summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/Makefile.ssl4
-rw-r--r--src/lib/libcrypto/aes/aes_cbc.c2
-rw-r--r--src/lib/libcrypto/asn1/a_gentm.c6
-rw-r--r--src/lib/libcrypto/asn1/a_mbstr.c4
-rw-r--r--src/lib/libcrypto/asn1/a_strex.c2
-rw-r--r--src/lib/libcrypto/asn1/a_time.c6
-rw-r--r--src/lib/libcrypto/asn1/a_utctm.c6
-rw-r--r--src/lib/libcrypto/asn1/asn1_lib.c4
-rw-r--r--src/lib/libcrypto/asn1/asn1_par.c6
-rw-r--r--src/lib/libcrypto/asn1/asn_moid.c9
-rw-r--r--src/lib/libcrypto/asn1/t_pkey.c4
-rw-r--r--src/lib/libcrypto/bf/Makefile.ssl1
-rw-r--r--src/lib/libcrypto/bio/b_dump.c24
-rw-r--r--src/lib/libcrypto/bio/b_print.c12
-rw-r--r--src/lib/libcrypto/bio/b_sock.c12
-rw-r--r--src/lib/libcrypto/bio/bio_cb.c30
-rw-r--r--src/lib/libcrypto/bio/bss_conn.c6
-rw-r--r--src/lib/libcrypto/bio/bss_file.c10
-rw-r--r--src/lib/libcrypto/bn/Makefile.ssl3
-rw-r--r--src/lib/libcrypto/bn/asm/bn-586.pl2
-rw-r--r--src/lib/libcrypto/bn/bn_lcl.h17
-rw-r--r--src/lib/libcrypto/bn/bn_lib.c8
-rw-r--r--src/lib/libcrypto/bn/bn_print.c4
-rw-r--r--src/lib/libcrypto/cast/Makefile.ssl1
-rw-r--r--src/lib/libcrypto/conf/conf_def.c6
-rw-r--r--src/lib/libcrypto/conf/conf_mod.c12
-rw-r--r--src/lib/libcrypto/cversion.c6
-rw-r--r--src/lib/libcrypto/des/Makefile.ssl28
-rw-r--r--src/lib/libcrypto/des/cfb_enc.c21
-rw-r--r--src/lib/libcrypto/des/ecb_enc.c5
-rw-r--r--src/lib/libcrypto/doc/EVP_BytesToKey.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_DigestInit.pod2
-rw-r--r--src/lib/libcrypto/doc/d2i_RSAPublicKey.pod5
-rw-r--r--src/lib/libcrypto/dso/dso_lib.c4
-rw-r--r--src/lib/libcrypto/ec/ecp_smpl.c2
-rw-r--r--src/lib/libcrypto/engine/eng_ctrl.c14
-rw-r--r--src/lib/libcrypto/engine/eng_fat.c6
-rw-r--r--src/lib/libcrypto/engine/engine.h27
-rw-r--r--src/lib/libcrypto/engine/hw_cryptodev.c5
-rw-r--r--src/lib/libcrypto/err/err.c2
-rw-r--r--src/lib/libcrypto/evp/digest.c15
-rw-r--r--src/lib/libcrypto/evp/evp.h2
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c14
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c2
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c2
-rw-r--r--src/lib/libcrypto/mem.c8
-rw-r--r--src/lib/libcrypto/mem_dbg.c16
-rw-r--r--src/lib/libcrypto/objects/obj_dat.c4
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ext.c24
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_lib.c1
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_vfy.c6
-rw-r--r--src/lib/libcrypto/opensslv.h4
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c19
-rw-r--r--src/lib/libcrypto/pem/pem_pkey.c4
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c58
-rw-r--r--src/lib/libcrypto/rand/Makefile.ssl8
-rw-r--r--src/lib/libcrypto/rand/rand_egd.c3
-rw-r--r--src/lib/libcrypto/rand/rand_win.c2
-rw-r--r--src/lib/libcrypto/rand/randfile.c22
-rw-r--r--src/lib/libcrypto/rc4/Makefile.ssl1
-rw-r--r--src/lib/libcrypto/rc5/Makefile.ssl1
-rw-r--r--src/lib/libcrypto/ripemd/Makefile.ssl1
-rw-r--r--src/lib/libcrypto/sha/Makefile.ssl1
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-586.pl291
-rw-r--r--src/lib/libcrypto/threads/mttest.c2
-rw-r--r--src/lib/libcrypto/ui/ui_lib.c14
-rw-r--r--src/lib/libcrypto/util/mk1mf.pl2
-rw-r--r--src/lib/libcrypto/util/mkdef.pl38
-rw-r--r--src/lib/libcrypto/util/pl/OS2-EMX.pl42
-rw-r--r--src/lib/libcrypto/x509/by_dir.c34
-rw-r--r--src/lib/libcrypto/x509/x509.h4
-rw-r--r--src/lib/libcrypto/x509/x509_txt.c8
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c55
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.h19
-rw-r--r--src/lib/libcrypto/x509/x509type.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c4
-rw-r--r--src/lib/libcrypto/x509v3/v3_crld.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c6
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c5
-rw-r--r--src/lib/libssl/LICENSE2
-rw-r--r--src/lib/libssl/doc/openssl.cnf5
-rw-r--r--src/lib/libssl/s3_clnt.c4
-rw-r--r--src/lib/libssl/src/CHANGES45
-rw-r--r--src/lib/libssl/src/Configure19
-rw-r--r--src/lib/libssl/src/FAQ7
-rw-r--r--src/lib/libssl/src/LICENSE2
-rw-r--r--src/lib/libssl/src/Makefile.org10
-rw-r--r--src/lib/libssl/src/NEWS8
-rw-r--r--src/lib/libssl/src/README4
-rw-r--r--src/lib/libssl/src/apps/apps.c559
-rw-r--r--src/lib/libssl/src/apps/apps.h33
-rw-r--r--src/lib/libssl/src/apps/asn1pars.c10
-rw-r--r--src/lib/libssl/src/apps/ca.c538
-rw-r--r--src/lib/libssl/src/apps/dgst.c2
-rw-r--r--src/lib/libssl/src/apps/enc.c6
-rw-r--r--src/lib/libssl/src/apps/engine.c4
-rw-r--r--src/lib/libssl/src/apps/ocsp.c46
-rw-r--r--src/lib/libssl/src/apps/openssl.cnf5
-rw-r--r--src/lib/libssl/src/apps/pkcs12.c4
-rw-r--r--src/lib/libssl/src/apps/pkcs7.c3
-rw-r--r--src/lib/libssl/src/apps/req.c34
-rw-r--r--src/lib/libssl/src/apps/rsautl.c12
-rw-r--r--src/lib/libssl/src/apps/s_socket.c2
-rw-r--r--src/lib/libssl/src/apps/s_time.c6
-rw-r--r--src/lib/libssl/src/apps/speed.c7
-rw-r--r--src/lib/libssl/src/apps/x509.c78
-rw-r--r--src/lib/libssl/src/certs/vsign3.pem27
-rw-r--r--src/lib/libssl/src/config13
-rw-r--r--src/lib/libssl/src/crypto/Makefile.ssl4
-rw-r--r--src/lib/libssl/src/crypto/aes/aes_cbc.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_gentm.c6
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_mbstr.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_strex.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_time.c6
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_utctm.c6
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_lib.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_par.c6
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn_moid.c9
-rw-r--r--src/lib/libssl/src/crypto/asn1/t_pkey.c4
-rw-r--r--src/lib/libssl/src/crypto/bf/Makefile.ssl1
-rw-r--r--src/lib/libssl/src/crypto/bio/b_dump.c24
-rw-r--r--src/lib/libssl/src/crypto/bio/b_print.c12
-rw-r--r--src/lib/libssl/src/crypto/bio/b_sock.c12
-rw-r--r--src/lib/libssl/src/crypto/bio/bio_cb.c30
-rw-r--r--src/lib/libssl/src/crypto/bio/bss_conn.c6
-rw-r--r--src/lib/libssl/src/crypto/bio/bss_file.c10
-rw-r--r--src/lib/libssl/src/crypto/bn/Makefile.ssl3
-rw-r--r--src/lib/libssl/src/crypto/bn/asm/bn-586.pl2
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_lcl.h17
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_lib.c8
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_print.c4
-rw-r--r--src/lib/libssl/src/crypto/cast/Makefile.ssl1
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_def.c6
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_mod.c12
-rw-r--r--src/lib/libssl/src/crypto/cversion.c6
-rw-r--r--src/lib/libssl/src/crypto/des/Makefile.ssl28
-rw-r--r--src/lib/libssl/src/crypto/des/cfb_enc.c21
-rw-r--r--src/lib/libssl/src/crypto/des/ecb_enc.c5
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_lib.c4
-rw-r--r--src/lib/libssl/src/crypto/ec/ecp_smpl.c2
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_ctrl.c14
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_fat.c6
-rw-r--r--src/lib/libssl/src/crypto/engine/engine.h27
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_cryptodev.c5
-rw-r--r--src/lib/libssl/src/crypto/err/err.c2
-rw-r--r--src/lib/libssl/src/crypto/evp/digest.c15
-rw-r--r--src/lib/libssl/src/crypto/evp/evp.h2
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_enc.c14
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_pbe.c2
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_pkey.c2
-rw-r--r--src/lib/libssl/src/crypto/mem.c8
-rw-r--r--src/lib/libssl/src/crypto/mem_dbg.c16
-rw-r--r--src/lib/libssl/src/crypto/objects/obj_dat.c4
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_ext.c24
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_lib.c1
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c6
-rw-r--r--src/lib/libssl/src/crypto/opensslv.h4
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_lib.c19
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_pkey.c4
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_doit.c58
-rw-r--r--src/lib/libssl/src/crypto/rand/Makefile.ssl8
-rw-r--r--src/lib/libssl/src/crypto/rand/rand_egd.c3
-rw-r--r--src/lib/libssl/src/crypto/rand/rand_win.c2
-rw-r--r--src/lib/libssl/src/crypto/rand/randfile.c22
-rw-r--r--src/lib/libssl/src/crypto/rc4/Makefile.ssl1
-rw-r--r--src/lib/libssl/src/crypto/rc5/Makefile.ssl1
-rw-r--r--src/lib/libssl/src/crypto/ripemd/Makefile.ssl1
-rw-r--r--src/lib/libssl/src/crypto/sha/Makefile.ssl1
-rw-r--r--src/lib/libssl/src/crypto/sha/asm/sha1-586.pl291
-rw-r--r--src/lib/libssl/src/crypto/threads/mttest.c2
-rw-r--r--src/lib/libssl/src/crypto/ui/ui_lib.c14
-rw-r--r--src/lib/libssl/src/crypto/x509/by_dir.c34
-rw-r--r--src/lib/libssl/src/crypto/x509/x509.h4
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_txt.c8
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_vfy.c55
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_vfy.h19
-rw-r--r--src/lib/libssl/src/crypto/x509/x509type.c2
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_alt.c4
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_crld.c2
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_info.c6
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_purp.c5
-rw-r--r--src/lib/libssl/src/doc/apps/config.pod140
-rw-r--r--src/lib/libssl/src/doc/apps/openssl.pod3
-rw-r--r--src/lib/libssl/src/doc/apps/s_client.pod6
-rw-r--r--src/lib/libssl/src/doc/apps/smime.pod11
-rw-r--r--src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod6
-rw-r--r--src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod5
-rw-r--r--src/lib/libssl/src/doc/crypto/des.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/pem.pod6
-rw-r--r--src/lib/libssl/src/doc/crypto/ui.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod4
-rw-r--r--src/lib/libssl/src/doc/ssleay.txt2
-rw-r--r--src/lib/libssl/src/openssl.spec2
-rw-r--r--src/lib/libssl/src/os2/OS2-EMX.cmd36
-rw-r--r--src/lib/libssl/src/ssl/Makefile.ssl489
-rw-r--r--src/lib/libssl/src/ssl/kssl.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c12
-rw-r--r--src/lib/libssl/src/ssl/ssl.h4
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c12
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c79
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c9
-rw-r--r--src/lib/libssl/src/util/mk1mf.pl2
-rw-r--r--src/lib/libssl/src/util/mkdef.pl38
-rw-r--r--src/lib/libssl/src/util/pl/OS2-EMX.pl42
-rw-r--r--src/lib/libssl/ssl.h4
-rw-r--r--src/lib/libssl/ssl_cert.c12
-rw-r--r--src/lib/libssl/ssl_ciph.c79
210 files changed, 2613 insertions, 1962 deletions
diff --git a/src/lib/libcrypto/Makefile.ssl b/src/lib/libcrypto/Makefile.ssl
index 3071e3cb86..b9951a4600 100644
--- a/src/lib/libcrypto/Makefile.ssl
+++ b/src/lib/libcrypto/Makefile.ssl
@@ -50,7 +50,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
50top: 50top:
51 @(cd ..; $(MAKE) DIRS=$(DIR) all) 51 @(cd ..; $(MAKE) DIRS=$(DIR) all)
52 52
53all: buildinf.h lib subdirs shared 53all: shared
54 54
55buildinf.h: ../Makefile.ssl 55buildinf.h: ../Makefile.ssl
56 ( echo "#ifndef MK1MF_BUILD"; \ 56 ( echo "#ifndef MK1MF_BUILD"; \
@@ -96,7 +96,7 @@ lib: $(LIBOBJ)
96 $(RANLIB) $(LIB) || echo Never mind. 96 $(RANLIB) $(LIB) || echo Never mind.
