safes(safes, 0); |
| 172 | 172 | ||
| 173 | if (!p12) | ||
| 174 | goto err; | ||
| 175 | |||
| 173 | sk_PKCS7_pop_free(safes, PKCS7_free); | 176 | sk_PKCS7_pop_free(safes, PKCS7_free); |
| 174 | 177 | ||
| 175 | safes = NULL; | 178 | safes = NULL; |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c index c34db1d6fe..fd18ec3d95 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c | |||
| @@ -229,8 +229,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 229 | sk_X509_free(signers); | 229 | sk_X509_free(signers); |
| 230 | return 0; | 230 | return 0; |
| 231 | } | 231 | } |
| 232 | X509_STORE_CTX_set_purpose(&cert_ctx, | 232 | X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); |
| 233 | X509_PURPOSE_SMIME_SIGN); | ||
| 234 | } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { | 233 | } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { |
| 235 | PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); | 234 | PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); |
| 236 | sk_X509_free(signers); | 235 | sk_X509_free(signers); |
diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c index 964d25833c..58c6173094 100644 --- a/src/lib/libssl/src/crypto/rand/rand_unix.c +++ b/src/lib/libssl/src/crypto/rand/rand_unix.c | |||
| @@ -226,7 +226,7 @@ int RAND_poll(void) | |||
| 226 | t.tv_sec = 0; | 226 | t.tv_sec = 0; |
| 227 | t.tv_usec = usec; | 227 | t.tv_usec = usec; |
| 228 | 228 | ||
| 229 | if (FD_SETSIZE > 0 && fd >= FD_SETSIZE) | 229 | if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) |
| 230 | { | 230 | { |
| 231 | /* can't use select, so just try to read once anyway */ | 231 | /* can't use select, so just try to read once anyway */ |
| 232 | try_read = 1; | 232 | try_read = 1; |
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c index f63fbc1731..d108353bbc 100644 --- a/src/lib/libssl/src/crypto/rand/randfile.c +++ b/src/lib/libssl/src/crypto/rand/randfile.c | |||
| @@ -261,7 +261,7 @@ const char *RAND_file_name(char *buf, size_t size) | |||
| 261 | struct stat sb; | 261 | struct stat sb; |
| 262 | #endif | 262 | #endif |
| 263 | 263 | ||
| 264 | if (issetugid() == 0) | 264 | if (OPENSSL_issetugid() == 0) |
| 265 | s=getenv("RANDFILE"); | 265 | s=getenv("RANDFILE"); |
| 266 | if (s != NULL && *s && strlen(s) + 1 < size) | 266 | if (s != NULL && *s && strlen(s) + 1 < size) |
| 267 | { | 267 | { |
| @@ -270,7 +270,7 @@ const char *RAND_file_name(char *buf, size_t size) | |||
| 270 | } | 270 | } |
| 271 | else | 271 | else |
| 272 | { | 272 | { |
| 273 | if (issetugid() == 0) | 273 | if (OPENSSL_issetugid() == 0) |
| 274 | s=getenv("HOME"); | 274 | s=getenv("HOME"); |
| 275 | #ifdef DEFAULT_HOME | 275 | #ifdef DEFAULT_HOME |
| 276 | if (s == NULL) | 276 | if (s == NULL) |
diff --git a/src/lib/libssl/src/crypto/symhacks.h b/src/lib/libssl/src/crypto/symhacks.h index 6cfb5fe479..8728e6124d 100644 --- a/src/lib/libssl/src/crypto/symhacks.h +++ b/src/lib/libssl/src/crypto/symhacks.h | |||
| @@ -62,6 +62,10 @@ | |||
| 62 | VAX. */ | 62 | VAX. */ |
| 63 | #ifdef OPENSSL_SYS_VMS | 63 | #ifdef OPENSSL_SYS_VMS |
| 64 | 64 | ||
| 65 | /* Hack a long name in crypto/cryptlib.c */ | ||
| 66 | #undef int_CRYPTO_set_do_dynlock_callback | ||
| 67 | #define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb | ||
| 68 | |||
| 65 | /* Hack a long name in crypto/ex_data.c */ | 69 | /* Hack a long name in crypto/ex_data.c */ |
| 66 | #undef CRYPTO_get_ex_data_implementation | 70 | #undef CRYPTO_get_ex_data_implementation |
| 67 | #define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl | 71 | #define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl |
diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c index 7ab249c3be..ac0100808f 100644 --- a/src/lib/libssl/src/crypto/ui/ui_lib.c +++ b/src/lib/libssl/src/crypto/ui/ui_lib.c | |||
| @@ -90,6 +90,7 @@ UI *UI_new_method(const UI_METHOD *method) | |||
| 90 | 90 | ||
| 91 | ret->strings=NULL; | 91 | ret->strings=NULL; |
| 92 | ret->user_data=NULL; | 92 | ret->user_data=NULL; |
| 93 | ret->flags=0; | ||
| 93 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); | 94 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); |
| 94 | return ret; | 95 | return ret; |
| 95 | } | 96 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c index e4c682fc44..2faf92514a 100644 --- a/src/lib/libssl/src/crypto/x509/x509_cmp.c +++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c | |||
| @@ -288,7 +288,8 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | |||
| 288 | if (!(nabit & STR_TYPE_CMP) || | 288 | if (!(nabit & STR_TYPE_CMP) || |
| 289 | !(nbbit & STR_TYPE_CMP)) | 289 | !(nbbit & STR_TYPE_CMP)) |
| 290 | return j; | 290 | return j; |
| 291 | j = asn1_string_memcmp(na->value, nb->value); | 291 | if (!asn1_string_memcmp(na->value, nb->value)) |
| 292 | j = 0; | ||
| 292 | } | 293 | } |
| 293 | else if (na->value->type == V_ASN1_PRINTABLESTRING) | 294 | else if (na->value->type == V_ASN1_PRINTABLESTRING) |
| 294 | j=nocase_spacenorm_cmp(na->value, nb->value); | 295 | j=nocase_spacenorm_cmp(na->value, nb->value); |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_addr.c b/src/lib/libssl/src/crypto/x509v3/v3_addr.c index a37f844d3c..efdf7c3ba7 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_addr.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_addr.c | |||
| @@ -61,7 +61,7 @@ | |||
| 61 | 61 | ||
| 62 | #include <stdio.h> | 62 | #include <stdio.h> |
| 63 | #include <stdlib.h> | 63 | #include <stdlib.h> |
| 64 | #include <assert.h> | 64 | |
| 65 | #include "cryptlib.h" | 65 | #include "cryptlib.h" |
| 66 | #include <openssl/conf.h> | 66 | #include <openssl/conf.h> |
| 67 | #include <openssl/asn1.h> | 67 | #include <openssl/asn1.h> |
| @@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi) | |||
| 128 | /* | 128 | /* |
| 129 | * Extract the AFI from an IPAddressFamily. | 129 | * Extract the AFI from an IPAddressFamily. |
| 130 | */ | 130 | */ |
| 131 | unsigned v3_addr_get_afi(const IPAddressFamily *f) | 131 | unsigned int v3_addr_get_afi(const IPAddressFamily *f) |
| 132 | { | 132 | { |
| 133 | return ((f != NULL && | 133 | return ((f != NULL && |
| 134 | f->addressFamily != NULL && | 134 | f->addressFamily != NULL && |
| @@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr, | |||
| 147 | const int length, | 147 | const int length, |
| 148 | const unsigned char fill) | 148 | const unsigned char fill) |
| 149 | { | 149 | { |
| 150 | assert(bs->length >= 0 && bs->length <= length); | 150 | OPENSSL_assert(bs->length >= 0 && bs->length <= length); |
| 151 | if (bs->length > 0) { | 151 | if (bs->length > 0) { |
| 152 | memcpy(addr, bs->data, bs->length); | 152 | memcpy(addr, bs->data, bs->length); |
| 153 | if ((bs->flags & 7) != 0) { | 153 | if ((bs->flags & 7) != 0) { |
| @@ -190,6 +190,8 @@ static int i2r_address(BIO *out, | |||
| 190 | BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); | 190 | BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); |
| 191 | if (i < 16) | 191 | if (i < 16) |
| 192 | BIO_puts(out, ":"); | 192 | BIO_puts(out, ":"); |
| 193 | if (i == 0) | ||
| 194 | BIO_puts(out, ":"); | ||
| 193 | break; | 195 | break; |
