diff options
| author | markus <> | 2004-04-07 20:42:12 +0000 |
|---|---|---|
| committer | markus <> | 2004-04-07 20:42:12 +0000 |
| commit | 00b426069b0dfa8f0d9b87308646e9684f45c515 (patch) | |
| tree | 2eb0df944a8ed229c1d2a165679566e87ce34575 /src | |
| parent | fd84abe5019daf5a6869e1d12702e3e11b7a81bc (diff) | |
| download | openbsd-00b426069b0dfa8f0d9b87308646e9684f45c515.tar.gz openbsd-00b426069b0dfa8f0d9b87308646e9684f45c515.tar.bz2 openbsd-00b426069b0dfa8f0d9b87308646e9684f45c515.zip | |
import openssl-0.9.7d
Diffstat (limited to '')
160 files changed, 2880 insertions, 1237 deletions
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c index cd09f68b38..8581007868 100644 --- a/src/lib/libcrypto/asn1/a_gentm.c +++ b/src/lib/libcrypto/asn1/a_gentm.c | |||
| @@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, | |||
| 208 | char *p; | 208 | char *p; |
| 209 | struct tm *ts; | 209 | struct tm *ts; |
| 210 | struct tm data; | 210 | struct tm data; |
| 211 | size_t len = 20; | ||
| 211 | 212 | ||
| 212 | if (s == NULL) | 213 | if (s == NULL) |
| 213 | s=M_ASN1_GENERALIZEDTIME_new(); | 214 | s=M_ASN1_GENERALIZEDTIME_new(); |
| @@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, | |||
| 219 | return(NULL); | 220 | return(NULL); |
| 220 | 221 | ||
| 221 | p=(char *)s->data; | 222 | p=(char *)s->data; |
| 222 | if ((p == NULL) || (s->length < 16)) | 223 | if ((p == NULL) || ((size_t)s->length < len)) |
| 223 | { | 224 | { |
| 224 | p=OPENSSL_malloc(20); | 225 | p=OPENSSL_malloc(len); |
| 225 | if (p == NULL) return(NULL); | 226 | if (p == NULL) return(NULL); |
| 226 | if (s->data != NULL) | 227 | if (s->data != NULL) |
| 227 | OPENSSL_free(s->data); | 228 | OPENSSL_free(s->data); |
| 228 | s->data=(unsigned char *)p; | 229 | s->data=(unsigned char *)p; |
| 229 | } | 230 | } |
| 230 | 231 | ||
| 231 | sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, | 232 | BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, |
| 232 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); | 233 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); |
| 233 | s->length=strlen(p); | 234 | s->length=strlen(p); |
| 234 | s->type=V_ASN1_GENERALIZEDTIME; | 235 | s->type=V_ASN1_GENERALIZEDTIME; |
| 235 | #ifdef CHARSET_EBCDIC_not | 236 | #ifdef CHARSET_EBCDIC_not |
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c index dbb4a42c9d..999852dae5 100644 --- a/src/lib/libcrypto/asn1/a_utctm.c +++ b/src/lib/libcrypto/asn1/a_utctm.c | |||
| @@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) | |||
| 188 | char *p; | 188 | char *p; |
| 189 | struct tm *ts; | 189 | struct tm *ts; |
| 190 | struct tm data; | 190 | struct tm data; |
| 191 | size_t len = 20; | ||
| 191 | 192 | ||
| 192 | if (s == NULL) | 193 | if (s == NULL) |
| 193 | s=M_ASN1_UTCTIME_new(); | 194 | s=M_ASN1_UTCTIME_new(); |
| @@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) | |||
| 199 | return(NULL); | 200 | return(NULL); |
| 200 | 201 | ||
| 201 | p=(char *)s->data; | 202 | p=(char *)s->data; |
| 202 | if ((p == NULL) || (s->length < 14)) | 203 | if ((p == NULL) || ((size_t)s->length < len)) |
| 203 | { | 204 | { |
| 204 | p=OPENSSL_malloc(20); | 205 | p=OPENSSL_malloc(len); |
| 205 | if (p == NULL) return(NULL); | 206 | if (p == NULL) return(NULL); |
| 206 | if (s->data != NULL) | 207 | if (s->data != NULL) |
| 207 | OPENSSL_free(s->data); | 208 | OPENSSL_free(s->data); |
| 208 | s->data=(unsigned char *)p; | 209 | s->data=(unsigned char *)p; |
| 209 | } | 210 | } |
| 210 | 211 | ||
| 211 | sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, | 212 | BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, |
| 212 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); | 213 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); |
| 213 | s->length=strlen(p); | 214 | s->length=strlen(p); |
| 214 | s->type=V_ASN1_UTCTIME; | 215 | s->type=V_ASN1_UTCTIME; |
| 215 | #ifdef CHARSET_EBCDIC_not | 216 | #ifdef CHARSET_EBCDIC_not |
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index 40af97ac24..467c0daa1b 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c | |||
| @@ -12,9 +12,6 @@ | |||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. Neither the name of the author nor the names of contributors | ||
| 16 | * may be used to endorse or promote products derived from this software | ||
| 17 | * without specific prior written permission. | ||
| 18 | * | 15 | * |
| 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY | 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY |
| 20 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
| @@ -874,7 +871,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||
| 874 | goto err; | 871 | goto err; |
| 875 | } | 872 | } |
| 876 | 873 | ||
| 877 | printf("bar\n"); | ||
| 878 | memset(&kop, 0, sizeof kop); | 874 | memset(&kop, 0, sizeof kop); |
| 879 | kop.crk_op = CRK_DSA_SIGN; | 875 | kop.crk_op = CRK_DSA_SIGN; |
| 880 | 876 | ||
| @@ -1054,14 +1050,17 @@ ENGINE_load_cryptodev(void) | |||
| 1054 | 1050 | ||
| 1055 | if (engine == NULL) | 1051 | if (engine == NULL) |
| 1056 | return; | 1052 | return; |
| 1057 | if ((fd = get_dev_crypto()) < 0) | 1053 | if ((fd = get_dev_crypto()) < 0) { |
| 1054 | ENGINE_free(engine); | ||
| 1058 | return; | 1055 | return; |
| 1056 | } | ||
| 1059 | 1057 | ||
| 1060 | /* | 1058 | /* |
| 1061 | * find out what asymmetric crypto algorithms we support | 1059 | * find out what asymmetric crypto algorithms we support |
| 1062 | */ | 1060 | */ |
| 1063 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { | 1061 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { |
| 1064 | close(fd); | 1062 | close(fd); |
| 1063 | ENGINE_free(engine); | ||
| 1065 | return; | 1064 | return; |
| 1066 | } | 1065 | } |
| 1067 | close(fd); | 1066 | close(fd); |
diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c index 530ab937ce..4e3f10141b 100644 --- a/src/lib/libcrypto/evp/bio_ok.c +++ b/src/lib/libcrypto/evp/bio_ok.c | |||
| @@ -102,7 +102,7 @@ | |||
| 102 | 102 | ||
| 103 | *) digest is initialized with random seed instead of | 103 | *) digest is initialized with random seed instead of |
| 104 | standardized one. | 104 | standardized one. |
| 105 | *) same seed is written to ouput | 105 | *) same seed is written to output |
| 106 | *) well-known text is then hashed and the output | 106 | *) well-known text is then hashed and the output |
| 107 | of the digest is also written to output. | 107 | of the digest is also written to output. |
| 108 | 108 | ||
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c index 29df7d35b2..dd86733b77 100644 --- a/src/lib/libcrypto/mem.c +++ b/src/lib/libcrypto/mem.c | |||
| @@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) | |||
| 252 | void *ret = NULL; | 252 | void *ret = NULL; |
| 253 | extern unsigned char cleanse_ctr; | 253 | extern unsigned char cleanse_ctr; |
| 254 | 254 | ||
| 255 | if (num < 0) return NULL; | 255 | if (num <= 0) return NULL; |
| 256 | 256 | ||
| 257 | allow_customize = 0; | 257 | allow_customize = 0; |
| 258 | if (malloc_debug_func != NULL) | 258 | if (malloc_debug_func != NULL) |
| @@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line) | |||
| 293 | void *ret = NULL; | 293 | void *ret = NULL; |
| 294 | extern unsigned char cleanse_ctr; | 294 | extern unsigned char cleanse_ctr; |
| 295 | 295 | ||
| 296 | if (num < 0) return NULL; | 296 | if (num <= 0) return NULL; |
| 297 | 297 | ||
| 298 | allow_customize = 0; | 298 | allow_customize = 0; |
| 299 | if (malloc_debug_func != NULL) | 299 | if (malloc_debug_func != NULL) |
| @@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) | |||
| 324 | if (str == NULL) | 324 | if (str == NULL) |
| 325 | return CRYPTO_malloc(num, file, line); | 325 | return CRYPTO_malloc(num, file, line); |
| 326 | 326 | ||
| 327 | if (num < 0) return NULL; | 327 | if (num <= 0) return NULL; |
| 328 | 328 | ||
| 329 | if (realloc_debug_func != NULL) | 329 | if (realloc_debug_func != NULL) |
| 330 | realloc_debug_func(str, NULL, num, file, line, 0); | 330 | realloc_debug_func(str, NULL, num, file, line, 0); |
| @@ -346,17 +346,21 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, | |||
| 346 | if (str == NULL) | 346 | if (str == NULL) |
| 347 | return CRYPTO_malloc(num, file, line); | 347 | return CRYPTO_malloc(num, file, line); |
| 348 | 348 | ||
| 349 | if (num < 0) return NULL; | 349 | if (num <= 0) return NULL; |
| 350 | 350 | ||
| 351 | if (realloc_debug_func != NULL) | 351 | if (realloc_debug_func != NULL) |
| 352 | realloc_debug_func(str, NULL, num, file, line, 0); | 352 | realloc_debug_func(str, NULL, num, file, line, 0); |
| 353 | ret=malloc_ex_func(num,file,line); | 353 | ret=malloc_ex_func(num,file,line); |
| 354 | if(ret) | 354 | if(ret) |
| 355 | { | ||
| 355 | memcpy(ret,str,old_len); | 356 | memcpy(ret,str,old_len); |
| 356 | OPENSSL_cleanse(str,old_len); | 357 | OPENSSL_cleanse(str,old_len); |
| 357 | free_func(str); | 358 | free_func(str); |
| 359 | } | ||
| 358 | #ifdef LEVITTE_DEBUG_MEM | 360 | #ifdef LEVITTE_DEBUG_MEM |
| 359 | fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); | 361 | fprintf(stderr, |
| 362 | "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", | ||
| 363 | str, ret, num); | ||
| 360 | #endif | 364 | #endif |
| 361 | if (realloc_debug_func != NULL) | 365 | if (realloc_debug_func != NULL) |
| 362 | realloc_debug_func(str, ret, num, file, line, 1); | 366 | realloc_debug_func(str, ret, num, file, line, 1); |
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c index 1f168221e3..6f742900a0 100644 --- a/src/lib/libcrypto/rand/rand_egd.c +++ b/src/lib/libcrypto/rand/rand_egd.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | 56 | ||
| 57 | #include <openssl/e_os2.h> | 57 | #include <openssl/e_os2.h> |
| 58 | #include <openssl/rand.h> | 58 | #include <openssl/rand.h> |
| 59 | #include <openssl/buffer.h> | ||
| 59 | 60 | ||
| 60 | /* | 61 | /* |
| 61 | * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. | 62 | * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. |
| @@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) | |||
| 145 | addr.sun_family = AF_UNIX; | 146 | addr.sun_family = AF_UNIX; |
| 146 | if (strlen(path) >= sizeof(addr.sun_path)) | 147 | if (strlen(path) >= sizeof(addr.sun_path)) |
| 147 | return (-1); | 148 | return (-1); |
| 148 | strcpy(addr.sun_path,path); | 149 | BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); |
| 149 | len = offsetof(struct sockaddr_un, sun_path) + strlen(path); | 150 | len = offsetof(struct sockaddr_un, sun_path) + strlen(path); |
| 150 | fd = socket(AF_UNIX, SOCK_STREAM, 0); | 151 | fd = socket(AF_UNIX, SOCK_STREAM, 0); |
| 151 | if (fd == -1) return (-1); | 152 | if (fd == -1) return (-1); |
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c index a776e52243..0599719dd1 100644 --- a/src/lib/libcrypto/rand/rand_unix.c +++ b/src/lib/libcrypto/rand/rand_unix.c | |||
| @@ -124,6 +124,24 @@ | |||
| 124 | #include <unistd.h> | 124 | #include <unistd.h> |
| 125 | #include <time.h> | 125 | #include <time.h> |
| 126 | 126 | ||
| 127 | #ifdef __OpenBSD__ | ||
| 128 | int RAND_poll(void) | ||
| 129 | { | ||
| 130 | u_int32_t rnd = 0, i; | ||
| 131 | unsigned char buf[ENTROPY_NEEDED]; | ||
| 132 | |||
| 133 | for (i = 0; i < sizeof(buf); i++) { | ||
| 134 | if (i % 4 == 0) | ||
| 135 | rnd = arc4random(); | ||
| 136 | buf[i] = rnd; | ||
| 137 | rnd >>= 8; | ||
| 138 | } | ||
| 139 | RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); | ||
| 140 | memset(buf, 0, sizeof(buf)); | ||
| 141 | |||
| 142 | return 1; | ||
| 143 | } | ||
| 144 | #else | ||
| 127 | int RAND_poll(void) | 145 | int RAND_poll(void) |
| 128 | { | 146 | { |
| 129 | unsigned long l; | 147 | unsigned long l; |
| @@ -236,6 +254,7 @@ int RAND_poll(void) | |||
| 236 | } | 254 | } |
| 237 | 255 | ||
| 238 | #endif | 256 | #endif |
| 257 | #endif | ||
| 239 | 258 | ||
| 240 | #if defined(OPENSSL_SYS_VXWORKS) | 259 | #if defined(OPENSSL_SYS_VXWORKS) |
| 241 | int RAND_poll(void) | 260 | int RAND_poll(void) |
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c index 263068d256..3584842224 100644 --- a/src/lib/libcrypto/rand/rand_win.c +++ b/src/lib/libcrypto/rand/rand_win.c | |||
| @@ -646,7 +646,7 @@ static void readtimer(void) | |||
| 646 | * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. | 646 | * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. |
| 647 | * | 647 | * |
| 648 | * Code adapted from | 648 | * Code adapted from |
| 649 | * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>; | 649 | * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>; |
| 650 | * the original copyright message is: | 650 | * the original copyright message is: |
| 651 | * | 651 | * |
| 652 | * (C) Copyright Microsoft Corp. 1993. All rights reserved. | 652 | * (C) Copyright Microsoft Corp. 1993. All rights reserved. |
diff --git a/src/lib/libcrypto/rc5/rc5_locl.h b/src/lib/libcrypto/rc5/rc5_locl.h new file mode 100644 index 0000000000..f4ebc23004 --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5_locl.h | |||
| @@ -0,0 +1,207 @@ | |||
| 1 | /* crypto/rc5/rc5_locl.h */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdlib.h> | ||
| 60 | |||
| 61 | #undef c2l | ||
| 62 | #define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ | ||
| 63 | l|=((unsigned long)(*((c)++)))<< 8L, \ | ||
| 64 | l|=((unsigned long)(*((c)++)))<<16L, \ | ||
| 65 | l|=((unsigned long)(*((c)++)))<<24L) | ||
| 66 | |||
| 67 | /* NOTE - c is not incremented as per c2l */ | ||
| 68 | #undef c2ln | ||
| 69 | #define c2ln(c,l1,l2,n) { \ | ||
| 70 | c+=n; \ | ||
| 71 | l1=l2=0; \ | ||
| 72 | switch (n) { \ | ||
| 73 | case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ | ||
| 74 | case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ | ||
| 75 | case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ | ||
| 76 | case 5: l2|=((unsigned long)(*(--(c)))); \ | ||
| 77 | case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ | ||
| 78 | case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ | ||
| 79 | case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ | ||
| 80 | case 1: l1|=((unsigned long)(*(--(c)))); \ | ||
| 81 | } \ | ||
| 82 | } | ||
| 83 | |||
| 84 | #undef l2c | ||
| 85 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | ||
| 86 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | ||
| 87 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | ||
| 88 | *((c)++)=(unsigned char)(((l)>>24L)&0xff)) | ||
| 89 | |||
| 90 | /* NOTE - c is not incremented as per l2c */ | ||
| 91 | #undef l2cn | ||
| 92 | #define l2cn(l1,l2,c,n) { \ | ||
| 93 | c+=n; \ | ||
| 94 | switch (n) { \ | ||
| 95 | case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ | ||
| 96 | case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ | ||
| 97 | case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ | ||
| 98 | case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | ||
| 99 | case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ | ||
| 100 | case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ | ||
| 101 | case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ | ||
| 102 | case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | ||
| 103 | } \ | ||
| 104 | } | ||
| 105 | |||
| 106 | /* NOTE - c is not incremented as per n2l */ | ||
| 107 | #define n2ln(c,l1,l2,n) { \ | ||
| 108 | c+=n; \ | ||
| 109 | l1=l2=0; \ | ||
| 110 | switch (n) { \ | ||
| 111 | case 8: l2 =((unsigned long)(*(--(c)))) ; \ | ||
| 112 | case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 113 | case 6: l2|=((unsigned long)(*(--(c))))<<16; \ | ||
| 114 | case 5: l2|=((unsigned long)(*(--(c))))<<24; \ | ||
| 115 | case 4: l1 =((unsigned long)(*(--(c)))) ; \ | ||
| 116 | case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 117 | case 2: l1|=((unsigned long)(*(--(c))))<<16; \ | ||
| 118 | case 1: l1|=((unsigned long)(*(--(c))))<<24; \ | ||
| 119 | } \ | ||
| 120 | } | ||
| 121 | |||
| 122 | /* NOTE - c is not incremented as per l2n */ | ||
| 123 | #define l2nn(l1,l2,c,n) { \ | ||
| 124 | c+=n; \ | ||
| 125 | switch (n) { \ | ||
| 126 | case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ | ||
| 127 | case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ | ||
| 128 | case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ | ||
| 129 | case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ | ||
| 130 | case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ | ||
| 131 | case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ | ||
| 132 | case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ | ||
| 133 | case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ | ||
| 134 | } \ | ||
| 135 | } | ||
| 136 | |||
| 137 | #undef n2l | ||
| 138 | #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ | ||
| 139 | l|=((unsigned long)(*((c)++)))<<16L, \ | ||
| 140 | l|=((unsigned long)(*((c)++)))<< 8L, \ | ||
| 141 | l|=((unsigned long)(*((c)++)))) | ||
| 142 | |||
| 143 | #undef l2n | ||
| 144 | #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ | ||
| 145 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | ||
| 146 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | ||
| 147 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 148 | |||
| 149 | #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) | ||
| 150 | #define ROTATE_l32(a,n) _lrotl(a,n) | ||
| 151 | #define ROTATE_r32(a,n) _lrotr(a,n) | ||
| 152 | #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) | ||
| 153 | # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) | ||
| 154 | # define ROTATE_l32(a,n) ({ register unsigned int ret; \ | ||
| 155 | asm ("roll %%cl,%0" \ | ||
| 156 | : "=r"(ret) \ | ||
| 157 | : "c"(n),"0"(a) \ | ||
| 158 | : "cc"); \ | ||
| 159 | ret; \ | ||
| 160 | }) | ||
| 161 | # define ROTATE_r32(a,n) ({ register unsigned int ret; \ | ||
| 162 | asm ("rorl %%cl,%0" \ | ||
| 163 | : "=r"(ret) \ | ||
| 164 | : "c"(n),"0"(a) \ | ||
| 165 | : "cc"); \ | ||
| 166 | ret; \ | ||
| 167 | }) | ||
| 168 | # endif | ||
| 169 | #endif | ||
| 170 | #ifndef ROTATE_l32 | ||
| 171 | #define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f)))) | ||
| 172 | #endif | ||
| 173 | #ifndef ROTATE_r32 | ||
| 174 | #define ROTATE_r32(a,n) (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f))) | ||
| 175 | #endif | ||
| 176 | |||
| 177 | #define RC5_32_MASK 0xffffffffL | ||
| 178 | |||
| 179 | #define RC5_16_P 0xB7E1 | ||
| 180 | #define RC5_16_Q 0x9E37 | ||
| 181 | #define RC5_32_P 0xB7E15163L | ||
| 182 | #define RC5_32_Q 0x9E3779B9L | ||
| 183 | #define RC5_64_P 0xB7E151628AED2A6BLL | ||
| 184 | #define RC5_64_Q 0x9E3779B97F4A7C15LL | ||
| 185 | |||
| 186 | #define E_RC5_32(a,b,s,n) \ | ||
| 187 | a^=b; \ | ||
| 188 | a=ROTATE_l32(a,b); \ | ||
| 189 | a+=s[n]; \ | ||
| 190 | a&=RC5_32_MASK; \ | ||
| 191 | b^=a; \ | ||
| 192 | b=ROTATE_l32(b,a); \ | ||
| 193 | b+=s[n+1]; \ | ||
| 194 | b&=RC5_32_MASK; | ||
| 195 | |||
| 196 | #define D_RC5_32(a,b,s,n) \ | ||
| 197 | b-=s[n+1]; \ | ||
| 198 | b&=RC5_32_MASK; \ | ||
| 199 | b=ROTATE_r32(b,a); \ | ||
| 200 | b^=a; \ | ||
| 201 | a-=s[n]; \ | ||
| 202 | a&=RC5_32_MASK; \ | ||
| 203 | a=ROTATE_r32(a,b); \ | ||
| 204 | a^=b; | ||
| 205 | |||
| 206 | |||
| 207 | |||
diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c index 54d598565d..7588966cb2 100644 --- a/src/lib/libcrypto/threads/mttest.c +++ b/src/lib/libcrypto/threads/mttest.c | |||
| @@ -243,7 +243,8 @@ bad: | |||
| 243 | goto end; | 243 | goto end; |
| 244 | } | 244 | } |
| 245 | 245 | ||
| 246 | if (cipher == NULL) cipher=getenv("SSL_CIPHER"); | 246 | if (cipher == NULL && OPENSSL_issetugid() == 0) |
| 247 | cipher=getenv("SSL_CIPHER"); | ||
| 247 | 248 | ||
| 248 | SSL_load_error_strings(); | 249 | SSL_load_error_strings(); |
| 249 | OpenSSL_add_ssl_algorithms(); | 250 | OpenSSL_add_ssl_algorithms(); |
diff --git a/src/lib/libcrypto/util/extract-names.pl b/src/lib/libcrypto/util/extract-names.pl index 9f2ad5ef16..744a8e2324 100644 --- a/src/lib/libcrypto/util/extract-names.pl +++ b/src/lib/libcrypto/util/extract-names.pl | |||
| @@ -10,6 +10,8 @@ while(<STDIN>) { | |||
| 10 | if (/ - /) { | 10 | if (/ - /) { |
| 11 | s/ - .*//; | 11 | s/ - .*//; |
| 12 | s/,[ \t]+/,/g; | 12 | s/,[ \t]+/,/g; |
| 13 | s/^[ \t]+//g; | ||
| 14 | s/[ \t]+$//g; | ||
| 13 | push @words, split ','; | 15 | push @words, split ','; |
| 14 | } | 16 | } |
| 15 | } | 17 | } |
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index c538f9dffb..b4bc0457e5 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl | |||
| @@ -277,6 +277,8 @@ $defs= <<"EOF"; | |||
| 277 | 277 | ||
| 278 | EOF | 278 | EOF |
| 279 | 279 | ||
| 280 | $defs .= $preamble if defined $preamble; | ||
| 281 | |||
| 280 | if ($platform eq "VC-CE") | 282 | if ($platform eq "VC-CE") |
| 281 | { | 283 | { |
| 282 | $defs.= <<"EOF"; | 284 | $defs.= <<"EOF"; |
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl index cdd2164c4e..01a1bfda19 100644 --- a/src/lib/libcrypto/util/mkdef.pl +++ b/src/lib/libcrypto/util/mkdef.pl | |||
| @@ -1116,27 +1116,55 @@ sub print_test_file | |||
| 1116 | } | 1116 | } |
| 1117 | } | 1117 | } |
| 1118 | 1118 | ||
| 1119 | sub get_version { | ||
| 1120 | local *MF; | ||
| 1121 | my $v = '?'; | ||
| 1122 | open MF, 'Makefile.ssl' or return $v; | ||
| 1123 | while (<MF>) { | ||
| 1124 | $v = $1, last if /^VERSION=(.*?)\s*$/; | ||
| 1125 | } | ||
| 1126 | close MF; | ||
| 1127 | return $v; | ||
| 1128 | } | ||
| 1129 | |||
| 1119 | sub print_def_file | 1130 | sub print_def_file |
| 1120 | { | 1131 | { |
| 1121 | (*OUT,my $name,*nums,my @symbols)=@_; | 1132 | (*OUT,my $name,*nums,my @symbols)=@_; |
| 1122 | my $n = 1; my @e; my @r; my @v; my $prev=""; | 1133 | my $n = 1; my @e; my @r; my @v; my $prev=""; |
| 1123 | my $liboptions=""; | 1134 | my $liboptions=""; |
| 1135 | my $libname = $name; | ||
| 1136 | my $http_vendor = 'www.openssl.org/'; | ||
| 1137 | my $version = get_version(); | ||
| 1138 | my $what = "OpenSSL: implementation of Secure Socket Layer"; | ||
| 1139 | my $description = "$what $version, $name - http://$http_vendor"; | ||
| 1124 | 1140 | ||
| 1125 | if ($W32) | 1141 | if ($W32) |
| 1126 | { $name.="32"; } | 1142 | { $libname.="32"; } |
| 1127 | elsif ($W16) | 1143 | elsif ($W16) |
| 1128 | { $name.="16"; } | 1144 | { $libname.="16"; } |
| 1129 | elsif ($OS2) | 1145 | elsif ($OS2) |
| 1130 | { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } | 1146 | { # DLL names should not clash on the whole system. |
| 1147 | # However, they should not have any particular relationship | ||
| 1148 | # to the name of the static library. Chose descriptive names | ||
| 1149 | # (must be at most 8 chars). | ||
| 1150 | my %translate = (ssl => 'open_ssl', crypto => 'cryptssl'); | ||
| 1151 | $libname = $translate{$name} || $name; | ||
| 1152 | $liboptions = <<EOO; | ||
| 1153 | INITINSTANCE | ||
| 1154 | DATA MULTIPLE NONSHARED | ||
| 1155 | EOO | ||
| 1156 | # Vendor field can't contain colon, drat; so we omit http:// | ||
| 1157 | $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd"; | ||
| 1158 | } | ||
| 1131 | 1159 | ||
| 1132 | print OUT <<"EOF"; | 1160 | print OUT <<"EOF"; |
| 1133 | ; | 1161 | ; |
| 1134 | ; Definition file for the DLL version of the $name library from OpenSSL | 1162 | ; Definition file for the DLL version of the $name library from OpenSSL |
| 1135 | ; | 1163 | ; |
| 1136 | 1164 | ||
| 1137 | LIBRARY $name $liboptions | 1165 | LIBRARY $libname $liboptions |
| 1138 | 1166 | ||
| 1139 | DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' | 1167 | DESCRIPTION '$description' |
| 1140 | 1168 | ||
| 1141 | EOF | 1169 | EOF |
| 1142 | 1170 | ||
diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl index d695dda623..ddb3524210 100644 --- a/src/lib/libcrypto/util/pl/OS2-EMX.pl +++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl | |||
| @@ -3,10 +3,12 @@ | |||
| 3 | # OS2-EMX.pl - for EMX GCC on OS/2 | 3 | # OS2-EMX.pl - for EMX GCC on OS/2 |
| 4 | # | 4 | # |
| 5 | 5 | ||
| 6 | $o='\\'; | 6 | $o='/'; |
| 7 | $cp='copy'; | 7 | $cp='cp'; |
| 8 | $rm='rm -f'; | 8 | $rm='rm -f'; |
| 9 | 9 | ||
| 10 | $preamble = "SHELL=sh\n"; | ||
| 11 | |||
| 10 | # C compiler stuff | 12 | # C compiler stuff |
| 11 | 13 | ||
| 12 | $cc='gcc'; | 14 | $cc='gcc'; |
| @@ -48,24 +50,24 @@ $bf_enc_src=""; | |||
| 48 | 50 | ||
| 49 | if (!$no_asm) | 51 | if (!$no_asm) |
| 50 | { | 52 | { |
| 51 | $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj"; | 53 | $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj"; |
| 52 | $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm"; | 54 | $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm"; |
| 53 | $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj"; | 55 | $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj"; |
| 54 | $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm"; | 56 | $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm"; |
| 55 | $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj"; | 57 | $bf_enc_obj="crypto/bf/asm/b-os2$obj"; |
| 56 | $bf_enc_src="crypto\\bf\\asm\\b-os2.asm"; | 58 | $bf_enc_src="crypto/bf/asm/b-os2.asm"; |
| 57 | $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj"; | 59 | $cast_enc_obj="crypto/cast/asm/c-os2$obj"; |
| 58 | $cast_enc_src="crypto\\cast\\asm\\c-os2.asm"; | 60 | $cast_enc_src="crypto/cast/asm/c-os2.asm"; |
| 59 | $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj"; | 61 | $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj"; |
| 60 | $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm"; | 62 | $rc4_enc_src="crypto/rc4/asm/r4-os2.asm"; |
| 61 | $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj"; | 63 | $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj"; |
| 62 | $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm"; | 64 | $rc5_enc_src="crypto/rc5/asm/r5-os2.asm"; |
| 63 | $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj"; | 65 | $md5_asm_obj="crypto/md5/asm/m5-os2$obj"; |
| 64 | $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm"; | 66 | $md5_asm_src="crypto/md5/asm/m5-os2.asm"; |
| 65 | $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj"; | 67 | $sha1_asm_obj="crypto/sha/asm/s1-os2$obj"; |
| 66 | $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm"; | 68 | $sha1_asm_src="crypto/sha/asm/s1-os2.asm"; |
| 67 | $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj"; | 69 | $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj"; |
| 68 | $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm"; | 70 | $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm"; |
| 69 | } | 71 | } |
| 70 | 72 | ||
| 71 | if ($shlib) | 73 | if ($shlib) |
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index b8630792ad..4a0363a1c2 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES | |||
| @@ -2,6 +2,51 @@ | |||
| 2 | OpenSSL CHANGES | 2 | OpenSSL CHANGES |
| 3 | _______________ | 3 | _______________ |
| 4 | 4 | ||
| 5 | Changes between 0.9.7c and 0.9.7d [17 Mar 2004] | ||
| 6 | |||
| 7 | *) Fix null-pointer assignment in do_change_cipher_spec() revealed | ||
| 8 | by using the Codenomicon TLS Test Tool (CAN-2004-0079) | ||
| 9 | [Joe Orton, Steve Henson] | ||
| 10 | |||
| 11 | *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites | ||
| 12 | (CAN-2004-0112) | ||
| 13 | [Joe Orton, Steve Henson] | ||
| 14 | |||
| 15 | *) Make it possible to have multiple active certificates with the same | ||
| 16 | subject in the CA index file. This is done only if the keyword | ||
| 17 | 'unique_subject' is set to 'no' in the main CA section (default | ||
| 18 | if 'CA_default') of the configuration file. The value is saved | ||
| 19 | with the database itself in a separate index attribute file, | ||
| 20 | named like the index file with '.attr' appended to the name. | ||
| 21 | [Richard Levitte] | ||
| 22 | |||
| 23 | *) X509 verify fixes. Disable broken certificate workarounds when | ||
| 24 | X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if | ||
| 25 | keyUsage extension present. Don't accept CRLs with unhandled critical | ||
| 26 | extensions: since verify currently doesn't process CRL extensions this | ||
| 27 | rejects a CRL with *any* critical extensions. Add new verify error codes | ||
| 28 | for these cases. | ||
| 29 | [Steve Henson] | ||
| 30 | |||
| 31 | *) When creating an OCSP nonce use an OCTET STRING inside the extnValue. | ||
| 32 | A clarification of RFC2560 will require the use of OCTET STRINGs and | ||
| 33 | some implementations cannot handle the current raw format. Since OpenSSL | ||
| 34 | copies and compares OCSP nonces as opaque blobs without any attempt at | ||
| 35 | parsing them this should not create any compatibility issues. | ||
| 36 | [Steve Henson] | ||
| 37 | |||
| 38 | *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when | ||
| 39 | calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without | ||
| 40 | this HMAC (and other) operations are several times slower than OpenSSL | ||
| 41 | < 0.9.7. | ||
| 42 | [Steve Henson] | ||
| 43 | |||
| 44 | *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). | ||
| 45 | [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>] | ||
| 46 | |||
| 47 | *) Use the correct content when signing type "other". | ||
| 48 | [Steve Henson] | ||
| 49 | |||
| 5 | Changes between 0.9.7b and 0.9.7c [30 Sep 2003] | 50 | Changes between 0.9.7b and 0.9.7c [30 Sep 2003] |
| 6 | 51 | ||
| 7 | *) Fix various bugs revealed by running the NISCC test suite: | 52 | *) Fix various bugs revealed by running the NISCC test suite: |
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index 61331dbb51..4e7883c17a 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure | |||
| @@ -145,10 +145,10 @@ my %table=( | |||
| 145 | "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | 145 | "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", |
| 146 | "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | 146 | "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", |
| 147 | "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", | 147 | "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", |
| 148 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 148 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 149 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 149 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 150 | "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 150 | "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 151 | "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 151 | "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 152 | "dist", "cc:-O::(unknown)::::::", | 152 | "dist", "cc:-O::(unknown)::::::", |
| 153 | 153 | ||
| 154 | # Basic configs that should work on any (32 and less bit) box | 154 | # Basic configs that should work on any (32 and less bit) box |
| @@ -216,13 +216,13 @@ my %table=( | |||
| 216 | "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 216 | "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 217 | #### IRIX 6.x configs | 217 | #### IRIX 6.x configs |
| 218 | # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke | 218 | # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke |
| 219 | # './Configure irix-[g]cc' manually. | 219 | # './Configure irix-cc -o32' manually. |
| 220 | # -mips4 flag is added by ./config when appropriate. | 220 | # -mips4 flag is added by ./config when appropriate. |
| 221 | "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 221 | "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 222 | "irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 222 | "irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 223 | # N64 ABI builds. | 223 | # N64 ABI builds. |
| 224 | "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 224 | "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 225 | "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 225 | "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 226 | 226 | ||
| 227 | #### Unified HP-UX ANSI C configs. | 227 | #### Unified HP-UX ANSI C configs. |
| 228 | # Special notes: | 228 | # Special notes: |
| @@ -260,6 +260,7 @@ my %table=( | |||
| 260 | # 64bit PARISC for GCC without optimization, which seems to make problems. | 260 | # 64bit PARISC for GCC without optimization, which seems to make problems. |
| 261 | # Submitted by <ross.alexander@uk.neceur.com> | 261 | # Submitted by <ross.alexander@uk.neceur.com> |
| 262 | "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 262 | "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 263 | "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 263 | 264 | ||
| 264 | # IA-64 targets | 265 | # IA-64 targets |
| 265 | "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 266 | "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ index ca5683def7..0b40039ef8 100644 --- a/src/lib/libssl/src/FAQ +++ b/src/lib/libssl/src/FAQ | |||
| @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions | |||
| 68 | * Which is the current version of OpenSSL? | 68 | * Which is the current version of OpenSSL? |
| 69 | 69 | ||
| 70 | The current version is available from <URL: http://www.openssl.org>. | 70 | The current version is available from <URL: http://www.openssl.org>. |
| 71 | OpenSSL 0.9.7c was released on September 30, 2003. | 71 | OpenSSL 0.9.7d was released on March 17, 2004. |
| 72 | 72 | ||
| 73 | In addition to the current stable release, you can also access daily | 73 | In addition to the current stable release, you can also access daily |
| 74 | snapshots of the OpenSSL development version at <URL: | 74 | snapshots of the OpenSSL development version at <URL: |
| @@ -116,11 +116,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from | |||
| 116 | 116 | ||
| 117 | * Where can I get a compiled version of OpenSSL? | 117 | * Where can I get a compiled version of OpenSSL? |
| 118 | 118 | ||
| 119 | You can finder pointers to binary distributions in | ||
| 120 | http://www.openssl.org/related/binaries.html . | ||
| 121 | |||
| 119 | Some applications that use OpenSSL are distributed in binary form. | 122 | Some applications that use OpenSSL are distributed in binary form. |
| 120 | When using such an application, you don't need to install OpenSSL | 123 | When using such an application, you don't need to install OpenSSL |
| 121 | yourself; the application will include the required parts (e.g. DLLs). | 124 | yourself; the application will include the required parts (e.g. DLLs). |
| 122 | 125 | ||
| 123 | If you want to install OpenSSL on a Windows system and you don't have | 126 | If you want to build OpenSSL on a Windows system and you don't have |
| 124 | a C compiler, read the "Mingw32" section of INSTALL.W32 for information | 127 | a C compiler, read the "Mingw32" section of INSTALL.W32 for information |
| 125 | on how to obtain and install the free GNU C compiler. | 128 | on how to obtain and install the free GNU C compiler. |
| 126 | 129 | ||
diff --git a/src/lib/libssl/src/LICENSE b/src/lib/libssl/src/LICENSE index dddb07842b..40277883a5 100644 --- a/src/lib/libssl/src/LICENSE +++ b/src/lib/libssl/src/LICENSE | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | --------------- | 12 | --------------- |
| 13 | 13 | ||
| 14 | /* ==================================================================== | 14 | /* ==================================================================== |
| 15 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. | 15 | * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. |
| 16 | * | 16 | * |
| 17 | * Redistribution and use in source and binary forms, with or without | 17 | * Redistribution and use in source and binary forms, with or without |
| 18 | * modification, are permitted provided that the following conditions | 18 | * modification, are permitted provided that the following conditions |
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp index 5f64afe967..617aae2c70 100644 --- a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp +++ b/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp | |||
| @@ -2750,4 +2750,4 @@ void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL) | |||
| 2750 | } | 2750 | } |
| 2751 | } | 2751 | } |
| 2752 | } | 2752 | } |
| 2753 | } \ No newline at end of file | 2753 | } |
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp index 07a32de59e..80b6a675f4 100644 --- a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp +++ b/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp | |||
| @@ -167,4 +167,4 @@ void ThrowErrorMessageException(void) | |||
| 167 | ThrowDescriptiveException(gErrorMessage); | 167 | ThrowDescriptiveException(gErrorMessage); |
| 168 | } | 168 | } |
| 169 | 169 | ||
| 170 | #endif \ No newline at end of file | 170 | #endif |
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org index e80b22a32a..a987a0298b 100644 --- a/src/lib/libssl/src/Makefile.org +++ b/src/lib/libssl/src/Makefile.org | |||
| @@ -456,10 +456,12 @@ do_irix-shared: | |||
| 456 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | 456 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ |
| 457 | libs="$(LIBKRB5) $$libs"; \ | 457 | libs="$(LIBKRB5) $$libs"; \ |
| 458 | fi; \ | 458 | fi; \ |
| 459 | ( set -x; ${CC} ${SHARED_LDFLAGS} \ | 459 | ( WHOLELIB="-all lib$$i.a -notall"; \ |
| 460 | (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \ | ||
| 461 | set -x; ${CC} ${SHARED_LDFLAGS} \ | ||
| 460 | -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | 462 | -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ |
| 461 | -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | 463 | -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ |
| 462 | -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \ | 464 | $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \ |
| 463 | libs="-l$$i $$libs"; \ | 465 | libs="-l$$i $$libs"; \ |
| 464 | done; \ | 466 | done; \ |
| 465 | fi | 467 | fi |
| @@ -832,7 +834,7 @@ install: all install_docs | |||
| 832 | fi; \ | 834 | fi; \ |
| 833 | fi | 835 | fi |
| 834 | cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig | 836 | cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig |
| 835 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig | 837 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc |
| 836 | 838 | ||
| 837 | install_docs: | 839 | install_docs: |
| 838 | @$(PERL) $(TOP)/util/mkdir-p.pl \ | 840 | @$(PERL) $(TOP)/util/mkdir-p.pl \ |
| @@ -857,6 +859,7 @@ install_docs: | |||
| 857 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ | 859 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ |
| 858 | $(PERL) util/extract-names.pl < $$i | \ | 860 | $(PERL) util/extract-names.pl < $$i | \ |
| 859 | grep -v $$filecase "^$$fn\$$" | \ | 861 | grep -v $$filecase "^$$fn\$$" | \ |
| 862 | grep -v "[ ]" | \ | ||
| 860 | (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ | 863 | (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ |
| 861 | while read n; do \ | 864 | while read n; do \ |
| 862 | $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ | 865 | $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ |
| @@ -873,6 +876,7 @@ install_docs: | |||
| 873 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ | 876 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ |
| 874 | $(PERL) util/extract-names.pl < $$i | \ | 877 | $(PERL) util/extract-names.pl < $$i | \ |
| 875 | grep -v $$filecase "^$$fn\$$" | \ | 878 | grep -v $$filecase "^$$fn\$$" | \ |
| 879 | grep -v "[ ]" | \ | ||
| 876 | (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ | 880 | (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ |
| 877 | while read n; do \ | 881 | while read n; do \ |
| 878 | $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ | 882 | $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ |
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS index f0282ebb87..4c1ba0a241 100644 --- a/src/lib/libssl/src/NEWS +++ b/src/lib/libssl/src/NEWS | |||
| @@ -5,6 +5,14 @@ | |||
| 5 | This file gives a brief overview of the major changes between each OpenSSL | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | release. For more details please read the CHANGES file. | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | ||
| 8 | Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: | ||
| 9 | |||
| 10 | o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug | ||
| 11 | o Security: Fix null-pointer assignment in do_change_cipher_spec() | ||
| 12 | o Allow multiple active certificates with same subject in CA index | ||
| 13 | o Multiple X590 verification fixes | ||
| 14 | o Speed up HMAC and other operations | ||
| 15 | |||
| 8 | Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: | 16 | Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: |
| 9 | 17 | ||
| 10 | o Security: fix various ASN1 parsing bugs. | 18 | o Security: fix various ASN1 parsing bugs. |
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README index 65e3a12426..f72a21036f 100644 --- a/src/lib/libssl/src/README +++ b/src/lib/libssl/src/README | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | 1 | ||
| 2 | OpenSSL 0.9.7c 30 Sep 2003 | 2 | OpenSSL 0.9.7d 17 Mar 2004 |
| 3 | 3 | ||
| 4 | Copyright (c) 1998-2003 The OpenSSL Project | 4 | Copyright (c) 1998-2004 The OpenSSL Project |
| 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| 6 | All rights reserved. | 6 | All rights reserved. |
| 7 | 7 | ||
diff --git a/src/lib/libssl/src/apps/CA.pl b/src/lib/libssl/src/apps/CA.pl index 669a016b84..8b2ce7ea42 100644 --- a/src/lib/libssl/src/apps/CA.pl +++ b/src/lib/libssl/src/apps/CA.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | # | 2 | # |
| 3 | # CA - wrapper around ca to make it easier to use ... basically ca requires | 3 | # CA - wrapper around ca to make it easier to use ... basically ca requires |
| 4 | # some setup stuff to be done before you can use it and this makes | 4 | # some setup stuff to be done before you can use it and this makes |
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c index 007e3e06c3..93a665e788 100644 --- a/src/lib/libssl/src/apps/apps.c +++ b/src/lib/libssl/src/apps/apps.c | |||
| @@ -501,7 +501,7 @@ static int ui_read(UI *ui, UI_STRING *uis) | |||
| 501 | { | 501 | { |
| 502 | const char *password = | 502 | const char *password = |
| 503 | ((PW_CB_DATA *)UI_get0_user_data(ui))->password; | 503 | ((PW_CB_DATA *)UI_get0_user_data(ui))->password; |
| 504 | if (password[0] != '\0') | 504 | if (password && password[0] != '\0') |
| 505 | { | 505 | { |
| 506 | UI_set_result(ui, uis, password); | 506 | UI_set_result(ui, uis, password); |
| 507 | return 1; | 507 | return 1; |
| @@ -525,7 +525,7 @@ static int ui_write(UI *ui, UI_STRING *uis) | |||
| 525 | { | 525 | { |
| 526 | const char *password = | 526 | const char *password = |
| 527 | ((PW_CB_DATA *)UI_get0_user_data(ui))->password; | 527 | ((PW_CB_DATA *)UI_get0_user_data(ui))->password; |
| 528 | if (password[0] != '\0') | 528 | if (password && password[0] != '\0') |
| 529 | return 1; | 529 | return 1; |
| 530 | } | 530 | } |
| 531 | default: | 531 | default: |
| @@ -1411,14 +1411,565 @@ int load_config(BIO *err, CONF *cnf) | |||
| 1411 | char *make_config_name() | 1411 | char *make_config_name() |
| 1412 | { | 1412 | { |
| 1413 | const char *t=X509_get_default_cert_area(); | 1413 | const char *t=X509_get_default_cert_area(); |
| 1414 | size_t len; | ||
| 1414 | char *p; | 1415 | char *p; |
| 1415 | 1416 | ||
| 1416 | p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2); | 1417 | len=strlen(t)+strlen(OPENSSL_CONF)+2; |
| 1417 | strcpy(p,t); | 1418 | p=OPENSSL_malloc(len); |
| 1419 | BUF_strlcpy(p,t,len); | ||
| 1418 | #ifndef OPENSSL_SYS_VMS | 1420 | #ifndef OPENSSL_SYS_VMS |
| 1419 | strcat(p,"/"); | 1421 | BUF_strlcat(p,"/",len); |
| 1420 | #endif | 1422 | #endif |
| 1421 | strcat(p,OPENSSL_CONF); | 1423 | BUF_strlcat(p,OPENSSL_CONF,len); |
| 1422 | 1424 | ||
| 1423 | return p; | 1425 | return p; |
| 1424 | } | 1426 | } |
| 1427 | |||
| 1428 | static unsigned long index_serial_hash(const char **a) | ||
| 1429 | { | ||
| 1430 | const char *n; | ||
| 1431 | |||
| 1432 | n=a[DB_serial]; | ||
| 1433 | while (*n == '0') n++; | ||
| 1434 | return(lh_strhash(n)); | ||
| 1435 | } | ||
| 1436 | |||
| 1437 | static int index_serial_cmp(const char **a, const char **b) | ||
| 1438 | { | ||
| 1439 | const char *aa,*bb; | ||
| 1440 | |||
| 1441 | for (aa=a[DB_serial]; *aa == '0'; aa++); | ||
| 1442 | for (bb=b[DB_serial]; *bb == '0'; bb++); | ||
| 1443 | return(strcmp(aa,bb)); | ||
| 1444 | } | ||
| 1445 | |||
| 1446 | static int index_name_qual(char **a) | ||
| 1447 | { return(a[0][0] == 'V'); } | ||
| 1448 | |||
| 1449 | static unsigned long index_name_hash(const char **a) | ||
| 1450 | { return(lh_strhash(a[DB_name])); } | ||
| 1451 | |||
| 1452 | int index_name_cmp(const char **a, const char **b) | ||
| 1453 | { return(strcmp(a[DB_name], | ||
| 1454 | b[DB_name])); } | ||
| 1455 | |||
| 1456 | static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) | ||
| 1457 | static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) | ||
| 1458 | static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) | ||
| 1459 | static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) | ||
| 1460 | |||
| 1461 | #undef BSIZE | ||
| 1462 | #define BSIZE 256 | ||
| 1463 | |||
| 1464 | BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) | ||
| 1465 | { | ||
| 1466 | BIO *in=NULL; | ||