97 @touch lib 97 @touch lib
98 98
99shared: 99shared: buildinf.h lib subdirs
100 if [ -n "$(SHARED_LIBS)" ]; then \ 100 if [ -n "$(SHARED_LIBS)" ]; then \
101 (cd ..; $(MAKE) $(SHARED_LIB)); \ 101 (cd ..; $(MAKE) $(SHARED_LIB)); \
102 fi 102 fi
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index 86b27b10d6..1222a21002 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
104 memcpy(tmp, in, AES_BLOCK_SIZE); 104 memcpy(tmp, in, AES_BLOCK_SIZE);
105 AES_decrypt(tmp, tmp, key); 105 AES_decrypt(tmp, tmp, key);
106 for(n=0; n < len; ++n) 106 for(n=0; n < len; ++n)
107 out[n] ^= ivec[n]; 107 out[n] = tmp[n] ^ ivec[n];
108 memcpy(ivec, tmp, AES_BLOCK_SIZE); 108 memcpy(ivec, tmp, AES_BLOCK_SIZE);
109 } 109 }
110 } 110 }
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
index 48b923de1f..8581007868 100644
--- a/src/lib/libcrypto/asn1/a_gentm.c
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -220,7 +220,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
220 return(NULL); 220 return(NULL);
221 221
222 p=(char *)s->data; 222 p=(char *)s->data;
223 if ((p == NULL) || (s->length < len)) 223 if ((p == NULL) || ((size_t)s->length < len))
224 { 224 {
225 p=OPENSSL_malloc(len); 225 p=OPENSSL_malloc(len);
226 if (p == NULL) return(NULL); 226 if (p == NULL) return(NULL);
@@ -229,8 +229,8 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
229 s->data=(unsigned char *)p; 229 s->data=(unsigned char *)p;
230 } 230 }
231 231
232 snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, 232 BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
233 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); 233 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
234 s->length=strlen(p); 234 s->length=strlen(p);
235 s->type=V_ASN1_GENERALIZEDTIME; 235 s->type=V_ASN1_GENERALIZEDTIME;
236#ifdef CHARSET_EBCDIC_not 236#ifdef CHARSET_EBCDIC_not
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
index c811b11776..208b3ec395 100644
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
145 145
146 if((minsize > 0) && (nchar < minsize)) { 146 if((minsize > 0) && (nchar < minsize)) {
147 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); 147 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
148 snprintf(strbuf, sizeof strbuf, "%ld", minsize); 148 BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
149 ERR_add_error_data(2, "minsize=", strbuf); 149 ERR_add_error_data(2, "minsize=", strbuf);
150 return -1; 150 return -1;
151 } 151 }
152 152
153 if((maxsize > 0) && (nchar > maxsize)) { 153 if((maxsize > 0) && (nchar > maxsize)) {
154 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); 154 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
155 snprintf(strbuf, sizeof strbuf, "%ld", maxsize); 155 BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
156 ERR_add_error_data(2, "maxsize=", strbuf); 156 ERR_add_error_data(2, "maxsize=", strbuf);
157 return -1; 157 return -1;
158 } 158 }
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 8abfdfe598..bde666a6ff 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
285 -1, -1, 0, -1, /* 10-13 */ 285 -1, -1, 0, -1, /* 10-13 */
286 -1, -1, -1, -1, /* 15-17 */ 286 -1, -1, -1, -1, /* 15-17 */
287 -1, 1, 1, /* 18-20 */ 287 -1, 1, 1, /* 18-20 */
288 -1, 1, -1,-1, /* 21-24 */ 288 -1, 1, 1, 1, /* 21-24 */
289 -1, 1, -1, /* 25-27 */ 289 -1, 1, -1, /* 25-27 */
290 4, -1, 2 /* 28-30 */ 290 4, -1, 2 /* 28-30 */
291}; 291};
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
index b8c031fc8f..159681fbcb 100644
--- a/src/lib/libcrypto/asn1/a_time.c
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -155,10 +155,10 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
155 newlen = t->length + 2 + 1; 155 newlen = t->length + 2 + 1;
156 str = (char *)ret->data; 156 str = (char *)ret->data;
157 /* Work out the century and prepend */ 157 /* Work out the century and prepend */
158 if (t->data[0] >= '5') strlcpy(str, "19", newlen); 158 if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
159 else strlcpy(str, "20", newlen); 159 else BUF_strlcpy(str, "20", newlen);
160 160
161 strlcat(str, (char *)t->data, newlen); 161 BUF_strlcat(str, (char *)t->data, newlen);
162 162
163 return ret; 163 return ret;
164 } 164 }
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
index 41f6d421bb..999852dae5 100644
--- a/src/lib/libcrypto/asn1/a_utctm.c
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -200,7 +200,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
200 return(NULL); 200 return(NULL);
201 201
202 p=(char *)s->data; 202 p=(char *)s->data;
203 if ((p == NULL) || (s->length < len)) 203 if ((p == NULL) || ((size_t)s->length < len))
204 { 204 {
205 p=OPENSSL_malloc(len); 205 p=OPENSSL_malloc(len);
206 if (p == NULL) return(NULL); 206 if (p == NULL) return(NULL);
@@ -209,8 +209,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
209 s->data=(unsigned char *)p; 209 s->data=(unsigned char *)p;
210 } 210 }
211 211
212 snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, 212 BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
213 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); 213 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
214 s->length=strlen(p); 214 s->length=strlen(p);
215 s->type=V_ASN1_UTCTIME; 215 s->type=V_ASN1_UTCTIME;
216#ifdef CHARSET_EBCDIC_not 216#ifdef CHARSET_EBCDIC_not
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index aed2895400..a74f1368d3 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
414 { 414 {
415 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; 415 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
416 416
417 snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); 417 BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
418 snprintf(buf2,sizeof buf2,"%d",offset); 418 BIO_snprintf(buf2,sizeof buf2,"%d",offset);
419 ERR_add_error_data(4,"address=",buf1," offset=",buf2); 419 ERR_add_error_data(4,"address=",buf1," offset=",buf2);
420 } 420 }
421 421
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index 1799657141..676d434f03 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
83 83
84 p=str; 84 p=str;
85 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) 85 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
86 snprintf(str,sizeof str,"priv [ %d ] ",tag); 86 BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
87 else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) 87 else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
88 snprintf(str,sizeof str,"cont [ %d ]",tag); 88 BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
89 else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) 89 else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
90 snprintf(str,sizeof str,"appl [ %d ]",tag); 90 BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
91 else p = ASN1_tag2str(tag); 91 else p = ASN1_tag2str(tag);
92 92
93 if (p2 != NULL) 93 if (p2 != NULL)
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
index be20db4bad..edb44c988f 100644
--- a/src/lib/libcrypto/asn1/asn_moid.c
+++ b/src/lib/libcrypto/asn1/asn_moid.c
@@ -87,9 +87,14 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
87 } 87 }
88 } 88 }
89 return 1; 89 return 1;
90} 90 }
91
92static void oid_module_finish(CONF_IMODULE *md)
93 {
94 OBJ_cleanup();
95 }
91 96
92void ASN1_add_oid_module(void) 97void ASN1_add_oid_module(void)
93 { 98 {
94 CONF_module_add("oid_section", oid_module_init, 0); 99 CONF_module_add("oid_section", oid_module_init, oid_module_finish);
95 } 100 }
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
index e1c5e5ae13..d15006e654 100644
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
139 } 139 }
140 140
141 if (x->d == NULL) 141 if (x->d == NULL)
142 snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); 142 BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
143 else 143 else
144 strlcpy(str,"modulus:",sizeof str); 144 BUF_strlcpy(str,"modulus:",sizeof str);
145 if (!print(bp,str,x->n,m,off)) goto err; 145 if (!print(bp,str,x->n,m,off)) goto err;
146 s=(x->d == NULL)?"Exponent:":"publicExponent:"; 146 s=(x->d == NULL)?"Exponent:":"publicExponent:";
147 if (!print(bp,s,x->e,m,off)) goto err; 147 if (!print(bp,s,x->e,m,off)) goto err;
diff --git a/src/lib/libcrypto/bf/Makefile.ssl b/src/lib/libcrypto/bf/Makefile.ssl
index 7dfdf9d871..be3ad77a05 100644
--- a/src/lib/libcrypto/bf/Makefile.ssl
+++ b/src/lib/libcrypto/bf/Makefile.ssl
@@ -22,6 +22,7 @@ BF_ENC= bf_enc.o
22#DES_ENC= bx86-elf.o 22#DES_ENC= bx86-elf.o
23 23
24CFLAGS= $(INCLUDES) $(CFLAG) 24CFLAGS= $(INCLUDES) $(CFLAG)
25ASFLAGS= $(INCLUDES) $(ASFLAG)
25 26
26GENERAL=Makefile 27GENERAL=Makefile
27TEST=bftest.c 28TEST=bftest.c
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
index 983604fb49..f671e722fa 100644
--- a/src/lib/libcrypto/bio/b_dump.c
+++ b/src/lib/libcrypto/bio/b_dump.c
@@ -104,41 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
104 for(i=0;i<rows;i++) 104 for(i=0;i<rows;i++)
105 { 105 {