| 194 | default: | 196 | default: |
| 195 | for (i = 0; i < bs->length; i++) | 197 | for (i = 0; i < bs->length; i++) |
| @@ -243,7 +245,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, | |||
| 243 | int i; | 245 | int i; |
| 244 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | 246 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { |
| 245 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); | 247 | IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); |
| 246 | const unsigned afi = v3_addr_get_afi(f); | 248 | const unsigned int afi = v3_addr_get_afi(f); |
| 247 | switch (afi) { | 249 | switch (afi) { |
| 248 | case IANA_AFI_IPV4: | 250 | case IANA_AFI_IPV4: |
| 249 | BIO_printf(out, "%*sIPv4", indent, ""); | 251 | BIO_printf(out, "%*sIPv4", indent, ""); |
| @@ -453,7 +455,7 @@ static int make_addressRange(IPAddressOrRange **result, | |||
| 453 | if ((aor = IPAddressOrRange_new()) == NULL) | 455 | if ((aor = IPAddressOrRange_new()) == NULL) |
| 454 | return 0; | 456 | return 0; |
| 455 | aor->type = IPAddressOrRange_addressRange; | 457 | aor->type = IPAddressOrRange_addressRange; |
| 456 | assert(aor->u.addressRange == NULL); | 458 | OPENSSL_assert(aor->u.addressRange == NULL); |
| 457 | if ((aor->u.addressRange = IPAddressRange_new()) == NULL) | 459 | if ((aor->u.addressRange = IPAddressRange_new()) == NULL) |
| 458 | goto err; | 460 | goto err; |
| 459 | if (aor->u.addressRange->min == NULL && | 461 | if (aor->u.addressRange->min == NULL && |
| @@ -522,7 +524,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, | |||
| 522 | 524 | ||
| 523 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { | 525 | for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { |
| 524 | f = sk_IPAddressFamily_value(addr, i); | 526 | f = sk_IPAddressFamily_value(addr, i); |
| 525 | assert(f->addressFamily->data != NULL); | 527 | OPENSSL_assert(f->addressFamily->data != NULL); |
| 526 | if (f->addressFamily->length == keylen && | 528 | if (f->addressFamily->length == keylen && |
| 527 | !memcmp(f->addressFamily->data, key, keylen)) | 529 | !memcmp(f->addressFamily->data, key, keylen)) |
| 528 | return f; | 530 | return f; |
| @@ -654,7 +656,7 @@ static void extract_min_max(IPAddressOrRange *aor, | |||
| 654 | unsigned char *max, | 656 | unsigned char *max, |
| 655 | int length) | 657 | int length) |
| 656 | { | 658 | { |
| 657 | assert(aor != NULL && min != NULL && max != NULL); | 659 | OPENSSL_assert(aor != NULL && min != NULL && max != NULL); |
| 658 | switch (aor->type) { | 660 | switch (aor->type) { |
| 659 | case IPAddressOrRange_addressPrefix: | 661 | case IPAddressOrRange_addressPrefix: |
| 660 | addr_expand(min, aor->u.addressPrefix, length, 0x00); | 662 | addr_expand(min, aor->u.addressPrefix, length, 0x00); |
| @@ -880,7 +882,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) | |||
| 880 | } | 882 | } |
| 881 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); | 883 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); |
| 882 | sk_IPAddressFamily_sort(addr); | 884 | sk_IPAddressFamily_sort(addr); |
| 883 | assert(v3_addr_is_canonical(addr)); | 885 | OPENSSL_assert(v3_addr_is_canonical(addr)); |
| 884 | return 1; | 886 | return 1; |
| 885 | } | 887 | } |
| 886 | 888 | ||
| @@ -1127,7 +1129,10 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) | |||
| 1127 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { | 1129 | for (i = 0; i < sk_IPAddressFamily_num(a); i++) { |
| 1128 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); | 1130 | IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); |
