summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/aes/aes_cbc.c2
-rw-r--r--src/lib/libcrypto/asn1/a_mbstr.c4
-rw-r--r--src/lib/libcrypto/asn1/a_strex.c2
-rw-r--r--src/lib/libcrypto/asn1/a_time.c9
-rw-r--r--src/lib/libcrypto/asn1/asn1_lib.c4
-rw-r--r--src/lib/libcrypto/asn1/asn1_par.c6
-rw-r--r--src/lib/libcrypto/asn1/asn_moid.c9
-rw-r--r--src/lib/libcrypto/asn1/t_pkey.c4
-rw-r--r--src/lib/libcrypto/asn1/x_long.c10
-rw-r--r--src/lib/libcrypto/bio/b_dump.c32
-rw-r--r--src/lib/libcrypto/bio/b_print.c12
-rw-r--r--src/lib/libcrypto/bio/b_sock.c12
-rw-r--r--src/lib/libcrypto/bio/bio_cb.c36
-rw-r--r--src/lib/libcrypto/bio/bss_conn.c6
-rw-r--r--src/lib/libcrypto/bio/bss_file.c10
-rw-r--r--src/lib/libcrypto/bn/asm/bn-586.pl2
-rw-r--r--src/lib/libcrypto/bn/asm/x86_64-gcc.c2
-rw-r--r--src/lib/libcrypto/bn/bn_lcl.h17
-rw-r--r--src/lib/libcrypto/bn/bn_lib.c8
-rw-r--r--src/lib/libcrypto/bn/bn_print.c5
-rw-r--r--src/lib/libcrypto/conf/conf_def.c6
-rw-r--r--src/lib/libcrypto/conf/conf_mod.c12
-rw-r--r--src/lib/libcrypto/cversion.c8
-rw-r--r--src/lib/libcrypto/des/cfb_enc.c21
-rw-r--r--src/lib/libcrypto/des/ecb_enc.c4
-rw-r--r--src/lib/libcrypto/doc/EVP_BytesToKey.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_DigestInit.pod2
-rw-r--r--src/lib/libcrypto/doc/OPENSSL_config.pod82
-rw-r--r--src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod51
-rw-r--r--src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod2
-rw-r--r--src/lib/libcrypto/doc/RSA_print.pod2
-rw-r--r--src/lib/libcrypto/doc/d2i_DSAPublicKey.pod5
-rw-r--r--src/lib/libcrypto/doc/d2i_RSAPublicKey.pod5
-rw-r--r--src/lib/libcrypto/dso/dso_lib.c4
-rw-r--r--src/lib/libcrypto/ec/ecp_smpl.c2
-rw-r--r--src/lib/libcrypto/engine/eng_ctrl.c10
-rw-r--r--src/lib/libcrypto/engine/eng_fat.c6
-rw-r--r--src/lib/libcrypto/engine/engine.h27
-rw-r--r--src/lib/libcrypto/err/err.c2
-rw-r--r--src/lib/libcrypto/evp/digest.c15
-rw-r--r--src/lib/libcrypto/evp/evp.h2
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c14
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c2
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c2
-rw-r--r--src/lib/libcrypto/mem_dbg.c17
-rw-r--r--src/lib/libcrypto/objects/obj_dat.c4
-rw-r--r--src/lib/libcrypto/objects/obj_dat.pl4
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ext.c24
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_lib.c1
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_vfy.c6
-rw-r--r--src/lib/libcrypto/opensslv.h4
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c21
-rw-r--r--src/lib/libcrypto/pem/pem_pkey.c4
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c58
-rw-r--r--src/lib/libcrypto/rand/randfile.c71
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-586.pl291
-rw-r--r--src/lib/libcrypto/ui/ui_lib.c13
-rw-r--r--src/lib/libcrypto/x509/by_dir.c34
-rw-r--r--src/lib/libcrypto/x509/x509.h4
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c8
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c55
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h19
-rw-r--r--src/lib/libcrypto/x509/x509type.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c3
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c11
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c5
-rw-r--r--src/lib/libssl/LICENSE2
-rw-r--r--src/lib/libssl/doc/openssl.cnf5
-rw-r--r--src/lib/libssl/s3_clnt.c5
-rw-r--r--src/lib/libssl/s3_lib.c2
-rw-r--r--src/lib/libssl/s3_pkt.c8
-rw-r--r--src/lib/libssl/s3_srvr.c19
-rw-r--r--src/lib/libssl/ssl.h4
-rw-r--r--src/lib/libssl/ssl_asn1.c1
-rw-r--r--src/lib/libssl/ssl_cert.c12
-rw-r--r--src/lib/libssl/ssl_ciph.c85
-rw-r--r--src/lib/libssl/ssl_lib.c1
-rw-r--r--src/lib/libssl/ssl_sess.c1
79 files changed, 777 insertions, 509 deletions
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index 86b27b10d6..1222a21002 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
104 memcpy(tmp, in, AES_BLOCK_SIZE); 104 memcpy(tmp, in, AES_BLOCK_SIZE);
105 AES_decrypt(tmp, tmp, key); 105 AES_decrypt(tmp, tmp, key);
106 for(n=0; n < len; ++n) 106 for(n=0; n < len; ++n)
107 out[n] ^= ivec[n]; 107 out[n] = tmp[n] ^ ivec[n];
108 memcpy(ivec, tmp, AES_BLOCK_SIZE); 108 memcpy(ivec, tmp, AES_BLOCK_SIZE);
109 } 109 }
110 } 110 }
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
index e8a26af521..208b3ec395 100644
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
145 145
146 if((minsize > 0) && (nchar < minsize)) { 146 if((minsize > 0) && (nchar < minsize)) {
147 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); 147 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
148 sprintf(strbuf, "%ld", minsize); 148 BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
149 ERR_add_error_data(2, "minsize=", strbuf); 149 ERR_add_error_data(2, "minsize=", strbuf);
150 return -1; 150 return -1;
151 } 151 }
152 152
153 if((maxsize > 0) && (nchar > maxsize)) { 153 if((maxsize > 0) && (nchar > maxsize)) {
154 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); 154 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
155 sprintf(strbuf, "%ld", maxsize); 155 BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
156 ERR_add_error_data(2, "maxsize=", strbuf); 156 ERR_add_error_data(2, "maxsize=", strbuf);
157 return -1; 157 return -1;
158 } 158 }
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 8abfdfe598..bde666a6ff 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
285 -1, -1, 0, -1, /* 10-13 */ 285 -1, -1, 0, -1, /* 10-13 */
286 -1, -1, -1, -1, /* 15-17 */ 286 -1, -1, -1, -1, /* 15-17 */
287 -1, 1, 1, /* 18-20 */ 287 -1, 1, 1, /* 18-20 */
288 -1, 1, -1,-1, /* 21-24 */ 288 -1, 1, 1, 1, /* 21-24 */
289 -1, 1, -1, /* 25-27 */ 289 -1, 1, -1, /* 25-27 */
290 4, -1, 2 /* 28-30 */ 290 4, -1, 2 /* 28-30 */
291}; 291};
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
index 7348da9457..159681fbcb 100644
--- a/src/lib/libcrypto/asn1/a_time.c
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -128,6 +128,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
128 { 128 {
129 ASN1_GENERALIZEDTIME *ret; 129 ASN1_GENERALIZEDTIME *ret;
130 char *str; 130 char *str;
131 int newlen;
131 132
132 if (!ASN1_TIME_check(t)) return NULL; 133 if (!ASN1_TIME_check(t)) return NULL;
133 134
@@ -150,12 +151,14 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
150 /* grow the string */ 151 /* grow the string */
151 if (!ASN1_STRING_set(ret, NULL, t->length + 2)) 152 if (!ASN1_STRING_set(ret, NULL, t->length + 2))
152 return NULL; 153 return NULL;
154 /* ASN1_STRING_set() allocated 'len + 1' bytes. */
155 newlen = t->length + 2 + 1;
153 str = (char *)ret->data; 156 str = (char *)ret->data;
154 /* Work out the century and prepend */ 157 /* Work out the century and prepend */
155 if (t->data[0] >= '5') strcpy(str, "19"); 158 if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
156 else strcpy(str, "20"); 159 else BUF_strlcpy(str, "20", newlen);
157 160
158 BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */ 161 BUF_strlcat(str, (char *)t->data, newlen);
159 162
160 return ret; 163 return ret;
161 } 164 }
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index e30d5dd303..a74f1368d3 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
414 { 414 {
415 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; 415 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
416 416
417 sprintf(buf1,"%lu",(unsigned long)address); 417 BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
418 sprintf(buf2,"%d",offset); 418 BIO_snprintf(buf2,sizeof buf2,"%d",offset);
419 ERR_add_error_data(4,"address=",buf1," offset=",buf2); 419 ERR_add_error_data(4,"address=",buf1," offset=",buf2);
420 } 420 }
421 421
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index e48532a24d..676d434f03 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
83 83
84 p=str; 84 p=str;
85 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) 85 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
86 sprintf(str,"priv [ %d ] ",tag); 86 BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
87 else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) 87 else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
88 sprintf(str,"cont [ %d ]",tag); 88 BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
89 else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) 89 else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
90 sprintf(str,"appl [ %d ]",tag); 90 BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
91 else p = ASN1_tag2str(tag); 91 else p = ASN1_tag2str(tag);
92 92
93 if (p2 != NULL) 93 if (p2 != NULL)
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
index be20db4bad..edb44c988f 100644
--- a/src/lib/libcrypto/asn1/asn_moid.c
+++ b/src/lib/libcrypto/asn1/asn_moid.c
@@ -87,9 +87,14 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
87 } 87 }
88 } 88 }
89 return 1; 89 return 1;
90} 90 }
91
92static void oid_module_finish(CONF_IMODULE *md)
93 {
94 OBJ_cleanup();
95 }
91 96
92void ASN1_add_oid_module(void) 97void ASN1_add_oid_module(void)
93 { 98 {
94 CONF_module_add("oid_section", oid_module_init, 0); 99 CONF_module_add("oid_section", oid_module_init, oid_module_finish);
95 } 100 }
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
index 4e09c9e44e..d15006e654 100644
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
139 } 139 }
140 140
141 if (x->d == NULL) 141 if (x->d == NULL)
142 sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n)); 142 BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
143 else 143 else
144 strcpy(str,"modulus:"); 144 BUF_strlcpy(str,"modulus:",sizeof str);
145 if (!print(bp,str,x->n,m,off)) goto err; 145 if (!print(bp,str,x->n,m,off)) goto err;
146 s=(x->d == NULL)?"Exponent:":"publicExponent:"; 146 s=(x->d == NULL)?"Exponent:":"publicExponent:";
147 if (!print(bp,s,x->e,m,off)) goto err; 147 if (!print(bp,s,x->e,m,off)) goto err;
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
index c04b192794..c5f25956cb 100644
--- a/src/lib/libcrypto/asn1/x_long.c
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -104,7 +104,12 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
104 long ltmp; 104 long ltmp;
105 unsigned long utmp; 105 unsigned long utmp;
106 int clen, pad, i; 106 int clen, pad, i;
107 ltmp = *(long *)pval; 107 /* this exists to bypass broken gcc optimization */
108 char *cp = (char *)pval;
109
110 /* use memcpy, because we may not be long aligned */
111 memcpy(&ltmp, cp, sizeof(long));
112
108 if(ltmp == it->size) return -1; 113 if(ltmp == it->size) return -1;
109 /* Convert the long to positive: we subtract one if negative so 114 /* Convert the long to positive: we subtract one if negative so
110 * we can cleanly handle the padding if only the MSB of the leading 115 * we can cleanly handle the padding if only the MSB of the leading
@@ -136,6 +141,7 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
136 int neg, i; 141 int neg, i;
137 long ltmp; 142 long ltmp;
138 unsigned long utmp = 0; 143 unsigned long utmp = 0;
144 char *cp = (char *)pval;
139 if(len > sizeof(long)) { 145 if(len > sizeof(long)) {
140 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); 146 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
141 return 0; 147 return 0;
@@ -158,6 +164,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
158 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); 164 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
159 return 0; 165 return 0;
160 } 166 }
161 *(long *)pval = ltmp; 167 memcpy(cp, &ltmp, sizeof(long));
162 return 1; 168 return 1;
163} 169}
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
index 8397cfab6a..f671e722fa 100644
--- a/src/lib/libcrypto/bio/b_dump.c
+++ b/src/lib/libcrypto/bio/b_dump.c
@@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
104 for(i=0;i<rows;i++) 104 for(i=0;i<rows;i++)
105 { 105 {
106 buf[0]='\0'; /* start with empty string */ 106 buf[0]='\0'; /* start with empty string */
107 strcpy(buf,str); 107 BUF_strlcpy(buf,str,sizeof buf);
108 sprintf(tmp,"%04x - ",i*dump_width); 108 BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
109 strcat(buf,tmp); 109 BUF_strlcat(buf,tmp,sizeof buf);
110 for(j=0;j<dump_width;j++) 110 for(j=0;j<dump_width;j++)
111 { 111 {
112 if (((i*dump_width)+j)>=len) 112 if (((i*dump_width)+j)>=len)
113 { 113 {
114 strcat(buf," "); 114 BUF_strlcat(buf," ",sizeof buf);
115 } 115 }
116 else 116 else
117 { 117 {
118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
119 sprintf(tmp,"%02x%c",ch,j==7?'-':' '); 119 BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
120 strcat(buf,tmp); 120 j==7?'-':' ');
121 BUF_strlcat(buf,tmp,sizeof buf);
121 } 122 }
122 } 123 }
123 strcat(buf," "); 124 BUF_strlcat(buf," ",sizeof buf);
124 for(j=0;j<dump_width;j++) 125 for(j=0;j<dump_width;j++)
125 { 126 {
126 if (((i*dump_width)+j)>=len) 127 if (((i*dump_width)+j)>=len)
127 break; 128 break;
128 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 129 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
129#ifndef CHARSET_EBCDIC 130#ifndef CHARSET_EBCDIC
130 sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); 131 BIO_snprintf(tmp,sizeof tmp,"%c",
132 ((ch>=' ')&&(ch<='~'))?ch:'.');
131#else 133#else
132 sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) 134 BIO_snprintf(tmp,sizeof tmp,"%c",
133 ? os_toebcdic[ch] 135 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
134 : '.'); 136 ? os_toebcdic[ch]
137 : '.');
135#endif 138#endif
136 strcat(buf,tmp); 139 BUF_strlcat(buf,tmp,sizeof buf);
137 } 140 }
138 strcat(buf,"\n"); 141 BUF_strlcat(buf,"\n",sizeof buf);
139 /* if this is the last call then update the ddt_dump thing so that 142 /* if this is the last call then update the ddt_dump thing so that
140 * we will move the selection point in the debug window 143 * we will move the selection point in the debug window
141 */ 144 */
@@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
144#ifdef TRUNCATE 147#ifdef TRUNCATE
145 if (trunc > 0) 148 if (trunc > 0)
146 { 149 {
147 sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc); 150 BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
151 len+trunc);
148 ret+=BIO_write(bio,(char *)buf,strlen(buf)); 152 ret+=BIO_write(bio,(char *)buf,strlen(buf));
149 } 153 }
150#endif 154#endif
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index 2cfc689dd6..fbff331796 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -576,12 +576,12 @@ abs_val(LDOUBLE value)
576} 576}
577 577
578static LDOUBLE 578static LDOUBLE
579pow10(int exp) 579pow10(int in_exp)
580{ 580{
581 LDOUBLE result = 1; 581 LDOUBLE result = 1;
582 while (exp) { 582 while (in_exp) {
