summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto')
-rw-r--r--src/lib/libcrypto/aes/aes.h2
-rw-r--r--src/lib/libcrypto/aes/aes_cbc.c12
-rw-r--r--src/lib/libcrypto/aes/aes_ctr.c54
-rw-r--r--src/lib/libcrypto/asn1/a_mbstr.c2
-rw-r--r--src/lib/libcrypto/asn1/a_strex.c2
-rw-r--r--src/lib/libcrypto/asn1/a_strnid.c5
-rw-r--r--src/lib/libcrypto/bio/b_print.c2
-rw-r--r--src/lib/libcrypto/bio/bf_buff.c1
-rw-r--r--src/lib/libcrypto/bio/bss_bio.c55
-rw-r--r--src/lib/libcrypto/bio/bss_file.c21
-rw-r--r--src/lib/libcrypto/bn/Makefile.ssl1
-rw-r--r--src/lib/libcrypto/bn/bn_mul.c4
-rw-r--r--src/lib/libcrypto/des/cfb_enc.c84
-rw-r--r--src/lib/libcrypto/des/destest.c2
-rw-r--r--src/lib/libcrypto/dso/dso_dlfcn.c6
-rw-r--r--src/lib/libcrypto/ec/ec_mult.c13
-rw-r--r--src/lib/libcrypto/engine/engine.h8
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec.c1
-rw-r--r--src/lib/libcrypto/err/err.c42
-rw-r--r--src/lib/libcrypto/err/err.h1
-rw-r--r--src/lib/libcrypto/evp/Makefile.ssl15
-rw-r--r--src/lib/libcrypto/evp/bio_b64.c38
-rw-r--r--src/lib/libcrypto/evp/c_all.c3
-rw-r--r--src/lib/libcrypto/md2/md2test.c2
-rw-r--r--src/lib/libcrypto/md5/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/md5/asm/md5-586.pl2
-rw-r--r--src/lib/libcrypto/md5/asm/md5-sparcv9.S4
-rw-r--r--src/lib/libcrypto/o_time.c2
-rw-r--r--src/lib/libcrypto/opensslv.h4
-rw-r--r--src/lib/libcrypto/perlasm/x86ms.pl3
-rw-r--r--src/lib/libcrypto/perlasm/x86nasm.pl3
-rw-r--r--src/lib/libcrypto/perlasm/x86unix.pl3
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c5
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c105
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c2
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7.h2
-rw-r--r--src/lib/libcrypto/rand/rand_win.c14
-rw-r--r--src/lib/libcrypto/rsa/rsa.h11
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c2
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c8
-rw-r--r--src/lib/libcrypto/util/libeay.num2
-rw-r--r--src/lib/libcrypto/util/pl/Mingw32.pl2
-rw-r--r--src/lib/libcrypto/util/point.sh6
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c1
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c4
-rw-r--r--src/lib/libcrypto/x509/x509type.c5
-rw-r--r--src/lib/libcrypto/x509v3/v3_conf.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c24
-rw-r--r--src/lib/libcrypto/x509v3/v3_lib.c1
-rw-r--r--src/lib/libcrypto/x509v3/v3_prn.c2
50 files changed, 427 insertions, 171 deletions
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index 8294a41a3a..da067f4a8f 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -100,7 +100,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
100 unsigned char *ivec, int *num); 100 unsigned char *ivec, int *num);
101void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, 101void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
102 const unsigned long length, const AES_KEY *key, 102 const unsigned long length, const AES_KEY *key,
103 unsigned char counter[AES_BLOCK_SIZE], 103 unsigned char ivec[AES_BLOCK_SIZE],
104 unsigned char ecount_buf[AES_BLOCK_SIZE], 104 unsigned char ecount_buf[AES_BLOCK_SIZE],
105 unsigned int *num); 105 unsigned int *num);
106 106
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index de438306b1..86b27b10d6 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
72 72
73 if (AES_ENCRYPT == enc) { 73 if (AES_ENCRYPT == enc) {
74 while (len >= AES_BLOCK_SIZE) { 74 while (len >= AES_BLOCK_SIZE) {
75 for(n=0; n < sizeof tmp; ++n) 75 for(n=0; n < AES_BLOCK_SIZE; ++n)
76 tmp[n] = in[n] ^ ivec[n]; 76 tmp[n] = in[n] ^ ivec[n];
77 AES_encrypt(tmp, out, key); 77 AES_encrypt(tmp, out, key);
78 memcpy(ivec, out, AES_BLOCK_SIZE); 78 memcpy(ivec, out, AES_BLOCK_SIZE);
@@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
86 for(n=len; n < AES_BLOCK_SIZE; ++n) 86 for(n=len; n < AES_BLOCK_SIZE; ++n)
87 tmp[n] = ivec[n]; 87 tmp[n] = ivec[n];
88 AES_encrypt(tmp, tmp, key); 88 AES_encrypt(tmp, tmp, key);
89 memcpy(out, tmp, len); 89 memcpy(out, tmp, AES_BLOCK_SIZE);
90 memcpy(ivec, tmp, sizeof tmp); 90 memcpy(ivec, tmp, AES_BLOCK_SIZE);
91 } 91 }
92 } else { 92 } else {
93 while (len >= AES_BLOCK_SIZE) { 93 while (len >= AES_BLOCK_SIZE) {
94 memcpy(tmp, in, sizeof tmp); 94 memcpy(tmp, in, AES_BLOCK_SIZE);
95 AES_decrypt(in, out, key); 95 AES_decrypt(in, out, key);
96 for(n=0; n < AES_BLOCK_SIZE; ++n) 96 for(n=0; n < AES_BLOCK_SIZE; ++n)
97 out[n] ^= ivec[n]; 97 out[n] ^= ivec[n];
@@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
101 out += AES_BLOCK_SIZE; 101 out += AES_BLOCK_SIZE;
102 } 102 }
103 if (len) { 103 if (len) {
104 memcpy(tmp, in, sizeof tmp); 104 memcpy(tmp, in, AES_BLOCK_SIZE);
105 AES_decrypt(tmp, tmp, key); 105 AES_decrypt(tmp, tmp, key);
106 for(n=0; n < len; ++n) 106 for(n=0; n < len; ++n)
107 out[n] ^= ivec[n]; 107 out[n] ^= ivec[n];
108 memcpy(ivec, tmp, sizeof tmp); 108 memcpy(ivec, tmp, AES_BLOCK_SIZE);
109 } 109 }
110 } 110 }
111} 111}
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c
index 59088499a0..79e1c18f19 100644
--- a/src/lib/libcrypto/aes/aes_ctr.c
+++ b/src/lib/libcrypto/aes/aes_ctr.c
@@ -62,19 +62,49 @@
62/* NOTE: CTR mode is big-endian. The rest of the AES code 62/* NOTE: CTR mode is big-endian. The rest of the AES code
63 * is endian-neutral. */ 63 * is endian-neutral. */
64 64
65/* increment counter (128-bit int) by 2^64 */ 65/* increment counter (128-bit int) by 1 */
66static void AES_ctr128_inc(unsigned char *counter) { 66static void AES_ctr128_inc(unsigned char *counter) {
67 unsigned long c; 67 unsigned long c;
68 68
69 /* Grab 3rd dword of counter and increment */ 69 /* Grab bottom dword of counter and increment */
70#ifdef L_ENDIAN 70#ifdef L_ENDIAN
71 c = GETU32(counter + 8); 71 c = GETU32(counter + 0);
72 c++; 72 c++;
73 PUTU32(counter + 8, c); 73 PUTU32(counter + 0, c);
74#else 74#else
75 c = GETU32(counter + 4); 75 c = GETU32(counter + 12);
76 c++; 76 c++;
77 PUTU32(counter + 4, c); 77 PUTU32(counter + 12, c);
78#endif
79
80 /* if no overflow, we're done */
81 if (c)
82 return;
83
84 /* Grab 1st dword of counter and increment */
85#ifdef L_ENDIAN
86 c = GETU32(counter + 4);
87 c++;
88 PUTU32(counter + 4, c);
89#else
90 c = GETU32(counter + 8);
91 c++;
92 PUTU32(counter + 8, c);
93#endif
94
95 /* if no overflow, we're done */
96 if (c)
97 return;
98
99 /* Grab 2nd dword of counter and increment */
100#ifdef L_ENDIAN
101 c = GETU32(counter + 8);
102 c++;
103 PUTU32(counter + 8, c);
104#else
105 c = GETU32(counter + 4);
106 c++;
107 PUTU32(counter + 4, c);
78#endif 108#endif
79 109
80 /* if no overflow, we're done */ 110 /* if no overflow, we're done */
@@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) {
100 * encrypted counter is kept in ecount_buf. Both *num and 130 * encrypted counter is kept in ecount_buf. Both *num and
101 * ecount_buf must be initialised with zeros before the first 131 * ecount_buf must be initialised with zeros before the first
102 * call to AES_ctr128_encrypt(). 132 * call to AES_ctr128_encrypt().