| 1129 | int j = sk_IPAddressFamily_find(b, fa); | 1131 | int j = sk_IPAddressFamily_find(b, fa); |
| 1130 | IPAddressFamily *fb = sk_IPAddressFamily_value(b, j); | 1132 | IPAddressFamily *fb; |
| 1133 | fb = sk_IPAddressFamily_value(b, j); | ||
| 1134 | if (fb == NULL) | ||
| 1135 | return 0; | ||
| 1131 | if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, | 1136 | if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, |
| 1132 | fa->ipAddressChoice->u.addressesOrRanges, | 1137 | fa->ipAddressChoice->u.addressesOrRanges, |
| 1133 | length_from_afi(v3_addr_get_afi(fb)))) | 1138 | length_from_afi(v3_addr_get_afi(fb)))) |
| @@ -1164,9 +1169,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1164 | int i, j, ret = 1; | 1169 | int i, j, ret = 1; |
| 1165 | X509 *x = NULL; | 1170 | X509 *x = NULL; |
| 1166 | 1171 | ||
| 1167 | assert(chain != NULL && sk_X509_num(chain) > 0); | 1172 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); |
| 1168 | assert(ctx != NULL || ext != NULL); | 1173 | OPENSSL_assert(ctx != NULL || ext != NULL); |
| 1169 | assert(ctx == NULL || ctx->verify_cb != NULL); | 1174 | OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); |
| 1170 | 1175 | ||
| 1171 | /* | 1176 | /* |
| 1172 | * Figure out where to start. If we don't have an extension to | 1177 | * Figure out where to start. If we don't have an extension to |
| @@ -1178,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1178 | } else { | 1183 | } else { |
| 1179 | i = 0; | 1184 | i = 0; |
| 1180 | x = sk_X509_value(chain, i); | 1185 | x = sk_X509_value(chain, i); |
| 1181 | assert(x != NULL); | 1186 | OPENSSL_assert(x != NULL); |
| 1182 | if ((ext = x->rfc3779_addr) == NULL) | 1187 | if ((ext = x->rfc3779_addr) == NULL) |
| 1183 | goto done; | 1188 | goto done; |
| 1184 | } | 1189 | } |
| @@ -1197,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1197 | */ | 1202 | */ |
| 1198 | for (i++; i < sk_X509_num(chain); i++) { | 1203 | for (i++; i < sk_X509_num(chain); i++) { |
| 1199 | x = sk_X509_value(chain, i); | 1204 | x = sk_X509_value(chain, i); |
| 1200 | assert(x != NULL); | 1205 | OPENSSL_assert(x != NULL); |
| 1201 | if (!v3_addr_is_canonical(x->rfc3779_addr)) | 1206 | if (!v3_addr_is_canonical(x->rfc3779_addr)) |
| 1202 | validation_err(X509_V_ERR_INVALID_EXTENSION); | 1207 | validation_err(X509_V_ERR_INVALID_EXTENSION); |
| 1203 | if (x->rfc3779_addr == NULL) { | 1208 | if (x->rfc3779_addr == NULL) { |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c index 95596055ab..ad0506d75c 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c | |||
| @@ -181,7 +181,11 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, | |||
| 181 | pol = POLICYINFO_new(); | 181 | pol = POLICYINFO_new(); |
| 182 | pol->policyid = pobj; | 182 | pol->policyid = pobj; |
| 183 | } | 183 | } |
| 184 | sk_POLICYINFO_push(pols, pol); | 184 | if (!sk_POLICYINFO_push(pols, pol)){ |
| 185 | POLICYINFO_free(pol); | ||
| 186 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); | ||
| 187 | goto err; | ||
| 188 | } | ||
| 185 | } | 189 | } |
| 186 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | 190 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); |
| 187 | return pols; | 191 | return pols; |
| @@ -447,3 +451,4 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) | |||
| 447 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); | 451 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); |
| 448 | } | 452 | } |
| 449 | 453 | ||
| 454 | IMPLEMENT_STACK_OF(X509_POLICY_NODE) | ||