| 1467 | BIGNUM *ret=NULL; | ||
| 1468 | MS_STATIC char buf[1024]; | ||
| 1469 | ASN1_INTEGER *ai=NULL; | ||
| 1470 | |||
| 1471 | ai=ASN1_INTEGER_new(); | ||
| 1472 | if (ai == NULL) goto err; | ||
| 1473 | |||
| 1474 | if ((in=BIO_new(BIO_s_file())) == NULL) | ||
| 1475 | { | ||
| 1476 | ERR_print_errors(bio_err); | ||
| 1477 | goto err; | ||
| 1478 | } | ||
| 1479 | |||
| 1480 | if (BIO_read_filename(in,serialfile) <= 0) | ||
| 1481 | { | ||
| 1482 | if (!create) | ||
| 1483 | { | ||
| 1484 | perror(serialfile); | ||
| 1485 | goto err; | ||
| 1486 | } | ||
| 1487 | else | ||
| 1488 | { | ||
| 1489 | ASN1_INTEGER_set(ai,1); | ||
| 1490 | ret=BN_new(); | ||
| 1491 | if (ret == NULL) | ||
| 1492 | BIO_printf(bio_err, "Out of memory\n"); | ||
| 1493 | else | ||
| 1494 | BN_one(ret); | ||
| 1495 | } | ||
| 1496 | } | ||
| 1497 | else | ||
| 1498 | { | ||
| 1499 | if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) | ||
| 1500 | { | ||
| 1501 | BIO_printf(bio_err,"unable to load number from %s\n", | ||
| 1502 | serialfile); | ||
| 1503 | goto err; | ||
| 1504 | } | ||
| 1505 | ret=ASN1_INTEGER_to_BN(ai,NULL); | ||
| 1506 | if (ret == NULL) | ||
| 1507 | { | ||
| 1508 | BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); | ||
| 1509 | goto err; | ||
| 1510 | } | ||
| 1511 | } | ||
| 1512 | |||
| 1513 | if (ret && retai) | ||
| 1514 | { | ||
| 1515 | *retai = ai; | ||
| 1516 | ai = NULL; | ||
| 1517 | } | ||
| 1518 | err: | ||
| 1519 | if (in != NULL) BIO_free(in); | ||
| 1520 | if (ai != NULL) ASN1_INTEGER_free(ai); | ||
| 1521 | return(ret); | ||
| 1522 | } | ||
| 1523 | |||
| 1524 | int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai) | ||
| 1525 | { | ||
| 1526 | char buf[1][BSIZE]; | ||
| 1527 | BIO *out = NULL; | ||
| 1528 | int ret=0; | ||
| 1529 | ASN1_INTEGER *ai=NULL; | ||
| 1530 | int j; | ||
| 1531 | |||
| 1532 | if (suffix == NULL) | ||
| 1533 | j = strlen(serialfile); | ||
| 1534 | else | ||
| 1535 | j = strlen(serialfile) + strlen(suffix) + 1; | ||
| 1536 | if (j >= BSIZE) | ||
| 1537 | { | ||
| 1538 | BIO_printf(bio_err,"file name too long\n"); | ||
| 1539 | goto err; | ||
| 1540 | } | ||
| 1541 | |||
| 1542 | if (suffix == NULL) | ||
| 1543 | BUF_strlcpy(buf[0], serialfile, BSIZE); | ||
| 1544 | else | ||
| 1545 | { | ||
| 1546 | #ifndef OPENSSL_SYS_VMS | ||
| 1547 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); | ||
| 1548 | #else | ||
| 1549 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); | ||
| 1550 | #endif | ||
| 1551 | } | ||
| 1552 | #ifdef RL_DEBUG | ||
| 1553 | BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); | ||
| 1554 | #endif | ||
| 1555 | out=BIO_new(BIO_s_file()); | ||
| 1556 | if (out == NULL) | ||
| 1557 | { | ||
| 1558 | ERR_print_errors(bio_err); | ||
| 1559 | goto err; | ||
| 1560 | } | ||
| 1561 | if (BIO_write_filename(out,buf[0]) <= 0) | ||
| 1562 | { | ||
| 1563 | perror(serialfile); | ||
| 1564 | goto err; | ||
| 1565 | } | ||
| 1566 | |||
| 1567 | if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) | ||
| 1568 | { | ||
| 1569 | BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); | ||
| 1570 | goto err; | ||
| 1571 | } | ||
| 1572 | i2a_ASN1_INTEGER(out,ai); | ||
| 1573 | BIO_puts(out,"\n"); | ||
| 1574 | ret=1; | ||
| 1575 | if (retai) | ||
| 1576 | { | ||
| 1577 | *retai = ai; | ||
| 1578 | ai = NULL; | ||
| 1579 | } | ||
| 1580 | err: | ||
| 1581 | if (out != NULL) BIO_free_all(out); | ||
| 1582 | if (ai != NULL) ASN1_INTEGER_free(ai); | ||
| 1583 | return(ret); | ||
| 1584 | } | ||
| 1585 | |||
| 1586 | int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) | ||
| 1587 | { | ||
| 1588 | char buf[5][BSIZE]; | ||
| 1589 | int i,j; | ||
| 1590 | struct stat sb; | ||
| 1591 | |||
| 1592 | i = strlen(serialfile) + strlen(old_suffix); | ||
| 1593 | j = strlen(serialfile) + strlen(new_suffix); | ||
| 1594 | if (i > j) j = i; | ||
| 1595 | if (j + 1 >= BSIZE) | ||
| 1596 | { | ||
| 1597 | BIO_printf(bio_err,"file name too long\n"); | ||
| 1598 | goto err; | ||
| 1599 | } | ||
| 1600 | |||
| 1601 | #ifndef OPENSSL_SYS_VMS | ||
| 1602 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", | ||
| 1603 | serialfile, new_suffix); | ||
| 1604 | #else | ||
| 1605 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", | ||
| 1606 | serialfile, new_suffix); | ||
| 1607 | #endif | ||
| 1608 | #ifndef OPENSSL_SYS_VMS | ||
| 1609 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", | ||
| 1610 | serialfile, old_suffix); | ||
| 1611 | #else | ||
| 1612 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", | ||
| 1613 | serialfile, old_suffix); | ||
| 1614 | #endif | ||
| 1615 | if (stat(serialfile,&sb) < 0) | ||
| 1616 | { | ||
| 1617 | if (errno != ENOENT | ||
| 1618 | #ifdef ENOTDIR | ||
| 1619 | && errno != ENOTDIR) | ||
| 1620 | #endif | ||
| 1621 | goto err; | ||
| 1622 | } | ||
| 1623 | else | ||
| 1624 | { | ||
| 1625 | #ifdef RL_DEBUG | ||
| 1626 | BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", | ||
| 1627 | serialfile, buf[1]); | ||
| 1628 | #endif | ||
| 1629 | if (rename(serialfile,buf[1]) < 0) | ||
| 1630 | { | ||
| 1631 | BIO_printf(bio_err, | ||
| 1632 | "unable to rename %s to %s\n", | ||
| 1633 | serialfile, buf[1]); | ||
| 1634 | perror("reason"); | ||
| 1635 | goto err; | ||
| 1636 | } | ||
| 1637 | } | ||
| 1638 | #ifdef RL_DEBUG | ||
| 1639 | BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", | ||
| 1640 | buf[0],serialfile); | ||
| 1641 | #endif | ||
| 1642 | if (rename(buf[0],serialfile) < 0) | ||
| 1643 | { | ||
| 1644 | BIO_printf(bio_err, | ||
| 1645 | "unable to rename %s to %s\n", | ||
| 1646 | buf[0],serialfile); | ||
| 1647 | perror("reason"); | ||
| 1648 | rename(buf[1],serialfile); | ||
| 1649 | goto err; | ||
| 1650 | } | ||
| 1651 | return 1; | ||
| 1652 | err: | ||
| 1653 | return 0; | ||
| 1654 | } | ||
| 1655 | |||
| 1656 | CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) | ||
| 1657 | { | ||
| 1658 | CA_DB *retdb = NULL; | ||
| 1659 | TXT_DB *tmpdb = NULL; | ||
| 1660 | BIO *in = BIO_new(BIO_s_file()); | ||
| 1661 | CONF *dbattr_conf = NULL; | ||
| 1662 | char buf[1][BSIZE]; | ||
| 1663 | long errorline= -1; | ||
| 1664 | |||
| 1665 | if (in == NULL) | ||
| 1666 | { | ||
| 1667 | ERR_print_errors(bio_err); | ||
| 1668 | goto err; | ||
| 1669 | } | ||
| 1670 | if (BIO_read_filename(in,dbfile) <= 0) | ||
| 1671 | { | ||
| 1672 | perror(dbfile); | ||
| 1673 | BIO_printf(bio_err,"unable to open '%s'\n",dbfile); | ||
| 1674 | goto err; | ||
| 1675 | } | ||
| 1676 | if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL) | ||
| 1677 | { | ||
| 1678 | if (tmpdb != NULL) TXT_DB_free(tmpdb); | ||
| 1679 | goto err; | ||
| 1680 | } | ||
| 1681 | |||
| 1682 | #ifndef OPENSSL_SYS_VMS | ||
| 1683 | BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); | ||
| 1684 | #else | ||
| 1685 | BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); | ||
| 1686 | #endif | ||
| 1687 | dbattr_conf = NCONF_new(NULL); | ||
| 1688 | if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0) | ||
| 1689 | { | ||
| 1690 | if (errorline > 0) | ||
| 1691 | { | ||
| 1692 | BIO_printf(bio_err, | ||
| 1693 | "error on line %ld of db attribute file '%s'\n" | ||
| 1694 | ,errorline,buf[0]); | ||
| 1695 | goto err; | ||
| 1696 | } | ||
| 1697 | else | ||
| 1698 | { | ||
| 1699 | NCONF_free(dbattr_conf); | ||
| 1700 | dbattr_conf = NULL; | ||
| 1701 | } | ||
| 1702 | } | ||
| 1703 | |||
| 1704 | if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) | ||
| 1705 | { | ||
| 1706 | fprintf(stderr, "Out of memory\n"); | ||
| 1707 | goto err; | ||
| 1708 | } | ||
| 1709 | |||
| 1710 | retdb->db = tmpdb; | ||
| 1711 | tmpdb = NULL; | ||
| 1712 | if (db_attr) | ||
| 1713 | retdb->attributes = *db_attr; | ||
| 1714 | else | ||
| 1715 | { | ||
| 1716 | retdb->attributes.unique_subject = 1; | ||
| 1717 | } | ||
| 1718 | |||
| 1719 | if (dbattr_conf) | ||
| 1720 | { | ||
| 1721 | char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); | ||
| 1722 | if (p) | ||
| 1723 | { | ||
| 1724 | BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); | ||
| 1725 | switch(*p) | ||
| 1726 | { | ||
| 1727 | case 'f': /* false */ | ||
| 1728 | case 'F': /* FALSE */ | ||
| 1729 | case 'n': /* no */ | ||
| 1730 | case 'N': /* NO */ | ||
| 1731 | retdb->attributes.unique_subject = 0; | ||
| 1732 | break; | ||
| 1733 | case 't': /* true */ | ||
| 1734 | case 'T': /* TRUE */ | ||
| 1735 | case 'y': /* yes */ | ||
| 1736 | case 'Y': /* YES */ | ||
| 1737 | default: | ||
| 1738 | retdb->attributes.unique_subject = 1; | ||
| 1739 | break; | ||
| 1740 | } | ||
| 1741 | } | ||
| 1742 | } | ||
| 1743 | |||
| 1744 | err: | ||
| 1745 | if (dbattr_conf) NCONF_free(dbattr_conf); | ||
| 1746 | if (tmpdb) TXT_DB_free(tmpdb); | ||
| 1747 | if (in) BIO_free_all(in); | ||
| 1748 | return retdb; | ||
| 1749 | } | ||
| 1750 | |||
| 1751 | int index_index(CA_DB *db) | ||
| 1752 | { | ||
| 1753 | if (!TXT_DB_create_index(db->db, DB_serial, NULL, | ||
| 1754 | LHASH_HASH_FN(index_serial_hash), | ||
| 1755 | LHASH_COMP_FN(index_serial_cmp))) | ||
| 1756 | { | ||
| 1757 | BIO_printf(bio_err, | ||
| 1758 | "error creating serial number index:(%ld,%ld,%ld)\n", | ||
| 1759 | db->db->error,db->db->arg1,db->db->arg2); | ||
| 1760 | return 0; | ||
| 1761 | } | ||
| 1762 | |||
| 1763 | if (db->attributes.unique_subject | ||
| 1764 | && !TXT_DB_create_index(db->db, DB_name, index_name_qual, | ||
| 1765 | LHASH_HASH_FN(index_name_hash), | ||
| 1766 | LHASH_COMP_FN(index_name_cmp))) | ||
| 1767 | { | ||
| 1768 | BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", | ||
| 1769 | db->db->error,db->db->arg1,db->db->arg2); | ||
| 1770 | return 0; | ||
| 1771 | } | ||
| 1772 | return 1; | ||
| 1773 | } | ||
| 1774 | |||
| 1775 | int save_index(char *dbfile, char *suffix, CA_DB *db) | ||
| 1776 | { | ||
| 1777 | char buf[3][BSIZE]; | ||
| 1778 | BIO *out = BIO_new(BIO_s_file()); | ||
| 1779 | int j; | ||
| 1780 | |||
| 1781 | if (out == NULL) | ||
| 1782 | { | ||
| 1783 | ERR_print_errors(bio_err); | ||
| 1784 | goto err; | ||
| 1785 | } | ||
| 1786 | |||
| 1787 | j = strlen(dbfile) + strlen(suffix); | ||
| 1788 | if (j + 6 >= BSIZE) | ||
| 1789 | { | ||
| 1790 | BIO_printf(bio_err,"file name too long\n"); | ||
| 1791 | goto err; | ||
| 1792 | } | ||
| 1793 | |||
| 1794 | #ifndef OPENSSL_SYS_VMS | ||
| 1795 | j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); | ||
| 1796 | #else | ||
| 1797 | j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); | ||
| 1798 | #endif | ||
| 1799 | #ifndef OPENSSL_SYS_VMS | ||
| 1800 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); | ||
| 1801 | #else | ||
| 1802 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); | ||
| 1803 | #endif | ||
| 1804 | #ifndef OPENSSL_SYS_VMS | ||
| 1805 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); | ||
| 1806 | #else | ||
| 1807 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); | ||
| 1808 | #endif | ||
| 1809 | #ifdef RL_DEBUG | ||
| 1810 | BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); | ||
| 1811 | #endif | ||
| 1812 | if (BIO_write_filename(out,buf[0]) <= 0) | ||
| 1813 | { | ||
| 1814 | perror(dbfile); | ||
| 1815 | BIO_printf(bio_err,"unable to open '%s'\n", dbfile); | ||
| 1816 | goto err; | ||
| 1817 | } | ||
| 1818 | j=TXT_DB_write(out,db->db); | ||
| 1819 | if (j <= 0) goto err; | ||
| 1820 | |||
| 1821 | BIO_free(out); | ||
| 1822 | |||
| 1823 | out = BIO_new(BIO_s_file()); | ||
| 1824 | #ifdef RL_DEBUG | ||
| 1825 | BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]); | ||
| 1826 | #endif | ||
| 1827 | if (BIO_write_filename(out,buf[1]) <= 0) | ||
| 1828 | { | ||
| 1829 | perror(buf[2]); | ||
| 1830 | BIO_printf(bio_err,"unable to open '%s'\n", buf[2]); | ||
| 1831 | goto err; | ||
| 1832 | } | ||
| 1833 | BIO_printf(out,"unique_subject = %s\n", | ||
| 1834 | db->attributes.unique_subject ? "yes" : "no"); | ||
| 1835 | BIO_free(out); | ||
| 1836 | |||
| 1837 | return 1; | ||
| 1838 | err: | ||
| 1839 | return 0; | ||
| 1840 | } | ||
| 1841 | |||
| 1842 | int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) | ||
| 1843 | { | ||
| 1844 | char buf[5][BSIZE]; | ||
| 1845 | int i,j; | ||
| 1846 | struct stat sb; | ||
| 1847 | |||
| 1848 | i = strlen(dbfile) + strlen(old_suffix); | ||
| 1849 | j = strlen(dbfile) + strlen(new_suffix); | ||
| 1850 | if (i > j) j = i; | ||
| 1851 | if (j + 6 >= BSIZE) | ||
| 1852 | { | ||
| 1853 | BIO_printf(bio_err,"file name too long\n"); | ||
| 1854 | goto err; | ||
| 1855 | } | ||
| 1856 | |||
| 1857 | #ifndef OPENSSL_SYS_VMS | ||
| 1858 | j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); | ||
| 1859 | #else | ||
| 1860 | j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); | ||
| 1861 | #endif | ||
| 1862 | #ifndef OPENSSL_SYS_VMS | ||
| 1863 | j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", | ||
| 1864 | dbfile, new_suffix); | ||
| 1865 | #else | ||
| 1866 | j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", | ||
| 1867 | dbfile, new_suffix); | ||
| 1868 | #endif | ||
| 1869 | #ifndef OPENSSL_SYS_VMS | ||
| 1870 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", | ||
| 1871 | dbfile, new_suffix); | ||
| 1872 | #else | ||
| 1873 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", | ||
| 1874 | dbfile, new_suffix); | ||
| 1875 | #endif | ||
| 1876 | #ifndef OPENSSL_SYS_VMS | ||
| 1877 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", | ||
| 1878 | dbfile, old_suffix); | ||
| 1879 | #else | ||
| 1880 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", | ||
| 1881 | dbfile, old_suffix); | ||
| 1882 | #endif | ||
| 1883 | #ifndef OPENSSL_SYS_VMS | ||
| 1884 | j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", | ||
| 1885 | dbfile, old_suffix); | ||
| 1886 | #else | ||
| 1887 | j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", | ||
| 1888 | dbfile, old_suffix); | ||
| 1889 | #endif | ||
| 1890 | if (stat(dbfile,&sb) < 0) | ||
| 1891 | { | ||
| 1892 | if (errno != ENOENT | ||
| 1893 | #ifdef ENOTDIR | ||
| 1894 | && errno != ENOTDIR) | ||
| 1895 | #endif | ||
| 1896 | goto err; | ||
| 1897 | } | ||
| 1898 | else | ||
| 1899 | { | ||
| 1900 | #ifdef RL_DEBUG | ||
| 1901 | BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", | ||
| 1902 | dbfile, buf[1]); | ||
| 1903 | #endif | ||
| 1904 | if (rename(dbfile,buf[1]) < 0) | ||
| 1905 | { | ||
| 1906 | BIO_printf(bio_err, | ||
| 1907 | "unable to rename %s to %s\n", | ||
| 1908 | dbfile, buf[1]); | ||
| 1909 | perror("reason"); | ||
| 1910 | goto err; | ||
| 1911 | } | ||
| 1912 | } | ||
| 1913 | #ifdef RL_DEBUG | ||
| 1914 | BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", | ||
| 1915 | buf[0],dbfile); | ||
| 1916 | #endif | ||
| 1917 | if (rename(buf[0],dbfile) < 0) | ||
| 1918 | { | ||
| 1919 | BIO_printf(bio_err, | ||
| 1920 | "unable to rename %s to %s\n", | ||
| 1921 | buf[0],dbfile); | ||
| 1922 | perror("reason"); | ||
| 1923 | rename(buf[1],dbfile); | ||
| 1924 | goto err; | ||
| 1925 | } | ||
| 1926 | if (stat(buf[4],&sb) < 0) | ||
| 1927 | { | ||
| 1928 | if (errno != ENOENT | ||
| 1929 | #ifdef ENOTDIR | ||
| 1930 | && errno != ENOTDIR) | ||
| 1931 | #endif | ||
| 1932 | goto err; | ||
| 1933 | } | ||
| 1934 | else | ||
| 1935 | { | ||
| 1936 | #ifdef RL_DEBUG | ||
| 1937 | BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", | ||
| 1938 | buf[4],buf[3]); | ||
| 1939 | #endif | ||
| 1940 | if (rename(buf[4],buf[3]) < 0) | ||
| 1941 | { | ||
| 1942 | BIO_printf(bio_err, | ||
| 1943 | "unable to rename %s to %s\n", | ||
| 1944 | buf[4], buf[3]); | ||
| 1945 | perror("reason"); | ||
| 1946 | rename(dbfile,buf[0]); | ||
| 1947 | rename(buf[1],dbfile); | ||
| 1948 | goto err; | ||
| 1949 | } | ||
| 1950 | } | ||
| 1951 | #ifdef RL_DEBUG | ||
| 1952 | BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", | ||
| 1953 | buf[2],buf[4]); | ||
| 1954 | #endif | ||
| 1955 | if (rename(buf[2],buf[4]) < 0) | ||
| 1956 | { | ||
| 1957 | BIO_printf(bio_err, | ||
| 1958 | "unable to rename %s to %s\n", | ||
| 1959 | buf[2],buf[4]); | ||
| 1960 | perror("reason"); | ||
| 1961 | rename(buf[3],buf[4]); | ||
| 1962 | rename(dbfile,buf[0]); | ||
| 1963 | rename(buf[1],dbfile); | ||
| 1964 | goto err; | ||
| 1965 | } | ||
| 1966 | return 1; | ||
| 1967 | err: | ||
| 1968 | return 0; | ||
| 1969 | } | ||
| 1970 | |||
| 1971 | void free_index(CA_DB *db) | ||
| 1972 | { | ||
| 1973 | TXT_DB_free(db->db); | ||
| 1974 | OPENSSL_free(db); | ||
| 1975 | } | ||
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h index c36b9d2566..8a9c4ab0a0 100644 --- a/src/lib/libssl/src/apps/apps.h +++ b/src/lib/libssl/src/apps/apps.h | |||
| @@ -287,7 +287,38 @@ char *make_config_name(void); | |||
| 287 | /* Functions defined in ca.c and also used in ocsp.c */ | 287 | /* Functions defined in ca.c and also used in ocsp.c */ |
| 288 | int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, | 288 | int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, |
| 289 | ASN1_GENERALIZEDTIME **pinvtm, char *str); | 289 | ASN1_GENERALIZEDTIME **pinvtm, char *str); |
| 290 | int make_serial_index(TXT_DB *db); | 290 | |
| 291 | #define DB_type 0 | ||
| 292 | #define DB_exp_date 1 | ||
| 293 | #define DB_rev_date 2 | ||
| 294 | #define DB_serial 3 /* index - unique */ | ||
| 295 | #define DB_file 4 | ||
| 296 | #define DB_name 5 /* index - unique when active and not disabled */ | ||
| 297 | #define DB_NUMBER 6 | ||
| 298 | |||
| 299 | #define DB_TYPE_REV 'R' | ||
| 300 | #define DB_TYPE_EXP 'E' | ||
| 301 | #define DB_TYPE_VAL 'V' | ||
| 302 | |||
| 303 | typedef struct db_attr_st | ||
| 304 | { | ||
| 305 | int unique_subject; | ||
| 306 | } DB_ATTR; | ||
| 307 | typedef struct ca_db_st | ||
| 308 | { | ||
| 309 | DB_ATTR attributes; | ||
| 310 | TXT_DB *db; | ||
| 311 | } CA_DB; | ||
| 312 | |||
| 313 | BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); | ||
| 314 | int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai); | ||
| 315 | int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); | ||
| 316 | CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); | ||
| 317 | int index_index(CA_DB *db); | ||
| 318 | int save_index(char *dbfile, char *suffix, CA_DB *db); | ||
| 319 | int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); | ||
| 320 | void free_index(CA_DB *db); | ||
| 321 | int index_name_cmp(const char **a, const char **b); | ||
| 291 | 322 | ||
| 292 | X509_NAME *do_subject(char *str, long chtype); | 323 | X509_NAME *do_subject(char *str, long chtype); |
| 293 | 324 | ||
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c index 8367415405..7db40adf04 100644 --- a/src/lib/libssl/src/apps/asn1pars.c +++ b/src/lib/libssl/src/apps/asn1pars.c | |||
| @@ -304,7 +304,15 @@ bad: | |||
| 304 | num=tmplen; | 304 | num=tmplen; |
| 305 | } | 305 | } |
| 306 | 306 | ||
| 307 | if (length == 0) length=(unsigned int)num; | 307 | if (offset >= num) |
| 308 | { | ||
| 309 | BIO_printf(bio_err, "Error: offset too large\n"); | ||
| 310 | goto end; | ||
| 311 | } | ||
| 312 | |||
| 313 | num -= offset; | ||
| 314 | |||
| 315 | if ((length == 0) || ((long)length > num)) length=(unsigned int)num; | ||
| 308 | if(derout) { | 316 | if(derout) { |
| 309 | if(BIO_write(derout, str + offset, length) != (int)length) { | 317 | if(BIO_write(derout, str + offset, length) != (int)length) { |
| 310 | BIO_printf(bio_err, "Error writing output\n"); | 318 | BIO_printf(bio_err, "Error writing output\n"); |
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index 7ed60c7a9a..2db61b1eae 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c | |||
| @@ -122,6 +122,7 @@ | |||
| 122 | #define ENV_NEW_CERTS_DIR "new_certs_dir" | 122 | #define ENV_NEW_CERTS_DIR "new_certs_dir" |
| 123 | #define ENV_CERTIFICATE "certificate" | 123 | #define ENV_CERTIFICATE "certificate" |
| 124 | #define ENV_SERIAL "serial" | 124 | #define ENV_SERIAL "serial" |
| 125 | #define ENV_CRLNUMBER "crlnumber" | ||
| 125 | #define ENV_CRL "crl" | 126 | #define ENV_CRL "crl" |
| 126 | #define ENV_PRIVATE_KEY "private_key" | 127 | #define ENV_PRIVATE_KEY "private_key" |
| 127 | #define ENV_RANDFILE "RANDFILE" | 128 | #define ENV_RANDFILE "RANDFILE" |
| @@ -143,18 +144,6 @@ | |||
| 143 | 144 | ||
| 144 | #define ENV_DATABASE "database" | 145 | #define ENV_DATABASE "database" |
| 145 | 146 | ||
| 146 | #define DB_type 0 | ||
| 147 | #define DB_exp_date 1 | ||
| 148 | #define DB_rev_date 2 | ||
| 149 | #define DB_serial 3 /* index - unique */ | ||
| 150 | #define DB_file 4 | ||
| 151 | #define DB_name 5 /* index - unique for active */ | ||
| 152 | #define DB_NUMBER 6 | ||
| 153 | |||
| 154 | #define DB_TYPE_REV 'R' | ||
| 155 | #define DB_TYPE_EXP 'E' | ||
| 156 | #define DB_TYPE_VAL 'V' | ||
| 157 | |||
| 158 | /* Additional revocation information types */ | 147 | /* Additional revocation information types */ |
| 159 | 148 | ||
| 160 | #define REV_NONE 0 /* No addditional information */ | 149 | #define REV_NONE 0 /* No addditional information */ |
| @@ -211,43 +200,36 @@ extern int EF_ALIGNMENT; | |||
| 211 | #endif | 200 | #endif |
| 212 | 201 | ||
| 213 | static void lookup_fail(char *name,char *tag); | 202 | static void lookup_fail(char *name,char *tag); |
| 214 | static unsigned long index_serial_hash(const char **a); | ||
| 215 | static int index_serial_cmp(const char **a, const char **b); | ||
| 216 | static unsigned long index_name_hash(const char **a); | ||
| 217 | static int index_name_qual(char **a); | ||
| 218 | static int index_name_cmp(const char **a,const char **b); | ||
| 219 | static BIGNUM *load_serial(char *serialfile); | ||
| 220 | static int save_serial(char *serialfile, BIGNUM *serial); | ||
| 221 | static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, | 203 | static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, |
| 222 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, | 204 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, |
| 223 | BIGNUM *serial, char *subj, int email_dn, char *startdate, | 205 | BIGNUM *serial, char *subj, int email_dn, char *startdate, |
| 224 | char *enddate, long days, int batch, char *ext_sect, CONF *conf, | 206 | char *enddate, long days, int batch, char *ext_sect, CONF *conf, |
| 225 | int verbose, unsigned long certopt, unsigned long nameopt, | 207 | int verbose, unsigned long certopt, unsigned long nameopt, |
| 226 | int default_op, int ext_copy); | 208 | int default_op, int ext_copy); |
| 227 | static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, | 209 | static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, |
| 228 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, | 210 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, |
| 229 | TXT_DB *db, BIGNUM *serial, char *subj, int email_dn, | 211 | CA_DB *db, BIGNUM *serial, char *subj, int email_dn, |
| 230 | char *startdate, char *enddate, long days, int batch, | 212 | char *startdate, char *enddate, long days, int batch, |
| 231 | char *ext_sect, CONF *conf,int verbose, unsigned long certopt, | 213 | char *ext_sect, CONF *conf,int verbose, unsigned long certopt, |
| 232 | unsigned long nameopt, int default_op, int ext_copy, | 214 | unsigned long nameopt, int default_op, int ext_copy, |
| 233 | ENGINE *e); | 215 | ENGINE *e); |
| 234 | static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, | 216 | static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, |
| 235 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, | 217 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, |
| 236 | TXT_DB *db, BIGNUM *serial,char *subj, int email_dn, | 218 | CA_DB *db, BIGNUM *serial,char *subj, int email_dn, |
| 237 | char *startdate, char *enddate, long days, char *ext_sect, | 219 | char *startdate, char *enddate, long days, char *ext_sect, |
| 238 | CONF *conf, int verbose, unsigned long certopt, | 220 | CONF *conf, int verbose, unsigned long certopt, |
| 239 | unsigned long nameopt, int default_op, int ext_copy); | 221 | unsigned long nameopt, int default_op, int ext_copy); |
| 240 | static int fix_data(int nid, int *type); | 222 | static int fix_data(int nid, int *type); |
| 241 | static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); | 223 | static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); |
| 242 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | 224 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, |
| 243 | STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, | 225 | STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, |
| 244 | int email_dn, char *startdate, char *enddate, long days, int batch, | 226 | int email_dn, char *startdate, char *enddate, long days, int batch, |
| 245 | int verbose, X509_REQ *req, char *ext_sect, CONF *conf, | 227 | int verbose, X509_REQ *req, char *ext_sect, CONF *conf, |
| 246 | unsigned long certopt, unsigned long nameopt, int default_op, | 228 | unsigned long certopt, unsigned long nameopt, int default_op, |
| 247 | int ext_copy); | 229 | int ext_copy); |
| 248 | static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval); | 230 | static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); |
| 249 | static int get_certificate_status(const char *ser_status, TXT_DB *db); | 231 | static int get_certificate_status(const char *ser_status, CA_DB *db); |
| 250 | static int do_updatedb(TXT_DB *db); | 232 | static int do_updatedb(CA_DB *db); |
| 251 | static int check_time_format(char *str); | 233 | static int check_time_format(char *str); |
| 252 | char *make_revocation_str(int rev_type, char *rev_arg); | 234 | char *make_revocation_str(int rev_type, char *rev_arg); |
| 253 | int make_revoked(X509_REVOKED *rev, char *str); | 235 | int make_revoked(X509_REVOKED *rev, char *str); |
| @@ -259,11 +241,6 @@ static char *section=NULL; | |||
| 259 | static int preserve=0; | 241 | static int preserve=0; |
| 260 | static int msie_hack=0; | 242 | static int msie_hack=0; |
| 261 | 243 | ||
| 262 | static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) | ||
| 263 | static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) | ||
| 264 | static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) | ||
| 265 | static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) | ||
| 266 | |||
| 267 | 244 | ||
| 268 | int MAIN(int, char **); | 245 | int MAIN(int, char **); |
| 269 | 246 | ||
| @@ -300,6 +277,7 @@ int MAIN(int argc, char **argv) | |||
| 300 | char *outfile=NULL; | 277 | char *outfile=NULL; |
| 301 | char *outdir=NULL; | 278 | char *outdir=NULL; |
| 302 | char *serialfile=NULL; | 279 | char *serialfile=NULL; |
| 280 | char *crlnumberfile=NULL; | ||
| 303 | char *extensions=NULL; | 281 | char *extensions=NULL; |
| 304 | char *extfile=NULL; | 282 | char *extfile=NULL; |
| 305 | char *subj=NULL; | 283 | char *subj=NULL; |
| @@ -308,6 +286,7 @@ int MAIN(int argc, char **argv) | |||
| 308 | int rev_type = REV_NONE; | 286 | int rev_type = REV_NONE; |
| 309 | char *rev_arg = NULL; | 287 | char *rev_arg = NULL; |
| 310 | BIGNUM *serial=NULL; | 288 | BIGNUM *serial=NULL; |
| 289 | BIGNUM *crlnumber=NULL; | ||
| 311 | char *startdate=NULL; | 290 | char *startdate=NULL; |
| 312 | char *enddate=NULL; | 291 | char *enddate=NULL; |
| 313 | long days=0; | 292 | long days=0; |
| @@ -320,14 +299,13 @@ int MAIN(int argc, char **argv) | |||
| 320 | X509 *x=NULL; | 299 | X509 *x=NULL; |
| 321 | BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; | 300 | BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; |
| 322 | char *dbfile=NULL; | 301 | char *dbfile=NULL; |
| 323 | TXT_DB *db=NULL; | 302 | CA_DB *db=NULL; |
| 324 | X509_CRL *crl=NULL; | 303 | X509_CRL *crl=NULL; |
| 325 | X509_REVOKED *r=NULL; | 304 | X509_REVOKED *r=NULL; |
| 326 | ASN1_TIME *tmptm; | 305 | ASN1_TIME *tmptm; |
| 327 | ASN1_INTEGER *tmpser; | 306 | ASN1_INTEGER *tmpser; |
| 328 | char **pp,*p,*f; | 307 | char **pp,*p,*f; |
| 329 | int i,j; | 308 | int i,j; |
| 330 | long l; | ||
| 331 | const EVP_MD *dgst=NULL; | 309 | const EVP_MD *dgst=NULL; |
| 332 | STACK_OF(CONF_VALUE) *attribs=NULL; | 310 | STACK_OF(CONF_VALUE) *attribs=NULL; |
| 333 | STACK_OF(X509) *cert_sk=NULL; | 311 | STACK_OF(X509) *cert_sk=NULL; |
| @@ -339,6 +317,7 @@ int MAIN(int argc, char **argv) | |||
| 339 | char *engine = NULL; | 317 | char *engine = NULL; |
| 340 | #endif | 318 | #endif |
| 341 | char *tofree=NULL; | 319 | char *tofree=NULL; |
| 320 | DB_ATTR db_attr; | ||
| 342 | 321 | ||
| 343 | #ifdef EFENCE | 322 | #ifdef EFENCE |
| 344 | EF_PROTECT_FREE=1; | 323 | EF_PROTECT_FREE=1; |
| @@ -579,16 +558,19 @@ bad: | |||
| 579 | if (configfile == NULL) | 558 | if (configfile == NULL) |
| 580 | { | 559 | { |
| 581 | const char *s=X509_get_default_cert_area(); | 560 | const char *s=X509_get_default_cert_area(); |
| 561 | size_t len; | ||
| 582 | 562 | ||
| 583 | #ifdef OPENSSL_SYS_VMS | 563 | #ifdef OPENSSL_SYS_VMS |
| 584 | tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); | 564 | len = strlen(s)+sizeof(CONFIG_FILE); |
| 565 | tofree=OPENSSL_malloc(len); | ||
| 585 | strcpy(tofree,s); | 566 | strcpy(tofree,s); |
| 586 | #else | 567 | #else |
| 587 | tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); | 568 | len = strlen(s)+sizeof(CONFIG_FILE)+1; |
| 588 | strcpy(tofree,s); | 569 | tofree=OPENSSL_malloc(len); |
| 589 | strcat(tofree,"/"); | 570 | BUF_strlcpy(tofree,s,len); |
| 571 | BUF_strlcat(tofree,"/",len); | ||
| 590 | #endif | 572 | #endif |
| 591 | strcat(tofree,CONFIG_FILE); | 573 | BUF_strlcat(tofree,CONFIG_FILE,len); |
| 592 | configfile=tofree; | 574 | configfile=tofree; |
| 593 | } | 575 | } |
| 594 | 576 | ||
| @@ -659,6 +641,39 @@ bad: | |||
| 659 | if (randfile == NULL) | 641 | if (randfile == NULL) |
| 660 | ERR_clear_error(); | 642 | ERR_clear_error(); |
| 661 | app_RAND_load_file(randfile, bio_err, 0); | 643 | app_RAND_load_file(randfile, bio_err, 0); |
| 644 | |||
| 645 | db_attr.unique_subject = 1; | ||
| 646 | p = NCONF_get_string(conf, section, "unique_subject"); | ||
| 647 | if (p) | ||
| 648 | { | ||
| 649 | #ifdef RL_DEBUG | ||
| 650 | BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); | ||
| 651 | #endif | ||
| 652 | switch(*p) | ||
| 653 | { | ||
| 654 | case 'f': /* false */ | ||
| 655 | case 'F': /* FALSE */ | ||
| 656 | case 'n': /* no */ | ||
| 657 | case 'N': /* NO */ | ||
| 658 | db_attr.unique_subject = 0; | ||
| 659 | break; | ||
| 660 | case 't': /* true */ | ||
| 661 | case 'T': /* TRUE */ | ||
| 662 | case 'y': /* yes */ | ||
| 663 | case 'Y': /* YES */ | ||
| 664 | default: | ||
| 665 | db_attr.unique_subject = 1; | ||
| 666 | break; | ||
| 667 | } | ||
| 668 | } | ||
| 669 | #ifdef RL_DEBUG | ||
| 670 | else | ||
| 671 | BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p); | ||
| 672 | #endif | ||
| 673 | #ifdef RL_DEBUG | ||
| 674 | BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n", | ||
| 675 | db_attr.unique_subject); | ||
| 676 | #endif | ||
| 662 | 677 | ||
| 663 | in=BIO_new(BIO_s_file()); | 678 | in=BIO_new(BIO_s_file()); |
| 664 | out=BIO_new(BIO_s_file()); | 679 | out=BIO_new(BIO_s_file()); |
| @@ -679,17 +694,10 @@ bad: | |||
| 679 | lookup_fail(section,ENV_DATABASE); | 694 | lookup_fail(section,ENV_DATABASE); |
| 680 | goto err; | 695 | goto err; |
| 681 | } | 696 | } |
| 682 | if (BIO_read_filename(in,dbfile) <= 0) | 697 | db = load_index(dbfile,&db_attr); |
| 683 | { | ||
| 684 | perror(dbfile); | ||
| 685 | BIO_printf(bio_err,"unable to open '%s'\n",dbfile); | ||
| 686 | goto err; | ||
| 687 | } | ||
| 688 | db=TXT_DB_read(in,DB_NUMBER); | ||
| 689 | if (db == NULL) goto err; | 698 | if (db == NULL) goto err; |
| 690 | 699 | ||
| 691 | if (!make_serial_index(db)) | 700 | if (!index_index(db)) goto err; |
| 692 | goto err; | ||
| 693 | 701 | ||
| 694 | if (get_certificate_status(ser_status,db) != 1) | 702 | if (get_certificate_status(ser_status,db) != 1) |
| 695 | BIO_printf(bio_err,"Error verifying serial %s!\n", | 703 | BIO_printf(bio_err,"Error verifying serial %s!\n", |
| @@ -849,19 +857,13 @@ bad: | |||
| 849 | lookup_fail(section,ENV_DATABASE); | 857 | lookup_fail(section,ENV_DATABASE); |
| 850 | goto err; | 858 | goto err; |
| 851 | } | 859 | } |
| 852 | if (BIO_read_filename(in,dbfile) <= 0) | 860 | db = load_index(dbfile, &db_attr); |
| 853 | { | ||
| 854 | perror(dbfile); | ||
| 855 | BIO_printf(bio_err,"unable to open '%s'\n",dbfile); | ||
| 856 | goto err; | ||
| 857 | } | ||
| 858 | db=TXT_DB_read(in,DB_NUMBER); | ||
| 859 | if (db == NULL) goto err; | 861 | if (db == NULL) goto err; |
| 860 | 862 | ||
| 861 | /* Lets check some fields */ | 863 | /* Lets check some fields */ |
| 862 | for (i=0; i<sk_num(db->data); i++) | 864 | for (i=0; i<sk_num(db->db->data); i++) |
| 863 | { | 865 | { |
| 864 | pp=(char **)sk_value(db->data,i); | 866 | pp=(char **)sk_value(db->db->data,i); |
| 865 | if ((pp[DB_type][0] != DB_TYPE_REV) && | 867 | if ((pp[DB_type][0] != DB_TYPE_REV) && |
| 866 | (pp[DB_rev_date][0] != '\0')) | 868 | (pp[DB_rev_date][0] != '\0')) |
| 867 | { | 869 | { |
| @@ -912,23 +914,13 @@ bad: | |||
| 912 | out = BIO_push(tmpbio, out); | 914 | out = BIO_push(tmpbio, out); |
| 913 | } | 915 | } |
| 914 | #endif | 916 | #endif |
| 915 | TXT_DB_write(out,db); | 917 | TXT_DB_write(out,db->db); |
| 916 | BIO_printf(bio_err,"%d entries loaded from the database\n", | 918 | BIO_printf(bio_err,"%d entries loaded from the database\n", |
| 917 | db->data->num); | 919 | db->db->data->num); |
| 918 | BIO_printf(bio_err,"generating index\n"); | 920 | BIO_printf(bio_err,"generating index\n"); |
| 919 | } | 921 | } |
| 920 | 922 | ||
| 921 | if (!make_serial_index(db)) | 923 | if (!index_index(db)) goto err; |
| 922 | goto err; | ||
| 923 | |||
| 924 | if (!TXT_DB_create_index(db, DB_name, index_name_qual, | ||
| 925 | LHASH_HASH_FN(index_name_hash), | ||
| 926 | LHASH_COMP_FN(index_name_cmp))) | ||
| 927 | { | ||
| 928 | BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", | ||
| 929 | db->error,db->arg1,db->arg2); | ||
| 930 | goto err; | ||
| 931 | } | ||
| 932 | 924 | ||
| 933 | /*****************************************************************/ | 925 | /*****************************************************************/ |
| 934 | /* Update the db file for expired certificates */ | 926 | /* Update the db file for expired certificates */ |
| @@ -951,62 +943,9 @@ bad: | |||
| 951 | } | 943 | } |
| 952 | else | 944 | else |
| 953 | { | 945 | { |
| 954 | out = BIO_new(BIO_s_file()); | 946 | if (!save_index(dbfile,"new",db)) goto err; |
| 955 | if (out == NULL) | 947 | |
| 956 | { | 948 | if (!rotate_index(dbfile,"new","old")) goto err; |
| 957 | ERR_print_errors(bio_err); | ||
| 958 | goto err; | ||
| 959 | } | ||
| 960 | |||
| 961 | #ifndef OPENSSL_SYS_VMS | ||
| 962 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile); | ||
| 963 | #else | ||
| 964 | j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile); | ||
| 965 | #endif | ||
| 966 | if (j < 0 || j >= sizeof buf[0]) | ||
| 967 | { | ||
| 968 | BIO_printf(bio_err, "file name too long\n"); | ||
| 969 | goto err; | ||
| 970 | } | ||
| 971 | if (BIO_write_filename(out,buf[0]) <= 0) | ||
| 972 | { | ||
| 973 | perror(dbfile); | ||
| 974 | BIO_printf(bio_err,"unable to open '%s'\n", | ||
| 975 | dbfile); | ||
| 976 | goto err; | ||
| 977 | } | ||
| 978 | j=TXT_DB_write(out,db); | ||
| 979 | if (j <= 0) goto err; | ||
| 980 | |||
| 981 | BIO_free(out); | ||
| 982 | out = NULL; | ||
| 983 | #ifndef OPENSSL_SYS_VMS | ||
| 984 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile); | ||
| 985 | #else | ||
| 986 | j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile); | ||
| 987 | #endif | ||
| 988 | if (j < 0 || j >= sizeof buf[1]) | ||
| 989 | { | ||
| 990 | BIO_printf(bio_err, "file name too long\n"); | ||
| 991 | goto err; | ||
| 992 | } | ||
| 993 | if (rename(dbfile,buf[1]) < 0) | ||
| 994 | { | ||
| 995 | BIO_printf(bio_err, | ||
| 996 | "unable to rename %s to %s\n", | ||
| 997 | dbfile, buf[1]); | ||
| 998 | perror("reason"); | ||
| 999 | goto err; | ||
| 1000 | } | ||
| 1001 | if (rename(buf[0],dbfile) < 0) | ||
| 1002 | { | ||
| 1003 | BIO_printf(bio_err, | ||
| 1004 | "unable to rename %s to %s\n", | ||
| 1005 | buf[0],dbfile); | ||
| 1006 | perror("reason"); | ||
| 1007 | rename(buf[1],dbfile); | ||
| 1008 | goto err; | ||
| 1009 | } | ||
| 1010 | 949 | ||
| 1011 | if (verbose) BIO_printf(bio_err, | 950 | if (verbose) BIO_printf(bio_err, |
| 1012 | "Done. %d entries marked as expired\n",i); | 951 | "Done. %d entries marked as expired\n",i); |
| @@ -1167,7 +1106,7 @@ bad: | |||
| 1167 | goto err; | 1106 | goto err; |
| 1168 | } | 1107 | } |
| 1169 | 1108 | ||
| 1170 | if ((serial=load_serial(serialfile)) == NULL) | 1109 | if ((serial=load_serial(serialfile, 0, NULL)) == NULL) |
| 1171 | { | 1110 | { |
| 1172 | BIO_printf(bio_err,"error while loading serial number\n"); | 1111 | BIO_printf(bio_err,"error while loading serial number\n"); |
| 1173 | goto err; | 1112 | goto err; |
| @@ -1301,38 +1240,9 @@ bad: | |||
| 1301 | 1240 | ||
| 1302 | BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); | 1241 | BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); |
| 1303 | 1242 | ||
| 1304 | if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) | 1243 | if (!save_serial(serialfile,"new",serial,NULL)) goto err; |
| 1305 | { | ||
| 1306 | BIO_printf(bio_err,"file name too long\n"); | ||
| 1307 | goto err; | ||
| 1308 | } | ||
| 1309 | |||
| 1310 | strcpy(buf[0],serialfile); | ||
| 1311 | |||
| 1312 | #ifdef OPENSSL_SYS_VMS | ||
| 1313 | strcat(buf[0],"-new"); | ||
| 1314 | #else | ||
| 1315 | strcat(buf[0],".new"); | ||
| 1316 | #endif | ||
| 1317 | |||
| 1318 | if (!save_serial(buf[0],serial)) goto err; | ||
| 1319 | 1244 | ||
| 1320 | strcpy(buf[1],dbfile); | 1245 | if (!save_index(dbfile, "new", db)) goto err; |
| 1321 | |||
| 1322 | #ifdef OPENSSL_SYS_VMS | ||
| 1323 | strcat(buf[1],"-new"); | ||
| 1324 | #else | ||
| 1325 | strcat(buf[1],".new"); | ||
| 1326 | #endif | ||
| 1327 | |||
| 1328 | if (BIO_write_filename(out,buf[1]) <= 0) | ||
| 1329 | { | ||
| 1330 | perror(dbfile); | ||
| 1331 | BIO_printf(bio_err,"unable to open '%s'\n",dbfile); | ||
| 1332 | goto err; | ||
| 1333 | } | ||
| 1334 | l=TXT_DB_write(out,db); | ||
| 1335 | if (l <= 0) goto err; | ||
| 1336 | } | 1246 | } |
| 1337 | 1247 | ||
| 1338 | if (verbose) | 1248 | if (verbose) |
| @@ -1340,7 +1250,7 @@ bad: | |||
| 1340 | for (i=0; i<sk_X509_num(cert_sk); i++) | 1250 | for (i=0; i<sk_X509_num(cert_sk); i++) |
| 1341 | { | 1251 | { |
| 1342 | int k; | 1252 | int k; |
| 1343 | unsigned char *n; | 1253 | char *n; |
| 1344 | 1254 | ||
| 1345 | x=sk_X509_value(cert_sk,i); | 1255 | x=sk_X509_value(cert_sk,i); |
| 1346 | 1256 | ||
| @@ -1356,15 +1266,19 @@ bad: | |||
| 1356 | strcpy(buf[2],outdir); | 1266 | strcpy(buf[2],outdir); |
| 1357 | 1267 | ||
| 1358 | #ifndef OPENSSL_SYS_VMS | 1268 | #ifndef OPENSSL_SYS_VMS |
| 1359 | strcat(buf[2],"/"); | 1269 | BUF_strlcat(buf[2],"/",sizeof(buf[2])); |
| 1360 | #endif | 1270 | #endif |
| 1361 | 1271 | ||
| 1362 | n=(unsigned char *)&(buf[2][strlen(buf[2])]); | 1272 | n=(char *)&(buf[2][strlen(buf[2])]); |
| 1363 | if (j > 0) | 1273 | if (j > 0) |
| 1364 | { | 1274 | { |
| 1365 | for (k=0; k<j; k++) | 1275 | for (k=0; k<j; k++) |
| 1366 | { | 1276 | { |
| 1367 | sprintf((char *)n,"%02X",(unsigned char)*(p++)); | 1277 | if (n >= &(buf[2][sizeof(buf[2])])) |
| 1278 | break; | ||
| 1279 | BIO_snprintf(n, | ||
| 1280 | &buf[2][0] + sizeof(buf[2]) - n, | ||
| 1281 | "%02X",(unsigned char)*(p++)); | ||
| 1368 | n+=2; | 1282 | n+=2; |
| 1369 | } | 1283 | } |
| 1370 | } | 1284 | } |
| @@ -1390,59 +1304,10 @@ bad: | |||
| 1390 | if (sk_X509_num(cert_sk)) | 1304 | if (sk_X509_num(cert_sk)) |
| 1391 | { | 1305 | { |
| 1392 | /* Rename the database and the serial file */ | 1306 | /* Rename the database and the serial file */ |
| 1393 | strncpy(buf[2],serialfile,BSIZE-4); | 1307 | if (!rotate_serial(serialfile,"new","old")) goto err; |
| 1394 | buf[2][BSIZE-4]='\0'; | ||
| 1395 | 1308 | ||
| 1396 | #ifdef OPENSSL_SYS_VMS | 1309 | if (!rotate_index(dbfile,"new","old")) goto err; |
| 1397 | strcat(buf[2],"-old"); | ||
| 1398 | #else | ||
| 1399 | strcat(buf[2],".old"); | ||
| 1400 | #endif | ||
| 1401 | 1310 | ||
| 1402 | BIO_free(in); | ||
| 1403 | BIO_free_all(out); | ||
| 1404 | in=NULL; | ||
| 1405 | out=NULL; | ||
| 1406 | if (rename(serialfile,buf[2]) < 0) | ||
| 1407 | { | ||
| 1408 | BIO_printf(bio_err,"unable to rename %s to %s\n", | ||
| 1409 | serialfile,buf[2]); | ||
| 1410 | perror("reason"); | ||
| 1411 | goto err; | ||
| 1412 | } | ||
| 1413 | if (rename(buf[0],serialfile) < 0) | ||
| 1414 | { | ||
| 1415 | BIO_printf(bio_err,"unable to rename %s to %s\n", | ||
| 1416 | buf[0],serialfile); | ||
| 1417 | perror("reason"); | ||
| 1418 | rename(buf[2],serialfile); | ||
| 1419 | goto err; | ||
| 1420 | } | ||
| 1421 | |||
| 1422 | strncpy(buf[2],dbfile,BSIZE-4); | ||
| 1423 | buf[2][BSIZE-4]='\0'; | ||
| 1424 | |||
| 1425 | #ifdef OPENSSL_SYS_VMS | ||
| 1426 | strcat(buf[2],"-old"); | ||
| 1427 | #else | ||
| 1428 | strcat(buf[2],".old"); | ||
| 1429 | #endif | ||
| 1430 | |||
| 1431 | if (rename(dbfile,buf[2]) < 0) | ||
| 1432 | { | ||
| 1433 | BIO_printf(bio_err,"unable to rename %s to %s\n", | ||
| 1434 | dbfile,buf[2]); | ||
| 1435 | perror("reason"); | ||
| 1436 | goto err; | ||
| 1437 | } | ||
| 1438 | if (rename(buf[1],dbfile) < 0) | ||
| 1439 | { | ||
| 1440 | BIO_printf(bio_err,"unable to rename %s to %s\n", | ||
| 1441 | buf[1],dbfile); | ||
| 1442 | perror("reason"); | ||
| 1443 | rename(buf[2],dbfile); | ||
| 1444 | goto err; | ||
| 1445 | } | ||
| 1446 | BIO_printf(bio_err,"Data Base Updated\n"); | 1311 | BIO_printf(bio_err,"Data Base Updated\n"); |
| 1447 | } | 1312 | } |
| 1448 | } | 1313 | } |
| @@ -1473,6 +1338,14 @@ bad: | |||
| 1473 | } | 1338 | } |
| 1474 | } | 1339 | } |
| 1475 | 1340 | ||
| 1341 | if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) | ||
| 1342 | != NULL) | ||
| 1343 | if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL) | ||
| 1344 | { | ||
| 1345 | BIO_printf(bio_err,"error while loading CRL number\n"); | ||
| 1346 | goto err; | ||
| 1347 | } | ||
| 1348 | |||
| 1476 | if (!crldays && !crlhours) | 1349 | if (!crldays && !crlhours) |
| 1477 | { | 1350 | { |
| 1478 | if (!NCONF_get_number(conf,section, | 1351 | if (!NCONF_get_number(conf,section, |
| @@ -1501,9 +1374,9 @@ bad: | |||
| 1501 | 1374 | ||
| 1502 | ASN1_TIME_free(tmptm); | 1375 | ASN1_TIME_free(tmptm); |
| 1503 | 1376 | ||
| 1504 | for (i=0; i<sk_num(db->data); i++) | 1377 | for (i=0; i<sk_num(db->db->data); i++) |
| 1505 | { | 1378 | { |
| 1506 | pp=(char **)sk_value(db->data,i); | 1379 | pp=(char **)sk_value(db->db->data,i); |
| 1507 | if (pp[DB_type][0] == DB_TYPE_REV) | 1380 | if (pp[DB_type][0] == DB_TYPE_REV) |
| 1508 | { | 1381 | { |
| 1509 | if ((r=X509_REVOKED_new()) == NULL) goto err; | 1382 | if ((r=X509_REVOKED_new()) == NULL) goto err; |
| @@ -1549,14 +1422,24 @@ bad: | |||
| 1549 | 1422 | ||
| 1550 | /* Add any extensions asked for */ | 1423 | /* Add any extensions asked for */ |
| 1551 | 1424 | ||
| 1552 | if (crl_ext) | 1425 | if (crl_ext || crlnumberfile != NULL) |
| 1553 | { | 1426 | { |
| 1554 | X509V3_CTX crlctx; | 1427 | X509V3_CTX crlctx; |
| 1555 | X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); | 1428 | X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); |
| 1556 | X509V3_set_nconf(&crlctx, conf); | 1429 | X509V3_set_nconf(&crlctx, conf); |
| 1557 | 1430 | ||
| 1558 | if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, | 1431 | if (crl_ext) |
| 1559 | crl_ext, crl)) goto err; | 1432 | if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, |
| 1433 | crl_ext, crl)) goto err; | ||
| 1434 | if (crlnumberfile != NULL) | ||
| 1435 | { | ||
| 1436 | tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); | ||
| 1437 | if (!tmpser) goto err; | ||
| 1438 | X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0); | ||
| 1439 | ASN1_INTEGER_free(tmpser); | ||
| 1440 | crl_v2 = 1; | ||
| 1441 | if (!BN_add_word(crlnumber,1)) goto err; | ||
| 1442 | } | ||
| 1560 | } | 1443 | } |
| 1561 | if (crl_ext || crl_v2) | 1444 | if (crl_ext || crl_v2) |
| 1562 | { | 1445 | { |
| @@ -1564,9 +1447,17 @@ bad: | |||
| 1564 | goto err; /* version 2 CRL */ | 1447 | goto err; /* version 2 CRL */ |
| 1565 | } | 1448 | } |
| 1566 | 1449 | ||
| 1450 | |||
| 1451 | if (crlnumberfile != NULL) /* we have a CRL number that need updating */ | ||
| 1452 | if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; | ||
| 1453 | |||
| 1567 | if (!X509_CRL_sign(crl,pkey,dgst)) goto err; | 1454 | if (!X509_CRL_sign(crl,pkey,dgst)) goto err; |
| 1568 | 1455 | ||
| 1569 | PEM_write_bio_X509_CRL(Sout,crl); | 1456 | PEM_write_bio_X509_CRL(Sout,crl); |
| 1457 | |||
| 1458 | if (crlnumberfile != NULL) /* Rename the crlnumber file */ | ||
| 1459 | if (!rotate_serial(crlnumberfile,"new","old")) goto err; | ||
| 1460 | |||
| 1570 | } | 1461 | } |
| 1571 | /*****************************************************************/ | 1462 | /*****************************************************************/ |
| 1572 | if (dorevoke) | 1463 | if (dorevoke) |
| @@ -1587,50 +1478,10 @@ bad: | |||
| 1587 | if (j <= 0) goto err; | 1478 | if (j <= 0) goto err; |
| 1588 | X509_free(revcert); | 1479 | X509_free(revcert); |
| 1589 | 1480 | ||
| 1590 | if(strlen(dbfile) > BSIZE-5) | 1481 | if (!save_index(dbfile, "new", db)) goto err; |
| 1591 | { | 1482 | |