106 buf[0]='\0'; /* start with empty string */ 106 buf[0]='\0'; /* start with empty string */
107 strlcpy(buf,str,sizeof buf); 107 BUF_strlcpy(buf,str,sizeof buf);
108 snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width); 108 BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
109 strlcat(buf,tmp,sizeof buf); 109 BUF_strlcat(buf,tmp,sizeof buf);
110 for(j=0;j<dump_width;j++) 110 for(j=0;j<dump_width;j++)
111 { 111 {
112 if (((i*dump_width)+j)>=len) 112 if (((i*dump_width)+j)>=len)
113 { 113 {
114 strlcat(buf," ",sizeof buf); 114 BUF_strlcat(buf," ",sizeof buf);
115 } 115 }
116 else 116 else
117 { 117 {
118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
119 snprintf(tmp,sizeof tmp,"%02x%c",ch, 119 BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
120 j==7?'-':' '); 120 j==7?'-':' ');
121 strlcat(buf,tmp,sizeof buf); 121 BUF_strlcat(buf,tmp,sizeof buf);
122 } 122 }
123 } 123 }
124 strlcat(buf," ",sizeof buf); 124 BUF_strlcat(buf," ",sizeof buf);
125 for(j=0;j<dump_width;j++) 125 for(j=0;j<dump_width;j++)
126 { 126 {
127 if (((i*dump_width)+j)>=len) 127 if (((i*dump_width)+j)>=len)
128 break; 128 break;
129 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 129 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
130#ifndef CHARSET_EBCDIC 130#ifndef CHARSET_EBCDIC
131 snprintf(tmp,sizeof tmp,"%c", 131 BIO_snprintf(tmp,sizeof tmp,"%c",
132 ((ch>=' ')&&(ch<='~'))?ch:'.'); 132 ((ch>=' ')&&(ch<='~'))?ch:'.');
133#else 133#else
134 snprintf(tmp,sizeof tmp,"%c", 134 BIO_snprintf(tmp,sizeof tmp,"%c",
135 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) 135 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
136 ? os_toebcdic[ch] 136 ? os_toebcdic[ch]
137 : '.'); 137 : '.');
138#endif 138#endif
139 strlcat(buf,tmp,sizeof buf); 139 BUF_strlcat(buf,tmp,sizeof buf);
140 } 140 }
141 strlcat(buf,"\n",sizeof buf); 141 BUF_strlcat(buf,"\n",sizeof buf);
142 /* if this is the last call then update the ddt_dump thing so that 142 /* if this is the last call then update the ddt_dump thing so that
143 * we will move the selection point in the debug window 143 * we will move the selection point in the debug window
144 */ 144 */
@@ -147,7 +147,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
147#ifdef TRUNCATE 147#ifdef TRUNCATE
148 if (trunc > 0) 148 if (trunc > 0)
149 { 149 {
150 snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str, 150 BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
151 len+trunc); 151 len+trunc);
152 ret+=BIO_write(bio,(char *)buf,strlen(buf)); 152 ret+=BIO_write(bio,(char *)buf,strlen(buf));
153 } 153 }
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index 2cfc689dd6..fbff331796 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -576,12 +576,12 @@ abs_val(LDOUBLE value)
576} 576}
577 577
578static LDOUBLE 578static LDOUBLE
579pow10(int exp) 579pow10(int in_exp)
580{ 580{
581 LDOUBLE result = 1; 581 LDOUBLE result = 1;
582 while (exp) { 582 while (in_exp) {
583 result *= 10; 583 result *= 10;
584 exp--; 584 in_exp--;
585 } 585 }
586 return result; 586 return result;
587} 587}
@@ -652,8 +652,8 @@ fmtfp(
652 (caps ? "0123456789ABCDEF" 652 (caps ? "0123456789ABCDEF"
653 : "0123456789abcdef")[intpart % 10]; 653 : "0123456789abcdef")[intpart % 10];
654 intpart = (intpart / 10); 654 intpart = (intpart / 10);
655 } while (intpart && (iplace < sizeof iplace)); 655 } while (intpart && (iplace < sizeof iconvert));
656 if (iplace == sizeof iplace) 656 if (iplace == sizeof iconvert)
657 iplace--; 657 iplace--;
658 iconvert[iplace] = 0; 658 iconvert[iplace] = 0;
659 659
@@ -664,7 +664,7 @@ fmtfp(
664 : "0123456789abcdef")[fracpart % 10]; 664 : "0123456789abcdef")[fracpart % 10];
665 fracpart = (fracpart / 10); 665 fracpart = (fracpart / 10);
666 } while (fplace < max); 666 } while (fplace < max);
667 if (fplace == sizeof fplace) 667 if (fplace == sizeof fconvert)
668 fplace--; 668 fplace--;
669 fconvert[fplace] = 0; 669 fconvert[fplace] = 0;
670 670
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
index 5282f8a8f7..c851298d1e 100644
--- a/src/lib/libcrypto/bio/b_sock.c
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
709 } 709 }
710 *addr=p; 710 *addr=p;
711 } 711 }
712 snprintf(*addr,24,"%d.%d.%d.%d:%d", 712 BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
713 (unsigned char)(l>>24L)&0xff, 713 (unsigned char)(l>>24L)&0xff,
714 (unsigned char)(l>>16L)&0xff, 714 (unsigned char)(l>>16L)&0xff,
715 (unsigned char)(l>> 8L)&0xff, 715 (unsigned char)(l>> 8L)&0xff,
716 (unsigned char)(l )&0xff, 716 (unsigned char)(l )&0xff,
717 port); 717 port);
718end: 718end:
719 return(ret); 719 return(ret);
720 } 720 }
diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c
index ee9159ebd8..6f4254a114 100644
--- a/src/lib/libcrypto/bio/bio_cb.c
+++ b/src/lib/libcrypto/bio/bio_cb.c
@@ -75,56 +75,56 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
75 if (BIO_CB_RETURN & cmd) 75 if (BIO_CB_RETURN & cmd)
76 r=ret; 76 r=ret;
77 77
78 snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio); 78 BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
79 p= &(buf[14]); 79 p= &(buf[14]);
80 p_maxlen = sizeof buf - 14; 80 p_maxlen = sizeof buf - 14;
81 switch (cmd) 81 switch (cmd)
82 { 82 {
83 case BIO_CB_FREE: 83 case BIO_CB_FREE:
84 snprintf(p,p_maxlen,"Free - %s\n",bio->method->name); 84 BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
85 break; 85 break;
86 case BIO_CB_READ: 86 case BIO_CB_READ:
87 if (bio->method->type & BIO_TYPE_DESCRIPTOR) 87 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
88 snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", 88 BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
89 bio->num,argi,bio->method->name,bio->num); 89 bio->num,argi,bio->method->name,bio->num);
90 else 90 else
91 snprintf(p,p_maxlen,"read(%d,%d) - %s\n", 91 BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
92 bio->num,argi,bio->method->name); 92 bio->num,argi,bio->method->name);
93 break; 93 break;
94 case BIO_CB_WRITE: 94 case BIO_CB_WRITE:
95 if (bio->method->type & BIO_TYPE_DESCRIPTOR) 95 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
96 snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", 96 BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
97 bio->num,argi,bio->method->name,bio->num); 97 bio->num,argi,bio->method->name,bio->num);
98 else 98 else
99 snprintf(p,p_maxlen,"write(%d,%d) - %s\n", 99 BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
100 bio->num,argi,bio->method->name); 100 bio->num,argi,bio->method->name);
101 break; 101 break;
102 case BIO_CB_PUTS: 102 case BIO_CB_PUTS:
103 snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); 103 BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
104 break; 104 break;
105 case BIO_CB_GETS: 105 case BIO_CB_GETS:
106 snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); 106 BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
107 break; 107 break;
108 case BIO_CB_CTRL: 108 case BIO_CB_CTRL:
109 snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); 109 BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
110 break; 110 break;
111 case BIO_CB_RETURN|BIO_CB_READ: 111 case BIO_CB_RETURN|BIO_CB_READ:
112 snprintf(p,p_maxlen,"read return %ld\n",ret); 112 BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
113 break; 113 break;
114 case BIO_CB_RETURN|BIO_CB_WRITE: 114 case BIO_CB_RETURN|BIO_CB_WRITE:
115 snprintf(p,p_maxlen,"write return %ld\n",ret); 115 BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
116 break; 116 break;
117 case BIO_CB_RETURN|BIO_CB_GETS: 117 case BIO_CB_RETURN|BIO_CB_GETS:
118 snprintf(p,p_maxlen,"gets return %ld\n",ret); 118 BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
119 break; 119 break;
120 case BIO_CB_RETURN|BIO_CB_PUTS: 120 case BIO_CB_RETURN|BIO_CB_PUTS:
121 snprintf(p,p_maxlen,"puts return %ld\n",ret); 121 BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
122 break; 122 break;
123 case BIO_CB_RETURN|BIO_CB_CTRL: 123 case BIO_CB_RETURN|BIO_CB_CTRL:
124 snprintf(p,p_maxlen,"ctrl return %ld\n",ret); 124 BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
125 break; 125 break;
126 default: 126 default:
127 snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd); 127 BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
128 break; 128 break;
129 } 129 }
130 130
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
index 8c694140ed..f5d0e759e2 100644
--- a/src/lib/libcrypto/bio/bss_conn.c
+++ b/src/lib/libcrypto/bio/bss_conn.c
@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
521 char buf[16]; 521 char buf[16];
522 unsigned char *p = ptr; 522 unsigned char *p = ptr;
523 523
524 snprintf(buf,sizeof buf,"%d.%d.%d.%d", 524 BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
525 p[0],p[1],p[2],p[3]); 525 p[0],p[1],p[2],p[3]);
526 if (data->param_hostname != NULL) 526 if (data->param_hostname != NULL)
527 OPENSSL_free(data->param_hostname); 527 OPENSSL_free(data->param_hostname);