583 result *= 10; 583 result *= 10;
584 exp--; 584 in_exp--;
585 } 585 }
586 return result; 586 return result;
587} 587}
@@ -652,8 +652,8 @@ fmtfp(
652 (caps ? "0123456789ABCDEF" 652 (caps ? "0123456789ABCDEF"
653 : "0123456789abcdef")[intpart % 10]; 653 : "0123456789abcdef")[intpart % 10];
654 intpart = (intpart / 10); 654 intpart = (intpart / 10);
655 } while (intpart && (iplace < sizeof iplace)); 655 } while (intpart && (iplace < sizeof iconvert));
656 if (iplace == sizeof iplace) 656 if (iplace == sizeof iconvert)
657 iplace--; 657 iplace--;
658 iconvert[iplace] = 0; 658 iconvert[iplace] = 0;
659 659
@@ -664,7 +664,7 @@ fmtfp(
664 : "0123456789abcdef")[fracpart % 10]; 664 : "0123456789abcdef")[fracpart % 10];
665 fracpart = (fracpart / 10); 665 fracpart = (fracpart / 10);
666 } while (fplace < max); 666 } while (fplace < max);
667 if (fplace == sizeof fplace) 667 if (fplace == sizeof fconvert)
668 fplace--; 668 fplace--;
669 fconvert[fplace] = 0; 669 fconvert[fplace] = 0;
670 670
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
index 601a14f37c..c851298d1e 100644
--- a/src/lib/libcrypto/bio/b_sock.c
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
709 } 709 }
710 *addr=p; 710 *addr=p;
711 } 711 }
712 sprintf(*addr,"%d.%d.%d.%d:%d", 712 BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
713 (unsigned char)(l>>24L)&0xff, 713 (unsigned char)(l>>24L)&0xff,
714 (unsigned char)(l>>16L)&0xff, 714 (unsigned char)(l>>16L)&0xff,
715 (unsigned char)(l>> 8L)&0xff, 715 (unsigned char)(l>> 8L)&0xff,
716 (unsigned char)(l )&0xff, 716 (unsigned char)(l )&0xff,
717 port); 717 port);
718end: 718end:
719 return(ret); 719 return(ret);
720 } 720 }
diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c
index 0ffa4d2136..6f4254a114 100644
--- a/src/lib/libcrypto/bio/bio_cb.c
+++ b/src/lib/libcrypto/bio/bio_cb.c
@@ -70,55 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
70 MS_STATIC char buf[256]; 70 MS_STATIC char buf[256];
71 char *p; 71 char *p;
72 long r=1; 72 long r=1;
73 size_t p_maxlen;
73 74
74 if (BIO_CB_RETURN & cmd) 75 if (BIO_CB_RETURN & cmd)
75 r=ret; 76 r=ret;
76 77
77 sprintf(buf,"BIO[%08lX]:",(unsigned long)bio); 78 BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
78 p= &(buf[14]); 79 p= &(buf[14]);
80 p_maxlen = sizeof buf - 14;
79 switch (cmd) 81 switch (cmd)
80 { 82 {
81 case BIO_CB_FREE: 83 case BIO_CB_FREE:
82 sprintf(p,"Free - %s\n",bio->method->name); 84 BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
83 break; 85 break;
84 case BIO_CB_READ: 86 case BIO_CB_READ:
85 if (bio->method->type & BIO_TYPE_DESCRIPTOR) 87 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
86 sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); 88 BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
89 bio->num,argi,bio->method->name,bio->num);
87 else 90 else
88 sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name); 91 BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
92 bio->num,argi,bio->method->name);
89 break; 93 break;
90 case BIO_CB_WRITE: 94 case BIO_CB_WRITE:
91 if (bio->method->type & BIO_TYPE_DESCRIPTOR) 95 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
92 sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); 96 BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
97 bio->num,argi,bio->method->name,bio->num);
93 else 98 else
94 sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name); 99 BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
100 bio->num,argi,bio->method->name);
95 break; 101 break;
96 case BIO_CB_PUTS: 102 case BIO_CB_PUTS:
97 sprintf(p,"puts() - %s\n",bio->method->name); 103 BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
98 break; 104 break;
99 case BIO_CB_GETS: 105 case BIO_CB_GETS:
100 sprintf(p,"gets(%d) - %s\n",argi,bio->method->name); 106 BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
101 break; 107 break;
102 case BIO_CB_CTRL: 108 case BIO_CB_CTRL:
103 sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name); 109 BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
104 break; 110 break;
105 case BIO_CB_RETURN|BIO_CB_READ: 111 case BIO_CB_RETURN|BIO_CB_READ:
106 sprintf(p,"read return %ld\n",ret); 112 BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
107 break; 113 break;
108 case BIO_CB_RETURN|BIO_CB_WRITE: 114 case BIO_CB_RETURN|BIO_CB_WRITE:
109 sprintf(p,"write return %ld\n",ret); 115 BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
110 break; 116 break;
111 case BIO_CB_RETURN|BIO_CB_GETS: 117 case BIO_CB_RETURN|BIO_CB_GETS:
112 sprintf(p,"gets return %ld\n",ret); 118 BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
113 break; 119 break;
114 case BIO_CB_RETURN|BIO_CB_PUTS: 120 case BIO_CB_RETURN|BIO_CB_PUTS:
115 sprintf(p,"puts return %ld\n",ret); 121 BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
116 break; 122 break;
117 case BIO_CB_RETURN|BIO_CB_CTRL: 123 case BIO_CB_RETURN|BIO_CB_CTRL:
118 sprintf(p,"ctrl return %ld\n",ret); 124 BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
119 break; 125 break;
120 default: 126 default:
121 sprintf(p,"bio callback - unknown type (%d)\n",cmd); 127 BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
122 break; 128 break;
123 } 129 }
124 130
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
index 743db6ff94..f5d0e759e2 100644
--- a/src/lib/libcrypto/bio/bss_conn.c
+++ b/src/lib/libcrypto/bio/bss_conn.c
@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
521 char buf[16]; 521 char buf[16];
522 unsigned char *p = ptr; 522 unsigned char *p = ptr;
523 523
524 sprintf(buf,"%d.%d.%d.%d", 524 BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
525 p[0],p[1],p[2],p[3]); 525 p[0],p[1],p[2],p[3]);
526 if (data->param_hostname != NULL) 526 if (data->param_hostname != NULL)
527 OPENSSL_free(data->param_hostname); 527 OPENSSL_free(data->param_hostname);
528 data->param_hostname=BUF_strdup(buf); 528 data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
532 { 532 {
533 char buf[DECIMAL_SIZE(int)+1]; 533 char buf[DECIMAL_SIZE(int)+1];
534 534
535 sprintf(buf,"%d",*(int *)ptr); 535 BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
536 if (data->param_port != NULL) 536 if (data->param_port != NULL)
537 OPENSSL_free(data->param_port); 537 OPENSSL_free(data->param_port);
538 data->param_port=BUF_strdup(buf); 538 data->param_port=BUF_strdup(buf);
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
index 6904b5c081..9cdf159f82 100644
--- a/src/lib/libcrypto/bio/bss_file.c
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
249 if (num & BIO_FP_APPEND) 249 if (num & BIO_FP_APPEND)
250 { 250 {
251 if (num & BIO_FP_READ) 251 if (num & BIO_FP_READ)
252 strcpy(p,"a+"); 252 BUF_strlcpy(p,"a+",sizeof p);
253 else strcpy(p,"a"); 253 else BUF_strlcpy(p,"a",sizeof p);
254 } 254 }
255 else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) 255 else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
256 strcpy(p,"r+"); 256 BUF_strlcpy(p,"r+",sizeof p);
257 else if (num & BIO_FP_WRITE) 257 else if (num & BIO_FP_WRITE)
258 strcpy(p,"w"); 258 BUF_strlcpy(p,"w",sizeof p);
259 else if (num & BIO_FP_READ) 259 else if (num & BIO_FP_READ)
260 strcpy(p,"r"); 260 BUF_strlcpy(p,"r",sizeof p);
261 else 261 else
262 { 262 {
263 BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); 263 BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl
index 33f6125920..c4de4a2bee 100644
--- a/src/lib/libcrypto/bn/asm/bn-586.pl
+++ b/src/lib/libcrypto/bn/asm/bn-586.pl
@@ -11,7 +11,7 @@ require "x86asm.pl";
11&bn_div_words("bn_div_words"); 11&bn_div_words("bn_div_words");
12&bn_add_words("bn_add_words"); 12&bn_add_words("bn_add_words");
13&bn_sub_words("bn_sub_words"); 13&bn_sub_words("bn_sub_words");
14&bn_sub_part_words("bn_sub_part_words"); 14#&bn_sub_part_words("bn_sub_part_words");
15 15
16&asm_finish(); 16&asm_finish();
17 17
diff --git a/src/lib/libcrypto/bn/asm/x86_64-gcc.c b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
index b97b394661..450e8e4322 100644
--- a/src/lib/libcrypto/bn/asm/x86_64-gcc.c
+++ b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
@@ -142,7 +142,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
142BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) 142BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
143{ BN_ULONG ret,waste; 143{ BN_ULONG ret,waste;
144 144
145 asm ("divq %3" 145 asm ("divq %4"
146 : "=a"(ret),"=d"(waste) 146 : "=a"(ret),"=d"(waste)
147 : "a"(l),"d"(h),"g"(d) 147 : "a"(l),"d"(h),"g"(d)
148 : "cc"); 148 : "cc");
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 5614bc6164..253e195e23 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -433,19 +433,18 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
433int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); 433int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
434int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, 434int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
435 int cl, int dl); 435 int cl, int dl);
436#if 0 436#ifdef BN_RECURSION
437/* bn_mul.c rollback <appro> */ 437void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
438void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 438 BN_ULONG *t);
439 int dna,int dnb,BN_ULONG *t); 439void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
440void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, 440 int n, BN_ULONG *t);
441 int n,int tna,int tnb,BN_ULONG *t);
442#endif
443void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
444void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
445void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 441void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
446 BN_ULONG *t); 442 BN_ULONG *t);
447void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, 443void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
448 BN_ULONG *t); 444 BN_ULONG *t);
445void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
446#endif
447void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
449 448
450#ifdef __cplusplus 449#ifdef __cplusplus
451} 450}
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index fa0ff485ad..e1660450bc 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -145,11 +145,11 @@ char *BN_options(void)
145 { 145 {
146 init++; 146 init++;
147#ifdef BN_LLONG 147#ifdef BN_LLONG
148 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8, 148 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
149 (int)sizeof(BN_ULONG)*8); 149 (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
150#else 150#else
151 sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8, 151 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
152 (int)sizeof(BN_ULONG)*8); 152 (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
153#endif 153#endif
154 } 154 }
155 return(data); 155 return(data);
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index 5f46b1826c..0d942603b1 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -119,6 +119,7 @@ char *BN_bn2dec(const BIGNUM *a)
119 } 119 }
120 if ((t=BN_dup(a)) == NULL) goto err; 120 if ((t=BN_dup(a)) == NULL) goto err;
121 121
122#define BUF_REMAIN (num+3 - (size_t)(p - buf))
122 p=buf; 123 p=buf;
123 lp=bn_data; 124 lp=bn_data;
124 if (t->neg) *(p++)='-'; 125 if (t->neg) *(p++)='-';
@@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
139 /* We now have a series of blocks, BN_DEC_NUM chars 140 /* We now have a series of blocks, BN_DEC_NUM chars
140 * in length, where the last one needs truncation. 141 * in length, where the last one needs truncation.
141 * The blocks need to be reversed in order. */ 142 * The blocks need to be reversed in order. */
142 sprintf(p,BN_DEC_FMT1,*lp); 143 BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
143 while (*p) p++; 144 while (*p) p++;
144 while (lp != bn_data) 145 while (lp != bn_data)
145 { 146 {
146 lp--; 147 lp--;
147 sprintf(p,BN_DEC_FMT2,*lp); 148 BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
148 while (*p) p++; 149 while (*p) p++;
149 } 150 }
150 } 151 }
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index 57d2739ae0..2e9f52f1fd 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
235 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); 235 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
236 goto err; 236 goto err;
237 } 237 }
238 strcpy(section,"default"); 238 BUF_strlcpy(section,"default",10);
239 239
240 if (_CONF_new_data(conf) == 0) 240 if (_CONF_new_data(conf) == 0)
241 { 241 {
@@ -392,7 +392,7 @@ again:
392 ERR_R_MALLOC_FAILURE); 392 ERR_R_MALLOC_FAILURE);
393 goto err; 393 goto err;
394 } 394 }
395 strcpy(v->name,pname); 395 BUF_strlcpy(v->name,pname,strlen(pname)+1);
396 if (!str_copy(conf,psection,&(v->value),start)) goto err; 396 if (!str_copy(conf,psection,&(v->value),start)) goto err;
397 397
398 if (strcmp(psection,section) != 0) 398 if (strcmp(psection,section) != 0)
@@ -447,7 +447,7 @@ err:
447 if (buff != NULL) BUF_MEM_free(buff); 447 if (buff != NULL) BUF_MEM_free(buff);
448 if (section != NULL) OPENSSL_free(section); 448 if (section != NULL) OPENSSL_free(section);
449 if (line != NULL) *line=eline; 449 if (line != NULL) *line=eline;
450 sprintf(btmp,"%ld",eline); 450 BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
451 ERR_add_error_data(2,"line ",btmp); 451 ERR_add_error_data(2,"line ",btmp);
452 if ((h != conf->data) && (conf->data != NULL)) 452 if ((h != conf->data) && (conf->data != NULL))
453 { 453 {
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index edcc08921c..d45adea851 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
232 { 232 {
233 char rcode[DECIMAL_SIZE(ret)+1]; 233 char rcode[DECIMAL_SIZE(ret)+1];
234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); 234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
235 sprintf(rcode, "%-8d", ret); 235 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); 236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
237 } 237 }
238 } 238 }
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
561 561
562 if (!file) 562 if (!file)
563 return NULL; 563 return NULL;
564 strcpy(file,X509_get_default_cert_area()); 564 BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
565#ifndef OPENSSL_SYS_VMS 565#ifndef OPENSSL_SYS_VMS
566 strcat(file,"/"); 566 BUF_strlcat(file,"/",len + 1);
567#endif 567#endif
568 strcat(file,OPENSSL_CONF); 568 BUF_strlcat(file,OPENSSL_CONF,len + 1);
569 569
570 return file; 570 return file;
571 } 571 }
@@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
576 * be used to parse comma separated lists for example. 576 * be used to parse comma separated lists for example.
577 */ 577 */
578 578
579int CONF_parse_list(const char *list, int sep, int nospc, 579int CONF_parse_list(const char *list_, int sep, int nospc,
580 int (*list_cb)(const char *elem, int len, void *usr), void *arg) 580 int (*list_cb)(const char *elem, int len, void *usr), void *arg)
581 { 581 {
582 int ret; 582 int ret;
583 const char *lstart, *tmpend, *p; 583 const char *lstart, *tmpend, *p;
584 lstart = list; 584 lstart = list_;
585 585
586 for(;;) 586 for(;;)
587 { 587 {
diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c
index 8ecfba7b16..beeeb14013 100644
--- a/src/lib/libcrypto/cversion.c
+++ b/src/lib/libcrypto/cversion.c
@@ -61,7 +61,9 @@
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/crypto.h> 62#include <openssl/crypto.h>
63 63
64#ifndef NO_WINDOWS_BRAINDEATH
64#include "buildinf.h" 65#include "buildinf.h"
66#endif
65 67
66const char *SSLeay_version(int t) 68const char *SSLeay_version(int t)
67 { 69 {
@@ -72,7 +74,7 @@ const char *SSLeay_version(int t)
72#ifdef DATE 74#ifdef DATE
73 static char buf[sizeof(DATE)+11]; 75 static char buf[sizeof(DATE)+11];
74 76
75 sprintf(buf,"built on: %s",DATE); 77 BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
76 return(buf); 78 return(buf);
77#else 79#else
78 return("built on: date not available"); 80 return("built on: date not available");
@@ -83,7 +85,7 @@ const char *SSLeay_version(int t)
83#ifdef CFLAGS 85#ifdef CFLAGS
84 static char buf[sizeof(CFLAGS)+11]; 86 static char buf[sizeof(CFLAGS)+11];
85 87
86 sprintf(buf,"compiler: %s",CFLAGS); 88 BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
87 return(buf); 89 return(buf);
88#else 90#else
89 return("compiler: information not available"); 91 return("compiler: information not available");
@@ -94,7 +96,7 @@ const char *SSLeay_version(int t)
94#ifdef PLATFORM 96#ifdef PLATFORM
95 static char buf[sizeof(PLATFORM)+11]; 97 static char buf[sizeof(PLATFORM)+11];
96 98
97 sprintf(buf,"platform: %s", PLATFORM); 99 BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
98 return(buf); 100 return(buf);
99#else 101#else
100 return("platform: information not available"); 102 return("platform: information not available");
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c
index 2600bdfc93..03cabb223c 100644
--- a/src/lib/libcrypto/des/cfb_enc.c
+++ b/src/lib/libcrypto/des/cfb_enc.c
@@ -56,6 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include "e_os.h"
59#include "des_locl.h" 60#include "des_locl.h"
60 61
61/* The input and output are loaded in multiples of 8 bits. 62/* The input and output are loaded in multiples of 8 bits.
@@ -64,17 +65,15 @@
64 * the second. The second 12 bits will come from the 3rd and half the 4th 65 * the second. The second 12 bits will come from the 3rd and half the 4th
65 * byte. 66 * byte.
66 */ 67 */
67/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
68 * length */
69/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it 68/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
70 * will not be compatible with any encryption prior to that date. Ben. */ 69 * will not be compatible with any encryption prior to that date. Ben. */
71void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, 70void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
72 long length, DES_key_schedule *schedule, DES_cblock *ivec, 71 long length, DES_key_schedule *schedule, DES_cblock *ivec,
73 int enc) 72 int enc)
74 { 73 {
75 register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; 74 register DES_LONG d0,d1,v0,v1;
76 register unsigned long l=length; 75 register unsigned long l=length,n=(numbits+7)/8;
77 register int num=numbits; 76 register int num=numbits,i;
78 DES_LONG ti[2]; 77 DES_LONG ti[2];
79 unsigned char *iv; 78 unsigned char *iv;
80 unsigned char ovec[16]; 79 unsigned char ovec[16];
@@ -114,10 +113,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
114 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); 113 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
115 /* now the remaining bits */ 114 /* now the remaining bits */
116 if(num%8 != 0) 115 if(num%8 != 0)
117 for(n=0 ; n < 8 ; ++n) 116 for(i=0 ; i < 8 ; ++i)
118 { 117 {
119 ovec[n]<<=num%8; 118 ovec[i]<<=num%8;
120 ovec[n]|=ovec[n+1]>>(8-num%8); 119 ovec[i]|=ovec[i+1]>>(8-num%8);
121 } 120 }
122 iv=&ovec[0]; 121 iv=&ovec[0];
123 c2l(iv,v0); 122 c2l(iv,v0);
@@ -152,10 +151,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
152 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); 151 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
153 /* now the remaining bits */ 152 /* now the remaining bits */
154 if(num%8 != 0) 153 if(num%8 != 0)
155 for(n=0 ; n < 8 ; ++n) 154 for(i=0 ; i < 8 ; ++i)
156 { 155 {
157 ovec[n]<<=num%8; 156 ovec[i]<<=num%8;
158 ovec[n]|=ovec[n+1]>>(8-num%8); 157 ovec[i]|=ovec[i+1]>>(8-num%8);
159 } 158 }
160 iv=&ovec[0]; 159 iv=&ovec[0];
161 c2l(iv,v0); 160 c2l(iv,v0);
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
index 1b70f68806..784aa5ba23 100644
--- a/src/lib/libcrypto/des/ecb_enc.c
+++ b/src/lib/libcrypto/des/ecb_enc.c
@@ -60,6 +60,7 @@
60#include "des_ver.h" 60#include "des_ver.h"
61#include "spr.h" 61#include "spr.h"
62#include <openssl/opensslv.h> 62#include <openssl/opensslv.h>
63#include <openssl/bio.h>
63 64
64OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; 65OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
65OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; 66OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
@@ -97,7 +98,8 @@ const char *DES_options(void)
97 size="int"; 98 size="int";
98 else 99 else
99 size="long"; 100 size="long";
100 sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); 101 BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
102 size);
101 init=0; 103 init=0;
102 } 104 }
103 return(buf); 105 return(buf);
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
index 5ce4add082..016381f3e9 100644
--- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -2,7 +2,7 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5 EVP_BytesToKey - password based encryption routine 5EVP_BytesToKey - password based encryption routine
6 6
7=head1 SYNOPSIS 7=head1 SYNOPSIS
8 8
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 5901c39526..1cb315e739 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -4,7 +4,7 @@
4 4
5EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, 5EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
6EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, 6EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
7EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, 7EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
8EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, 8EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
9EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, 9EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
10EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - 10EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
diff --git a/src/lib/libcrypto/doc/OPENSSL_config.pod b/src/lib/libcrypto/doc/OPENSSL_config.pod
new file mode 100644
index 0000000000..16600620cc
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_config.pod
@@ -0,0 +1,82 @@
1=pod
2
3=head1 NAME
4
5OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/conf.h>
10
11 void OPENSSL_config(const char *config_name);
12 void OPENSSL_no_config(void);
13
14=head1 DESCRIPTION
15
16OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
17configuration file name using B<config_name>. If B<config_name> is NULL then
18the default name B<openssl_conf> will be used. Any errors are ignored. Further
19calls to OPENSSL_config() will have no effect. The configuration file format
20is documented in the L<conf(5)|conf(5)> manual page.
21
22OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
23no configuration takes place.
24
25=head1 NOTES
26
27It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
28or the more sophisticated functions such as CONF_modules_load() during
29initialization (that is before starting any threads). By doing this
30an application does not need to keep track of all configuration options
31and some new functionality can be supported automatically.
32
33It is also possible to automatically call OPENSSL_config() when an application
34calls OPENSSL_add_all_algorithms() by compiling an application with the
35preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
36can be added without source changes.
37
38The environment variable B<OPENSSL_CONFIG> can be set to specify the location
39of the configuration file.
40
41Currently ASN1 OBJECTs and ENGINE configuration can be performed future
42versions of OpenSSL will add new configuration options.
43
44There are several reasons why calling the OpenSSL configuration routines is
45advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
46In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
47used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
48However very few applications currently support the control interface and so
49very few can load and use dynamic ENGINEs. Equally in future more sophisticated
50ENGINEs will require certain control operations to customize them. If an
51application calls OPENSSL_config() it doesn't need to know or care about
52ENGINE control operations because they can be performed by editing a
53configuration file.
54
55Applications should free up configuration at application closedown by calling
56CONF_modules_free().
57
58=head1 RESTRICTIONS
59
60The OPENSSL_config() function is designed to be a very simple "call it and
61forget it" function. As a result its behaviour is somewhat limited. It ignores
62all errors silently and it can only load from the standard configuration file
63location for example.
64
65It is however B<much> better than nothing. Applications which need finer
66control over their configuration functionality should use the configuration
67functions such as CONF_load_modules() directly.
68
69=head1 RETURN VALUES
70
71Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
72
73=head1 SEE ALSO
74
75L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
76L<CONF_modules_free(3),CONF_modules_free(3)>
77
78=head1 HISTORY
79
80OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7
81
82=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
new file mode 100644
index 0000000000..f14dfaf005
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
@@ -0,0 +1,51 @@
1=pod
2
3=head1 NAME
4
5OPENSSL_load_builtin_modules - add standard configuration modules
6
7=head1 SYNOPSIS
8
9 #include <openssl/conf.h>
10
11 void OPENSSL_load_builtin_modules(void);
12 void ASN1_add_oid_module(void);
13 ENGINE_add_conf_module();
14
15=head1 DESCRIPTION
16
17The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL
18configuration modules to the internal list. They can then be used by the
19OpenSSL configuration code.
20
21ASN1_add_oid_module() adds just the ASN1 OBJECT module.
22
23ENGINE_add_conf_module() adds just the ENGINE configuration module.
24
25=head1 NOTES
26
27If the simple configuration function OPENSSL_config() is called then
28OPENSSL_load_builtin_modules() is called automatically.
29
30Applications which use the configuration functions directly will need to
31call OPENSSL_load_builtin_modules() themselves I<before> any other
32configuration code.
33
34Applications should call OPENSSL_load_builtin_modules() to load all
35configuration modules instead of adding modules selectively: otherwise
36functionality may be missing from the application if an when new
37modules are added.
38
39=head1 RETURN VALUE
40
41None of the functions return a value.
42
43=head1 SEE ALSO
44
45L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)>
46
47=head1 HISTORY
48
49These functions first appeared in OpenSSL 0.9.7.
50
51=cut
diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
index 486c903430..e63411b5bb 100644
--- a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
+++ b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
@@ -36,7 +36,7 @@ None of the functions return a value.
36 36
37=head1 NOTES 37=head1 NOTES
38 38
39A typical application will will call OpenSSL_add_all_algorithms() initially and 39A typical application will call OpenSSL_add_all_algorithms() initially and
40EVP_cleanup() before exiting. 40EVP_cleanup() before exiting.
41 41
42An application does not need to add algorithms to use them explicitly, for example 42An application does not need to add algorithms to use them explicitly, for example
diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod
index e28d107d1c..c971e91f4d 100644
--- a/src/lib/libcrypto/doc/RSA_print.pod
+++ b/src/lib/libcrypto/doc/RSA_print.pod
@@ -44,6 +44,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
44 44
45RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), 45RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
46DH_print_fp() are available in all versions of SSLeay and OpenSSL. 46DH_print_fp() are available in all versions of SSLeay and OpenSSL.
47DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8. 47DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
48 48
49=cut 49=cut
diff --git a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
index 6ebd30427b..22c1b50f22 100644
--- a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
+++ b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
@@ -9,6 +9,7 @@ and parsing functions.
9=head1 SYNOPSIS 9=head1 SYNOPSIS
10 10
11 #include <openssl/dsa.h> 11 #include <openssl/dsa.h>
12 #include <openssl/x509.h>
12 13
13 DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); 14 DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
14 15
@@ -35,8 +36,8 @@ and parsing functions.
35d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key 36d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
36components structure. 37components structure.
37 38
38d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a 39d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
39SubjectPublicKeyInfo (certificate public key) structure. 40a SubjectPublicKeyInfo (certificate public key) structure.
40 41
41d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key 42d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
42components. 43components.
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
index 7c71bcbf3d..279b29c873 100644
--- a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
+++ b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
@@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
9=head1 SYNOPSIS 9=head1 SYNOPSIS
10 10
11 #include <openssl/rsa.h> 11 #include <openssl/rsa.h>
12 #include <openssl/x509.h>
12 13
13 RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); 14 RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
14 15
@@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
31d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey 32d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
32structure. 33structure.
33 34
34d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a 35d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
35SubjectPublicKeyInfo (certificate public key) structure. 36a SubjectPublicKeyInfo (certificate public key) structure.
36 37
37d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey 38d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
38structure. 39structure.
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
index 556069b9b8..48d9fdb25e 100644
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); 383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
384 return(0); 384 return(0);
385 } 385 }
386 strcpy(copied, filename); 386 BUF_strlcpy(copied, filename, strlen(filename) + 1);
387 if(dso->filename) 387 if(dso->filename)
388 OPENSSL_free(dso->filename); 388 OPENSSL_free(dso->filename);
389 dso->filename = copied; 389 dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
422 ERR_R_MALLOC_FAILURE); 422 ERR_R_MALLOC_FAILURE);
423 return(NULL); 423 return(NULL);
424 } 424 }
425 strcpy(result, filename); 425 BUF_strlcpy(result, filename, strlen(filename) + 1);
426 } 426 }
427 return(result); 427 return(result);
428 } 428 }
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index 4666a052bf..e9a51fb87a 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
896 } 896 }
897 form = buf[0]; 897 form = buf[0];
898 y_bit = form & 1; 898 y_bit = form & 1;
899 form = form & ~1; 899 form = form & ~1U;
900 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) 900 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
901 && (form != POINT_CONVERSION_UNCOMPRESSED) 901 && (form != POINT_CONVERSION_UNCOMPRESSED)
902 && (form != POINT_CONVERSION_HYBRID)) 902 && (form != POINT_CONVERSION_HYBRID))
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
index ad3858395b..412c73fb0f 100644
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -160,15 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: 160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
161 return strlen(e->cmd_defns[idx].cmd_name); 161 return strlen(e->cmd_defns[idx].cmd_name);
162 case ENGINE_CTRL_GET_NAME_FROM_CMD: 162 case ENGINE_CTRL_GET_NAME_FROM_CMD:
163 return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); 163 return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
164 "%s", e->cmd_defns[idx].cmd_name);
164 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: 165 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
165 if(e->cmd_defns[idx].cmd_desc) 166 if(e->cmd_defns[idx].cmd_desc)
166 return strlen(e->cmd_defns[idx].cmd_desc); 167 return strlen(e->cmd_defns[idx].cmd_desc);
167 return strlen(int_no_description); 168 return strlen(int_no_description);
168 case ENGINE_CTRL_GET_DESC_FROM_CMD: 169 case ENGINE_CTRL_GET_DESC_FROM_CMD:
169 if(e->cmd_defns[idx].cmd_desc) 170 if(e->cmd_defns[idx].cmd_desc)
170 return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); 171 return BIO_snprintf(s,
171 return sprintf(s, "%s", int_no_description); 172 strlen(e->cmd_defns[idx].cmd_desc) + 1,
173 "%s", e->cmd_defns[idx].cmd_desc);
174 return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
175 int_no_description);
172 case ENGINE_CTRL_GET_CMD_FLAGS: 176 case ENGINE_CTRL_GET_CMD_FLAGS:
173 return e->cmd_defns[idx].cmd_flags; 177 return e->cmd_defns[idx].cmd_flags;
174 } 178 }
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
index 0d7dae00b2..7ccf7022ee 100644
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg)
107 } 107 }
108 108
109 109
110int ENGINE_set_default_string(ENGINE *e, const char *list) 110int ENGINE_set_default_string(ENGINE *e, const char *def_list)
111 { 111 {
112 unsigned int flags = 0; 112 unsigned int flags = 0;
113 if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags)) 113 if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
114 { 114 {
115 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, 115 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
116 ENGINE_R_INVALID_STRING); 116 ENGINE_R_INVALID_STRING);
117 ERR_add_error_data(2, "str=",list); 117 ERR_add_error_data(2, "str=",def_list);
118 return 0; 118 return 0;
119 } 119 }
120 return ENGINE_set_default(e, flags); 120 return ENGINE_set_default(e, flags);
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index 9c3ab182d3..900f75ce8d 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
513 * structure will have had its reference count up'd so the caller 513 * structure will have had its reference count up'd so the caller
514 * should still free their own reference 'e'. */ 514 * should still free their own reference 'e'. */
515int ENGINE_set_default_RSA(ENGINE *e); 515int ENGINE_set_default_RSA(ENGINE *e);
516int ENGINE_set_default_string(ENGINE *e, const char *list); 516int ENGINE_set_default_string(ENGINE *e, const char *def_list);
517/* Same for the other "methods" */ 517/* Same for the other "methods" */
518int ENGINE_set_default_DSA(ENGINE *e); 518int ENGINE_set_default_DSA(ENGINE *e);
519int ENGINE_set_default_DH(ENGINE *e); 519int ENGINE_set_default_DH(ENGINE *e);
@@ -616,17 +616,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
616 const dynamic_fns *fns); 616 const dynamic_fns *fns);
617#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ 617#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
618 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ 618 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
619 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ 619 if (ERR_get_implementation() != fns->err_fns) \
620 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ 620 { \
621 return 0; \ 621 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
622 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ 622 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
623 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ 623 return 0; \
624 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ 624 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
625 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ 625 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
626 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ 626 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
627 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ 627 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
628 return 0; \ 628 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
629 if(!ERR_set_implementation(fns->err_fns)) return 0; \ 629 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
630 return 0; \
631 if(!ERR_set_implementation(fns->err_fns)) return 0; \
632 } \
630 if(!fn(e,id)) return 0; \ 633 if(!fn(e,id)) return 0; \
631 return 1; } 634 return 1; }
632 635
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index 633a1addfe..792f329600 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...)
1065 else 1065 else
1066 str=p; 1066 str=p;
1067 } 1067 }
1068 strcat(str,a); 1068 BUF_strlcat(str,a,s+1);
1069 } 1069 }
1070 } 1070 }
1071 ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); 1071 ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index b22eed4421..0623ddf1f0 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -248,6 +248,7 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
248 248
249int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) 249int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
250 { 250 {
251 unsigned char *tmp_buf;
251 if ((in == NULL) || (in->digest == NULL)) 252 if ((in == NULL) || (in->digest == NULL))
252 { 253 {
253 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); 254 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
@@ -262,15 +263,22 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
262 } 263 }
263#endif 264#endif
264 265
266 if (out->digest == in->digest)
267 {
268 tmp_buf = out->md_data;
269 EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
270 }
271 else tmp_buf = NULL;
265 EVP_MD_CTX_cleanup(out); 272 EVP_MD_CTX_cleanup(out);
266 memcpy(out,in,sizeof *out); 273 memcpy(out,in,sizeof *out);
267 274
268 if (out->digest->ctx_size) 275 if (out->digest->ctx_size)
269 { 276 {
270 out->md_data=OPENSSL_malloc(out->digest->ctx_size); 277 if (tmp_buf) out->md_data = tmp_buf;
278 else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
271 memcpy(out->md_data,in->md_data,out->digest->ctx_size); 279 memcpy(out->md_data,in->md_data,out->digest->ctx_size);
272 } 280 }
273 281
274 if (out->digest->copy) 282 if (out->digest->copy)
275 return out->digest->copy(out,in); 283 return out->digest->copy(out,in);
276 284
@@ -308,7 +316,8 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
308 if (ctx->digest && ctx->digest->cleanup 316 if (ctx->digest && ctx->digest->cleanup
309 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) 317 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
310 ctx->digest->cleanup(ctx); 318 ctx->digest->cleanup(ctx);
311 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) 319 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
320 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
312 { 321 {
313 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); 322 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
314 OPENSSL_free(ctx->md_data); 323 OPENSSL_free(ctx->md_data);
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 45a25f968d..4801d8eaa3 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -329,6 +329,8 @@ struct env_md_ctx_st
329 * once only */ 329 * once only */
330#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been 330#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
331 * cleaned */ 331 * cleaned */
332#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
333 * in EVP_MD_CTX_cleanup */
332 334
333struct evp_cipher_st 335struct evp_cipher_st
334 { 336 {
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index be0758a879..8ea5aa935d 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
148#endif 148#endif
149 149
150 ctx->cipher=cipher; 150 ctx->cipher=cipher;
151 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 151 if (ctx->cipher->ctx_size)
152 {
153 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
154 if (!ctx->cipher_data)
155 {
156 EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 }
160 else
161 {
162 ctx->cipher_data = NULL;
163 }
152 ctx->key_len = cipher->key_len; 164 ctx->key_len = cipher->key_len;
153 ctx->flags = 0; 165 ctx->flags = 0;
154 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) 166 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 0da88fdcff..91e545a141 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
87 if (i == -1) { 87 if (i == -1) {
88 char obj_tmp[80]; 88 char obj_tmp[80];
89 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); 89 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
90 if (!pbe_obj) strcpy (obj_tmp, "NULL"); 90 if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
91 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); 91 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
92 ERR_add_error_data(2, "TYPE=", obj_tmp); 92 ERR_add_error_data(2, "TYPE=", obj_tmp);
93 return 0; 93 return 0;
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 34b5b1d21c..eb481ec661 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
210#endif 210#endif
211 default: 211 default:
212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
213 if (!a->algorithm) strcpy (obj_tmp, "NULL"); 213 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
214 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); 214 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
215 ERR_add_error_data(2, "TYPE=", obj_tmp); 215 ERR_add_error_data(2, "TYPE=", obj_tmp);
216 EVP_PKEY_free (pkey); 216 EVP_PKEY_free (pkey);
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
index 57bd08f65d..e212de27e4 100644
--- a/src/lib/libcrypto/mem_dbg.c
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
597 struct tm *lcl = NULL; 597 struct tm *lcl = NULL;
598 unsigned long ti; 598 unsigned long ti;
599 599
600#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
601
600 if(m->addr == (char *)l->bio) 602 if(m->addr == (char *)l->bio)
601 return; 603 return;
602 604
@@ -604,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
604 { 606 {
605 lcl = localtime(&m->time); 607 lcl = localtime(&m->time);
606 608
607 sprintf(bufp, "[%02d:%02d:%02d] ", 609 BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
608 lcl->tm_hour,lcl->tm_min,lcl->tm_sec); 610 lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
609 bufp += strlen(bufp); 611 bufp += strlen(bufp);
610 } 612 }
611 613
612 sprintf(bufp, "%5lu file=%s, line=%d, ", 614 BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
613 m->order,m->file,m->line); 615 m->order,m->file,m->line);
614 bufp += strlen(bufp); 616 bufp += strlen(bufp);
615 617
616 if (options & V_CRYPTO_MDEBUG_THREAD) 618 if (options & V_CRYPTO_MDEBUG_THREAD)
617 { 619 {
618 sprintf(bufp, "thread=%lu, ", m->thread); 620 BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
619 bufp += strlen(bufp); 621 bufp += strlen(bufp);
620 } 622 }
621 623
622 sprintf(bufp, "number=%d, address=%08lX\n", 624 BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
623 m->num,(unsigned long)m->addr); 625 m->num,(unsigned long)m->addr);
624 bufp += strlen(bufp); 626 bufp += strlen(bufp);
625 627
@@ -641,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
641 643
642 ami_cnt++; 644 ami_cnt++;
643 memset(buf,'>',ami_cnt); 645 memset(buf,'>',ami_cnt);
644 sprintf(buf + ami_cnt, 646 BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
645 " thread=%lu, file=%s, line=%d, info=\"", 647 " thread=%lu, file=%s, line=%d, info=\"",
646 amip->thread, amip->file, amip->line); 648 amip->thread, amip->file, amip->line);
647 buf_len=strlen(buf); 649 buf_len=strlen(buf);
@@ -653,10 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
653 } 655 }
654 else 656 else
655 { 657 {
656 strcpy(buf + buf_len, amip->info); 658 BUF_strlcpy(buf + buf_len, amip->info,
659 sizeof buf - buf_len);
657 buf_len = strlen(buf); 660 buf_len = strlen(buf);
658 } 661 }
659 sprintf(buf + buf_len, "\"\n"); 662 BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
660 663
661 BIO_puts(l->bio,buf); 664 BIO_puts(l->bio,buf);
662 665
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 5d983e3ed4..4534dc0985 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
462 if (i > 2) i=2; 462 if (i > 2) i=2;
463 l-=(long)(i*40); 463 l-=(long)(i*40);
464 464
465 sprintf(tbuf,"%d.%lu",i,l); 465 BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
466 i=strlen(tbuf); 466 i=strlen(tbuf);
467 BUF_strlcpy(buf,tbuf,buf_len); 467 BUF_strlcpy(buf,tbuf,buf_len);
468 buf_len-=i; 468 buf_len-=i;
@@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
473 for (; idx<len; idx++) { 473 for (; idx<len; idx++) {
474 l|=p[idx]&0x7f; 474 l|=p[idx]&0x7f;
475 if (!(p[idx] & 0x80)) { 475 if (!(p[idx] & 0x80)) {
476 sprintf(tbuf,".%lu",l); 476 BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
477 i=strlen(tbuf); 477 i=strlen(tbuf);
478 if (buf_len > 0) 478 if (buf_len > 0)
479 BUF_strlcpy(buf,tbuf,buf_len); 479 BUF_strlcpy(buf,tbuf,buf_len);
diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl
index 5dfb84ea00..d0371661f9 100644
--- a/src/lib/libcrypto/objects/obj_dat.pl
+++ b/src/lib/libcrypto/objects/obj_dat.pl
@@ -1,5 +1,9 @@
1#!/usr/local/bin/perl 1#!/usr/local/bin/perl
2 2
3# fixes bug in floating point emulation on sparc64 when
4# this script produces off-by-one output on sparc64
5use integer;
6
3sub obj_cmp 7sub obj_cmp
4 { 8 {
5 local(@a,@b,$_,$r); 9 local(@a,@b,$_,$r);
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index d6c8899f58..57399433fc 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -305,6 +305,8 @@ err:
305 305
306/* Add a nonce to an extension stack. A nonce can be specificed or if NULL 306/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
307 * a random nonce will be generated. 307 * a random nonce will be generated.
308 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
309 * nonce, previous versions used the raw nonce.
308 */ 310 */
309 311
310static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) 312static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
@@ -313,20 +315,28 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
313 ASN1_OCTET_STRING os; 315 ASN1_OCTET_STRING os;
314 int ret = 0; 316 int ret = 0;
315 if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; 317 if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
316 if (val) tmpval = val; 318 /* Create the OCTET STRING manually by writing out the header and
319 * appending the content octets. This avoids an extra memory allocation
320 * operation in some cases. Applications should *NOT* do this because
321 * it relies on library internals.
322 */
323 os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
324 os.data = OPENSSL_malloc(os.length);
325 if (os.data == NULL)
326 goto err;
327 tmpval = os.data;
328 ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
329 if (val)
330 memcpy(tmpval, val, len);
317 else 331 else
318 {
319 if (!(tmpval = OPENSSL_malloc(len))) goto err;
320 RAND_pseudo_bytes(tmpval, len); 332 RAND_pseudo_bytes(tmpval, len);
321 }
322 os.data = tmpval;
323 os.length = len;
324 if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, 333 if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
325 &os, 0, X509V3_ADD_REPLACE)) 334 &os, 0, X509V3_ADD_REPLACE))
326 goto err; 335 goto err;
327 ret = 1; 336 ret = 1;
328 err: 337 err:
329 if(!val) OPENSSL_free(tmpval); 338 if (os.data)
339 OPENSSL_free(os.data);
330 return ret; 340 return ret;
331 } 341 }
332 342
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 3875af165c..9e87fc7895 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -253,6 +253,7 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
253 253
254 254
255 err: 255 err:
256 if (buf) OPENSSL_free(buf);
256 if (*ppath) OPENSSL_free(*ppath); 257 if (*ppath) OPENSSL_free(*ppath);
257 if (*pport) OPENSSL_free(*pport); 258 if (*pport) OPENSSL_free(*pport);
258 if (*phost) OPENSSL_free(*phost); 259 if (*phost) OPENSSL_free(*phost);
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 1f5fda7ca3..3d58dfb06c 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -272,7 +272,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
272 272
273 for (i = 1; i < idcount; i++) 273 for (i = 1; i < idcount; i++)
274 { 274 {
275 tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; 275 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
276 /* Check to see if IDs match */ 276 /* Check to see if IDs match */
277 if (OCSP_id_issuer_cmp(cid, tmpid)) 277 if (OCSP_id_issuer_cmp(cid, tmpid))
278 { 278 {
@@ -330,7 +330,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
330 OCSP_CERTID *tmpid; 330 OCSP_CERTID *tmpid;
331 for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) 331 for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
332 { 332 {
333 tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; 333 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
334 ret = ocsp_match_issuerid(cert, tmpid, NULL); 334 ret = ocsp_match_issuerid(cert, tmpid, NULL);
335 if (ret <= 0) return ret; 335 if (ret <= 0) return ret;
336 } 336 }
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index e226d9de79..02f1710fb3 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090703fL 28#define OPENSSL_VERSION_NUMBER 0x0090704fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d 17 Mar 2004"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 70b5446797..7785039b99 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
131 else 131 else
132 str="BAD-TYPE"; 132 str="BAD-TYPE";
133 133
134 strcat(buf,"Proc-Type: 4,"); 134 BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
135 strcat(buf,str); 135 BUF_strlcat(buf,str,PEM_BUFSIZE);
136 strcat(buf,"\n"); 136 BUF_strlcat(buf,"\n",PEM_BUFSIZE);
137 } 137 }
138 138
139void PEM_dek_info(char *buf, const char *type, int len, char *str) 139void PEM_dek_info(char *buf, const char *type, int len, char *str)
@@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
142 long i; 142 long i;
143 int j; 143 int j;
144 144
145 strcat(buf,"DEK-Info: "); 145 BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
146 strcat(buf,type); 146 BUF_strlcat(buf,type,PEM_BUFSIZE);
147 strcat(buf,","); 147 BUF_strlcat(buf,",",PEM_BUFSIZE);
148 j=strlen(buf); 148 j=strlen(buf);
149 if (j + (len * 2) + 1 > PEM_BUFSIZE)
150 return;
149 for (i=0; i<len; i++) 151 for (i=0; i<len; i++)
150 { 152 {
151 buf[j+i*2] =map[(str[i]>>4)&0x0f]; 153 buf[j+i*2] =map[(str[i]>>4)&0x0f];
@@ -533,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
533 long len) 535 long len)
534 { 536 {
535 int nlen,n,i,j,outl; 537 int nlen,n,i,j,outl;
536 unsigned char *buf; 538 unsigned char *buf = NULL;
537 EVP_ENCODE_CTX ctx; 539 EVP_ENCODE_CTX ctx;
538 int reason=ERR_R_BUF_LIB; 540 int reason=ERR_R_BUF_LIB;
539 541
@@ -553,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
553 goto err; 555 goto err;
554 } 556 }
555 557
556 buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8); 558 buf = OPENSSL_malloc(PEM_BUFSIZE*8);
557 if (buf == NULL) 559 if (buf == NULL)
558 { 560 {
559 reason=ERR_R_MALLOC_FAILURE; 561 reason=ERR_R_MALLOC_FAILURE;
@@ -574,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
574 EVP_EncodeFinal(&ctx,buf,&outl); 576 EVP_EncodeFinal(&ctx,buf,&outl);
575 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; 577 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
576 OPENSSL_free(buf); 578 OPENSSL_free(buf);
579 buf = NULL;
577 if ( (BIO_write(bp,"-----END ",9) != 9) || 580 if ( (BIO_write(bp,"-----END ",9) != 9) ||
578 (BIO_write(bp,name,nlen) != nlen) || 581 (BIO_write(bp,name,nlen) != nlen) ||
579 (BIO_write(bp,"-----\n",6) != 6)) 582 (BIO_write(bp,"-----\n",6) != 6))
580 goto err; 583 goto err;
581 return(i+outl); 584 return(i+outl);
582err: 585err:
586 if (buf)
587 OPENSSL_free(buf);
583 PEMerr(PEM_F_PEM_WRITE_BIO,reason); 588 PEMerr(PEM_F_PEM_WRITE_BIO,reason);
584 return(0); 589 return(0);
585 } 590 }
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index d96ecf6940..f77c949e87 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -87,6 +87,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
87 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 87 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
88 if(!p8inf) goto p8err; 88 if(!p8inf) goto p8err;
89 ret = EVP_PKCS82PKEY(p8inf); 89 ret = EVP_PKCS82PKEY(p8inf);
90 if(x) {
91 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
92 *x = ret;
93 }
90 PKCS8_PRIV_KEY_INFO_free(p8inf); 94 PKCS8_PRIV_KEY_INFO_free(p8inf);
91 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { 95 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
92 PKCS8_PRIV_KEY_INFO *p8inf; 96 PKCS8_PRIV_KEY_INFO *p8inf;
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 190ca0e9bf..35c7dcd0b3 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -91,17 +91,19 @@ static int PKCS7_type_is_other(PKCS7* p7)
91 91
92 } 92 }
93 93
94static int PKCS7_type_is_octet_string(PKCS7* p7) 94static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
95 { 95 {
96 if ( 0==PKCS7_type_is_other(p7) ) 96 if ( PKCS7_type_is_data(p7))
97 return 0; 97 return p7->d.data;
98 98 if ( PKCS7_type_is_other(p7) && p7->d.other
99 return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; 99 && (p7->d.other->type == V_ASN1_OCTET_STRING))
100 return p7->d.other->value.octet_string;
101 return NULL;
100 } 102 }
101 103
102BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 104BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
103 { 105 {
104 int i,j; 106 int i;
105 BIO *out=NULL,*btmp=NULL; 107 BIO *out=NULL,*btmp=NULL;
106 X509_ALGOR *xa; 108 X509_ALGOR *xa;
107 const EVP_MD *evp_md; 109 const EVP_MD *evp_md;
@@ -159,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
159 goto err; 161 goto err;
160 } 162 }
161 163
162 j=OBJ_obj2nid(xa->algorithm); 164 evp_md=EVP_get_digestbyobj(xa->algorithm);
163 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
164 if (evp_md == NULL) 165 if (evp_md == NULL)
165 { 166 {
166 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); 167 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -250,29 +251,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
250 btmp=NULL; 251 btmp=NULL;
251 } 252 }
252 253
253 if (bio == NULL) { 254 if (bio == NULL)
255 {
254 if (PKCS7_is_detached(p7)) 256 if (PKCS7_is_detached(p7))
255 bio=BIO_new(BIO_s_null()); 257 bio=BIO_new(BIO_s_null());
256 else { 258 else
257 if (PKCS7_type_is_signed(p7) ) { 259 {
258 if ( PKCS7_type_is_data(p7->d.sign->contents)) { 260 ASN1_OCTET_STRING *os;
259 ASN1_OCTET_STRING *os; 261 os = PKCS7_get_octet_string(p7->d.sign->contents);
260 os=p7->d.sign->contents->d.data; 262 if (os && os->length > 0)
261 if (os->length > 0) 263 bio = BIO_new_mem_buf(os->data, os->length);
262 bio = BIO_new_mem_buf(os->data, os->length); 264 if(bio == NULL)
263 } 265 {
264 else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
265 ASN1_OCTET_STRING *os;
266 os=p7->d.sign->contents->d.other->value.octet_string;
267 if (os->length > 0)
268 bio = BIO_new_mem_buf(os->data, os->length);
269 }
270 }
271 if(bio == NULL) {
272 bio=BIO_new(BIO_s_mem()); 266 bio=BIO_new(BIO_s_mem());
273 BIO_set_mem_eof_return(bio,0); 267 BIO_set_mem_eof_return(bio,0);
268 }
274 } 269 }
275 }
276 } 270 }
277 BIO_push(out,bio); 271 BIO_push(out,bio);
278 bio=NULL; 272 bio=NULL;
@@ -311,7 +305,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
311 switch (i) 305 switch (i)
312 { 306 {
313 case NID_pkcs7_signed: 307 case NID_pkcs7_signed:
314 data_body=p7->d.sign->contents->d.data; 308 data_body=PKCS7_get_octet_string(p7->d.sign->contents);
315 md_sk=p7->d.sign->md_algs; 309 md_sk=p7->d.sign->md_algs;
316 break; 310 break;
317 case NID_pkcs7_signedAndEnveloped: 311 case NID_pkcs7_signedAndEnveloped:
@@ -319,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
319 md_sk=p7->d.signed_and_enveloped->md_algs; 313 md_sk=p7->d.signed_and_enveloped->md_algs;
320 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 314 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
321 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 315 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
322 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); 316 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
323 if (evp_cipher == NULL) 317 if (evp_cipher == NULL)
324 { 318 {
325 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 319 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -331,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
331 rsk=p7->d.enveloped->recipientinfo; 325 rsk=p7->d.enveloped->recipientinfo;
332 enc_alg=p7->d.enveloped->enc_data->algorithm; 326 enc_alg=p7->d.enveloped->enc_data->algorithm;
333 data_body=p7->d.enveloped->enc_data->enc_data; 327 data_body=p7->d.enveloped->enc_data->enc_data;
334 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); 328 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
335 if (evp_cipher == NULL) 329 if (evp_cipher == NULL)
336 { 330 {
337 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 331 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -357,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
357 } 351 }
358 352
359 j=OBJ_obj2nid(xa->algorithm); 353 j=OBJ_obj2nid(xa->algorithm);
360 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); 354 evp_md=EVP_get_digestbynid(j);
361 if (evp_md == NULL) 355 if (evp_md == NULL)
362 { 356 {
363 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 357 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -531,9 +525,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
531 break; 525 break;
532 case NID_pkcs7_signed: 526 case NID_pkcs7_signed:
533 si_sk=p7->d.sign->signer_info; 527 si_sk=p7->d.sign->signer_info;
534 os=p7->d.sign->contents->d.data; 528 os=PKCS7_get_octet_string(p7->d.sign->contents);
535 /* If detached data then the content is excluded */ 529 /* If detached data then the content is excluded */
536 if(p7->detached) { 530 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
537 M_ASN1_OCTET_STRING_free(os); 531 M_ASN1_OCTET_STRING_free(os);
538 p7->d.sign->contents->d.data = NULL; 532 p7->d.sign->contents->d.data = NULL;
539 } 533 }
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 41574768ab..f5d0843d13 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -56,6 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* We need to define this to get macros like S_IFBLK and S_IFCHR */
60#define _XOPEN_SOURCE 1
61
59#include <errno.h> 62#include <errno.h>
60#include <stdio.h> 63#include <stdio.h>
61#include <stdlib.h> 64#include <stdlib.h>
@@ -64,6 +67,7 @@
64#include "e_os.h" 67#include "e_os.h"
65#include <openssl/crypto.h> 68#include <openssl/crypto.h>
66#include <openssl/rand.h> 69#include <openssl/rand.h>
70#include <openssl/buffer.h>
67 71
68#ifdef OPENSSL_SYS_VMS 72#ifdef OPENSSL_SYS_VMS
69#include <unixio.h> 73#include <unixio.h>
@@ -106,6 +110,16 @@ int RAND_load_file(const char *file, long bytes)
106 110
107 in=fopen(file,"rb"); 111 in=fopen(file,"rb");
108 if (in == NULL) goto err; 112 if (in == NULL) goto err;
113#if defined(S_IFBLK) && defined(S_IFCHR)
114 if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
115 /* this file is a device. we don't want read an infinite number
116 * of bytes from a random device, nor do we want to use buffered
117 * I/O because we will waste system entropy.
118 */
119 bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
120 setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
121 }
122#endif
109 for (;;) 123 for (;;)
110 { 124 {
111 if (bytes > 0) 125 if (bytes > 0)
@@ -135,7 +149,22 @@ int RAND_write_file(const char *file)
135 int i,ret=0,rand_err=0; 149 int i,ret=0,rand_err=0;
136 FILE *out = NULL; 150 FILE *out = NULL;
137 int n; 151 int n;
152 struct stat sb;
138 153
154 i=stat(file,&sb);
155 if (i != -1) {
156#if defined(S_IFBLK) && defined(S_IFCHR)
157 if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
158 /* this file is a device. we don't write back to it.
159 * we "succeed" on the assumption this is some sort
160 * of random device. Otherwise attempting to write to
161 * and chmod the device causes problems.
162 */
163 return(1);
164 }
165#endif
166 }
167
139#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) 168#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
140 /* For some reason Win32 can't write to files created this way */ 169 /* For some reason Win32 can't write to files created this way */
141 170
@@ -197,16 +226,17 @@ err:
197const char *RAND_file_name(char *buf, size_t size) 226const char *RAND_file_name(char *buf, size_t size)
198 { 227 {
199 char *s=NULL; 228 char *s=NULL;
200 char *ret=NULL; 229 int ok = 0;
230#ifdef __OpenBSD__
231 struct stat sb;
232#endif
201 233
202 if (OPENSSL_issetugid() == 0) 234 if (OPENSSL_issetugid() == 0)
203 s=getenv("RANDFILE"); 235 s=getenv("RANDFILE");
204 if (s != NULL) 236 if (s != NULL && *s && strlen(s) + 1 < size)
205 { 237 {
206 if(strlen(s) >= size) 238 if (BUF_strlcpy(buf,s,size) >= size)
207 return NULL; 239 return NULL;
208 strcpy(buf,s);
209 ret=buf;
210 } 240 }
211 else 241 else
212 { 242 {
@@ -218,17 +248,36 @@ const char *RAND_file_name(char *buf, size_t size)
218 s = DEFAULT_HOME; 248 s = DEFAULT_HOME;
219 } 249 }
220#endif 250#endif
221 if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size)) 251 if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
222 { 252 {
223 strcpy(buf,s); 253 BUF_strlcpy(buf,s,size);
224#ifndef OPENSSL_SYS_VMS 254#ifndef OPENSSL_SYS_VMS
225 strcat(buf,"/"); 255 BUF_strlcat(buf,"/",size);
226#endif 256#endif
227 strcat(buf,RFILE); 257 BUF_strlcat(buf,RFILE,size);
228 ret=buf; 258 ok = 1;
229 } 259 }
230 else 260 else
231 buf[0] = '\0'; /* no file name */ 261 buf[0] = '\0'; /* no file name */
232 } 262 }
233 return(ret); 263
264#ifdef __OpenBSD__
265 /* given that all random loads just fail if the file can't be
266 * seen on a stat, we stat the file we're returning, if it
267 * fails, use /dev/arandom instead. this allows the user to
268 * use their own source for good random data, but defaults
269 * to something hopefully decent if that isn't available.
270 */
271
272 if (!ok)
273 if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
274 return(NULL);
275 }
276 if (stat(buf,&sb) == -1)
277 if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
278 return(NULL);
279 }
280
281#endif
282 return(buf);
234 } 283 }
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
index fe51fd0794..e00f709553 100644
--- a/src/lib/libcrypto/sha/asm/sha1-586.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-586.pl
@@ -1,5 +1,30 @@
1#!/usr/local/bin/perl 1#!/usr/local/bin/perl
2 2
3# It was noted that Intel IA-32 C compiler generates code which
4# performs ~30% *faster* on P4 CPU than original *hand-coded*
5# SHA1 assembler implementation. To address this problem (and
6# prove that humans are still better than machines:-), the
7# original code was overhauled, which resulted in following
8# performance changes:
9#
10# compared with original compared with Intel cc
11# assembler impl. generated code
12# Pentium -25% +37%
13# PIII/AMD +8% +16%
14# P4 +85%(!) +45%
15#
16# As you can see Pentium came out as looser:-( Yet I reckoned that
17# improvement on P4 outweights the loss and incorporate this
18# re-tuned code to 0.9.7 and later.
19# ----------------------------------------------------------------
20# Those who for any particular reason absolutely must score on
21# Pentium can replace this module with one from 0.9.6 distribution.
22# This "offer" shall be revoked the moment programming interface to
23# this module is changed, in which case this paragraph should be
24# removed.
25# ----------------------------------------------------------------
26# <appro@fy.chalmers.se>
27
3$normal=0; 28$normal=0;
4 29
5push(@INC,"perlasm","../../perlasm"); 30push(@INC,"perlasm","../../perlasm");
@@ -77,54 +102,21 @@ sub BODY_00_15
77 { 102 {
78 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 103 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
79 104
80return if $n & 1;
81 &comment("00_15 $n"); 105 &comment("00_15 $n");
82 106
83 &mov($f,$c);
84
85 &mov($tmp1,$a);
86 &xor($f,$d); # F2
87
88 &rotl($tmp1,5); # A2
89
90 &and($f,$b); # F3
91 &add($tmp1,$e);
92
93 &rotr($b,1); # B1 <- F
94 &mov($e,&swtmp($n)); # G1
95
96 &rotr($b,1); # B1 <- F
97 &xor($f,$d); # F4
98
99 &lea($tmp1,&DWP($K,$tmp1,$e,1));
100
101############################
102# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
103# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
104$n++;
105 local($n0,$n1,$n2,$n3,$np)=&Na($n);
106 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
107
108 &mov($f,$c);
109
110 &add($a,$tmp1); # MOVED DOWN
111 &xor($f,$d); # F2
112
113 &mov($tmp1,$a); 107 &mov($tmp1,$a);
114 &and($f,$b); # F3 108 &mov($f,$c); # f to hold F_00_19(b,c,d)
115 109 &rotl($tmp1,5); # tmp1=ROTATE(a,5)
116 &rotl($tmp1,5); # A2 110 &xor($f,$d);
117 111 &and($f,$b);
118 &add($tmp1,$e); 112 &rotr($b,2); # b=ROTATE(b,30)
119 &mov($e,&swtmp($n)); # G1 113 &add($tmp1,$e); # tmp1+=e;
120 114 &mov($e,&swtmp($n)); # e becomes volatile and
121 &rotr($b,1); # B1 <- F 115 # is loaded with xi
122 &xor($f,$d); # F4 116 &xor($f,$d); # f holds F_00_19(b,c,d)
123 117 &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
124 &rotr($b,1); # B1 <- F 118
125 &lea($tmp1,&DWP($K,$tmp1,$e,1)); 119 &add($f,$tmp1); # f+=tmp1
126
127 &add($f,$tmp1);
128 } 120 }
129 121
130sub BODY_16_19 122sub BODY_16_19
@@ -132,66 +124,24 @@ sub BODY_16_19
132 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 124 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
133 local($n0,$n1,$n2,$n3,$np)=&Na($n); 125 local($n0,$n1,$n2,$n3,$np)=&Na($n);
134 126
135return if $n & 1;
136 &comment("16_19 $n"); 127 &comment("16_19 $n");
137 128
138 &nop() if ($pos < 0); 129 &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd)
139&mov($tmp1,&swtmp($n0)); # X1 130 &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d)
140 &mov($f,&swtmp($n1)); # X2 131 &xor($f,&swtmp($n0));
141&xor($f,$tmp1); # X3 132 &xor($tmp1,$d);
142 &mov($tmp1,&swtmp($n2)); # X4 133 &xor($f,&swtmp($n2));
143&xor($f,$tmp1); # X5 134 &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d)
144 &mov($tmp1,&swtmp($n3)); # X6 135 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
145&xor($f,$tmp1); # X7 - slot 136 &rotr($b,2); # b=ROTATE(b,30)
146 &mov($tmp1,$c); # F1 137 &xor($tmp1,$d); # tmp1=F_00_19(b,c,d)
147&rotl($f,1); # X8 - slot 138 &rotl($f,1); # f=ROATE(f,1)
148 &xor($tmp1,$d); # F2 139 &mov(&swtmp($n0),$f); # xi=f
149&mov(&swtmp($n0),$f); # X9 - anytime 140 &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e
150 &and($tmp1,$b); # F3 141 &mov($e,$a); # e becomes volatile
151&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 142 &add($f,$tmp1); # f+=F_00_19(b,c,d)
152 &xor($tmp1,$d); # F4 143 &rotl($e,5); # e=ROTATE(a,5)
153&mov($e,$a); # A1 144 &add($f,$e); # f+=ROTATE(a,5)
154 &add($f,$tmp1); # tot+=F();
155
156&rotl($e,5); # A2
157
158&rotr($b,1); # B1 <- F
159 &add($f,$e); # tot+=a
160
161############################
162# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
163# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
164$n++;
165 local($n0,$n1,$n2,$n3,$np)=&Na($n);
166 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
167
168
169&mov($f,&swtmp($n0)); # X1
170 &mov($tmp1,&swtmp($n1)); # X2
171&xor($f,$tmp1); # X3
172 &mov($tmp1,&swtmp($n2)); # X4
173&xor($f,$tmp1); # X5
174 &mov($tmp1,&swtmp($n3)); # X6
175&rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN
176 &xor($f,$tmp1); # X7 - slot
177&rotl($f,1); # X8 - slot
178 &mov($tmp1,$c); # F1
179&xor($tmp1,$d); # F2
180 &mov(&swtmp($n0),$f); # X9 - anytime
181&and($tmp1,$b); # F3
182 &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
183
184&xor($tmp1,$d); # F4
185 &mov($e,$a); # A1
186
187&rotl($e,5); # A2
188
189&rotr($b,1); # B1 <- F
190 &add($f,$e); # tot+=a
191
192&rotr($b,1); # B1 <- F
193 &add($f,$tmp1); # tot+=F();
194
195 } 145 }
196 146
197sub BODY_20_39 147sub BODY_20_39
@@ -201,42 +151,21 @@ sub BODY_20_39
201 &comment("20_39 $n"); 151 &comment("20_39 $n");
202 local($n0,$n1,$n2,$n3,$np)=&Na($n); 152 local($n0,$n1,$n2,$n3,$np)=&Na($n);
203 153
204&mov($f,&swtmp($n0)); # X1 154 &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
205 &mov($tmp1,&swtmp($n1)); # X2 155 &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d)
206&xor($f,$tmp1); # X3 156 &xor($f,&swtmp($n1));
207 &mov($tmp1,&swtmp($n2)); # X4 157 &rotr($b,2); # b=ROTATE(b,30)
208&xor($f,$tmp1); # X5 158 &xor($f,&swtmp($n2));
209 &mov($tmp1,&swtmp($n3)); # X6 159 &xor($tmp1,$c);
210&xor($f,$tmp1); # X7 - slot 160 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
211 &mov($tmp1,$b); # F1 161 &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d)
212&rotl($f,1); # X8 - slot 162 &rotl($f,1); # f=ROTATE(f,1)
213 &xor($tmp1,$c); # F2 163 &mov(&swtmp($n0),$f); # xi=f
214&mov(&swtmp($n0),$f); # X9 - anytime 164 &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e
215 &xor($tmp1,$d); # F3 165 &mov($e,$a); # e becomes volatile
216 166 &rotl($e,5); # e=ROTATE(a,5)
217&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 167 &add($f,$tmp1); # f+=F_20_39(b,c,d)
218 &mov($e,$a); # A1 168 &add($f,$e); # f+=ROTATE(a,5)
219
220&rotl($e,5); # A2
221
222if ($n != 79) # last loop
223 {
224 &rotr($b,1); # B1 <- F
225 &add($e,$tmp1); # tmp1=F()+a
226
227 &rotr($b,1); # B2 <- F
228 &add($f,$e); # tot+=tmp1;
229 }
230else
231 {
232 &add($e,$tmp1); # tmp1=F()+a
233 &mov($tmp1,&wparam(0));
234
235 &rotr($b,1); # B1 <- F
236 &add($f,$e); # tot+=tmp1;
237
238 &rotr($b,1); # B2 <- F
239 }
240 } 169 }
241 170
242sub BODY_40_59 171sub BODY_40_59
@@ -244,70 +173,27 @@ sub BODY_40_59
244 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 173 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
245 174
246 &comment("40_59 $n"); 175 &comment("40_59 $n");
247 return if $n & 1;
248 local($n0,$n1,$n2,$n3,$np)=&Na($n); 176 local($n0,$n1,$n2,$n3,$np)=&Na($n);
249 177
250&mov($f,&swtmp($n0)); # X1 178 &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
251 &mov($tmp1,&swtmp($n1)); # X2 179 &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d)
252&xor($f,$tmp1); # X3 180 &xor($f,&swtmp($n1));
253 &mov($tmp1,&swtmp($n2)); # X4 181 &or($tmp1,$c);
254&xor($f,$tmp1); # X5 182 &xor($f,&swtmp($n2));
255 &mov($tmp1,&swtmp($n3)); # X6 183 &and($tmp1,$d);
256&xor($f,$tmp1); # X7 - slot 184 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
257 &mov($tmp1,$b); # F1 185 &rotl($f,1); # f=ROTATE(f,1)
258&rotl($f,1); # X8 - slot 186 &mov(&swtmp($n0),$f); # xi=f
259 &or($tmp1,$c); # F2 187 &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e
260&mov(&swtmp($n0),$f); # X9 - anytime 188 &mov($e,$b); # e becomes volatile and is used
261 &and($tmp1,$d); # F3 189 # to calculate F_40_59(b,c,d)
262 190 &rotr($b,2); # b=ROTATE(b,30)
263&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 191 &and($e,$c);
264 &mov($e,$b); # F4 192 &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d)
265 193 &mov($e,$a);
266&rotr($b,1); # B1 <- F 194 &rotl($e,5); # e=ROTATE(a,5)
267 &and($e,$c); # F5 195 &add($tmp1,$e); # tmp1+=ROTATE(a,5)
268 196 &add($f,$tmp1); # f+=tmp1;
269&or($tmp1,$e); # F6
270 &mov($e,$a); # A1
271
272&rotl($e,5); # A2
273
274&add($tmp1,$e); # tmp1=F()+a
275
276############################
277# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
278# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
279$n++;
280 local($n0,$n1,$n2,$n3,$np)=&Na($n);
281 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
282
283 &mov($f,&swtmp($n0)); # X1
284&add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1
285 &mov($tmp1,&swtmp($n1)); # X2
286&xor($f,$tmp1); # X3
287 &mov($tmp1,&swtmp($n2)); # X4
288&xor($f,$tmp1); # X5
289 &mov($tmp1,&swtmp($n3)); # X6
290&rotr($c,1); # B2 <- F # moved was rotr b,1
291 &xor($f,$tmp1); # X7 - slot
292&rotl($f,1); # X8 - slot
293 &mov($tmp1,$b); # F1
294&mov(&swtmp($n0),$f); # X9 - anytime
295 &or($tmp1,$c); # F2
296&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
297 &mov($e,$b); # F4
298&and($tmp1,$d); # F3
299 &and($e,$c); # F5
300
301&or($tmp1,$e); # F6
302 &mov($e,$a); # A1
303
304&rotl($e,5); # A2
305
306&rotr($b,1); # B1 <- F
307 &add($tmp1,$e); # tmp1=F()+a
308
309&rotr($b,1); # B2 <- F
310 &add($f,$tmp1); # tot+=tmp1;
311 } 197 }
312 198
313sub BODY_60_79 199sub BODY_60_79
@@ -495,8 +381,7 @@ sub sha1_block_data
495 # C -> E 381 # C -> E
496 # D -> T 382 # D -> T
497 383
498 # The last 2 have been moved into the last loop 384 &mov($tmp1,&wparam(0));
499 # &mov($tmp1,&wparam(0));
500 385
501 &mov($D, &DWP(12,$tmp1,"",0)); 386 &mov($D, &DWP(12,$tmp1,"",0));
502 &add($D,$B); 387 &add($D,$B);
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index 13e5f20dcb..dbc9711a2d 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
430 len += sizeof(prompt3) - 1; 430 len += sizeof(prompt3) - 1;
431 431
432 prompt = (char *)OPENSSL_malloc(len + 1); 432 prompt = (char *)OPENSSL_malloc(len + 1);
433 strcpy(prompt, prompt1); 433 BUF_strlcpy(prompt, prompt1, len + 1);
434 strcat(prompt, object_desc); 434 BUF_strlcat(prompt, object_desc, len + 1);
435 if (object_name) 435 if (object_name)
436 { 436 {
437 strcat(prompt, prompt2); 437 BUF_strlcat(prompt, prompt2, len + 1);
438 strcat(prompt, object_name); 438 BUF_strlcat(prompt, object_name, len + 1);
439 } 439 }
440 strcat(prompt, prompt3); 440 BUF_strlcat(prompt, prompt3, len + 1);
441 } 441 }
442 return prompt; 442 return prompt;
443 } 443 }
@@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
865 return -1; 865 return -1;
866 } 866 }
867 867
868 strcpy(uis->result_buf, result); 868 BUF_strlcpy(uis->result_buf, result,
869 uis->_.string_data.result_maxsize + 1);
869 break; 870 break;
870 case UIT_BOOLEAN: 871 case UIT_BOOLEAN:
871 { 872 {
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 448bd7e69c..6207340472 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
302 k=0; 302 k=0;
303 for (;;) 303 for (;;)
304 { 304 {
305 sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h, 305 char c = '/';
306 postfix,k); 306#ifdef OPENSSL_SYS_VMS
307 c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
308 if (c != ':' && c != '>' && c != ']')
309 {
310 /* If no separator is present, we assume the
311 directory specifier is a logical name, and
312 add a colon. We really should use better
313 VMS routines for merging things like this,
314 but this will do for now...
315 -- Richard Levitte */
316 c = ':';
317 }
318 else
319 {
320 c = '\0';
321 }
322#endif
323 if (c == '\0')
324 {
325 /* This is special. When c == '\0', no
326 directory separator should be added. */
327 BIO_snprintf(b->data,b->max,
328 "%s%08lx.%s%d",ctx->dirs[i],h,
329 postfix,k);
330 }
331 else
332 {
333 BIO_snprintf(b->data,b->max,
334 "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
335 postfix,k);
336 }
307 k++; 337 k++;
308 if (stat(b->data,&st) < 0) 338 if (stat(b->data,&st) < 0)
309 break; 339 break;
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index eaad5685a8..8d0c7e2e17 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -810,10 +810,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
810X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); 810X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
811X509_NAME *X509_NAME_dup(X509_NAME *xn); 811X509_NAME *X509_NAME_dup(X509_NAME *xn);
812X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); 812X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
813#ifndef OPENSSL_NO_RSA
814RSA *RSAPublicKey_dup(RSA *rsa);
815RSA *RSAPrivateKey_dup(RSA *rsa);
816#endif
817 813
818#endif /* !SSLEAY_MACROS */ 814#endif /* !SSLEAY_MACROS */
819 815
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index 4f83db8ba2..e31ebc6741 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n)
147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: 147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
148 return("unhandled critical extension"); 148 return("unhandled critical extension");
149 149
150 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
151 return("key usage does not include CRL signing");
152
153 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
154 return("unhandled critical CRL extension");
155
150 default: 156 default:
151 sprintf(buf,"error number %ld",n); 157 BIO_snprintf(buf,sizeof buf,"error number %ld",n);
152 return(buf); 158 return(buf);
153 } 159 }
154 } 160 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 2bb21b443e..2e4d0b823a 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
383 /* Check all untrusted certificates */ 383 /* Check all untrusted certificates */
384 for (i = 0; i < ctx->last_untrusted; i++) 384 for (i = 0; i < ctx->last_untrusted; i++)
385 { 385 {
386 int ret;
386 x = sk_X509_value(ctx->chain, i); 387 x = sk_X509_value(ctx->chain, i);
387 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) 388 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
388 && (x->ex_flags & EXFLAG_CRITICAL)) 389 && (x->ex_flags & EXFLAG_CRITICAL))
@@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
393 ok=cb(0,ctx); 394 ok=cb(0,ctx);
394 if (!ok) goto end; 395 if (!ok) goto end;
395 } 396 }
396 if (!X509_check_purpose(x, ctx->purpose, i)) 397 ret = X509_check_purpose(x, ctx->purpose, i);
398 if ((ret == 0)
399 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
400 && (ret != 1)))
397 { 401 {
398 if (i) 402 if (i)
399 ctx->error = X509_V_ERR_INVALID_CA; 403 ctx->error = X509_V_ERR_INVALID_CA;
@@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
537 541
538 if(issuer) 542 if(issuer)
539 { 543 {
544 /* Check for cRLSign bit if keyUsage present */
545 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
546 !(issuer->ex_kusage & KU_CRL_SIGN))
547 {
548 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
549 ok = ctx->verify_cb(0, ctx);
550 if(!ok) goto err;
551 }
540 552
541 /* Attempt to get issuer certificate public key */ 553 /* Attempt to get issuer certificate public key */
542 ikey = X509_get_pubkey(issuer); 554 ikey = X509_get_pubkey(issuer);
@@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
611 { 623 {
612 int idx, ok; 624 int idx, ok;
613 X509_REVOKED rtmp; 625 X509_REVOKED rtmp;
626 STACK_OF(X509_EXTENSION) *exts;
627 X509_EXTENSION *ext;
614 /* Look for serial number of certificate in CRL */ 628 /* Look for serial number of certificate in CRL */
615 rtmp.serialNumber = X509_get_serialNumber(x); 629 rtmp.serialNumber = X509_get_serialNumber(x);
616 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); 630 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
617 /* Not found: OK */ 631 /* If found assume revoked: want something cleverer than
618 if(idx == -1) return 1;
619 /* Otherwise revoked: want something cleverer than
620 * this to handle entry extensions in V2 CRLs. 632 * this to handle entry extensions in V2 CRLs.
621 */ 633 */
622 ctx->error = X509_V_ERR_CERT_REVOKED; 634 if(idx >= 0)
623 ok = ctx->verify_cb(0, ctx); 635 {
624 return ok; 636 ctx->error = X509_V_ERR_CERT_REVOKED;
637 ok = ctx->verify_cb(0, ctx);
638 if (!ok) return 0;
639 }
640
641 if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
642 return 1;
643
644 /* See if we have any critical CRL extensions: since we
645 * currently don't handle any CRL extensions the CRL must be
646 * rejected.
647 * This code accesses the X509_CRL structure directly: applications
648 * shouldn't do this.
649 */
650
651 exts = crl->crl->extensions;
652
653 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
654 {
655 ext = sk_X509_EXTENSION_value(exts, idx);
656 if (ext->critical > 0)
657 {
658 ctx->error =
659 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
660 ok = ctx->verify_cb(0, ctx);
661 if(!ok) return 0;
662 break;
663 }
664 }
665 return 1;
625 } 666 }
626 667
627static int internal_verify(X509_STORE_CTX *ctx) 668static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index f0be21f452..198495884c 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -304,17 +304,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
304 304
305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
307#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
308#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
307 309
308/* The application is not happy */ 310/* The application is not happy */
309#define X509_V_ERR_APPLICATION_VERIFICATION 50 311#define X509_V_ERR_APPLICATION_VERIFICATION 50
310 312
311/* Certificate verify flags */ 313/* Certificate verify flags */
312 314
313#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */ 315/* Send issuer+subject checks to verify_cb */
314#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */ 316#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
315#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */ 317/* Use check time instead of current time */
316#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */ 318#define X509_V_FLAG_USE_CHECK_TIME 0x2
317#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */ 319/* Lookup CRLs */
320#define X509_V_FLAG_CRL_CHECK 0x4
321/* Lookup CRLs for whole chain */
322#define X509_V_FLAG_CRL_CHECK_ALL 0x8
323/* Ignore unhandled critical extensions */
324#define X509_V_FLAG_IGNORE_CRITICAL 0x10
325/* Disable workarounds for broken certificates */
326#define X509_V_FLAG_X509_STRICT 0x20
318 327
319int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, 328int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
320 X509_NAME *name); 329 X509_NAME *name);
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index f78c2a6b43..c25959a742 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
106 break; 106 break;
107 } 107 }
108 108
109 if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look 109 if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
110 for, not bytes */ 110 for, not bytes */
111 ret|=EVP_PKT_EXP; 111 ret|=EVP_PKT_EXP;
112 if(pkey==NULL) EVP_PKEY_free(pk); 112 if(pkey==NULL) EVP_PKEY_free(pk);
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 0e9e7dcb4f..58b935a3b6 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -137,7 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
137 X509V3_add_value("IP Address","<invalid>", &ret); 137 X509V3_add_value("IP Address","<invalid>", &ret);
138 break; 138 break;
139 } 139 }
140 sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); 140 BIO_snprintf(oline, sizeof oline,
141 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
141 X509V3_add_value("IP Address",oline, &ret); 142 X509V3_add_value("IP Address",oline, &ret);
142 break; 143 break;
143 144
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 894a8b94d8..f90829c574 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = {
156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) 156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
157 157
158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) 159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) 160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
161 161
162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) 162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index e269df1373..53e3f48859 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
105 STACK_OF(CONF_VALUE) *ret) 105 STACK_OF(CONF_VALUE) *ret)
106{ 106{
107 ACCESS_DESCRIPTION *desc; 107 ACCESS_DESCRIPTION *desc;
108 int i; 108 int i,nlen;
109 char objtmp[80], *ntmp; 109 char objtmp[80], *ntmp;
110 CONF_VALUE *vtmp; 110 CONF_VALUE *vtmp;
111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { 111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
@@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
114 if(!ret) break; 114 if(!ret) break;
115 vtmp = sk_CONF_VALUE_value(ret, i); 115 vtmp = sk_CONF_VALUE_value(ret, i);
116 i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); 116 i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
117 ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); 117 nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
118 ntmp = OPENSSL_malloc(nlen);
118 if(!ntmp) { 119 if(!ntmp) {
119 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 120 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
120 ERR_R_MALLOC_FAILURE); 121 ERR_R_MALLOC_FAILURE);
121 return NULL; 122 return NULL;
122 } 123 }
123 strcpy(ntmp, objtmp); 124 BUF_strlcpy(ntmp, objtmp, nlen);
124 strcat(ntmp, " - "); 125 BUF_strlcat(ntmp, " - ", nlen);
125 strcat(ntmp, vtmp->name); 126 BUF_strlcat(ntmp, vtmp->name, nlen);
126 OPENSSL_free(vtmp->name); 127 OPENSSL_free(vtmp->name);
127 vtmp->name = ntmp; 128 vtmp->name = ntmp;
128 129
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 4d145f71fd..b3d1ae5d1c 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -3,7 +3,7 @@
3 * project 2001. 3 * project 2001.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
415 * 1 is a CA 415 * 1 is a CA
416 * 2 basicConstraints absent so "maybe" a CA 416 * 2 basicConstraints absent so "maybe" a CA
417 * 3 basicConstraints absent but self signed V1. 417 * 3 basicConstraints absent but self signed V1.
418 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
418 */ 419 */
419 420
420#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) 421#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
@@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
436 } else { 437 } else {
437 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; 438 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
438 /* If key usage present it must have certSign so tolerate it */ 439 /* If key usage present it must have certSign so tolerate it */
439 else if (x->ex_flags & EXFLAG_KUSAGE) return 3; 440 else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
440 else return 2; 441 else return 2;
441 } 442 }
442} 443}
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index dddb07842b..40277883a5 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
index eca51c3322..854d1f164e 100644
--- a/src/lib/libssl/doc/openssl.cnf
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -38,10 +38,14 @@ dir = ./demoCA # Where everything is kept
38certs = $dir/certs # Where the issued certs are kept 38certs = $dir/certs # Where the issued certs are kept
39crl_dir = $dir/crl # Where the issued crl are kept 39crl_dir = $dir/crl # Where the issued crl are kept
40database = $dir/index.txt # database index file. 40database = $dir/index.txt # database index file.
41#unique_subject = no # Set to 'no' to allow creation of
42 # several ctificates with same subject.
41new_certs_dir = $dir/newcerts # default place for new certs. 43new_certs_dir = $dir/newcerts # default place for new certs.
42 44
43certificate = $dir/cacert.pem # The CA certificate 45certificate = $dir/cacert.pem # The CA certificate
44serial = $dir/serial # The current serial number 46serial = $dir/serial # The current serial number
47#crlnumber = $dir/crlnumber # the current crl number
48 # must be commented out to leave a V1 CRL
45crl = $dir/crl.pem # The current CRL 49crl = $dir/crl.pem # The current CRL
46private_key = $dir/private/cakey.pem# The private key 50private_key = $dir/private/cakey.pem# The private key
47RANDFILE = $dir/private/.rand # private random number file 51RANDFILE = $dir/private/.rand # private random number file
@@ -58,6 +62,7 @@ cert_opt = ca_default # Certificate field options
58 62
59# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 63# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
60# so this is commented out by default to leave a V1 CRL. 64# so this is commented out by default to leave a V1 CRL.
65# crlnumber must also be commented out to leave a V1 CRL.
61# crl_extensions = crl_ext 66# crl_extensions = crl_ext
62 67
63default_days = 365 # how long to certify for 68default_days = 365 # how long to certify for
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index eb7daebfdf..26ce0cb963 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -117,7 +117,6 @@
117#include <openssl/objects.h> 117#include <openssl/objects.h>
118#include <openssl/evp.h> 118#include <openssl/evp.h>
119#include <openssl/md5.h> 119#include <openssl/md5.h>
120#include "cryptlib.h"
121 120
122static SSL_METHOD *ssl3_get_client_method(int ver); 121static SSL_METHOD *ssl3_get_client_method(int ver);
123static int ssl3_client_hello(SSL *s); 122static int ssl3_client_hello(SSL *s);
@@ -1947,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1947 if (algs & SSL_kRSA) 1946 if (algs & SSL_kRSA)
1948 { 1947 {
1949 if (rsa == NULL 1948 if (rsa == NULL
1950 || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1949 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1951 { 1950 {
1952 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 1951 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
1953 goto f_err; 1952 goto f_err;
@@ -1959,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1959 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1958 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1960 { 1959 {
1961 if (dh == NULL 1960 if (dh == NULL
1962 || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1961 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1963 { 1962 {
1964 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); 1963 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
1965 goto f_err; 1964 goto f_err;
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 896b12fc4f..d04096016c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
271 SSL_ALL_STRENGTHS, 271 SSL_ALL_STRENGTHS,
272 }, 272 },
273/* Cipher 07 */ 273/* Cipher 07 */
274#ifndef OPENSSL_NO_IDEA
274 { 275 {
275 1, 276 1,
276 SSL3_TXT_RSA_IDEA_128_SHA, 277 SSL3_TXT_RSA_IDEA_128_SHA,
@@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
283 SSL_ALL_CIPHERS, 284 SSL_ALL_CIPHERS,
284 SSL_ALL_STRENGTHS, 285 SSL_ALL_STRENGTHS,
285 }, 286 },
287#endif
286/* Cipher 08 */ 288/* Cipher 08 */
287 { 289 {
288 1, 290 1,
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 3f88429e79..9f3e5139ad 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
1085 goto err; 1085 goto err;
1086 } 1086 }
1087 1087
1088 /* Check we have a cipher to change to */
1089 if (s->s3->tmp.new_cipher == NULL)
1090 {
1091 i=SSL_AD_UNEXPECTED_MESSAGE;
1092 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
1093 goto err;
1094 }
1095
1088 rr->length=0; 1096 rr->length=0;
1089 1097
1090 if (s->msg_callback) 1098 if (s->msg_callback)
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 881f68b998..deb3cffabe 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -121,9 +121,10 @@
121#include <openssl/objects.h> 121#include <openssl/objects.h>
122#include <openssl/evp.h> 122#include <openssl/evp.h>
123#include <openssl/x509.h> 123#include <openssl/x509.h>
124#ifndef OPENSSL_NO_KRB5
124#include <openssl/krb5_asn.h> 125#include <openssl/krb5_asn.h>
126#endif
125#include <openssl/md5.h> 127#include <openssl/md5.h>
126#include "cryptlib.h"
127 128
128static SSL_METHOD *ssl3_get_server_method(int ver); 129static SSL_METHOD *ssl3_get_server_method(int ver);
129static int ssl3_get_client_hello(SSL *s); 130static int ssl3_get_client_hello(SSL *s);
@@ -1587,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
1587 1588
1588 n2s(p,i); 1589 n2s(p,i);
1589 enc_ticket.length = i; 1590 enc_ticket.length = i;
1591
1592 if (n < enc_ticket.length + 6)
1593 {
1594 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1595 SSL_R_DATA_LENGTH_TOO_LONG);
1596 goto err;
1597 }
1598
1590 enc_ticket.data = (char *)p; 1599 enc_ticket.data = (char *)p;
1591 p+=enc_ticket.length; 1600 p+=enc_ticket.length;
1592 1601
1593 n2s(p,i); 1602 n2s(p,i);
1594 authenticator.length = i; 1603 authenticator.length = i;
1604
1605 if (n < enc_ticket.length + authenticator.length + 6)
1606 {
1607 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1608 SSL_R_DATA_LENGTH_TOO_LONG);
1609 goto err;
1610 }
1611
1595 authenticator.data = (char *)p; 1612 authenticator.data = (char *)p;
1596 p+=authenticator.length; 1613 p+=authenticator.length;
1597 1614
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 4ae8458259..913bd40eea 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value);
1357const char *SSL_alert_desc_string_long(int value); 1357const char *SSL_alert_desc_string_long(int value);
1358const char *SSL_alert_desc_string(int value); 1358const char *SSL_alert_desc_string(int value);
1359 1359
1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); 1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); 1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); 1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); 1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
1364int SSL_add_client_CA(SSL *ssl,X509 *x); 1364int SSL_add_client_CA(SSL *ssl,X509 *x);
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 16bc11b559..d8ff8fc4a3 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -62,7 +62,6 @@
62#include <openssl/asn1_mac.h> 62#include <openssl/asn1_mac.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65#include "cryptlib.h"
66 65
67typedef struct ssl_session_asn1_st 66typedef struct ssl_session_asn1_st
68 { 67 {
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index da90078a37..2cfb615878 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
505 return(i); 505 return(i);
506 } 506 }
507 507
508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) 508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
509 { 509 {
510 if (*ca_list != NULL) 510 if (*ca_list != NULL)
511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); 511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
512 512
513 *ca_list=list; 513 *ca_list=name_list;
514 } 514 }
515 515
516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) 516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
532 return(ret); 532 return(ret);
533 } 533 }
534 534
535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) 535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
536 { 536 {
537 set_client_CA_list(&(s->client_CA),list); 537 set_client_CA_list(&(s->client_CA),name_list);
538 } 538 }
539 539
540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) 540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
541 { 541 {
542 set_client_CA_list(&(ctx->client_CA),list); 542 set_client_CA_list(&(ctx->client_CA),name_list);
543 } 543 }
544 544
545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) 545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 888b667fa1..44c503eb04 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={
125 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, 125 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
126 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, 126 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
127 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, 127 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
128#ifndef OPENSSL_NO_IDEA
128 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, 129 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
130#endif
129 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, 131 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
130 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, 132 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
131 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, 133 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
@@ -166,8 +168,12 @@ static void load_ciphers(void)
166 EVP_get_cipherbyname(SN_rc4); 168 EVP_get_cipherbyname(SN_rc4);
167 ssl_cipher_methods[SSL_ENC_RC2_IDX]= 169 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
168 EVP_get_cipherbyname(SN_rc2_cbc); 170 EVP_get_cipherbyname(SN_rc2_cbc);
171#ifndef OPENSSL_NO_IDEA
169 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 172 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
170 EVP_get_cipherbyname(SN_idea_cbc); 173 EVP_get_cipherbyname(SN_idea_cbc);
174#else
175 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
176#endif
171 ssl_cipher_methods[SSL_ENC_AES128_IDX]= 177 ssl_cipher_methods[SSL_ENC_AES128_IDX]=
172 EVP_get_cipherbyname(SN_aes_128_cbc); 178 EVP_get_cipherbyname(SN_aes_128_cbc);
173 ssl_cipher_methods[SSL_ENC_AES256_IDX]= 179 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
@@ -334,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
334 } 340 }
335 341
336static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
337 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, 343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
338 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
339 { 345 {
340 int i, list_num; 346 int i, co_list_num;
341 SSL_CIPHER *c; 347 SSL_CIPHER *c;
342 348
343 /* 349 /*
@@ -348,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
348 */ 354 */
349 355
350 /* Get the initial list of ciphers */ 356 /* Get the initial list of ciphers */
351 list_num = 0; /* actual count of ciphers */ 357 co_list_num = 0; /* actual count of ciphers */
352 for (i = 0; i < num_of_ciphers; i++) 358 for (i = 0; i < num_of_ciphers; i++)
353 { 359 {
354 c = ssl_method->get_cipher(i); 360 c = ssl_method->get_cipher(i);
355 /* drop those that use any of that is not available */ 361 /* drop those that use any of that is not available */
356 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 362 if ((c != NULL) && c->valid && !(c->algorithms & mask))
357 { 363 {
358 list[list_num].cipher = c; 364 co_list[co_list_num].cipher = c;
359 list[list_num].next = NULL; 365 co_list[co_list_num].next = NULL;
360 list[list_num].prev = NULL; 366 co_list[co_list_num].prev = NULL;
361 list[list_num].active = 0; 367 co_list[co_list_num].active = 0;
362 list_num++; 368 co_list_num++;
363#ifdef KSSL_DEBUG 369#ifdef KSSL_DEBUG
364 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
365#endif /* KSSL_DEBUG */ 371#endif /* KSSL_DEBUG */
@@ -372,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
372 /* 378 /*
373 * Prepare linked list from list entries 379 * Prepare linked list from list entries
374 */ 380 */
375 for (i = 1; i < list_num - 1; i++) 381 for (i = 1; i < co_list_num - 1; i++)
376 { 382 {
377 list[i].prev = &(list[i-1]); 383 co_list[i].prev = &(co_list[i-1]);
378 list[i].next = &(list[i+1]); 384 co_list[i].next = &(co_list[i+1]);
379 } 385 }
380 if (list_num > 0) 386 if (co_list_num > 0)
381 { 387 {
382 (*head_p) = &(list[0]); 388 (*head_p) = &(co_list[0]);
383 (*head_p)->prev = NULL; 389 (*head_p)->prev = NULL;
384 (*head_p)->next = &(list[1]); 390 (*head_p)->next = &(co_list[1]);
385 (*tail_p) = &(list[list_num - 1]); 391 (*tail_p) = &(co_list[co_list_num - 1]);
386 (*tail_p)->prev = &(list[list_num - 2]); 392 (*tail_p)->prev = &(co_list[co_list_num - 2]);
387 (*tail_p)->next = NULL; 393 (*tail_p)->next = NULL;
388 } 394 }
389 } 395 }
@@ -429,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
429 435
430static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, 436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
431 unsigned long algo_strength, unsigned long mask_strength, 437 unsigned long algo_strength, unsigned long mask_strength,
432 int rule, int strength_bits, CIPHER_ORDER *list, 438 int rule, int strength_bits, CIPHER_ORDER *co_list,
433 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
434 { 440 {
435 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -524,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
524 *tail_p = tail; 530 *tail_p = tail;
525 } 531 }
526 532
527static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, 533static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
528 CIPHER_ORDER **tail_p) 534 CIPHER_ORDER **head_p,
535 CIPHER_ORDER **tail_p)
529 { 536 {
530 int max_strength_bits, i, *number_uses; 537 int max_strength_bits, i, *number_uses;
531 CIPHER_ORDER *curr; 538 CIPHER_ORDER *curr;
@@ -570,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
570 for (i = max_strength_bits; i >= 0; i--) 577 for (i = max_strength_bits; i >= 0; i--)
571 if (number_uses[i] > 0) 578 if (number_uses[i] > 0)
572 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, 579 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
573 list, head_p, tail_p); 580 co_list, head_p, tail_p);
574 581
575 OPENSSL_free(number_uses); 582 OPENSSL_free(number_uses);
576 return(1); 583 return(1);
577 } 584 }
578 585
579static int ssl_cipher_process_rulestr(const char *rule_str, 586static int ssl_cipher_process_rulestr(const char *rule_str,
580 CIPHER_ORDER *list, CIPHER_ORDER **head_p, 587 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
581 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 588 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
582 { 589 {
583 unsigned long algorithms, mask, algo_strength, mask_strength; 590 unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -702,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
702 ok = 0; 709 ok = 0;
703 if ((buflen == 8) && 710 if ((buflen == 8) &&
704 !strncmp(buf, "STRENGTH", 8)) 711 !strncmp(buf, "STRENGTH", 8))
705 ok = ssl_cipher_strength_sort(list, 712 ok = ssl_cipher_strength_sort(co_list,
706 head_p, tail_p); 713 head_p, tail_p);
707 else 714 else
708 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 715 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -722,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
722 { 729 {
723 ssl_cipher_apply_rule(algorithms, mask, 730 ssl_cipher_apply_rule(algorithms, mask,
724 algo_strength, mask_strength, rule, -1, 731 algo_strength, mask_strength, rule, -1,
725 list, head_p, tail_p); 732 co_list, head_p, tail_p);
726 } 733 }
727 else 734 else
728 { 735 {
@@ -744,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
744 unsigned long disabled_mask; 751 unsigned long disabled_mask;
745 STACK_OF(SSL_CIPHER) *cipherstack; 752 STACK_OF(SSL_CIPHER) *cipherstack;
746 const char *rule_p; 753 const char *rule_p;
747 CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; 754 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
748 SSL_CIPHER **ca_list = NULL; 755 SSL_CIPHER **ca_list = NULL;
749 756
750 /* 757 /*
@@ -774,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
774#ifdef KSSL_DEBUG 781#ifdef KSSL_DEBUG
775 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 782 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
776#endif /* KSSL_DEBUG */ 783#endif /* KSSL_DEBUG */
777 list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 784 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
778 if (list == NULL) 785 if (co_list == NULL)
779 { 786 {
780 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 787 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
781 return(NULL); /* Failure */ 788 return(NULL); /* Failure */
782 } 789 }
783 790
784 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 791 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
785 list, &head, &tail); 792 co_list, &head, &tail);
786 793
787 /* 794 /*
788 * We also need cipher aliases for selecting based on the rule_str. 795 * We also need cipher aliases for selecting based on the rule_str.
@@ -798,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
798 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 805 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
799 if (ca_list == NULL) 806 if (ca_list == NULL)
800 { 807 {
801 OPENSSL_free(list); 808 OPENSSL_free(co_list);
802 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 809 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
803 return(NULL); /* Failure */ 810 return(NULL); /* Failure */
804 } 811 }
@@ -814,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
814 if (strncmp(rule_str,"DEFAULT",7) == 0) 821 if (strncmp(rule_str,"DEFAULT",7) == 0)
815 { 822 {
816 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 823 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
817 list, &head, &tail, ca_list); 824 co_list, &head, &tail, ca_list);
818 rule_p += 7; 825 rule_p += 7;
819 if (*rule_p == ':') 826 if (*rule_p == ':')
820 rule_p++; 827 rule_p++;
821 } 828 }
822 829
823 if (ok && (strlen(rule_p) > 0)) 830 if (ok && (strlen(rule_p) > 0))
824 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, 831 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
825 ca_list); 832 ca_list);
826 833
827 OPENSSL_free(ca_list); /* Not needed anymore */ 834 OPENSSL_free(ca_list); /* Not needed anymore */
828 835
829 if (!ok) 836 if (!ok)
830 { /* Rule processing failure */ 837 { /* Rule processing failure */
831 OPENSSL_free(list); 838 OPENSSL_free(co_list);
832 return(NULL); 839 return(NULL);
833 } 840 }
834 /* 841 /*
@@ -837,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
837 */ 844 */
838 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 845 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
839 { 846 {
840 OPENSSL_free(list); 847 OPENSSL_free(co_list);
841 return(NULL); 848 return(NULL);
842 } 849 }
843 850
@@ -855,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
855#endif 862#endif
856 } 863 }
857 } 864 }
858 OPENSSL_free(list); /* Not needed any longer */ 865 OPENSSL_free(co_list); /* Not needed any longer */
859 866
860 /* 867 /*
861 * The following passage is a little bit odd. If pointer variables 868 * The following passage is a little bit odd. If pointer variables
@@ -905,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
905char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 912char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
906 { 913 {
907 int is_export,pkl,kl; 914 int is_export,pkl,kl;
908 char *ver,*exp; 915 char *ver,*exp_str;
909 char *kx,*au,*enc,*mac; 916 char *kx,*au,*enc,*mac;
910 unsigned long alg,alg2,alg_s; 917 unsigned long alg,alg2,alg_s;
911#ifdef KSSL_DEBUG 918#ifdef KSSL_DEBUG
@@ -921,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
921 is_export=SSL_C_IS_EXPORT(cipher); 928 is_export=SSL_C_IS_EXPORT(cipher);
922 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 929 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
923 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 930 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
924 exp=is_export?" export":""; 931 exp_str=is_export?" export":"";
925 932
926 if (alg & SSL_SSLV2) 933 if (alg & SSL_SSLV2)
927 ver="SSLv2"; 934 ver="SSLv2";
@@ -1040,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1040 return("Buffer too small"); 1047 return("Buffer too small");
1041 1048
1042#ifdef KSSL_DEBUG 1049#ifdef KSSL_DEBUG
1043 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); 1050 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1044#else 1051#else
1045 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); 1052 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1046#endif /* KSSL_DEBUG */ 1053#endif /* KSSL_DEBUG */
1047 return(buf); 1054 return(buf);
1048 } 1055 }
@@ -1129,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1129 { 1136 {
1130 MemCheck_on(); 1137 MemCheck_on();
1131 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1138 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1132 return(0); 1139 return(1);
1133 } 1140 }
1134 else 1141 else
1135 { 1142 {
1136 MemCheck_on(); 1143 MemCheck_on();
1137 return(1); 1144 return(0);
1138 } 1145 }
1139 } 1146 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6d69890688..ee9a82d586 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -121,7 +121,6 @@
121#include <openssl/objects.h> 121#include <openssl/objects.h>
122#include <openssl/lhash.h> 122#include <openssl/lhash.h>
123#include <openssl/x509v3.h> 123#include <openssl/x509v3.h>
124#include "cryptlib.h"
125 124
126const char *SSL_version_str=OPENSSL_VERSION_TEXT; 125const char *SSL_version_str=OPENSSL_VERSION_TEXT;
127 126
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index fabcdefa6e..7016c87d3b 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -60,7 +60,6 @@
60#include <openssl/lhash.h> 60#include <openssl/lhash.h>
61#include <openssl/rand.h> 61#include <openssl/rand.h>
62#include "ssl_locl.h" 62#include "ssl_locl.h"
63#include "cryptlib.h"
64 63
65static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 64static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
66static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); 65static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 23:26:20 +0000