diff --git a/src/lib/libssl/src/doc/apps/rand.pod b/src/lib/libssl/src/doc/apps/rand.pod index 75745ca002..d1d213ef43 100644 --- a/src/lib/libssl/src/doc/apps/rand.pod +++ b/src/lib/libssl/src/doc/apps/rand.pod | |||
| @@ -10,6 +10,7 @@ B<openssl rand> | |||
| 10 | [B<-out> I<file>] | 10 | [B<-out> I<file>] |
| 11 | [B<-rand> I<file(s)>] | 11 | [B<-rand> I<file(s)>] |
| 12 | [B<-base64>] | 12 | [B<-base64>] |
| 13 | [B<-hex>] | ||
| 13 | I<num> | 14 | I<num> |
| 14 | 15 | ||
| 15 | =head1 DESCRIPTION | 16 | =head1 DESCRIPTION |
| @@ -41,6 +42,10 @@ all others. | |||
| 41 | 42 | ||
| 42 | Perform base64 encoding on the output. | 43 | Perform base64 encoding on the output. |
| 43 | 44 | ||
| 45 | =item B<-hex> | ||
| 46 | |||
| 47 | Show the output as a hex string. | ||
| 48 | |||
| 44 | =back | 49 | =back |
| 45 | 50 | ||
| 46 | =head1 SEE ALSO | 51 | =head1 SEE ALSO |
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod index a925da41f1..f43c175235 100644 --- a/src/lib/libssl/src/doc/apps/x509.pod +++ b/src/lib/libssl/src/doc/apps/x509.pod | |||
| @@ -155,7 +155,7 @@ outputs the "hash" of the certificate issuer name. | |||
| 155 | 155 | ||
| 156 | =item B<-hash> | 156 | =item B<-hash> |
| 157 | 157 | ||
| 158 | synonym for "-hash" for backward compatibility reasons. | 158 | synonym for "-subject_hash" for backward compatibility reasons. |
| 159 | 159 | ||
| 160 | =item B<-subject> | 160 | =item B<-subject> |
| 161 | 161 | ||
diff --git a/src/lib/libssl/src/ms/do_masm.bat b/src/lib/libssl/src/ms/do_masm.bat index 8c22256b32..a8575321f9 100644 --- a/src/lib/libssl/src/ms/do_masm.bat +++ b/src/lib/libssl/src/ms/do_masm.bat | |||
| @@ -1,74 +1,70 @@ | |||
| 1 | @echo off | 1 | @SET ASMOPTS=-DOPENSSL_IA32_SSE2 |
| 2 | 2 | @echo Generating x86 for MASM assember | |
| 3 | SET ASMOPTS=-DOPENSSL_IA32_SSE2 | 3 | |
| 4 | echo Generating x86 for MASM assember | 4 | @echo Bignum |
| 5 | 5 | @cd crypto\bn\asm | |
| 6 | echo Bignum | 6 | @perl bn-586.pl win32 %ASMOPTS% > bn_win32.asm |
| 7 | cd crypto\bn\asm | 7 | @perl co-586.pl win32 %ASMOPTS% > co_win32.asm |
| 8 | perl bn-586.pl win32 %ASMOPTS% > bn_win32.asm | 8 | @perl mo-586.pl win32 %ASMOPTS% > mt_win32.asm |
| 9 | perl co-586.pl win32 %ASMOPTS% > co_win32.asm | 9 | @cd ..\..\.. |
| 10 | perl mo-586.pl win32 %ASMOPTS% > mt_win32.asm | 10 | |
| 11 | cd ..\..\.. | 11 | @echo AES |
| 12 | 12 | @cd crypto\aes\asm | |
| 13 | echo AES | 13 | @perl aes-586.pl win32 %ASMOPTS% > a_win32.asm |
| 14 | cd crypto\aes\asm | 14 | @cd ..\..\.. |
| 15 | perl aes-586.pl win32 %ASMOPTS% > a_win32.asm | 15 | |
| 16 | cd ..\..\.. | 16 | @echo DES |
| 17 | 17 | @cd crypto\des\asm | |
| 18 | echo DES | 18 | @perl des-586.pl win32 %ASMOPTS% > d_win32.asm |
| 19 | cd crypto\des\asm | 19 | @cd ..\..\.. |
| 20 | perl des-586.pl win32 %ASMOPTS% > d_win32.asm | 20 | |
| 21 | cd ..\..\.. | 21 | @echo "crypt(3)" |
| 22 | 22 | ||
| 23 | echo "crypt(3)" | 23 | @cd crypto\des\asm |
| 24 | 24 | @perl crypt586.pl win32 %ASMOPTS% > y_win32.asm | |
| 25 | cd crypto\des\asm | 25 | @cd ..\..\.. |
| 26 | perl crypt586.pl win32 %ASMOPTS% > y_win32.asm | 26 | |
| 27 | cd ..\..\.. | 27 | @echo Blowfish |
| 28 | 28 | ||
| 29 | echo Blowfish | 29 | @cd crypto\bf\asm |
| 30 | 30 | @perl bf-586.pl win32 %ASMOPTS% > b_win32.asm | |
| 31 | cd crypto\bf\asm | 31 | @cd ..\..\.. |
| 32 | perl bf-586.pl win32 %ASMOPTS% > b_win32.asm | 32 | |
| 33 | cd ..\..\.. | 33 | @echo CAST5 |
| 34 | 34 | @cd crypto\cast\asm | |
| 35 | echo CAST5 | 35 | @perl cast-586.pl win32 %ASMOPTS% > c_win32.asm |
| 36 | cd crypto\cast\asm | 36 | @cd ..\..\.. |
| 37 | perl cast-586.pl win32 %ASMOPTS% > c_win32.asm | 37 | |