528 data->param_hostname=BUF_strdup(buf); 528 data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
532 { 532 {
533 char buf[DECIMAL_SIZE(int)+1]; 533 char buf[DECIMAL_SIZE(int)+1];
534 534
535 snprintf(buf,sizeof buf,"%d",*(int *)ptr); 535 BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
536 if (data->param_port != NULL) 536 if (data->param_port != NULL)
537 OPENSSL_free(data->param_port); 537 OPENSSL_free(data->param_port);
538 data->param_port=BUF_strdup(buf); 538 data->param_port=BUF_strdup(buf);
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
index 0ca603ee0a..9cdf159f82 100644
--- a/src/lib/libcrypto/bio/bss_file.c
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
249 if (num & BIO_FP_APPEND) 249 if (num & BIO_FP_APPEND)
250 { 250 {
251 if (num & BIO_FP_READ) 251 if (num & BIO_FP_READ)
252 strlcpy(p,"a+",sizeof p); 252 BUF_strlcpy(p,"a+",sizeof p);
253 else strlcpy(p,"a",sizeof p); 253 else BUF_strlcpy(p,"a",sizeof p);
254 } 254 }
255 else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) 255 else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
256 strlcpy(p,"r+",sizeof p); 256 BUF_strlcpy(p,"r+",sizeof p);
257 else if (num & BIO_FP_WRITE) 257 else if (num & BIO_FP_WRITE)
258 strlcpy(p,"w",sizeof p); 258 BUF_strlcpy(p,"w",sizeof p);
259 else if (num & BIO_FP_READ) 259 else if (num & BIO_FP_READ)
260 strlcpy(p,"r",sizeof p); 260 BUF_strlcpy(p,"r",sizeof p);
261 else 261 else
262 { 262 {
263 BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); 263 BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl
index 0c6e796d17..50892ef44c 100644
--- a/src/lib/libcrypto/bn/Makefile.ssl
+++ b/src/lib/libcrypto/bn/Makefile.ssl
@@ -120,6 +120,9 @@ asm/ia64-cpp.o: asm/ia64.S
120 120
121asm/x86_64-gcc.o: asm/x86_64-gcc.c 121asm/x86_64-gcc.o: asm/x86_64-gcc.c
122 122
123asm/pa-risc2W.o: asm/pa-risc2W.s
124 /usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
125
123files: 126files:
124 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO 127 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
125 128
diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl
index 9a78f63be1..c4de4a2bee 100644
--- a/src/lib/libcrypto/bn/asm/bn-586.pl
+++ b/src/lib/libcrypto/bn/asm/bn-586.pl
@@ -11,7 +11,7 @@ require "x86asm.pl";
11&bn_div_words("bn_div_words"); 11&bn_div_words("bn_div_words");
12&bn_add_words("bn_add_words"); 12&bn_add_words("bn_add_words");
13&bn_sub_words("bn_sub_words"); 13&bn_sub_words("bn_sub_words");
14&bn_sub_part_words("bn_sub_part_words") unless $main'openbsd; 14#&bn_sub_part_words("bn_sub_part_words");
15 15
16&asm_finish(); 16&asm_finish();
17 17
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 5614bc6164..253e195e23 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -433,19 +433,18 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
433int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); 433int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
434int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, 434int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
435 int cl, int dl); 435 int cl, int dl);
436#if 0 436#ifdef BN_RECURSION
437/* bn_mul.c rollback <appro> */ 437void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
438void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 438 BN_ULONG *t);
439 int dna,int dnb,BN_ULONG *t); 439void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
440void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, 440 int n, BN_ULONG *t);
441 int n,int tna,int tnb,BN_ULONG *t);
442#endif
443void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
444void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
445void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 441void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
446 BN_ULONG *t); 442 BN_ULONG *t);
447void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, 443void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
448 BN_ULONG *t); 444 BN_ULONG *t);
445void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
446#endif
447void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
449 448
450#ifdef __cplusplus 449#ifdef __cplusplus
451} 450}
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 463463cfcb..e1660450bc 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -145,11 +145,11 @@ char *BN_options(void)
145 { 145 {
146 init++; 146 init++;
147#ifdef BN_LLONG 147#ifdef BN_LLONG
148 snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8, 148 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
149 (int)sizeof(BN_ULONG)*8); 149 (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
150#else 150#else
151 snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8, 151 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
152 (int)sizeof(BN_ULONG)*8); 152 (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
153#endif 153#endif
154 } 154 }
155 return(data); 155 return(data);
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index ad80dab325..acba7ed7ee 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -140,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
140 /* We now have a series of blocks, BN_DEC_NUM chars 140 /* We now have a series of blocks, BN_DEC_NUM chars
141 * in length, where the last one needs truncation. 141 * in length, where the last one needs truncation.
142 * The blocks need to be reversed in order. */ 142 * The blocks need to be reversed in order. */
143 snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); 143 BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
144 while (*p) p++; 144 while (*p) p++;
145 while (lp != bn_data) 145 while (lp != bn_data)
146 { 146 {
147 lp--; 147 lp--;
148 snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); 148 BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
149 while (*p) p++; 149 while (*p) p++;
150 } 150 }
151 } 151 }
diff --git a/src/lib/libcrypto/cast/Makefile.ssl b/src/lib/libcrypto/cast/Makefile.ssl
index 2dc1c855ad..98393a37ba 100644
--- a/src/lib/libcrypto/cast/Makefile.ssl
+++ b/src/lib/libcrypto/cast/Makefile.ssl
@@ -25,6 +25,7 @@ CAST_ENC=c_enc.o
25#CAST_ENC=asm/cx86bdsi.o 25#CAST_ENC=asm/cx86bdsi.o
26 26
27CFLAGS= $(INCLUDES) $(CFLAG) 27CFLAGS= $(INCLUDES) $(CFLAG)
28ASFLAGS= $(INCLUDES) $(ASFLAG)
28 29
29GENERAL=Makefile 30GENERAL=Makefile
30TEST=casttest.c 31TEST=casttest.c
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index b52ee01a3c..2e9f52f1fd 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
235 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); 235 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
236 goto err; 236 goto err;
237 } 237 }
238 strlcpy(section,"default",10); 238 BUF_strlcpy(section,"default",10);
239 239
240 if (_CONF_new_data(conf) == 0) 240 if (_CONF_new_data(conf) == 0)
241 { 241 {
@@ -392,7 +392,7 @@ again:
392 ERR_R_MALLOC_FAILURE); 392 ERR_R_MALLOC_FAILURE);
393 goto err; 393 goto err;
394 } 394 }
395 strlcpy(v->name,pname,strlen(pname)+1); 395 BUF_strlcpy(v->name,pname,strlen(pname)+1);
396 if (!str_copy(conf,psection,&(v->value),start)) goto err; 396 if (!str_copy(conf,psection,&(v->value),start)) goto err;
397 397
398 if (strcmp(psection,section) != 0) 398 if (strcmp(psection,section) != 0)
@@ -447,7 +447,7 @@ err:
447 if (buff != NULL) BUF_MEM_free(buff); 447 if (buff != NULL) BUF_MEM_free(buff);
448 if (section != NULL) OPENSSL_free(section); 448 if (section != NULL) OPENSSL_free(section);
449 if (line != NULL) *line=eline; 449 if (line != NULL) *line=eline;
450 snprintf(btmp,sizeof btmp,"%ld",eline); 450 BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
451 ERR_add_error_data(2,"line ",btmp); 451 ERR_add_error_data(2,"line ",btmp);
452 if ((h != conf->data) && (conf->data != NULL)) 452 if ((h != conf->data) && (conf->data != NULL))
453 { 453 {
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index 5a747e8c84..d45adea851 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
232 { 232 {
233 char rcode[DECIMAL_SIZE(ret)+1]; 233 char rcode[DECIMAL_SIZE(ret)+1];
234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); 234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
235 snprintf(rcode, sizeof rcode, "%-8d", ret); 235 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); 236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
237 } 237 }
238 } 238 }
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
561 561
562 if (!file) 562 if (!file)
563 return NULL; 563 return NULL;
564 strlcpy(file,X509_get_default_cert_area(),len + 1); 564 BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
565#ifndef OPENSSL_SYS_VMS 565#ifndef OPENSSL_SYS_VMS
566 strlcat(file,"/",len + 1); 566 BUF_strlcat(file,"/",len + 1);
567#endif 567#endif
568 strlcat(file,OPENSSL_CONF,len + 1); 568 BUF_strlcat(file,OPENSSL_CONF,len + 1);
569 569
570 return file; 570 return file;
571 } 571 }
@@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
576 * be used to parse comma separated lists for example. 576 * be used to parse comma separated lists for example.