| 1592 | BIO_printf(bio_err,"filename too long\n"); | 1483 | if (!rotate_index(dbfile, "new", "old")) goto err; |
| 1593 | goto err; | ||
| 1594 | } | ||
| 1595 | 1484 | ||
| 1596 | strcpy(buf[0],dbfile); | ||
| 1597 | #ifndef OPENSSL_SYS_VMS | ||
| 1598 | strcat(buf[0],".new"); | ||
| 1599 | #else | ||
| 1600 | strcat(buf[0],"-new"); | ||
| 1601 | #endif | ||
| 1602 | if (BIO_write_filename(out,buf[0]) <= 0) | ||
| 1603 | { | ||
| 1604 | perror(dbfile); | ||
| 1605 | BIO_printf(bio_err,"unable to open '%s'\n",dbfile); | ||
| 1606 | goto err; | ||
| 1607 | } | ||
| 1608 | j=TXT_DB_write(out,db); | ||
| 1609 | if (j <= 0) goto err; | ||
| 1610 | BIO_free_all(out); | ||
| 1611 | out = NULL; | ||
| 1612 | BIO_free_all(in); | ||
| 1613 | in = NULL; | ||
| 1614 | strncpy(buf[1],dbfile,BSIZE-4); | ||
| 1615 | buf[1][BSIZE-4]='\0'; | ||
| 1616 | #ifndef OPENSSL_SYS_VMS | ||
| 1617 | strcat(buf[1],".old"); | ||
| 1618 | #else | ||
| 1619 | strcat(buf[1],"-old"); | ||
| 1620 | #endif | ||
| 1621 | if (rename(dbfile,buf[1]) < 0) | ||
| 1622 | { | ||
| 1623 | BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); | ||
| 1624 | perror("reason"); | ||
| 1625 | goto err; | ||
| 1626 | } | ||
| 1627 | if (rename(buf[0],dbfile) < 0) | ||
| 1628 | { | ||
| 1629 | BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile); | ||
| 1630 | perror("reason"); | ||
| 1631 | rename(buf[1],dbfile); | ||
| 1632 | goto err; | ||
| 1633 | } | ||
| 1634 | BIO_printf(bio_err,"Data Base Updated\n"); | 1485 | BIO_printf(bio_err,"Data Base Updated\n"); |
| 1635 | } | 1486 | } |
| 1636 | } | 1487 | } |
| @@ -1652,7 +1503,7 @@ err: | |||
| 1652 | if (free_key && key) | 1503 | if (free_key && key) |
| 1653 | OPENSSL_free(key); | 1504 | OPENSSL_free(key); |
| 1654 | BN_free(serial); | 1505 | BN_free(serial); |
| 1655 | TXT_DB_free(db); | 1506 | free_index(db); |
| 1656 | EVP_PKEY_free(pkey); | 1507 | EVP_PKEY_free(pkey); |
| 1657 | X509_free(x509); | 1508 | X509_free(x509); |
| 1658 | X509_CRL_free(crl); | 1509 | X509_CRL_free(crl); |
| @@ -1667,106 +1518,8 @@ static void lookup_fail(char *name, char *tag) | |||
| 1667 | BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); | 1518 | BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); |
| 1668 | } | 1519 | } |
| 1669 | 1520 | ||
| 1670 | static unsigned long index_serial_hash(const char **a) | ||
| 1671 | { | ||
| 1672 | const char *n; | ||
| 1673 | |||
| 1674 | n=a[DB_serial]; | ||
| 1675 | while (*n == '0') n++; | ||
| 1676 | return(lh_strhash(n)); | ||
| 1677 | } | ||
| 1678 | |||
| 1679 | static int index_serial_cmp(const char **a, const char **b) | ||
| 1680 | { | ||
| 1681 | const char *aa,*bb; | ||
| 1682 | |||
| 1683 | for (aa=a[DB_serial]; *aa == '0'; aa++); | ||
| 1684 | for (bb=b[DB_serial]; *bb == '0'; bb++); | ||
| 1685 | return(strcmp(aa,bb)); | ||
| 1686 | } | ||
| 1687 | |||
| 1688 | static unsigned long index_name_hash(const char **a) | ||
| 1689 | { return(lh_strhash(a[DB_name])); } | ||
| 1690 | |||
| 1691 | static int index_name_qual(char **a) | ||
| 1692 | { return(a[0][0] == 'V'); } | ||
| 1693 | |||
| 1694 | static int index_name_cmp(const char **a, const char **b) | ||
| 1695 | { return(strcmp(a[DB_name], | ||
| 1696 | b[DB_name])); } | ||
| 1697 | |||
| 1698 | static BIGNUM *load_serial(char *serialfile) | ||
| 1699 | { | ||
| 1700 | BIO *in=NULL; | ||
| 1701 | BIGNUM *ret=NULL; | ||
| 1702 | MS_STATIC char buf[1024]; | ||
| 1703 | ASN1_INTEGER *ai=NULL; | ||
| 1704 | |||
| 1705 | if ((in=BIO_new(BIO_s_file())) == NULL) | ||
| 1706 | { | ||
| 1707 | ERR_print_errors(bio_err); | ||
| 1708 | goto err; | ||
| 1709 | } | ||
| 1710 | |||
| 1711 | if (BIO_read_filename(in,serialfile) <= 0) | ||
| 1712 | { | ||
| 1713 | perror(serialfile); | ||
| 1714 | goto err; | ||
| 1715 | } | ||
| 1716 | ai=ASN1_INTEGER_new(); | ||
| 1717 | if (ai == NULL) goto err; | ||
| 1718 | if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) | ||
| 1719 | { | ||
| 1720 | BIO_printf(bio_err,"unable to load number from %s\n", | ||
| 1721 | serialfile); | ||
| 1722 | goto err; | ||
| 1723 | } | ||
| 1724 | ret=ASN1_INTEGER_to_BN(ai,NULL); | ||
| 1725 | if (ret == NULL) | ||
| 1726 | { | ||
| 1727 | BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); | ||
| 1728 | goto err; | ||
| 1729 | } | ||
| 1730 | err: | ||
| 1731 | if (in != NULL) BIO_free(in); | ||
| 1732 | if (ai != NULL) ASN1_INTEGER_free(ai); | ||
| 1733 | return(ret); | ||
| 1734 | } | ||
| 1735 | |||
| 1736 | static int save_serial(char *serialfile, BIGNUM *serial) | ||
| 1737 | { | ||
| 1738 | BIO *out; | ||
| 1739 | int ret=0; | ||
| 1740 | ASN1_INTEGER *ai=NULL; | ||
| 1741 | |||
| 1742 | out=BIO_new(BIO_s_file()); | ||
| 1743 | if (out == NULL) | ||
| 1744 | { | ||
| 1745 | ERR_print_errors(bio_err); | ||
| 1746 | goto err; | ||
| 1747 | } | ||
| 1748 | if (BIO_write_filename(out,serialfile) <= 0) | ||
| 1749 | { | ||
| 1750 | perror(serialfile); | ||
| 1751 | goto err; | ||
| 1752 | } | ||
| 1753 | |||
| 1754 | if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) | ||
| 1755 | { | ||
| 1756 | BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); | ||
| 1757 | goto err; | ||
| 1758 | } | ||
| 1759 | i2a_ASN1_INTEGER(out,ai); | ||
| 1760 | BIO_puts(out,"\n"); | ||
| 1761 | ret=1; | ||
| 1762 | err: | ||
| 1763 | if (out != NULL) BIO_free_all(out); | ||
| 1764 | if (ai != NULL) ASN1_INTEGER_free(ai); | ||
| 1765 | return(ret); | ||
| 1766 | } | ||
| 1767 | |||
| 1768 | static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 1521 | static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
| 1769 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, | 1522 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
| 1770 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, | 1523 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, |
| 1771 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, | 1524 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, |
| 1772 | unsigned long certopt, unsigned long nameopt, int default_op, | 1525 | unsigned long certopt, unsigned long nameopt, int default_op, |
| @@ -1828,7 +1581,7 @@ err: | |||
| 1828 | } | 1581 | } |
| 1829 | 1582 | ||
| 1830 | static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 1583 | static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
| 1831 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, | 1584 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
| 1832 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, | 1585 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, |
| 1833 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, | 1586 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, |
| 1834 | unsigned long certopt, unsigned long nameopt, int default_op, | 1587 | unsigned long certopt, unsigned long nameopt, int default_op, |
| @@ -1882,7 +1635,7 @@ err: | |||
| 1882 | } | 1635 | } |
| 1883 | 1636 | ||
| 1884 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | 1637 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, |
| 1885 | STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, | 1638 | STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
| 1886 | int email_dn, char *startdate, char *enddate, long days, int batch, | 1639 | int email_dn, char *startdate, char *enddate, long days, int batch, |
| 1887 | int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, | 1640 | int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, |
| 1888 | unsigned long certopt, unsigned long nameopt, int default_op, | 1641 | unsigned long certopt, unsigned long nameopt, int default_op, |
| @@ -1900,7 +1653,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1900 | int ok= -1,i,j,last,nid; | 1653 | int ok= -1,i,j,last,nid; |
| 1901 | char *p; | 1654 | char *p; |
| 1902 | CONF_VALUE *cv; | 1655 | CONF_VALUE *cv; |
| 1903 | char *row[DB_NUMBER],**rrow,**irow=NULL; | 1656 | char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; |
| 1904 | char buf[25]; | 1657 | char buf[25]; |
| 1905 | 1658 | ||
| 1906 | tmptm=ASN1_UTCTIME_new(); | 1659 | tmptm=ASN1_UTCTIME_new(); |
| @@ -2137,15 +1890,19 @@ again2: | |||
| 2137 | goto err; | 1890 | goto err; |
| 2138 | } | 1891 | } |
| 2139 | 1892 | ||
| 2140 | rrow=TXT_DB_get_by_index(db,DB_name,row); | 1893 | if (db->attributes.unique_subject) |
| 2141 | if (rrow != NULL) | ||
| 2142 | { | 1894 | { |
| 2143 | BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", | 1895 | rrow=TXT_DB_get_by_index(db->db,DB_name,row); |
| 2144 | row[DB_name]); | 1896 | if (rrow != NULL) |
| 1897 | { | ||
| 1898 | BIO_printf(bio_err, | ||
| 1899 | "ERROR:There is already a certificate for %s\n", | ||
| 1900 | row[DB_name]); | ||
| 1901 | } | ||
| 2145 | } | 1902 | } |
| 2146 | else | 1903 | if (rrow == NULL) |
| 2147 | { | 1904 | { |
| 2148 | rrow=TXT_DB_get_by_index(db,DB_serial,row); | 1905 | rrow=TXT_DB_get_by_index(db->db,DB_serial,row); |
| 2149 | if (rrow != NULL) | 1906 | if (rrow != NULL) |
| 2150 | { | 1907 | { |
| 2151 | BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", | 1908 | BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", |
| @@ -2352,7 +2109,7 @@ again2: | |||
| 2352 | BIO_printf(bio_err,"Memory allocation failure\n"); | 2109 | BIO_printf(bio_err,"Memory allocation failure\n"); |
| 2353 | goto err; | 2110 | goto err; |
| 2354 | } | 2111 | } |
| 2355 | strcpy(row[DB_file],"unknown"); | 2112 | BUF_strlcpy(row[DB_file],"unknown",8); |
| 2356 | row[DB_type][0]='V'; | 2113 | row[DB_type][0]='V'; |
| 2357 | row[DB_type][1]='\0'; | 2114 | row[DB_type][1]='\0'; |
| 2358 | 2115 | ||
| @@ -2369,10 +2126,10 @@ again2: | |||
| 2369 | } | 2126 | } |
| 2370 | irow[DB_NUMBER]=NULL; | 2127 | irow[DB_NUMBER]=NULL; |
| 2371 | 2128 | ||
| 2372 | if (!TXT_DB_insert(db,irow)) | 2129 | if (!TXT_DB_insert(db->db,irow)) |
| 2373 | { | 2130 | { |
| 2374 | BIO_printf(bio_err,"failed to update database\n"); | 2131 | BIO_printf(bio_err,"failed to update database\n"); |
| 2375 | BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); | 2132 | BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); |
| 2376 | goto err; | 2133 | goto err; |
| 2377 | } | 2134 | } |
| 2378 | ok=1; | 2135 | ok=1; |
| @@ -2423,7 +2180,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) | |||
| 2423 | } | 2180 | } |
| 2424 | 2181 | ||
| 2425 | static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 2182 | static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
| 2426 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, | 2183 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
| 2427 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, | 2184 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, |
| 2428 | long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, | 2185 | long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, |
| 2429 | unsigned long nameopt, int default_op, int ext_copy) | 2186 | unsigned long nameopt, int default_op, int ext_copy) |
| @@ -2602,7 +2359,7 @@ static int check_time_format(char *str) | |||
| 2602 | return(ASN1_UTCTIME_check(&tm)); | 2359 | return(ASN1_UTCTIME_check(&tm)); |
| 2603 | } | 2360 | } |
| 2604 | 2361 | ||
| 2605 | static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) | 2362 | static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) |
| 2606 | { | 2363 | { |
| 2607 | ASN1_UTCTIME *tm=NULL; | 2364 | ASN1_UTCTIME *tm=NULL; |
| 2608 | char *row[DB_NUMBER],**rrow,**irow; | 2365 | char *row[DB_NUMBER],**rrow,**irow; |
| @@ -2627,10 +2384,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) | |||
| 2627 | /* We have to lookup by serial number because name lookup | 2384 | /* We have to lookup by serial number because name lookup |
| 2628 | * skips revoked certs | 2385 | * skips revoked certs |
| 2629 | */ | 2386 | */ |
| 2630 | rrow=TXT_DB_get_by_index(db,DB_serial,row); | 2387 | rrow=TXT_DB_get_by_index(db->db,DB_serial,row); |
| 2631 | if (rrow == NULL) | 2388 | if (rrow == NULL) |
| 2632 | { | 2389 | { |
| 2633 | BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); | 2390 | BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]); |
| 2634 | 2391 | ||
| 2635 | /* We now just add it to the database */ | 2392 | /* We now just add it to the database */ |
| 2636 | row[DB_type]=(char *)OPENSSL_malloc(2); | 2393 | row[DB_type]=(char *)OPENSSL_malloc(2); |
| @@ -2653,7 +2410,7 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) | |||
| 2653 | BIO_printf(bio_err,"Memory allocation failure\n"); | 2410 | BIO_printf(bio_err,"Memory allocation failure\n"); |
| 2654 | goto err; | 2411 | goto err; |
| 2655 | } | 2412 | } |
| 2656 | strcpy(row[DB_file],"unknown"); | 2413 | BUF_strlcpy(row[DB_file],"unknown",8); |
| 2657 | row[DB_type][0]='V'; | 2414 | row[DB_type][0]='V'; |
| 2658 | row[DB_type][1]='\0'; | 2415 | row[DB_type][1]='\0'; |
| 2659 | 2416 | ||
| @@ -2670,10 +2427,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) | |||
| 2670 | } | 2427 | } |
| 2671 | irow[DB_NUMBER]=NULL; | 2428 | irow[DB_NUMBER]=NULL; |
| 2672 | 2429 | ||
| 2673 | if (!TXT_DB_insert(db,irow)) | 2430 | if (!TXT_DB_insert(db->db,irow)) |
| 2674 | { | 2431 | { |
| 2675 | BIO_printf(bio_err,"failed to update database\n"); | 2432 | BIO_printf(bio_err,"failed to update database\n"); |
| 2676 | BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); | 2433 | BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); |
| 2677 | goto err; | 2434 | goto err; |
| 2678 | } | 2435 | } |
| 2679 | 2436 | ||
| @@ -2718,7 +2475,7 @@ err: | |||
| 2718 | return(ok); | 2475 | return(ok); |
| 2719 | } | 2476 | } |
| 2720 | 2477 | ||
| 2721 | static int get_certificate_status(const char *serial, TXT_DB *db) | 2478 | static int get_certificate_status(const char *serial, CA_DB *db) |
| 2722 | { | 2479 | { |
| 2723 | char *row[DB_NUMBER],**rrow; | 2480 | char *row[DB_NUMBER],**rrow; |
| 2724 | int ok=-1,i; | 2481 | int ok=-1,i; |
| @@ -2759,7 +2516,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db) | |||
| 2759 | ok=1; | 2516 | ok=1; |
| 2760 | 2517 | ||
| 2761 | /* Search for the certificate */ | 2518 | /* Search for the certificate */ |
| 2762 | rrow=TXT_DB_get_by_index(db,DB_serial,row); | 2519 | rrow=TXT_DB_get_by_index(db->db,DB_serial,row); |
| 2763 | if (rrow == NULL) | 2520 | if (rrow == NULL) |
| 2764 | { | 2521 | { |
| 2765 | BIO_printf(bio_err,"Serial %s not present in db.\n", | 2522 | BIO_printf(bio_err,"Serial %s not present in db.\n", |
| @@ -2806,7 +2563,7 @@ err: | |||
| 2806 | return(ok); | 2563 | return(ok); |
| 2807 | } | 2564 | } |
| 2808 | 2565 | ||
| 2809 | static int do_updatedb (TXT_DB *db) | 2566 | static int do_updatedb (CA_DB *db) |
| 2810 | { | 2567 | { |
| 2811 | ASN1_UTCTIME *a_tm = NULL; | 2568 | ASN1_UTCTIME *a_tm = NULL; |
| 2812 | int i, cnt = 0; | 2569 | int i, cnt = 0; |
| @@ -2832,9 +2589,9 @@ static int do_updatedb (TXT_DB *db) | |||
| 2832 | else | 2589 | else |
| 2833 | a_y2k = 0; | 2590 | a_y2k = 0; |
| 2834 | 2591 | ||
| 2835 | for (i = 0; i < sk_num(db->data); i++) | 2592 | for (i = 0; i < sk_num(db->db->data); i++) |
| 2836 | { | 2593 | { |
| 2837 | rrow = (char **) sk_value(db->data, i); | 2594 | rrow = (char **) sk_value(db->db->data, i); |
| 2838 | 2595 | ||
| 2839 | if (rrow[DB_type][0] == 'V') | 2596 | if (rrow[DB_type][0] == 'V') |
| 2840 | { | 2597 | { |
| @@ -2977,16 +2734,16 @@ char *make_revocation_str(int rev_type, char *rev_arg) | |||
| 2977 | 2734 | ||
| 2978 | if (!str) return NULL; | 2735 | if (!str) return NULL; |
| 2979 | 2736 | ||
| 2980 | strcpy(str, (char *)revtm->data); | 2737 | BUF_strlcpy(str, (char *)revtm->data, i); |
| 2981 | if (reason) | 2738 | if (reason) |
| 2982 | { | 2739 | { |
| 2983 | strcat(str, ","); | 2740 | BUF_strlcat(str, ",", i); |
| 2984 | strcat(str, reason); | 2741 | BUF_strlcat(str, reason, i); |
| 2985 | } | 2742 | } |
| 2986 | if (other) | 2743 | if (other) |
| 2987 | { | 2744 | { |
| 2988 | strcat(str, ","); | 2745 | BUF_strlcat(str, ",", i); |
| 2989 | strcat(str, other); | 2746 | BUF_strlcat(str, other, i); |
| 2990 | } | 2747 | } |
| 2991 | ASN1_UTCTIME_free(revtm); | 2748 | ASN1_UTCTIME_free(revtm); |
| 2992 | return str; | 2749 | return str; |
| @@ -3321,17 +3078,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G | |||
| 3321 | 3078 | ||
| 3322 | return ret; | 3079 | return ret; |
| 3323 | } | 3080 | } |
| 3324 | |||
| 3325 | int make_serial_index(TXT_DB *db) | ||
| 3326 | { | ||
| 3327 | if (!TXT_DB_create_index(db, DB_serial, NULL, | ||
| 3328 | LHASH_HASH_FN(index_serial_hash), | ||
| 3329 | LHASH_COMP_FN(index_serial_cmp))) | ||
| 3330 | { | ||
| 3331 | BIO_printf(bio_err, | ||
| 3332 | "error creating serial number index:(%ld,%ld,%ld)\n", | ||
| 3333 | db->error,db->arg1,db->arg2); | ||
| 3334 | return 0; | ||
| 3335 | } | ||
| 3336 | return 1; | ||
| 3337 | } | ||
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c index 47d1309b14..be25dafef7 100644 --- a/src/lib/libssl/src/apps/dgst.c +++ b/src/lib/libssl/src/apps/dgst.c | |||
| @@ -347,8 +347,9 @@ int MAIN(int argc, char **argv) | |||
| 347 | } | 347 | } |
| 348 | if(!out_bin) | 348 | if(!out_bin) |
| 349 | { | 349 | { |
| 350 | tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5); | 350 | size_t len = strlen(name)+strlen(argv[i])+5; |
| 351 | sprintf(tmp,"%s(%s)= ",name,argv[i]); | 351 | tmp=tofree=OPENSSL_malloc(len); |
| 352 | BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]); | ||
| 352 | } | 353 | } |
| 353 | else | 354 | else |
| 354 | tmp=""; | 355 | tmp=""; |
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c index 0a9f7310bf..30378a9542 100644 --- a/src/lib/libssl/src/apps/enc.c +++ b/src/lib/libssl/src/apps/enc.c | |||
| @@ -373,9 +373,9 @@ bad: | |||
| 373 | { | 373 | { |
| 374 | char buf[200]; | 374 | char buf[200]; |
| 375 | 375 | ||
| 376 | sprintf(buf,"enter %s %s password:", | 376 | BIO_snprintf(buf,sizeof buf,"enter %s %s password:", |
| 377 | OBJ_nid2ln(EVP_CIPHER_nid(cipher)), | 377 | OBJ_nid2ln(EVP_CIPHER_nid(cipher)), |
| 378 | (enc)?"encryption":"decryption"); | 378 | (enc)?"encryption":"decryption"); |
| 379 | strbuf[0]='\0'; | 379 | strbuf[0]='\0'; |
| 380 | i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); | 380 | i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); |
| 381 | if (i == 0) | 381 | if (i == 0) |
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c index c3e1e8de1c..12283d0aed 100644 --- a/src/lib/libssl/src/apps/engine.c +++ b/src/lib/libssl/src/apps/engine.c | |||
| @@ -122,8 +122,8 @@ static int append_buf(char **buf, const char *s, int *size, int step) | |||
| 122 | return 0; | 122 | return 0; |
| 123 | 123 | ||
| 124 | if (**buf != '\0') | 124 | if (**buf != '\0') |
| 125 | strcat(*buf, ", "); | 125 | BUF_strlcat(*buf, ", ", *size); |
| 126 | strcat(*buf, s); | 126 | BUF_strlcat(*buf, s, *size); |
| 127 | 127 | ||
| 128 | return 1; | 128 | return 1; |
| 129 | } | 129 | } |
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c index e5f186fd5e..856b797b53 100644 --- a/src/lib/libssl/src/apps/ocsp.c +++ b/src/lib/libssl/src/apps/ocsp.c | |||
| @@ -68,19 +68,6 @@ | |||
| 68 | /* Maximum leeway in validity period: default 5 minutes */ | 68 | /* Maximum leeway in validity period: default 5 minutes */ |
| 69 | #define MAX_VALIDITY_PERIOD (5 * 60) | 69 | #define MAX_VALIDITY_PERIOD (5 * 60) |
| 70 | 70 | ||
| 71 | /* CA index.txt definitions */ | ||
| 72 | #define DB_type 0 | ||
| 73 | #define DB_exp_date 1 | ||
| 74 | #define DB_rev_date 2 | ||
| 75 | #define DB_serial 3 /* index - unique */ | ||
| 76 | #define DB_file 4 | ||
| 77 | #define DB_name 5 /* index - unique for active */ | ||
| 78 | #define DB_NUMBER 6 | ||
| 79 | |||
| 80 | #define DB_TYPE_REV 'R' | ||
| 81 | #define DB_TYPE_EXP 'E' | ||
| 82 | #define DB_TYPE_VAL 'V' | ||
| 83 | |||
| 84 | static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, | 71 | static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, |
| 85 | STACK_OF(OCSP_CERTID) *ids); | 72 | STACK_OF(OCSP_CERTID) *ids); |
| 86 | static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, | 73 | static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, |
| @@ -89,12 +76,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, | |||
| 89 | STACK *names, STACK_OF(OCSP_CERTID) *ids, | 76 | STACK *names, STACK_OF(OCSP_CERTID) *ids, |
| 90 | long nsec, long maxage); | 77 | long nsec, long maxage); |
| 91 | 78 | ||
| 92 | static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, | 79 | static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, |
| 93 | X509 *ca, X509 *rcert, EVP_PKEY *rkey, | 80 | X509 *ca, X509 *rcert, EVP_PKEY *rkey, |
| 94 | STACK_OF(X509) *rother, unsigned long flags, | 81 | STACK_OF(X509) *rother, unsigned long flags, |
| 95 | int nmin, int ndays); | 82 | int nmin, int ndays); |
| 96 | 83 | ||
| 97 | static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser); | 84 | static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); |
| 98 | static BIO *init_responder(char *port); | 85 | static BIO *init_responder(char *port); |
| 99 | static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); | 86 | static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); |
| 100 | static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); | 87 | static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); |
| @@ -143,7 +130,7 @@ int MAIN(int argc, char **argv) | |||
| 143 | X509 *rca_cert = NULL; | 130 | X509 *rca_cert = NULL; |
| 144 | char *ridx_filename = NULL; | 131 | char *ridx_filename = NULL; |
| 145 | char *rca_filename = NULL; | 132 | char *rca_filename = NULL; |
| 146 | TXT_DB *rdb = NULL; | 133 | CA_DB *rdb = NULL; |
| 147 | int nmin = 0, ndays = -1; | 134 | int nmin = 0, ndays = -1; |
| 148 | 135 | ||
| 149 | if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); | 136 | if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); |
| @@ -700,22 +687,9 @@ int MAIN(int argc, char **argv) | |||
| 700 | 687 | ||
| 701 | if (ridx_filename && !rdb) | 688 | if (ridx_filename && !rdb) |
| 702 | { | 689 | { |
| 703 | BIO *db_bio = NULL; | 690 | rdb = load_index(ridx_filename, NULL); |
| 704 | db_bio = BIO_new_file(ridx_filename, "r"); | 691 | if (!rdb) goto end; |
| 705 | if (!db_bio) | 692 | if (!index_index(rdb)) goto end; |
| 706 | { | ||
| 707 | BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename); | ||
| 708 | goto end; | ||
| 709 | } | ||
| 710 | rdb = TXT_DB_read(db_bio, DB_NUMBER); | ||
| 711 | BIO_free(db_bio); | ||
| 712 | if (!rdb) | ||
| 713 | { | ||
| 714 | BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename); | ||
| 715 | goto end; | ||
| 716 | } | ||
| 717 | if (!make_serial_index(rdb)) | ||
| 718 | goto end; | ||
| 719 | } | 693 | } |
| 720 | 694 | ||
| 721 | if (rdb) | 695 | if (rdb) |
| @@ -899,7 +873,7 @@ end: | |||
| 899 | X509_free(cert); | 873 | X509_free(cert); |
| 900 | X509_free(rsigner); | 874 | X509_free(rsigner); |
| 901 | X509_free(rca_cert); | 875 | X509_free(rca_cert); |
| 902 | TXT_DB_free(rdb); | 876 | free_index(rdb); |
| 903 | BIO_free_all(cbio); | 877 | BIO_free_all(cbio); |
| 904 | BIO_free_all(acbio); | 878 | BIO_free_all(acbio); |
| 905 | BIO_free(out); | 879 | BIO_free(out); |
| @@ -1041,7 +1015,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, | |||
| 1041 | } | 1015 | } |
| 1042 | 1016 | ||
| 1043 | 1017 | ||
| 1044 | static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, | 1018 | static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, |
| 1045 | X509 *ca, X509 *rcert, EVP_PKEY *rkey, | 1019 | X509 *ca, X509 *rcert, EVP_PKEY *rkey, |
| 1046 | STACK_OF(X509) *rother, unsigned long flags, | 1020 | STACK_OF(X509) *rother, unsigned long flags, |
| 1047 | int nmin, int ndays) | 1021 | int nmin, int ndays) |
| @@ -1133,7 +1107,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *d | |||
| 1133 | 1107 | ||
| 1134 | } | 1108 | } |
| 1135 | 1109 | ||
| 1136 | static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) | 1110 | static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) |
| 1137 | { | 1111 | { |
| 1138 | int i; | 1112 | int i; |
| 1139 | BIGNUM *bn = NULL; | 1113 | BIGNUM *bn = NULL; |
| @@ -1146,7 +1120,7 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) | |||
| 1146 | itmp = BN_bn2hex(bn); | 1120 | itmp = BN_bn2hex(bn); |
| 1147 | row[DB_serial] = itmp; | 1121 | row[DB_serial] = itmp; |
| 1148 | BN_free(bn); | 1122 | BN_free(bn); |
| 1149 | rrow=TXT_DB_get_by_index(db,DB_serial,row); | 1123 | rrow=TXT_DB_get_by_index(db->db,DB_serial,row); |
| 1150 | OPENSSL_free(itmp); | 1124 | OPENSSL_free(itmp); |
| 1151 | return rrow; | 1125 | return rrow; |
| 1152 | } | 1126 | } |
diff --git a/src/lib/libssl/src/apps/openssl.cnf b/src/lib/libssl/src/apps/openssl.cnf index eca51c3322..854d1f164e 100644 --- a/src/lib/libssl/src/apps/openssl.cnf +++ b/src/lib/libssl/src/apps/openssl.cnf | |||
| @@ -38,10 +38,14 @@ dir = ./demoCA # Where everything is kept | |||
| 38 | certs = $dir/certs # Where the issued certs are kept | 38 | certs = $dir/certs # Where the issued certs are kept |
| 39 | crl_dir = $dir/crl # Where the issued crl are kept | 39 | crl_dir = $dir/crl # Where the issued crl are kept |
| 40 | database = $dir/index.txt # database index file. | 40 | database = $dir/index.txt # database index file. |
| 41 | #unique_subject = no # Set to 'no' to allow creation of | ||
| 42 | # several ctificates with same subject. | ||
| 41 | new_certs_dir = $dir/newcerts # default place for new certs. | 43 | new_certs_dir = $dir/newcerts # default place for new certs. |
| 42 | 44 | ||
| 43 | certificate = $dir/cacert.pem # The CA certificate | 45 | certificate = $dir/cacert.pem # The CA certificate |
| 44 | serial = $dir/serial # The current serial number | 46 | serial = $dir/serial # The current serial number |
| 47 | #crlnumber = $dir/crlnumber # the current crl number | ||
| 48 | # must be commented out to leave a V1 CRL | ||
| 45 | crl = $dir/crl.pem # The current CRL | 49 | crl = $dir/crl.pem # The current CRL |
| 46 | private_key = $dir/private/cakey.pem# The private key | 50 | private_key = $dir/private/cakey.pem# The private key |
| 47 | RANDFILE = $dir/private/.rand # private random number file | 51 | RANDFILE = $dir/private/.rand # private random number file |
| @@ -58,6 +62,7 @@ cert_opt = ca_default # Certificate field options | |||
| 58 | 62 | ||
| 59 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs | 63 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs |
| 60 | # so this is commented out by default to leave a V1 CRL. | 64 | # so this is commented out by default to leave a V1 CRL. |
| 65 | # crlnumber must also be commented out to leave a V1 CRL. | ||
| 61 | # crl_extensions = crl_ext | 66 | # crl_extensions = crl_ext |
| 62 | 67 | ||
| 63 | default_days = 365 # how long to certify for | 68 | default_days = 365 # how long to certify for |
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c index 5136acdc57..71192bdf74 100644 --- a/src/lib/libssl/src/apps/pkcs12.c +++ b/src/lib/libssl/src/apps/pkcs12.c | |||
| @@ -557,7 +557,7 @@ int MAIN(int argc, char **argv) | |||
| 557 | BIO_printf (bio_err, "Can't read Password\n"); | 557 | BIO_printf (bio_err, "Can't read Password\n"); |
| 558 | goto export_end; | 558 | goto export_end; |
| 559 | } | 559 | } |
| 560 | if (!twopass) strcpy(macpass, pass); | 560 | if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); |
| 561 | /* Turn certbags into encrypted authsafe */ | 561 | /* Turn certbags into encrypted authsafe */ |
| 562 | authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, | 562 | authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, |
| 563 | iter, bags); | 563 | iter, bags); |
| @@ -658,7 +658,7 @@ int MAIN(int argc, char **argv) | |||
| 658 | CRYPTO_pop_info(); | 658 | CRYPTO_pop_info(); |
| 659 | #endif | 659 | #endif |
| 660 | 660 | ||
| 661 | if (!twopass) strcpy(macpass, pass); | 661 | if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); |
| 662 | 662 | ||
| 663 | if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); | 663 | if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); |
| 664 | if(macver) { | 664 | if(macver) { |
diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c index 6c58c67eb2..da4dbe7a07 100644 --- a/src/lib/libssl/src/apps/pkcs7.c +++ b/src/lib/libssl/src/apps/pkcs7.c | |||
| @@ -102,6 +102,9 @@ int MAIN(int argc, char **argv) | |||
| 102 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 102 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
| 103 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); | 103 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
| 104 | 104 | ||
| 105 | if (!load_config(bio_err, NULL)) | ||
| 106 | goto end; | ||
| 107 | |||
| 105 | infile=NULL; | 108 | infile=NULL; |
| 106 | outfile=NULL; | 109 | outfile=NULL; |
| 107 | informat=FORMAT_PEM; | 110 | informat=FORMAT_PEM; |
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c index 5f6ec3d339..1a3d1d0dfa 100644 --- a/src/lib/libssl/src/apps/req.c +++ b/src/lib/libssl/src/apps/req.c | |||
| @@ -824,7 +824,7 @@ loop: | |||
| 824 | if ((x509ss=X509_new()) == NULL) goto end; | 824 | if ((x509ss=X509_new()) == NULL) goto end; |
| 825 | 825 | ||
| 826 | /* Set version to V3 */ | 826 | /* Set version to V3 */ |
| 827 | if(!X509_set_version(x509ss, 2)) goto end; | 827 | if(extensions && !X509_set_version(x509ss, 2)) goto end; |
| 828 | if (serial) | 828 | if (serial) |
| 829 | { | 829 | { |
| 830 | if (!X509_set_serialNumber(x509ss, serial)) goto end; | 830 | if (!X509_set_serialNumber(x509ss, serial)) goto end; |
| @@ -1223,34 +1223,34 @@ start: for (;;) | |||
| 1223 | } | 1223 | } |
| 1224 | /* If OBJ not recognised ignore it */ | 1224 | /* If OBJ not recognised ignore it */ |
| 1225 | if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; | 1225 | if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; |
| 1226 | 1226 | if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name) | |
| 1227 | if(strlen(v->name) > sizeof buf-9) | 1227 | >= sizeof buf) |
| 1228 | { | 1228 | { |
| 1229 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); | 1229 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); |
| 1230 | return 0; | 1230 | return 0; |
| 1231 | } | 1231 | } |
| 1232 | 1232 | ||
| 1233 | sprintf(buf,"%s_default",v->name); | ||
| 1234 | if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) | 1233 | if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) |
| 1235 | { | 1234 | { |
| 1236 | ERR_clear_error(); | 1235 | ERR_clear_error(); |
| 1237 | def=""; | 1236 | def=""; |
| 1238 | } | 1237 | } |
| 1239 | sprintf(buf,"%s_value",v->name); | 1238 | |
| 1239 | BIO_snprintf(buf,sizeof buf,"%s_value",v->name); | ||
| 1240 | if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) | 1240 | if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) |
| 1241 | { | 1241 | { |
| 1242 | ERR_clear_error(); | 1242 | ERR_clear_error(); |
| 1243 | value=NULL; | 1243 | value=NULL; |
| 1244 | } | 1244 | } |
| 1245 | 1245 | ||
| 1246 | sprintf(buf,"%s_min",v->name); | 1246 | BIO_snprintf(buf,sizeof buf,"%s_min",v->name); |
| 1247 | if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) | 1247 | if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) |
| 1248 | { | 1248 | { |
| 1249 | ERR_clear_error(); | 1249 | ERR_clear_error(); |
| 1250 | n_min = -1; | 1250 | n_min = -1; |
| 1251 | } | 1251 | } |
| 1252 | 1252 | ||
| 1253 | sprintf(buf,"%s_max",v->name); | 1253 | BIO_snprintf(buf,sizeof buf,"%s_max",v->name); |
| 1254 | if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) | 1254 | if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) |
| 1255 | { | 1255 | { |
| 1256 | ERR_clear_error(); | 1256 | ERR_clear_error(); |
| @@ -1288,13 +1288,13 @@ start2: for (;;) | |||
| 1288 | if ((nid=OBJ_txt2nid(type)) == NID_undef) | 1288 | if ((nid=OBJ_txt2nid(type)) == NID_undef) |
| 1289 | goto start2; | 1289 | goto start2; |
| 1290 | 1290 | ||
| 1291 | if(strlen(v->name) > sizeof buf-9) | 1291 | if (BIO_snprintf(buf,sizeof buf,"%s_default",type) |
| 1292 | >= sizeof buf) | ||
| 1292 | { | 1293 | { |
| 1293 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); | 1294 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); |
| 1294 | return 0; | 1295 | return 0; |
| 1295 | } | 1296 | } |
| 1296 | 1297 | ||
| 1297 | sprintf(buf,"%s_default",type); | ||
| 1298 | if ((def=NCONF_get_string(req_conf,attr_sect,buf)) | 1298 | if ((def=NCONF_get_string(req_conf,attr_sect,buf)) |
| 1299 | == NULL) | 1299 | == NULL) |
| 1300 | { | 1300 | { |
| @@ -1303,7 +1303,7 @@ start2: for (;;) | |||
| 1303 | } | 1303 | } |
| 1304 | 1304 | ||
| 1305 | 1305 | ||
| 1306 | sprintf(buf,"%s_value",type); | 1306 | BIO_snprintf(buf,sizeof buf,"%s_value",type); |
| 1307 | if ((value=NCONF_get_string(req_conf,attr_sect,buf)) | 1307 | if ((value=NCONF_get_string(req_conf,attr_sect,buf)) |
| 1308 | == NULL) | 1308 | == NULL) |
| 1309 | { | 1309 | { |
| @@ -1311,11 +1311,11 @@ start2: for (;;) | |||
| 1311 | value=NULL; | 1311 | value=NULL; |
| 1312 | } | 1312 | } |
| 1313 | 1313 | ||
| 1314 | sprintf(buf,"%s_min",type); | 1314 | BIO_snprintf(buf,sizeof buf,"%s_min",type); |
| 1315 | if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) | 1315 | if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) |
| 1316 | n_min = -1; | 1316 | n_min = -1; |
| 1317 | 1317 | ||
| 1318 | sprintf(buf,"%s_max",type); | 1318 | BIO_snprintf(buf,sizeof buf,"%s_max",type); |
| 1319 | if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) | 1319 | if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) |
| 1320 | n_max = -1; | 1320 | n_max = -1; |
| 1321 | 1321 | ||
| @@ -1397,9 +1397,8 @@ start: | |||
| 1397 | (void)BIO_flush(bio_err); | 1397 | (void)BIO_flush(bio_err); |
| 1398 | if(value != NULL) | 1398 | if(value != NULL) |
| 1399 | { | 1399 | { |
| 1400 | OPENSSL_assert(strlen(value) < sizeof buf-2); | 1400 | BUF_strlcpy(buf,value,sizeof buf); |
| 1401 | strcpy(buf,value); | 1401 | BUF_strlcat(buf,"\n",sizeof buf); |
| 1402 | strcat(buf,"\n"); | ||
| 1403 | BIO_printf(bio_err,"%s\n",value); | 1402 | BIO_printf(bio_err,"%s\n",value); |
| 1404 | } | 1403 | } |
| 1405 | else | 1404 | else |
| @@ -1421,8 +1420,8 @@ start: | |||
| 1421 | { | 1420 | { |
| 1422 | if ((def == NULL) || (def[0] == '\0')) | 1421 | if ((def == NULL) || (def[0] == '\0')) |
| 1423 | return(1); | 1422 | return(1); |
| 1424 | strcpy(buf,def); | 1423 | BUF_strlcpy(buf,def,sizeof buf); |
| 1425 | strcat(buf,"\n"); | 1424 | BUF_strlcat(buf,"\n",sizeof buf); |
| 1426 | } | 1425 | } |
| 1427 | else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); | 1426 | else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); |
| 1428 | 1427 | ||
| @@ -1456,9 +1455,8 @@ start: | |||
| 1456 | (void)BIO_flush(bio_err); | 1455 | (void)BIO_flush(bio_err); |
| 1457 | if (value != NULL) | 1456 | if (value != NULL) |
| 1458 | { | 1457 | { |
| 1459 | OPENSSL_assert(strlen(value) < sizeof buf-2); | 1458 | BUF_strlcpy(buf,value,sizeof buf); |
| 1460 | strcpy(buf,value); | 1459 | BUF_strlcat(buf,"\n",sizeof buf); |
| 1461 | strcat(buf,"\n"); | ||
| 1462 | BIO_printf(bio_err,"%s\n",value); | 1460 | BIO_printf(bio_err,"%s\n",value); |
| 1463 | } | 1461 | } |
| 1464 | else | 1462 | else |
| @@ -1480,8 +1478,8 @@ start: | |||
| 1480 | { | 1478 | { |
| 1481 | if ((def == NULL) || (def[0] == '\0')) | 1479 | if ((def == NULL) || (def[0] == '\0')) |
| 1482 | return(1); | 1480 | return(1); |
| 1483 | strcpy(buf,def); | 1481 | BUF_strlcpy(buf,def,sizeof buf); |
| 1484 | strcat(buf,"\n"); | 1482 | BUF_strlcat(buf,"\n",sizeof buf); |
| 1485 | } | 1483 | } |
| 1486 | else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); | 1484 | else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); |
| 1487 | 1485 | ||
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c index 5a6fd115f4..5db6fe7cd7 100644 --- a/src/lib/libssl/src/apps/rsautl.c +++ b/src/lib/libssl/src/apps/rsautl.c | |||
| @@ -97,6 +97,7 @@ int MAIN(int argc, char **argv) | |||
| 97 | EVP_PKEY *pkey = NULL; | 97 | EVP_PKEY *pkey = NULL; |
| 98 | RSA *rsa = NULL; | 98 | RSA *rsa = NULL; |
| 99 | unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; | 99 | unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; |
| 100 | char *passargin = NULL, *passin = NULL; | ||
| 100 | int rsa_inlen, rsa_outlen = 0; | 101 | int rsa_inlen, rsa_outlen = 0; |
| 101 | int keysize; | 102 | int keysize; |
| 102 | 103 | ||
| @@ -124,6 +125,9 @@ int MAIN(int argc, char **argv) | |||
| 124 | } else if(!strcmp(*argv, "-inkey")) { | 125 | } else if(!strcmp(*argv, "-inkey")) { |
| 125 | if (--argc < 1) badarg = 1; | 126 | if (--argc < 1) badarg = 1; |
| 126 | keyfile = *(++argv); | 127 | keyfile = *(++argv); |
| 128 | } else if (!strcmp(*argv,"-passin")) { | ||
| 129 | if (--argc < 1) badarg = 1; | ||
| 130 | passargin= *(++argv); | ||
| 127 | } else if (strcmp(*argv,"-keyform") == 0) { | 131 | } else if (strcmp(*argv,"-keyform") == 0) { |
| 128 | if (--argc < 1) badarg = 1; | 132 | if (--argc < 1) badarg = 1; |
| 129 | keyform=str2fmt(*(++argv)); | 133 | keyform=str2fmt(*(++argv)); |
| @@ -169,6 +173,10 @@ int MAIN(int argc, char **argv) | |||
| 169 | #ifndef OPENSSL_NO_ENGINE | 173 | #ifndef OPENSSL_NO_ENGINE |
| 170 | e = setup_engine(bio_err, engine, 0); | 174 | e = setup_engine(bio_err, engine, 0); |
| 171 | #endif | 175 | #endif |
| 176 | if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { | ||
| 177 | BIO_printf(bio_err, "Error getting password\n"); | ||
| 178 | goto end; | ||
| 179 | } | ||
| 172 | 180 | ||
| 173 | /* FIXME: seed PRNG only if needed */ | 181 | /* FIXME: seed PRNG only if needed */ |
| 174 | app_RAND_load_file(NULL, bio_err, 0); | 182 | app_RAND_load_file(NULL, bio_err, 0); |
| @@ -176,7 +184,7 @@ int MAIN(int argc, char **argv) | |||
| 176 | switch(key_type) { | 184 | switch(key_type) { |
| 177 | case KEY_PRIVKEY: | 185 | case KEY_PRIVKEY: |
| 178 | pkey = load_key(bio_err, keyfile, keyform, 0, | 186 | pkey = load_key(bio_err, keyfile, keyform, 0, |
| 179 | NULL, e, "Private Key"); | 187 | passin, e, "Private Key"); |
| 180 | break; | 188 | break; |
| 181 | 189 | ||
| 182 | case KEY_PUBKEY: | 190 | case KEY_PUBKEY: |
| @@ -290,6 +298,7 @@ int MAIN(int argc, char **argv) | |||
| 290 | BIO_free_all(out); | 298 | BIO_free_all(out); |
| 291 | if(rsa_in) OPENSSL_free(rsa_in); | 299 | if(rsa_in) OPENSSL_free(rsa_in); |
| 292 | if(rsa_out) OPENSSL_free(rsa_out); | 300 | if(rsa_out) OPENSSL_free(rsa_out); |
| 301 | if(passin) OPENSSL_free(passin); | ||
| 293 | return ret; | 302 | return ret; |
| 294 | } | 303 | } |
| 295 | 304 | ||
| @@ -313,6 +322,7 @@ static void usage() | |||
| 313 | BIO_printf(bio_err, "-hexdump hex dump output\n"); | 322 | BIO_printf(bio_err, "-hexdump hex dump output\n"); |
| 314 | #ifndef OPENSSL_NO_ENGINE | 323 | #ifndef OPENSSL_NO_ENGINE |
| 315 | BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); | 324 | BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); |
| 325 | BIO_printf (bio_err, "-passin arg pass phrase source\n"); | ||
| 316 | #endif | 326 | #endif |
| 317 | 327 | ||
| 318 | } | 328 | } |
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c index a88de6c8c8..1867890966 100644 --- a/src/lib/libssl/src/apps/s_socket.c +++ b/src/lib/libssl/src/apps/s_socket.c | |||
| @@ -389,7 +389,7 @@ redoit: | |||
| 389 | perror("OPENSSL_malloc"); | 389 | perror("OPENSSL_malloc"); |
| 390 | return(0); | 390 | return(0); |
| 391 | } | 391 | } |
| 392 | strcpy(*host,h1->h_name); | 392 | BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
| 393 | 393 | ||
| 394 | h2=GetHostByName(*host); | 394 | h2=GetHostByName(*host); |
| 395 | if (h2 == NULL) | 395 | if (h2 == NULL) |
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c index 1ad16cd607..7d47057465 100644 --- a/src/lib/libssl/src/apps/s_time.c +++ b/src/lib/libssl/src/apps/s_time.c | |||
| @@ -502,7 +502,7 @@ int MAIN(int argc, char **argv) | |||
| 502 | 502 | ||
| 503 | if (s_www_path != NULL) | 503 | if (s_www_path != NULL) |
| 504 | { | 504 | { |
| 505 | sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); | 505 | BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); |
| 506 | SSL_write(scon,buf,strlen(buf)); | 506 | SSL_write(scon,buf,strlen(buf)); |
| 507 | while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) | 507 | while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) |
| 508 | bytes_read+=i; | 508 | bytes_read+=i; |
| @@ -557,7 +557,7 @@ next: | |||
| 557 | 557 | ||
| 558 | if (s_www_path != NULL) | 558 | if (s_www_path != NULL) |
| 559 | { | 559 | { |
| 560 | sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); | 560 | BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); |
| 561 | SSL_write(scon,buf,strlen(buf)); | 561 | SSL_write(scon,buf,strlen(buf)); |
| 562 | while (SSL_read(scon,buf,sizeof(buf)) > 0) | 562 | while (SSL_read(scon,buf,sizeof(buf)) > 0) |
| 563 | ; | 563 | ; |
| @@ -595,7 +595,7 @@ next: | |||
| 595 | 595 | ||
| 596 | if (s_www_path) | 596 | if (s_www_path) |
| 597 | { | 597 | { |
| 598 | sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); | 598 | BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); |
| 599 | SSL_write(scon,buf,strlen(buf)); | 599 | SSL_write(scon,buf,strlen(buf)); |
| 600 | while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) | 600 | while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) |
| 601 | bytes_read+=i; | 601 | bytes_read+=i; |
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c index ec55b4188c..2412200009 100644 --- a/src/lib/libssl/src/apps/speed.c +++ b/src/lib/libssl/src/apps/speed.c | |||
| @@ -773,6 +773,7 @@ int MAIN(int argc, char **argv) | |||
| 773 | { | 773 | { |
| 774 | dsa_doit[R_DSA_512]=1; | 774 | dsa_doit[R_DSA_512]=1; |
| 775 | dsa_doit[R_DSA_1024]=1; | 775 | dsa_doit[R_DSA_1024]=1; |
| 776 | dsa_doit[R_DSA_2048]=1; | ||
| 776 | } | 777 | } |
| 777 | else | 778 | else |
| 778 | #endif | 779 | #endif |
| @@ -1006,6 +1007,9 @@ int MAIN(int argc, char **argv) | |||
| 1006 | c[D_CBC_RC5][0]=count; | 1007 | c[D_CBC_RC5][0]=count; |
| 1007 | c[D_CBC_BF][0]=count; | 1008 | c[D_CBC_BF][0]=count; |
| 1008 | c[D_CBC_CAST][0]=count; | 1009 | c[D_CBC_CAST][0]=count; |
| 1010 | c[D_CBC_128_AES][0]=count; | ||
| 1011 | c[D_CBC_192_AES][0]=count; | ||
| 1012 | c[D_CBC_256_AES][0]=count; | ||
| 1009 | 1013 | ||
| 1010 | for (i=1; i<SIZE_NUM; i++) | 1014 | for (i=1; i<SIZE_NUM; i++) |
| 1011 | { | 1015 | { |
| @@ -1031,6 +1035,9 @@ int MAIN(int argc, char **argv) | |||
| 1031 | c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; | 1035 | c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; |
| 1032 | c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; | 1036 | c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; |
| 1033 | c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; | 1037 | c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; |
| 1038 | c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; | ||
| 1039 | c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; | ||
| 1040 | c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; | ||
| 1034 | } | 1041 | } |
| 1035 | #ifndef OPENSSL_NO_RSA | 1042 | #ifndef OPENSSL_NO_RSA |
| 1036 | rsa_c[R_RSA_512][0]=count/2000; | 1043 | rsa_c[R_RSA_512][0]=count/2000; |
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c index 2020b51de0..9b95f7bd3f 100644 --- a/src/lib/libssl/src/apps/x509.c +++ b/src/lib/libssl/src/apps/x509.c | |||
| @@ -1022,31 +1022,31 @@ end: | |||
| 1022 | OPENSSL_EXIT(ret); | 1022 | OPENSSL_EXIT(ret); |
| 1023 | } | 1023 | } |
| 1024 | 1024 | ||
| 1025 | static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) | 1025 | static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create) |
| 1026 | { | 1026 | { |
| 1027 | char *buf = NULL, *p; | 1027 | char *buf = NULL, *p; |
| 1028 | MS_STATIC char buf2[1024]; | 1028 | ASN1_INTEGER *bs = NULL; |
| 1029 | ASN1_INTEGER *bs = NULL, *bs2 = NULL; | ||
| 1030 | BIO *io = NULL; | ||
| 1031 | BIGNUM *serial = NULL; | 1029 | BIGNUM *serial = NULL; |
| 1030 | size_t len; | ||
| 1032 | 1031 | ||
| 1033 | buf=OPENSSL_malloc( ((serialfile == NULL) | 1032 | len = ((serialfile == NULL) |
| 1034 | ?(strlen(CAfile)+strlen(POSTFIX)+1) | 1033 | ?(strlen(CAfile)+strlen(POSTFIX)+1) |
| 1035 | :(strlen(serialfile)))+1); | 1034 | :(strlen(serialfile)))+1; |
| 1035 | buf=OPENSSL_malloc(len); | ||
| 1036 | if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } | 1036 | if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } |
| 1037 | if (serialfile == NULL) | 1037 | if (serialfile == NULL) |
| 1038 | { | 1038 | { |
| 1039 | strcpy(buf,CAfile); | 1039 | BUF_strlcpy(buf,CAfile,len); |
| 1040 | for (p=buf; *p; p++) | 1040 | for (p=buf; *p; p++) |
| 1041 | if (*p == '.') | 1041 | if (*p == '.') |
| 1042 | { | 1042 | { |
| 1043 | *p='\0'; | 1043 | *p='\0'; |
| 1044 | break; | 1044 | break; |
| 1045 | } | 1045 | } |
| 1046 | strcat(buf,POSTFIX); | 1046 | BUF_strlcat(buf,POSTFIX,len); |
| 1047 | } | 1047 | } |
| 1048 | else | 1048 | else |
| 1049 | strcpy(buf,serialfile); | 1049 | BUF_strlcpy(buf,serialfile,len); |
| 1050 | serial=BN_new(); | 1050 | serial=BN_new(); |
| 1051 | bs=ASN1_INTEGER_new(); | 1051 | bs=ASN1_INTEGER_new(); |
| 1052 | if ((serial == NULL) || (bs == NULL)) | 1052 | if ((serial == NULL) || (bs == NULL)) |
| @@ -1055,72 +1055,18 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) | |||
| 1055 | goto end; | 1055 | goto end; |
| 1056 | } | 1056 | } |
| 1057 | 1057 | ||