| 38 | cd ..\..\.. | 38 | @echo RC4 |
| 39 | 39 | @cd crypto\rc4\asm | |
| 40 | echo RC4 | 40 | @perl rc4-586.pl win32 %ASMOPTS% > r4_win32.asm |
| 41 | cd crypto\rc4\asm | 41 | @cd ..\..\.. |
| 42 | perl rc4-586.pl win32 %ASMOPTS% > r4_win32.asm | 42 | |
| 43 | cd ..\..\.. | 43 | @echo MD5 |
| 44 | 44 | @cd crypto\md5\asm | |
| 45 | echo MD5 | 45 | @perl md5-586.pl win32 %ASMOPTS% > m5_win32.asm |
| 46 | cd crypto\md5\asm | 46 | @cd ..\..\.. |
| 47 | perl md5-586.pl win32 %ASMOPTS% > m5_win32.asm | 47 | |
| 48 | cd ..\..\.. | 48 | @echo SHA1 |
| 49 | 49 | @cd crypto\sha\asm | |
| 50 | echo SHA1 | 50 | @perl sha1-586.pl win32 %ASMOPTS% > s1_win32.asm |
| 51 | cd crypto\sha\asm | 51 | @perl sha512-sse2.pl win32 %ASMOPTS% > sha512-sse2.asm |
| 52 | perl sha1-586.pl win32 %ASMOPTS% > s1_win32.asm | 52 | @cd ..\..\.. |
| 53 | perl sha512-sse2.pl win32 %ASMOPTS% > sha512-sse2.asm | 53 | |
| 54 | cd ..\..\.. | 54 | @echo RIPEMD160 |
| 55 | 55 | @cd crypto\ripemd\asm | |
| 56 | echo RIPEMD160 | 56 | @perl rmd-586.pl win32 %ASMOPTS% > rm_win32.asm |
| 57 | cd crypto\ripemd\asm | 57 | @cd ..\..\.. |
| 58 | perl rmd-586.pl win32 %ASMOPTS% > rm_win32.asm | 58 | |
| 59 | cd ..\..\.. | 59 | @echo RC5\32 |
| 60 | 60 | @cd crypto\rc5\asm | |
| 61 | echo RC5\32 | 61 | @perl rc5-586.pl win32 %ASMOPTS% > r5_win32.asm |
| 62 | cd crypto\rc5\asm | 62 | @cd ..\..\.. |
| 63 | perl rc5-586.pl win32 %ASMOPTS% > r5_win32.asm | 63 | |
| 64 | cd ..\..\.. | 64 | @echo CPU-ID |
| 65 | 65 | @cd crypto | |
| 66 | echo CPU-ID | 66 | @perl x86cpuid.pl win32 %ASMOPTS% > cpu_win32.asm |
| 67 | cd crypto | 67 | @cd .. |
| 68 | perl x86cpuid.pl win32 %ASMOPTS% > cpu_win32.asm | ||
| 69 | cd .. | ||
| 70 | |||
| 71 | echo on | ||
| 72 | 68 | ||
| 73 | perl util\mkfiles.pl >MINFO | 69 | perl util\mkfiles.pl >MINFO |
| 74 | perl util\mk1mf.pl VC-WIN32 >ms\nt.mak | 70 | perl util\mk1mf.pl VC-WIN32 >ms\nt.mak |
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec index 6008c3c9c8..329e3925b7 100644 --- a/src/lib/libssl/src/openssl.spec +++ b/src/lib/libssl/src/openssl.spec | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | %define libmaj 0 | 1 | %define libmaj 0 |
| 2 | %define libmin 9 | 2 | %define libmin 9 |
| 3 | %define librel 8 | 3 | %define librel 8 |
| 4 | %define librev j | 4 | %define librev k |
| 5 | Release: 1 | 5 | Release: 1 |
| 6 | 6 | ||
| 7 | %define openssldir /var/ssl | 7 | %define openssldir /var/ssl |
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 4116fd12f1..e9c9a08306 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -1355,7 +1355,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1355 | comp->method=cm; | 1355 | comp->method=cm; |
| 1356 | load_builtin_compressions(); | 1356 | load_builtin_compressions(); |
| 1357 | if (ssl_comp_methods | 1357 | if (ssl_comp_methods |
| 1358 | && !sk_SSL_COMP_find(ssl_comp_methods,comp)) | 1358 | && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) |
| 1359 | { | 1359 | { |
| 1360 | OPENSSL_free(comp); | 1360 | OPENSSL_free(comp); |
| 1361 | MemCheck_on(); | 1361 | MemCheck_on(); |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 1ac7d6f951..1a961a9e9e 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -510,6 +510,8 @@ void SSL_free(SSL *s) | |||
| 510 | 510 | ||
| 511 | if (s->ctx) SSL_CTX_free(s->ctx); | 511 | if (s->ctx) SSL_CTX_free(s->ctx); |
| 512 | #ifndef OPENSSL_NO_TLSEXT | 512 | #ifndef OPENSSL_NO_TLSEXT |
| 513 | if (s->tlsext_hostname) | ||
| 514 | OPENSSL_free(s->tlsext_hostname); | ||
| 513 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | 515 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); |