133 *
134 * This algorithm assumes that the counter is in the x lower bits
135 * of the IV (ivec), and that the application has full control over
136 * overflow and the rest of the IV. This implementation takes NO
137 * responsability for checking that the counter doesn't overflow
138 * into the rest of the IV when incremented.
103 */ 139 */
104void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, 140void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
105 const unsigned long length, const AES_KEY *key, 141 const unsigned long length, const AES_KEY *key,
106 unsigned char counter[AES_BLOCK_SIZE], 142 unsigned char ivec[AES_BLOCK_SIZE],
107 unsigned char ecount_buf[AES_BLOCK_SIZE], 143 unsigned char ecount_buf[AES_BLOCK_SIZE],
108 unsigned int *num) { 144 unsigned int *num) {
109 145
@@ -117,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
117 153
118 while (l--) { 154 while (l--) {
119 if (n == 0) { 155 if (n == 0) {
120 AES_encrypt(counter, ecount_buf, key); 156 AES_encrypt(ivec, ecount_buf, key);
121 AES_ctr128_inc(counter); 157 AES_ctr128_inc(ivec);
122 } 158 }
123 *(out++) = *(in++) ^ ecount_buf[n]; 159 *(out++) = *(in++) ^ ecount_buf[n];
124 n = (n+1) % AES_BLOCK_SIZE; 160 n = (n+1) % AES_BLOCK_SIZE;
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
index 58b437bc84..c811b11776 100644
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg)
296 296
297static int out_utf8(unsigned long value, void *arg) 297static int out_utf8(unsigned long value, void *arg)
298{ 298{
299 long *outlen; 299 int *outlen;
300 outlen = arg; 300 outlen = arg;
301 *outlen += UTF8_putc(NULL, -1, value); 301 *outlen += UTF8_putc(NULL, -1, value);
302 return 1; 302 return 1;
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 1def6c6549..8abfdfe598 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
279 * otherwise it is the number of bytes per character 279 * otherwise it is the number of bytes per character
280 */ 280 */
281 281
282const static char tag2nbyte[] = { 282const static signed char tag2nbyte[] = {
283 -1, -1, -1, -1, -1, /* 0-4 */ 283 -1, -1, -1, -1, -1, /* 0-4 */
284 -1, -1, -1, -1, -1, /* 5-9 */ 284 -1, -1, -1, -1, -1, /* 5-9 */
285 -1, -1, 0, -1, /* 10-13 */ 285 -1, -1, 0, -1, /* 10-13 */
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index aa49e9d7d0..613bbc4a7d 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
143/* Now the tables and helper functions for the string table: 143/* Now the tables and helper functions for the string table:
144 */ 144 */
145 145
146/* size limits: this stuff is taken straight from RFC2459 */ 146/* size limits: this stuff is taken straight from RFC3280 */
147 147
148#define ub_name 32768 148#define ub_name 32768
149#define ub_common_name 64 149#define ub_common_name 64
@@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
153#define ub_organization_unit_name 64 153#define ub_organization_unit_name 64
154#define ub_title 64 154#define ub_title 64
155#define ub_email_address 128 155#define ub_email_address 128
156#define ub_serial_number 64
157
156 158
157/* This table must be kept in NID order */ 159/* This table must be kept in NID order */
158 160
@@ -170,6 +172,7 @@ static ASN1_STRING_TABLE tbl_standard[] = {
170{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, 172{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
171{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, 173{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
172{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, 174{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
175{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
173{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, 176{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
174{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, 177{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
175{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 178{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index a9e552f245..2cfc689dd6 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
836 * had the buffer been large enough.) */ 836 * had the buffer been large enough.) */
837 return -1; 837 return -1;
838 else 838 else
839 return (retlen <= INT_MAX) ? retlen : -1; 839 return (retlen <= INT_MAX) ? (int)retlen : -1;
840 } 840 }
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
index 1cecd70579..c1fd75aaad 100644
--- a/src/lib/libcrypto/bio/bf_buff.c
+++ b/src/lib/libcrypto/bio/bf_buff.c
@@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
494 if (i <= 0) 494 if (i <= 0)
495 { 495 {
496 BIO_copy_next_retry(b); 496 BIO_copy_next_retry(b);
497 *buf='\0';
497 if (i < 0) return((num > 0)?num:i); 498 if (i < 0) return((num > 0)?num:i);
498 if (i == 0) return(num); 499 if (i == 0) return(num);
499 } 500 }
diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c
index aa58dab046..0f9f0955b4 100644
--- a/src/lib/libcrypto/bio/bss_bio.c
+++ b/src/lib/libcrypto/bio/bss_bio.c
@@ -1,4 +1,57 @@
1/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ 1/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
2/* ====================================================================
3 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
2 55
3/* Special method for a BIO where the other endpoint is also a BIO 56/* Special method for a BIO where the other endpoint is also a BIO
4 * of this kind, handled by the same thread (i.e. the "peer" is actually 57 * of this kind, handled by the same thread (i.e. the "peer" is actually
@@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
502 break; 555 break;
503 556
504 case BIO_C_DESTROY_BIO_PAIR: 557 case BIO_C_DESTROY_BIO_PAIR:
505 /* Effects both BIOs in the pair -- call just once! 558 /* Affects both BIOs in the pair -- call just once!
506 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ 559 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
507 bio_destroy_pair(bio); 560 bio_destroy_pair(bio);
508 ret = 1; 561 ret = 1;
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
index e4e9df144c..0ca603ee0a 100644
--- a/src/lib/libcrypto/bio/bss_file.c
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
213 b->shutdown=(int)num&BIO_CLOSE; 213 b->shutdown=(int)num&BIO_CLOSE;
214 b->ptr=(char *)ptr; 214 b->ptr=(char *)ptr;
215 b->init=1; 215 b->init=1;
216#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) 216#if defined(OPENSSL_SYS_WINDOWS)
217 /* Set correct text/binary mode */
218 if (num & BIO_FP_TEXT) 217 if (num & BIO_FP_TEXT)
219 _setmode(fileno((FILE *)ptr),_O_TEXT); 218 _setmode(fileno((FILE *)ptr),_O_TEXT);
220 else 219 else
221 _setmode(fileno((FILE *)ptr),_O_BINARY); 220 _setmode(fileno((FILE *)ptr),_O_BINARY);
221#elif defined(OPENSSL_SYS_MSDOS)
222 {
223 int fd = fileno((FILE*)ptr);
224 /* Set correct text/binary mode */
225 if (num & BIO_FP_TEXT)
226 _setmode(fd,_O_TEXT);
227 /* Dangerous to set stdin/stdout to raw (unless redirected) */
228 else
229 {
230 if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
231 {
232 if (isatty(fd) <= 0)
233 _setmode(fd,_O_BINARY);
234 }
235 else
236 _setmode(fd,_O_BINARY);
237 }
238 }
222#elif defined(OPENSSL_SYS_OS2) 239#elif defined(OPENSSL_SYS_OS2)
223 if (num & BIO_FP_TEXT) 240 if (num & BIO_FP_TEXT)
224 setmode(fileno((FILE *)ptr), O_TEXT); 241 setmode(fileno((FILE *)ptr), O_TEXT);
diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl
index fa17d3c7d8..0c6e796d17 100644
--- a/src/lib/libcrypto/bn/Makefile.ssl
+++ b/src/lib/libcrypto/bn/Makefile.ssl
@@ -22,6 +22,7 @@ BN_ASM= bn_asm.o
22#BN_ASM= bn86-elf.o 22#BN_ASM= bn86-elf.o
23 23
24CFLAGS= $(INCLUDES) $(CFLAG) 24CFLAGS= $(INCLUDES) $(CFLAG)
25ASFLAGS= $(INCLUDES) $(ASFLAG)
25 26
26GENERAL=Makefile 27GENERAL=Makefile
27TEST=bntest.c exptest.c 28TEST=bntest.c exptest.c
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index cb93ac3356..3ae3822bc2 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
224 int n, BN_ULONG *t) 224 int n, BN_ULONG *t)
225 { 225 {
226 int i,j,n2=n*2; 226 int i,j,n2=n*2;
227 unsigned int c1,c2,neg,zero; 227 int c1,c2,neg,zero;
228 BN_ULONG ln,lo,*p; 228 BN_ULONG ln,lo,*p;
229 229
230# ifdef BN_COUNT 230# ifdef BN_COUNT
@@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
376 376
377 /* The overflow will stop before we over write 377 /* The overflow will stop before we over write
378 * words we should not overwrite */ 378 * words we should not overwrite */
379 if (ln < c1) 379 if (ln < (BN_ULONG)c1)
380 { 380 {
381 do { 381 do {
382 p++; 382 p++;
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c
index 17bf77ca9e..2600bdfc93 100644
--- a/src/lib/libcrypto/des/cfb_enc.c
+++ b/src/lib/libcrypto/des/cfb_enc.c
@@ -64,32 +64,22 @@
64 * the second. The second 12 bits will come from the 3rd and half the 4th 64 * the second. The second 12 bits will come from the 3rd and half the 4th
65 * byte. 65 * byte.