| 1058 | io=BIO_new(BIO_s_file()); | 1058 | serial = load_serial(buf, create, NULL); |
| 1059 | if (io == NULL) | 1059 | if (serial == NULL) goto end; |
| 1060 | { | ||
| 1061 | ERR_print_errors(bio_err); | ||
| 1062 | goto end; | ||
| 1063 | } | ||
| 1064 | |||
| 1065 | if (BIO_read_filename(io,buf) <= 0) | ||
| 1066 | { | ||
| 1067 | if (!create) | ||
| 1068 | { | ||
| 1069 | perror(buf); | ||
| 1070 | goto end; | ||
| 1071 | } | ||
| 1072 | else | ||
| 1073 | { | ||
| 1074 | ASN1_INTEGER_set(bs,1); | ||
| 1075 | BN_one(serial); | ||
| 1076 | } | ||
| 1077 | } | ||
| 1078 | else | ||
| 1079 | { | ||
| 1080 | if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) | ||
| 1081 | { | ||
| 1082 | BIO_printf(bio_err,"unable to load serial number from %s\n",buf); | ||
| 1083 | ERR_print_errors(bio_err); | ||
| 1084 | goto end; | ||
| 1085 | } | ||
| 1086 | else | ||
| 1087 | { | ||
| 1088 | serial=BN_bin2bn(bs->data,bs->length,serial); | ||
| 1089 | if (serial == NULL) | ||
| 1090 | { | ||
| 1091 | BIO_printf(bio_err,"error converting bin 2 bn"); | ||
| 1092 | goto end; | ||
| 1093 | } | ||
| 1094 | } | ||
| 1095 | } | ||
| 1096 | 1060 | ||
| 1097 | if (!BN_add_word(serial,1)) | 1061 | if (!BN_add_word(serial,1)) |
| 1098 | { BIO_printf(bio_err,"add_word failure\n"); goto end; } | 1062 | { BIO_printf(bio_err,"add_word failure\n"); goto end; } |
| 1099 | if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL))) | ||
| 1100 | { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; } | ||
| 1101 | if (BIO_write_filename(io,buf) <= 0) | ||
| 1102 | { | ||
| 1103 | BIO_printf(bio_err,"error attempting to write serial number file\n"); | ||
| 1104 | perror(buf); | ||
| 1105 | goto end; | ||
| 1106 | } | ||
| 1107 | i2a_ASN1_INTEGER(io,bs2); | ||
| 1108 | BIO_puts(io,"\n"); | ||
| 1109 | 1063 | ||
| 1110 | BIO_free(io); | 1064 | if (!save_serial(buf, NULL, serial, &bs)) goto end; |
| 1111 | if (buf) OPENSSL_free(buf); | ||
| 1112 | ASN1_INTEGER_free(bs2); | ||
| 1113 | BN_free(serial); | ||
| 1114 | io=NULL; | ||
| 1115 | return bs; | ||
| 1116 | 1065 | ||
| 1117 | end: | 1066 | end: |
| 1118 | if (buf) OPENSSL_free(buf); | 1067 | if (buf) OPENSSL_free(buf); |
| 1119 | BIO_free(io); | ||
| 1120 | ASN1_INTEGER_free(bs); | ||
| 1121 | BN_free(serial); | 1068 | BN_free(serial); |
| 1122 | return NULL; | 1069 | return bs; |
| 1123 | |||
| 1124 | } | 1070 | } |
| 1125 | 1071 | ||
| 1126 | static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, | 1072 | static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, |
| @@ -1142,7 +1088,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, | |||
| 1142 | goto end; | 1088 | goto end; |
| 1143 | } | 1089 | } |
| 1144 | if (sno) bs = sno; | 1090 | if (sno) bs = sno; |
| 1145 | else if (!(bs = load_serial(CAfile, serialfile, create))) | 1091 | else if (!(bs = x509_load_serial(CAfile, serialfile, create))) |
| 1146 | goto end; | 1092 | goto end; |
| 1147 | 1093 | ||
| 1148 | /* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ | 1094 | /* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ |
diff --git a/src/lib/libssl/src/certs/expired/vsign3.pem b/src/lib/libssl/src/certs/expired/vsign3.pem new file mode 100644 index 0000000000..aa5bb4c1f3 --- /dev/null +++ b/src/lib/libssl/src/certs/expired/vsign3.pem | |||
| @@ -0,0 +1,18 @@ | |||
| 1 | subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority | ||
| 2 | notBefore=Jan 29 00:00:00 1996 GMT | ||
| 3 | notAfter=Jan 7 23:59:59 2004 GMT | ||
| 4 | -----BEGIN CERTIFICATE----- | ||
| 5 | MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ | ||
| 6 | BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh | ||
| 7 | c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 | ||
| 8 | NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD | ||
| 9 | VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp | ||
| 10 | bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB | ||
| 11 | jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo | ||
| 12 | RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4 | ||
| 13 | rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN | ||
| 14 | BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp | ||
| 15 | STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH | ||
| 16 | ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ | ||
| 17 | pA== | ||
| 18 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/src/certs/vsign3.pem b/src/lib/libssl/src/certs/vsign3.pem index aa5bb4c1f3..4b8c0251cb 100644 --- a/src/lib/libssl/src/certs/vsign3.pem +++ b/src/lib/libssl/src/certs/vsign3.pem | |||
| @@ -1,18 +1,17 @@ | |||
| 1 | subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority | 1 | subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority |
| 2 | notBefore=Jan 29 00:00:00 1996 GMT | 2 | notBefore=Jan 29 00:00:00 1996 GMT |
| 3 | notAfter=Jan 7 23:59:59 2004 GMT | 3 | notAfter=Aug 1 23:59:59 2028 GMT |
| 4 | -----BEGIN CERTIFICATE----- | 4 | -----BEGIN CERTIFICATE----- |
| 5 | MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ | 5 | MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG |
| 6 | BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh | 6 | A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz |
| 7 | c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 | 7 | cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 |
| 8 | NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD | 8 | MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV |
| 9 | VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp | 9 | BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt |
| 10 | bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB | 10 | YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN |
| 11 | jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo | 11 | ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE |
| 12 | RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4 | 12 | BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is |
| 13 | rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN | 13 | I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G |
| 14 | BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp | 14 | CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do |
| 15 | STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH | 15 | lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc |
| 16 | ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ | 16 | AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k |
| 17 | pA== | ||
| 18 | -----END CERTIFICATE----- | 17 | -----END CERTIFICATE----- |
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config index b3bd96bbfc..25a3703c1f 100644 --- a/src/lib/libssl/src/config +++ b/src/lib/libssl/src/config | |||
| @@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in | |||
| 134 | HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'` | 134 | HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'` |
| 135 | case "$HPUXVER" in | 135 | case "$HPUXVER" in |
| 136 | 1[0-9].*) # HPUX 10 and 11 targets are unified | 136 | 1[0-9].*) # HPUX 10 and 11 targets are unified |
| 137 | echo "${MACHINE}-hp-hpux10"; exit 0 | 137 | echo "${MACHINE}-hp-hpux1x"; exit 0 |
| 138 | ;; | 138 | ;; |
| 139 | *) | 139 | *) |
| 140 | echo "${MACHINE}-hp-hpux"; exit 0 | 140 | echo "${MACHINE}-hp-hpux"; exit 0 |
| @@ -410,9 +410,10 @@ if [ "$SYSTEM" = "HP-UX" ];then | |||
| 410 | GCC_BITS="32" | 410 | GCC_BITS="32" |
| 411 | if [ $GCCVER -ge 30 ]; then | 411 | if [ $GCCVER -ge 30 ]; then |
| 412 | # PA64 support only came in with gcc 3.0.x. | 412 | # PA64 support only came in with gcc 3.0.x. |
| 413 | # We look for the preprocessor symbol __LP64__ indicating | 413 | # We check if the preprocessor symbol __LP64__ is defined... |
| 414 | # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64. | 414 | if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then |
| 415 | if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then | 415 | : # __LP64__ has slipped through, it therefore is not defined |
| 416 | else | ||
| 416 | GCC_BITS="64" | 417 | GCC_BITS="64" |
| 417 | fi | 418 | fi |
| 418 | fi | 419 | fi |
| @@ -685,7 +686,7 @@ EOF | |||
| 685 | if [ $CC = "gcc" ]; | 686 | if [ $CC = "gcc" ]; |
| 686 | then | 687 | then |
| 687 | if [ $GCC_BITS = "64" ]; then | 688 | if [ $GCC_BITS = "64" ]; then |
| 688 | OUT="hpux64-parisc-gcc" | 689 | OUT="hpux64-parisc2-gcc" |
| 689 | else | 690 | else |
| 690 | OUT="hpux-parisc-gcc" | 691 | OUT="hpux-parisc-gcc" |
| 691 | fi | 692 | fi |
| @@ -700,7 +701,7 @@ EOF | |||
| 700 | if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU | 701 | if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU |
| 701 | echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi." | 702 | echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi." |
| 702 | echo " If you wish to build 32-bit library, the you have to" | 703 | echo " If you wish to build 32-bit library, the you have to" |
| 703 | echo " invoke './Configure hpux-ia32-cc' *manually*." | 704 | echo " invoke './Configure hpux-ia64-cc' *manually*." |
| 704 | if [ "$TEST" = "false" ]; then | 705 | if [ "$TEST" = "false" ]; then |
| 705 | echo " You have about 5 seconds to press Ctrl-C to abort." | 706 | echo " You have about 5 seconds to press Ctrl-C to abort." |
| 706 | (stty -icanon min 0 time 50; read waste) < /dev/tty | 707 | (stty -icanon min 0 time 50; read waste) < /dev/tty |
diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c index 86b27b10d6..1222a21002 100644 --- a/src/lib/libssl/src/crypto/aes/aes_cbc.c +++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c | |||
| @@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 104 | memcpy(tmp, in, AES_BLOCK_SIZE); | 104 | memcpy(tmp, in, AES_BLOCK_SIZE); |
| 105 | AES_decrypt(tmp, tmp, key); | 105 | AES_decrypt(tmp, tmp, key); |
| 106 | for(n=0; n < len; ++n) | 106 | for(n=0; n < len; ++n) |
| 107 | out[n] ^= ivec[n]; | 107 | out[n] = tmp[n] ^ ivec[n]; |
| 108 | memcpy(ivec, tmp, AES_BLOCK_SIZE); | 108 | memcpy(ivec, tmp, AES_BLOCK_SIZE); |
| 109 | } | 109 | } |
| 110 | } | 110 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/a_gentm.c b/src/lib/libssl/src/crypto/asn1/a_gentm.c index cd09f68b38..8581007868 100644 --- a/src/lib/libssl/src/crypto/asn1/a_gentm.c +++ b/src/lib/libssl/src/crypto/asn1/a_gentm.c | |||
| @@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, | |||
| 208 | char *p; | 208 | char *p; |
| 209 | struct tm *ts; | 209 | struct tm *ts; |
| 210 | struct tm data; | 210 | struct tm data; |
| 211 | size_t len = 20; | ||
| 211 | 212 | ||
| 212 | if (s == NULL) | 213 | if (s == NULL) |
| 213 | s=M_ASN1_GENERALIZEDTIME_new(); | 214 | s=M_ASN1_GENERALIZEDTIME_new(); |
| @@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, | |||
| 219 | return(NULL); | 220 | return(NULL); |
| 220 | 221 | ||
| 221 | p=(char *)s->data; | 222 | p=(char *)s->data; |
| 222 | if ((p == NULL) || (s->length < 16)) | 223 | if ((p == NULL) || ((size_t)s->length < len)) |
| 223 | { | 224 | { |
| 224 | p=OPENSSL_malloc(20); | 225 | p=OPENSSL_malloc(len); |
| 225 | if (p == NULL) return(NULL); | 226 | if (p == NULL) return(NULL); |
| 226 | if (s->data != NULL) | 227 | if (s->data != NULL) |
| 227 | OPENSSL_free(s->data); | 228 | OPENSSL_free(s->data); |
| 228 | s->data=(unsigned char *)p; | 229 | s->data=(unsigned char *)p; |
| 229 | } | 230 | } |
| 230 | 231 | ||
| 231 | sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, | 232 | BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, |
| 232 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); | 233 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); |
| 233 | s->length=strlen(p); | 234 | s->length=strlen(p); |
| 234 | s->type=V_ASN1_GENERALIZEDTIME; | 235 | s->type=V_ASN1_GENERALIZEDTIME; |
| 235 | #ifdef CHARSET_EBCDIC_not | 236 | #ifdef CHARSET_EBCDIC_not |
diff --git a/src/lib/libssl/src/crypto/asn1/a_mbstr.c b/src/lib/libssl/src/crypto/asn1/a_mbstr.c index e8a26af521..208b3ec395 100644 --- a/src/lib/libssl/src/crypto/asn1/a_mbstr.c +++ b/src/lib/libssl/src/crypto/asn1/a_mbstr.c | |||
| @@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 145 | 145 | ||
| 146 | if((minsize > 0) && (nchar < minsize)) { | 146 | if((minsize > 0) && (nchar < minsize)) { |
| 147 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); | 147 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); |
| 148 | sprintf(strbuf, "%ld", minsize); | 148 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); |
| 149 | ERR_add_error_data(2, "minsize=", strbuf); | 149 | ERR_add_error_data(2, "minsize=", strbuf); |
| 150 | return -1; | 150 | return -1; |
| 151 | } | 151 | } |
| 152 | 152 | ||
| 153 | if((maxsize > 0) && (nchar > maxsize)) { | 153 | if((maxsize > 0) && (nchar > maxsize)) { |
| 154 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); | 154 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); |
| 155 | sprintf(strbuf, "%ld", maxsize); | 155 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); |
| 156 | ERR_add_error_data(2, "maxsize=", strbuf); | 156 | ERR_add_error_data(2, "maxsize=", strbuf); |
| 157 | return -1; | 157 | return -1; |
| 158 | } | 158 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c index 8abfdfe598..bde666a6ff 100644 --- a/src/lib/libssl/src/crypto/asn1/a_strex.c +++ b/src/lib/libssl/src/crypto/asn1/a_strex.c | |||
| @@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = { | |||
| 285 | -1, -1, 0, -1, /* 10-13 */ | 285 | -1, -1, 0, -1, /* 10-13 */ |
| 286 | -1, -1, -1, -1, /* 15-17 */ | 286 | -1, -1, -1, -1, /* 15-17 */ |
| 287 | -1, 1, 1, /* 18-20 */ | 287 | -1, 1, 1, /* 18-20 */ |
| 288 | -1, 1, -1,-1, /* 21-24 */ | 288 | -1, 1, 1, 1, /* 21-24 */ |
| 289 | -1, 1, -1, /* 25-27 */ | 289 | -1, 1, -1, /* 25-27 */ |
| 290 | 4, -1, 2 /* 28-30 */ | 290 | 4, -1, 2 /* 28-30 */ |
| 291 | }; | 291 | }; |
diff --git a/src/lib/libssl/src/crypto/asn1/a_time.c b/src/lib/libssl/src/crypto/asn1/a_time.c index 7348da9457..159681fbcb 100644 --- a/src/lib/libssl/src/crypto/asn1/a_time.c +++ b/src/lib/libssl/src/crypto/asn1/a_time.c | |||
| @@ -128,6 +128,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE | |||
| 128 | { | 128 | { |
| 129 | ASN1_GENERALIZEDTIME *ret; | 129 | ASN1_GENERALIZEDTIME *ret; |
| 130 | char *str; | 130 | char *str; |
| 131 | int newlen; | ||
| 131 | 132 | ||
| 132 | if (!ASN1_TIME_check(t)) return NULL; | 133 | if (!ASN1_TIME_check(t)) return NULL; |
| 133 | 134 | ||
| @@ -150,12 +151,14 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE | |||
| 150 | /* grow the string */ | 151 | /* grow the string */ |
| 151 | if (!ASN1_STRING_set(ret, NULL, t->length + 2)) | 152 | if (!ASN1_STRING_set(ret, NULL, t->length + 2)) |
| 152 | return NULL; | 153 | return NULL; |
| 154 | /* ASN1_STRING_set() allocated 'len + 1' bytes. */ | ||
| 155 | newlen = t->length + 2 + 1; | ||
| 153 | str = (char *)ret->data; | 156 | str = (char *)ret->data; |
| 154 | /* Work out the century and prepend */ | 157 | /* Work out the century and prepend */ |
| 155 | if (t->data[0] >= '5') strcpy(str, "19"); | 158 | if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); |
| 156 | else strcpy(str, "20"); | 159 | else BUF_strlcpy(str, "20", newlen); |
| 157 | 160 | ||
| 158 | BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */ | 161 | BUF_strlcat(str, (char *)t->data, newlen); |
| 159 | 162 | ||
| 160 | return ret; | 163 | return ret; |
| 161 | } | 164 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c index dbb4a42c9d..999852dae5 100644 --- a/src/lib/libssl/src/crypto/asn1/a_utctm.c +++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c | |||
| @@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) | |||
| 188 | char *p; | 188 | char *p; |
| 189 | struct tm *ts; | 189 | struct tm *ts; |
| 190 | struct tm data; | 190 | struct tm data; |
| 191 | size_t len = 20; | ||
| 191 | 192 | ||
| 192 | if (s == NULL) | 193 | if (s == NULL) |
| 193 | s=M_ASN1_UTCTIME_new(); | 194 | s=M_ASN1_UTCTIME_new(); |
| @@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) | |||
| 199 | return(NULL); | 200 | return(NULL); |
| 200 | 201 | ||
| 201 | p=(char *)s->data; | 202 | p=(char *)s->data; |
| 202 | if ((p == NULL) || (s->length < 14)) | 203 | if ((p == NULL) || ((size_t)s->length < len)) |
| 203 | { | 204 | { |
| 204 | p=OPENSSL_malloc(20); | 205 | p=OPENSSL_malloc(len); |
| 205 | if (p == NULL) return(NULL); | 206 | if (p == NULL) return(NULL); |
| 206 | if (s->data != NULL) | 207 | if (s->data != NULL) |
| 207 | OPENSSL_free(s->data); | 208 | OPENSSL_free(s->data); |
| 208 | s->data=(unsigned char *)p; | 209 | s->data=(unsigned char *)p; |
| 209 | } | 210 | } |
| 210 | 211 | ||
| 211 | sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, | 212 | BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, |
| 212 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); | 213 | ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); |
| 213 | s->length=strlen(p); | 214 | s->length=strlen(p); |
| 214 | s->type=V_ASN1_UTCTIME; | 215 | s->type=V_ASN1_UTCTIME; |
| 215 | #ifdef CHARSET_EBCDIC_not | 216 | #ifdef CHARSET_EBCDIC_not |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c index e30d5dd303..a74f1368d3 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c | |||
| @@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset) | |||
| 414 | { | 414 | { |
| 415 | char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; | 415 | char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; |
| 416 | 416 | ||
| 417 | sprintf(buf1,"%lu",(unsigned long)address); | 417 | BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); |
| 418 | sprintf(buf2,"%d",offset); | 418 | BIO_snprintf(buf2,sizeof buf2,"%d",offset); |
| 419 | ERR_add_error_data(4,"address=",buf1," offset=",buf2); | 419 | ERR_add_error_data(4,"address=",buf1," offset=",buf2); |
| 420 | } | 420 | } |
| 421 | 421 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c index e48532a24d..676d434f03 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_par.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c | |||
| @@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, | |||
| 83 | 83 | ||
| 84 | p=str; | 84 | p=str; |
| 85 | if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) | 85 | if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) |
| 86 | sprintf(str,"priv [ %d ] ",tag); | 86 | BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag); |
| 87 | else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) | 87 | else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) |
| 88 | sprintf(str,"cont [ %d ]",tag); | 88 | BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); |
| 89 | else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) | 89 | else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) |
| 90 | sprintf(str,"appl [ %d ]",tag); | 90 | BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); |
| 91 | else p = ASN1_tag2str(tag); | 91 | else p = ASN1_tag2str(tag); |
| 92 | 92 | ||
| 93 | if (p2 != NULL) | 93 | if (p2 != NULL) |
diff --git a/src/lib/libssl/src/crypto/asn1/asn_moid.c b/src/lib/libssl/src/crypto/asn1/asn_moid.c index be20db4bad..edb44c988f 100644 --- a/src/lib/libssl/src/crypto/asn1/asn_moid.c +++ b/src/lib/libssl/src/crypto/asn1/asn_moid.c | |||
| @@ -87,9 +87,14 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) | |||
| 87 | } | 87 | } |
| 88 | } | 88 | } |
| 89 | return 1; | 89 | return 1; |
| 90 | } | 90 | } |
| 91 | |||
| 92 | static void oid_module_finish(CONF_IMODULE *md) | ||
| 93 | { | ||
| 94 | OBJ_cleanup(); | ||
| 95 | } | ||
| 91 | 96 | ||
| 92 | void ASN1_add_oid_module(void) | 97 | void ASN1_add_oid_module(void) |
| 93 | { | 98 | { |
| 94 | CONF_module_add("oid_section", oid_module_init, 0); | 99 | CONF_module_add("oid_section", oid_module_init, oid_module_finish); |
| 95 | } | 100 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c index 4e09c9e44e..d15006e654 100644 --- a/src/lib/libssl/src/crypto/asn1/t_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c | |||
| @@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off) | |||
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | if (x->d == NULL) | 141 | if (x->d == NULL) |
| 142 | sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n)); | 142 | BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); |
| 143 | else | 143 | else |
| 144 | strcpy(str,"modulus:"); | 144 | BUF_strlcpy(str,"modulus:",sizeof str); |
| 145 | if (!print(bp,str,x->n,m,off)) goto err; | 145 | if (!print(bp,str,x->n,m,off)) goto err; |
| 146 | s=(x->d == NULL)?"Exponent:":"publicExponent:"; | 146 | s=(x->d == NULL)?"Exponent:":"publicExponent:"; |
| 147 | if (!print(bp,s,x->e,m,off)) goto err; | 147 | if (!print(bp,s,x->e,m,off)) goto err; |
diff --git a/src/lib/libssl/src/crypto/asn1/x_long.c b/src/lib/libssl/src/crypto/asn1/x_long.c index c04b192794..c5f25956cb 100644 --- a/src/lib/libssl/src/crypto/asn1/x_long.c +++ b/src/lib/libssl/src/crypto/asn1/x_long.c | |||
| @@ -104,7 +104,12 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A | |||
| 104 | long ltmp; | 104 | long ltmp; |
| 105 | unsigned long utmp; | 105 | unsigned long utmp; |
| 106 | int clen, pad, i; | 106 | int clen, pad, i; |
| 107 | ltmp = *(long *)pval; | 107 | /* this exists to bypass broken gcc optimization */ |
| 108 | char *cp = (char *)pval; | ||
| 109 | |||
| 110 | /* use memcpy, because we may not be long aligned */ | ||
| 111 | memcpy(<mp, cp, sizeof(long)); | ||
| 112 | |||
| 108 | if(ltmp == it->size) return -1; | 113 | if(ltmp == it->size) return -1; |
| 109 | /* Convert the long to positive: we subtract one if negative so | 114 | /* Convert the long to positive: we subtract one if negative so |
| 110 | * we can cleanly handle the padding if only the MSB of the leading | 115 | * we can cleanly handle the padding if only the MSB of the leading |
| @@ -136,6 +141,7 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, | |||
| 136 | int neg, i; | 141 | int neg, i; |
| 137 | long ltmp; | 142 | long ltmp; |
| 138 | unsigned long utmp = 0; | 143 | unsigned long utmp = 0; |
| 144 | char *cp = (char *)pval; | ||
| 139 | if(len > sizeof(long)) { | 145 | if(len > sizeof(long)) { |
| 140 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); | 146 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); |
| 141 | return 0; | 147 | return 0; |
| @@ -158,6 +164,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, | |||
| 158 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); | 164 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); |
| 159 | return 0; | 165 | return 0; |
| 160 | } | 166 | } |
| 161 | *(long *)pval = ltmp; | 167 | memcpy(cp, <mp, sizeof(long)); |
| 162 | return 1; | 168 | return 1; |
| 163 | } | 169 | } |
diff --git a/src/lib/libssl/src/crypto/bio/b_dump.c b/src/lib/libssl/src/crypto/bio/b_dump.c index 8397cfab6a..f671e722fa 100644 --- a/src/lib/libssl/src/crypto/bio/b_dump.c +++ b/src/lib/libssl/src/crypto/bio/b_dump.c | |||
| @@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 104 | for(i=0;i<rows;i++) | 104 | for(i=0;i<rows;i++) |
| 105 | { | 105 | { |
| 106 | buf[0]='\0'; /* start with empty string */ | 106 | buf[0]='\0'; /* start with empty string */ |
| 107 | strcpy(buf,str); | 107 | BUF_strlcpy(buf,str,sizeof buf); |
| 108 | sprintf(tmp,"%04x - ",i*dump_width); | 108 | BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width); |
| 109 | strcat(buf,tmp); | 109 | BUF_strlcat(buf,tmp,sizeof buf); |
| 110 | for(j=0;j<dump_width;j++) | 110 | for(j=0;j<dump_width;j++) |
| 111 | { | 111 | { |
| 112 | if (((i*dump_width)+j)>=len) | 112 | if (((i*dump_width)+j)>=len) |
| 113 | { | 113 | { |
| 114 | strcat(buf," "); | 114 | BUF_strlcat(buf," ",sizeof buf); |
| 115 | } | 115 | } |
| 116 | else | 116 | else |
| 117 | { | 117 | { |
| 118 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; | 118 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; |
| 119 | sprintf(tmp,"%02x%c",ch,j==7?'-':' '); | 119 | BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch, |
| 120 | strcat(buf,tmp); | 120 | j==7?'-':' '); |
| 121 | BUF_strlcat(buf,tmp,sizeof buf); | ||
| 121 | } | 122 | } |
| 122 | } | 123 | } |
| 123 | strcat(buf," "); | 124 | BUF_strlcat(buf," ",sizeof buf); |
| 124 | for(j=0;j<dump_width;j++) | 125 | for(j=0;j<dump_width;j++) |
| 125 | { | 126 | { |
| 126 | if (((i*dump_width)+j)>=len) | 127 | if (((i*dump_width)+j)>=len) |
| 127 | break; | 128 | break; |
| 128 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; | 129 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; |
| 129 | #ifndef CHARSET_EBCDIC | 130 | #ifndef CHARSET_EBCDIC |
| 130 | sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); | 131 | BIO_snprintf(tmp,sizeof tmp,"%c", |
| 132 | ((ch>=' ')&&(ch<='~'))?ch:'.'); | ||
| 131 | #else | 133 | #else |
| 132 | sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) | 134 | BIO_snprintf(tmp,sizeof tmp,"%c", |
| 133 | ? os_toebcdic[ch] | 135 | ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) |
| 134 | : '.'); | 136 | ? os_toebcdic[ch] |
| 137 | : '.'); | ||
| 135 | #endif | 138 | #endif |
| 136 | strcat(buf,tmp); | 139 | BUF_strlcat(buf,tmp,sizeof buf); |
| 137 | } | 140 | } |
| 138 | strcat(buf,"\n"); | 141 | BUF_strlcat(buf,"\n",sizeof buf); |
| 139 | /* if this is the last call then update the ddt_dump thing so that | 142 | /* if this is the last call then update the ddt_dump thing so that |
| 140 | * we will move the selection point in the debug window | 143 | * we will move the selection point in the debug window |
| 141 | */ | 144 | */ |
| @@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 144 | #ifdef TRUNCATE | 147 | #ifdef TRUNCATE |
| 145 | if (trunc > 0) | 148 | if (trunc > 0) |
| 146 | { | 149 | { |
| 147 | sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc); | 150 | BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str, |
| 151 | len+trunc); | ||
| 148 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); | 152 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); |
| 149 | } | 153 | } |
| 150 | #endif | 154 | #endif |
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c index 2cfc689dd6..fbff331796 100644 --- a/src/lib/libssl/src/crypto/bio/b_print.c +++ b/src/lib/libssl/src/crypto/bio/b_print.c | |||
| @@ -576,12 +576,12 @@ abs_val(LDOUBLE value) | |||
| 576 | } | 576 | } |
| 577 | 577 | ||
| 578 | static LDOUBLE | 578 | static LDOUBLE |
| 579 | pow10(int exp) | 579 | pow10(int in_exp) |
| 580 | { | 580 | { |
| 581 | LDOUBLE result = 1; | 581 | LDOUBLE result = 1; |
| 582 | while (exp) { | 582 | while (in_exp) { |
| 583 | result *= 10; | 583 | result *= 10; |
| 584 | exp--; | 584 | in_exp--; |
| 585 | } | 585 | } |
| 586 | return result; | 586 | return result; |
| 587 | } | 587 | } |
| @@ -652,8 +652,8 @@ fmtfp( | |||
| 652 | (caps ? "0123456789ABCDEF" | 652 | (caps ? "0123456789ABCDEF" |
| 653 | : "0123456789abcdef")[intpart % 10]; | 653 | : "0123456789abcdef")[intpart % 10]; |
| 654 | intpart = (intpart / 10); | 654 | intpart = (intpart / 10); |
| 655 | } while (intpart && (iplace < sizeof iplace)); | 655 | } while (intpart && (iplace < sizeof iconvert)); |
| 656 | if (iplace == sizeof iplace) | 656 | if (iplace == sizeof iconvert) |
| 657 | iplace--; | 657 | iplace--; |
| 658 | iconvert[iplace] = 0; | 658 | iconvert[iplace] = 0; |
| 659 | 659 | ||
| @@ -664,7 +664,7 @@ fmtfp( | |||
| 664 | : "0123456789abcdef")[fracpart % 10]; | 664 | : "0123456789abcdef")[fracpart % 10]; |
| 665 | fracpart = (fracpart / 10); | 665 | fracpart = (fracpart / 10); |
| 666 | } while (fplace < max); | 666 | } while (fplace < max); |
| 667 | if (fplace == sizeof fplace) | 667 | if (fplace == sizeof fconvert) |
| 668 | fplace--; | 668 | fplace--; |
| 669 | fconvert[fplace] = 0; | 669 | fconvert[fplace] = 0; |
| 670 | 670 | ||
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c index 601a14f37c..c851298d1e 100644 --- a/src/lib/libssl/src/crypto/bio/b_sock.c +++ b/src/lib/libssl/src/crypto/bio/b_sock.c | |||
| @@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr) | |||
| 709 | } | 709 | } |
| 710 | *addr=p; | 710 | *addr=p; |
| 711 | } | 711 | } |
| 712 | sprintf(*addr,"%d.%d.%d.%d:%d", | 712 | BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d", |
| 713 | (unsigned char)(l>>24L)&0xff, | 713 | (unsigned char)(l>>24L)&0xff, |
| 714 | (unsigned char)(l>>16L)&0xff, | 714 | (unsigned char)(l>>16L)&0xff, |
| 715 | (unsigned char)(l>> 8L)&0xff, | 715 | (unsigned char)(l>> 8L)&0xff, |
| 716 | (unsigned char)(l )&0xff, | 716 | (unsigned char)(l )&0xff, |
| 717 | port); | 717 | port); |
| 718 | end: | 718 | end: |
| 719 | return(ret); | 719 | return(ret); |
| 720 | } | 720 | } |
diff --git a/src/lib/libssl/src/crypto/bio/bio_cb.c b/src/lib/libssl/src/crypto/bio/bio_cb.c index 0ffa4d2136..6f4254a114 100644 --- a/src/lib/libssl/src/crypto/bio/bio_cb.c +++ b/src/lib/libssl/src/crypto/bio/bio_cb.c | |||
| @@ -70,55 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, | |||
| 70 | MS_STATIC char buf[256]; | 70 | MS_STATIC char buf[256]; |
| 71 | char *p; | 71 | char *p; |
| 72 | long r=1; | 72 | long r=1; |
| 73 | size_t p_maxlen; | ||
| 73 | 74 | ||
| 74 | if (BIO_CB_RETURN & cmd) | 75 | if (BIO_CB_RETURN & cmd) |
| 75 | r=ret; | 76 | r=ret; |
| 76 | 77 | ||
| 77 | sprintf(buf,"BIO[%08lX]:",(unsigned long)bio); | 78 | BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio); |
| 78 | p= &(buf[14]); | 79 | p= &(buf[14]); |
| 80 | p_maxlen = sizeof buf - 14; | ||
| 79 | switch (cmd) | 81 | switch (cmd) |
| 80 | { | 82 | { |
| 81 | case BIO_CB_FREE: | 83 | case BIO_CB_FREE: |
| 82 | sprintf(p,"Free - %s\n",bio->method->name); | 84 | BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name); |
| 83 | break; | 85 | break; |
| 84 | case BIO_CB_READ: | 86 | case BIO_CB_READ: |
| 85 | if (bio->method->type & BIO_TYPE_DESCRIPTOR) | 87 | if (bio->method->type & BIO_TYPE_DESCRIPTOR) |
| 86 | sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); | 88 | BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", |
| 89 | bio->num,argi,bio->method->name,bio->num); | ||
| 87 | else | 90 | else |
| 88 | sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name); | 91 | BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n", |
| 92 | bio->num,argi,bio->method->name); | ||
| 89 | break; | 93 | break; |
| 90 | case BIO_CB_WRITE: | 94 | case BIO_CB_WRITE: |
| 91 | if (bio->method->type & BIO_TYPE_DESCRIPTOR) | 95 | if (bio->method->type & BIO_TYPE_DESCRIPTOR) |
| 92 | sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); | 96 | BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", |
| 97 | bio->num,argi,bio->method->name,bio->num); | ||
| 93 | else | 98 | else |
| 94 | sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name); | 99 | BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n", |
| 100 | bio->num,argi,bio->method->name); | ||
| 95 | break; | 101 | break; |
| 96 | case BIO_CB_PUTS: | 102 | case BIO_CB_PUTS: |
| 97 | sprintf(p,"puts() - %s\n",bio->method->name); | 103 | BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); |
| 98 | break; | 104 | break; |
| 99 | case BIO_CB_GETS: | 105 | case BIO_CB_GETS: |
| 100 | sprintf(p,"gets(%d) - %s\n",argi,bio->method->name); | 106 | BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); |
| 101 | break; | 107 | break; |
| 102 | case BIO_CB_CTRL: | 108 | case BIO_CB_CTRL: |
| 103 | sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name); | 109 | BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); |
| 104 | break; | 110 | break; |
| 105 | case BIO_CB_RETURN|BIO_CB_READ: | 111 | case BIO_CB_RETURN|BIO_CB_READ: |
| 106 | sprintf(p,"read return %ld\n",ret); | 112 | BIO_snprintf(p,p_maxlen,"read return %ld\n",ret); |
| 107 | break; | 113 | break; |
| 108 | case BIO_CB_RETURN|BIO_CB_WRITE: | 114 | case BIO_CB_RETURN|BIO_CB_WRITE: |
| 109 | sprintf(p,"write return %ld\n",ret); | 115 | BIO_snprintf(p,p_maxlen,"write return %ld\n",ret); |
| 110 | break; | 116 | break; |
| 111 | case BIO_CB_RETURN|BIO_CB_GETS: | 117 | case BIO_CB_RETURN|BIO_CB_GETS: |
| 112 | sprintf(p,"gets return %ld\n",ret); | 118 | BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret); |
| 113 | break; | 119 | break; |
| 114 | case BIO_CB_RETURN|BIO_CB_PUTS: | 120 | case BIO_CB_RETURN|BIO_CB_PUTS: |
| 115 | sprintf(p,"puts return %ld\n",ret); | 121 | BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret); |
| 116 | break; | 122 | break; |
| 117 | case BIO_CB_RETURN|BIO_CB_CTRL: | 123 | case BIO_CB_RETURN|BIO_CB_CTRL: |
| 118 | sprintf(p,"ctrl return %ld\n",ret); | 124 | BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret); |
| 119 | break; | 125 | break; |
| 120 | default: | 126 | default: |
| 121 | sprintf(p,"bio callback - unknown type (%d)\n",cmd); | 127 | BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd); |
| 122 | break; | 128 | break; |
| 123 | } | 129 | } |
| 124 | 130 | ||
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c index 743db6ff94..f5d0e759e2 100644 --- a/src/lib/libssl/src/crypto/bio/bss_conn.c +++ b/src/lib/libssl/src/crypto/bio/bss_conn.c | |||
| @@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 521 | char buf[16]; | 521 | char buf[16]; |
| 522 | unsigned char *p = ptr; | 522 | unsigned char *p = ptr; |
| 523 | 523 | ||
| 524 | sprintf(buf,"%d.%d.%d.%d", | 524 | BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d", |
| 525 | p[0],p[1],p[2],p[3]); | 525 | p[0],p[1],p[2],p[3]); |
| 526 | if (data->param_hostname != NULL) | 526 | if (data->param_hostname != NULL) |
| 527 | OPENSSL_free(data->param_hostname); | 527 | OPENSSL_free(data->param_hostname); |
| 528 | data->param_hostname=BUF_strdup(buf); | 528 | data->param_hostname=BUF_strdup(buf); |
| @@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 532 | { | 532 | { |
| 533 | char buf[DECIMAL_SIZE(int)+1]; | 533 | char buf[DECIMAL_SIZE(int)+1]; |
| 534 | 534 | ||
| 535 | sprintf(buf,"%d",*(int *)ptr); | 535 | BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr); |
| 536 | if (data->param_port != NULL) | 536 | if (data->param_port != NULL) |
| 537 | OPENSSL_free(data->param_port); | 537 | OPENSSL_free(data->param_port); |
| 538 | data->param_port=BUF_strdup(buf); | 538 | data->param_port=BUF_strdup(buf); |
diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c index 6904b5c081..9cdf159f82 100644 --- a/src/lib/libssl/src/crypto/bio/bss_file.c +++ b/src/lib/libssl/src/crypto/bio/bss_file.c | |||
| @@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 249 | if (num & BIO_FP_APPEND) | 249 | if (num & BIO_FP_APPEND) |
| 250 | { | 250 | { |
| 251 | if (num & BIO_FP_READ) | 251 | if (num & BIO_FP_READ) |
| 252 | strcpy(p,"a+"); | 252 | BUF_strlcpy(p,"a+",sizeof p); |
| 253 | else strcpy(p,"a"); | 253 | else BUF_strlcpy(p,"a",sizeof p); |
| 254 | } | 254 | } |
| 255 | else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) | 255 | else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) |
| 256 | strcpy(p,"r+"); | 256 | BUF_strlcpy(p,"r+",sizeof p); |
| 257 | else if (num & BIO_FP_WRITE) | 257 | else if (num & BIO_FP_WRITE) |
| 258 | strcpy(p,"w"); | 258 | BUF_strlcpy(p,"w",sizeof p); |
| 259 | else if (num & BIO_FP_READ) | 259 | else if (num & BIO_FP_READ) |
| 260 | strcpy(p,"r"); | 260 | BUF_strlcpy(p,"r",sizeof p); |
| 261 | else | 261 | else |
| 262 | { | 262 | { |
| 263 | BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); | 263 | BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); |
diff --git a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl index 33f6125920..c4de4a2bee 100644 --- a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl +++ b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl | |||
| @@ -11,7 +11,7 @@ require "x86asm.pl"; | |||
| 11 | &bn_div_words("bn_div_words"); | 11 | &bn_div_words("bn_div_words"); |
| 12 | &bn_add_words("bn_add_words"); | 12 | &bn_add_words("bn_add_words"); |
| 13 | &bn_sub_words("bn_sub_words"); | 13 | &bn_sub_words("bn_sub_words"); |
| 14 | &bn_sub_part_words("bn_sub_part_words"); | 14 | #&bn_sub_part_words("bn_sub_part_words"); |
| 15 | 15 | ||
| 16 | &asm_finish(); | 16 | &asm_finish(); |
| 17 | 17 | ||
diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c index b97b394661..450e8e4322 100644 --- a/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c +++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c | |||
| @@ -142,7 +142,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) | |||
| 142 | BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) | 142 | BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) |
| 143 | { BN_ULONG ret,waste; | 143 | { BN_ULONG ret,waste; |
| 144 | 144 | ||
| 145 | asm ("divq %3" | 145 | asm ("divq %4" |
| 146 | : "=a"(ret),"=d"(waste) | 146 | : "=a"(ret),"=d"(waste) |
| 147 | : "a"(l),"d"(h),"g"(d) | 147 | : "a"(l),"d"(h),"g"(d) |
| 148 | : "cc"); | 148 | : "cc"); |
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h index 5614bc6164..253e195e23 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lcl.h +++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h | |||
| @@ -433,19 +433,18 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a); | |||
| 433 | int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); | 433 | int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); |
| 434 | int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, | 434 | int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, |
| 435 | int cl, int dl); | 435 | int cl, int dl); |
| 436 | #if 0 | 436 | #ifdef BN_RECURSION |
| 437 | /* bn_mul.c rollback <appro> */ | 437 | void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, |
| 438 | void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, | 438 | BN_ULONG *t); |
| 439 | int dna,int dnb,BN_ULONG *t); | 439 | void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, |
| 440 | void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, | 440 | int n, BN_ULONG *t); |
| 441 | int n,int tna,int tnb,BN_ULONG *t); | ||
| 442 | #endif | ||
| 443 | void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); | ||
| 444 | void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); | ||
| 445 | void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, | 441 | void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, |
| 446 | BN_ULONG *t); | 442 | BN_ULONG *t); |
| 447 | void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, | 443 | void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, |
| 448 | BN_ULONG *t); | 444 | BN_ULONG *t); |
| 445 | void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); | ||
| 446 | #endif | ||
| 447 | void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); | ||
| 449 | 448 | ||
| 450 | #ifdef __cplusplus | 449 | #ifdef __cplusplus |
| 451 | } | 450 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c index fa0ff485ad..e1660450bc 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lib.c +++ b/src/lib/libssl/src/crypto/bn/bn_lib.c | |||
| @@ -145,11 +145,11 @@ char *BN_options(void) | |||
| 145 | { | 145 | { |
| 146 | init++; | 146 | init++; |
| 147 | #ifdef BN_LLONG | 147 | #ifdef BN_LLONG |
| 148 | sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8, | 148 | BIO_snprintf(data,sizeof data,"bn(%d,%d)", |
| 149 | (int)sizeof(BN_ULONG)*8); | 149 | (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); |
| 150 | #else | 150 | #else |
| 151 | sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8, | 151 | BIO_snprintf(data,sizeof data,"bn(%d,%d)", |
| 152 | (int)sizeof(BN_ULONG)*8); | 152 | (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); |
| 153 | #endif | 153 | #endif |
| 154 | } | 154 | } |
| 155 | return(data); | 155 | return(data); |
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c index 5f46b1826c..0d942603b1 100644 --- a/src/lib/libssl/src/crypto/bn/bn_print.c +++ b/src/lib/libssl/src/crypto/bn/bn_print.c | |||
| @@ -119,6 +119,7 @@ char *BN_bn2dec(const BIGNUM *a) | |||
| 119 | } | 119 | } |
| 120 | if ((t=BN_dup(a)) == NULL) goto err; | 120 | if ((t=BN_dup(a)) == NULL) goto err; |
| 121 | 121 | ||
| 122 | #define BUF_REMAIN (num+3 - (size_t)(p - buf)) | ||
| 122 | p=buf; | 123 | p=buf; |
| 123 | lp=bn_data; | 124 | lp=bn_data; |
| 124 | if (t->neg) *(p++)='-'; | 125 | if (t->neg) *(p++)='-'; |
| @@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a) | |||
| 139 | /* We now have a series of blocks, BN_DEC_NUM chars | 140 | /* We now have a series of blocks, BN_DEC_NUM chars |
| 140 | * in length, where the last one needs truncation. | 141 | * in length, where the last one needs truncation. |
| 141 | * The blocks need to be reversed in order. */ | 142 | * The blocks need to be reversed in order. */ |
| 142 | sprintf(p,BN_DEC_FMT1,*lp); | 143 | BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); |
| 143 | while (*p) p++; | 144 | while (*p) p++; |
| 144 | while (lp != bn_data) | 145 | while (lp != bn_data) |
| 145 | { | 146 | { |
| 146 | lp--; | 147 | lp--; |
| 147 | sprintf(p,BN_DEC_FMT2,*lp); | 148 | BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); |
| 148 | while (*p) p++; | 149 | while (*p) p++; |
| 149 | } | 150 | } |
| 150 | } | 151 | } |
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c index 57d2739ae0..2e9f52f1fd 100644 --- a/src/lib/libssl/src/crypto/conf/conf_def.c +++ b/src/lib/libssl/src/crypto/conf/conf_def.c | |||
| @@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) | |||
| 235 | CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); | 235 | CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); |
| 236 | goto err; | 236 | goto err; |
| 237 | } | 237 | } |
| 238 | strcpy(section,"default"); | 238 | BUF_strlcpy(section,"default",10); |
| 239 | 239 | ||
| 240 | if (_CONF_new_data(conf) == 0) | 240 | if (_CONF_new_data(conf) == 0) |
| 241 | { | 241 | { |
| @@ -392,7 +392,7 @@ again: | |||
| 392 | ERR_R_MALLOC_FAILURE); | 392 | ERR_R_MALLOC_FAILURE); |
| 393 | goto err; | 393 | goto err; |
| 394 | } | 394 | } |
| 395 | strcpy(v->name,pname); | 395 | BUF_strlcpy(v->name,pname,strlen(pname)+1); |
| 396 | if (!str_copy(conf,psection,&(v->value),start)) goto err; | 396 | if (!str_copy(conf,psection,&(v->value),start)) goto err; |
| 397 | 397 | ||
| 398 | if (strcmp(psection,section) != 0) | 398 | if (strcmp(psection,section) != 0) |
| @@ -447,7 +447,7 @@ err: | |||
| 447 | if (buff != NULL) BUF_MEM_free(buff); | 447 | if (buff != NULL) BUF_MEM_free(buff); |
| 448 | if (section != NULL) OPENSSL_free(section); | 448 | if (section != NULL) OPENSSL_free(section); |
| 449 | if (line != NULL) *line=eline; | 449 | if (line != NULL) *line=eline; |
| 450 | sprintf(btmp,"%ld",eline); | 450 | BIO_snprintf(btmp,sizeof btmp,"%ld",eline); |
| 451 | ERR_add_error_data(2,"line ",btmp); | 451 | ERR_add_error_data(2,"line ",btmp); |
| 452 | if ((h != conf->data) && (conf->data != NULL)) | 452 | if ((h != conf->data) && (conf->data != NULL)) |
| 453 | { | 453 | { |
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c index edcc08921c..d45adea851 100644 --- a/src/lib/libssl/src/crypto/conf/conf_mod.c +++ b/src/lib/libssl/src/crypto/conf/conf_mod.c | |||
| @@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value, | |||
| 232 | { | 232 | { |
| 233 | char rcode[DECIMAL_SIZE(ret)+1]; | 233 | char rcode[DECIMAL_SIZE(ret)+1]; |
| 234 | CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); | 234 | CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); |
| 235 | sprintf(rcode, "%-8d", ret); | 235 | BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); |
| 236 | ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); | 236 | ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); |
| 237 | } | 237 | } |
| 238 | } | 238 | } |
| @@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void) | |||
| 561 | 561 | ||
| 562 | if (!file) | 562 | if (!file) |
| 563 | return NULL; | 563 | return NULL; |
| 564 | strcpy(file,X509_get_default_cert_area()); | 564 | BUF_strlcpy(file,X509_get_default_cert_area(),len + 1); |
| 565 | #ifndef OPENSSL_SYS_VMS | 565 | #ifndef OPENSSL_SYS_VMS |
| 566 | strcat(file,"/"); | 566 | BUF_strlcat(file,"/",len + 1); |
| 567 | #endif | 567 | #endif |
| 568 | strcat(file,OPENSSL_CONF); | 568 | BUF_strlcat(file,OPENSSL_CONF,len + 1); |
| 569 | 569 | ||
| 570 | return file; | 570 | return file; |
| 571 | } | 571 | } |
| @@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void) | |||
| 576 | * be used to parse comma separated lists for example. | 576 | * be used to parse comma separated lists for example. |
| 577 | */ | 577 | */ |
| 578 | 578 | ||
| 579 | int CONF_parse_list(const char *list, int sep, int nospc, | 579 | int CONF_parse_list(const char *list_, int sep, int nospc, |
| 580 | int (*list_cb)(const char *elem, int len, void *usr), void *arg) | 580 | int (*list_cb)(const char *elem, int len, void *usr), void *arg) |
| 581 | { | 581 | { |
| 582 | int ret; | 582 | int ret; |
| 583 | const char *lstart, *tmpend, *p; | 583 | const char *lstart, *tmpend, *p; |
| 584 | lstart = list; | 584 | lstart = list_; |
| 585 | 585 | ||
| 586 | for(;;) | 586 | for(;;) |
| 587 | { | 587 | { |
diff --git a/src/lib/libssl/src/crypto/cversion.c b/src/lib/libssl/src/crypto/cversion.c index 8ecfba7b16..beeeb14013 100644 --- a/src/lib/libssl/src/crypto/cversion.c +++ b/src/lib/libssl/src/crypto/cversion.c | |||
| @@ -61,7 +61,9 @@ | |||
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/crypto.h> | 62 | #include <openssl/crypto.h> |
| 63 | 63 | ||