| 514 | if (s->tlsext_ocsp_exts) | 516 | if (s->tlsext_ocsp_exts) |
| 515 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 517 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, |
diff --git a/src/lib/libssl/src/test/Makefile b/src/lib/libssl/src/test/Makefile index 73d64440b1..228ee368cd 100644 --- a/src/lib/libssl/src/test/Makefile +++ b/src/lib/libssl/src/test/Makefile | |||
| @@ -404,6 +404,8 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ | |||
| 404 | elif [ -n "$(FIPSCANLIB)" ]; then \ | 404 | elif [ -n "$(FIPSCANLIB)" ]; then \ |
| 405 | FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ | 405 | FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ |
| 406 | LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ | 406 | LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ |
| 407 | else \ | ||
| 408 | LIBRARIES="$(LIBCRYPTO)"; \ | ||
| 407 | fi; \ | 409 | fi; \ |
| 408 | $(MAKE) -f $(TOP)/Makefile.shared -e \ | 410 | $(MAKE) -f $(TOP)/Makefile.shared -e \ |
| 409 | CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ | 411 | CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ |
diff --git a/src/lib/libssl/src/util/domd b/src/lib/libssl/src/util/domd index 691be7a440..560ebeaf82 100644 --- a/src/lib/libssl/src/util/domd +++ b/src/lib/libssl/src/util/domd | |||
| @@ -22,7 +22,7 @@ if [ "$MAKEDEPEND" = "gcc" ]; then | |||
| 22 | done | 22 | done |
| 23 | sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp | 23 | sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp |
| 24 | echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp | 24 | echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp |
| 25 | gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp | 25 | ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp |
| 26 | ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new | 26 | ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new |
| 27 | rm -f Makefile.tmp | 27 | rm -f Makefile.tmp |
| 28 | else | 28 | else |
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num index 0eb54ddc89..74eb337227 100644 --- a/src/lib/libssl/src/util/libeay.num +++ b/src/lib/libssl/src/util/libeay.num | |||
| @@ -3667,7 +3667,8 @@ CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: | |||
| 3667 | RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA | 3667 | RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA |
| 3668 | int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: | 3668 | int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: |
| 3669 | int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE | 3669 | int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE |
| 3670 | int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION: | 3670 | int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION: |
| 3671 | int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION: | ||
| 3671 | FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: | 3672 | FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: |
| 3672 | EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: | 3673 | EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: |
| 3673 | BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: | 3674 | BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: |
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl index 166785db8d..8eb3c6c4bd 100644 --- a/src/lib/libssl/src/util/pl/VC-32.pl +++ b/src/lib/libssl/src/util/pl/VC-32.pl | |||
| @@ -164,7 +164,7 @@ if ($FLAVOR =~ /NT/) | |||