66 */ 66 */
67/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
68 * length */
69/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
70 * will not be compatible with any encryption prior to that date. Ben. */
67void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, 71void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
68 long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc) 72 long length, DES_key_schedule *schedule, DES_cblock *ivec,
73 int enc)
69 { 74 {
70 register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; 75 register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
71 register DES_LONG mask0,mask1;
72 register unsigned long l=length; 76 register unsigned long l=length;
73 register int num=numbits; 77 register int num=numbits;
74 DES_LONG ti[2]; 78 DES_LONG ti[2];
75 unsigned char *iv; 79 unsigned char *iv;
80 unsigned char ovec[16];
76 81
77 if (num > 64) return; 82 if (num > 64) return;
78 if (num > 32)
79 {
80 mask0=0xffffffffL;
81 if (num == 64)
82 mask1=mask0;
83 else mask1=(1L<<(num-32))-1;
84 }
85 else
86 {
87 if (num == 32)
88 mask0=0xffffffffL;
89 else mask0=(1L<<num)-1;
90 mask1=0x00000000L;
91 }
92
93 iv = &(*ivec)[0]; 83 iv = &(*ivec)[0];
94 c2l(iv,v0); 84 c2l(iv,v0);
95 c2l(iv,v1); 85 c2l(iv,v1);
@@ -103,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
103 DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); 93 DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
104 c2ln(in,d0,d1,n); 94 c2ln(in,d0,d1,n);
105 in+=n; 95 in+=n;
106 d0=(d0^ti[0])&mask0; 96 d0^=ti[0];
107 d1=(d1^ti[1])&mask1; 97 d1^=ti[1];
108 l2cn(d0,d1,out,n); 98 l2cn(d0,d1,out,n);
109 out+=n; 99 out+=n;
110 /* 30-08-94 - eay - changed because l>>32 and 100 /* 30-08-94 - eay - changed because l>>32 and
@@ -113,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
113 { v0=v1; v1=d0; } 103 { v0=v1; v1=d0; }
114 else if (num == 64) 104 else if (num == 64)
115 { v0=d0; v1=d1; } 105 { v0=d0; v1=d1; }
116 else if (num > 32) /* && num != 64 */ 106 else
117 {
118 v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
119 v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
120 }
121 else /* num < 32 */
122 { 107 {
123 v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; 108 iv=&ovec[0];
124 v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; 109 l2c(v0,iv);
110 l2c(v1,iv);
111 l2c(d0,iv);
112 l2c(d1,iv);
113 /* shift ovec left most of the bits... */
114 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
115 /* now the remaining bits */
116 if(num%8 != 0)
117 for(n=0 ; n < 8 ; ++n)
118 {
119 ovec[n]<<=num%8;
120 ovec[n]|=ovec[n+1]>>(8-num%8);
121 }
122 iv=&ovec[0];
123 c2l(iv,v0);
124 c2l(iv,v1);
125 } 125 }
126 } 126 }
127 } 127 }
@@ -141,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
141 { v0=v1; v1=d0; } 141 { v0=v1; v1=d0; }
142 else if (num == 64) 142 else if (num == 64)
143 { v0=d0; v1=d1; } 143 { v0=d0; v1=d1; }
144 else if (num > 32) /* && num != 64 */ 144 else
145 {
146 v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
147 v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
148 }
149 else /* num < 32 */
150 { 145 {
151 v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; 146 iv=&ovec[0];
152 v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; 147 l2c(v0,iv);
148 l2c(v1,iv);
149 l2c(d0,iv);
150 l2c(d1,iv);
151 /* shift ovec left most of the bits... */
152 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
153 /* now the remaining bits */
154 if(num%8 != 0)
155 for(n=0 ; n < 8 ; ++n)
156 {
157 ovec[n]<<=num%8;
158 ovec[n]|=ovec[n+1]>>(8-num%8);
159 }
160 iv=&ovec[0];
161 c2l(iv,v0);
162 c2l(iv,v1);
153 } 163 }
154 d0=(d0^ti[0])&mask0; 164 d0^=ti[0];
155 d1=(d1^ti[1])&mask1; 165 d1^=ti[1];
156 l2cn(d0,d1,out,n); 166 l2cn(d0,d1,out,n);
157 out+=n; 167 out+=n;
158 } 168 }
diff --git a/src/lib/libcrypto/des/destest.c b/src/lib/libcrypto/des/destest.c
index 687c00c792..3983ac8e5f 100644
--- a/src/lib/libcrypto/des/destest.c
+++ b/src/lib/libcrypto/des/destest.c
@@ -431,7 +431,7 @@ int main(int argc, char *argv[])
431 431
432#ifndef LIBDES_LIT 432#ifndef LIBDES_LIT
433 printf("Doing ede ecb\n"); 433 printf("Doing ede ecb\n");
434 for (i=0; i<(NUM_TESTS-1); i++) 434 for (i=0; i<(NUM_TESTS-2); i++)
435 { 435 {
436 DES_set_key_unchecked(&key_data[i],&ks); 436 DES_set_key_unchecked(&key_data[i],&ks);
437 DES_set_key_unchecked(&key_data[i+1],&ks2); 437 DES_set_key_unchecked(&key_data[i+1],&ks2);
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index 906b4703de..9d49ebc253 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -125,7 +125,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
125# endif 125# endif
126# endif 126# endif
127#else 127#else
128# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ 128# ifdef OPENSSL_SYS_SUNOS
129# define DLOPEN_FLAG 1
130# else
131# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
132# endif
129#endif 133#endif
130 134
131/* For this DSO_METHOD, our meth_data STACK will contain; 135/* For this DSO_METHOD, our meth_data STACK will contain;
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index 4dbc931120..16822a73cf 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -175,12 +175,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B
175 * (thus the boundaries should be increased) 175 * (thus the boundaries should be increased)
176 */ 176 */
177#define EC_window_bits_for_scalar_size(b) \ 177#define EC_window_bits_for_scalar_size(b) \
178 ((b) >= 2000 ? 6 : \ 178 ((size_t) \
179 (b) >= 800 ? 5 : \ 179 ((b) >= 2000 ? 6 : \
180 (b) >= 300 ? 4 : \ 180 (b) >= 800 ? 5 : \
181 (b) >= 70 ? 3 : \ 181 (b) >= 300 ? 4 : \
182 (b) >= 20 ? 2 : \ 182 (b) >= 70 ? 3 : \
183 1) 183 (b) >= 20 ? 2 : \
184 1))
184 185
185/* Compute 186/* Compute
186 * \sum scalars[i]*points[i], 187 * \sum scalars[i]*points[i],
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index 8686879e1a..9c3ab182d3 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -538,10 +538,10 @@ void ENGINE_add_conf_module(void);
538/**************************/ 538/**************************/
539 539
540/* Binary/behaviour compatibility levels */ 540/* Binary/behaviour compatibility levels */
541#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100 541#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200
542/* Binary versions older than this are too old for us (whether we're a loader or 542/* Binary versions older than this are too old for us (whether we're a loader or
543 * a loadee) */ 543 * a loadee) */
544#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100 544#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200
545 545
546/* When compiling an ENGINE entirely as an external shared library, loadable by 546/* When compiling an ENGINE entirely as an external shared library, loadable by
547 * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure 547 * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
@@ -630,6 +630,10 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
630 if(!fn(e,id)) return 0; \ 630 if(!fn(e,id)) return 0; \
631 return 1; } 631 return 1; }
632 632
633#if defined(__OpenBSD__) || defined(__FreeBSD__)
634void ENGINE_setup_bsd_cryptodev(void);
635#endif
636
633/* BEGIN ERROR CODES */ 637/* BEGIN ERROR CODES */
634/* The following lines are auto generated by the script mkerr.pl. Any changes 638/* The following lines are auto generated by the script mkerr.pl. Any changes
635 * made after this point may be overwritten when the script is next run. 639 * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index 6286dd851c..5234a08a07 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -561,7 +561,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
561 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); 561 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
562 return 0; 562 return 0;
563 } 563 }
564 memset(r->d, 0, BN_num_bytes(m));
565 564
566 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { 565 if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
567 fd = 0; 566 fd = 0;
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index a4f4a260af..6ab119c1ef 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -225,6 +225,7 @@ struct st_ERR_FNS
225 ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); 225 ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
226 /* Works on the "thread_hash" error-state table */ 226 /* Works on the "thread_hash" error-state table */
227 LHASH *(*cb_thread_get)(int create); 227 LHASH *(*cb_thread_get)(int create);
228 void (*cb_thread_release)(LHASH **hash);
228 ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); 229 ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
229 ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); 230 ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
230 void (*cb_thread_del_item)(const ERR_STATE *); 231 void (*cb_thread_del_item)(const ERR_STATE *);
@@ -239,6 +240,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
239static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); 240static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
240static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); 241static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
241static LHASH *int_thread_get(int create); 242static LHASH *int_thread_get(int create);
243static void int_thread_release(LHASH **hash);
242static ERR_STATE *int_thread_get_item(const ERR_STATE *); 244static ERR_STATE *int_thread_get_item(const ERR_STATE *);
243static ERR_STATE *int_thread_set_item(ERR_STATE *); 245static ERR_STATE *int_thread_set_item(ERR_STATE *);
244static void int_thread_del_item(const ERR_STATE *); 246static void int_thread_del_item(const ERR_STATE *);
@@ -252,6 +254,7 @@ static const ERR_FNS err_defaults =
252 int_err_set_item, 254 int_err_set_item,
253 int_err_del_item, 255 int_err_del_item,
254 int_thread_get, 256 int_thread_get,
257 int_thread_release,
255 int_thread_get_item, 258 int_thread_get_item,
256 int_thread_set_item, 259 int_thread_set_item,
257 int_thread_del_item, 260 int_thread_del_item,
@@ -271,6 +274,7 @@ static const ERR_FNS *err_fns = NULL;
271 * and state in the loading application. */ 274 * and state in the loading application. */
272static LHASH *int_error_hash = NULL; 275static LHASH *int_error_hash = NULL;
273static LHASH *int_thread_hash = NULL; 276static LHASH *int_thread_hash = NULL;
277static int int_thread_hash_references = 0;
274static int int_err_library_number= ERR_LIB_USER; 278static int int_err_library_number= ERR_LIB_USER;
275 279
276/* Internal function that checks whether "err_fns" is set and if not, sets it to 280/* Internal function that checks whether "err_fns" is set and if not, sets it to
@@ -417,11 +421,37 @@ static LHASH *int_thread_get(int create)
417 CRYPTO_pop_info(); 421 CRYPTO_pop_info();
418 } 422 }
419 if (int_thread_hash) 423 if (int_thread_hash)
424 {
425 int_thread_hash_references++;
420 ret = int_thread_hash; 426 ret = int_thread_hash;
427 }
421 CRYPTO_w_unlock(CRYPTO_LOCK_ERR); 428 CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
422 return ret; 429 return ret;
423 } 430 }
424 431
432static void int_thread_release(LHASH **hash)
433 {
434 int i;
435
436 if (hash == NULL || *hash == NULL)
437 return;
438
439 i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
440
441#ifdef REF_PRINT
442 fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
443#endif
444 if (i > 0) return;
445#ifdef REF_CHECK
446 if (i < 0)
447 {
448 fprintf(stderr,"int_thread_release, bad reference count\n");
449 abort(); /* ok */
450 }
451#endif
452 *hash = NULL;
453 }
454
425static ERR_STATE *int_thread_get_item(const ERR_STATE *d) 455static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
426 { 456 {
427 ERR_STATE *p; 457 ERR_STATE *p;
@@ -436,6 +466,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
436 p = (ERR_STATE *)lh_retrieve(hash, d); 466 p = (ERR_STATE *)lh_retrieve(hash, d);
437 CRYPTO_r_unlock(CRYPTO_LOCK_ERR); 467 CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
438 468
469 ERRFN(thread_release)(&hash);
439 return p; 470 return p;
440 } 471 }
441 472
@@ -453,6 +484,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d)
453 p = (ERR_STATE *)lh_insert(hash, d); 484 p = (ERR_STATE *)lh_insert(hash, d);
454 CRYPTO_w_unlock(CRYPTO_LOCK_ERR); 485 CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
455 486
487 ERRFN(thread_release)(&hash);
456 return p; 488 return p;
457 } 489 }
458 490
@@ -469,13 +501,15 @@ static void int_thread_del_item(const ERR_STATE *d)
469 CRYPTO_w_lock(CRYPTO_LOCK_ERR); 501 CRYPTO_w_lock(CRYPTO_LOCK_ERR);
470 p = (ERR_STATE *)lh_delete(hash, d); 502 p = (ERR_STATE *)lh_delete(hash, d);
471 /* make sure we don't leak memory */ 503 /* make sure we don't leak memory */
472 if (int_thread_hash && (lh_num_items(int_thread_hash) == 0)) 504 if (int_thread_hash_references == 1
505 && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
473 { 506 {
474 lh_free(int_thread_hash); 507 lh_free(int_thread_hash);
475 int_thread_hash = NULL; 508 int_thread_hash = NULL;
476 } 509 }
477 CRYPTO_w_unlock(CRYPTO_LOCK_ERR); 510 CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
478 511
512 ERRFN(thread_release)(&hash);
479 if (p) 513 if (p)
480 ERR_STATE_free(p); 514 ERR_STATE_free(p);
481 } 515 }
@@ -845,6 +879,12 @@ LHASH *ERR_get_err_state_table(void)
845 return ERRFN(thread_get)(0); 879 return ERRFN(thread_get)(0);
846 } 880 }
847 881
882void ERR_release_err_state_table(LHASH **hash)
883 {
884 err_fns_check();
885 ERRFN(thread_release)(hash);
886 }
887
848const char *ERR_lib_error_string(unsigned long e) 888const char *ERR_lib_error_string(unsigned long e)
849 { 889 {
850 ERR_STRING_DATA d,*p; 890 ERR_STRING_DATA d,*p;
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
index 988ef81aa0..8faa3a7b4f 100644
--- a/src/lib/libcrypto/err/err.h
+++ b/src/lib/libcrypto/err/err.h
@@ -278,6 +278,7 @@ ERR_STATE *ERR_get_state(void);
278#ifndef OPENSSL_NO_LHASH 278#ifndef OPENSSL_NO_LHASH
279LHASH *ERR_get_string_table(void); 279LHASH *ERR_get_string_table(void);
280LHASH *ERR_get_err_state_table(void); 280LHASH *ERR_get_err_state_table(void);
281void ERR_release_err_state_table(LHASH **hash);
281#endif 282#endif
282 283
283int ERR_get_next_error_library(void); 284int ERR_get_next_error_library(void);
diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl
index b4172406ae..f33aebd33a 100644
--- a/src/lib/libcrypto/evp/Makefile.ssl
+++ b/src/lib/libcrypto/evp/Makefile.ssl
@@ -185,13 +185,14 @@ c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
185c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h 185c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
186c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h 186c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
187c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 187c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
188c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 188c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
189c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h 189c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
190c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h 190c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
191c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h 191c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
192c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h 192c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
193c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 193c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
194c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 194c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
195c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
195c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h 196c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
196c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h 197c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
197c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 198c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index 6e550f6a43..33349c2f98 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl)
184 ret_code=0; 184 ret_code=0;
185 while (outl > 0) 185 while (outl > 0)
186 { 186 {
187 if (ctx->cont <= 0) break; 187
188 if (ctx->cont <= 0)
189 break;
188 190
189 i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), 191 i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
190 B64_BLOCK_SIZE-ctx->tmp_len); 192 B64_BLOCK_SIZE-ctx->tmp_len);
@@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl)
195 197
196 /* Should be continue next time we are called? */ 198 /* Should be continue next time we are called? */
197 if (!BIO_should_retry(b->next_bio)) 199 if (!BIO_should_retry(b->next_bio))
200 {
198 ctx->cont=i; 201 ctx->cont=i;
199 /* else we should continue when called again */ 202 /* If buffer empty break */
200 break; 203 if(ctx->tmp_len == 0)
204 break;
205 /* Fall through and process what we have */
206 else
207 i = 0;
208 }
209 /* else we retry and add more data to buffer */
210 else
211 break;
201 } 212 }
202 i+=ctx->tmp_len; 213 i+=ctx->tmp_len;
214 ctx->tmp_len = i;
203 215
204 /* We need to scan, a line at a time until we 216 /* We need to scan, a line at a time until we
205 * have a valid line if we are starting. */ 217 * have a valid line if we are starting. */
@@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl)
255 * reading until a new line. */ 267 * reading until a new line. */
256 if (p == (unsigned char *)&(ctx->tmp[0])) 268 if (p == (unsigned char *)&(ctx->tmp[0]))
257 { 269 {
258 ctx->tmp_nl=1; 270 /* Check buffer full */
259 ctx->tmp_len=0; 271 if (i == B64_BLOCK_SIZE)
272 {
273 ctx->tmp_nl=1;
274 ctx->tmp_len=0;
275 }
260 } 276 }
261 else if (p != q) /* finished on a '\n' */ 277 else if (p != q) /* finished on a '\n' */
262 { 278 {
@@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl)
271 else 287 else
272 ctx->tmp_len=0; 288 ctx->tmp_len=0;
273 } 289 }
290 /* If buffer isn't full and we can retry then
291 * restart to read in more data.
292 */
293 else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
294 continue;
274 295
275 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) 296 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
276 { 297 {
@@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl)
310 i=EVP_DecodeUpdate(&(ctx->base64), 331 i=EVP_DecodeUpdate(&(ctx->base64),
311 (unsigned char *)ctx->buf,&ctx->buf_len, 332 (unsigned char *)ctx->buf,&ctx->buf_len,
312 (unsigned char *)ctx->tmp,i); 333 (unsigned char *)ctx->tmp,i);
334 ctx->tmp_len = 0;
313 } 335 }
314 ctx->cont=i;
315 ctx->buf_off=0; 336 ctx->buf_off=0;
316 if (i < 0) 337 if (i < 0)
317 { 338 {
@@ -484,10 +505,7 @@ again:
484 { 505 {
485 i=b64_write(b,NULL,0); 506 i=b64_write(b,NULL,0);
486 if (i < 0) 507 if (i < 0)
487 { 508 return i;
488 ret=i;
489 break;
490 }
491 } 509 }
492 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) 510 if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
493 { 511 {
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index 1b31a14e37..fa60a73ead 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -59,6 +59,9 @@
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#ifndef OPENSSL_NO_ENGINE
63#include <openssl/engine.h>
64#endif
62 65
63#if 0 66#if 0
64#undef OpenSSL_add_all_algorithms 67#undef OpenSSL_add_all_algorithms
diff --git a/src/lib/libcrypto/md2/md2test.c b/src/lib/libcrypto/md2/md2test.c
index 901d0a7d8e..9c1e28b6ce 100644
--- a/src/lib/libcrypto/md2/md2test.c
+++ b/src/lib/libcrypto/md2/md2test.c
@@ -59,7 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <stdlib.h> 60#include <stdlib.h>
61#include <string.h> 61#include <string.h>
62#include <openssl/md2.h>
63 62
64#include "../e_os.h" 63#include "../e_os.h"
65 64
@@ -71,6 +70,7 @@ int main(int argc, char *argv[])
71} 70}
72#else 71#else
73#include <openssl/evp.h> 72#include <openssl/evp.h>
73#include <openssl/md2.h>
74 74
75#ifdef CHARSET_EBCDIC 75#ifdef CHARSET_EBCDIC
76#include <openssl/ebcdic.h> 76#include <openssl/ebcdic.h>
diff --git a/src/lib/libcrypto/md5/Makefile.ssl b/src/lib/libcrypto/md5/Makefile.ssl
index b11ab476d6..2361775a2d 100644
--- a/src/lib/libcrypto/md5/Makefile.ssl
+++ b/src/lib/libcrypto/md5/Makefile.ssl
@@ -6,7 +6,7 @@ DIR= md5
6TOP= ../.. 6TOP= ../..
7CC= cc 7CC= cc
8CPP= $(CC) -E 8CPP= $(CC) -E
9INCLUDES= 9INCLUDES=-I.. -I$(TOP) -I../../include
10CFLAG=-g 10CFLAG=-g
11INSTALL_PREFIX= 11INSTALL_PREFIX=
12OPENSSLDIR= /usr/local/ssl 12OPENSSLDIR= /usr/local/ssl
@@ -20,6 +20,7 @@ AR= ar r
20MD5_ASM_OBJ= 20MD5_ASM_OBJ=
21 21
22CFLAGS= $(INCLUDES) $(CFLAG) 22CFLAGS= $(INCLUDES) $(CFLAG)
23ASFLAGS= $(INCLUDES) $(ASFLAG)
23 24
24GENERAL=Makefile 25GENERAL=Makefile
25TEST=md5test.c 26TEST=md5test.c
diff --git a/src/lib/libcrypto/md5/asm/md5-586.pl b/src/lib/libcrypto/md5/asm/md5-586.pl
index 5fc6a205ce..fa3fa3bed5 100644
--- a/src/lib/libcrypto/md5/asm/md5-586.pl
+++ b/src/lib/libcrypto/md5/asm/md5-586.pl
@@ -293,7 +293,7 @@ sub md5_block
293 &mov(&DWP(12,$tmp2,"",0),$D); 293 &mov(&DWP(12,$tmp2,"",0),$D);
294 294
295 &cmp($tmp1,$X) unless $normal; # check count 295 &cmp($tmp1,$X) unless $normal; # check count
296 &jge(&label("start")) unless $normal; 296 &jae(&label("start")) unless $normal;
297 297
298 &pop("eax"); # pop the temp variable off the stack 298 &pop("eax"); # pop the temp variable off the stack
299 &pop("ebx"); 299 &pop("ebx");
diff --git a/src/lib/libcrypto/md5/asm/md5-sparcv9.S b/src/lib/libcrypto/md5/asm/md5-sparcv9.S
index a599ed5660..db45aa4c97 100644
--- a/src/lib/libcrypto/md5/asm/md5-sparcv9.S
+++ b/src/lib/libcrypto/md5/asm/md5-sparcv9.S
@@ -34,10 +34,12 @@
34 * 34 *
35 * or if above fails (it does if you have gas): 35 * or if above fails (it does if you have gas):
36 * 36 *
37 * gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ 37 * gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
38 * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o 38 * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
39 */ 39 */
40 40
41#include <openssl/e_os2.h>
42
41#define A %o0 43#define A %o0
42#define B %o1 44#define B %o1
43#define C %o2 45#define C %o2
diff --git a/src/lib/libcrypto/o_time.c b/src/lib/libcrypto/o_time.c
index 723eb1b5af..785468131e 100644
--- a/src/lib/libcrypto/o_time.c
+++ b/src/lib/libcrypto/o_time.c
@@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
73 { 73 {
74 struct tm *ts = NULL; 74 struct tm *ts = NULL;
75 75
76#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) 76#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
77 /* should return &data, but doesn't on some systems, 77 /* should return &data, but doesn't on some systems,
78 so we don't even look at the return value */ 78 so we don't even look at the return value */
79 gmtime_r(timer,result); 79 gmtime_r(timer,result);
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 08cb1d5018..e226d9de79 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090702fL 28#define OPENSSL_VERSION_NUMBER 0x0090703fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7b 10 Apr 2003" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libcrypto/perlasm/x86ms.pl b/src/lib/libcrypto/perlasm/x86ms.pl
index 35f1a4ddb9..fbb4afb9bd 100644
--- a/src/lib/libcrypto/perlasm/x86ms.pl
+++ b/src/lib/libcrypto/perlasm/x86ms.pl
@@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); }
144sub main'jz { &out1("jz",@_); } 144sub main'jz { &out1("jz",@_); }
145sub main'jge { &out1("jge",@_); } 145sub main'jge { &out1("jge",@_); }
146sub main'jl { &out1("jl",@_); } 146sub main'jl { &out1("jl",@_); }
147sub main'ja { &out1("ja",@_); }
148sub main'jae { &out1("jae",@_); }
147sub main'jb { &out1("jb",@_); } 149sub main'jb { &out1("jb",@_); }
150sub main'jbe { &out1("jbe",@_); }
148sub main'jc { &out1("jc",@_); } 151sub main'jc { &out1("jc",@_); }
149sub main'jnc { &out1("jnc",@_); } 152sub main'jnc { &out1("jnc",@_); }
150sub main'jnz { &out1("jnz",@_); } 153sub main'jnz { &out1("jnz",@_); }
diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl
index f30b7466d4..30346af4ea 100644
--- a/src/lib/libcrypto/perlasm/x86nasm.pl
+++ b/src/lib/libcrypto/perlasm/x86nasm.pl
@@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); }
152sub main'jz { &out1("jz NEAR",@_); } 152sub main'jz { &out1("jz NEAR",@_); }
153sub main'jge { &out1("jge NEAR",@_); } 153sub main'jge { &out1("jge NEAR",@_); }
154sub main'jl { &out1("jl NEAR",@_); } 154sub main'jl { &out1("jl NEAR",@_); }
155sub main'ja { &out1("ja NEAR",@_); }
156sub main'jae { &out1("jae NEAR",@_); }
155sub main'jb { &out1("jb NEAR",@_); } 157sub main'jb { &out1("jb NEAR",@_); }
158sub main'jbe { &out1("jbe NEAR",@_); }
156sub main'jc { &out1("jc NEAR",@_); } 159sub main'jc { &out1("jc NEAR",@_); }
157sub main'jnc { &out1("jnc NEAR",@_); } 160sub main'jnc { &out1("jnc NEAR",@_); }
158sub main'jnz { &out1("jnz NEAR",@_); } 161sub main'jnz { &out1("jnz NEAR",@_); }
diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl
index 72bde061c5..10b669bf04 100644
--- a/src/lib/libcrypto/perlasm/x86unix.pl
+++ b/src/lib/libcrypto/perlasm/x86unix.pl
@@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); }
156sub main'jz { &out1("jz",@_); } 156sub main'jz { &out1("jz",@_); }
157sub main'jge { &out1("jge",@_); } 157sub main'jge { &out1("jge",@_); }
158sub main'jl { &out1("jl",@_); } 158sub main'jl { &out1("jl",@_); }
159sub main'ja { &out1("ja",@_); }
160sub main'jae { &out1("jae",@_); }
159sub main'jb { &out1("jb",@_); } 161sub main'jb { &out1("jb",@_); }
162sub main'jbe { &out1("jbe",@_); }
160sub main'jc { &out1("jc",@_); } 163sub main'jc { &out1("jc",@_); }
161sub main'jnc { &out1("jnc",@_); } 164sub main'jnc { &out1("jnc",@_); }
162sub main'jno { &out1("jno",@_); } 165sub main'jno { &out1("jno",@_); }
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 0060a2ea3d..190ca0e9bf 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -767,6 +767,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
767 } 767 }
768 if (EVP_MD_CTX_type(mdc) == md_type) 768 if (EVP_MD_CTX_type(mdc) == md_type)
769 break; 769 break;
770 /* Workaround for some broken clients that put the signature
771 * OID instead of the digest OID in digest_alg->algorithm
772 */
773 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
774 break;
770 btmp=BIO_next(btmp); 775 btmp=BIO_next(btmp);
771 } 776 }
772 777
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index 086d394270..5d2a97839d 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -101,7 +101,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a,
101static void mime_param_free(MIME_PARAM *param); 101static void mime_param_free(MIME_PARAM *param);
102static int mime_bound_check(char *line, int linelen, char *bound, int blen); 102static int mime_bound_check(char *line, int linelen, char *bound, int blen);
103static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); 103static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
104static int iscrlf(char c); 104static int strip_eol(char *linebuf, int *plen);
105static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); 105static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
106static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); 106static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
107static void mime_hdr_free(MIME_HEADER *hdr); 107static void mime_hdr_free(MIME_HEADER *hdr);
@@ -150,9 +150,17 @@ static PKCS7 *B64_read_PKCS7(BIO *bio)
150 150
151int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) 151int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
152{ 152{
153 char linebuf[MAX_SMLEN];
154 char bound[33], c; 153 char bound[33], c;
155 int i; 154 int i;
155 char *mime_prefix, *mime_eol;
156 if (flags & PKCS7_NOOLDMIMETYPE)
157 mime_prefix = "application/pkcs7-";
158 else
159 mime_prefix = "application/x-pkcs7-";
160 if (flags & PKCS7_CRLFEOL)
161 mime_eol = "\r\n";
162 else
163 mime_eol = "\n";
156 if((flags & PKCS7_DETACHED) && data) { 164 if((flags & PKCS7_DETACHED) && data) {
157 /* We want multipart/signed */ 165 /* We want multipart/signed */
158 /* Generate a random boundary */ 166 /* Generate a random boundary */
@@ -164,34 +172,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
164 bound[i] = c; 172 bound[i] = c;
165 } 173 }
166 bound[32] = 0; 174 bound[32] = 0;
167 BIO_printf(bio, "MIME-Version: 1.0\n"); 175 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
168 BIO_printf(bio, "Content-Type: multipart/signed;"); 176 BIO_printf(bio, "Content-Type: multipart/signed;");
169 BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); 177 BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
170 BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); 178 BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
171 BIO_printf(bio, "This is an S/MIME signed message\n\n"); 179 bound, mime_eol, mime_eol);
180 BIO_printf(bio, "This is an S/MIME signed message%s%s",
181 mime_eol, mime_eol);
172 /* Now write out the first part */ 182 /* Now write out the first part */
173 BIO_printf(bio, "------%s\n", bound); 183 BIO_printf(bio, "------%s%s", bound, mime_eol);
174 if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); 184 SMIME_crlf_copy(data, bio, flags);
175 while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 185 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
176 BIO_write(bio, linebuf, i);
177 BIO_printf(bio, "\n------%s\n", bound);
178 186
179 /* Headers for signature */ 187 /* Headers for signature */
180 188
181 BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); 189 BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
182 BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); 190 BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
183 BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); 191 BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
192 mime_eol);
193 BIO_printf(bio, "Content-Disposition: attachment;");
194 BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
195 mime_eol, mime_eol);
184 B64_write_PKCS7(bio, p7); 196 B64_write_PKCS7(bio, p7);
185 BIO_printf(bio,"\n------%s--\n\n", bound); 197 BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
198 mime_eol, mime_eol);
186 return 1; 199 return 1;
187 } 200 }
188 /* MIME headers */ 201 /* MIME headers */
189 BIO_printf(bio, "MIME-Version: 1.0\n"); 202 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
190 BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); 203 BIO_printf(bio, "Content-Disposition: attachment;");
191 BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); 204 BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
192 BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); 205 BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
206 BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
207 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
208 mime_eol, mime_eol);
193 B64_write_PKCS7(bio, p7); 209 B64_write_PKCS7(bio, p7);
194 BIO_printf(bio, "\n"); 210 BIO_printf(bio, "%s", mime_eol);
195 return 1; 211 return 1;
196} 212}
197 213
@@ -316,12 +332,9 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
316 } 332 }
317 if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); 333 if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
318 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { 334 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
319 eol = 0; 335 eol = strip_eol(linebuf, &len);
320 while(iscrlf(linebuf[len - 1])) { 336 if (len)
321 len--; 337 BIO_write(out, linebuf, len);
322 eol = 1;
323 }
324 BIO_write(out, linebuf, len);
325 if(eol) BIO_write(out, "\r\n", 2); 338 if(eol) BIO_write(out, "\r\n", 2);
326 } 339 }
327 return 1; 340 return 1;
@@ -364,6 +377,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
364{ 377{
365 char linebuf[MAX_SMLEN]; 378 char linebuf[MAX_SMLEN];
366 int len, blen; 379 int len, blen;
380 int eol = 0, next_eol = 0;
367 BIO *bpart = NULL; 381 BIO *bpart = NULL;
368 STACK_OF(BIO) *parts; 382 STACK_OF(BIO) *parts;
369 char state, part, first; 383 char state, part, first;
@@ -383,26 +397,23 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
383 sk_BIO_push(parts, bpart); 397 sk_BIO_push(parts, bpart);
384 return 1; 398 return 1;
385 } else if(part) { 399 } else if(part) {
400 /* Strip CR+LF from linebuf */
401 next_eol = strip_eol(linebuf, &len);
386 if(first) { 402 if(first) {
387 first = 0; 403 first = 0;
388 if(bpart) sk_BIO_push(parts, bpart); 404 if(bpart) sk_BIO_push(parts, bpart);
389 bpart = BIO_new(BIO_s_mem()); 405 bpart = BIO_new(BIO_s_mem());
390 406 BIO_set_mem_eof_return(bpart, 0);
391 } else BIO_write(bpart, "\r\n", 2); 407 } else if (eol)
392 /* Strip CR+LF from linebuf */ 408 BIO_write(bpart, "\r\n", 2);
393 while(iscrlf(linebuf[len - 1])) len--; 409 eol = next_eol;
394 BIO_write(bpart, linebuf, len); 410 if (len)
411 BIO_write(bpart, linebuf, len);
395 } 412 }
396 } 413 }
397 return 0; 414 return 0;
398} 415}
399 416
400static int iscrlf(char c)
401{
402 if(c == '\r' || c == '\n') return 1;
403 return 0;
404}
405
406/* This is the big one: parse MIME header lines up to message body */ 417/* This is the big one: parse MIME header lines up to message body */
407 418
408#define MIME_INVALID 0 419#define MIME_INVALID 0
@@ -683,3 +694,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen)
683 } 694 }
684 return 0; 695 return 0;
685} 696}
697
698static int strip_eol(char *linebuf, int *plen)
699 {
700 int len = *plen;
701 char *p, c;
702 int is_eol = 0;
703 p = linebuf + len - 1;
704 for (p = linebuf + len - 1; len > 0; len--, p--)
705 {
706 c = *p;
707 if (c == '\n')
708 is_eol = 1;
709 else if (c != '\r')
710 break;
711 }
712 *plen = len;
713 return is_eol;
714 }
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index f0d071e282..6e5735de11 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
index 5819700a85..15372e18f8 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -260,6 +260,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
260#define PKCS7_BINARY 0x80 260#define PKCS7_BINARY 0x80
261#define PKCS7_NOATTR 0x100 261#define PKCS7_NOATTR 0x100
262#define PKCS7_NOSMIMECAP 0x200 262#define PKCS7_NOSMIMECAP 0x200
263#define PKCS7_NOOLDMIMETYPE 0x400
264#define PKCS7_CRLFEOL 0x800
263 265
264/* Flags: for compatibility with older code */ 266/* Flags: for compatibility with older code */
265 267
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 113b58678f..263068d256 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
162typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); 162typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
163 163
164typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); 164typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
165typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
165typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); 166typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
166typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); 167typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
167typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); 168typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@@ -431,7 +432,7 @@ int RAND_poll(void)
431 * This seeding method was proposed in Peter Gutmann, Software 432 * This seeding method was proposed in Peter Gutmann, Software
432 * Generation of Practically Strong Random Numbers, 433 * Generation of Practically Strong Random Numbers,
433 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html 434 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
434 * revised version at http://www.cryptoengines.com/~peter/06_random.pdf 435 * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
435 * (The assignment of entropy estimates below is arbitrary, but based 436 * (The assignment of entropy estimates below is arbitrary, but based
436 * on Peter's analysis the full poll appears to be safe. Additional 437 * on Peter's analysis the full poll appears to be safe. Additional
437 * interactive seeding is encouraged.) 438 * interactive seeding is encouraged.)
@@ -440,6 +441,7 @@ int RAND_poll(void)
440 if (kernel) 441 if (kernel)
441 { 442 {
442 CREATETOOLHELP32SNAPSHOT snap; 443 CREATETOOLHELP32SNAPSHOT snap;
444 CLOSETOOLHELP32SNAPSHOT close_snap;
443 HANDLE handle; 445 HANDLE handle;
444 446
445 HEAP32FIRST heap_first; 447 HEAP32FIRST heap_first;
@@ -457,6 +459,8 @@ int RAND_poll(void)
457 459
458 snap = (CREATETOOLHELP32SNAPSHOT) 460 snap = (CREATETOOLHELP32SNAPSHOT)
459 GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); 461 GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
462 close_snap = (CLOSETOOLHELP32SNAPSHOT)
463 GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
460 heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); 464 heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
461 heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); 465 heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
462 heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); 466 heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
@@ -472,7 +476,7 @@ int RAND_poll(void)
472 heaplist_next && process_first && process_next && 476 heaplist_next && process_first && process_next &&
473 thread_first && thread_next && module_first && 477 thread_first && thread_next && module_first &&
474 module_next && (handle = snap(TH32CS_SNAPALL,0)) 478 module_next && (handle = snap(TH32CS_SNAPALL,0))
475 != NULL) 479 != INVALID_HANDLE_VALUE)
476 { 480 {
477 /* heap list and heap walking */ 481 /* heap list and heap walking */
478 /* HEAPLIST32 contains 3 fields that will change with 482 /* HEAPLIST32 contains 3 fields that will change with
@@ -534,8 +538,10 @@ int RAND_poll(void)
534 do 538 do
535 RAND_add(&m, m.dwSize, 9); 539 RAND_add(&m, m.dwSize, 9);
536 while (module_next(handle, &m)); 540 while (module_next(handle, &m));
537 541 if (close_snap)
538 CloseHandle(handle); 542 close_snap(handle);
543 else
544 CloseHandle(handle);
539 } 545 }
540 546
541 FreeLibrary(kernel); 547 FreeLibrary(kernel);
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index e26a68b482..62fa745f79 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -158,11 +158,6 @@ struct rsa_st
158#define RSA_FLAG_CACHE_PUBLIC 0x02 158#define RSA_FLAG_CACHE_PUBLIC 0x02
159#define RSA_FLAG_CACHE_PRIVATE 0x04 159#define RSA_FLAG_CACHE_PRIVATE 0x04
160#define RSA_FLAG_BLINDING 0x08 160#define RSA_FLAG_BLINDING 0x08
161#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
162 * RSA implementation now uses blinding by
163 * default (ignoring RSA_FLAG_BLINDING),
164 * but other engines might not need it
165 */
166#define RSA_FLAG_THREAD_SAFE 0x10 161#define RSA_FLAG_THREAD_SAFE 0x10
167/* This flag means the private key operations will be handled by rsa_mod_exp 162/* This flag means the private key operations will be handled by rsa_mod_exp
168 * and that they do not depend on the private key components being present: 163 * and that they do not depend on the private key components being present:
@@ -175,7 +170,11 @@ struct rsa_st
175 */ 170 */
176#define RSA_FLAG_SIGN_VER 0x40 171#define RSA_FLAG_SIGN_VER 0x40
177 172
178#define RSA_FLAG_NO_BLINDING 0x80 173#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
174 * RSA implementation now uses blinding by
175 * default (ignoring RSA_FLAG_BLINDING),
176 * but other engines might not need it
177 */
179 178
180#define RSA_PKCS1_PADDING 1 179#define RSA_PKCS1_PADDING 1
181#define RSA_SSLV23_PADDING 2 180#define RSA_SSLV23_PADDING 2
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 027b4dc754..e0d286266e 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -484,6 +484,8 @@ err:
484 if (ctx != NULL) BN_CTX_free(ctx); 484 if (ctx != NULL) BN_CTX_free(ctx);
485 BN_clear_free(&f); 485 BN_clear_free(&f);
486 BN_clear_free(&ret); 486 BN_clear_free(&ret);
487 if (local_blinding)
488 BN_BLINDING_free(blinding);
487 if (buf != NULL) 489 if (buf != NULL)
488 { 490 {
489 OPENSSL_cleanse(buf,num); 491 OPENSSL_cleanse(buf,num);
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 53c5092014..e4d622851e 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa)
316 316
317int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) 317int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
318 { 318 {
319 BIGNUM *A,*Ai; 319 BIGNUM *A,*Ai = NULL;
320 BN_CTX *ctx; 320 BN_CTX *ctx;
321 int ret=0; 321 int ret=0;
322 322
@@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
327 else 327 else
328 ctx=p_ctx; 328 ctx=p_ctx;
329 329
330 /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
330 if (rsa->blinding != NULL) 331 if (rsa->blinding != NULL)
332 {
331 BN_BLINDING_free(rsa->blinding); 333 BN_BLINDING_free(rsa->blinding);
334 rsa->blinding = NULL;
335 }
332 336
333 /* NB: similar code appears in setup_blinding (rsa_eay.c); 337 /* NB: similar code appears in setup_blinding (rsa_eay.c);
334 * this should be placed in a new function of its own, but for reasons 338 * this should be placed in a new function of its own, but for reasons
@@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
356 rsa->blinding->thread_id = CRYPTO_thread_id(); 360 rsa->blinding->thread_id = CRYPTO_thread_id();
357 rsa->flags |= RSA_FLAG_BLINDING; 361 rsa->flags |= RSA_FLAG_BLINDING;
358 rsa->flags &= ~RSA_FLAG_NO_BLINDING; 362 rsa->flags &= ~RSA_FLAG_NO_BLINDING;
359 BN_free(Ai);
360 ret=1; 363 ret=1;
361err: 364err:
365 if (Ai != NULL) BN_free(Ai);
362 BN_CTX_end(ctx); 366 BN_CTX_end(ctx);
363 if (ctx != p_ctx) BN_CTX_free(ctx); 367 if (ctx != p_ctx) BN_CTX_free(ctx);
364 return(ret); 368 return(ret);
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index f5c8c0be8a..203c7713e7 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -2801,3 +2801,5 @@ BIO_indent 3242 EXIST::FUNCTION:
2801BUF_strlcpy 3243 EXIST::FUNCTION: 2801BUF_strlcpy 3243 EXIST::FUNCTION:
2802OpenSSLDie 3244 EXIST::FUNCTION: 2802OpenSSLDie 3244 EXIST::FUNCTION:
2803OPENSSL_cleanse 3245 EXIST::FUNCTION: 2803OPENSSL_cleanse 3245 EXIST::FUNCTION:
2804ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
2805ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl
index 043a3a53ee..4bee638c4a 100644
--- a/src/lib/libcrypto/util/pl/Mingw32.pl
+++ b/src/lib/libcrypto/util/pl/Mingw32.pl
@@ -85,7 +85,7 @@ sub do_lib_rule
85 ($Name=$name) =~ tr/a-z/A-Z/; 85 ($Name=$name) =~ tr/a-z/A-Z/;
86 86
87 $ret.="$target: \$(${Name}OBJ)\n"; 87 $ret.="$target: \$(${Name}OBJ)\n";
88 $ret.="\t\$(RM) $target\n"; 88 $ret.="\tif exist $target \$(RM) $target\n";
89 $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; 89 $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
90 $ret.="\t\$(RANLIB) $target\n\n"; 90 $ret.="\t\$(RANLIB) $target\n\n";
91 } 91 }
diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh
index ce7dcc56df..4790e08f8a 100644
--- a/src/lib/libcrypto/util/point.sh
+++ b/src/lib/libcrypto/util/point.sh
@@ -1,10 +1,10 @@
1#!/bin/sh 1#!/bin/sh
2 2
3rm -f $2 3rm -f "$2"
4if test "$OSTYPE" = msdosdjgpp; then 4if test "$OSTYPE" = msdosdjgpp; then
5 cp $1 $2 5 cp "$1" "$2"
6else 6else
7 ln -s $1 $2 7 ln -s "$1" "$2"
8fi 8fi
9echo "$2 => $1" 9echo "$2 => $1"
10 10
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 17d69ac005..881252608d 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = {
82{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, 82{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
83{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, 83{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
84{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, 84{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
85{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
85{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, 86{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
86{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} 87{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
87}; 88};
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 04997ba456..2bb21b443e 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
453 if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) 453 if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
454 return 1; 454 return 1;
455 if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) 455 if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
456 last = 0;
457 else
458 last = sk_X509_num(ctx->chain) - 1; 456 last = sk_X509_num(ctx->chain) - 1;
457 else
458 last = 0;
459 for(i = 0; i <= last; i++) 459 for(i = 0; i <= last; i++)
460 { 460 {
461 ctx->error_depth = i; 461 ctx->error_depth = i;
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index 8e78b34458..f78c2a6b43 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
99 case EVP_PKEY_RSA: 99 case EVP_PKEY_RSA:
100 ret|=EVP_PKS_RSA; 100 ret|=EVP_PKS_RSA;
101 break; 101 break;
102 case EVP_PKS_DSA: 102 case EVP_PKEY_DSA:
103 ret|=EVP_PKS_DSA; 103 ret|=EVP_PKS_DSA;
104 break; 104 break;
105 default: 105 default:
106 break; 106 break;
107 } 107 }
108 108
109 if (EVP_PKEY_size(pk) <= 512) 109 if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
110 for, not bytes */
110 ret|=EVP_PKT_EXP; 111 ret|=EVP_PKT_EXP;
111 if(pkey==NULL) EVP_PKEY_free(pk); 112 if(pkey==NULL) EVP_PKEY_free(pk);
112 return(ret); 113 return(ret);
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 1a3448e121..1284d5aaa5 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -236,7 +236,7 @@ static int v3_check_critical(char **value)
236static int v3_check_generic(char **value) 236static int v3_check_generic(char **value)
237{ 237{
238 char *p = *value; 238 char *p = *value;
239 if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; 239 if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
240 p+=4; 240 p+=4;
241 while (isspace((unsigned char)*p)) p++; 241 while (isspace((unsigned char)*p)) p++;
242 *value = p; 242 *value = p;
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 0d4ab1f680..0d554f3a2c 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
73 STACK_OF(CONF_VALUE) *polstrs, int ia5org); 73 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, 74static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
75 STACK_OF(CONF_VALUE) *unot, int ia5org); 75 STACK_OF(CONF_VALUE) *unot, int ia5org);
76static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); 76static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
77 77
78X509V3_EXT_METHOD v3_cpols = { 78X509V3_EXT_METHOD v3_cpols = {
79NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), 79NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
226 qual = notice_section(ctx, unot, ia5org); 226 qual = notice_section(ctx, unot, ia5org);
227 X509V3_section_free(ctx, unot); 227 X509V3_section_free(ctx, unot);
228 if(!qual) goto err; 228 if(!qual) goto err;
229 if(!pol->qualifiers) pol->qualifiers =
230 sk_POLICYQUALINFO_new_null();
229 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) 231 if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
230 goto merr; 232 goto merr;
231 } else { 233 } else {
@@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
255static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, 257static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
256 STACK_OF(CONF_VALUE) *unot, int ia5org) 258 STACK_OF(CONF_VALUE) *unot, int ia5org)
257{ 259{
258 int i; 260 int i, ret;
259 CONF_VALUE *cnf; 261 CONF_VALUE *cnf;
260 USERNOTICE *not; 262 USERNOTICE *not;
261 POLICYQUALINFO *qual; 263 POLICYQUALINFO *qual;
@@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
275 if(!(nref = NOTICEREF_new())) goto merr; 277 if(!(nref = NOTICEREF_new())) goto merr;
276 not->noticeref = nref; 278 not->noticeref = nref;
277 } else nref = not->noticeref; 279 } else nref = not->noticeref;
278 if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); 280 if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
279 else nref->organization = M_ASN1_VISIBLESTRING_new(); 281 else nref->organization->type = V_ASN1_VISIBLESTRING;
280 if(!ASN1_STRING_set(nref->organization, cnf->value, 282 if(!ASN1_STRING_set(nref->organization, cnf->value,
281 strlen(cnf->value))) goto merr; 283 strlen(cnf->value))) goto merr;
282 } else if(!strcmp(cnf->name, "noticeNumbers")) { 284 } else if(!strcmp(cnf->name, "noticeNumbers")) {
@@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
292 X509V3_conf_err(cnf); 294 X509V3_conf_err(cnf);
293 goto err; 295 goto err;
294 } 296 }
295 nref->noticenos = nref_nos(nos); 297 ret = nref_nos(nref->noticenos, nos);
296 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); 298 sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
297 if(!nref->noticenos) goto err; 299 if (!ret)
300 goto err;
298 } else { 301 } else {
299 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); 302 X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
300
301 X509V3_conf_err(cnf); 303 X509V3_conf_err(cnf);
302 goto err; 304 goto err;
303 } 305 }
@@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
319 return NULL; 321 return NULL;
320} 322}
321 323
322static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) 324static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
323{ 325{
324 STACK_OF(ASN1_INTEGER) *nnums;
325 CONF_VALUE *cnf; 326 CONF_VALUE *cnf;
326 ASN1_INTEGER *aint; 327 ASN1_INTEGER *aint;
327 328
328 int i; 329 int i;
329 330
330 if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
331 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { 331 for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
332 cnf = sk_CONF_VALUE_value(nos, i); 332 cnf = sk_CONF_VALUE_value(nos, i);
333 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { 333 if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
@@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
336 } 336 }
337 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; 337 if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
338 } 338 }
339 return nnums; 339 return 1;
340 340
341 merr: 341 merr:
342 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); 342 X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
343 343
344 err: 344 err:
345 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); 345 sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
346 return NULL; 346 return 0;
347} 347}
348 348
349 349
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index 482ca8ccf5..ca5a4a4a57 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
202 if(OBJ_obj2nid(ex->object) == nid) { 202 if(OBJ_obj2nid(ex->object) == nid) {
203 if(idx) { 203 if(idx) {
204 *idx = i; 204 *idx = i;
205 found_ex = ex;
205 break; 206 break;
206 } else if(found_ex) { 207 } else if(found_ex) {
207 /* Found more than one */ 208 /* Found more than one */
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index 754808b625..5d268eb768 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
184 j=X509_EXTENSION_get_critical(ex); 184 j=X509_EXTENSION_get_critical(ex);
185 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) 185 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
186 return 0; 186 return 0;
187 if(!X509V3_EXT_print(bp, ex, flag, 12)) 187 if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
188 { 188 {
189 BIO_printf(bp, "%*s", indent + 4, ""); 189 BIO_printf(bp, "%*s", indent + 4, "");
190 M_ASN1_OCTET_STRING_print(bp,ex->value); 190 M_ASN1_OCTET_STRING_print(bp,ex->value);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:03:32 +0000