| 64 | #ifndef NO_WINDOWS_BRAINDEATH | ||
| 64 | #include "buildinf.h" | 65 | #include "buildinf.h" |
| 66 | #endif | ||
| 65 | 67 | ||
| 66 | const char *SSLeay_version(int t) | 68 | const char *SSLeay_version(int t) |
| 67 | { | 69 | { |
| @@ -72,7 +74,7 @@ const char *SSLeay_version(int t) | |||
| 72 | #ifdef DATE | 74 | #ifdef DATE |
| 73 | static char buf[sizeof(DATE)+11]; | 75 | static char buf[sizeof(DATE)+11]; |
| 74 | 76 | ||
| 75 | sprintf(buf,"built on: %s",DATE); | 77 | BIO_snprintf(buf,sizeof buf,"built on: %s",DATE); |
| 76 | return(buf); | 78 | return(buf); |
| 77 | #else | 79 | #else |
| 78 | return("built on: date not available"); | 80 | return("built on: date not available"); |
| @@ -83,7 +85,7 @@ const char *SSLeay_version(int t) | |||
| 83 | #ifdef CFLAGS | 85 | #ifdef CFLAGS |
| 84 | static char buf[sizeof(CFLAGS)+11]; | 86 | static char buf[sizeof(CFLAGS)+11]; |
| 85 | 87 | ||
| 86 | sprintf(buf,"compiler: %s",CFLAGS); | 88 | BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS); |
| 87 | return(buf); | 89 | return(buf); |
| 88 | #else | 90 | #else |
| 89 | return("compiler: information not available"); | 91 | return("compiler: information not available"); |
| @@ -94,7 +96,7 @@ const char *SSLeay_version(int t) | |||
| 94 | #ifdef PLATFORM | 96 | #ifdef PLATFORM |
| 95 | static char buf[sizeof(PLATFORM)+11]; | 97 | static char buf[sizeof(PLATFORM)+11]; |
| 96 | 98 | ||
| 97 | sprintf(buf,"platform: %s", PLATFORM); | 99 | BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM); |
| 98 | return(buf); | 100 | return(buf); |
| 99 | #else | 101 | #else |
| 100 | return("platform: information not available"); | 102 | return("platform: information not available"); |
diff --git a/src/lib/libssl/src/crypto/des/cfb_enc.c b/src/lib/libssl/src/crypto/des/cfb_enc.c index 2600bdfc93..03cabb223c 100644 --- a/src/lib/libssl/src/crypto/des/cfb_enc.c +++ b/src/lib/libssl/src/crypto/des/cfb_enc.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "e_os.h" | ||
| 59 | #include "des_locl.h" | 60 | #include "des_locl.h" |
| 60 | 61 | ||
| 61 | /* The input and output are loaded in multiples of 8 bits. | 62 | /* The input and output are loaded in multiples of 8 bits. |
| @@ -64,17 +65,15 @@ | |||
| 64 | * the second. The second 12 bits will come from the 3rd and half the 4th | 65 | * the second. The second 12 bits will come from the 3rd and half the 4th |
| 65 | * byte. | 66 | * byte. |
| 66 | */ | 67 | */ |
| 67 | /* WARNING WARNING: this uses in and out in 8-byte chunks regardless of | ||
| 68 | * length */ | ||
| 69 | /* Until Aug 1 2003 this function did not correctly implement CFB-r, so it | 68 | /* Until Aug 1 2003 this function did not correctly implement CFB-r, so it |
| 70 | * will not be compatible with any encryption prior to that date. Ben. */ | 69 | * will not be compatible with any encryption prior to that date. Ben. */ |
| 71 | void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, | 70 | void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, |
| 72 | long length, DES_key_schedule *schedule, DES_cblock *ivec, | 71 | long length, DES_key_schedule *schedule, DES_cblock *ivec, |
| 73 | int enc) | 72 | int enc) |
| 74 | { | 73 | { |
| 75 | register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; | 74 | register DES_LONG d0,d1,v0,v1; |
| 76 | register unsigned long l=length; | 75 | register unsigned long l=length,n=(numbits+7)/8; |
| 77 | register int num=numbits; | 76 | register int num=numbits,i; |
| 78 | DES_LONG ti[2]; | 77 | DES_LONG ti[2]; |
| 79 | unsigned char *iv; | 78 | unsigned char *iv; |
| 80 | unsigned char ovec[16]; | 79 | unsigned char ovec[16]; |
| @@ -114,10 +113,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, | |||
| 114 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); | 113 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); |
| 115 | /* now the remaining bits */ | 114 | /* now the remaining bits */ |
| 116 | if(num%8 != 0) | 115 | if(num%8 != 0) |
| 117 | for(n=0 ; n < 8 ; ++n) | 116 | for(i=0 ; i < 8 ; ++i) |
| 118 | { | 117 | { |
| 119 | ovec[n]<<=num%8; | 118 | ovec[i]<<=num%8; |
| 120 | ovec[n]|=ovec[n+1]>>(8-num%8); | 119 | ovec[i]|=ovec[i+1]>>(8-num%8); |
| 121 | } | 120 | } |
| 122 | iv=&ovec[0]; | 121 | iv=&ovec[0]; |
| 123 | c2l(iv,v0); | 122 | c2l(iv,v0); |
| @@ -152,10 +151,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, | |||
| 152 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); | 151 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); |
| 153 | /* now the remaining bits */ | 152 | /* now the remaining bits */ |
| 154 | if(num%8 != 0) | 153 | if(num%8 != 0) |
| 155 | for(n=0 ; n < 8 ; ++n) | 154 | for(i=0 ; i < 8 ; ++i) |
| 156 | { | 155 | { |
| 157 | ovec[n]<<=num%8; | 156 | ovec[i]<<=num%8; |
| 158 | ovec[n]|=ovec[n+1]>>(8-num%8); | 157 | ovec[i]|=ovec[i+1]>>(8-num%8); |
| 159 | } | 158 | } |
| 160 | iv=&ovec[0]; | 159 | iv=&ovec[0]; |
| 161 | c2l(iv,v0); | 160 | c2l(iv,v0); |
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c index 1b70f68806..784aa5ba23 100644 --- a/src/lib/libssl/src/crypto/des/ecb_enc.c +++ b/src/lib/libssl/src/crypto/des/ecb_enc.c | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #include "des_ver.h" | 60 | #include "des_ver.h" |
| 61 | #include "spr.h" | 61 | #include "spr.h" |
| 62 | #include <openssl/opensslv.h> | 62 | #include <openssl/opensslv.h> |
| 63 | #include <openssl/bio.h> | ||
| 63 | 64 | ||
| 64 | OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; | 65 | OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; |
| 65 | OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; | 66 | OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; |
| @@ -97,7 +98,8 @@ const char *DES_options(void) | |||
| 97 | size="int"; | 98 | size="int"; |
| 98 | else | 99 | else |
| 99 | size="long"; | 100 | size="long"; |
| 100 | sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); | 101 | BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, |
| 102 | size); | ||
| 101 | init=0; | 103 | init=0; |
| 102 | } | 104 | } |
| 103 | return(buf); | 105 | return(buf); |
diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c index 556069b9b8..48d9fdb25e 100644 --- a/src/lib/libssl/src/crypto/dso/dso_lib.c +++ b/src/lib/libssl/src/crypto/dso/dso_lib.c | |||
| @@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename) | |||
| 383 | DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); | 383 | DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); |
| 384 | return(0); | 384 | return(0); |
| 385 | } | 385 | } |
| 386 | strcpy(copied, filename); | 386 | BUF_strlcpy(copied, filename, strlen(filename) + 1); |
| 387 | if(dso->filename) | 387 | if(dso->filename) |
| 388 | OPENSSL_free(dso->filename); | 388 | OPENSSL_free(dso->filename); |
| 389 | dso->filename = copied; | 389 | dso->filename = copied; |
| @@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename) | |||
| 422 | ERR_R_MALLOC_FAILURE); | 422 | ERR_R_MALLOC_FAILURE); |
| 423 | return(NULL); | 423 | return(NULL); |
| 424 | } | 424 | } |
| 425 | strcpy(result, filename); | 425 | BUF_strlcpy(result, filename, strlen(filename) + 1); |
| 426 | } | 426 | } |
| 427 | return(result); | 427 | return(result); |
| 428 | } | 428 | } |
diff --git a/src/lib/libssl/src/crypto/ec/ecp_smpl.c b/src/lib/libssl/src/crypto/ec/ecp_smpl.c index 4666a052bf..e9a51fb87a 100644 --- a/src/lib/libssl/src/crypto/ec/ecp_smpl.c +++ b/src/lib/libssl/src/crypto/ec/ecp_smpl.c | |||
| @@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, | |||
| 896 | } | 896 | } |
| 897 | form = buf[0]; | 897 | form = buf[0]; |
| 898 | y_bit = form & 1; | 898 | y_bit = form & 1; |
| 899 | form = form & ~1; | 899 | form = form & ~1U; |
| 900 | if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) | 900 | if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) |
| 901 | && (form != POINT_CONVERSION_UNCOMPRESSED) | 901 | && (form != POINT_CONVERSION_UNCOMPRESSED) |
| 902 | && (form != POINT_CONVERSION_HYBRID)) | 902 | && (form != POINT_CONVERSION_HYBRID)) |
diff --git a/src/lib/libssl/src/crypto/engine/eng_ctrl.c b/src/lib/libssl/src/crypto/engine/eng_ctrl.c index ad3858395b..412c73fb0f 100644 --- a/src/lib/libssl/src/crypto/engine/eng_ctrl.c +++ b/src/lib/libssl/src/crypto/engine/eng_ctrl.c | |||
| @@ -160,15 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) | |||
| 160 | case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: | 160 | case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: |
| 161 | return strlen(e->cmd_defns[idx].cmd_name); | 161 | return strlen(e->cmd_defns[idx].cmd_name); |
| 162 | case ENGINE_CTRL_GET_NAME_FROM_CMD: | 162 | case ENGINE_CTRL_GET_NAME_FROM_CMD: |
| 163 | return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); | 163 | return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1, |
| 164 | "%s", e->cmd_defns[idx].cmd_name); | ||
| 164 | case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: | 165 | case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: |
| 165 | if(e->cmd_defns[idx].cmd_desc) | 166 | if(e->cmd_defns[idx].cmd_desc) |
| 166 | return strlen(e->cmd_defns[idx].cmd_desc); | 167 | return strlen(e->cmd_defns[idx].cmd_desc); |
| 167 | return strlen(int_no_description); | 168 | return strlen(int_no_description); |
| 168 | case ENGINE_CTRL_GET_DESC_FROM_CMD: | 169 | case ENGINE_CTRL_GET_DESC_FROM_CMD: |
| 169 | if(e->cmd_defns[idx].cmd_desc) | 170 | if(e->cmd_defns[idx].cmd_desc) |
| 170 | return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); | 171 | return BIO_snprintf(s, |
| 171 | return sprintf(s, "%s", int_no_description); | 172 | strlen(e->cmd_defns[idx].cmd_desc) + 1, |
| 173 | "%s", e->cmd_defns[idx].cmd_desc); | ||
| 174 | return BIO_snprintf(s, strlen(int_no_description) + 1,"%s", | ||
| 175 | int_no_description); | ||
| 172 | case ENGINE_CTRL_GET_CMD_FLAGS: | 176 | case ENGINE_CTRL_GET_CMD_FLAGS: |
| 173 | return e->cmd_defns[idx].cmd_flags; | 177 | return e->cmd_defns[idx].cmd_flags; |
| 174 | } | 178 | } |
diff --git a/src/lib/libssl/src/crypto/engine/eng_fat.c b/src/lib/libssl/src/crypto/engine/eng_fat.c index 0d7dae00b2..7ccf7022ee 100644 --- a/src/lib/libssl/src/crypto/engine/eng_fat.c +++ b/src/lib/libssl/src/crypto/engine/eng_fat.c | |||
| @@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg) | |||
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | 109 | ||
| 110 | int ENGINE_set_default_string(ENGINE *e, const char *list) | 110 | int ENGINE_set_default_string(ENGINE *e, const char *def_list) |
| 111 | { | 111 | { |
| 112 | unsigned int flags = 0; | 112 | unsigned int flags = 0; |
| 113 | if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags)) | 113 | if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) |
| 114 | { | 114 | { |
| 115 | ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, | 115 | ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, |
| 116 | ENGINE_R_INVALID_STRING); | 116 | ENGINE_R_INVALID_STRING); |
| 117 | ERR_add_error_data(2, "str=",list); | 117 | ERR_add_error_data(2, "str=",def_list); |
| 118 | return 0; | 118 | return 0; |
| 119 | } | 119 | } |
| 120 | return ENGINE_set_default(e, flags); | 120 | return ENGINE_set_default(e, flags); |
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h index 9c3ab182d3..900f75ce8d 100644 --- a/src/lib/libssl/src/crypto/engine/engine.h +++ b/src/lib/libssl/src/crypto/engine/engine.h | |||
| @@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid); | |||
| 513 | * structure will have had its reference count up'd so the caller | 513 | * structure will have had its reference count up'd so the caller |
| 514 | * should still free their own reference 'e'. */ | 514 | * should still free their own reference 'e'. */ |
| 515 | int ENGINE_set_default_RSA(ENGINE *e); | 515 | int ENGINE_set_default_RSA(ENGINE *e); |
| 516 | int ENGINE_set_default_string(ENGINE *e, const char *list); | 516 | int ENGINE_set_default_string(ENGINE *e, const char *def_list); |
| 517 | /* Same for the other "methods" */ | 517 | /* Same for the other "methods" */ |
| 518 | int ENGINE_set_default_DSA(ENGINE *e); | 518 | int ENGINE_set_default_DSA(ENGINE *e); |
| 519 | int ENGINE_set_default_DH(ENGINE *e); | 519 | int ENGINE_set_default_DH(ENGINE *e); |
| @@ -616,17 +616,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, | |||
| 616 | const dynamic_fns *fns); | 616 | const dynamic_fns *fns); |
| 617 | #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ | 617 | #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ |
| 618 | int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ | 618 | int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ |
| 619 | if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ | 619 | if (ERR_get_implementation() != fns->err_fns) \ |
| 620 | fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ | 620 | { \ |
| 621 | return 0; \ | 621 | if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ |
| 622 | CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ | 622 | fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ |
| 623 | CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ | 623 | return 0; \ |
| 624 | CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ | 624 | CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ |
| 625 | CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ | 625 | CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ |
| 626 | CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ | 626 | CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ |
| 627 | if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ | 627 | CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ |
| 628 | return 0; \ | 628 | CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ |
| 629 | if(!ERR_set_implementation(fns->err_fns)) return 0; \ | 629 | if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ |
| 630 | return 0; \ | ||
| 631 | if(!ERR_set_implementation(fns->err_fns)) return 0; \ | ||
| 632 | } \ | ||
| 630 | if(!fn(e,id)) return 0; \ | 633 | if(!fn(e,id)) return 0; \ |
| 631 | return 1; } | 634 | return 1; } |
| 632 | 635 | ||
diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c index 40af97ac24..467c0daa1b 100644 --- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c +++ b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c | |||
| @@ -12,9 +12,6 @@ | |||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. Neither the name of the author nor the names of contributors | ||
| 16 | * may be used to endorse or promote products derived from this software | ||
| 17 | * without specific prior written permission. | ||
| 18 | * | 15 | * |
| 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY | 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY |
| 20 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
| @@ -874,7 +871,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||
| 874 | goto err; | 871 | goto err; |
| 875 | } | 872 | } |
| 876 | 873 | ||
| 877 | printf("bar\n"); | ||
| 878 | memset(&kop, 0, sizeof kop); | 874 | memset(&kop, 0, sizeof kop); |
| 879 | kop.crk_op = CRK_DSA_SIGN; | 875 | kop.crk_op = CRK_DSA_SIGN; |
| 880 | 876 | ||
| @@ -1054,14 +1050,17 @@ ENGINE_load_cryptodev(void) | |||
| 1054 | 1050 | ||
| 1055 | if (engine == NULL) | 1051 | if (engine == NULL) |
| 1056 | return; | 1052 | return; |
| 1057 | if ((fd = get_dev_crypto()) < 0) | 1053 | if ((fd = get_dev_crypto()) < 0) { |
| 1054 | ENGINE_free(engine); | ||
| 1058 | return; | 1055 | return; |
| 1056 | } | ||
| 1059 | 1057 | ||
| 1060 | /* | 1058 | /* |
| 1061 | * find out what asymmetric crypto algorithms we support | 1059 | * find out what asymmetric crypto algorithms we support |
| 1062 | */ | 1060 | */ |
| 1063 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { | 1061 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { |
| 1064 | close(fd); | 1062 | close(fd); |
| 1063 | ENGINE_free(engine); | ||
| 1065 | return; | 1064 | return; |
| 1066 | } | 1065 | } |
| 1067 | close(fd); | 1066 | close(fd); |
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c index 633a1addfe..792f329600 100644 --- a/src/lib/libssl/src/crypto/err/err.c +++ b/src/lib/libssl/src/crypto/err/err.c | |||
| @@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...) | |||
| 1065 | else | 1065 | else |
| 1066 | str=p; | 1066 | str=p; |
| 1067 | } | 1067 | } |
| 1068 | strcat(str,a); | 1068 | BUF_strlcat(str,a,s+1); |
| 1069 | } | 1069 | } |
| 1070 | } | 1070 | } |
| 1071 | ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); | 1071 | ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); |
diff --git a/src/lib/libssl/src/crypto/evp/bio_ok.c b/src/lib/libssl/src/crypto/evp/bio_ok.c index 530ab937ce..4e3f10141b 100644 --- a/src/lib/libssl/src/crypto/evp/bio_ok.c +++ b/src/lib/libssl/src/crypto/evp/bio_ok.c | |||
| @@ -102,7 +102,7 @@ | |||
| 102 | 102 | ||
| 103 | *) digest is initialized with random seed instead of | 103 | *) digest is initialized with random seed instead of |
| 104 | standardized one. | 104 | standardized one. |
| 105 | *) same seed is written to ouput | 105 | *) same seed is written to output |
| 106 | *) well-known text is then hashed and the output | 106 | *) well-known text is then hashed and the output |
| 107 | of the digest is also written to output. | 107 | of the digest is also written to output. |
| 108 | 108 | ||
diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c index b22eed4421..0623ddf1f0 100644 --- a/src/lib/libssl/src/crypto/evp/digest.c +++ b/src/lib/libssl/src/crypto/evp/digest.c | |||
| @@ -248,6 +248,7 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 248 | 248 | ||
| 249 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | 249 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) |
| 250 | { | 250 | { |
| 251 | unsigned char *tmp_buf; | ||
| 251 | if ((in == NULL) || (in->digest == NULL)) | 252 | if ((in == NULL) || (in->digest == NULL)) |
| 252 | { | 253 | { |
| 253 | EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); | 254 | EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); |
| @@ -262,15 +263,22 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 262 | } | 263 | } |
| 263 | #endif | 264 | #endif |
| 264 | 265 | ||
| 266 | if (out->digest == in->digest) | ||
| 267 | { | ||
| 268 | tmp_buf = out->md_data; | ||
| 269 | EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); | ||
| 270 | } | ||
| 271 | else tmp_buf = NULL; | ||
| 265 | EVP_MD_CTX_cleanup(out); | 272 | EVP_MD_CTX_cleanup(out); |
| 266 | memcpy(out,in,sizeof *out); | 273 | memcpy(out,in,sizeof *out); |
| 267 | 274 | ||
| 268 | if (out->digest->ctx_size) | 275 | if (out->digest->ctx_size) |
| 269 | { | 276 | { |
| 270 | out->md_data=OPENSSL_malloc(out->digest->ctx_size); | 277 | if (tmp_buf) out->md_data = tmp_buf; |
| 278 | else out->md_data=OPENSSL_malloc(out->digest->ctx_size); | ||
| 271 | memcpy(out->md_data,in->md_data,out->digest->ctx_size); | 279 | memcpy(out->md_data,in->md_data,out->digest->ctx_size); |
| 272 | } | 280 | } |
| 273 | 281 | ||
| 274 | if (out->digest->copy) | 282 | if (out->digest->copy) |
| 275 | return out->digest->copy(out,in); | 283 | return out->digest->copy(out,in); |
| 276 | 284 | ||
| @@ -308,7 +316,8 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |||
| 308 | if (ctx->digest && ctx->digest->cleanup | 316 | if (ctx->digest && ctx->digest->cleanup |
| 309 | && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) | 317 | && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) |
| 310 | ctx->digest->cleanup(ctx); | 318 | ctx->digest->cleanup(ctx); |
| 311 | if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) | 319 | if (ctx->digest && ctx->digest->ctx_size && ctx->md_data |
| 320 | && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) | ||
| 312 | { | 321 | { |
| 313 | OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); | 322 | OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); |
| 314 | OPENSSL_free(ctx->md_data); | 323 | OPENSSL_free(ctx->md_data); |
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h index 45a25f968d..4801d8eaa3 100644 --- a/src/lib/libssl/src/crypto/evp/evp.h +++ b/src/lib/libssl/src/crypto/evp/evp.h | |||
| @@ -329,6 +329,8 @@ struct env_md_ctx_st | |||
| 329 | * once only */ | 329 | * once only */ |
| 330 | #define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been | 330 | #define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been |
| 331 | * cleaned */ | 331 | * cleaned */ |
| 332 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data | ||
| 333 | * in EVP_MD_CTX_cleanup */ | ||
| 332 | 334 | ||
| 333 | struct evp_cipher_st | 335 | struct evp_cipher_st |
| 334 | { | 336 | { |
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c index be0758a879..8ea5aa935d 100644 --- a/src/lib/libssl/src/crypto/evp/evp_enc.c +++ b/src/lib/libssl/src/crypto/evp/evp_enc.c | |||
| @@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 148 | #endif | 148 | #endif |
| 149 | 149 | ||
| 150 | ctx->cipher=cipher; | 150 | ctx->cipher=cipher; |
| 151 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); | 151 | if (ctx->cipher->ctx_size) |
| 152 | { | ||
| 153 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); | ||
| 154 | if (!ctx->cipher_data) | ||
| 155 | { | ||
| 156 | EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); | ||
| 157 | return 0; | ||
| 158 | } | ||
| 159 | } | ||
| 160 | else | ||
| 161 | { | ||
| 162 | ctx->cipher_data = NULL; | ||
| 163 | } | ||
| 152 | ctx->key_len = cipher->key_len; | 164 | ctx->key_len = cipher->key_len; |
| 153 | ctx->flags = 0; | 165 | ctx->flags = 0; |
| 154 | if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) | 166 | if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) |
diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c index 0da88fdcff..91e545a141 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pbe.c +++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c | |||
| @@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | |||
| 87 | if (i == -1) { | 87 | if (i == -1) { |
| 88 | char obj_tmp[80]; | 88 | char obj_tmp[80]; |
| 89 | EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); | 89 | EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); |
| 90 | if (!pbe_obj) strcpy (obj_tmp, "NULL"); | 90 | if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); |
| 91 | else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); | 91 | else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); |
| 92 | ERR_add_error_data(2, "TYPE=", obj_tmp); | 92 | ERR_add_error_data(2, "TYPE=", obj_tmp); |
| 93 | return 0; | 93 | return 0; |
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c index 34b5b1d21c..eb481ec661 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pkey.c +++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c | |||
| @@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
| 210 | #endif | 210 | #endif |
| 211 | default: | 211 | default: |
| 212 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); | 212 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); |
| 213 | if (!a->algorithm) strcpy (obj_tmp, "NULL"); | 213 | if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); |
| 214 | else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); | 214 | else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); |
| 215 | ERR_add_error_data(2, "TYPE=", obj_tmp); | 215 | ERR_add_error_data(2, "TYPE=", obj_tmp); |
| 216 | EVP_PKEY_free (pkey); | 216 | EVP_PKEY_free (pkey); |
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c index 29df7d35b2..dd86733b77 100644 --- a/src/lib/libssl/src/crypto/mem.c +++ b/src/lib/libssl/src/crypto/mem.c | |||
| @@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) | |||
| 252 | void *ret = NULL; | 252 | void *ret = NULL; |
| 253 | extern unsigned char cleanse_ctr; | 253 | extern unsigned char cleanse_ctr; |
| 254 | 254 | ||
| 255 | if (num < 0) return NULL; | 255 | if (num <= 0) return NULL; |
| 256 | 256 | ||
| 257 | allow_customize = 0; | 257 | allow_customize = 0; |
| 258 | if (malloc_debug_func != NULL) | 258 | if (malloc_debug_func != NULL) |
| @@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line) | |||
| 293 | void *ret = NULL; | 293 | void *ret = NULL; |
| 294 | extern unsigned char cleanse_ctr; | 294 | extern unsigned char cleanse_ctr; |
| 295 | 295 | ||
| 296 | if (num < 0) return NULL; | 296 | if (num <= 0) return NULL; |
| 297 | 297 | ||
| 298 | allow_customize = 0; | 298 | allow_customize = 0; |
| 299 | if (malloc_debug_func != NULL) | 299 | if (malloc_debug_func != NULL) |
| @@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) | |||
| 324 | if (str == NULL) | 324 | if (str == NULL) |
| 325 | return CRYPTO_malloc(num, file, line); | 325 | return CRYPTO_malloc(num, file, line); |
| 326 | 326 | ||
| 327 | if (num < 0) return NULL; | 327 | if (num <= 0) return NULL; |
| 328 | 328 | ||
| 329 | if (realloc_debug_func != NULL) | 329 | if (realloc_debug_func != NULL) |
| 330 | realloc_debug_func(str, NULL, num, file, line, 0); | 330 | realloc_debug_func(str, NULL, num, file, line, 0); |
| @@ -346,17 +346,21 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, | |||
| 346 | if (str == NULL) | 346 | if (str == NULL) |
| 347 | return CRYPTO_malloc(num, file, line); | 347 | return CRYPTO_malloc(num, file, line); |
| 348 | 348 | ||
| 349 | if (num < 0) return NULL; | 349 | if (num <= 0) return NULL; |
| 350 | 350 | ||
| 351 | if (realloc_debug_func != NULL) | 351 | if (realloc_debug_func != NULL) |
| 352 | realloc_debug_func(str, NULL, num, file, line, 0); | 352 | realloc_debug_func(str, NULL, num, file, line, 0); |
| 353 | ret=malloc_ex_func(num,file,line); | 353 | ret=malloc_ex_func(num,file,line); |
| 354 | if(ret) | 354 | if(ret) |
| 355 | { | ||
| 355 | memcpy(ret,str,old_len); | 356 | memcpy(ret,str,old_len); |
| 356 | OPENSSL_cleanse(str,old_len); | 357 | OPENSSL_cleanse(str,old_len); |
| 357 | free_func(str); | 358 | free_func(str); |
| 359 | } | ||
| 358 | #ifdef LEVITTE_DEBUG_MEM | 360 | #ifdef LEVITTE_DEBUG_MEM |
| 359 | fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); | 361 | fprintf(stderr, |
| 362 | "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", | ||
| 363 | str, ret, num); | ||
| 360 | #endif | 364 | #endif |
| 361 | if (realloc_debug_func != NULL) | 365 | if (realloc_debug_func != NULL) |
| 362 | realloc_debug_func(str, ret, num, file, line, 1); | 366 | realloc_debug_func(str, ret, num, file, line, 1); |
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c index 57bd08f65d..e212de27e4 100644 --- a/src/lib/libssl/src/crypto/mem_dbg.c +++ b/src/lib/libssl/src/crypto/mem_dbg.c | |||
| @@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) | |||
| 597 | struct tm *lcl = NULL; | 597 | struct tm *lcl = NULL; |
| 598 | unsigned long ti; | 598 | unsigned long ti; |
| 599 | 599 | ||
| 600 | #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) | ||
| 601 | |||
| 600 | if(m->addr == (char *)l->bio) | 602 | if(m->addr == (char *)l->bio) |
| 601 | return; | 603 | return; |
| 602 | 604 | ||
| @@ -604,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l) | |||
| 604 | { | 606 | { |
| 605 | lcl = localtime(&m->time); | 607 | lcl = localtime(&m->time); |
| 606 | 608 | ||
| 607 | sprintf(bufp, "[%02d:%02d:%02d] ", | 609 | BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", |
| 608 | lcl->tm_hour,lcl->tm_min,lcl->tm_sec); | 610 | lcl->tm_hour,lcl->tm_min,lcl->tm_sec); |
| 609 | bufp += strlen(bufp); | 611 | bufp += strlen(bufp); |
| 610 | } | 612 | } |
| 611 | 613 | ||
| 612 | sprintf(bufp, "%5lu file=%s, line=%d, ", | 614 | BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", |
| 613 | m->order,m->file,m->line); | 615 | m->order,m->file,m->line); |
| 614 | bufp += strlen(bufp); | 616 | bufp += strlen(bufp); |
| 615 | 617 | ||
| 616 | if (options & V_CRYPTO_MDEBUG_THREAD) | 618 | if (options & V_CRYPTO_MDEBUG_THREAD) |
| 617 | { | 619 | { |
| 618 | sprintf(bufp, "thread=%lu, ", m->thread); | 620 | BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); |
| 619 | bufp += strlen(bufp); | 621 | bufp += strlen(bufp); |
| 620 | } | 622 | } |
| 621 | 623 | ||
| 622 | sprintf(bufp, "number=%d, address=%08lX\n", | 624 | BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", |
| 623 | m->num,(unsigned long)m->addr); | 625 | m->num,(unsigned long)m->addr); |
| 624 | bufp += strlen(bufp); | 626 | bufp += strlen(bufp); |
| 625 | 627 | ||
| @@ -641,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) | |||
| 641 | 643 | ||
| 642 | ami_cnt++; | 644 | ami_cnt++; |
| 643 | memset(buf,'>',ami_cnt); | 645 | memset(buf,'>',ami_cnt); |
| 644 | sprintf(buf + ami_cnt, | 646 | BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, |
| 645 | " thread=%lu, file=%s, line=%d, info=\"", | 647 | " thread=%lu, file=%s, line=%d, info=\"", |
| 646 | amip->thread, amip->file, amip->line); | 648 | amip->thread, amip->file, amip->line); |
| 647 | buf_len=strlen(buf); | 649 | buf_len=strlen(buf); |
| @@ -653,10 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l) | |||
| 653 | } | 655 | } |
| 654 | else | 656 | else |
| 655 | { | 657 | { |
| 656 | strcpy(buf + buf_len, amip->info); | 658 | BUF_strlcpy(buf + buf_len, amip->info, |
| 659 | sizeof buf - buf_len); | ||
| 657 | buf_len = strlen(buf); | 660 | buf_len = strlen(buf); |
| 658 | } | 661 | } |
| 659 | sprintf(buf + buf_len, "\"\n"); | 662 | BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); |
| 660 | 663 | ||
| 661 | BIO_puts(l->bio,buf); | 664 | BIO_puts(l->bio,buf); |
| 662 | 665 | ||
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c index 5d983e3ed4..4534dc0985 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.c +++ b/src/lib/libssl/src/crypto/objects/obj_dat.c | |||
| @@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) | |||
| 462 | if (i > 2) i=2; | 462 | if (i > 2) i=2; |
| 463 | l-=(long)(i*40); | 463 | l-=(long)(i*40); |
| 464 | 464 | ||
| 465 | sprintf(tbuf,"%d.%lu",i,l); | 465 | BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); |
| 466 | i=strlen(tbuf); | 466 | i=strlen(tbuf); |
| 467 | BUF_strlcpy(buf,tbuf,buf_len); | 467 | BUF_strlcpy(buf,tbuf,buf_len); |
| 468 | buf_len-=i; | 468 | buf_len-=i; |
| @@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) | |||
| 473 | for (; idx<len; idx++) { | 473 | for (; idx<len; idx++) { |
| 474 | l|=p[idx]&0x7f; | 474 | l|=p[idx]&0x7f; |
| 475 | if (!(p[idx] & 0x80)) { | 475 | if (!(p[idx] & 0x80)) { |
| 476 | sprintf(tbuf,".%lu",l); | 476 | BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); |
| 477 | i=strlen(tbuf); | 477 | i=strlen(tbuf); |
| 478 | if (buf_len > 0) | 478 | if (buf_len > 0) |
| 479 | BUF_strlcpy(buf,tbuf,buf_len); | 479 | BUF_strlcpy(buf,tbuf,buf_len); |
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.pl b/src/lib/libssl/src/crypto/objects/obj_dat.pl index 5dfb84ea00..d0371661f9 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.pl +++ b/src/lib/libssl/src/crypto/objects/obj_dat.pl | |||
| @@ -1,5 +1,9 @@ | |||
| 1 | #!/usr/local/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # fixes bug in floating point emulation on sparc64 when | ||
| 4 | # this script produces off-by-one output on sparc64 | ||
| 5 | use integer; | ||
| 6 | |||
| 3 | sub obj_cmp | 7 | sub obj_cmp |
| 4 | { | 8 | { |
| 5 | local(@a,@b,$_,$r); | 9 | local(@a,@b,$_,$r); |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c index d6c8899f58..57399433fc 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c | |||
| @@ -305,6 +305,8 @@ err: | |||
| 305 | 305 | ||
| 306 | /* Add a nonce to an extension stack. A nonce can be specificed or if NULL | 306 | /* Add a nonce to an extension stack. A nonce can be specificed or if NULL |
| 307 | * a random nonce will be generated. | 307 | * a random nonce will be generated. |
| 308 | * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the | ||
| 309 | * nonce, previous versions used the raw nonce. | ||
| 308 | */ | 310 | */ |
| 309 | 311 | ||
| 310 | static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) | 312 | static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) |
| @@ -313,20 +315,28 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, | |||
| 313 | ASN1_OCTET_STRING os; | 315 | ASN1_OCTET_STRING os; |
| 314 | int ret = 0; | 316 | int ret = 0; |
| 315 | if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; | 317 | if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; |
| 316 | if (val) tmpval = val; | 318 | /* Create the OCTET STRING manually by writing out the header and |
| 319 | * appending the content octets. This avoids an extra memory allocation | ||
| 320 | * operation in some cases. Applications should *NOT* do this because | ||
| 321 | * it relies on library internals. | ||
| 322 | */ | ||
| 323 | os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); | ||
| 324 | os.data = OPENSSL_malloc(os.length); | ||
| 325 | if (os.data == NULL) | ||
| 326 | goto err; | ||
| 327 | tmpval = os.data; | ||
| 328 | ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); | ||
| 329 | if (val) | ||
| 330 | memcpy(tmpval, val, len); | ||
| 317 | else | 331 | else |
| 318 | { | ||
| 319 | if (!(tmpval = OPENSSL_malloc(len))) goto err; | ||
| 320 | RAND_pseudo_bytes(tmpval, len); | 332 | RAND_pseudo_bytes(tmpval, len); |
| 321 | } | ||
| 322 | os.data = tmpval; | ||
| 323 | os.length = len; | ||
| 324 | if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, | 333 | if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, |
| 325 | &os, 0, X509V3_ADD_REPLACE)) | 334 | &os, 0, X509V3_ADD_REPLACE)) |
| 326 | goto err; | 335 | goto err; |
| 327 | ret = 1; | 336 | ret = 1; |
| 328 | err: | 337 | err: |
| 329 | if(!val) OPENSSL_free(tmpval); | 338 | if (os.data) |
| 339 | OPENSSL_free(os.data); | ||
| 330 | return ret; | 340 | return ret; |
| 331 | } | 341 | } |
| 332 | 342 | ||
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c index 3875af165c..9e87fc7895 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c | |||
| @@ -253,6 +253,7 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss | |||
| 253 | 253 | ||
| 254 | 254 | ||
| 255 | err: | 255 | err: |
| 256 | if (buf) OPENSSL_free(buf); | ||
| 256 | if (*ppath) OPENSSL_free(*ppath); | 257 | if (*ppath) OPENSSL_free(*ppath); |
| 257 | if (*pport) OPENSSL_free(*pport); | 258 | if (*pport) OPENSSL_free(*pport); |
| 258 | if (*phost) OPENSSL_free(*phost); | 259 | if (*phost) OPENSSL_free(*phost); |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c index 1f5fda7ca3..3d58dfb06c 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -272,7 +272,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) | |||
| 272 | 272 | ||
| 273 | for (i = 1; i < idcount; i++) | 273 | for (i = 1; i < idcount; i++) |
| 274 | { | 274 | { |
| 275 | tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; | 275 | tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; |
| 276 | /* Check to see if IDs match */ | 276 | /* Check to see if IDs match */ |
| 277 | if (OCSP_id_issuer_cmp(cid, tmpid)) | 277 | if (OCSP_id_issuer_cmp(cid, tmpid)) |
| 278 | { | 278 | { |
| @@ -330,7 +330,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, | |||
| 330 | OCSP_CERTID *tmpid; | 330 | OCSP_CERTID *tmpid; |
| 331 | for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) | 331 | for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) |
| 332 | { | 332 | { |
| 333 | tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; | 333 | tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; |
| 334 | ret = ocsp_match_issuerid(cert, tmpid, NULL); | 334 | ret = ocsp_match_issuerid(cert, tmpid, NULL); |
| 335 | if (ret <= 0) return ret; | 335 | if (ret <= 0) return ret; |
| 336 | } | 336 | } |
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h index e226d9de79..02f1710fb3 100644 --- a/src/lib/libssl/src/crypto/opensslv.h +++ b/src/lib/libssl/src/crypto/opensslv.h | |||
| @@ -25,8 +25,8 @@ | |||
| 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | * major minor fix final patch/beta) | 26 | * major minor fix final patch/beta) |
| 27 | */ | 27 | */ |
| 28 | #define OPENSSL_VERSION_NUMBER 0x0090703fL | 28 | #define OPENSSL_VERSION_NUMBER 0x0090704fL |
| 29 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003" | 29 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d 17 Mar 2004" |
| 30 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 30 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 31 | 31 | ||
| 32 | 32 | ||
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c index 70b5446797..7785039b99 100644 --- a/src/lib/libssl/src/crypto/pem/pem_lib.c +++ b/src/lib/libssl/src/crypto/pem/pem_lib.c | |||
| @@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type) | |||
| 131 | else | 131 | else |
| 132 | str="BAD-TYPE"; | 132 | str="BAD-TYPE"; |
| 133 | 133 | ||
| 134 | strcat(buf,"Proc-Type: 4,"); | 134 | BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); |
| 135 | strcat(buf,str); | 135 | BUF_strlcat(buf,str,PEM_BUFSIZE); |
| 136 | strcat(buf,"\n"); | 136 | BUF_strlcat(buf,"\n",PEM_BUFSIZE); |
| 137 | } | 137 | } |
| 138 | 138 | ||
| 139 | void PEM_dek_info(char *buf, const char *type, int len, char *str) | 139 | void PEM_dek_info(char *buf, const char *type, int len, char *str) |
| @@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) | |||
| 142 | long i; | 142 | long i; |
| 143 | int j; | 143 | int j; |
| 144 | 144 | ||
| 145 | strcat(buf,"DEK-Info: "); | 145 | BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); |
| 146 | strcat(buf,type); | 146 | BUF_strlcat(buf,type,PEM_BUFSIZE); |
| 147 | strcat(buf,","); | 147 | BUF_strlcat(buf,",",PEM_BUFSIZE); |
| 148 | j=strlen(buf); | 148 | j=strlen(buf); |
| 149 | if (j + (len * 2) + 1 > PEM_BUFSIZE) | ||
| 150 | return; | ||
| 149 | for (i=0; i<len; i++) | 151 | for (i=0; i<len; i++) |
| 150 | { | 152 | { |
| 151 | buf[j+i*2] =map[(str[i]>>4)&0x0f]; | 153 | buf[j+i*2] =map[(str[i]>>4)&0x0f]; |
| @@ -533,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, | |||
| 533 | long len) | 535 | long len) |
| 534 | { | 536 | { |
| 535 | int nlen,n,i,j,outl; | 537 | int nlen,n,i,j,outl; |
| 536 | unsigned char *buf; | 538 | unsigned char *buf = NULL; |
| 537 | EVP_ENCODE_CTX ctx; | 539 | EVP_ENCODE_CTX ctx; |
| 538 | int reason=ERR_R_BUF_LIB; | 540 | int reason=ERR_R_BUF_LIB; |
| 539 | 541 | ||
| @@ -553,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, | |||
| 553 | goto err; | 555 | goto err; |
| 554 | } | 556 | } |
| 555 | 557 | ||
| 556 | buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8); | 558 | buf = OPENSSL_malloc(PEM_BUFSIZE*8); |
| 557 | if (buf == NULL) | 559 | if (buf == NULL) |
| 558 | { | 560 | { |
| 559 | reason=ERR_R_MALLOC_FAILURE; | 561 | reason=ERR_R_MALLOC_FAILURE; |
| @@ -574,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, | |||
| 574 | EVP_EncodeFinal(&ctx,buf,&outl); | 576 | EVP_EncodeFinal(&ctx,buf,&outl); |
| 575 | if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; | 577 | if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; |
| 576 | OPENSSL_free(buf); | 578 | OPENSSL_free(buf); |
| 579 | buf = NULL; | ||
| 577 | if ( (BIO_write(bp,"-----END ",9) != 9) || | 580 | if ( (BIO_write(bp,"-----END ",9) != 9) || |
| 578 | (BIO_write(bp,name,nlen) != nlen) || | 581 | (BIO_write(bp,name,nlen) != nlen) || |
| 579 | (BIO_write(bp,"-----\n",6) != 6)) | 582 | (BIO_write(bp,"-----\n",6) != 6)) |
| 580 | goto err; | 583 | goto err; |
| 581 | return(i+outl); | 584 | return(i+outl); |
| 582 | err: | 585 | err: |
| 586 | if (buf) | ||
| 587 | OPENSSL_free(buf); | ||
| 583 | PEMerr(PEM_F_PEM_WRITE_BIO,reason); | 588 | PEMerr(PEM_F_PEM_WRITE_BIO,reason); |
| 584 | return(0); | 589 | return(0); |
| 585 | } | 590 | } |
diff --git a/src/lib/libssl/src/crypto/pem/pem_pkey.c b/src/lib/libssl/src/crypto/pem/pem_pkey.c index d96ecf6940..f77c949e87 100644 --- a/src/lib/libssl/src/crypto/pem/pem_pkey.c +++ b/src/lib/libssl/src/crypto/pem/pem_pkey.c | |||
| @@ -87,6 +87,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
| 87 | p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); | 87 | p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); |
| 88 | if(!p8inf) goto p8err; | 88 | if(!p8inf) goto p8err; |
| 89 | ret = EVP_PKCS82PKEY(p8inf); | 89 | ret = EVP_PKCS82PKEY(p8inf); |
| 90 | if(x) { | ||
| 91 | if(*x) EVP_PKEY_free((EVP_PKEY *)*x); | ||
| 92 | *x = ret; | ||
| 93 | } | ||
| 90 | PKCS8_PRIV_KEY_INFO_free(p8inf); | 94 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
| 91 | } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { | 95 | } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { |
| 92 | PKCS8_PRIV_KEY_INFO *p8inf; | 96 | PKCS8_PRIV_KEY_INFO *p8inf; |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 190ca0e9bf..35c7dcd0b3 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | |||
| @@ -91,17 +91,19 @@ static int PKCS7_type_is_other(PKCS7* p7) | |||
| 91 | 91 | ||
| 92 | } | 92 | } |
| 93 | 93 | ||
| 94 | static int PKCS7_type_is_octet_string(PKCS7* p7) | 94 | static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) |
| 95 | { | 95 | { |
| 96 | if ( 0==PKCS7_type_is_other(p7) ) | 96 | if ( PKCS7_type_is_data(p7)) |
| 97 | return 0; | 97 | return p7->d.data; |
| 98 | 98 | if ( PKCS7_type_is_other(p7) && p7->d.other | |
| 99 | return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; | 99 | && (p7->d.other->type == V_ASN1_OCTET_STRING)) |
| 100 | return p7->d.other->value.octet_string; | ||
| 101 | return NULL; | ||
| 100 | } | 102 | } |
| 101 | 103 | ||
| 102 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | 104 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) |
| 103 | { | 105 | { |
| 104 | int i,j; | 106 | int i; |
| 105 | BIO *out=NULL,*btmp=NULL; | 107 | BIO *out=NULL,*btmp=NULL; |
| 106 | X509_ALGOR *xa; | 108 | X509_ALGOR *xa; |
| 107 | const EVP_MD *evp_md; | 109 | const EVP_MD *evp_md; |
| @@ -159,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 159 | goto err; | 161 | goto err; |
| 160 | } | 162 | } |
| 161 | 163 | ||
| 162 | j=OBJ_obj2nid(xa->algorithm); | 164 | evp_md=EVP_get_digestbyobj(xa->algorithm); |
| 163 | evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); | ||
| 164 | if (evp_md == NULL) | 165 | if (evp_md == NULL) |
| 165 | { | 166 | { |
| 166 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); | 167 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); |
| @@ -250,29 +251,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 250 | btmp=NULL; | 251 | btmp=NULL; |
| 251 | } | 252 | } |
| 252 | 253 | ||
| 253 | if (bio == NULL) { | 254 | if (bio == NULL) |
| 255 | { | ||
| 254 | if (PKCS7_is_detached(p7)) | 256 | if (PKCS7_is_detached(p7)) |
| 255 | bio=BIO_new(BIO_s_null()); | 257 | bio=BIO_new(BIO_s_null()); |
| 256 | else { | 258 | else |
| 257 | if (PKCS7_type_is_signed(p7) ) { | 259 | { |
| 258 | if ( PKCS7_type_is_data(p7->d.sign->contents)) { | 260 | ASN1_OCTET_STRING *os; |
| 259 | ASN1_OCTET_STRING *os; | 261 | os = PKCS7_get_octet_string(p7->d.sign->contents); |
| 260 | os=p7->d.sign->contents->d.data; | 262 | if (os && os->length > 0) |
| 261 | if (os->length > 0) | 263 | bio = BIO_new_mem_buf(os->data, os->length); |
| 262 | bio = BIO_new_mem_buf(os->data, os->length); | 264 | if(bio == NULL) |
| 263 | } | 265 | { |
| 264 | else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) { | ||
| 265 | ASN1_OCTET_STRING *os; | ||
| 266 | os=p7->d.sign->contents->d.other->value.octet_string; | ||
| 267 | if (os->length > 0) | ||
| 268 | bio = BIO_new_mem_buf(os->data, os->length); | ||
| 269 | } | ||
| 270 | } | ||
| 271 | if(bio == NULL) { | ||
| 272 | bio=BIO_new(BIO_s_mem()); | 266 | bio=BIO_new(BIO_s_mem()); |
| 273 | BIO_set_mem_eof_return(bio,0); | 267 | BIO_set_mem_eof_return(bio,0); |
| 268 | } | ||
| 274 | } | 269 | } |
| 275 | } | ||
| 276 | } | 270 | } |
| 277 | BIO_push(out,bio); | 271 | BIO_push(out,bio); |
| 278 | bio=NULL; | 272 | bio=NULL; |
| @@ -311,7 +305,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 311 | switch (i) | 305 | switch (i) |
| 312 | { | 306 | { |
| 313 | case NID_pkcs7_signed: | 307 | case NID_pkcs7_signed: |
| 314 | data_body=p7->d.sign->contents->d.data; | 308 | data_body=PKCS7_get_octet_string(p7->d.sign->contents); |
| 315 | md_sk=p7->d.sign->md_algs; | 309 | md_sk=p7->d.sign->md_algs; |
| 316 | break; | 310 | break; |
| 317 | case NID_pkcs7_signedAndEnveloped: | 311 | case NID_pkcs7_signedAndEnveloped: |
| @@ -319,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 319 | md_sk=p7->d.signed_and_enveloped->md_algs; | 313 | md_sk=p7->d.signed_and_enveloped->md_algs; |
| 320 | data_body=p7->d.signed_and_enveloped->enc_data->enc_data; | 314 | data_body=p7->d.signed_and_enveloped->enc_data->enc_data; |
| 321 | enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; | 315 | enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; |
| 322 | evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); | 316 | evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); |
| 323 | if (evp_cipher == NULL) | 317 | if (evp_cipher == NULL) |
| 324 | { | 318 | { |
| 325 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); | 319 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); |
| @@ -331,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 331 | rsk=p7->d.enveloped->recipientinfo; | 325 | rsk=p7->d.enveloped->recipientinfo; |
| 332 | enc_alg=p7->d.enveloped->enc_data->algorithm; | 326 | enc_alg=p7->d.enveloped->enc_data->algorithm; |
| 333 | data_body=p7->d.enveloped->enc_data->enc_data; | 327 | data_body=p7->d.enveloped->enc_data->enc_data; |
| 334 | evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); | 328 | evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); |
| 335 | if (evp_cipher == NULL) | 329 | if (evp_cipher == NULL) |
| 336 | { | 330 | { |
| 337 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); | 331 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); |
| @@ -357,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 357 | } | 351 | } |
| 358 | 352 | ||
| 359 | j=OBJ_obj2nid(xa->algorithm); | 353 | j=OBJ_obj2nid(xa->algorithm); |
| 360 | evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); | 354 | evp_md=EVP_get_digestbynid(j); |
| 361 | if (evp_md == NULL) | 355 | if (evp_md == NULL) |
| 362 | { | 356 | { |
| 363 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); | 357 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); |
| @@ -531,9 +525,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 531 | break; | 525 | break; |
| 532 | case NID_pkcs7_signed: | 526 | case NID_pkcs7_signed: |
| 533 | si_sk=p7->d.sign->signer_info; | 527 | si_sk=p7->d.sign->signer_info; |
| 534 | os=p7->d.sign->contents->d.data; | 528 | os=PKCS7_get_octet_string(p7->d.sign->contents); |
| 535 | /* If detached data then the content is excluded */ | 529 | /* If detached data then the content is excluded */ |
| 536 | if(p7->detached) { | 530 | if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { |
| 537 | M_ASN1_OCTET_STRING_free(os); | 531 | M_ASN1_OCTET_STRING_free(os); |
| 538 | p7->d.sign->contents->d.data = NULL; | 532 | p7->d.sign->contents->d.data = NULL; |
| 539 | } | 533 | } |
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c index 1f168221e3..6f742900a0 100644 --- a/src/lib/libssl/src/crypto/rand/rand_egd.c +++ b/src/lib/libssl/src/crypto/rand/rand_egd.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | 56 | ||
| 57 | #include <openssl/e_os2.h> | 57 | #include <openssl/e_os2.h> |
| 58 | #include <openssl/rand.h> | 58 | #include <openssl/rand.h> |
| 59 | #include <openssl/buffer.h> | ||
| 59 | 60 | ||
| 60 | /* | 61 | /* |
| 61 | * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. | 62 | * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. |
| @@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) | |||
| 145 | addr.sun_family = AF_UNIX; | 146 | addr.sun_family = AF_UNIX; |
| 146 | if (strlen(path) >= sizeof(addr.sun_path)) | 147 | if (strlen(path) >= sizeof(addr.sun_path)) |
| 147 | return (-1); | 148 | return (-1); |
| 148 | strcpy(addr.sun_path,path); | 149 | BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); |
| 149 | len = offsetof(struct sockaddr_un, sun_path) + strlen(path); | 150 | len = offsetof(struct sockaddr_un, sun_path) + strlen(path); |
| 150 | fd = socket(AF_UNIX, SOCK_STREAM, 0); | 151 | fd = socket(AF_UNIX, SOCK_STREAM, 0); |
| 151 | if (fd == -1) return (-1); | 152 | if (fd == -1) return (-1); |
diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c index a776e52243..0599719dd1 100644 --- a/src/lib/libssl/src/crypto/rand/rand_unix.c +++ b/src/lib/libssl/src/crypto/rand/rand_unix.c | |||
| @@ -124,6 +124,24 @@ | |||
| 124 | #include <unistd.h> | 124 | #include <unistd.h> |
| 125 | #include <time.h> | 125 | #include <time.h> |
| 126 | 126 | ||
| 127 | #ifdef __OpenBSD__ | ||
| 128 | int RAND_poll(void) | ||
| 129 | { | ||
| 130 | u_int32_t rnd = 0, i; | ||
| 131 | unsigned char buf[ENTROPY_NEEDED]; | ||
| 132 | |||
| 133 | for (i = 0; i < sizeof(buf); i++) { | ||
| 134 | if (i % 4 == 0) | ||
| 135 | rnd = arc4random(); | ||
| 136 | buf[i] = rnd; | ||
| 137 | rnd >>= 8; | ||
| 138 | } | ||
| 139 | RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); | ||
| 140 | memset(buf, 0, sizeof(buf)); | ||
| 141 | |||
| 142 | return 1; | ||
| 143 | } | ||
| 144 | #else | ||
| 127 | int RAND_poll(void) | 145 | int RAND_poll(void) |
| 128 | { | 146 | { |
| 129 | unsigned long l; | 147 | unsigned long l; |
| @@ -236,6 +254,7 @@ int RAND_poll(void) | |||
| 236 | } | 254 | } |
| 237 | 255 | ||
| 238 | #endif | 256 | #endif |
| 257 | #endif | ||
| 239 | 258 | ||
| 240 | #if defined(OPENSSL_SYS_VXWORKS) | 259 | #if defined(OPENSSL_SYS_VXWORKS) |
| 241 | int RAND_poll(void) | 260 | int RAND_poll(void) |
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c index 263068d256..3584842224 100644 --- a/src/lib/libssl/src/crypto/rand/rand_win.c +++ b/src/lib/libssl/src/crypto/rand/rand_win.c | |||
| @@ -646,7 +646,7 @@ static void readtimer(void) | |||
| 646 | * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. | 646 | * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. |
| 647 | * | 647 | * |
| 648 | * Code adapted from | 648 | * Code adapted from |
| 649 | * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>; | 649 | * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>; |
| 650 | * the original copyright message is: | 650 | * the original copyright message is: |
| 651 | * | 651 | * |
| 652 | * (C) Copyright Microsoft Corp. 1993. All rights reserved. | 652 | * (C) Copyright Microsoft Corp. 1993. All rights reserved. |
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c index 41574768ab..f5d0843d13 100644 --- a/src/lib/libssl/src/crypto/rand/randfile.c +++ b/src/lib/libssl/src/crypto/rand/randfile.c | |||
| @@ -56,6 +56,9 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* We need to define this to get macros like S_IFBLK and S_IFCHR */ | ||
| 60 | #define _XOPEN_SOURCE 1 | ||
| 61 | |||
| 59 | #include <errno.h> | 62 | #include <errno.h> |
| 60 | #include <stdio.h> | 63 | #include <stdio.h> |
| 61 | #include <stdlib.h> | 64 | #include <stdlib.h> |
| @@ -64,6 +67,7 @@ | |||
| 64 | #include "e_os.h" | 67 | #include "e_os.h" |
| 65 | #include <openssl/crypto.h> | 68 | #include <openssl/crypto.h> |
| 66 | #include <openssl/rand.h> | 69 | #include <openssl/rand.h> |
| 70 | #include <openssl/buffer.h> | ||
| 67 | 71 | ||
| 68 | #ifdef OPENSSL_SYS_VMS | 72 | #ifdef OPENSSL_SYS_VMS |
| 69 | #include <unixio.h> | 73 | #include <unixio.h> |
| @@ -106,6 +110,16 @@ int RAND_load_file(const char *file, long bytes) | |||
| 106 | 110 | ||
| 107 | in=fopen(file,"rb"); | 111 | in=fopen(file,"rb"); |
| 108 | if (in == NULL) goto err; | 112 | if (in == NULL) goto err; |
| 113 | #if defined(S_IFBLK) && defined(S_IFCHR) | ||
| 114 | if (sb.st_mode & (S_IFBLK | S_IFCHR)) { | ||
| 115 | /* this file is a device. we don't want read an infinite number | ||
| 116 | * of bytes from a random device, nor do we want to use buffered | ||
| 117 | * I/O because we will waste system entropy. | ||
| 118 | */ | ||
| 119 | bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ | ||
| 120 | setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ | ||
| 121 | } | ||
| 122 | #endif | ||
| 109 | for (;;) | 123 | for (;;) |
| 110 | { | 124 | { |
| 111 | if (bytes > 0) | 125 | if (bytes > 0) |
| @@ -135,7 +149,22 @@ int RAND_write_file(const char *file) | |||
| 135 | int i,ret=0,rand_err=0; | 149 | int i,ret=0,rand_err=0; |
| 136 | FILE *out = NULL; | 150 | FILE *out = NULL; |
| 137 | int n; | 151 | int n; |
| 152 | struct stat sb; | ||
| 138 | 153 | ||
| 154 | i=stat(file,&sb); | ||
| 155 | if (i != -1) { | ||
| 156 | #if defined(S_IFBLK) && defined(S_IFCHR) | ||
| 157 | if (sb.st_mode & (S_IFBLK | S_IFCHR)) { | ||
| 158 | /* this file is a device. we don't write back to it. | ||
| 159 | * we "succeed" on the assumption this is some sort | ||
| 160 | * of random device. Otherwise attempting to write to | ||
| 161 | * and chmod the device causes problems. | ||
| 162 | */ | ||
| 163 | return(1); | ||
| 164 | } | ||
| 165 | #endif | ||
| 166 | } | ||
| 167 | |||
| 139 | #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) | 168 | #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) |
| 140 | /* For some reason Win32 can't write to files created this way */ | 169 | /* For some reason Win32 can't write to files created this way */ |
| 141 | 170 | ||
| @@ -197,16 +226,17 @@ err: | |||
| 197 | const char *RAND_file_name(char *buf, size_t size) | 226 | const char *RAND_file_name(char *buf, size_t size) |
| 198 | { | 227 | { |
| 199 | char *s=NULL; | 228 | char *s=NULL; |
| 200 | char *ret=NULL; | 229 | int ok = 0; |
| 230 | #ifdef __OpenBSD__ | ||
| 231 | struct stat sb; | ||
| 232 | #endif | ||
| 201 | 233 | ||
| 202 | if (OPENSSL_issetugid() == 0) | 234 | if (OPENSSL_issetugid() == 0) |
| 203 | s=getenv("RANDFILE"); | 235 | s=getenv("RANDFILE"); |
| 204 | if (s != NULL) | 236 | if (s != NULL && *s && strlen(s) + 1 < size) |
| 205 | { | 237 | { |
| 206 | if(strlen(s) >= size) | 238 | if (BUF_strlcpy(buf,s,size) >= size) |
| 207 | return NULL; | 239 | return NULL; |
| 208 | strcpy(buf,s); | ||
| 209 | ret=buf; | ||
| 210 | } | 240 | } |
| 211 | else | 241 | else |
| 212 | { | 242 | { |
| @@ -218,17 +248,36 @@ const char *RAND_file_name(char *buf, size_t size) | |||
| 218 | s = DEFAULT_HOME; | 248 | s = DEFAULT_HOME; |
| 219 | } | 249 | } |
| 220 | #endif | 250 | #endif |
| 221 | if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size)) | 251 | if (s && *s && strlen(s)+strlen(RFILE)+2 < size) |
| 222 | { | 252 | { |
| 223 | strcpy(buf,s); | 253 | BUF_strlcpy(buf,s,size); |
| 224 | #ifndef OPENSSL_SYS_VMS | 254 | #ifndef OPENSSL_SYS_VMS |
| 225 | strcat(buf,"/"); | 255 | BUF_strlcat(buf,"/",size); |
| 226 | #endif | 256 | #endif |
| 227 | strcat(buf,RFILE); | 257 | BUF_strlcat(buf,RFILE,size); |
| 228 | ret=buf; | 258 | ok = 1; |
| 229 | } | 259 | } |
| 230 | else | 260 | else |
| 231 | buf[0] = '\0'; /* no file name */ | 261 | buf[0] = '\0'; /* no file name */ |
| 232 | } | 262 | } |
| 233 | return(ret); | 263 | |
| 264 | #ifdef __OpenBSD__ | ||
| 265 | /* given that all random loads just fail if the file can't be | ||
| 266 | * seen on a stat, we stat the file we're returning, if it | ||
| 267 | * fails, use /dev/arandom instead. this allows the user to | ||
| 268 | * use their own source for good random data, but defaults | ||
| 269 | * to something hopefully decent if that isn't available. | ||
| 270 | */ | ||
| 271 | |||
| 272 | if (!ok) | ||
| 273 | if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { | ||
| 274 | return(NULL); | ||
| 275 | } | ||
| 276 | if (stat(buf,&sb) == -1) | ||
| 277 | if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { | ||
| 278 | return(NULL); | ||
| 279 | } | ||
| 280 | |||
| 281 | #endif | ||
| 282 | return(buf); | ||
| 234 | } | 283 | } |
diff --git a/src/lib/libssl/src/crypto/rc5/rc5_locl.h b/src/lib/libssl/src/crypto/rc5/rc5_locl.h new file mode 100644 index 0000000000..f4ebc23004 --- /dev/null +++ b/src/lib/libssl/src/crypto/rc5/rc5_locl.h | |||
| @@ -0,0 +1,207 @@ | |||
| 1 | /* crypto/rc5/rc5_locl.h */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdlib.h> | ||
| 60 | |||
| 61 | #undef c2l | ||
| 62 | #define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ | ||
| 63 | l|=((unsigned long)(*((c)++)))<< 8L, \ | ||
| 64 | l|=((unsigned long)(*((c)++)))<<16L, \ | ||
| 65 | l|=((unsigned long)(*((c)++)))<<24L) | ||
| 66 | |||
| 67 | /* NOTE - c is not incremented as per c2l */ | ||
| 68 | #undef c2ln | ||
| 69 | #define c2ln(c,l1,l2,n) { \ | ||
| 70 | c+=n; \ | ||
| 71 | l1=l2=0; \ | ||
| 72 | switch (n) { \ | ||
| 73 | case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ | ||
| 74 | case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ | ||
| 75 | case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ | ||
| 76 | case 5: l2|=((unsigned long)(*(--(c)))); \ | ||
| 77 | case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ | ||
| 78 | case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ | ||
| 79 | case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ | ||
| 80 | case 1: l1|=((unsigned long)(*(--(c)))); \ | ||
| 81 | } \ | ||
| 82 | } | ||
| 83 | |||
| 84 | #undef l2c | ||
| 85 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | ||
| 86 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | ||
| 87 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | ||
| 88 | *((c)++)=(unsigned char)(((l)>>24L)&0xff)) | ||
| 89 | |||
| 90 | /* NOTE - c is not incremented as per l2c */ | ||
| 91 | #undef l2cn | ||
| 92 | #define l2cn(l1,l2,c,n) { \ | ||
| 93 | c+=n; \ | ||
| 94 | switch (n) { \ | ||
| 95 | case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ | ||
| 96 | case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ | ||
| 97 | case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ | ||
| 98 | case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | ||
| 99 | case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ | ||
| 100 | case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ | ||
| 101 | case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ | ||
| 102 | case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | ||
| 103 | } \ | ||
| 104 | } | ||
| 105 | |||
| 106 | /* NOTE - c is not incremented as per n2l */ | ||
| 107 | #define n2ln(c,l1,l2,n) { \ | ||
| 108 | c+=n; \ | ||
| 109 | l1=l2=0; \ | ||
| 110 | switch (n) { \ | ||
| 111 | case 8: l2 =((unsigned long)(*(--(c)))) ; \ | ||
| 112 | case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 113 | case 6: l2|=((unsigned long)(*(--(c))))<<16; \ | ||
| 114 | case 5: l2|=((unsigned long)(*(--(c))))<<24; \ | ||
| 115 | case 4: l1 =((unsigned long)(*(--(c)))) ; \ | ||
| 116 | case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 117 | case 2: l1|=((unsigned long)(*(--(c))))<<16; \ | ||
| 118 | case 1: l1|=((unsigned long)(*(--(c))))<<24; \ | ||
| 119 | } \ | ||
| 120 | } | ||
| 121 | |||
| 122 | /* NOTE - c is not incremented as per l2n */ | ||
| 123 | #define l2nn(l1,l2,c,n) { \ | ||
| 124 | c+=n; \ | ||
| 125 | switch (n) { \ | ||
| 126 | case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ | ||
| 127 | case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ | ||
| 128 | case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ | ||
| 129 | case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ | ||
| 130 | case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ | ||
| 131 | case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ | ||
| 132 | case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ | ||
| 133 | case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ | ||
| 134 | } \ | ||
| 135 | } | ||
| 136 | |||
| 137 | #undef n2l | ||
| 138 | #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ | ||
| 139 | l|=((unsigned long)(*((c)++)))<<16L, \ | ||
| 140 | l|=((unsigned long)(*((c)++)))<< 8L, \ | ||
| 141 | l|=((unsigned long)(*((c)++)))) | ||
| 142 | |||
| 143 | #undef l2n | ||
| 144 | #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ | ||
| 145 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | ||
| 146 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | ||
| 147 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 148 | |||
| 149 | #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) | ||
| 150 | #define ROTATE_l32(a,n) _lrotl(a,n) | ||
| 151 | #define ROTATE_r32(a,n) _lrotr(a,n) | ||
| 152 | #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) | ||
| 153 | # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) | ||
| 154 | # define ROTATE_l32(a,n) ({ register unsigned int ret; \ | ||
| 155 | asm ("roll %%cl,%0" \ | ||
| 156 | : "=r"(ret) \ | ||
| 157 | : "c"(n),"0"(a) \ | ||
| 158 | : "cc"); \ | ||
| 159 | ret; \ | ||
| 160 | }) | ||
| 161 | # define ROTATE_r32(a,n) ({ register unsigned int ret; \ | ||
| 162 | asm ("rorl %%cl,%0" \ | ||
| 163 | : "=r"(ret) \ | ||
| 164 | : "c"(n),"0"(a) \ | ||
| 165 | : "cc"); \ | ||
| 166 | ret; \ | ||
| 167 | }) | ||
| 168 | # endif | ||
| 169 | #endif | ||
| 170 | #ifndef ROTATE_l32 | ||
| 171 | #define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f)))) | ||
| 172 | #endif | ||
| 173 | #ifndef ROTATE_r32 | ||
| 174 | #define ROTATE_r32(a,n) (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f))) | ||
| 175 | #endif | ||
| 176 | |||
| 177 | #define RC5_32_MASK 0xffffffffL | ||
| 178 | |||
| 179 | #define RC5_16_P 0xB7E1 | ||
| 180 | #define RC5_16_Q 0x9E37 | ||
| 181 | #define RC5_32_P 0xB7E15163L | ||
| 182 | #define RC5_32_Q 0x9E3779B9L | ||
| 183 | #define RC5_64_P 0xB7E151628AED2A6BLL | ||
| 184 | #define RC5_64_Q 0x9E3779B97F4A7C15LL | ||
| 185 | |||
| 186 | #define E_RC5_32(a,b,s,n) \ | ||
| 187 | a^=b; \ | ||
| 188 | a=ROTATE_l32(a,b); \ | ||
| 189 | a+=s[n]; \ | ||
| 190 | a&=RC5_32_MASK; \ | ||
| 191 | b^=a; \ | ||
| 192 | b=ROTATE_l32(b,a); \ | ||
| 193 | b+=s[n+1]; \ | ||
| 194 | b&=RC5_32_MASK; | ||
| 195 | |||
| 196 | #define D_RC5_32(a,b,s,n) \ | ||
| 197 | b-=s[n+1]; \ | ||
| 198 | b&=RC5_32_MASK; \ | ||
| 199 | b=ROTATE_r32(b,a); \ | ||
| 200 | b^=a; \ | ||
| 201 | a-=s[n]; \ | ||
| 202 | a&=RC5_32_MASK; \ | ||
| 203 | a=ROTATE_r32(a,b); \ | ||
| 204 | a^=b; | ||
| 205 | |||
| 206 | |||
| 207 | |||
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl index fe51fd0794..e00f709553 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl | |||
| @@ -1,5 +1,30 @@ | |||
| 1 | #!/usr/local/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # It was noted that Intel IA-32 C compiler generates code which | ||
| 4 | # performs ~30% *faster* on P4 CPU than original *hand-coded* | ||
| 5 | # SHA1 assembler implementation. To address this problem (and | ||
| 6 | # prove that humans are still better than machines:-), the | ||
| 7 | # original code was overhauled, which resulted in following | ||
| 8 | # performance changes: | ||
| 9 | # | ||
| 10 | # compared with original compared with Intel cc | ||
| 11 | # assembler impl. generated code | ||
| 12 | # Pentium -25% +37% | ||
| 13 | # PIII/AMD +8% +16% | ||
| 14 | # P4 +85%(!) +45% | ||
| 15 | # | ||
| 16 | # As you can see Pentium came out as looser:-( Yet I reckoned that | ||
| 17 | # improvement on P4 outweights the loss and incorporate this | ||
| 18 | # re-tuned code to 0.9.7 and later. | ||
| 19 | # ---------------------------------------------------------------- | ||
| 20 | # Those who for any particular reason absolutely must score on | ||
| 21 | # Pentium can replace this module with one from 0.9.6 distribution. | ||
| 22 | # This "offer" shall be revoked the moment programming interface to | ||
| 23 | # this module is changed, in which case this paragraph should be | ||
| 24 | # removed. | ||
| 25 | # ---------------------------------------------------------------- | ||
| 26 | # <appro@fy.chalmers.se> | ||
| 27 | |||
| 3 | $normal=0; | 28 | $normal=0; |
| 4 | 29 | ||
| 5 | push(@INC,"perlasm","../../perlasm"); | 30 | push(@INC,"perlasm","../../perlasm"); |
| @@ -77,54 +102,21 @@ sub BODY_00_15 | |||
| 77 | { | 102 | { |
| 78 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; | 103 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; |
| 79 | 104 | ||
| 80 | return if $n & 1; | ||
| 81 | &comment("00_15 $n"); | 105 | &comment("00_15 $n"); |
| 82 | 106 | ||
| 83 | &mov($f,$c); | ||
| 84 | |||
| 85 | &mov($tmp1,$a); | ||
| 86 | &xor($f,$d); # F2 | ||
| 87 | |||
| 88 | &rotl($tmp1,5); # A2 | ||
| 89 | |||
| 90 | &and($f,$b); # F3 | ||
| 91 | &add($tmp1,$e); | ||
| 92 | |||
| 93 | &rotr($b,1); # B1 <- F | ||
| 94 | &mov($e,&swtmp($n)); # G1 | ||
| 95 | |||
| 96 | &rotr($b,1); # B1 <- F | ||
| 97 | &xor($f,$d); # F4 | ||
| 98 | |||
| 99 | &lea($tmp1,&DWP($K,$tmp1,$e,1)); | ||
| 100 | |||
| 101 | ############################ | ||
| 102 | # &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); | ||
| 103 | # &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); | ||
| 104 | $n++; | ||
| 105 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | ||
| 106 | ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); | ||
| 107 | |||
| 108 | &mov($f,$c); | ||
| 109 | |||
| 110 | &add($a,$tmp1); # MOVED DOWN | ||
| 111 | &xor($f,$d); # F2 | ||
| 112 | |||
| 113 | &mov($tmp1,$a); | 107 | &mov($tmp1,$a); |
| 114 | &and($f,$b); # F3 | 108 | &mov($f,$c); # f to hold F_00_19(b,c,d) |
| 115 | 109 | &rotl($tmp1,5); # tmp1=ROTATE(a,5) | |
| 116 | &rotl($tmp1,5); # A2 | 110 | &xor($f,$d); |
| 117 | 111 | &and($f,$b); | |
| 118 | &add($tmp1,$e); | 112 | &rotr($b,2); # b=ROTATE(b,30) |
| 119 | &mov($e,&swtmp($n)); # G1 | 113 | &add($tmp1,$e); # tmp1+=e; |
| 120 | 114 | &mov($e,&swtmp($n)); # e becomes volatile and | |
| 121 | &rotr($b,1); # B1 <- F | 115 | # is loaded with xi |
| 122 | &xor($f,$d); # F4 | 116 | &xor($f,$d); # f holds F_00_19(b,c,d) |
| 123 | 117 | &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi | |
| 124 | &rotr($b,1); # B1 <- F | 118 | |
| 125 | &lea($tmp1,&DWP($K,$tmp1,$e,1)); | 119 | &add($f,$tmp1); # f+=tmp1 |
| 126 | |||
| 127 | &add($f,$tmp1); | ||
| 128 | } | 120 | } |
| 129 | 121 | ||
| 130 | sub BODY_16_19 | 122 | sub BODY_16_19 |
| @@ -132,66 +124,24 @@ sub BODY_16_19 | |||
| 132 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; | 124 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; |
| 133 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | 125 | local($n0,$n1,$n2,$n3,$np)=&Na($n); |
| 134 | 126 | ||
| 135 | return if $n & 1; | ||
| 136 | &comment("16_19 $n"); | 127 | &comment("16_19 $n"); |
| 137 | 128 | ||
| 138 | &nop() if ($pos < 0); | 129 | &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd) |
| 139 | &mov($tmp1,&swtmp($n0)); # X1 | 130 | &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) |
| 140 | &mov($f,&swtmp($n1)); # X2 | 131 | &xor($f,&swtmp($n0)); |
| 141 | &xor($f,$tmp1); # X3 | 132 | &xor($tmp1,$d); |
| 142 | &mov($tmp1,&swtmp($n2)); # X4 | 133 | &xor($f,&swtmp($n2)); |
| 143 | &xor($f,$tmp1); # X5 | 134 | &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d) |
| 144 | &mov($tmp1,&swtmp($n3)); # X6 | 135 | &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd |
| 145 | &xor($f,$tmp1); # X7 - slot | 136 | &rotr($b,2); # b=ROTATE(b,30) |
| 146 | &mov($tmp1,$c); # F1 | 137 | &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) |
| 147 | &rotl($f,1); # X8 - slot | 138 | &rotl($f,1); # f=ROATE(f,1) |
| 148 | &xor($tmp1,$d); # F2 | 139 | &mov(&swtmp($n0),$f); # xi=f |
| 149 | &mov(&swtmp($n0),$f); # X9 - anytime | 140 | &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e |
| 150 | &and($tmp1,$b); # F3 | 141 | &mov($e,$a); # e becomes volatile |
| 151 | &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e | 142 | &add($f,$tmp1); # f+=F_00_19(b,c,d) |
| 152 | &xor($tmp1,$d); # F4 | 143 | &rotl($e,5); # e=ROTATE(a,5) |
| 153 | &mov($e,$a); # A1 | 144 | &add($f,$e); # f+=ROTATE(a,5) |
| 154 | &add($f,$tmp1); # tot+=F(); | ||
| 155 | |||
| 156 | &rotl($e,5); # A2 | ||
| 157 | |||
| 158 | &rotr($b,1); # B1 <- F | ||
| 159 | &add($f,$e); # tot+=a | ||
| 160 | |||
| 161 | ############################ | ||
| 162 | # &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); | ||
| 163 | # &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); | ||
| 164 | $n++; | ||
| 165 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | ||
| 166 | ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); | ||
| 167 | |||
| 168 | |||
| 169 | &mov($f,&swtmp($n0)); # X1 | ||
| 170 | &mov($tmp1,&swtmp($n1)); # X2 | ||
| 171 | &xor($f,$tmp1); # X3 | ||
| 172 | &mov($tmp1,&swtmp($n2)); # X4 | ||
| 173 | &xor($f,$tmp1); # X5 | ||
| 174 | &mov($tmp1,&swtmp($n3)); # X6 | ||
| 175 | &rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN | ||
| 176 | &xor($f,$tmp1); # X7 - slot | ||
| 177 | &rotl($f,1); # X8 - slot | ||
| 178 | &mov($tmp1,$c); # F1 | ||
| 179 | &xor($tmp1,$d); # F2 | ||
| 180 | &mov(&swtmp($n0),$f); # X9 - anytime | ||
| 181 | &and($tmp1,$b); # F3 | ||
| 182 | &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e | ||
| 183 | |||
| 184 | &xor($tmp1,$d); # F4 | ||
| 185 | &mov($e,$a); # A1 | ||
| 186 | |||
| 187 | &rotl($e,5); # A2 | ||
| 188 | |||
| 189 | &rotr($b,1); # B1 <- F | ||
| 190 | &add($f,$e); # tot+=a | ||
| 191 | |||
| 192 | &rotr($b,1); # B1 <- F | ||
| 193 | &add($f,$tmp1); # tot+=F(); | ||
| 194 | |||
| 195 | } | 145 | } |
| 196 | 146 | ||
| 197 | sub BODY_20_39 | 147 | sub BODY_20_39 |
| @@ -201,42 +151,21 @@ sub BODY_20_39 | |||
| 201 | &comment("20_39 $n"); | 151 | &comment("20_39 $n"); |
| 202 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | 152 | local($n0,$n1,$n2,$n3,$np)=&Na($n); |
| 203 | 153 | ||
| 204 | &mov($f,&swtmp($n0)); # X1 | 154 | &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) |
| 205 | &mov($tmp1,&swtmp($n1)); # X2 | 155 | &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) |
| 206 | &xor($f,$tmp1); # X3 | 156 | &xor($f,&swtmp($n1)); |
| 207 | &mov($tmp1,&swtmp($n2)); # X4 | 157 | &rotr($b,2); # b=ROTATE(b,30) |
| 208 | &xor($f,$tmp1); # X5 | 158 | &xor($f,&swtmp($n2)); |
| 209 | &mov($tmp1,&swtmp($n3)); # X6 | 159 | &xor($tmp1,$c); |
| 210 | &xor($f,$tmp1); # X7 - slot | 160 | &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd |
| 211 | &mov($tmp1,$b); # F1 | 161 | &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) |
| 212 | &rotl($f,1); # X8 - slot | 162 | &rotl($f,1); # f=ROTATE(f,1) |
| 213 | &xor($tmp1,$c); # F2 | 163 | &mov(&swtmp($n0),$f); # xi=f |
| 214 | &mov(&swtmp($n0),$f); # X9 - anytime | 164 | &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e |
| 215 | &xor($tmp1,$d); # F3 | 165 | &mov($e,$a); # e becomes volatile |
| 216 | 166 | &rotl($e,5); # e=ROTATE(a,5) | |
| 217 | &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e | 167 | &add($f,$tmp1); # f+=F_20_39(b,c,d) |
| 218 | &mov($e,$a); # A1 | 168 | &add($f,$e); # f+=ROTATE(a,5) |
| 219 | |||
| 220 | &rotl($e,5); # A2 | ||
| 221 | |||
| 222 | if ($n != 79) # last loop | ||
| 223 | { | ||
| 224 | &rotr($b,1); # B1 <- F | ||
| 225 | &add($e,$tmp1); # tmp1=F()+a | ||
| 226 | |||
| 227 | &rotr($b,1); # B2 <- F | ||
| 228 | &add($f,$e); # tot+=tmp1; | ||
| 229 | } | ||
| 230 | else | ||
| 231 | { | ||
| 232 | &add($e,$tmp1); # tmp1=F()+a | ||
| 233 | &mov($tmp1,&wparam(0)); | ||
| 234 | |||
| 235 | &rotr($b,1); # B1 <- F | ||
| 236 | &add($f,$e); # tot+=tmp1; | ||
| 237 | |||
| 238 | &rotr($b,1); # B2 <- F | ||
| 239 | } | ||
| 240 | } | 169 | } |
| 241 | 170 | ||
| 242 | sub BODY_40_59 | 171 | sub BODY_40_59 |
| @@ -244,70 +173,27 @@ sub BODY_40_59 | |||
| 244 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; | 173 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; |
| 245 | 174 | ||
| 246 | &comment("40_59 $n"); | 175 | &comment("40_59 $n"); |
| 247 | return if $n & 1; | ||
| 248 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | 176 | local($n0,$n1,$n2,$n3,$np)=&Na($n); |
| 249 | 177 | ||
| 250 | &mov($f,&swtmp($n0)); # X1 | 178 | &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) |
| 251 | &mov($tmp1,&swtmp($n1)); # X2 | 179 | &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d) |
| 252 | &xor($f,$tmp1); # X3 | 180 | &xor($f,&swtmp($n1)); |
| 253 | &mov($tmp1,&swtmp($n2)); # X4 | 181 | &or($tmp1,$c); |
| 254 | &xor($f,$tmp1); # X5 | 182 | &xor($f,&swtmp($n2)); |
| 255 | &mov($tmp1,&swtmp($n3)); # X6 | 183 | &and($tmp1,$d); |
| 256 | &xor($f,$tmp1); # X7 - slot | 184 | &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd |
| 257 | &mov($tmp1,$b); # F1 | 185 | &rotl($f,1); # f=ROTATE(f,1) |
| 258 | &rotl($f,1); # X8 - slot | 186 | &mov(&swtmp($n0),$f); # xi=f |
| 259 | &or($tmp1,$c); # F2 | 187 | &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e |
| 260 | &mov(&swtmp($n0),$f); # X9 - anytime | 188 | &mov($e,$b); # e becomes volatile and is used |
| 261 | &and($tmp1,$d); # F3 | 189 | # to calculate F_40_59(b,c,d) |
| 262 | 190 | &rotr($b,2); # b=ROTATE(b,30) | |
| 263 | &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e | 191 | &and($e,$c); |
| 264 | &mov($e,$b); # F4 | 192 | &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d) |
| 265 | 193 | &mov($e,$a); | |
| 266 | &rotr($b,1); # B1 <- F | 194 | &rotl($e,5); # e=ROTATE(a,5) |
| 267 | &and($e,$c); # F5 | 195 | &add($tmp1,$e); # tmp1+=ROTATE(a,5) |
| 268 | 196 | &add($f,$tmp1); # f+=tmp1; | |
| 269 | &or($tmp1,$e); # F6 | ||
| 270 | &mov($e,$a); # A1 | ||
| 271 | |||
| 272 | &rotl($e,5); # A2 | ||
| 273 | |||
| 274 | &add($tmp1,$e); # tmp1=F()+a | ||
| 275 | |||
| 276 | ############################ | ||
| 277 | # &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); | ||
| 278 | # &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); | ||
| 279 | $n++; | ||
| 280 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | ||
| 281 | ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); | ||
| 282 | |||
| 283 | &mov($f,&swtmp($n0)); # X1 | ||
| 284 | &add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1 | ||
| 285 | &mov($tmp1,&swtmp($n1)); # X2 | ||
| 286 | &xor($f,$tmp1); # X3 | ||
| 287 | &mov($tmp1,&swtmp($n2)); # X4 | ||
| 288 | &xor($f,$tmp1); # X5 | ||
| 289 | &mov($tmp1,&swtmp($n3)); # X6 | ||
| 290 | &rotr($c,1); # B2 <- F # moved was rotr b,1 | ||
| 291 | &xor($f,$tmp1); # X7 - slot | ||
| 292 | &rotl($f,1); # X8 - slot | ||
| 293 | &mov($tmp1,$b); # F1 | ||
| 294 | &mov(&swtmp($n0),$f); # X9 - anytime | ||
| 295 | &or($tmp1,$c); # F2 | ||
| 296 | &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e | ||
| 297 | &mov($e,$b); # F4 | ||
| 298 | &and($tmp1,$d); # F3 | ||
| 299 | &and($e,$c); # F5 | ||
| 300 | |||
| 301 | &or($tmp1,$e); # F6 | ||
| 302 | &mov($e,$a); # A1 | ||
| 303 | |||
| 304 | &rotl($e,5); # A2 | ||
| 305 | |||
| 306 | &rotr($b,1); # B1 <- F | ||
| 307 | &add($tmp1,$e); # tmp1=F()+a | ||
| 308 | |||
| 309 | &rotr($b,1); # B2 <- F | ||
| 310 | &add($f,$tmp1); # tot+=tmp1; | ||
| 311 | } | 197 | } |
| 312 | 198 | ||
| 313 | sub BODY_60_79 | 199 | sub BODY_60_79 |
| @@ -495,8 +381,7 @@ sub sha1_block_data | |||
| 495 | # C -> E | 381 | # C -> E |
| 496 | # D -> T | 382 | # D -> T |
| 497 | 383 | ||
| 498 | # The last 2 have been moved into the last loop | 384 | &mov($tmp1,&wparam(0)); |
| 499 | # &mov($tmp1,&wparam(0)); | ||
| 500 | 385 | ||
| 501 | &mov($D, &DWP(12,$tmp1,"",0)); | 386 | &mov($D, &DWP(12,$tmp1,"",0)); |
| 502 | &add($D,$B); | 387 | &add($D,$B); |
diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c index 54d598565d..7588966cb2 100644 --- a/src/lib/libssl/src/crypto/threads/mttest.c +++ b/src/lib/libssl/src/crypto/threads/mttest.c | |||
| @@ -243,7 +243,8 @@ bad: | |||
| 243 | goto end; | 243 | goto end; |
| 244 | } | 244 | } |
| 245 | 245 | ||
| 246 | if (cipher == NULL) cipher=getenv("SSL_CIPHER"); | 246 | if (cipher == NULL && OPENSSL_issetugid() == 0) |
| 247 | cipher=getenv("SSL_CIPHER"); | ||
| 247 | 248 | ||
| 248 | SSL_load_error_strings(); | 249 | SSL_load_error_strings(); |
| 249 | OpenSSL_add_ssl_algorithms(); | 250 | OpenSSL_add_ssl_algorithms(); |
diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c index 13e5f20dcb..dbc9711a2d 100644 --- a/src/lib/libssl/src/crypto/ui/ui_lib.c +++ b/src/lib/libssl/src/crypto/ui/ui_lib.c | |||
| @@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc, | |||
| 430 | len += sizeof(prompt3) - 1; | 430 | len += sizeof(prompt3) - 1; |
| 431 | 431 | ||
| 432 | prompt = (char *)OPENSSL_malloc(len + 1); | 432 | prompt = (char *)OPENSSL_malloc(len + 1); |
| 433 | strcpy(prompt, prompt1); | 433 | BUF_strlcpy(prompt, prompt1, len + 1); |
| 434 | strcat(prompt, object_desc); | 434 | BUF_strlcat(prompt, object_desc, len + 1); |
| 435 | if (object_name) | 435 | if (object_name) |
| 436 | { | 436 | { |
| 437 | strcat(prompt, prompt2); | 437 | BUF_strlcat(prompt, prompt2, len + 1); |
| 438 | strcat(prompt, object_name); | 438 | BUF_strlcat(prompt, object_name, len + 1); |
| 439 | } | 439 | } |
| 440 | strcat(prompt, prompt3); | 440 | BUF_strlcat(prompt, prompt3, len + 1); |
| 441 | } | 441 | } |
| 442 | return prompt; | 442 | return prompt; |
| 443 | } | 443 | } |
| @@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) | |||
| 865 | return -1; | 865 | return -1; |
| 866 | } | 866 | } |
| 867 | 867 | ||
| 868 | strcpy(uis->result_buf, result); | 868 | BUF_strlcpy(uis->result_buf, result, |
| 869 | uis->_.string_data.result_maxsize + 1); | ||
| 869 | break; | 870 | break; |
| 870 | case UIT_BOOLEAN: | 871 | case UIT_BOOLEAN: |
| 871 | { | 872 | { |
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c index 448bd7e69c..6207340472 100644 --- a/src/lib/libssl/src/crypto/x509/by_dir.c +++ b/src/lib/libssl/src/crypto/x509/by_dir.c | |||
| @@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, | |||
| 302 | k=0; | 302 | k=0; |
| 303 | for (;;) | 303 | for (;;) |
| 304 | { | 304 | { |
| 305 | sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h, | 305 | char c = '/'; |
| 306 | postfix,k); | 306 | #ifdef OPENSSL_SYS_VMS |
| 307 | c = ctx->dirs[i][strlen(ctx->dirs[i])-1]; | ||
| 308 | if (c != ':' && c != '>' && c != ']') | ||
| 309 | { | ||
| 310 | /* If no separator is present, we assume the | ||
| 311 | directory specifier is a logical name, and | ||
| 312 | add a colon. We really should use better | ||
| 313 | VMS routines for merging things like this, | ||
| 314 | but this will do for now... | ||
| 315 | -- Richard Levitte */ | ||
| 316 | c = ':'; | ||
| 317 | } | ||
| 318 | else | ||
| 319 | { | ||
| 320 | c = '\0'; | ||
| 321 | } | ||
| 322 | #endif | ||
| 323 | if (c == '\0') | ||
| 324 | { | ||
| 325 | /* This is special. When c == '\0', no | ||
| 326 | directory separator should be added. */ | ||
| 327 | BIO_snprintf(b->data,b->max, | ||
| 328 | "%s%08lx.%s%d",ctx->dirs[i],h, | ||
| 329 | postfix,k); | ||
| 330 | } | ||
| 331 | else | ||
| 332 | { | ||
| 333 | BIO_snprintf(b->data,b->max, | ||
| 334 | "%s%c%08lx.%s%d",ctx->dirs[i],c,h, | ||
| 335 | postfix,k); | ||
| 336 | } | ||
| 307 | k++; | 337 | k++; |
| 308 | if (stat(b->data,&st) < 0) | 338 | if (stat(b->data,&st) < 0) |
| 309 | break; | 339 | break; |
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h index eaad5685a8..8d0c7e2e17 100644 --- a/src/lib/libssl/src/crypto/x509/x509.h +++ b/src/lib/libssl/src/crypto/x509/x509.h | |||
| @@ -810,10 +810,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req); | |||
| 810 | X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); | 810 | X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); |
| 811 | X509_NAME *X509_NAME_dup(X509_NAME *xn); | 811 | X509_NAME *X509_NAME_dup(X509_NAME *xn); |
| 812 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); | 812 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); |
| 813 | #ifndef OPENSSL_NO_RSA | ||
| 814 | RSA *RSAPublicKey_dup(RSA *rsa); | ||
| 815 | RSA *RSAPrivateKey_dup(RSA *rsa); | ||
| 816 | #endif | ||
| 817 | 813 | ||
| 818 | #endif /* !SSLEAY_MACROS */ | 814 | #endif /* !SSLEAY_MACROS */ |
| 819 | 815 | ||
diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c index 4f83db8ba2..e31ebc6741 100644 --- a/src/lib/libssl/src/crypto/x509/x509_txt.c +++ b/src/lib/libssl/src/crypto/x509/x509_txt.c | |||
| @@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n) | |||
| 147 | case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: | 147 | case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: |
| 148 | return("unhandled critical extension"); | 148 | return("unhandled critical extension"); |
| 149 | 149 | ||
| 150 | case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: | ||
| 151 | return("key usage does not include CRL signing"); | ||
| 152 | |||
| 153 | case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: | ||
| 154 | return("unhandled critical CRL extension"); | ||
| 155 | |||
| 150 | default: | 156 | default: |
| 151 | sprintf(buf,"error number %ld",n); | 157 | BIO_snprintf(buf,sizeof buf,"error number %ld",n); |
| 152 | return(buf); | 158 | return(buf); |
| 153 | } | 159 | } |
| 154 | } | 160 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index 2bb21b443e..2e4d0b823a 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c | |||
| @@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx) | |||
| 383 | /* Check all untrusted certificates */ | 383 | /* Check all untrusted certificates */ |
| 384 | for (i = 0; i < ctx->last_untrusted; i++) | 384 | for (i = 0; i < ctx->last_untrusted; i++) |
| 385 | { | 385 | { |
| 386 | int ret; | ||
| 386 | x = sk_X509_value(ctx->chain, i); | 387 | x = sk_X509_value(ctx->chain, i); |
| 387 | if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) | 388 | if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) |
| 388 | && (x->ex_flags & EXFLAG_CRITICAL)) | 389 | && (x->ex_flags & EXFLAG_CRITICAL)) |
| @@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx) | |||
| 393 | ok=cb(0,ctx); | 394 | ok=cb(0,ctx); |
| 394 | if (!ok) goto end; | 395 | if (!ok) goto end; |
| 395 | } | 396 | } |
| 396 | if (!X509_check_purpose(x, ctx->purpose, i)) | 397 | ret = X509_check_purpose(x, ctx->purpose, i); |
| 398 | if ((ret == 0) | ||
| 399 | || ((ctx->flags & X509_V_FLAG_X509_STRICT) | ||
| 400 | && (ret != 1))) | ||
| 397 | { | 401 | { |
| 398 | if (i) | 402 | if (i) |
| 399 | ctx->error = X509_V_ERR_INVALID_CA; | 403 | ctx->error = X509_V_ERR_INVALID_CA; |
| @@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) | |||
| 537 | 541 | ||
| 538 | if(issuer) | 542 | if(issuer) |
| 539 | { | 543 | { |
| 544 | /* Check for cRLSign bit if keyUsage present */ | ||
| 545 | if ((issuer->ex_flags & EXFLAG_KUSAGE) && | ||
| 546 | !(issuer->ex_kusage & KU_CRL_SIGN)) | ||
| 547 | { | ||
| 548 | ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; | ||
| 549 | ok = ctx->verify_cb(0, ctx); | ||
| 550 | if(!ok) goto err; | ||
| 551 | } | ||
| 540 | 552 | ||
| 541 | /* Attempt to get issuer certificate public key */ | 553 | /* Attempt to get issuer certificate public key */ |
| 542 | ikey = X509_get_pubkey(issuer); | 554 | ikey = X509_get_pubkey(issuer); |
| @@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) | |||
| 611 | { | 623 | { |
| 612 | int idx, ok; | 624 | int idx, ok; |
| 613 | X509_REVOKED rtmp; | 625 | X509_REVOKED rtmp; |
| 626 | STACK_OF(X509_EXTENSION) *exts; | ||
| 627 | X509_EXTENSION *ext; | ||
| 614 | /* Look for serial number of certificate in CRL */ | 628 | /* Look for serial number of certificate in CRL */ |
| 615 | rtmp.serialNumber = X509_get_serialNumber(x); | 629 | rtmp.serialNumber = X509_get_serialNumber(x); |
| 616 | idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); | 630 | idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); |
| 617 | /* Not found: OK */ | 631 | /* If found assume revoked: want something cleverer than |
| 618 | if(idx == -1) return 1; | ||
| 619 | /* Otherwise revoked: want something cleverer than | ||
| 620 | * this to handle entry extensions in V2 CRLs. | 632 | * this to handle entry extensions in V2 CRLs. |
| 621 | */ | 633 | */ |
| 622 | ctx->error = X509_V_ERR_CERT_REVOKED; | 634 | if(idx >= 0) |
| 623 | ok = ctx->verify_cb(0, ctx); | 635 | { |
| 624 | return ok; | 636 | ctx->error = X509_V_ERR_CERT_REVOKED; |
| 637 | ok = ctx->verify_cb(0, ctx); | ||
| 638 | if (!ok) return 0; | ||
| 639 | } | ||
| 640 | |||
| 641 | if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) | ||
| 642 | return 1; | ||
| 643 | |||
| 644 | /* See if we have any critical CRL extensions: since we | ||
| 645 | * currently don't handle any CRL extensions the CRL must be | ||
| 646 | * rejected. | ||
| 647 | * This code accesses the X509_CRL structure directly: applications | ||
| 648 | * shouldn't do this. | ||
| 649 | */ | ||
| 650 | |||
| 651 | exts = crl->crl->extensions; | ||
| 652 | |||
| 653 | for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) | ||
| 654 | { | ||
| 655 | ext = sk_X509_EXTENSION_value(exts, idx); | ||
| 656 | if (ext->critical > 0) | ||
| 657 | { | ||
| 658 | ctx->error = | ||
| 659 | X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; | ||
| 660 | ok = ctx->verify_cb(0, ctx); | ||
| 661 | if(!ok) return 0; | ||
| 662 | break; | ||
| 663 | } | ||
| 664 | } | ||
| 665 | return 1; | ||
| 625 | } | 666 | } |
| 626 | 667 | ||
| 627 | static int internal_verify(X509_STORE_CTX *ctx) | 668 | static int internal_verify(X509_STORE_CTX *ctx) |
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.h b/src/lib/libssl/src/crypto/x509/x509_vfy.h index f0be21f452..198495884c 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.h +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.h | |||
| @@ -304,17 +304,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 304 | 304 | ||
| 305 | #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 | 305 | #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 |
| 306 | #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 | 306 | #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 |
| 307 | #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 | ||
| 308 | #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 | ||
| 307 | 309 | ||
| 308 | /* The application is not happy */ | 310 | /* The application is not happy */ |
| 309 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 | 311 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 |
| 310 | 312 | ||
| 311 | /* Certificate verify flags */ | 313 | /* Certificate verify flags */ |
| 312 | 314 | ||
| 313 | #define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */ | 315 | /* Send issuer+subject checks to verify_cb */ |
| 314 | #define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */ | 316 | #define X509_V_FLAG_CB_ISSUER_CHECK 0x1 |
| 315 | #define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */ | 317 | /* Use check time instead of current time */ |
| 316 | #define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */ | 318 | #define X509_V_FLAG_USE_CHECK_TIME 0x2 |
| 317 | #define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */ | 319 | /* Lookup CRLs */ |
| 320 | #define X509_V_FLAG_CRL_CHECK 0x4 | ||
| 321 | /* Lookup CRLs for whole chain */ | ||
| 322 | #define X509_V_FLAG_CRL_CHECK_ALL 0x8 | ||
| 323 | /* Ignore unhandled critical extensions */ | ||
| 324 | #define X509_V_FLAG_IGNORE_CRITICAL 0x10 | ||
| 325 | /* Disable workarounds for broken certificates */ | ||
| 326 | #define X509_V_FLAG_X509_STRICT 0x20 | ||
| 318 | 327 | ||
| 319 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | 328 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, |
| 320 | X509_NAME *name); | 329 | X509_NAME *name); |
diff --git a/src/lib/libssl/src/crypto/x509/x509type.c b/src/lib/libssl/src/crypto/x509/x509type.c index f78c2a6b43..c25959a742 100644 --- a/src/lib/libssl/src/crypto/x509/x509type.c +++ b/src/lib/libssl/src/crypto/x509/x509type.c | |||
| @@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) | |||
| 106 | break; | 106 | break; |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look | 109 | if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look |
| 110 | for, not bytes */ | 110 | for, not bytes */ |
| 111 | ret|=EVP_PKT_EXP; | 111 | ret|=EVP_PKT_EXP; |
| 112 | if(pkey==NULL) EVP_PKEY_free(pk); | 112 | if(pkey==NULL) EVP_PKEY_free(pk); |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c index 0e9e7dcb4f..58b935a3b6 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c | |||
| @@ -137,7 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | |||
| 137 | X509V3_add_value("IP Address","<invalid>", &ret); | 137 | X509V3_add_value("IP Address","<invalid>", &ret); |
| 138 | break; | 138 | break; |
| 139 | } | 139 | } |
| 140 | sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); | 140 | BIO_snprintf(oline, sizeof oline, |
| 141 | "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); | ||
| 141 | X509V3_add_value("IP Address",oline, &ret); | 142 | X509V3_add_value("IP Address",oline, &ret); |
| 142 | break; | 143 | break; |
| 143 | 144 | ||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c index 894a8b94d8..f90829c574 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c | |||
| @@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = { | |||
| 156 | IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) | 156 | IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) |
| 157 | 157 | ||
| 158 | ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = | 158 | ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = |
| 159 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) | 159 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) |
| 160 | ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) | 160 | ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) |
| 161 | 161 | ||
| 162 | IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) | 162 | IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c index e269df1373..53e3f48859 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_info.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c | |||
| @@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method | |||
| 105 | STACK_OF(CONF_VALUE) *ret) | 105 | STACK_OF(CONF_VALUE) *ret) |
| 106 | { | 106 | { |
| 107 | ACCESS_DESCRIPTION *desc; | 107 | ACCESS_DESCRIPTION *desc; |
| 108 | int i; | 108 | int i,nlen; |
| 109 | char objtmp[80], *ntmp; | 109 | char objtmp[80], *ntmp; |
| 110 | CONF_VALUE *vtmp; | 110 | CONF_VALUE *vtmp; |
| 111 | for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { | 111 | for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { |
| @@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method | |||
| 114 | if(!ret) break; | 114 | if(!ret) break; |
| 115 | vtmp = sk_CONF_VALUE_value(ret, i); | 115 | vtmp = sk_CONF_VALUE_value(ret, i); |
| 116 | i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); | 116 | i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); |
| 117 | ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); | 117 | nlen = strlen(objtmp) + strlen(vtmp->name) + 5; |
| 118 | ntmp = OPENSSL_malloc(nlen); | ||
| 118 | if(!ntmp) { | 119 | if(!ntmp) { |
| 119 | X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, | 120 | X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, |
| 120 | ERR_R_MALLOC_FAILURE); | 121 | ERR_R_MALLOC_FAILURE); |
| 121 | return NULL; | 122 | return NULL; |
| 122 | } | 123 | } |
| 123 | strcpy(ntmp, objtmp); | 124 | BUF_strlcpy(ntmp, objtmp, nlen); |
| 124 | strcat(ntmp, " - "); | 125 | BUF_strlcat(ntmp, " - ", nlen); |
| 125 | strcat(ntmp, vtmp->name); | 126 | BUF_strlcat(ntmp, vtmp->name, nlen); |
| 126 | OPENSSL_free(vtmp->name); | 127 | OPENSSL_free(vtmp->name); |
| 127 | vtmp->name = ntmp; | 128 | vtmp->name = ntmp; |
| 128 | 129 | ||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c index 4d145f71fd..b3d1ae5d1c 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 415 | * 1 is a CA | 415 | * 1 is a CA |
| 416 | * 2 basicConstraints absent so "maybe" a CA | 416 | * 2 basicConstraints absent so "maybe" a CA |
| 417 | * 3 basicConstraints absent but self signed V1. | 417 | * 3 basicConstraints absent but self signed V1. |
| 418 | * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. | ||
| 418 | */ | 419 | */ |
| 419 | 420 | ||
| 420 | #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) | 421 | #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) |
| @@ -436,7 +437,7 @@ static int ca_check(const X509 *x) | |||
| 436 | } else { | 437 | } else { |
| 437 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | 438 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; |
| 438 | /* If key usage present it must have certSign so tolerate it */ | 439 | /* If key usage present it must have certSign so tolerate it */ |
| 439 | else if (x->ex_flags & EXFLAG_KUSAGE) return 3; | 440 | else if (x->ex_flags & EXFLAG_KUSAGE) return 4; |
| 440 | else return 2; | 441 | else return 2; |
| 441 | } | 442 | } |
| 442 | } | 443 | } |
diff --git a/src/lib/libssl/src/doc/apps/config.pod b/src/lib/libssl/src/doc/apps/config.pod index ce874a42ce..8f823fa6d6 100644 --- a/src/lib/libssl/src/doc/apps/config.pod +++ b/src/lib/libssl/src/doc/apps/config.pod | |||
| @@ -10,7 +10,8 @@ config - OpenSSL CONF library configuration files | |||
| 10 | The OpenSSL CONF library can be used to read configuration files. | 10 | The OpenSSL CONF library can be used to read configuration files. |
| 11 | It is used for the OpenSSL master configuration file B<openssl.cnf> | 11 | It is used for the OpenSSL master configuration file B<openssl.cnf> |
| 12 | and in a few other places like B<SPKAC> files and certificate extension | 12 | and in a few other places like B<SPKAC> files and certificate extension |
| 13 | files for the B<x509> utility. | 13 | files for the B<x509> utility. OpenSSL applications can also use the |
| 14 | CONF library for their own purposes. | ||
| 14 | 15 | ||
| 15 | A configuration file is divided into a number of sections. Each section | 16 | A configuration file is divided into a number of sections. Each section |
| 16 | starts with a line B<[ section_name ]> and ends when a new section is | 17 | starts with a line B<[ section_name ]> and ends when a new section is |
| @@ -51,13 +52,146 @@ or the B<\> character. By making the last character of a line a B<\> | |||
| 51 | a B<value> string can be spread across multiple lines. In addition | 52 | a B<value> string can be spread across multiple lines. In addition |
| 52 | the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized. | 53 | the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized. |
| 53 | 54 | ||
| 55 | =head1 OPENSSL LIBRARY CONFIGURATION | ||
| 56 | |||
| 57 | In OpenSSL 0.9.7 and later applications can automatically configure certain | ||
| 58 | aspects of OpenSSL using the master OpenSSL configuration file, or optionally | ||
| 59 | an alternative configuration file. The B<openssl> utility includes this | ||
| 60 | functionality: any sub command uses the master OpenSSL configuration file | ||
| 61 | unless an option is used in the sub command to use an alternative configuration | ||
| 62 | file. | ||
| 63 | |||
| 64 | To enable library configuration the default section needs to contain an | ||
| 65 | appropriate line which points to the main configuration section. The default | ||
| 66 | name is B<openssl_conf> which is used by the B<openssl> utility. Other | ||
| 67 | applications may use an alternative name such as B<myapplicaton_conf>. | ||
| 68 | |||
| 69 | The configuration section should consist of a set of name value pairs which | ||
| 70 | contain specific module configuration information. The B<name> represents | ||
| 71 | the name of the I<configuration module> the meaning of the B<value> is | ||
| 72 | module specific: it may, for example, represent a further configuration | ||
| 73 | section containing configuration module specific information. E.g. | ||
| 74 | |||
| 75 | openssl_conf = openssl_init | ||
| 76 | |||
| 77 | [openssl_init] | ||
| 78 | |||
| 79 | oid_section = new_oids | ||
| 80 | engines = engine_section | ||
| 81 | |||
| 82 | [new_oids] | ||
| 83 | |||
| 84 | ... new oids here ... | ||
| 85 | |||
| 86 | [engine_section] | ||
| 87 | |||
| 88 | ... engine stuff here ... | ||
| 89 | |||
| 90 | Currently there are two configuration modules. One for ASN1 objects another | ||
| 91 | for ENGINE configuration. | ||
| 92 | |||
| 93 | =head2 ASN1 OBJECT CONFIGURATION MODULE | ||
| 94 | |||
| 95 | This module has the name B<oid_section>. The value of this variable points | ||
| 96 | to a section containing name value pairs of OIDs: the name is the OID short | ||
| 97 | and long name, the value is the numerical form of the OID. Although some of | ||
| 98 | the B<openssl> utility sub commands already have their own ASN1 OBJECT section | ||
| 99 | functionality not all do. By using the ASN1 OBJECT configuration module | ||
| 100 | B<all> the B<openssl> utility sub commands can see the new objects as well | ||
| 101 | as any compliant applications. For example: | ||
| 102 | |||
| 103 | [new_oids] | ||
| 104 | |||
| 105 | some_new_oid = 1.2.3.4 | ||
| 106 | some_other_oid = 1.2.3.5 | ||
| 107 | |||
| 108 | =head2 ENGINE CONFIGURATION MODULE | ||
| 109 | |||
| 110 | This ENGINE configuration module has the name B<engines>. The value of this | ||
| 111 | variable points to a section containing further ENGINE configuration | ||
| 112 | information. | ||
| 113 | |||
| 114 | The section pointed to by B<engines> is a table of engine names (though see | ||
| 115 | B<engine_id> below) and further sections containing configuration informations | ||
| 116 | specific to each ENGINE. | ||
| 117 | |||
| 118 | Each ENGINE specific section is used to set default algorithms, load | ||
| 119 | dynamic, perform initialization and send ctrls. The actual operation performed | ||
| 120 | depends on the I<command> name which is the name of the name value pair. The | ||
| 121 | currently supported commands are listed below. | ||
| 122 | |||
| 123 | For example: | ||
| 124 | |||
| 125 | [engine_section] | ||
| 126 | |||
| 127 | # Configure ENGINE named "foo" | ||
| 128 | foo = foo_section | ||
| 129 | # Configure ENGINE named "bar" | ||
| 130 | bar = bar_section | ||
| 131 | |||
| 132 | [foo_section] | ||
| 133 | ... foo ENGINE specific commands ... | ||
| 134 | |||
| 135 | [bar_section] | ||
| 136 | ... "bar" ENGINE specific commands ... | ||
| 137 | |||
| 138 | The command B<engine_id> is used to give the ENGINE name. If used this | ||
| 139 | command must be first. For example: | ||
| 140 | |||
| 141 | [engine_section] | ||
| 142 | # This would normally handle an ENGINE named "foo" | ||
| 143 | foo = foo_section | ||
| 144 | |||
| 145 | [foo_section] | ||
| 146 | # Override default name and use "myfoo" instead. | ||
| 147 | engine_id = myfoo | ||
| 148 | |||
| 149 | The command B<dynamic_path> loads and adds an ENGINE from the given path. It | ||
| 150 | is equivalent to sending the ctrls B<SO_PATH> with the path argument followed | ||
| 151 | by B<LIST_ADD> with value 2 and B<LOAD> to the dynamic ENGINE. If this is | ||
| 152 | not the required behaviour then alternative ctrls can be sent directly | ||
| 153 | to the dynamic ENGINE using ctrl commands. | ||
| 154 | |||
| 155 | The command B<init> determines whether to initialize the ENGINE. If the value | ||
| 156 | is B<0> the ENGINE will not be initialized, if B<1> and attempt it made to | ||
| 157 | initialized the ENGINE immediately. If the B<init> command is not present | ||
| 158 | then an attempt will be made to initialize the ENGINE after all commands in | ||
| 159 | its section have been processed. | ||
| 160 | |||
| 161 | The command B<default_algorithms> sets the default algorithms an ENGINE will | ||
| 162 | supply using the functions B<ENGINE_set_default_string()> | ||
| 163 | |||
| 164 | If the name matches none of the above command names it is assumed to be a | ||
| 165 | ctrl command which is sent to the ENGINE. The value of the command is the | ||
| 166 | argument to the ctrl command. If the value is the string B<EMPTY> then no | ||
| 167 | value is sent to the command. | ||
| 168 | |||
| 169 | For example: | ||
| 170 | |||
| 171 | |||
| 172 | [engine_section] | ||
| 173 | |||
| 174 | # Configure ENGINE named "foo" | ||
| 175 | foo = foo_section | ||
| 176 | |||
| 177 | [foo_section] | ||
| 178 | # Load engine from DSO | ||
| 179 | dynamic_path = /some/path/fooengine.so | ||
| 180 | # A foo specific ctrl. | ||
| 181 | some_ctrl = some_value | ||
| 182 | # Another ctrl that doesn't take a value. | ||
| 183 | other_ctrl = EMPTY | ||
| 184 | # Supply all default algorithms | ||
| 185 | default_algorithms = ALL | ||
| 186 | |||
| 54 | =head1 NOTES | 187 | =head1 NOTES |
| 55 | 188 | ||
| 56 | If a configuration file attempts to expand a variable that doesn't exist | 189 | If a configuration file attempts to expand a variable that doesn't exist |
| 57 | then an error is flagged and the file will not load. This can happen | 190 | then an error is flagged and the file will not load. This can happen |
| 58 | if an attempt is made to expand an environment variable that doesn't | 191 | if an attempt is made to expand an environment variable that doesn't |
| 59 | exist. For example the default OpenSSL master configuration file used | 192 | exist. For example in a previous version of OpenSSL the default OpenSSL |
| 60 | the value of B<HOME> which may not be defined on non Unix systems. | 193 | master configuration file used the value of B<HOME> which may not be |
| 194 | defined on non Unix systems and would cause an error. | ||
| 61 | 195 | ||
| 62 | This can be worked around by including a B<default> section to provide | 196 | This can be worked around by including a B<default> section to provide |
| 63 | a default value: then if the environment lookup fails the default value | 197 | a default value: then if the environment lookup fails the default value |
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod index 07dd80eabe..dc0f49ddca 100644 --- a/src/lib/libssl/src/doc/apps/openssl.pod +++ b/src/lib/libssl/src/doc/apps/openssl.pod | |||
| @@ -329,7 +329,8 @@ L<passwd(1)|passwd(1)>, | |||
| 329 | L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, | 329 | L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, |
| 330 | L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, | 330 | L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, |
| 331 | L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, | 331 | L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, |
| 332 | L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, | 332 | L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, |
| 333 | L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, | ||
| 333 | L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, | 334 | L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, |
| 334 | L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> | 335 | L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> |
| 335 | 336 | ||
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod index d061326c1f..8d19079973 100644 --- a/src/lib/libssl/src/doc/apps/s_client.pod +++ b/src/lib/libssl/src/doc/apps/s_client.pod | |||
| @@ -8,7 +8,7 @@ s_client - SSL/TLS client program | |||
| 8 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS |
| 9 | 9 | ||
| 10 | B<openssl> B<s_client> | 10 | B<openssl> B<s_client> |
| 11 | [B<-connect> host:port>] | 11 | [B<-connect host:port>] |
| 12 | [B<-verify depth>] | 12 | [B<-verify depth>] |
| 13 | [B<-cert filename>] | 13 | [B<-cert filename>] |
| 14 | [B<-key filename>] | 14 | [B<-key filename>] |
| @@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page. | |||
| 208 | 208 | ||
| 209 | If the handshake fails then there are several possible causes, if it is | 209 | If the handshake fails then there are several possible causes, if it is |
| 210 | nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, | 210 | nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, |
| 211 | B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried | 211 | B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried |
| 212 | in case it is a buggy server. In particular you should play with these | 212 | in case it is a buggy server. In particular you should play with these |
| 213 | options B<before> submitting a bug report to an OpenSSL mailing list. | 213 | options B<before> submitting a bug report to an OpenSSL mailing list. |
| 214 | 214 | ||
| @@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it | |||
| 219 | requests a certificate. By using B<s_client> the CA list can be viewed | 219 | requests a certificate. By using B<s_client> the CA list can be viewed |
| 220 | and checked. However some servers only request client authentication | 220 | and checked. However some servers only request client authentication |
| 221 | after a specific URL is requested. To obtain the list in this case it | 221 | after a specific URL is requested. To obtain the list in this case it |
| 222 | is necessary to use the B<-prexit> command and send an HTTP request | 222 | is necessary to use the B<-prexit> option and send an HTTP request |
| 223 | for an appropriate page. | 223 | for an appropriate page. |
| 224 | 224 | ||
| 225 | If a certificate is specified on the command line using the B<-cert> | 225 | If a certificate is specified on the command line using the B<-cert> |
diff --git a/src/lib/libssl/src/doc/apps/s_time.pod b/src/lib/libssl/src/doc/apps/s_time.pod new file mode 100644 index 0000000000..5a38aa2e03 --- /dev/null +++ b/src/lib/libssl/src/doc/apps/s_time.pod | |||
| @@ -0,0 +1,173 @@ | |||
| 1 | |||
| 2 | =pod | ||
| 3 | |||
| 4 | =head1 NAME | ||
| 5 | |||
| 6 | s_time - SSL/TLS performance timing program | ||
| 7 | |||
| 8 | =head1 SYNOPSIS | ||
| 9 | |||
| 10 | B<openssl> B<s_time> | ||
| 11 | [B<-connect host:port>] | ||
| 12 | [B<-www page>] | ||
| 13 | [B<-cert filename>] | ||
| 14 | [B<-key filename>] | ||
| 15 | [B<-CApath directory>] | ||
| 16 | [B<-CAfile filename>] | ||
| 17 | [B<-reuse>] | ||
| 18 | [B<-new>] | ||
| 19 | [B<-verify depth>] | ||
| 20 | [B<-nbio>] | ||
| 21 | [B<-time seconds>] | ||
| 22 | [B<-ssl2>] | ||
| 23 | [B<-ssl3>] | ||
| 24 | [B<-bugs>] | ||
| 25 | [B<-cipher cipherlist>] | ||
| 26 | |||
| 27 | =head1 DESCRIPTION | ||
| 28 | |||
| 29 | The B<s_client> command implements a generic SSL/TLS client which connects to a | ||
| 30 | remote host using SSL/TLS. It can request a page from the server and includes | ||
| 31 | the time to transfer the payload data in its timing measurements. It measures | ||
| 32 | the number of connections within a given timeframe, the amount of data | ||
| 33 | transferred (if any), and calculates the average time spent for one connection. | ||
| 34 | |||
| 35 | =head1 OPTIONS | ||
| 36 | |||
| 37 | =over 4 | ||
| 38 | |||
| 39 | =item B<-connect host:port> | ||
| 40 | |||
| 41 | This specifies the host and optional port to connect to. | ||
| 42 | |||
| 43 | =item B<-www page> | ||
| 44 | |||
| 45 | This specifies the page to GET from the server. A value of '/' gets the | ||
| 46 | index.htm[l] page. If this parameter is not specified, then B<s_time> will only | ||
| 47 | perform the handshake to establish SSL connections but not transfer any | ||
| 48 | payload data. | ||
| 49 | |||
| 50 | =item B<-cert certname> | ||
| 51 | |||
| 52 | The certificate to use, if one is requested by the server. The default is | ||
| 53 | not to use a certificate. The file is in PEM format. | ||
| 54 | |||
| 55 | =item B<-key keyfile> | ||
| 56 | |||
| 57 | The private key to use. If not specified then the certificate file will | ||
| 58 | be used. The file is in PEM format. | ||
| 59 | |||
| 60 | =item B<-verify depth> | ||
| 61 | |||
| 62 | The verify depth to use. This specifies the maximum length of the | ||
| 63 | server certificate chain and turns on server certificate verification. | ||
| 64 | Currently the verify operation continues after errors so all the problems | ||
| 65 | with a certificate chain can be seen. As a side effect the connection | ||
| 66 | will never fail due to a server certificate verify failure. | ||
| 67 | |||
| 68 | =item B<-CApath directory> | ||
| 69 | |||
| 70 | The directory to use for server certificate verification. This directory | ||
| 71 | must be in "hash format", see B<verify> for more information. These are | ||
| 72 | also used when building the client certificate chain. | ||
| 73 | |||
| 74 | =item B<-CAfile file> | ||
| 75 | |||
| 76 | A file containing trusted certificates to use during server authentication | ||
| 77 | and to use when attempting to build the client certificate chain. | ||
| 78 | |||
| 79 | =item B<-new> | ||
| 80 | |||
| 81 | performs the timing test using a new session ID for each connection. | ||
| 82 | If neither B<-new> nor B<-reuse> are specified, they are both on by default | ||
| 83 | and executed in sequence. | ||
| 84 | |||
| 85 | =item B<-reuse> | ||
| 86 | |||
| 87 | performs the timing test using the same session ID; this can be used as a test | ||
| 88 | that session caching is working. If neither B<-new> nor B<-reuse> are | ||
| 89 | specified, they are both on by default and executed in sequence. | ||
| 90 | |||
| 91 | =item B<-nbio> | ||
| 92 | |||
| 93 | turns on non-blocking I/O. | ||
| 94 | |||
| 95 | =item B<-ssl2>, B<-ssl3> | ||
| 96 | |||
| 97 | these options disable the use of certain SSL or TLS protocols. By default | ||
| 98 | the initial handshake uses a method which should be compatible with all | ||
| 99 | servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. | ||
| 100 | The timing program is not as rich in options to turn protocols on and off as | ||
| 101 | the L<s_client(1)|s_client(1)> program and may not connect to all servers. | ||
| 102 | |||
| 103 | Unfortunately there are a lot of ancient and broken servers in use which | ||
| 104 | cannot handle this technique and will fail to connect. Some servers only | ||
| 105 | work if TLS is turned off with the B<-ssl3> option; others | ||
| 106 | will only support SSL v2 and may need the B<-ssl2> option. | ||
| 107 | |||
| 108 | =item B<-bugs> | ||
| 109 | |||
| 110 | there are several known bug in SSL and TLS implementations. Adding this | ||
| 111 | option enables various workarounds. | ||
| 112 | |||
| 113 | =item B<-cipher cipherlist> | ||
| 114 | |||
| 115 | this allows the cipher list sent by the client to be modified. Although | ||
| 116 | the server determines which cipher suite is used it should take the first | ||
| 117 | supported cipher in the list sent by the client. | ||
| 118 | See the L<ciphers(1)|ciphers(1)> command for more information. | ||
| 119 | |||
| 120 | =item B<-time length> | ||
| 121 | |||
| 122 | specifies how long (in seconds) B<s_time> should establish connections and | ||
| 123 | optionally transfer payload data from a server. Server and client performance | ||
| 124 | and the link speed determine how many connections B<s_time> can establish. | ||
| 125 | |||
| 126 | =back | ||
| 127 | |||
| 128 | =head1 NOTES | ||
| 129 | |||
| 130 | B<s_client> can be used to measure the performance of an SSL connection. | ||
| 131 | To connect to an SSL HTTP server and get the default page the command | ||
| 132 | |||
| 133 | openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3] | ||
| 134 | |||
| 135 | would typically be used (https uses port 443). 'commoncipher' is a cipher to | ||
| 136 | which both client and server can agree, see the L<ciphers(1)|ciphers(1)> command | ||
| 137 | for details. | ||
| 138 | |||
| 139 | If the handshake fails then there are several possible causes, if it is | ||
| 140 | nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, | ||
| 141 | B<-ssl3> options can be tried | ||
| 142 | in case it is a buggy server. In particular you should play with these | ||
| 143 | options B<before> submitting a bug report to an OpenSSL mailing list. | ||
| 144 | |||
| 145 | A frequent problem when attempting to get client certificates working | ||
| 146 | is that a web client complains it has no certificates or gives an empty | ||
| 147 | list to choose from. This is normally because the server is not sending | ||
| 148 | the clients certificate authority in its "acceptable CA list" when it | ||
| 149 | requests a certificate. By using L<s_client(1)|s_client(1)> the CA list can be | ||
| 150 | viewed and checked. However some servers only request client authentication | ||
| 151 | after a specific URL is requested. To obtain the list in this case it | ||
| 152 | is necessary to use the B<-prexit> option of L<s_client(1)|s_client(1)> and | ||
| 153 | send an HTTP request for an appropriate page. | ||
| 154 | |||
| 155 | If a certificate is specified on the command line using the B<-cert> | ||
| 156 | option it will not be used unless the server specifically requests | ||
| 157 | a client certificate. Therefor merely including a client certificate | ||
| 158 | on the command line is no guarantee that the certificate works. | ||
| 159 | |||
| 160 | =head1 BUGS | ||
| 161 | |||
| 162 | Because this program does not have all the options of the | ||
| 163 | L<s_client(1)|s_client(1)> program to turn protocols on and off, you may not be | ||
| 164 | able to measure the performance of all protocols with all servers. | ||
| 165 | |||
| 166 | The B<-verify> option should really exit if the server verification | ||
| 167 | fails. | ||
| 168 | |||
| 169 | =head1 SEE ALSO | ||
| 170 | |||
| 171 | L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)> | ||
| 172 | |||
| 173 | =cut | ||
diff --git a/src/lib/libssl/src/doc/apps/smime.pod b/src/lib/libssl/src/doc/apps/smime.pod index 2453dd2738..84b673f791 100644 --- a/src/lib/libssl/src/doc/apps/smime.pod +++ b/src/lib/libssl/src/doc/apps/smime.pod | |||
| @@ -17,6 +17,9 @@ B<openssl> B<smime> | |||
| 17 | [B<-rc2-40>] | 17 | [B<-rc2-40>] |
| 18 | [B<-rc2-64>] | 18 | [B<-rc2-64>] |
| 19 | [B<-rc2-128>] | 19 | [B<-rc2-128>] |
| 20 | [B<-aes128>] | ||
| 21 | [B<-aes192>] | ||
| 22 | [B<-aes256>] | ||
| 20 | [B<-in file>] | 23 | [B<-in file>] |
| 21 | [B<-certfile file>] | 24 | [B<-certfile file>] |
| 22 | [B<-signer file>] | 25 | [B<-signer file>] |
| @@ -126,11 +129,11 @@ B<-verify>. This directory must be a standard certificate directory: that | |||
| 126 | is a hash of each subject name (using B<x509 -hash>) should be linked | 129 | is a hash of each subject name (using B<x509 -hash>) should be linked |
| 127 | to each certificate. | 130 | to each certificate. |
| 128 | 131 | ||
| 129 | =item B<-des -des3 -rc2-40 -rc2-64 -rc2-128> | 132 | =item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256> |
| 130 | 133 | ||
| 131 | the encryption algorithm to use. DES (56 bits), triple DES (168 bits) | 134 | the encryption algorithm to use. DES (56 bits), triple DES (168 bits), |
| 132 | or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is | 135 | 40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not |
| 133 | used. Only used with B<-encrypt>. | 136 | specified 40 bit RC2 is used. Only used with B<-encrypt>. |
| 134 | 137 | ||
| 135 | =item B<-nointern> | 138 | =item B<-nointern> |
| 136 | 139 | ||
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod index a56ee2b92f..f0b731731f 100644 --- a/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod +++ b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod | |||
| @@ -287,8 +287,8 @@ a client and also echoes the request to standard output. | |||
| 287 | return 0; | 287 | return 0; |
| 288 | } | 288 | } |
| 289 | 289 | ||
| 290 | BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n"); | 290 | BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n"); |
| 291 | BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n"); | 291 | BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n"); |
| 292 | BIO_puts(sbio, "--------------------------------------------------\r\n"); | 292 | BIO_puts(sbio, "--------------------------------------------------\r\n"); |
| 293 | 293 | ||
| 294 | for(;;) { | 294 | for(;;) { |
| @@ -301,7 +301,7 @@ a client and also echoes the request to standard output. | |||
| 301 | } | 301 | } |
| 302 | 302 | ||
| 303 | BIO_puts(sbio, "--------------------------------------------------\r\n"); | 303 | BIO_puts(sbio, "--------------------------------------------------\r\n"); |
| 304 | BIO_puts(sbio, "</pre>\r\n"); | 304 | BIO_puts(sbio, "\r\n"); |
| 305 | 305 | ||
| 306 | /* Since there is a buffering BIO present we had better flush it */ | 306 | /* Since there is a buffering BIO present we had better flush it */ |
| 307 | BIO_flush(sbio); | 307 | BIO_flush(sbio); |
diff --git a/src/lib/libssl/src/doc/crypto/CONF_modules_free.pod b/src/lib/libssl/src/doc/crypto/CONF_modules_free.pod new file mode 100644 index 0000000000..af8ae6a5c9 --- /dev/null +++ b/src/lib/libssl/src/doc/crypto/CONF_modules_free.pod | |||
| @@ -0,0 +1,47 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | CONF_modules_free, CONF_modules_load, CONF_modules_unload - | ||
| 6 | OpenSSL configuration cleanup functions | ||
| 7 | |||
| 8 | =head1 SYNOPSIS | ||
| 9 | |||
| 10 | #include <openssl/conf.h> | ||
| 11 | |||
| 12 | void CONF_modules_free(void); | ||
| 13 | void CONF_modules_unload(int all); | ||
| 14 | void CONF_modules_finish(void); | ||
| 15 | |||
| 16 | =head1 DESCRIPTION | ||
| 17 | |||
| 18 | CONF_modules_free() closes down and frees up all memory allocated by all | ||
| 19 | configuration modules. | ||
| 20 | |||
| 21 | CONF_modules_finish() calls each configuration modules B<finish> handler | ||
| 22 | to free up any configuration that module may have performed. | ||
| 23 | |||
| 24 | CONF_modules_unload() finishes and unloads configuration modules. If | ||
| 25 | B<all> is set to B<0> only modules loaded from DSOs will be unloads. If | ||
| 26 | B<all> is B<1> all modules, including builtin modules will be unloaded. | ||
| 27 | |||
| 28 | =head1 NOTES | ||
| 29 | |||
| 30 | Normally applications will only call CONF_modules_free() at application to | ||
| 31 | tidy up any configuration performed. | ||
| 32 | |||
| 33 | =head1 RETURN VALUE | ||
| 34 | |||
| 35 | None of the functions return a value. | ||
| 36 | |||
| 37 | =head1 SEE ALSO | ||
| 38 | |||
| 39 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, | ||
| 40 | L<CONF_modules_load_file(3), CONF_modules_load_file(3)> | ||
| 41 | |||
| 42 | =head1 HISTORY | ||
| 43 | |||
| 44 | CONF_modules_free(), CONF_modules_unload(), and CONF_modules_finish() | ||
| 45 | first appeared in OpenSSL 0.9.7. | ||
| 46 | |||
| 47 | =cut | ||
diff --git a/src/lib/libssl/src/doc/crypto/CONF_modules_load_file.pod b/src/lib/libssl/src/doc/crypto/CONF_modules_load_file.pod new file mode 100644 index 0000000000..9965d69bf2 --- /dev/null +++ b/src/lib/libssl/src/doc/crypto/CONF_modules_load_file.pod | |||
| @@ -0,0 +1,60 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/conf.h> | ||
| 10 | |||
| 11 | int CONF_modules_load_file(const char *filename, const char *appname, | ||
| 12 | unsigned long flags); | ||
| 13 | int CONF_modules_load(const CONF *cnf, const char *appname, | ||
| 14 | unsigned long flags); | ||
| 15 | |||
| 16 | =head1 DESCRIPTION | ||
| 17 | |||
| 18 | The function CONF_modules_load_file() configures OpenSSL using file | ||
| 19 | B<filename> and application name B<appname>. If B<filename> is NULL | ||
| 20 | the standard OpenSSL configuration file is used. If B<appname> is | ||
| 21 | NULL the standard OpenSSL application name B<openssl_conf> is used. | ||
| 22 | The behaviour can be cutomized using B<flags>. | ||
| 23 | |||
| 24 | CONF_modules_load() is idential to CONF_modules_load_file() except it | ||
| 25 | read configuration information from B<cnf>. | ||
| 26 | |||
| 27 | =head1 NOTES | ||
| 28 | |||
| 29 | The following B<flags> are currently recognized: | ||
| 30 | |||
| 31 | B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual | ||
| 32 | configuration modules are ignored. If not set the first module error is | ||
| 33 | considered fatal and no further modules are loads. | ||
| 34 | |||
| 35 | Normally any modules errors will add error information to the error queue. If | ||
| 36 | B<CONF_MFLAGS_SILENT> is set no error information is added. | ||
| 37 | |||
| 38 | If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is | ||
| 39 | disabled. | ||
| 40 | |||
| 41 | B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file() | ||
| 42 | ignore missing configuration files. Normally a missing configuration file | ||
| 43 | return an error. | ||
| 44 | |||
| 45 | =head1 RETURN VALUE | ||
| 46 | |||
| 47 | These functions return 1 for success and a zero or negative value for | ||
| 48 | failure. If module errors are not ignored the return code will reflect the | ||
| 49 | return value of the failing module (this will always be zero or negative). | ||
| 50 | |||
| 51 | =head1 SEE ALSO | ||
| 52 | |||
| 53 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, | ||
| 54 | L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)> | ||
| 55 | |||
| 56 | =head1 HISTORY | ||
| 57 | |||
| 58 | CONF_modules_load_file and CONF_modules_load first appeared in OpenSSL 0.9.7. | ||
| 59 | |||
| 60 | =cut | ||
diff --git a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod index 5ce4add082..016381f3e9 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | EVP_BytesToKey - password based encryption routine | 5 | EVP_BytesToKey - password based encryption routine |
| 6 | 6 | ||
| 7 | =head1 SYNOPSIS | 7 | =head1 SYNOPSIS |
| 8 | 8 | ||
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod index 5901c39526..1cb315e739 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod | |||
| @@ -4,7 +4,7 @@ | |||
| 4 | 4 | ||
| 5 | EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, | 5 | EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, |
| 6 | EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, | 6 | EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, |
| 7 | EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, | 7 | EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, |
| 8 | EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, | 8 | EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, |
| 9 | EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, | 9 | EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, |
| 10 | EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - | 10 | EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - |
diff --git a/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod b/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod new file mode 100644 index 0000000000..16600620cc --- /dev/null +++ b/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod | |||
| @@ -0,0 +1,82 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/conf.h> | ||
| 10 | |||
| 11 | void OPENSSL_config(const char *config_name); | ||
| 12 | void OPENSSL_no_config(void); | ||
| 13 | |||
| 14 | =head1 DESCRIPTION | ||
| 15 | |||
| 16 | OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> | ||
| 17 | configuration file name using B<config_name>. If B<config_name> is NULL then | ||
| 18 | the default name B<openssl_conf> will be used. Any errors are ignored. Further | ||
| 19 | calls to OPENSSL_config() will have no effect. The configuration file format | ||
| 20 | is documented in the L<conf(5)|conf(5)> manual page. | ||
| 21 | |||
| 22 | OPENSSL_no_config() disables configuration. If called before OPENSSL_config() | ||
| 23 | no configuration takes place. | ||
| 24 | |||
| 25 | =head1 NOTES | ||
| 26 | |||
| 27 | It is B<strongly> recommended that B<all> new applications call OPENSSL_config() | ||
| 28 | or the more sophisticated functions such as CONF_modules_load() during | ||
| 29 | initialization (that is before starting any threads). By doing this | ||
| 30 | an application does not need to keep track of all configuration options | ||
| 31 | and some new functionality can be supported automatically. | ||
| 32 | |||
| 33 | It is also possible to automatically call OPENSSL_config() when an application | ||
| 34 | calls OPENSSL_add_all_algorithms() by compiling an application with the | ||
| 35 | preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration | ||
| 36 | can be added without source changes. | ||
| 37 | |||
| 38 | The environment variable B<OPENSSL_CONFIG> can be set to specify the location | ||
| 39 | of the configuration file. | ||
| 40 | |||
| 41 | Currently ASN1 OBJECTs and ENGINE configuration can be performed future | ||
| 42 | versions of OpenSSL will add new configuration options. | ||
| 43 | |||
| 44 | There are several reasons why calling the OpenSSL configuration routines is | ||
| 45 | advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7. | ||
| 46 | In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be | ||
| 47 | used (among other things) to load dynamic ENGINEs from shared libraries (DSOs). | ||
| 48 | However very few applications currently support the control interface and so | ||
| 49 | very few can load and use dynamic ENGINEs. Equally in future more sophisticated | ||
| 50 | ENGINEs will require certain control operations to customize them. If an | ||
| 51 | application calls OPENSSL_config() it doesn't need to know or care about | ||
| 52 | ENGINE control operations because they can be performed by editing a | ||
| 53 | configuration file. | ||
| 54 | |||
| 55 | Applications should free up configuration at application closedown by calling | ||
| 56 | CONF_modules_free(). | ||
| 57 | |||
| 58 | =head1 RESTRICTIONS | ||
| 59 | |||
| 60 | The OPENSSL_config() function is designed to be a very simple "call it and | ||
| 61 | forget it" function. As a result its behaviour is somewhat limited. It ignores | ||
| 62 | all errors silently and it can only load from the standard configuration file | ||
| 63 | location for example. | ||
| 64 | |||
| 65 | It is however B<much> better than nothing. Applications which need finer | ||
| 66 | control over their configuration functionality should use the configuration | ||
| 67 | functions such as CONF_load_modules() directly. | ||
| 68 | |||
| 69 | =head1 RETURN VALUES | ||
| 70 | |||
| 71 | Neither OPENSSL_config() nor OPENSSL_no_config() return a value. | ||
| 72 | |||
| 73 | =head1 SEE ALSO | ||
| 74 | |||
| 75 | L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>, | ||
| 76 | L<CONF_modules_free(3),CONF_modules_free(3)> | ||
| 77 | |||
| 78 | =head1 HISTORY | ||
| 79 | |||
| 80 | OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7 | ||
| 81 | |||
| 82 | =cut | ||
diff --git a/src/lib/libssl/src/doc/crypto/OPENSSL_load_builtin_modules.pod b/src/lib/libssl/src/doc/crypto/OPENSSL_load_builtin_modules.pod new file mode 100644 index 0000000000..f14dfaf005 --- /dev/null +++ b/src/lib/libssl/src/doc/crypto/OPENSSL_load_builtin_modules.pod | |||
| @@ -0,0 +1,51 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | OPENSSL_load_builtin_modules - add standard configuration modules | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/conf.h> | ||
| 10 | |||
| 11 | void OPENSSL_load_builtin_modules(void); | ||
| 12 | void ASN1_add_oid_module(void); | ||
| 13 | ENGINE_add_conf_module(); | ||
| 14 | |||
| 15 | =head1 DESCRIPTION | ||
| 16 | |||
| 17 | The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL | ||
| 18 | configuration modules to the internal list. They can then be used by the | ||
| 19 | OpenSSL configuration code. | ||
| 20 | |||
| 21 | ASN1_add_oid_module() adds just the ASN1 OBJECT module. | ||
| 22 | |||
| 23 | ENGINE_add_conf_module() adds just the ENGINE configuration module. | ||
| 24 | |||
| 25 | =head1 NOTES | ||
| 26 | |||
| 27 | If the simple configuration function OPENSSL_config() is called then | ||
| 28 | OPENSSL_load_builtin_modules() is called automatically. | ||
| 29 | |||
| 30 | Applications which use the configuration functions directly will need to | ||
| 31 | call OPENSSL_load_builtin_modules() themselves I<before> any other | ||
| 32 | configuration code. | ||
| 33 | |||
| 34 | Applications should call OPENSSL_load_builtin_modules() to load all | ||
| 35 | configuration modules instead of adding modules selectively: otherwise | ||
| 36 | functionality may be missing from the application if an when new | ||
| 37 | modules are added. | ||
| 38 | |||
| 39 | =head1 RETURN VALUE | ||
| 40 | |||
| 41 | None of the functions return a value. | ||
| 42 | |||
| 43 | =head1 SEE ALSO | ||
| 44 | |||
| 45 | L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)> | ||
| 46 | |||
| 47 | =head1 HISTORY | ||
| 48 | |||
| 49 | These functions first appeared in OpenSSL 0.9.7. | ||
| 50 | |||
| 51 | =cut | ||
diff --git a/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod b/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod index 486c903430..e63411b5bb 100644 --- a/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/src/lib/libssl/src/doc/crypto/OpenSSL_add_all_algorithms.pod | |||
| @@ -36,7 +36,7 @@ None of the functions return a value. | |||
| 36 | 36 | ||
| 37 | =head1 NOTES | 37 | =head1 NOTES |
| 38 | 38 | ||
| 39 | A typical application will will call OpenSSL_add_all_algorithms() initially and | 39 | A typical application will call OpenSSL_add_all_algorithms() initially and |
| 40 | EVP_cleanup() before exiting. | 40 | EVP_cleanup() before exiting. |
| 41 | 41 | ||
| 42 | An application does not need to add algorithms to use them explicitly, for example | 42 | An application does not need to add algorithms to use them explicitly, for example |
diff --git a/src/lib/libssl/src/doc/crypto/RSA_print.pod b/src/lib/libssl/src/doc/crypto/RSA_print.pod index e28d107d1c..c971e91f4d 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_print.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_print.pod | |||
| @@ -44,6 +44,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)> | |||
| 44 | 44 | ||
| 45 | RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), | 45 | RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), |
| 46 | DH_print_fp() are available in all versions of SSLeay and OpenSSL. | 46 | DH_print_fp() are available in all versions of SSLeay and OpenSSL. |
| 47 | DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8. | 47 | DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8. |
| 48 | 48 | ||
| 49 | =cut | 49 | =cut |
diff --git a/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod b/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod index 6ebd30427b..22c1b50f22 100644 --- a/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod +++ b/src/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod | |||
| @@ -9,6 +9,7 @@ and parsing functions. | |||
| 9 | =head1 SYNOPSIS | 9 | =head1 SYNOPSIS |
| 10 | 10 | ||
| 11 | #include <openssl/dsa.h> | 11 | #include <openssl/dsa.h> |
| 12 | #include <openssl/x509.h> | ||
| 12 | 13 | ||
| 13 | DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); | 14 | DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); |
| 14 | 15 | ||
| @@ -35,8 +36,8 @@ and parsing functions. | |||
| 35 | d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key | 36 | d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key |
| 36 | components structure. | 37 | components structure. |
| 37 | 38 | ||
| 38 | d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a | 39 | d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using |
| 39 | SubjectPublicKeyInfo (certificate public key) structure. | 40 | a SubjectPublicKeyInfo (certificate public key) structure. |
| 40 | 41 | ||
| 41 | d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key | 42 | d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key |
| 42 | components. | 43 | components. |
diff --git a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod index 7c71bcbf3d..279b29c873 100644 --- a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod +++ b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod | |||
| @@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions. | |||
| 9 | =head1 SYNOPSIS | 9 | =head1 SYNOPSIS |
| 10 | 10 | ||
| 11 | #include <openssl/rsa.h> | 11 | #include <openssl/rsa.h> |
| 12 | #include <openssl/x509.h> | ||
| 12 | 13 | ||
| 13 | RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); | 14 | RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); |
| 14 | 15 | ||
| @@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions. | |||
| 31 | d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey | 32 | d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey |
| 32 | structure. | 33 | structure. |
| 33 | 34 | ||
| 34 | d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a | 35 | d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using |
| 35 | SubjectPublicKeyInfo (certificate public key) structure. | 36 | a SubjectPublicKeyInfo (certificate public key) structure. |
| 36 | 37 | ||
| 37 | d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey | 38 | d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey |
| 38 | structure. | 39 | structure. |
diff --git a/src/lib/libssl/src/doc/crypto/des.pod b/src/lib/libssl/src/doc/crypto/des.pod index 528c73acac..6f0cf1cc5e 100644 --- a/src/lib/libssl/src/doc/crypto/des.pod +++ b/src/lib/libssl/src/doc/crypto/des.pod | |||
| @@ -283,7 +283,7 @@ DES_cbc_encrypt is used. | |||
| 283 | =head1 NOTES | 283 | =head1 NOTES |
| 284 | 284 | ||
| 285 | Single-key DES is insecure due to its short key size. ECB mode is | 285 | Single-key DES is insecure due to its short key size. ECB mode is |
| 286 | not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>. | 286 | not suitable for most applications; see L<des_modes(7)|des_modes(7)>. |
| 287 | 287 | ||
| 288 | The L<evp(3)|evp(3)> library provides higher-level encryption functions. | 288 | The L<evp(3)|evp(3)> library provides higher-level encryption functions. |
| 289 | 289 | ||
diff --git a/src/lib/libssl/src/doc/crypto/pem.pod b/src/lib/libssl/src/doc/crypto/pem.pod index a4f8cc3337..8613114452 100644 --- a/src/lib/libssl/src/doc/crypto/pem.pod +++ b/src/lib/libssl/src/doc/crypto/pem.pod | |||
| @@ -330,7 +330,7 @@ most of them are set to 0 or NULL. | |||
| 330 | Read a certificate in PEM format from a BIO: | 330 | Read a certificate in PEM format from a BIO: |
| 331 | 331 | ||
| 332 | X509 *x; | 332 | X509 *x; |
| 333 | x = PEM_read_bio(bp, NULL, 0, NULL); | 333 | x = PEM_read_bio_X509(bp, NULL, 0, NULL); |
| 334 | if (x == NULL) | 334 | if (x == NULL) |
| 335 | { | 335 | { |
| 336 | /* Error */ | 336 | /* Error */ |
| @@ -459,12 +459,12 @@ returned by EVP_bytestokey(). | |||
| 459 | The PEM read routines in some versions of OpenSSL will not correctly reuse | 459 | The PEM read routines in some versions of OpenSSL will not correctly reuse |
| 460 | an existing structure. Therefore the following: | 460 | an existing structure. Therefore the following: |
| 461 | 461 | ||
| 462 | PEM_read_bio(bp, &x, 0, NULL); | 462 | PEM_read_bio_X509(bp, &x, 0, NULL); |
| 463 | 463 | ||
| 464 | where B<x> already contains a valid certificate, may not work, whereas: | 464 | where B<x> already contains a valid certificate, may not work, whereas: |
| 465 | 465 | ||
| 466 | X509_free(x); | 466 | X509_free(x); |
| 467 | x = PEM_read_bio(bp, NULL, 0, NULL); | 467 | x = PEM_read_bio_X509(bp, NULL, 0, NULL); |
| 468 | 468 | ||
| 469 | is guaranteed to work. | 469 | is guaranteed to work. |
| 470 | 470 | ||
diff --git a/src/lib/libssl/src/doc/crypto/ui.pod b/src/lib/libssl/src/doc/crypto/ui.pod index 2b3535a746..6df68d604a 100644 --- a/src/lib/libssl/src/doc/crypto/ui.pod +++ b/src/lib/libssl/src/doc/crypto/ui.pod | |||
| @@ -5,7 +5,7 @@ | |||
| 5 | UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, | 5 | UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, |
| 6 | UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, | 6 | UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, |
| 7 | UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, | 7 | UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, |
| 8 | UI_add_error_string, UI_dup_error_string, UI_construct_prompt | 8 | UI_add_error_string, UI_dup_error_string, UI_construct_prompt, |
| 9 | UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, | 9 | UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, |
| 10 | UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, | 10 | UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, |
| 11 | UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface | 11 | UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod b/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod index 2a98739114..42fa66b197 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod | |||
| @@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values: | |||
| 53 | 53 | ||
| 54 | =over 4 | 54 | =over 4 |
| 55 | 55 | ||
| 56 | =item 1 | 56 | =item 0 |
| 57 | 57 | ||
| 58 | The operation succeeded. | 58 | The operation succeeded. |
| 59 | 59 | ||
| 60 | =item 0 | 60 | =item 1 |
| 61 | 61 | ||
| 62 | The operation failed. Check the error queue to find out the reason. | 62 | The operation failed. Check the error queue to find out the reason. |
| 63 | 63 | ||
diff --git a/src/lib/libssl/src/doc/ssleay.txt b/src/lib/libssl/src/doc/ssleay.txt index c6049d5e53..d44d2f04a0 100644 --- a/src/lib/libssl/src/doc/ssleay.txt +++ b/src/lib/libssl/src/doc/ssleay.txt | |||
| @@ -6245,7 +6245,7 @@ SSL_get_app_data | |||
| 6245 | void SSL_CTX_set_default_verify | 6245 | void SSL_CTX_set_default_verify |
| 6246 | 6246 | ||
| 6247 | /* This callback, if set, totaly overrides the normal SSLeay verification | 6247 | /* This callback, if set, totaly overrides the normal SSLeay verification |
| 6248 | * functions and should return 1 on sucesss and 0 on failure */ | 6248 | * functions and should return 1 on success and 0 on failure */ |
| 6249 | void SSL_CTX_set_cert_verify_callback | 6249 | void SSL_CTX_set_cert_verify_callback |
| 6250 | 6250 | ||
| 6251 | /* The following are the same as the equivilent SSL_xxx functions. | 6251 | /* The following are the same as the equivilent SSL_xxx functions. |
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec index 9ce236e0d2..6a272f6969 100644 --- a/src/lib/libssl/src/openssl.spec +++ b/src/lib/libssl/src/openssl.spec | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | %define libmaj 0 | 1 | %define libmaj 0 |
| 2 | %define libmin 9 | 2 | %define libmin 9 |
| 3 | %define librel 7 | 3 | %define librel 7 |
| 4 | %define librev c | 4 | %define librev d |
| 5 | Release: 1 | 5 | Release: 1 |
| 6 | 6 | ||
| 7 | %define openssldir /var/ssl | 7 | %define openssldir /var/ssl |
diff --git a/src/lib/libssl/src/os2/OS2-EMX.cmd b/src/lib/libssl/src/os2/OS2-EMX.cmd index acab99ac39..5924b50b6d 100644 --- a/src/lib/libssl/src/os2/OS2-EMX.cmd +++ b/src/lib/libssl/src/os2/OS2-EMX.cmd | |||
| @@ -64,3 +64,39 @@ echo RC5\32 | |||
| 64 | cd crypto\rc5\asm | 64 | cd crypto\rc5\asm |
| 65 | perl rc5-586.pl a.out > r5-os2.asm | 65 | perl rc5-586.pl a.out > r5-os2.asm |
| 66 | cd ..\..\.. | 66 | cd ..\..\.. |
| 67 | |||
| 68 | cd os2 | ||
| 69 | |||
| 70 | if exist noname\backward_ssl.def goto nomkdir | ||
| 71 | mkdir noname | ||
| 72 | :nomkdir | ||
| 73 | |||
| 74 | perl backwardify.pl crypto.def >backward_crypto.def | ||
| 75 | perl backwardify.pl ssl.def >backward_ssl.def | ||
| 76 | perl backwardify.pl -noname crypto.def >noname\backward_crypto.def | ||
| 77 | perl backwardify.pl -noname ssl.def >noname\backward_ssl.def | ||
| 78 | |||
| 79 | echo Creating backward compatibility forwarder dlls: | ||
| 80 | echo crypto.dll | ||
| 81 | gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085 | ||
| 82 | echo ssl.dll | ||
| 83 | gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085 | ||
| 84 | |||
| 85 | echo Creating smaller backward compatibility forwarder dlls: | ||
| 86 | echo These DLLs are not good for runtime resolution of symbols. | ||
| 87 | echo noname\crypto.dll | ||
| 88 | gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085 | ||
| 89 | echo noname\ssl.dll | ||
| 90 | gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085 | ||
| 91 | |||
| 92 | echo Compressing forwarders (it is ok if lxlite is not found): | ||
| 93 | lxlite *.dll noname/*.dll | ||
| 94 | |||
| 95 | cd .. | ||
| 96 | |||
| 97 | echo Now run: | ||
| 98 | echo For static build: | ||
| 99 | echo make -f OS2-EMX.mak | ||
| 100 | echo For dynamic build: | ||
| 101 | echo make -f OS2-EMX-DLL.mak | ||
| 102 | echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll | ||
diff --git a/src/lib/libssl/src/os2/backwardify.pl b/src/lib/libssl/src/os2/backwardify.pl new file mode 100644 index 0000000000..272423c8fa --- /dev/null +++ b/src/lib/libssl/src/os2/backwardify.pl | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | #!/usr/bin/perl -w | ||
| 2 | use strict; | ||
| 3 | |||
| 4 | # Use as $0 | ||
| 5 | # Use as $0 -noname | ||
| 6 | |||
| 7 | my $did_library; | ||
| 8 | my $did_description; | ||
| 9 | my $do_exports; | ||
| 10 | my @imports; | ||
| 11 | my $noname = (@ARGV and $ARGV[0] eq '-noname' and shift); | ||
| 12 | while (<>) { | ||
| 13 | unless ($did_library) { | ||
| 14 | s/\b(cryptssl)\b/crypto/ and $did_library = $1 if /^LIBRARY\s+cryptssl\b/; | ||
| 15 | s/\b(open_ssl)\b/ssl/ and $did_library = $1 if /^LIBRARY\s+open_ssl\b/; | ||
| 16 | } | ||
| 17 | unless ($did_description) { | ||
| 18 | s&^(DESCRIPTION\s+(['"])).*&${1}\@#www.openssl.org/:#\@forwarder DLL for pre-0.9.7c+ OpenSSL to the new dll naming scheme$2& and $did_description++; | ||
| 19 | } | ||
| 20 | if ($do_exports) {{ | ||
| 21 | last unless /\S/; | ||
| 22 | warn, last unless /^ \s* ( \w+ ) \s+ \@(\d+)\s*$/x; | ||
| 23 | push @imports, [$1, $2]; | ||
| 24 | s/$/ NONAME/ if $noname; | ||
| 25 | }} | ||
| 26 | $do_exports++ if not $do_exports and /^EXPORTS/; | ||
| 27 | print $_; | ||
| 28 | } | ||
| 29 | print "IMPORTS\n"; | ||
| 30 | for my $imp (@imports) { | ||
| 31 | print "\t$imp->[0]=$did_library.$imp->[1]\n"; | ||
| 32 | } | ||
diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c index 7c45f8ff4e..51378897f6 100644 --- a/src/lib/libssl/src/ssl/kssl.c +++ b/src/lib/libssl/src/ssl/kssl.c | |||
| @@ -953,7 +953,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata) | |||
| 953 | printf("%s, authdata==0\n", label); | 953 | printf("%s, authdata==0\n", label); |
| 954 | return; | 954 | return; |
| 955 | } | 955 | } |
| 956 | printf("%s [%p]\n", label, adata); | 956 | printf("%s [%p]\n", label, (void *)adata); |
| 957 | #if 0 | 957 | #if 0 |
| 958 | { | 958 | { |
| 959 | int i; | 959 | int i; |
| @@ -1725,7 +1725,7 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) | |||
| 1725 | return; | 1725 | return; |
| 1726 | } | 1726 | } |
| 1727 | else | 1727 | else |
| 1728 | printf("%p\n", kssl_ctx); | 1728 | printf("%p\n", (void *)kssl_ctx); |
| 1729 | 1729 | ||
| 1730 | printf("\tservice:\t%s\n", | 1730 | printf("\tservice:\t%s\n", |
| 1731 | (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); | 1731 | (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); |
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c index 1d24dedc91..43b32eb415 100644 --- a/src/lib/libssl/src/ssl/s2_clnt.c +++ b/src/lib/libssl/src/ssl/s2_clnt.c | |||
| @@ -116,7 +116,6 @@ | |||
| 116 | #include <openssl/buffer.h> | 116 | #include <openssl/buffer.h> |
| 117 | #include <openssl/objects.h> | 117 | #include <openssl/objects.h> |
| 118 | #include <openssl/evp.h> | 118 | #include <openssl/evp.h> |
| 119 | #include "cryptlib.h" | ||
| 120 | 119 | ||
| 121 | static SSL_METHOD *ssl2_get_client_method(int ver); | 120 | static SSL_METHOD *ssl2_get_client_method(int ver); |
| 122 | static int get_server_finished(SSL *s); | 121 | static int get_server_finished(SSL *s); |
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c index d3b144f1c5..21a06f76cb 100644 --- a/src/lib/libssl/src/ssl/s2_enc.c +++ b/src/lib/libssl/src/ssl/s2_enc.c | |||
| @@ -59,7 +59,6 @@ | |||
| 59 | #include "ssl_locl.h" | 59 | #include "ssl_locl.h" |
| 60 | #ifndef OPENSSL_NO_SSL2 | 60 | #ifndef OPENSSL_NO_SSL2 |
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | ||
| 63 | 62 | ||
| 64 | int ssl2_enc_init(SSL *s, int client) | 63 | int ssl2_enc_init(SSL *s, int client) |
| 65 | { | 64 | { |
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c index 910b9fe097..edcef4dda2 100644 --- a/src/lib/libssl/src/ssl/s2_lib.c +++ b/src/lib/libssl/src/ssl/s2_lib.c | |||
| @@ -63,7 +63,6 @@ | |||
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 65 | #include <openssl/md5.h> | 65 | #include <openssl/md5.h> |
| 66 | #include "cryptlib.h" | ||
| 67 | 66 | ||
| 68 | static long ssl2_default_timeout(void ); | 67 | static long ssl2_default_timeout(void ); |
| 69 | const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; | 68 | const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; |
| @@ -139,6 +138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 139 | SSL_ALL_STRENGTHS, | 138 | SSL_ALL_STRENGTHS, |
| 140 | }, | 139 | }, |
| 141 | /* IDEA_128_CBC_WITH_MD5 */ | 140 | /* IDEA_128_CBC_WITH_MD5 */ |
| 141 | #ifndef OPENSSL_NO_IDEA | ||
| 142 | { | 142 | { |
| 143 | 1, | 143 | 1, |
| 144 | SSL2_TXT_IDEA_128_CBC_WITH_MD5, | 144 | SSL2_TXT_IDEA_128_CBC_WITH_MD5, |
| @@ -151,6 +151,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 151 | SSL_ALL_CIPHERS, | 151 | SSL_ALL_CIPHERS, |
| 152 | SSL_ALL_STRENGTHS, | 152 | SSL_ALL_STRENGTHS, |
| 153 | }, | 153 | }, |
| 154 | #endif | ||
| 154 | /* DES_64_CBC_WITH_MD5 */ | 155 | /* DES_64_CBC_WITH_MD5 */ |
| 155 | { | 156 | { |
| 156 | 1, | 157 | 1, |
diff --git a/src/lib/libssl/src/ssl/s2_pkt.c b/src/lib/libssl/src/ssl/s2_pkt.c index d82f137613..a10929a757 100644 --- a/src/lib/libssl/src/ssl/s2_pkt.c +++ b/src/lib/libssl/src/ssl/s2_pkt.c | |||
| @@ -113,7 +113,6 @@ | |||
| 113 | #ifndef OPENSSL_NO_SSL2 | 113 | #ifndef OPENSSL_NO_SSL2 |
| 114 | #include <stdio.h> | 114 | #include <stdio.h> |
| 115 | #include <errno.h> | 115 | #include <errno.h> |
| 116 | #include "cryptlib.h" | ||
| 117 | #define USE_SOCKETS | 116 | #define USE_SOCKETS |
| 118 | 117 | ||
| 119 | static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); | 118 | static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); |
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c index 62859a2d95..5da2a54af3 100644 --- a/src/lib/libssl/src/ssl/s2_srvr.c +++ b/src/lib/libssl/src/ssl/s2_srvr.c | |||
| @@ -116,7 +116,6 @@ | |||
| 116 | #include <openssl/rand.h> | 116 | #include <openssl/rand.h> |
| 117 | #include <openssl/objects.h> | 117 | #include <openssl/objects.h> |
| 118 | #include <openssl/evp.h> | 118 | #include <openssl/evp.h> |
| 119 | #include "cryptlib.h" | ||
| 120 | 119 | ||
| 121 | static SSL_METHOD *ssl2_get_server_method(int ver); | 120 | static SSL_METHOD *ssl2_get_server_method(int ver); |
| 122 | static int get_client_master_key(SSL *s); | 121 | static int get_client_master_key(SSL *s); |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index eb7daebfdf..26ce0cb963 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -117,7 +117,6 @@ | |||
| 117 | #include <openssl/objects.h> | 117 | #include <openssl/objects.h> |
| 118 | #include <openssl/evp.h> | 118 | #include <openssl/evp.h> |
| 119 | #include <openssl/md5.h> | 119 | #include <openssl/md5.h> |
| 120 | #include "cryptlib.h" | ||
| 121 | 120 | ||
| 122 | static SSL_METHOD *ssl3_get_client_method(int ver); | 121 | static SSL_METHOD *ssl3_get_client_method(int ver); |
| 123 | static int ssl3_client_hello(SSL *s); | 122 | static int ssl3_client_hello(SSL *s); |
| @@ -1947,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) | |||
| 1947 | if (algs & SSL_kRSA) | 1946 | if (algs & SSL_kRSA) |
| 1948 | { | 1947 | { |
| 1949 | if (rsa == NULL | 1948 | if (rsa == NULL |
| 1950 | || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) | 1949 | || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) |
| 1951 | { | 1950 | { |
| 1952 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); | 1951 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); |
| 1953 | goto f_err; | 1952 | goto f_err; |
| @@ -1959,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) | |||
| 1959 | if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 1958 | if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
| 1960 | { | 1959 | { |
| 1961 | if (dh == NULL | 1960 | if (dh == NULL |
| 1962 | || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) | 1961 | || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) |
| 1963 | { | 1962 | { |
| 1964 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); | 1963 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); |
| 1965 | goto f_err; | 1964 | goto f_err; |
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 559924d368..92efb9597d 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -199,10 +199,10 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 199 | COMP_METHOD *comp; | 199 | COMP_METHOD *comp; |
| 200 | const EVP_MD *m; | 200 | const EVP_MD *m; |
| 201 | EVP_MD_CTX md; | 201 | EVP_MD_CTX md; |
| 202 | int exp,n,i,j,k,cl; | 202 | int is_exp,n,i,j,k,cl; |
| 203 | int reuse_dd = 0; | 203 | int reuse_dd = 0; |
| 204 | 204 | ||
| 205 | exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 205 | is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 206 | c=s->s3->tmp.new_sym_enc; | 206 | c=s->s3->tmp.new_sym_enc; |
| 207 | m=s->s3->tmp.new_hash; | 207 | m=s->s3->tmp.new_hash; |
| 208 | if (s->s3->tmp.new_compression == NULL) | 208 | if (s->s3->tmp.new_compression == NULL) |
| @@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 276 | p=s->s3->tmp.key_block; | 276 | p=s->s3->tmp.key_block; |
| 277 | i=EVP_MD_size(m); | 277 | i=EVP_MD_size(m); |
| 278 | cl=EVP_CIPHER_key_length(c); | 278 | cl=EVP_CIPHER_key_length(c); |
| 279 | j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | 279 | j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? |
| 280 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | 280 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; |
| 281 | /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ | 281 | /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ |
| 282 | k=EVP_CIPHER_iv_length(c); | 282 | k=EVP_CIPHER_iv_length(c); |
| 283 | if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 283 | if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| 284 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) | 284 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) |
| @@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 307 | 307 | ||
| 308 | EVP_MD_CTX_init(&md); | 308 | EVP_MD_CTX_init(&md); |
| 309 | memcpy(mac_secret,ms,i); | 309 | memcpy(mac_secret,ms,i); |
| 310 | if (exp) | 310 | if (is_exp) |
| 311 | { | 311 | { |
| 312 | /* In here I set both the read and write key/iv to the | 312 | /* In here I set both the read and write key/iv to the |
| 313 | * same value since only the correct one will be used :-). | 313 | * same value since only the correct one will be used :-). |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 896b12fc4f..d04096016c 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 271 | SSL_ALL_STRENGTHS, | 271 | SSL_ALL_STRENGTHS, |
| 272 | }, | 272 | }, |
| 273 | /* Cipher 07 */ | 273 | /* Cipher 07 */ |
| 274 | #ifndef OPENSSL_NO_IDEA | ||
| 274 | { | 275 | { |
| 275 | 1, | 276 | 1, |
| 276 | SSL3_TXT_RSA_IDEA_128_SHA, | 277 | SSL3_TXT_RSA_IDEA_128_SHA, |
| @@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 283 | SSL_ALL_CIPHERS, | 284 | SSL_ALL_CIPHERS, |
| 284 | SSL_ALL_STRENGTHS, | 285 | SSL_ALL_STRENGTHS, |
| 285 | }, | 286 | }, |
| 287 | #endif | ||
| 286 | /* Cipher 08 */ | 288 | /* Cipher 08 */ |
| 287 | { | 289 | { |
| 288 | 1, | 290 | 1, |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index 3f88429e79..9f3e5139ad 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -1085,6 +1085,14 @@ start: | |||
| 1085 | goto err; | 1085 | goto err; |
| 1086 | } | 1086 | } |
| 1087 | 1087 | ||
| 1088 | /* Check we have a cipher to change to */ | ||
| 1089 | if (s->s3->tmp.new_cipher == NULL) | ||
| 1090 | { | ||
| 1091 | i=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1092 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); | ||
| 1093 | goto err; | ||
| 1094 | } | ||
| 1095 | |||
| 1088 | rr->length=0; | 1096 | rr->length=0; |
| 1089 | 1097 | ||
| 1090 | if (s->msg_callback) | 1098 | if (s->msg_callback) |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 881f68b998..deb3cffabe 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -121,9 +121,10 @@ | |||
| 121 | #include <openssl/objects.h> | 121 | #include <openssl/objects.h> |
| 122 | #include <openssl/evp.h> | 122 | #include <openssl/evp.h> |
| 123 | #include <openssl/x509.h> | 123 | #include <openssl/x509.h> |
| 124 | #ifndef OPENSSL_NO_KRB5 | ||
| 124 | #include <openssl/krb5_asn.h> | 125 | #include <openssl/krb5_asn.h> |
| 126 | #endif | ||
| 125 | #include <openssl/md5.h> | 127 | #include <openssl/md5.h> |
| 126 | #include "cryptlib.h" | ||
| 127 | 128 | ||
| 128 | static SSL_METHOD *ssl3_get_server_method(int ver); | 129 | static SSL_METHOD *ssl3_get_server_method(int ver); |
| 129 | static int ssl3_get_client_hello(SSL *s); | 130 | static int ssl3_get_client_hello(SSL *s); |
| @@ -1587,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1587 | 1588 | ||
| 1588 | n2s(p,i); | 1589 | n2s(p,i); |
| 1589 | enc_ticket.length = i; | 1590 | enc_ticket.length = i; |
| 1591 | |||
| 1592 | if (n < enc_ticket.length + 6) | ||
| 1593 | { | ||
| 1594 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1595 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1596 | goto err; | ||
| 1597 | } | ||
| 1598 | |||
| 1590 | enc_ticket.data = (char *)p; | 1599 | enc_ticket.data = (char *)p; |
| 1591 | p+=enc_ticket.length; | 1600 | p+=enc_ticket.length; |
| 1592 | 1601 | ||
| 1593 | n2s(p,i); | 1602 | n2s(p,i); |
| 1594 | authenticator.length = i; | 1603 | authenticator.length = i; |
| 1604 | |||
| 1605 | if (n < enc_ticket.length + authenticator.length + 6) | ||
| 1606 | { | ||
| 1607 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1608 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1609 | goto err; | ||
| 1610 | } | ||
| 1611 | |||
| 1595 | authenticator.data = (char *)p; | 1612 | authenticator.data = (char *)p; |
| 1596 | p+=authenticator.length; | 1613 | p+=authenticator.length; |
| 1597 | 1614 | ||
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 4ae8458259..913bd40eea 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value); | |||
| 1357 | const char *SSL_alert_desc_string_long(int value); | 1357 | const char *SSL_alert_desc_string_long(int value); |
| 1358 | const char *SSL_alert_desc_string(int value); | 1358 | const char *SSL_alert_desc_string(int value); |
| 1359 | 1359 | ||
| 1360 | void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); | 1360 | void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); |
| 1361 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); | 1361 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); |
| 1362 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); | 1362 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); |
| 1363 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); | 1363 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); |
| 1364 | int SSL_add_client_CA(SSL *ssl,X509 *x); | 1364 | int SSL_add_client_CA(SSL *ssl,X509 *x); |
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index 16bc11b559..d8ff8fc4a3 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c | |||
| @@ -62,7 +62,6 @@ | |||
| 62 | #include <openssl/asn1_mac.h> | 62 | #include <openssl/asn1_mac.h> |
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 65 | #include "cryptlib.h" | ||
| 66 | 65 | ||
| 67 | typedef struct ssl_session_asn1_st | 66 | typedef struct ssl_session_asn1_st |
| 68 | { | 67 | { |
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c index da90078a37..2cfb615878 100644 --- a/src/lib/libssl/src/ssl/ssl_cert.c +++ b/src/lib/libssl/src/ssl/ssl_cert.c | |||
| @@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 505 | return(i); | 505 | return(i); |
| 506 | } | 506 | } |
| 507 | 507 | ||
| 508 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) | 508 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) |
| 509 | { | 509 | { |
| 510 | if (*ca_list != NULL) | 510 | if (*ca_list != NULL) |
| 511 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); | 511 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); |
| 512 | 512 | ||
| 513 | *ca_list=list; | 513 | *ca_list=name_list; |
| 514 | } | 514 | } |
| 515 | 515 | ||
| 516 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | 516 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) |
| @@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | |||
| 532 | return(ret); | 532 | return(ret); |
| 533 | } | 533 | } |
| 534 | 534 | ||
| 535 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) | 535 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) |
| 536 | { | 536 | { |
| 537 | set_client_CA_list(&(s->client_CA),list); | 537 | set_client_CA_list(&(s->client_CA),name_list); |
| 538 | } | 538 | } |
| 539 | 539 | ||
| 540 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) | 540 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) |
| 541 | { | 541 | { |
| 542 | set_client_CA_list(&(ctx->client_CA),list); | 542 | set_client_CA_list(&(ctx->client_CA),name_list); |
| 543 | } | 543 | } |
| 544 | 544 | ||
| 545 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) | 545 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) |
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 888b667fa1..44c503eb04 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 125 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, | 125 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 126 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, | 126 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, |
| 127 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, | 127 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, |
| 128 | #ifndef OPENSSL_NO_IDEA | ||
| 128 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, | 129 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 130 | #endif | ||
| 129 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, | 131 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 130 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | 132 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 131 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | 133 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
| @@ -166,8 +168,12 @@ static void load_ciphers(void) | |||
| 166 | EVP_get_cipherbyname(SN_rc4); | 168 | EVP_get_cipherbyname(SN_rc4); |
| 167 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 169 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 168 | EVP_get_cipherbyname(SN_rc2_cbc); | 170 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 171 | #ifndef OPENSSL_NO_IDEA | ||
| 169 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 172 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 170 | EVP_get_cipherbyname(SN_idea_cbc); | 173 | EVP_get_cipherbyname(SN_idea_cbc); |
| 174 | #else | ||
| 175 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | ||
| 176 | #endif | ||
| 171 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 177 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 172 | EVP_get_cipherbyname(SN_aes_128_cbc); | 178 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 173 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 179 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| @@ -334,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void) | |||
| 334 | } | 340 | } |
| 335 | 341 | ||
| 336 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | 342 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, |
| 337 | int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, | 343 | int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, |
| 338 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 344 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| 339 | { | 345 | { |
| 340 | int i, list_num; | 346 | int i, co_list_num; |
| 341 | SSL_CIPHER *c; | 347 | SSL_CIPHER *c; |
| 342 | 348 | ||
| 343 | /* | 349 | /* |
| @@ -348,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 348 | */ | 354 | */ |
| 349 | 355 | ||
| 350 | /* Get the initial list of ciphers */ | 356 | /* Get the initial list of ciphers */ |
| 351 | list_num = 0; /* actual count of ciphers */ | 357 | co_list_num = 0; /* actual count of ciphers */ |
| 352 | for (i = 0; i < num_of_ciphers; i++) | 358 | for (i = 0; i < num_of_ciphers; i++) |
| 353 | { | 359 | { |
| 354 | c = ssl_method->get_cipher(i); | 360 | c = ssl_method->get_cipher(i); |
| 355 | /* drop those that use any of that is not available */ | 361 | /* drop those that use any of that is not available */ |
| 356 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) | 362 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) |
| 357 | { | 363 | { |
| 358 | list[list_num].cipher = c; | 364 | co_list[co_list_num].cipher = c; |
| 359 | list[list_num].next = NULL; | 365 | co_list[co_list_num].next = NULL; |
| 360 | list[list_num].prev = NULL; | 366 | co_list[co_list_num].prev = NULL; |
| 361 | list[list_num].active = 0; | 367 | co_list[co_list_num].active = 0; |
| 362 | list_num++; | 368 | co_list_num++; |
| 363 | #ifdef KSSL_DEBUG | 369 | #ifdef KSSL_DEBUG |
| 364 | printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); | 370 | printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); |
| 365 | #endif /* KSSL_DEBUG */ | 371 | #endif /* KSSL_DEBUG */ |
| @@ -372,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 372 | /* | 378 | /* |
| 373 | * Prepare linked list from list entries | 379 | * Prepare linked list from list entries |
| 374 | */ | 380 | */ |
| 375 | for (i = 1; i < list_num - 1; i++) | 381 | for (i = 1; i < co_list_num - 1; i++) |
| 376 | { | 382 | { |
| 377 | list[i].prev = &(list[i-1]); | 383 | co_list[i].prev = &(co_list[i-1]); |
| 378 | list[i].next = &(list[i+1]); | 384 | co_list[i].next = &(co_list[i+1]); |
| 379 | } | 385 | } |
| 380 | if (list_num > 0) | 386 | if (co_list_num > 0) |
| 381 | { | 387 | { |
| 382 | (*head_p) = &(list[0]); | 388 | (*head_p) = &(co_list[0]); |
| 383 | (*head_p)->prev = NULL; | 389 | (*head_p)->prev = NULL; |
| 384 | (*head_p)->next = &(list[1]); | 390 | (*head_p)->next = &(co_list[1]); |
| 385 | (*tail_p) = &(list[list_num - 1]); | 391 | (*tail_p) = &(co_list[co_list_num - 1]); |
| 386 | (*tail_p)->prev = &(list[list_num - 2]); | 392 | (*tail_p)->prev = &(co_list[co_list_num - 2]); |
| 387 | (*tail_p)->next = NULL; | 393 | (*tail_p)->next = NULL; |
| 388 | } | 394 | } |
| 389 | } | 395 | } |
| @@ -429,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, | |||
| 429 | 435 | ||
| 430 | static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | 436 | static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, |
| 431 | unsigned long algo_strength, unsigned long mask_strength, | 437 | unsigned long algo_strength, unsigned long mask_strength, |
| 432 | int rule, int strength_bits, CIPHER_ORDER *list, | 438 | int rule, int strength_bits, CIPHER_ORDER *co_list, |
| 433 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 439 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| 434 | { | 440 | { |
| 435 | CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; | 441 | CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; |
| @@ -524,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | |||
| 524 | *tail_p = tail; | 530 | *tail_p = tail; |
| 525 | } | 531 | } |
| 526 | 532 | ||
| 527 | static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, | 533 | static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, |
| 528 | CIPHER_ORDER **tail_p) | 534 | CIPHER_ORDER **head_p, |
| 535 | CIPHER_ORDER **tail_p) | ||
| 529 | { | 536 | { |
| 530 | int max_strength_bits, i, *number_uses; | 537 | int max_strength_bits, i, *number_uses; |
| 531 | CIPHER_ORDER *curr; | 538 | CIPHER_ORDER *curr; |
| @@ -570,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, | |||
| 570 | for (i = max_strength_bits; i >= 0; i--) | 577 | for (i = max_strength_bits; i >= 0; i--) |
| 571 | if (number_uses[i] > 0) | 578 | if (number_uses[i] > 0) |
| 572 | ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, | 579 | ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, |
| 573 | list, head_p, tail_p); | 580 | co_list, head_p, tail_p); |
| 574 | 581 | ||
| 575 | OPENSSL_free(number_uses); | 582 | OPENSSL_free(number_uses); |
| 576 | return(1); | 583 | return(1); |
| 577 | } | 584 | } |
| 578 | 585 | ||
| 579 | static int ssl_cipher_process_rulestr(const char *rule_str, | 586 | static int ssl_cipher_process_rulestr(const char *rule_str, |
| 580 | CIPHER_ORDER *list, CIPHER_ORDER **head_p, | 587 | CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, |
| 581 | CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) | 588 | CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) |
| 582 | { | 589 | { |
| 583 | unsigned long algorithms, mask, algo_strength, mask_strength; | 590 | unsigned long algorithms, mask, algo_strength, mask_strength; |
| @@ -702,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 702 | ok = 0; | 709 | ok = 0; |
| 703 | if ((buflen == 8) && | 710 | if ((buflen == 8) && |
| 704 | !strncmp(buf, "STRENGTH", 8)) | 711 | !strncmp(buf, "STRENGTH", 8)) |
| 705 | ok = ssl_cipher_strength_sort(list, | 712 | ok = ssl_cipher_strength_sort(co_list, |
| 706 | head_p, tail_p); | 713 | head_p, tail_p); |
| 707 | else | 714 | else |
| 708 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 715 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| @@ -722,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 722 | { | 729 | { |
| 723 | ssl_cipher_apply_rule(algorithms, mask, | 730 | ssl_cipher_apply_rule(algorithms, mask, |
| 724 | algo_strength, mask_strength, rule, -1, | 731 | algo_strength, mask_strength, rule, -1, |
| 725 | list, head_p, tail_p); | 732 | co_list, head_p, tail_p); |
| 726 | } | 733 | } |
| 727 | else | 734 | else |
| 728 | { | 735 | { |
| @@ -744,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 744 | unsigned long disabled_mask; | 751 | unsigned long disabled_mask; |
| 745 | STACK_OF(SSL_CIPHER) *cipherstack; | 752 | STACK_OF(SSL_CIPHER) *cipherstack; |
| 746 | const char *rule_p; | 753 | const char *rule_p; |
| 747 | CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; | 754 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
| 748 | SSL_CIPHER **ca_list = NULL; | 755 | SSL_CIPHER **ca_list = NULL; |
| 749 | 756 | ||
| 750 | /* | 757 | /* |
| @@ -774,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 774 | #ifdef KSSL_DEBUG | 781 | #ifdef KSSL_DEBUG |
| 775 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | 782 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); |
| 776 | #endif /* KSSL_DEBUG */ | 783 | #endif /* KSSL_DEBUG */ |
| 777 | list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); | 784 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); |
| 778 | if (list == NULL) | 785 | if (co_list == NULL) |
| 779 | { | 786 | { |
| 780 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 787 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
| 781 | return(NULL); /* Failure */ | 788 | return(NULL); /* Failure */ |
| 782 | } | 789 | } |
| 783 | 790 | ||
| 784 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, | 791 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, |
| 785 | list, &head, &tail); | 792 | co_list, &head, &tail); |
| 786 | 793 | ||
| 787 | /* | 794 | /* |
| 788 | * We also need cipher aliases for selecting based on the rule_str. | 795 | * We also need cipher aliases for selecting based on the rule_str. |
| @@ -798,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 798 | (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); | 805 | (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); |
| 799 | if (ca_list == NULL) | 806 | if (ca_list == NULL) |
| 800 | { | 807 | { |
| 801 | OPENSSL_free(list); | 808 | OPENSSL_free(co_list); |
| 802 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 809 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
| 803 | return(NULL); /* Failure */ | 810 | return(NULL); /* Failure */ |
| 804 | } | 811 | } |
| @@ -814,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 814 | if (strncmp(rule_str,"DEFAULT",7) == 0) | 821 | if (strncmp(rule_str,"DEFAULT",7) == 0) |
| 815 | { | 822 | { |
| 816 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | 823 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, |
| 817 | list, &head, &tail, ca_list); | 824 | co_list, &head, &tail, ca_list); |
| 818 | rule_p += 7; | 825 | rule_p += 7; |
| 819 | if (*rule_p == ':') | 826 | if (*rule_p == ':') |
| 820 | rule_p++; | 827 | rule_p++; |
| 821 | } | 828 | } |
| 822 | 829 | ||
| 823 | if (ok && (strlen(rule_p) > 0)) | 830 | if (ok && (strlen(rule_p) > 0)) |
| 824 | ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, | 831 | ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, |
| 825 | ca_list); | 832 | ca_list); |
| 826 | 833 | ||
| 827 | OPENSSL_free(ca_list); /* Not needed anymore */ | 834 | OPENSSL_free(ca_list); /* Not needed anymore */ |
| 828 | 835 | ||
| 829 | if (!ok) | 836 | if (!ok) |
| 830 | { /* Rule processing failure */ | 837 | { /* Rule processing failure */ |
| 831 | OPENSSL_free(list); | 838 | OPENSSL_free(co_list); |
| 832 | return(NULL); | 839 | return(NULL); |
| 833 | } | 840 | } |
| 834 | /* | 841 | /* |
| @@ -837,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 837 | */ | 844 | */ |
| 838 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) | 845 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) |
| 839 | { | 846 | { |
| 840 | OPENSSL_free(list); | 847 | OPENSSL_free(co_list); |
| 841 | return(NULL); | 848 | return(NULL); |
| 842 | } | 849 | } |
| 843 | 850 | ||
| @@ -855,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 855 | #endif | 862 | #endif |
| 856 | } | 863 | } |
| 857 | } | 864 | } |
| 858 | OPENSSL_free(list); /* Not needed any longer */ | 865 | OPENSSL_free(co_list); /* Not needed any longer */ |
| 859 | 866 | ||
| 860 | /* | 867 | /* |
| 861 | * The following passage is a little bit odd. If pointer variables | 868 | * The following passage is a little bit odd. If pointer variables |
| @@ -905,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 905 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | 912 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) |
| 906 | { | 913 | { |
| 907 | int is_export,pkl,kl; | 914 | int is_export,pkl,kl; |
| 908 | char *ver,*exp; | 915 | char *ver,*exp_str; |
| 909 | char *kx,*au,*enc,*mac; | 916 | char *kx,*au,*enc,*mac; |
| 910 | unsigned long alg,alg2,alg_s; | 917 | unsigned long alg,alg2,alg_s; |
| 911 | #ifdef KSSL_DEBUG | 918 | #ifdef KSSL_DEBUG |
| @@ -921,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 921 | is_export=SSL_C_IS_EXPORT(cipher); | 928 | is_export=SSL_C_IS_EXPORT(cipher); |
| 922 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | 929 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 923 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | 930 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); |
| 924 | exp=is_export?" export":""; | 931 | exp_str=is_export?" export":""; |
| 925 | 932 | ||
| 926 | if (alg & SSL_SSLV2) | 933 | if (alg & SSL_SSLV2) |
| 927 | ver="SSLv2"; | 934 | ver="SSLv2"; |
| @@ -1040,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 1040 | return("Buffer too small"); | 1047 | return("Buffer too small"); |
| 1041 | 1048 | ||
| 1042 | #ifdef KSSL_DEBUG | 1049 | #ifdef KSSL_DEBUG |
| 1043 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); | 1050 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); |
| 1044 | #else | 1051 | #else |
| 1045 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); | 1052 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); |
| 1046 | #endif /* KSSL_DEBUG */ | 1053 | #endif /* KSSL_DEBUG */ |
| 1047 | return(buf); | 1054 | return(buf); |
| 1048 | } | 1055 | } |
| @@ -1129,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1129 | { | 1136 | { |
| 1130 | MemCheck_on(); | 1137 | MemCheck_on(); |
| 1131 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | 1138 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); |
| 1132 | return(0); | 1139 | return(1); |
| 1133 | } | 1140 | } |
| 1134 | else | 1141 | else |
| 1135 | { | 1142 | { |
| 1136 | MemCheck_on(); | 1143 | MemCheck_on(); |
| 1137 | return(1); | 1144 | return(0); |
| 1138 | } | 1145 | } |
| 1139 | } | 1146 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 6d69890688..ee9a82d586 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -121,7 +121,6 @@ | |||
| 121 | #include <openssl/objects.h> | 121 | #include <openssl/objects.h> |
| 122 | #include <openssl/lhash.h> | 122 | #include <openssl/lhash.h> |
| 123 | #include <openssl/x509v3.h> | 123 | #include <openssl/x509v3.h> |
| 124 | #include "cryptlib.h" | ||
| 125 | 124 | ||
| 126 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 125 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; |
| 127 | 126 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index fabcdefa6e..7016c87d3b 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -60,7 +60,6 @@ | |||
| 60 | #include <openssl/lhash.h> | 60 | #include <openssl/lhash.h> |
| 61 | #include <openssl/rand.h> | 61 | #include <openssl/rand.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | #include "cryptlib.h" | ||
| 64 | 63 | ||
| 65 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | 64 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); |
| 66 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | 65 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); |
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 42289c255b..28095148e7 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c | |||
| @@ -564,7 +564,14 @@ bad: | |||
| 564 | if (cm != NULL) | 564 | if (cm != NULL) |
| 565 | { | 565 | { |
| 566 | if (cm->type != NID_undef) | 566 | if (cm->type != NID_undef) |
| 567 | SSL_COMP_add_compression_method(comp, cm); | 567 | { |
| 568 | if (SSL_COMP_add_compression_method(comp, cm) != 0) | ||
| 569 | { | ||
| 570 | fprintf(stderr, | ||
| 571 | "Failed to add compression method\n"); | ||
| 572 | ERR_print_errors_fp(stderr); | ||
| 573 | } | ||
| 574 | } | ||
| 568 | else | 575 | else |
| 569 | { | 576 | { |
| 570 | fprintf(stderr, | 577 | fprintf(stderr, |
diff --git a/src/lib/libssl/src/tools/c_rehash b/src/lib/libssl/src/tools/c_rehash index e614fb5466..3e9ba1efe4 100644 --- a/src/lib/libssl/src/tools/c_rehash +++ b/src/lib/libssl/src/tools/c_rehash | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | 3 | ||
| 4 | # Perl c_rehash script, scan all files in a directory | 4 | # Perl c_rehash script, scan all files in a directory |
diff --git a/src/lib/libssl/src/util/extract-names.pl b/src/lib/libssl/src/util/extract-names.pl index 9f2ad5ef16..744a8e2324 100644 --- a/src/lib/libssl/src/util/extract-names.pl +++ b/src/lib/libssl/src/util/extract-names.pl | |||
| @@ -10,6 +10,8 @@ while(<STDIN>) { | |||
| 10 | if (/ - /) { | 10 | if (/ - /) { |
| 11 | s/ - .*//; | 11 | s/ - .*//; |
| 12 | s/,[ \t]+/,/g; | 12 | s/,[ \t]+/,/g; |
| 13 | s/^[ \t]+//g; | ||
| 14 | s/[ \t]+$//g; | ||
| 13 | push @words, split ','; | 15 | push @words, split ','; |
| 14 | } | 16 | } |
| 15 | } | 17 | } |
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl index c538f9dffb..b4bc0457e5 100644 --- a/src/lib/libssl/src/util/mk1mf.pl +++ b/src/lib/libssl/src/util/mk1mf.pl | |||
| @@ -277,6 +277,8 @@ $defs= <<"EOF"; | |||
| 277 | 277 | ||
| 278 | EOF | 278 | EOF |
| 279 | 279 | ||
| 280 | $defs .= $preamble if defined $preamble; | ||
| 281 | |||
| 280 | if ($platform eq "VC-CE") | 282 | if ($platform eq "VC-CE") |
| 281 | { | 283 | { |
| 282 | $defs.= <<"EOF"; | 284 | $defs.= <<"EOF"; |
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl index cdd2164c4e..01a1bfda19 100644 --- a/src/lib/libssl/src/util/mkdef.pl +++ b/src/lib/libssl/src/util/mkdef.pl | |||
| @@ -1116,27 +1116,55 @@ sub print_test_file | |||
| 1116 | } | 1116 | } |
| 1117 | } | 1117 | } |
| 1118 | 1118 | ||
| 1119 | sub get_version { | ||
| 1120 | local *MF; | ||
| 1121 | my $v = '?'; | ||
| 1122 | open MF, 'Makefile.ssl' or return $v; | ||
| 1123 | while (<MF>) { | ||
| 1124 | $v = $1, last if /^VERSION=(.*?)\s*$/; | ||
| 1125 | } | ||
| 1126 | close MF; | ||
| 1127 | return $v; | ||
| 1128 | } | ||
| 1129 | |||
| 1119 | sub print_def_file | 1130 | sub print_def_file |
| 1120 | { | 1131 | { |
| 1121 | (*OUT,my $name,*nums,my @symbols)=@_; | 1132 | (*OUT,my $name,*nums,my @symbols)=@_; |
| 1122 | my $n = 1; my @e; my @r; my @v; my $prev=""; | 1133 | my $n = 1; my @e; my @r; my @v; my $prev=""; |
| 1123 | my $liboptions=""; | 1134 | my $liboptions=""; |
| 1135 | my $libname = $name; | ||
| 1136 | my $http_vendor = 'www.openssl.org/'; | ||
| 1137 | my $version = get_version(); | ||
| 1138 | my $what = "OpenSSL: implementation of Secure Socket Layer"; | ||
| 1139 | my $description = "$what $version, $name - http://$http_vendor"; | ||
| 1124 | 1140 | ||
| 1125 | if ($W32) | 1141 | if ($W32) |
| 1126 | { $name.="32"; } | 1142 | { $libname.="32"; } |
| 1127 | elsif ($W16) | 1143 | elsif ($W16) |
| 1128 | { $name.="16"; } | 1144 | { $libname.="16"; } |
| 1129 | elsif ($OS2) | 1145 | elsif ($OS2) |
| 1130 | { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } | 1146 | { # DLL names should not clash on the whole system. |
| 1147 | # However, they should not have any particular relationship | ||
| 1148 | # to the name of the static library. Chose descriptive names | ||
| 1149 | # (must be at most 8 chars). | ||
| 1150 | my %translate = (ssl => 'open_ssl', crypto => 'cryptssl'); | ||
| 1151 | $libname = $translate{$name} || $name; | ||
| 1152 | $liboptions = <<EOO; | ||
| 1153 | INITINSTANCE | ||
| 1154 | DATA MULTIPLE NONSHARED | ||
| 1155 | EOO | ||
| 1156 | # Vendor field can't contain colon, drat; so we omit http:// | ||
| 1157 | $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd"; | ||
| 1158 | } | ||
| 1131 | 1159 | ||
| 1132 | print OUT <<"EOF"; | 1160 | print OUT <<"EOF"; |
| 1133 | ; | 1161 | ; |
| 1134 | ; Definition file for the DLL version of the $name library from OpenSSL | 1162 | ; Definition file for the DLL version of the $name library from OpenSSL |
| 1135 | ; | 1163 | ; |
| 1136 | 1164 | ||
| 1137 | LIBRARY $name $liboptions | 1165 | LIBRARY $libname $liboptions |
| 1138 | 1166 | ||
| 1139 | DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' | 1167 | DESCRIPTION '$description' |
| 1140 | 1168 | ||
| 1141 | EOF | 1169 | EOF |
| 1142 | 1170 | ||
diff --git a/src/lib/libssl/src/util/pl/OS2-EMX.pl b/src/lib/libssl/src/util/pl/OS2-EMX.pl index d695dda623..ddb3524210 100644 --- a/src/lib/libssl/src/util/pl/OS2-EMX.pl +++ b/src/lib/libssl/src/util/pl/OS2-EMX.pl | |||
| @@ -3,10 +3,12 @@ | |||
| 3 | # OS2-EMX.pl - for EMX GCC on OS/2 | 3 | # OS2-EMX.pl - for EMX GCC on OS/2 |
| 4 | # | 4 | # |
| 5 | 5 | ||
| 6 | $o='\\'; | 6 | $o='/'; |
| 7 | $cp='copy'; | 7 | $cp='cp'; |
| 8 | $rm='rm -f'; | 8 | $rm='rm -f'; |
| 9 | 9 | ||
| 10 | $preamble = "SHELL=sh\n"; | ||
| 11 | |||
| 10 | # C compiler stuff | 12 | # C compiler stuff |
| 11 | 13 | ||
| 12 | $cc='gcc'; | 14 | $cc='gcc'; |
| @@ -48,24 +50,24 @@ $bf_enc_src=""; | |||
| 48 | 50 | ||
| 49 | if (!$no_asm) | 51 | if (!$no_asm) |
| 50 | { | 52 | { |
| 51 | $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj"; | 53 | $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj"; |
| 52 | $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm"; | 54 | $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm"; |
| 53 | $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj"; | 55 | $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj"; |
| 54 | $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm"; | 56 | $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm"; |
| 55 | $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj"; | 57 | $bf_enc_obj="crypto/bf/asm/b-os2$obj"; |
| 56 | $bf_enc_src="crypto\\bf\\asm\\b-os2.asm"; | 58 | $bf_enc_src="crypto/bf/asm/b-os2.asm"; |
| 57 | $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj"; | 59 | $cast_enc_obj="crypto/cast/asm/c-os2$obj"; |
| 58 | $cast_enc_src="crypto\\cast\\asm\\c-os2.asm"; | 60 | $cast_enc_src="crypto/cast/asm/c-os2.asm"; |
| 59 | $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj"; | 61 | $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj"; |
| 60 | $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm"; | 62 | $rc4_enc_src="crypto/rc4/asm/r4-os2.asm"; |
| 61 | $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj"; | 63 | $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj"; |
| 62 | $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm"; | 64 | $rc5_enc_src="crypto/rc5/asm/r5-os2.asm"; |
| 63 | $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj"; | 65 | $md5_asm_obj="crypto/md5/asm/m5-os2$obj"; |
| 64 | $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm"; | 66 | $md5_asm_src="crypto/md5/asm/m5-os2.asm"; |
| 65 | $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj"; | 67 | $sha1_asm_obj="crypto/sha/asm/s1-os2$obj"; |
| 66 | $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm"; | 68 | $sha1_asm_src="crypto/sha/asm/s1-os2.asm"; |
| 67 | $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj"; | 69 | $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj"; |
| 68 | $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm"; | 70 | $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm"; |
| 69 | } | 71 | } |
| 70 | 72 | ||
| 71 | if ($shlib) | 73 | if ($shlib) |