| 164 | $ex_libs="unicows.lib $ex_libs"; | 164 | $ex_libs="unicows.lib $ex_libs"; |
| 165 | } | 165 | } |
| 166 | # static library stuff | 166 | # static library stuff |
| 167 | $mklib='lib'; | 167 | $mklib='lib /nologo'; |
| 168 | $ranlib=''; | 168 | $ranlib=''; |
| 169 | $plib=""; | 169 | $plib=""; |
| 170 | $libp=".lib"; | 170 | $libp=".lib"; |
| @@ -184,7 +184,7 @@ if ($nasm) { | |||
| 184 | $asm.=' /Zi' if $debug; | 184 | $asm.=' /Zi' if $debug; |
| 185 | $afile='/Fo'; | 185 | $afile='/Fo'; |
| 186 | } else { | 186 | } else { |
| 187 | $asm='ml /Cp /coff /c /Cx'; | 187 | $asm='ml /nologo /Cp /coff /c /Cx'; |
| 188 | $asm.=" /Zi" if $debug; | 188 | $asm.=" /Zi" if $debug; |
| 189 | $afile='/Fo'; | 189 | $afile='/Fo'; |
| 190 | } | 190 | } |
| @@ -404,7 +404,7 @@ sub do_link_rule | |||
| 404 | if ($standalone == 1) | 404 | if ($standalone == 1) |
| 405 | { | 405 | { |
| 406 | $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; | 406 | $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; |
| 407 | $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); | 407 | $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); |
| 408 | $ret.="$files $libs\n<<\n"; | 408 | $ret.="$files $libs\n<<\n"; |
| 409 | } | 409 | } |
| 410 | elsif ($standalone == 2) | 410 | elsif ($standalone == 2) |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 4116fd12f1..e9c9a08306 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1355,7 +1355,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1355 | comp->method=cm; | 1355 | comp->method=cm; |
| 1356 | load_builtin_compressions(); | 1356 | load_builtin_compressions(); |
| 1357 | if (ssl_comp_methods | 1357 | if (ssl_comp_methods |
| 1358 | && !sk_SSL_COMP_find(ssl_comp_methods,comp)) | 1358 | && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) |
| 1359 | { | 1359 | { |
| 1360 | OPENSSL_free(comp); | 1360 | OPENSSL_free(comp); |
| 1361 | MemCheck_on(); | 1361 | MemCheck_on(); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 1ac7d6f951..1a961a9e9e 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -510,6 +510,8 @@ void SSL_free(SSL *s) | |||
| 510 | 510 | ||
| 511 | if (s->ctx) SSL_CTX_free(s->ctx); | 511 | if (s->ctx) SSL_CTX_free(s->ctx); |
| 512 | #ifndef OPENSSL_NO_TLSEXT | 512 | #ifndef OPENSSL_NO_TLSEXT |
| 513 | if (s->tlsext_hostname) | ||
| 514 | OPENSSL_free(s->tlsext_hostname); | ||
| 513 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | 515 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); |
| 514 | if (s->tlsext_ocsp_exts) | 516 | if (s->tlsext_ocsp_exts) |
| 515 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 517 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, |
diff --git a/src/lib/libssl/test/Makefile b/src/lib/libssl/test/Makefile index 73d64440b1..228ee368cd 100644 --- a/src/lib/libssl/test/Makefile +++ b/src/lib/libssl/test/Makefile | |||
| @@ -404,6 +404,8 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ | |||
| 404 | elif [ -n "$(FIPSCANLIB)" ]; then \ | 404 | elif [ -n "$(FIPSCANLIB)" ]; then \ |
| 405 | FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ | 405 | FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ |
| 406 | LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ | 406 | LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ |
| 407 | else \ | ||
| 408 | LIBRARIES="$(LIBCRYPTO)"; \ | ||
| 407 | fi; \ | 409 | fi; \ |
| 408 | $(MAKE) -f $(TOP)/Makefile.shared -e \ | 410 | $(MAKE) -f $(TOP)/Makefile.shared -e \ |
| 409 | CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ | 411 | CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ |