summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto')
-rw-r--r--src/lib/libcrypto/asn1/asn1.h3
-rw-r--r--src/lib/libcrypto/asn1/asn1_err.c2
-rw-r--r--src/lib/libcrypto/asn1/asn1_par.c2
-rw-r--r--src/lib/libcrypto/asn1/asn_mime.c2
-rw-r--r--src/lib/libcrypto/asn1/tasn_dec.c44
-rw-r--r--src/lib/libcrypto/bio/bss_mem.c22
-rw-r--r--src/lib/libcrypto/bio/bss_sock.c5
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c4
-rw-r--r--src/lib/libcrypto/conf/conf_mod.c2
-rw-r--r--src/lib/libcrypto/crypto-lib.com8
-rw-r--r--src/lib/libcrypto/dh/dh.h4
-rw-r--r--src/lib/libcrypto/dh/dh_err.c2
-rw-r--r--src/lib/libcrypto/evp/evp_test.c10
-rw-r--r--src/lib/libcrypto/opensslv.h6
-rw-r--r--src/lib/libcrypto/pem/pem.h4
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c3
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c3
-rw-r--r--src/lib/libcrypto/rand/rand_unix.c2
-rw-r--r--src/lib/libcrypto/rand/randfile.c4
-rw-r--r--src/lib/libcrypto/symhacks.h4
-rw-r--r--src/lib/libcrypto/ui/ui_lib.c1
-rw-r--r--src/lib/libcrypto/util/domd2
-rw-r--r--src/lib/libcrypto/util/libeay.num3
-rw-r--r--src/lib/libcrypto/util/pl/VC-32.pl6
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c3
-rw-r--r--src/lib/libcrypto/x509v3/v3_addr.c33
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c7
27 files changed, 122 insertions, 69 deletions
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index 424cd348bb..e3385226d4 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -612,6 +612,7 @@ typedef struct BIT_STRING_BITNAME_st {
612 B_ASN1_GENERALIZEDTIME 612 B_ASN1_GENERALIZEDTIME
613 613
614#define B_ASN1_PRINTABLE \ 614#define B_ASN1_PRINTABLE \
615 B_ASN1_NUMERICSTRING| \
615 B_ASN1_PRINTABLESTRING| \ 616 B_ASN1_PRINTABLESTRING| \
616 B_ASN1_T61STRING| \ 617 B_ASN1_T61STRING| \
617 B_ASN1_IA5STRING| \ 618 B_ASN1_IA5STRING| \
@@ -1217,6 +1218,7 @@ void ERR_load_ASN1_strings(void);
1217#define ASN1_R_BAD_OBJECT_HEADER 102 1218#define ASN1_R_BAD_OBJECT_HEADER 102
1218#define ASN1_R_BAD_PASSWORD_READ 103 1219#define ASN1_R_BAD_PASSWORD_READ 103
1219#define ASN1_R_BAD_TAG 104 1220#define ASN1_R_BAD_TAG 104
1221#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
1220#define ASN1_R_BN_LIB 105 1222#define ASN1_R_BN_LIB 105
1221#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 1223#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
1222#define ASN1_R_BUFFER_TOO_SMALL 107 1224#define ASN1_R_BUFFER_TOO_SMALL 107
@@ -1306,6 +1308,7 @@ void ERR_load_ASN1_strings(void);
1306#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 1308#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
1307#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 1309#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
1308#define ASN1_R_UNEXPECTED_EOC 159 1310#define ASN1_R_UNEXPECTED_EOC 159
1311#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
1309#define ASN1_R_UNKNOWN_FORMAT 160 1312#define ASN1_R_UNKNOWN_FORMAT 160
1310#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 1313#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
1311#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 1314#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index f8a3e2e6cd..5f5de98eed 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
195{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, 195{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
196{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, 196{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
197{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, 197{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
198{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
198{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, 199{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
199{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, 200{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
200{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, 201{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
@@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
284{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, 285{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
285{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, 286{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
286{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, 287{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
288{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
287{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, 289{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
288{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, 290{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
289{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, 291{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index 501b62a4b1..8657f73d66 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -213,6 +213,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
213 (tag == V_ASN1_T61STRING) || 213 (tag == V_ASN1_T61STRING) ||
214 (tag == V_ASN1_IA5STRING) || 214 (tag == V_ASN1_IA5STRING) ||
215 (tag == V_ASN1_VISIBLESTRING) || 215 (tag == V_ASN1_VISIBLESTRING) ||
216 (tag == V_ASN1_NUMERICSTRING) ||
217 (tag == V_ASN1_UTF8STRING) ||
216 (tag == V_ASN1_UTCTIME) || 218 (tag == V_ASN1_UTCTIME) ||
217 (tag == V_ASN1_GENERALIZEDTIME)) 219 (tag == V_ASN1_GENERALIZEDTIME))
218 { 220 {
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
index bc80b20d63..d8d9e76cc0 100644
--- a/src/lib/libcrypto/asn1/asn_mime.c
+++ b/src/lib/libcrypto/asn1/asn_mime.c
@@ -152,7 +152,6 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
152 152
153static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) 153static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
154 { 154 {
155 const EVP_MD *md;
156 int i, have_unknown = 0, write_comma, md_nid; 155 int i, have_unknown = 0, write_comma, md_nid;
157 have_unknown = 0; 156 have_unknown = 0;
158 write_comma = 0; 157 write_comma = 0;
@@ -162,7 +161,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
162 BIO_write(out, ",", 1); 161 BIO_write(out, ",", 1);
163 write_comma = 1; 162 write_comma = 1;
164 md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); 163 md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
165 md = EVP_get_digestbynid(md_nid);
166 switch(md_nid) 164 switch(md_nid)
167 { 165 {
168 case NID_sha1: 166 case NID_sha1:
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index ced641698e..48bc1c0d4d 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len);
69static int asn1_find_end(const unsigned char **in, long len, char inf); 69static int asn1_find_end(const unsigned char **in, long len, char inf);
70 70
71static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, 71static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
72 char inf, int tag, int aclass); 72 char inf, int tag, int aclass, int depth);
73 73
74static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); 74static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
75 75
@@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
611 611
612 err: 612 err:
613 ASN1_template_free(val, tt); 613 ASN1_template_free(val, tt);
614 *val = NULL;
615 return 0; 614 return 0;
616 } 615 }
617 616
@@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
758 757
759 err: 758 err:
760 ASN1_template_free(val, tt); 759 ASN1_template_free(val, tt);
761 *val = NULL;
762 return 0; 760 return 0;
763 } 761 }
764 762
@@ -878,7 +876,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
878 * internally irrespective of the type. So instead just check 876 * internally irrespective of the type. So instead just check
879 * for UNIVERSAL class and ignore the tag. 877 * for UNIVERSAL class and ignore the tag.
880 */ 878 */
881 if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) 879 if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
882 { 880 {
883 free_cont = 1; 881 free_cont = 1;
884 goto err; 882 goto err;
@@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
1012 case V_ASN1_SET: 1010 case V_ASN1_SET:
1013 case V_ASN1_SEQUENCE: 1011 case V_ASN1_SEQUENCE:
1014 default: 1012 default:
1013 if (utype == V_ASN1_BMPSTRING && (len & 1))
1014 {
1015 ASN1err(ASN1_F_ASN1_EX_C2I,
1016 ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
1017 goto err;
1018 }
1019 if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
1020 {
1021 ASN1err(ASN1_F_ASN1_EX_C2I,
1022 ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
1023 goto err;
1024 }
1015 /* All based on ASN1_STRING and handled the same */ 1025 /* All based on ASN1_STRING and handled the same */
1016 if (!*pval) 1026 if (!*pval)
1017 { 1027 {
@@ -1128,8 +1138,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
1128 * if it is indefinite length. 1138 * if it is indefinite length.
1129 */ 1139 */
1130 1140
1141#ifndef ASN1_MAX_STRING_NEST
1142/* This determines how many levels of recursion are permitted in ASN1
1143 * string types. If it is not limited stack overflows can occur. If set
1144 * to zero no recursion is allowed at all. Although zero should be adequate
1145 * examples exist that require a value of 1. So 5 should be more than enough.
1146 */
1147#define ASN1_MAX_STRING_NEST 5
1148#endif
1149
1150
1131static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, 1151static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
1132 char inf, int tag, int aclass) 1152 char inf, int tag, int aclass, int depth)
1133 { 1153 {
1134 const unsigned char *p, *q; 1154 const unsigned char *p, *q;
1135 long plen; 1155 long plen;
@@ -1171,13 +1191,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
1171 /* If indefinite length constructed update max length */ 1191 /* If indefinite length constructed update max length */
1172 if (cst) 1192 if (cst)
1173 { 1193 {
1174#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS 1194 if (depth >= ASN1_MAX_STRING_NEST)
1175 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) 1195 {
1196 ASN1err(ASN1_F_ASN1_COLLECT,
1197 ASN1_R_NESTED_ASN1_STRING);
1198 return 0;
1199 }
1200 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
1201 depth + 1))
1176 return 0; 1202 return 0;
1177#else
1178 ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
1179 return 0;
1180#endif
1181 } 1203 }
1182 else if (plen && !collect_data(buf, &p, plen)) 1204 else if (plen && !collect_data(buf, &p, plen))
1183 return 0; 1205 return 0;
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c
index a4edb711ae..e7ab9cb3a3 100644
--- a/src/lib/libcrypto/bio/bss_mem.c
+++ b/src/lib/libcrypto/bio/bss_mem.c
@@ -284,6 +284,7 @@ static int mem_gets(BIO *bp, char *buf, int size)
284 284
285 BIO_clear_retry_flags(bp); 285 BIO_clear_retry_flags(bp);
286 j=bm->length; 286 j=bm->length;
287 if ((size-1) < j) j=size-1;
287 if (j <= 0) 288 if (j <= 0)
288 { 289 {
289 *buf='\0'; 290 *buf='\0';
@@ -292,17 +293,18 @@ static int mem_gets(BIO *bp, char *buf, int size)
292 p=bm->data; 293 p=bm->data;
293 for (i=0; i<j; i++) 294 for (i=0; i<j; i++)
294 { 295 {
295 if (p[i] == '\n') break; 296 if (p[i] == '\n')
296 } 297 {
297 if (i == j) 298 i++;
298 { 299 break;
299 BIO_set_retry_read(bp); 300 }
300 /* return(-1); change the semantics 0.6.6a */
301 } 301 }
302 else 302
303 i++; 303 /*
304 /* i is the max to copy */ 304 * i is now the max num of bytes to copy, either j or up to
305 if ((size-1) < i) i=size-1; 305 * and including the first newline
306 */
307
306 i=mem_read(bp,buf,i); 308 i=mem_read(bp,buf,i);
307 if (i > 0) buf[i]='\0'; 309 if (i > 0) buf[i]='\0';
308 ret=i; 310 ret=i;
diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c
index 472dd75821..30c3ceab46 100644
--- a/src/lib/libcrypto/bio/bss_sock.c
+++ b/src/lib/libcrypto/bio/bss_sock.c
@@ -60,6 +60,9 @@
60#include <errno.h> 60#include <errno.h>
61#define USE_SOCKETS 61#define USE_SOCKETS
62#include "cryptlib.h" 62#include "cryptlib.h"
63
64#ifndef OPENSSL_NO_SOCK
65
63#include <openssl/bio.h> 66#include <openssl/bio.h>
64 67
65#ifdef WATT32 68#ifdef WATT32
@@ -300,3 +303,5 @@ int BIO_sock_non_fatal_error(int err)
300 } 303 }
301 return(0); 304 return(0);
302 } 305 }
306
307#endif /* #ifndef OPENSSL_NO_SOCK */
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index b9463f9abb..f35883aa22 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
298 CMS_R_STORE_INIT_ERROR); 298 CMS_R_STORE_INIT_ERROR);
299 goto err; 299 goto err;
300 } 300 }
301 X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); 301 X509_STORE_CTX_set_default(&ctx, "smime_sign");
302 if (crls) 302 if (crls)
303 X509_STORE_CTX_set0_crls(&ctx, crls); 303 X509_STORE_CTX_set0_crls(&ctx, crls);
304 304
@@ -425,7 +425,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
425 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 425 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
426 { 426 {
427 si = sk_CMS_SignerInfo_value(sinfos, i); 427 si = sk_CMS_SignerInfo_value(sinfos, i);
428 if (!CMS_SignerInfo_verify_content(si, cmsbio)) 428 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
429 { 429 {
430 CMSerr(CMS_F_CMS_VERIFY, 430 CMSerr(CMS_F_CMS_VERIFY,
431 CMS_R_CONTENT_VERIFY_ERROR); 431 CMS_R_CONTENT_VERIFY_ERROR);
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index e286378cb1..ee9c677d9b 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -588,7 +588,7 @@ int CONF_parse_list(const char *list_, int sep, int nospc,
588 { 588 {
589 if (nospc) 589 if (nospc)
590 { 590 {
591 while(isspace((unsigned char)*lstart)) 591 while(*lstart && isspace((unsigned char)*lstart))
592 lstart++; 592 lstart++;
593 } 593 }
594 p = strchr(lstart, sep); 594 p = strchr(lstart, sep);
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index db9c882fb0..e72af90822 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -169,7 +169,7 @@ $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
169$ LIB_MDC2 = "mdc2dgst,mdc2_one" 169$ LIB_MDC2 = "mdc2dgst,mdc2_one"
170$ LIB_HMAC = "hmac" 170$ LIB_HMAC = "hmac"
171$ LIB_RIPEMD = "rmd_dgst,rmd_one" 171$ LIB_RIPEMD = "rmd_dgst,rmd_one"
172$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - 172$ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ -
173 "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - 173 "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
174 "enc_read,enc_writ,ofb64enc,"+ - 174 "enc_read,enc_writ,ofb64enc,"+ -
175 "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - 175 "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
@@ -191,7 +191,7 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
191 "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - 191 "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
192 "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - 192 "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
193 "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - 193 "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
194 "bn_depr,bn_const" 194 "bn_depr,bn_x931p,bn_const,bn_opt"
195$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - 195$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
196 "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - 196 "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
197 "ec2_smpl,ec2_mult" 197 "ec2_smpl,ec2_mult"
@@ -211,7 +211,7 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
211 "tb_cipher,tb_digest,"+ - 211 "tb_cipher,tb_digest,"+ -
212 "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" 212 "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock"
213$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - 213$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ -
214 "aes_ctr,aes_ige" 214 "aes_ctr,aes_ige,aes_wrap"
215$ LIB_BUFFER = "buffer,buf_str,buf_err" 215$ LIB_BUFFER = "buffer,buf_str,buf_err"
216$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - 216$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
217 "bss_mem,bss_null,bss_fd,"+ - 217 "bss_mem,bss_null,bss_fd,"+ -
@@ -246,7 +246,7 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
246$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - 246$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
247 "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - 247 "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
248 "f_int,f_string,n_pkey,"+ - 248 "f_int,f_string,n_pkey,"+ -
249 "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - 249 "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ -
250 "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - 250 "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ -
251 "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" 251 "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
252$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - 252$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index 0a39742773..10475ac4b3 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -122,7 +122,7 @@ struct dh_st
122 int version; 122 int version;
123 BIGNUM *p; 123 BIGNUM *p;
124 BIGNUM *g; 124 BIGNUM *g;
125 int length; /* optional */ 125 long length; /* optional */
126 BIGNUM *pub_key; /* g^x */ 126 BIGNUM *pub_key; /* g^x */
127 BIGNUM *priv_key; /* x */ 127 BIGNUM *priv_key; /* x */
128 128
@@ -238,8 +238,6 @@ void ERR_load_DH_strings(void);
238#define DH_R_KEY_SIZE_TOO_SMALL 104 238#define DH_R_KEY_SIZE_TOO_SMALL 104
239#define DH_R_MODULUS_TOO_LARGE 103 239#define DH_R_MODULUS_TOO_LARGE 103
240#define DH_R_NO_PRIVATE_VALUE 100 240#define DH_R_NO_PRIVATE_VALUE 100
241#define DH_R_INVALID_PUBKEY 102
242#define DH_R_MODULUS_TOO_LARGE 103
243 241
244#ifdef __cplusplus 242#ifdef __cplusplus
245} 243}
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index b364362fca..13263c81c1 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -90,8 +90,6 @@ static ERR_STRING_DATA DH_str_reasons[]=
90{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, 90{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
91{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 91{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
92{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, 92{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
93{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
94{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
95{0,NULL} 93{0,NULL}
96 }; 94 };
97 95
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
index bb6f02c2e9..436be20bf1 100644
--- a/src/lib/libcrypto/evp/evp_test.c
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -220,18 +220,18 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
220 test1_exit(7); 220 test1_exit(7);
221 } 221 }
222 222
223 if(outl+outl2 != cn) 223 if(outl+outl2 != pn)
224 { 224 {
225 fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", 225 fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
226 outl+outl2,cn); 226 outl+outl2,pn);
227 test1_exit(8); 227 test1_exit(8);
228 } 228 }
229 229
230 if(memcmp(out,plaintext,cn)) 230 if(memcmp(out,plaintext,pn))
231 { 231 {
232 fprintf(stderr,"Plaintext mismatch\n"); 232 fprintf(stderr,"Plaintext mismatch\n");
233 hexdump(stderr,"Got",out,cn); 233 hexdump(stderr,"Got",out,pn);
234 hexdump(stderr,"Expected",plaintext,cn); 234 hexdump(stderr,"Expected",plaintext,pn);
235 test1_exit(9); 235 test1_exit(9);
236 } 236 }
237 } 237 }
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 09687b5136..c6207f76b2 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x009080afL 28#define OPENSSL_VERSION_NUMBER 0x009080bfL
29#ifdef OPENSSL_FIPS 29#ifdef OPENSSL_FIPS
30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j-fips 07 Jan 2009" 30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k-fips 25 Mar 2009"
31#else 31#else
32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j 07 Jan 2009" 32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k 25 Mar 2009"
33#endif 33#endif
34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
35 35
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 6f8e01544b..6c193f1cbf 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -215,7 +215,9 @@ typedef struct pem_ctx_st
215 215
216#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ 216#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
217#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ 217#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
218#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
218#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ 219#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
220#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
219 221
220#else 222#else
221 223
@@ -355,6 +357,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
355 357
356#define DECLARE_PEM_read_fp(name, type) /**/ 358#define DECLARE_PEM_read_fp(name, type) /**/
357#define DECLARE_PEM_write_fp(name, type) /**/ 359#define DECLARE_PEM_write_fp(name, type) /**/
360#define DECLARE_PEM_write_fp_const(name, type) /**/
358#define DECLARE_PEM_write_cb_fp(name, type) /**/ 361#define DECLARE_PEM_write_cb_fp(name, type) /**/
359 362
360#else 363#else
@@ -392,6 +395,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
392 395
393#define DECLARE_PEM_read_bio(name, type) /**/ 396#define DECLARE_PEM_read_bio(name, type) /**/
394#define DECLARE_PEM_write_bio(name, type) /**/ 397#define DECLARE_PEM_write_bio(name, type) /**/
398#define DECLARE_PEM_write_bio_const(name, type) /**/
395#define DECLARE_PEM_write_cb_bio(name, type) /**/ 399#define DECLARE_PEM_write_cb_bio(name, type) /**/
396 400
397#endif 401#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index e863de52ce..9522342fa5 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -170,6 +170,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
170 170
171 p12 = PKCS12_add_safes(safes, 0); 171 p12 = PKCS12_add_safes(safes, 0);
172 172
173 if (!p12)
174 goto err;
175
173 sk_PKCS7_pop_free(safes, PKCS7_free); 176 sk_PKCS7_pop_free(safes, PKCS7_free);
174 177
175 safes = NULL; 178 safes = NULL;
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index c34db1d6fe..fd18ec3d95 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -229,8 +229,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
229 sk_X509_free(signers); 229 sk_X509_free(signers);
230 return 0; 230 return 0;
231 } 231 }
232 X509_STORE_CTX_set_purpose(&cert_ctx, 232 X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
233 X509_PURPOSE_SMIME_SIGN);
234 } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { 233 } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
235 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); 234 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
236 sk_X509_free(signers); 235 sk_X509_free(signers);
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c
index 964d25833c..58c6173094 100644
--- a/src/lib/libcrypto/rand/rand_unix.c
+++ b/src/lib/libcrypto/rand/rand_unix.c
@@ -226,7 +226,7 @@ int RAND_poll(void)
226 t.tv_sec = 0; 226 t.tv_sec = 0;
227 t.tv_usec = usec; 227 t.tv_usec = usec;
228 228
229 if (FD_SETSIZE > 0 && fd >= FD_SETSIZE) 229 if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE)
230 { 230 {
231 /* can't use select, so just try to read once anyway */ 231 /* can't use select, so just try to read once anyway */
232 try_read = 1; 232 try_read = 1;
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index f63fbc1731..d108353bbc 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -261,7 +261,7 @@ const char *RAND_file_name(char *buf, size_t size)
261 struct stat sb; 261 struct stat sb;
262#endif 262#endif
263 263
264 if (issetugid() == 0) 264 if (OPENSSL_issetugid() == 0)
265 s=getenv("RANDFILE"); 265 s=getenv("RANDFILE");
266 if (s != NULL && *s && strlen(s) + 1 < size) 266 if (s != NULL && *s && strlen(s) + 1 < size)
267 { 267 {
@@ -270,7 +270,7 @@ const char *RAND_file_name(char *buf, size_t size)
270 } 270 }
271 else 271 else
272 { 272 {
273 if (issetugid() == 0) 273 if (OPENSSL_issetugid() == 0)
274 s=getenv("HOME"); 274 s=getenv("HOME");
275#ifdef DEFAULT_HOME 275#ifdef DEFAULT_HOME
276 if (s == NULL) 276 if (s == NULL)
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h
index 6cfb5fe479..8728e6124d 100644
--- a/src/lib/libcrypto/symhacks.h
+++ b/src/lib/libcrypto/symhacks.h
@@ -62,6 +62,10 @@
62 VAX. */ 62 VAX. */
63#ifdef OPENSSL_SYS_VMS 63#ifdef OPENSSL_SYS_VMS
64 64
65/* Hack a long name in crypto/cryptlib.c */
66#undef int_CRYPTO_set_do_dynlock_callback
67#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb
68
65/* Hack a long name in crypto/ex_data.c */ 69/* Hack a long name in crypto/ex_data.c */
66#undef CRYPTO_get_ex_data_implementation 70#undef CRYPTO_get_ex_data_implementation
67#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl 71#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index 7ab249c3be..ac0100808f 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -90,6 +90,7 @@ UI *UI_new_method(const UI_METHOD *method)
90 90
91 ret->strings=NULL; 91 ret->strings=NULL;
92 ret->user_data=NULL; 92 ret->user_data=NULL;
93 ret->flags=0;
93 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); 94 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
94 return ret; 95 return ret;
95 } 96 }
diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd
index 691be7a440..560ebeaf82 100644
--- a/src/lib/libcrypto/util/domd
+++ b/src/lib/libcrypto/util/domd
@@ -22,7 +22,7 @@ if [ "$MAKEDEPEND" = "gcc" ]; then
22 done 22 done
23 sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp 23 sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
24 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp 24 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
25 gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp 25 ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
26 ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new 26 ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
27 rm -f Makefile.tmp 27 rm -f Makefile.tmp
28else 28else
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 0eb54ddc89..74eb337227 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -3667,7 +3667,8 @@ CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION:
3667RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA 3667RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA
3668int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: 3668int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION:
3669int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE 3669int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
3670int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION: 3670int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION:
3671int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION:
3671FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: 3672FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION:
3672EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: 3673EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION:
3673BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: 3674BN_X931_generate_prime_ex 4060 EXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index 166785db8d..8eb3c6c4bd 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -164,7 +164,7 @@ if ($FLAVOR =~ /NT/)
164 $ex_libs="unicows.lib $ex_libs"; 164 $ex_libs="unicows.lib $ex_libs";
165 } 165 }
166# static library stuff 166# static library stuff
167$mklib='lib'; 167$mklib='lib /nologo';
168$ranlib=''; 168$ranlib='';
169$plib=""; 169$plib="";
170$libp=".lib"; 170$libp=".lib";
@@ -184,7 +184,7 @@ if ($nasm) {
184 $asm.=' /Zi' if $debug; 184 $asm.=' /Zi' if $debug;
185 $afile='/Fo'; 185 $afile='/Fo';
186} else { 186} else {
187 $asm='ml /Cp /coff /c /Cx'; 187 $asm='ml /nologo /Cp /coff /c /Cx';
188 $asm.=" /Zi" if $debug; 188 $asm.=" /Zi" if $debug;
189 $afile='/Fo'; 189 $afile='/Fo';
190} 190}
@@ -404,7 +404,7 @@ sub do_link_rule
404 if ($standalone == 1) 404 if ($standalone == 1)
405 { 405 {
406 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; 406 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
407 $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); 407 $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
408 $ret.="$files $libs\n<<\n"; 408 $ret.="$files $libs\n<<\n";
409 } 409 }
410 elsif ($standalone == 2) 410 elsif ($standalone == 2)
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index e4c682fc44..2faf92514a 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -288,7 +288,8 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
288 if (!(nabit & STR_TYPE_CMP) || 288 if (!(nabit & STR_TYPE_CMP) ||
289 !(nbbit & STR_TYPE_CMP)) 289 !(nbbit & STR_TYPE_CMP))
290 return j; 290 return j;
291 j = asn1_string_memcmp(na->value, nb->value); 291 if (!asn1_string_memcmp(na->value, nb->value))
292 j = 0;
292 } 293 }
293 else if (na->value->type == V_ASN1_PRINTABLESTRING) 294 else if (na->value->type == V_ASN1_PRINTABLESTRING)
294 j=nocase_spacenorm_cmp(na->value, nb->value); 295 j=nocase_spacenorm_cmp(na->value, nb->value);
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index a37f844d3c..efdf7c3ba7 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -61,7 +61,7 @@
61 61
62#include <stdio.h> 62#include <stdio.h>
63#include <stdlib.h> 63#include <stdlib.h>
64#include <assert.h> 64
65#include "cryptlib.h" 65#include "cryptlib.h"
66#include <openssl/conf.h> 66#include <openssl/conf.h>
67#include <openssl/asn1.h> 67#include <openssl/asn1.h>
@@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi)
128/* 128/*
129 * Extract the AFI from an IPAddressFamily. 129 * Extract the AFI from an IPAddressFamily.
130 */ 130 */
131unsigned v3_addr_get_afi(const IPAddressFamily *f) 131unsigned int v3_addr_get_afi(const IPAddressFamily *f)
132{ 132{
133 return ((f != NULL && 133 return ((f != NULL &&
134 f->addressFamily != NULL && 134 f->addressFamily != NULL &&
@@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr,
147 const int length, 147 const int length,
148 const unsigned char fill) 148 const unsigned char fill)
149{ 149{
150 assert(bs->length >= 0 && bs->length <= length); 150 OPENSSL_assert(bs->length >= 0 && bs->length <= length);
151 if (bs->length > 0) { 151 if (bs->length > 0) {
152 memcpy(addr, bs->data, bs->length); 152 memcpy(addr, bs->data, bs->length);
153 if ((bs->flags & 7) != 0) { 153 if ((bs->flags & 7) != 0) {
@@ -190,6 +190,8 @@ static int i2r_address(BIO *out,
190 BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); 190 BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
191 if (i < 16) 191 if (i < 16)
192 BIO_puts(out, ":"); 192 BIO_puts(out, ":");
193 if (i == 0)
194 BIO_puts(out, ":");
193 break; 195 break;
194 default: 196 default:
195 for (i = 0; i < bs->length; i++) 197 for (i = 0; i < bs->length; i++)
@@ -243,7 +245,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
243 int i; 245 int i;
244 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { 246 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
245 IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); 247 IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
246 const unsigned afi = v3_addr_get_afi(f); 248 const unsigned int afi = v3_addr_get_afi(f);
247 switch (afi) { 249 switch (afi) {
248 case IANA_AFI_IPV4: 250 case IANA_AFI_IPV4:
249 BIO_printf(out, "%*sIPv4", indent, ""); 251 BIO_printf(out, "%*sIPv4", indent, "");
@@ -453,7 +455,7 @@ static int make_addressRange(IPAddressOrRange **result,
453 if ((aor = IPAddressOrRange_new()) == NULL) 455 if ((aor = IPAddressOrRange_new()) == NULL)
454 return 0; 456 return 0;
455 aor->type = IPAddressOrRange_addressRange; 457 aor->type = IPAddressOrRange_addressRange;
456 assert(aor->u.addressRange == NULL); 458 OPENSSL_assert(aor->u.addressRange == NULL);
457 if ((aor->u.addressRange = IPAddressRange_new()) == NULL) 459 if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
458 goto err; 460 goto err;
459 if (aor->u.addressRange->min == NULL && 461 if (aor->u.addressRange->min == NULL &&
@@ -522,7 +524,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
522 524
523 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { 525 for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
524 f = sk_IPAddressFamily_value(addr, i); 526 f = sk_IPAddressFamily_value(addr, i);
525 assert(f->addressFamily->data != NULL); 527 OPENSSL_assert(f->addressFamily->data != NULL);
526 if (f->addressFamily->length == keylen && 528 if (f->addressFamily->length == keylen &&
527 !memcmp(f->addressFamily->data, key, keylen)) 529 !memcmp(f->addressFamily->data, key, keylen))
528 return f; 530 return f;
@@ -654,7 +656,7 @@ static void extract_min_max(IPAddressOrRange *aor,
654 unsigned char *max, 656 unsigned char *max,
655 int length) 657 int length)
656{ 658{
657 assert(aor != NULL && min != NULL && max != NULL); 659 OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
658 switch (aor->type) { 660 switch (aor->type) {
659 case IPAddressOrRange_addressPrefix: 661 case IPAddressOrRange_addressPrefix:
660 addr_expand(min, aor->u.addressPrefix, length, 0x00); 662 addr_expand(min, aor->u.addressPrefix, length, 0x00);
@@ -880,7 +882,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
880 } 882 }
881 (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); 883 (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
882 sk_IPAddressFamily_sort(addr); 884 sk_IPAddressFamily_sort(addr);
883 assert(v3_addr_is_canonical(addr)); 885 OPENSSL_assert(v3_addr_is_canonical(addr));
884 return 1; 886 return 1;
885} 887}
886 888
@@ -1127,7 +1129,10 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
1127 for (i = 0; i < sk_IPAddressFamily_num(a); i++) { 1129 for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1128 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); 1130 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1129 int j = sk_IPAddressFamily_find(b, fa); 1131 int j = sk_IPAddressFamily_find(b, fa);
1130 IPAddressFamily *fb = sk_IPAddressFamily_value(b, j); 1132 IPAddressFamily *fb;
1133 fb = sk_IPAddressFamily_value(b, j);
1134 if (fb == NULL)
1135 return 0;
1131 if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 1136 if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
1132 fa->ipAddressChoice->u.addressesOrRanges, 1137 fa->ipAddressChoice->u.addressesOrRanges,
1133 length_from_afi(v3_addr_get_afi(fb)))) 1138 length_from_afi(v3_addr_get_afi(fb))))
@@ -1164,9 +1169,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1164 int i, j, ret = 1; 1169 int i, j, ret = 1;
1165 X509 *x = NULL; 1170 X509 *x = NULL;
1166 1171
1167 assert(chain != NULL && sk_X509_num(chain) > 0); 1172 OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
1168 assert(ctx != NULL || ext != NULL); 1173 OPENSSL_assert(ctx != NULL || ext != NULL);
1169 assert(ctx == NULL || ctx->verify_cb != NULL); 1174 OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
1170 1175
1171 /* 1176 /*
1172 * Figure out where to start. If we don't have an extension to 1177 * Figure out where to start. If we don't have an extension to
@@ -1178,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1178 } else { 1183 } else {
1179 i = 0; 1184 i = 0;
1180 x = sk_X509_value(chain, i); 1185 x = sk_X509_value(chain, i);
1181 assert(x != NULL); 1186 OPENSSL_assert(x != NULL);
1182 if ((ext = x->rfc3779_addr) == NULL) 1187 if ((ext = x->rfc3779_addr) == NULL)
1183 goto done; 1188 goto done;
1184 } 1189 }
@@ -1197,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1197 */ 1202 */
1198 for (i++; i < sk_X509_num(chain); i++) { 1203 for (i++; i < sk_X509_num(chain); i++) {
1199 x = sk_X509_value(chain, i); 1204 x = sk_X509_value(chain, i);
1200 assert(x != NULL); 1205 OPENSSL_assert(x != NULL);
1201 if (!v3_addr_is_canonical(x->rfc3779_addr)) 1206 if (!v3_addr_is_canonical(x->rfc3779_addr))
1202 validation_err(X509_V_ERR_INVALID_EXTENSION); 1207 validation_err(X509_V_ERR_INVALID_EXTENSION);
1203 if (x->rfc3779_addr == NULL) { 1208 if (x->rfc3779_addr == NULL) {
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 95596055ab..ad0506d75c 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -181,7 +181,11 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
181 pol = POLICYINFO_new(); 181 pol = POLICYINFO_new();
182 pol->policyid = pobj; 182 pol->policyid = pobj;
183 } 183 }
184 sk_POLICYINFO_push(pols, pol); 184 if (!sk_POLICYINFO_push(pols, pol)){
185 POLICYINFO_free(pol);
186 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
187 goto err;
188 }
185 } 189 }
186 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); 190 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
187 return pols; 191 return pols;
@@ -447,3 +451,4 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
447 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); 451 BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
448 } 452 }
449 453
454IMPLEMENT_STACK_OF(X509_POLICY_NODE)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:50:42 +0000