577 */ 577 */
578 578
579int CONF_parse_list(const char *list, int sep, int nospc, 579int CONF_parse_list(const char *list_, int sep, int nospc,
580 int (*list_cb)(const char *elem, int len, void *usr), void *arg) 580 int (*list_cb)(const char *elem, int len, void *usr), void *arg)
581 { 581 {
582 int ret; 582 int ret;
583 const char *lstart, *tmpend, *p; 583 const char *lstart, *tmpend, *p;
584 lstart = list; 584 lstart = list_;
585 585
586 for(;;) 586 for(;;)
587 { 587 {
diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c
index 56471fa74c..beeeb14013 100644
--- a/src/lib/libcrypto/cversion.c
+++ b/src/lib/libcrypto/cversion.c
@@ -74,7 +74,7 @@ const char *SSLeay_version(int t)
74#ifdef DATE 74#ifdef DATE
75 static char buf[sizeof(DATE)+11]; 75 static char buf[sizeof(DATE)+11];
76 76
77 snprintf(buf,sizeof buf,"built on: %s",DATE); 77 BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
78 return(buf); 78 return(buf);
79#else 79#else
80 return("built on: date not available"); 80 return("built on: date not available");
@@ -85,7 +85,7 @@ const char *SSLeay_version(int t)
85#ifdef CFLAGS 85#ifdef CFLAGS
86 static char buf[sizeof(CFLAGS)+11]; 86 static char buf[sizeof(CFLAGS)+11];
87 87
88 snprintf(buf,sizeof buf,"compiler: %s",CFLAGS); 88 BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
89 return(buf); 89 return(buf);
90#else 90#else
91 return("compiler: information not available"); 91 return("compiler: information not available");
@@ -96,7 +96,7 @@ const char *SSLeay_version(int t)
96#ifdef PLATFORM 96#ifdef PLATFORM
97 static char buf[sizeof(PLATFORM)+11]; 97 static char buf[sizeof(PLATFORM)+11];
98 98
99 snprintf(buf,sizeof buf,"platform: %s", PLATFORM); 99 BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
100 return(buf); 100 return(buf);
101#else 101#else
102 return("platform: information not available"); 102 return("platform: information not available");
diff --git a/src/lib/libcrypto/des/Makefile.ssl b/src/lib/libcrypto/des/Makefile.ssl
index 45eba0b3c9..0d9ba2b42f 100644
--- a/src/lib/libcrypto/des/Makefile.ssl
+++ b/src/lib/libcrypto/des/Makefile.ssl
@@ -22,6 +22,7 @@ DES_ENC= des_enc.o fcrypt_b.o
22#DES_ENC= dx86-elf.o yx86-elf.o 22#DES_ENC= dx86-elf.o yx86-elf.o
23 23
24CFLAGS= $(INCLUDES) $(CFLAG) 24CFLAGS= $(INCLUDES) $(CFLAG)
25ASFLAGS= $(INCLUDES) $(ASFLAG)
25 26
26GENERAL=Makefile 27GENERAL=Makefile
27TEST=destest.c 28TEST=destest.c
@@ -157,12 +158,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
157cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 158cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
158cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 159cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
159cfb64enc.o: cfb64enc.c des_locl.h 160cfb64enc.o: cfb64enc.c des_locl.h
160cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 161cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
161cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 162cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
162cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 163cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
163cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 164cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
164cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h 165cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
165cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h 166cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
167cfb_enc.o: cfb_enc.c des_locl.h
166des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 168des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
167des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 169des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
168des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 170des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -191,13 +193,13 @@ ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
191ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 193ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
192ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 194ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
193ecb3_enc.o: des_locl.h ecb3_enc.c 195ecb3_enc.o: des_locl.h ecb3_enc.c
194ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 196ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
195ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 197ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
196ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 198ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
197ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 199ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
198ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h 200ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
199ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c 201ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
200ecb_enc.o: spr.h 202ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h
201ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 203ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
202ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 204ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
203ede_cbcm_enc.o: ../../include/openssl/opensslconf.h 205ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c
index 2600bdfc93..03cabb223c 100644
--- a/src/lib/libcrypto/des/cfb_enc.c
+++ b/src/lib/libcrypto/des/cfb_enc.c
@@ -56,6 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include "e_os.h"
59#include "des_locl.h" 60#include "des_locl.h"
60 61
61/* The input and output are loaded in multiples of 8 bits. 62/* The input and output are loaded in multiples of 8 bits.
@@ -64,17 +65,15 @@
64 * the second. The second 12 bits will come from the 3rd and half the 4th 65 * the second. The second 12 bits will come from the 3rd and half the 4th
65 * byte. 66 * byte.
66 */ 67 */
67/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
68 * length */
69/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it 68/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
70 * will not be compatible with any encryption prior to that date. Ben. */ 69 * will not be compatible with any encryption prior to that date. Ben. */
71void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, 70void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
72 long length, DES_key_schedule *schedule, DES_cblock *ivec, 71 long length, DES_key_schedule *schedule, DES_cblock *ivec,
73 int enc) 72 int enc)
74 { 73 {
75 register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; 74 register DES_LONG d0,d1,v0,v1;
76 register unsigned long l=length; 75 register unsigned long l=length,n=(numbits+7)/8;
77 register int num=numbits; 76 register int num=numbits,i;
78 DES_LONG ti[2]; 77 DES_LONG ti[2];
79 unsigned char *iv; 78 unsigned char *iv;
80 unsigned char ovec[16]; 79 unsigned char ovec[16];
@@ -114,10 +113,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
114 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); 113 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
115 /* now the remaining bits */ 114 /* now the remaining bits */
116 if(num%8 != 0) 115 if(num%8 != 0)
117 for(n=0 ; n < 8 ; ++n) 116 for(i=0 ; i < 8 ; ++i)
118 { 117 {
119 ovec[n]<<=num%8; 118 ovec[i]<<=num%8;
120 ovec[n]|=ovec[n+1]>>(8-num%8); 119 ovec[i]|=ovec[i+1]>>(8-num%8);
121 } 120 }
122 iv=&ovec[0]; 121 iv=&ovec[0];
123 c2l(iv,v0); 122 c2l(iv,v0);
@@ -152,10 +151,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
152 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); 151 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
153 /* now the remaining bits */ 152 /* now the remaining bits */
154 if(num%8 != 0) 153 if(num%8 != 0)
155 for(n=0 ; n < 8 ; ++n) 154 for(i=0 ; i < 8 ; ++i)
156 { 155 {
157 ovec[n]<<=num%8; 156 ovec[i]<<=num%8;
158 ovec[n]|=ovec[n+1]>>(8-num%8); 157 ovec[i]|=ovec[i+1]>>(8-num%8);
159 } 158 }
160 iv=&ovec[0]; 159 iv=&ovec[0];
161 c2l(iv,v0); 160 c2l(iv,v0);
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
index c828bdd45d..784aa5ba23 100644
--- a/src/lib/libcrypto/des/ecb_enc.c
+++ b/src/lib/libcrypto/des/ecb_enc.c
@@ -60,6 +60,7 @@
60#include "des_ver.h" 60#include "des_ver.h"
61#include "spr.h" 61#include "spr.h"
62#include <openssl/opensslv.h> 62#include <openssl/opensslv.h>
63#include <openssl/bio.h>
63 64
64OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; 65OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
65OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; 66OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
@@ -97,8 +98,8 @@ const char *DES_options(void)
97 size="int"; 98 size="int";
98 else 99 else
99 size="long"; 100 size="long";
100 snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, 101 BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
101 size); 102 size);
102 init=0; 103 init=0;
103 } 104 }
104 return(buf); 105 return(buf);
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
index 5ce4add082..016381f3e9 100644
--- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -2,7 +2,7 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5 EVP_BytesToKey - password based encryption routine 5EVP_BytesToKey - password based encryption routine
6 6
7=head1 SYNOPSIS 7=head1 SYNOPSIS
8 8
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 58afd8f0b8..faa992286b 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -4,7 +4,7 @@
4 4
5EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, 5EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
6EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, 6EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
7EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, 7EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
8EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, 8EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
9EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, 9EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
10EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - 10EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
index 7c71bcbf3d..279b29c873 100644
--- a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
+++ b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
@@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
9=head1 SYNOPSIS 9=head1 SYNOPSIS
10 10
11 #include <openssl/rsa.h> 11 #include <openssl/rsa.h>
12 #include <openssl/x509.h>
12 13
13 RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); 14 RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
14 15
@@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
31d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey 32d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
32structure. 33structure.
33 34
34d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a 35d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
35SubjectPublicKeyInfo (certificate public key) structure. 36a SubjectPublicKeyInfo (certificate public key) structure.
36 37
37d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey 38d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
38structure. 39structure.
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
index 85ac5103cd..48d9fdb25e 100644
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); 383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
384 return(0); 384 return(0);
385 } 385 }
386 strlcpy(copied, filename, strlen(filename) + 1); 386 BUF_strlcpy(copied, filename, strlen(filename) + 1);
387 if(dso->filename) 387 if(dso->filename)
388 OPENSSL_free(dso->filename); 388 OPENSSL_free(dso->filename);
389 dso->filename = copied; 389 dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
422 ERR_R_MALLOC_FAILURE); 422 ERR_R_MALLOC_FAILURE);
423 return(NULL); 423 return(NULL);
424 } 424 }
425 strlcpy(result, filename, strlen(filename) + 1); 425 BUF_strlcpy(result, filename, strlen(filename) + 1);
426 } 426 }
427 return(result); 427 return(result);
428 } 428 }
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index 4666a052bf..e9a51fb87a 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
896 } 896 }
897 form = buf[0]; 897 form = buf[0];
898 y_bit = form & 1; 898 y_bit = form & 1;
899 form = form & ~1; 899 form = form & ~1U;
900 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) 900 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
901 && (form != POINT_CONVERSION_UNCOMPRESSED) 901 && (form != POINT_CONVERSION_UNCOMPRESSED)
902 && (form != POINT_CONVERSION_HYBRID)) 902 && (form != POINT_CONVERSION_HYBRID))
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
index 0d56e69d27..412c73fb0f 100644
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -160,19 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: 160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
161 return strlen(e->cmd_defns[idx].cmd_name); 161 return strlen(e->cmd_defns[idx].cmd_name);
162 case ENGINE_CTRL_GET_NAME_FROM_CMD: 162 case ENGINE_CTRL_GET_NAME_FROM_CMD:
163 return snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1, 163 return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
164 "%s", e->cmd_defns[idx].cmd_name); 164 "%s", e->cmd_defns[idx].cmd_name);
165 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: 165 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
166 if(e->cmd_defns[idx].cmd_desc) 166 if(e->cmd_defns[idx].cmd_desc)
167 return strlen(e->cmd_defns[idx].cmd_desc); 167 return strlen(e->cmd_defns[idx].cmd_desc);
168 return strlen(int_no_description); 168 return strlen(int_no_description);
169 case ENGINE_CTRL_GET_DESC_FROM_CMD: 169 case ENGINE_CTRL_GET_DESC_FROM_CMD:
170 if(e->cmd_defns[idx].cmd_desc) 170 if(e->cmd_defns[idx].cmd_desc)
171 return snprintf(s, 171 return BIO_snprintf(s,
172 strlen(e->cmd_defns[idx].cmd_desc) + 1, 172 strlen(e->cmd_defns[idx].cmd_desc) + 1,
173 "%s", e->cmd_defns[idx].cmd_desc); 173 "%s", e->cmd_defns[idx].cmd_desc);
174 return snprintf(s, strlen(int_no_description) + 1,"%s", 174 return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
175 int_no_description); 175 int_no_description);
176 case ENGINE_CTRL_GET_CMD_FLAGS: 176 case ENGINE_CTRL_GET_CMD_FLAGS:
177 return e->cmd_defns[idx].cmd_flags; 177 return e->cmd_defns[idx].cmd_flags;
178 } 178 }
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
index 0d7dae00b2..7ccf7022ee 100644
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg)
107 } 107 }
108 108
109 109
110int ENGINE_set_default_string(ENGINE *e, const char *list) 110int ENGINE_set_default_string(ENGINE *e, const char *def_list)
111 { 111 {
112 unsigned int flags = 0; 112 unsigned int flags = 0;
113 if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags)) 113 if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
114 { 114 {
115 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, 115 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
116 ENGINE_R_INVALID_STRING); 116 ENGINE_R_INVALID_STRING);
117 ERR_add_error_data(2, "str=",list); 117 ERR_add_error_data(2, "str=",def_list);
118 return 0; 118 return 0;
119 } 119 }
120 return ENGINE_set_default(e, flags); 120 return ENGINE_set_default(e, flags);
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index 9c3ab182d3..900f75ce8d 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
513 * structure will have had its reference count up'd so the caller 513 * structure will have had its reference count up'd so the caller
514 * should still free their own reference 'e'. */ 514 * should still free their own reference 'e'. */
515int ENGINE_set_default_RSA(ENGINE *e); 515int ENGINE_set_default_RSA(ENGINE *e);
516int ENGINE_set_default_string(ENGINE *e, const char *list); 516int ENGINE_set_default_string(ENGINE *e, const char *def_list);
517/* Same for the other "methods" */ 517/* Same for the other "methods" */
518int ENGINE_set_default_DSA(ENGINE *e); 518int ENGINE_set_default_DSA(ENGINE *e);
519int ENGINE_set_default_DH(ENGINE *e); 519int ENGINE_set_default_DH(ENGINE *e);
@@ -616,17 +616,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
616 const dynamic_fns *fns); 616 const dynamic_fns *fns);
617#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ 617#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
618 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ 618 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
619 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ 619 if (ERR_get_implementation() != fns->err_fns) \
620 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ 620 { \
621 return 0; \ 621 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
622 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ 622 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
623 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ 623 return 0; \
624 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ 624 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
625 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ 625 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
626 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ 626 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
627 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ 627 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
628 return 0; \ 628 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
629 if(!ERR_set_implementation(fns->err_fns)) return 0; \ 629 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
630 return 0; \
631 if(!ERR_set_implementation(fns->err_fns)) return 0; \
632 } \
630 if(!fn(e,id)) return 0; \ 633 if(!fn(e,id)) return 0; \
631 return 1; } 634 return 1; }
632 635
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
index 2fe84a5002..21de0a9fdd 100644
--- a/src/lib/libcrypto/engine/hw_cryptodev.c
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -1257,14 +1257,17 @@ ENGINE_load_cryptodev(void)
1257 1257
1258 if (engine == NULL) 1258 if (engine == NULL)
1259 return; 1259 return;
1260 if ((fd = get_dev_crypto()) < 0) 1260 if ((fd = get_dev_crypto()) < 0) {
1261 ENGINE_free(engine);
1261 return; 1262 return;
1263 }
1262 1264
1263 /* 1265 /*
1264 * find out what asymmetric crypto algorithms we support 1266 * find out what asymmetric crypto algorithms we support
1265 */ 1267 */
1266 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { 1268 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1267 close(fd); 1269 close(fd);
1270 ENGINE_free(engine);
1268 return; 1271 return;
1269 } 1272 }
1270 close(fd); 1273 close(fd);
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index 6ab119c1ef..792f329600 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...)
1065 else 1065 else
1066 str=p; 1066 str=p;
1067 } 1067 }
1068 strlcat(str,a,s+1); 1068 BUF_strlcat(str,a,s+1);
1069 } 1069 }
1070 } 1070 }
1071 ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); 1071 ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index b22eed4421..0623ddf1f0 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -248,6 +248,7 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
248 248
249int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) 249int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
250 { 250 {
251 unsigned char *tmp_buf;
251 if ((in == NULL) || (in->digest == NULL)) 252 if ((in == NULL) || (in->digest == NULL))
252 { 253 {
253 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); 254 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
@@ -262,15 +263,22 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
262 } 263 }
263#endif 264#endif
264 265
266 if (out->digest == in->digest)
267 {
268 tmp_buf = out->md_data;
269 EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
270 }
271 else tmp_buf = NULL;
265 EVP_MD_CTX_cleanup(out); 272 EVP_MD_CTX_cleanup(out);
266 memcpy(out,in,sizeof *out); 273 memcpy(out,in,sizeof *out);
267 274
268 if (out->digest->ctx_size) 275 if (out->digest->ctx_size)
269 { 276 {
270 out->md_data=OPENSSL_malloc(out->digest->ctx_size); 277 if (tmp_buf) out->md_data = tmp_buf;
278 else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
271 memcpy(out->md_data,in->md_data,out->digest->ctx_size); 279 memcpy(out->md_data,in->md_data,out->digest->ctx_size);
272 } 280 }
273 281
274 if (out->digest->copy) 282 if (out->digest->copy)
275 return out->digest->copy(out,in); 283 return out->digest->copy(out,in);
276 284
@@ -308,7 +316,8 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
308 if (ctx->digest && ctx->digest->cleanup 316 if (ctx->digest && ctx->digest->cleanup
309 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) 317 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
310 ctx->digest->cleanup(ctx); 318 ctx->digest->cleanup(ctx);
311 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) 319 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
320 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
312 { 321 {
313 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); 322 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
314 OPENSSL_free(ctx->md_data); 323 OPENSSL_free(ctx->md_data);
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 5d8a07d33c..f9b48792ce 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -275,6 +275,8 @@ struct env_md_ctx_st
275 * once only */ 275 * once only */
276#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been 276#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
277 * cleaned */ 277 * cleaned */
278#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
279 * in EVP_MD_CTX_cleanup */
278 280
279struct evp_cipher_st 281struct evp_cipher_st
280 { 282 {
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index be0758a879..8ea5aa935d 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
148#endif 148#endif
149 149
150 ctx->cipher=cipher; 150 ctx->cipher=cipher;
151 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 151 if (ctx->cipher->ctx_size)
152 {
153 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
154 if (!ctx->cipher_data)
155 {
156 EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 }
160 else
161 {
162 ctx->cipher_data = NULL;
163 }
152 ctx->key_len = cipher->key_len; 164 ctx->key_len = cipher->key_len;
153 ctx->flags = 0; 165 ctx->flags = 0;
154 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) 166 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index bc98e63363..91e545a141 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
87 if (i == -1) { 87 if (i == -1) {
88 char obj_tmp[80]; 88 char obj_tmp[80];
89 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); 89 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
90 if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 90 if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
91 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); 91 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
92 ERR_add_error_data(2, "TYPE=", obj_tmp); 92 ERR_add_error_data(2, "TYPE=", obj_tmp);
93 return 0; 93 return 0;
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 30b6fbb03d..eb481ec661 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
210#endif 210#endif
211 default: 211 default:
212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
213 if (!a->algorithm) strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 213 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
214 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); 214 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
215 ERR_add_error_data(2, "TYPE=", obj_tmp); 215 ERR_add_error_data(2, "TYPE=", obj_tmp);
216 EVP_PKEY_free (pkey); 216 EVP_PKEY_free (pkey);
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
index bb862db499..dd86733b77 100644
--- a/src/lib/libcrypto/mem.c
+++ b/src/lib/libcrypto/mem.c
@@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
252 void *ret = NULL; 252 void *ret = NULL;
253 extern unsigned char cleanse_ctr; 253 extern unsigned char cleanse_ctr;
254 254
255 if (num < 0) return NULL; 255 if (num <= 0) return NULL;
256 256
257 allow_customize = 0; 257 allow_customize = 0;
258 if (malloc_debug_func != NULL) 258 if (malloc_debug_func != NULL)
@@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
293 void *ret = NULL; 293 void *ret = NULL;
294 extern unsigned char cleanse_ctr; 294 extern unsigned char cleanse_ctr;
295 295
296 if (num < 0) return NULL; 296 if (num <= 0) return NULL;
297 297
298 allow_customize = 0; 298 allow_customize = 0;
299 if (malloc_debug_func != NULL) 299 if (malloc_debug_func != NULL)
@@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
324 if (str == NULL) 324 if (str == NULL)
325 return CRYPTO_malloc(num, file, line); 325 return CRYPTO_malloc(num, file, line);
326 326
327 if (num < 0) return NULL; 327 if (num <= 0) return NULL;
328 328
329 if (realloc_debug_func != NULL) 329 if (realloc_debug_func != NULL)
330 realloc_debug_func(str, NULL, num, file, line, 0); 330 realloc_debug_func(str, NULL, num, file, line, 0);
@@ -346,7 +346,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
346 if (str == NULL) 346 if (str == NULL)
347 return CRYPTO_malloc(num, file, line); 347 return CRYPTO_malloc(num, file, line);
348 348
349 if (num < 0) return NULL; 349 if (num <= 0) return NULL;
350 350
351 if (realloc_debug_func != NULL) 351 if (realloc_debug_func != NULL)
352 realloc_debug_func(str, NULL, num, file, line, 0); 352 realloc_debug_func(str, NULL, num, file, line, 0);
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
index 9221df00bd..e212de27e4 100644
--- a/src/lib/libcrypto/mem_dbg.c
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -606,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
606 { 606 {
607 lcl = localtime(&m->time); 607 lcl = localtime(&m->time);
608 608
609 snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", 609 BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
610 lcl->tm_hour,lcl->tm_min,lcl->tm_sec); 610 lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
611 bufp += strlen(bufp); 611 bufp += strlen(bufp);
612 } 612 }
613 613
614 snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", 614 BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
615 m->order,m->file,m->line); 615 m->order,m->file,m->line);
616 bufp += strlen(bufp); 616 bufp += strlen(bufp);
617 617
618 if (options & V_CRYPTO_MDEBUG_THREAD) 618 if (options & V_CRYPTO_MDEBUG_THREAD)
619 { 619 {
620 snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); 620 BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
621 bufp += strlen(bufp); 621 bufp += strlen(bufp);
622 } 622 }
623 623
624 snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", 624 BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
625 m->num,(unsigned long)m->addr); 625 m->num,(unsigned long)m->addr);
626 bufp += strlen(bufp); 626 bufp += strlen(bufp);
627 627
@@ -643,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
643 643
644 ami_cnt++; 644 ami_cnt++;
645 memset(buf,'>',ami_cnt); 645 memset(buf,'>',ami_cnt);
646 snprintf(buf + ami_cnt, sizeof buf - ami_cnt, 646 BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
647 " thread=%lu, file=%s, line=%d, info=\"", 647 " thread=%lu, file=%s, line=%d, info=\"",
648 amip->thread, amip->file, amip->line); 648 amip->thread, amip->file, amip->line);
649 buf_len=strlen(buf); 649 buf_len=strlen(buf);
@@ -655,11 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
655 } 655 }
656 else 656 else
657 { 657 {
658 strlcpy(buf + buf_len, amip->info, 658 BUF_strlcpy(buf + buf_len, amip->info,
659 sizeof buf - buf_len); 659 sizeof buf - buf_len);
660 buf_len = strlen(buf); 660 buf_len = strlen(buf);
661 } 661 }
662 snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); 662 BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
663 663
664 BIO_puts(l->bio,buf); 664 BIO_puts(l->bio,buf);
665 665
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index ae97108e93..4534dc0985 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
462 if (i > 2) i=2; 462 if (i > 2) i=2;
463 l-=(long)(i*40); 463 l-=(long)(i*40);
464 464
465 snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); 465 BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
466 i=strlen(tbuf); 466 i=strlen(tbuf);
467 BUF_strlcpy(buf,tbuf,buf_len); 467 BUF_strlcpy(buf,tbuf,buf_len);
468 buf_len-=i; 468 buf_len-=i;
@@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
473 for (; idx<len; idx++) { 473 for (; idx<len; idx++) {
474 l|=p[idx]&0x7f; 474 l|=p[idx]&0x7f;
475 if (!(p[idx] & 0x80)) { 475 if (!(p[idx] & 0x80)) {
476 snprintf(tbuf,sizeof tbuf,".%lu",l); 476 BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
477 i=strlen(tbuf); 477 i=strlen(tbuf);
478 if (buf_len > 0) 478 if (buf_len > 0)
479 BUF_strlcpy(buf,tbuf,buf_len); 479 BUF_strlcpy(buf,tbuf,buf_len);
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index d6c8899f58..57399433fc 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -305,6 +305,8 @@ err:
305 305
306/* Add a nonce to an extension stack. A nonce can be specificed or if NULL 306/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
307 * a random nonce will be generated. 307 * a random nonce will be generated.
308 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
309 * nonce, previous versions used the raw nonce.
308 */ 310 */
309 311
310static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) 312static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
@@ -313,20 +315,28 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
313 ASN1_OCTET_STRING os; 315 ASN1_OCTET_STRING os;
314 int ret = 0; 316 int ret = 0;
315 if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; 317 if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
316 if (val) tmpval = val; 318 /* Create the OCTET STRING manually by writing out the header and
319 * appending the content octets. This avoids an extra memory allocation
320 * operation in some cases. Applications should *NOT* do this because
321 * it relies on library internals.
322 */
323 os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
324 os.data = OPENSSL_malloc(os.length);
325 if (os.data == NULL)
326 goto err;
327 tmpval = os.data;
328 ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
329 if (val)
330 memcpy(tmpval, val, len);
317 else 331 else
318 {
319 if (!(tmpval = OPENSSL_malloc(len))) goto err;
320 RAND_pseudo_bytes(tmpval, len); 332 RAND_pseudo_bytes(tmpval, len);
321 }
322 os.data = tmpval;
323 os.length = len;
324 if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, 333 if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
325 &os, 0, X509V3_ADD_REPLACE)) 334 &os, 0, X509V3_ADD_REPLACE))
326 goto err; 335 goto err;
327 ret = 1; 336 ret = 1;
328 err: 337 err:
329 if(!val) OPENSSL_free(tmpval); 338 if (os.data)
339 OPENSSL_free(os.data);
330 return ret; 340 return ret;
331 } 341 }
332 342
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 3875af165c..9e87fc7895 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -253,6 +253,7 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
253 253
254 254
255 err: 255 err:
256 if (buf) OPENSSL_free(buf);
256 if (*ppath) OPENSSL_free(*ppath); 257 if (*ppath) OPENSSL_free(*ppath);
257 if (*pport) OPENSSL_free(*pport); 258 if (*pport) OPENSSL_free(*pport);
258 if (*phost) OPENSSL_free(*phost); 259 if (*phost) OPENSSL_free(*phost);
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 1f5fda7ca3..3d58dfb06c 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -272,7 +272,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
272 272
273 for (i = 1; i < idcount; i++) 273 for (i = 1; i < idcount; i++)
274 { 274 {
275 tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; 275 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
276 /* Check to see if IDs match */ 276 /* Check to see if IDs match */
277 if (OCSP_id_issuer_cmp(cid, tmpid)) 277 if (OCSP_id_issuer_cmp(cid, tmpid))
278 { 278 {
@@ -330,7 +330,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
330 OCSP_CERTID *tmpid; 330 OCSP_CERTID *tmpid;
331 for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) 331 for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
332 { 332 {
333 tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; 333 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
334 ret = ocsp_match_issuerid(cert, tmpid, NULL); 334 ret = ocsp_match_issuerid(cert, tmpid, NULL);
335 if (ret <= 0) return ret; 335 if (ret <= 0) return ret;
336 } 336 }
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index e226d9de79..02f1710fb3 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090703fL 28#define OPENSSL_VERSION_NUMBER 0x0090704fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d 17 Mar 2004"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 3bec2d7e9f..7785039b99 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
131 else 131 else
132 str="BAD-TYPE"; 132 str="BAD-TYPE";
133 133
134 strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); 134 BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
135 strlcat(buf,str,PEM_BUFSIZE); 135 BUF_strlcat(buf,str,PEM_BUFSIZE);
136 strlcat(buf,"\n",PEM_BUFSIZE); 136 BUF_strlcat(buf,"\n",PEM_BUFSIZE);
137 } 137 }
138 138
139void PEM_dek_info(char *buf, const char *type, int len, char *str) 139void PEM_dek_info(char *buf, const char *type, int len, char *str)
@@ -142,9 +142,9 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
142 long i; 142 long i;
143 int j; 143 int j;
144 144
145 strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); 145 BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
146 strlcat(buf,type,PEM_BUFSIZE); 146 BUF_strlcat(buf,type,PEM_BUFSIZE);
147 strlcat(buf,",",PEM_BUFSIZE); 147 BUF_strlcat(buf,",",PEM_BUFSIZE);
148 j=strlen(buf); 148 j=strlen(buf);
149 if (j + (len * 2) + 1 > PEM_BUFSIZE) 149 if (j + (len * 2) + 1 > PEM_BUFSIZE)
150 return; 150 return;
@@ -535,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
535 long len) 535 long len)
536 { 536 {
537 int nlen,n,i,j,outl; 537 int nlen,n,i,j,outl;
538 unsigned char *buf; 538 unsigned char *buf = NULL;
539 EVP_ENCODE_CTX ctx; 539 EVP_ENCODE_CTX ctx;
540 int reason=ERR_R_BUF_LIB; 540 int reason=ERR_R_BUF_LIB;
541 541
@@ -555,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
555 goto err; 555 goto err;
556 } 556 }
557 557
558 buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8); 558 buf = OPENSSL_malloc(PEM_BUFSIZE*8);
559 if (buf == NULL) 559 if (buf == NULL)
560 { 560 {
561 reason=ERR_R_MALLOC_FAILURE; 561 reason=ERR_R_MALLOC_FAILURE;
@@ -576,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
576 EVP_EncodeFinal(&ctx,buf,&outl); 576 EVP_EncodeFinal(&ctx,buf,&outl);
577 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; 577 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
578 OPENSSL_free(buf); 578 OPENSSL_free(buf);
579 buf = NULL;
579 if ( (BIO_write(bp,"-----END ",9) != 9) || 580 if ( (BIO_write(bp,"-----END ",9) != 9) ||
580 (BIO_write(bp,name,nlen) != nlen) || 581 (BIO_write(bp,name,nlen) != nlen) ||
581 (BIO_write(bp,"-----\n",6) != 6)) 582 (BIO_write(bp,"-----\n",6) != 6))
582 goto err; 583 goto err;
583 return(i+outl); 584 return(i+outl);
584err: 585err:
586 if (buf)
587 OPENSSL_free(buf);
585 PEMerr(PEM_F_PEM_WRITE_BIO,reason); 588 PEMerr(PEM_F_PEM_WRITE_BIO,reason);
586 return(0); 589 return(0);
587 } 590 }
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index d96ecf6940..f77c949e87 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -87,6 +87,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
87 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 87 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
88 if(!p8inf) goto p8err; 88 if(!p8inf) goto p8err;
89 ret = EVP_PKCS82PKEY(p8inf); 89 ret = EVP_PKCS82PKEY(p8inf);
90 if(x) {
91 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
92 *x = ret;
93 }
90 PKCS8_PRIV_KEY_INFO_free(p8inf); 94 PKCS8_PRIV_KEY_INFO_free(p8inf);
91 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { 95 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
92 PKCS8_PRIV_KEY_INFO *p8inf; 96 PKCS8_PRIV_KEY_INFO *p8inf;
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 190ca0e9bf..35c7dcd0b3 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -91,17 +91,19 @@ static int PKCS7_type_is_other(PKCS7* p7)
91 91
92 } 92 }
93 93
94static int PKCS7_type_is_octet_string(PKCS7* p7) 94static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
95 { 95 {
96 if ( 0==PKCS7_type_is_other(p7) ) 96 if ( PKCS7_type_is_data(p7))
97 return 0; 97 return p7->d.data;
98 98 if ( PKCS7_type_is_other(p7) && p7->d.other
99 return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; 99 && (p7->d.other->type == V_ASN1_OCTET_STRING))
100 return p7->d.other->value.octet_string;
101 return NULL;
100 } 102 }
101 103
102BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 104BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
103 { 105 {
104 int i,j; 106 int i;
105 BIO *out=NULL,*btmp=NULL; 107 BIO *out=NULL,*btmp=NULL;
106 X509_ALGOR *xa; 108 X509_ALGOR *xa;
107 const EVP_MD *evp_md; 109 const EVP_MD *evp_md;
@@ -159,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
159 goto err; 161 goto err;
160 } 162 }
161 163
162 j=OBJ_obj2nid(xa->algorithm); 164 evp_md=EVP_get_digestbyobj(xa->algorithm);
163 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
164 if (evp_md == NULL) 165 if (evp_md == NULL)
165 { 166 {
166 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); 167 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -250,29 +251,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
250 btmp=NULL; 251 btmp=NULL;
251 } 252 }
252 253
253 if (bio == NULL) { 254 if (bio == NULL)
255 {
254 if (PKCS7_is_detached(p7)) 256 if (PKCS7_is_detached(p7))
255 bio=BIO_new(BIO_s_null()); 257 bio=BIO_new(BIO_s_null());
256 else { 258 else
257 if (PKCS7_type_is_signed(p7) ) { 259 {
258 if ( PKCS7_type_is_data(p7->d.sign->contents)) { 260 ASN1_OCTET_STRING *os;
259 ASN1_OCTET_STRING *os; 261 os = PKCS7_get_octet_string(p7->d.sign->contents);
260 os=p7->d.sign->contents->d.data; 262 if (os && os->length > 0)
261 if (os->length > 0) 263 bio = BIO_new_mem_buf(os->data, os->length);
262 bio = BIO_new_mem_buf(os->data, os->length); 264 if(bio == NULL)
263 } 265 {
264 else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
265 ASN1_OCTET_STRING *os;
266 os=p7->d.sign->contents->d.other->value.octet_string;
267 if (os->length > 0)
268 bio = BIO_new_mem_buf(os->data, os->length);
269 }
270 }
271 if(bio == NULL) {
272 bio=BIO_new(BIO_s_mem()); 266 bio=BIO_new(BIO_s_mem());
273 BIO_set_mem_eof_return(bio,0); 267 BIO_set_mem_eof_return(bio,0);
268 }
274 } 269 }
275 }
276 } 270 }
277 BIO_push(out,bio); 271 BIO_push(out,bio);
278 bio=NULL; 272 bio=NULL;
@@ -311,7 +305,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
311 switch (i) 305 switch (i)
312 { 306 {
313 case NID_pkcs7_signed: 307 case NID_pkcs7_signed:
314 data_body=p7->d.sign->contents->d.data; 308 data_body=PKCS7_get_octet_string(p7->d.sign->contents);
315 md_sk=p7->d.sign->md_algs; 309 md_sk=p7->d.sign->md_algs;
316 break; 310 break;
317 case NID_pkcs7_signedAndEnveloped: 311 case NID_pkcs7_signedAndEnveloped:
@@ -319,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
319 md_sk=p7->d.signed_and_enveloped->md_algs; 313 md_sk=p7->d.signed_and_enveloped->md_algs;
320 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 314 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
321 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 315 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
322 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); 316 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
323 if (evp_cipher == NULL) 317 if (evp_cipher == NULL)
324 { 318 {
325 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 319 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -331,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
331 rsk=p7->d.enveloped->recipientinfo; 325 rsk=p7->d.enveloped->recipientinfo;
332 enc_alg=p7->d.enveloped->enc_data->algorithm; 326 enc_alg=p7->d.enveloped->enc_data->algorithm;
333 data_body=p7->d.enveloped->enc_data->enc_data; 327 data_body=p7->d.enveloped->enc_data->enc_data;
334 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); 328 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
335 if (evp_cipher == NULL) 329 if (evp_cipher == NULL)
336 { 330 {
337 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 331 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -357,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
357 } 351 }
358 352
359 j=OBJ_obj2nid(xa->algorithm); 353 j=OBJ_obj2nid(xa->algorithm);
360 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); 354 evp_md=EVP_get_digestbynid(j);
361 if (evp_md == NULL) 355 if (evp_md == NULL)
362 { 356 {
363 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 357 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -531,9 +525,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
531 break; 525 break;
532 case NID_pkcs7_signed: 526 case NID_pkcs7_signed:
533 si_sk=p7->d.sign->signer_info; 527 si_sk=p7->d.sign->signer_info;
534 os=p7->d.sign->contents->d.data; 528 os=PKCS7_get_octet_string(p7->d.sign->contents);
535 /* If detached data then the content is excluded */ 529 /* If detached data then the content is excluded */
536 if(p7->detached) { 530 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
537 M_ASN1_OCTET_STRING_free(os); 531 M_ASN1_OCTET_STRING_free(os);
538 p7->d.sign->contents->d.data = NULL; 532 p7->d.sign->contents->d.data = NULL;
539 } 533 }
diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl
index df80702373..e5cbe5319c 100644
--- a/src/lib/libcrypto/rand/Makefile.ssl
+++ b/src/lib/libcrypto/rand/Makefile.ssl
@@ -101,7 +101,8 @@ md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
101md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 101md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
102md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 102md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
103md_rand.o: md_rand.c rand_lcl.h 103md_rand.o: md_rand.c rand_lcl.h
104rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h 104rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
105rand_egd.o: ../../include/openssl/opensslconf.h
105rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 106rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
106rand_egd.o: rand_egd.c 107rand_egd.o: rand_egd.c
107rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 108rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
@@ -186,8 +187,9 @@ rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
186rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 187rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
187rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 188rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
188rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c 189rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
189randfile.o: ../../e_os.h ../../include/openssl/crypto.h 190randfile.o: ../../e_os.h ../../include/openssl/buffer.h
190randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h 191randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
192randfile.o: ../../include/openssl/opensslconf.h
191randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 193randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
192randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 194randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
193randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 195randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
index 895967476e..6f742900a0 100644
--- a/src/lib/libcrypto/rand/rand_egd.c
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -56,6 +56,7 @@
56 56
57#include <openssl/e_os2.h> 57#include <openssl/e_os2.h>
58#include <openssl/rand.h> 58#include <openssl/rand.h>
59#include <openssl/buffer.h>
59 60
60/* 61/*
61 * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. 62 * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
@@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
145 addr.sun_family = AF_UNIX; 146 addr.sun_family = AF_UNIX;
146 if (strlen(path) >= sizeof(addr.sun_path)) 147 if (strlen(path) >= sizeof(addr.sun_path))
147 return (-1); 148 return (-1);
148 strlcpy(addr.sun_path,path,sizeof addr.sun_path); 149 BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
149 len = offsetof(struct sockaddr_un, sun_path) + strlen(path); 150 len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
150 fd = socket(AF_UNIX, SOCK_STREAM, 0); 151 fd = socket(AF_UNIX, SOCK_STREAM, 0);
151 if (fd == -1) return (-1); 152 if (fd == -1) return (-1);
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 263068d256..3584842224 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -646,7 +646,7 @@ static void readtimer(void)
646 * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. 646 * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
647 * 647 *
648 * Code adapted from 648 * Code adapted from
649 * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>; 649 * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
650 * the original copyright message is: 650 * the original copyright message is:
651 * 651 *
652 * (C) Copyright Microsoft Corp. 1993. All rights reserved. 652 * (C) Copyright Microsoft Corp. 1993. All rights reserved.
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index cfbec2ac1f..d88ee0d780 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -56,6 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* We need to define this to get macros like S_IFBLK and S_IFCHR */
60#define _XOPEN_SOURCE 1
61
59#include <errno.h> 62#include <errno.h>
60#include <stdio.h> 63#include <stdio.h>
61#include <stdlib.h> 64#include <stdlib.h>
@@ -64,6 +67,7 @@
64#include "e_os.h" 67#include "e_os.h"
65#include <openssl/crypto.h> 68#include <openssl/crypto.h>
66#include <openssl/rand.h> 69#include <openssl/rand.h>
70#include <openssl/buffer.h>
67 71
68#ifdef OPENSSL_SYS_VMS 72#ifdef OPENSSL_SYS_VMS
69#include <unixio.h> 73#include <unixio.h>
@@ -106,6 +110,7 @@ int RAND_load_file(const char *file, long bytes)
106 110
107 in=fopen(file,"rb"); 111 in=fopen(file,"rb");
108 if (in == NULL) goto err; 112 if (in == NULL) goto err;
113#if defined(S_IFBLK) && defined(S_IFCHR)
109 if (sb.st_mode & (S_IFBLK | S_IFCHR)) { 114 if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
110 /* this file is a device. we don't want read an infinite number 115 /* this file is a device. we don't want read an infinite number
111 * of bytes from a random device, nor do we want to use buffered 116 * of bytes from a random device, nor do we want to use buffered
@@ -114,6 +119,7 @@ int RAND_load_file(const char *file, long bytes)
114 bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ 119 bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
115 setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ 120 setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
116 } 121 }
122#endif
117 for (;;) 123 for (;;)
118 { 124 {
119 if (bytes > 0) 125 if (bytes > 0)
@@ -147,6 +153,7 @@ int RAND_write_file(const char *file)
147 153
148 i=stat(file,&sb); 154 i=stat(file,&sb);
149 if (i != -1) { 155 if (i != -1) {
156#if defined(S_IFBLK) && defined(S_IFCHR)
150 if (sb.st_mode & (S_IFBLK | S_IFCHR)) { 157 if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
151 /* this file is a device. we don't write back to it. 158 /* this file is a device. we don't write back to it.
152 * we "succeed" on the assumption this is some sort 159 * we "succeed" on the assumption this is some sort
@@ -155,6 +162,7 @@ int RAND_write_file(const char *file)
155 */ 162 */
156 return(1); 163 return(1);
157 } 164 }
165#endif
158 } 166 }
159 167
160#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) 168#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
@@ -219,13 +227,15 @@ const char *RAND_file_name(char *buf, size_t size)
219 { 227 {
220 char *s=NULL; 228 char *s=NULL;
221 int ok = 0; 229 int ok = 0;
230#ifdef __OpenBSD__
222 struct stat sb; 231 struct stat sb;
232#endif
223 233
224 if (issetugid() == 0) 234 if (issetugid() == 0)
225 s=getenv("RANDFILE"); 235 s=getenv("RANDFILE");
226 if (s != NULL && *s && strlen(s) + 1 < size) 236 if (s != NULL && *s && strlen(s) + 1 < size)
227 { 237 {
228 if (strlcpy(buf,s,size) >= size) 238 if (BUF_strlcpy(buf,s,size) >= size)
229 return NULL; 239 return NULL;
230 } 240 }
231 else 241 else
@@ -240,11 +250,11 @@ const char *RAND_file_name(char *buf, size_t size)
240#endif 250#endif
241 if (s && *s && strlen(s)+strlen(RFILE)+2 < size) 251 if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
242 { 252 {
243 strlcpy(buf,s,size); 253 BUF_strlcpy(buf,s,size);
244#ifndef OPENSSL_SYS_VMS 254#ifndef OPENSSL_SYS_VMS
245 strlcat(buf,"/",size); 255 BUF_strlcat(buf,"/",size);
246#endif 256#endif
247 strlcat(buf,RFILE,size); 257 BUF_strlcat(buf,RFILE,size);
248 ok = 1; 258 ok = 1;
249 } 259 }
250 else 260 else
@@ -260,11 +270,11 @@ const char *RAND_file_name(char *buf, size_t size)
260 */ 270 */
261 271
262 if (!ok) 272 if (!ok)
263 if (strlcpy(buf,"/dev/arandom",size) >= size) { 273 if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
264 return(NULL); 274 return(NULL);
265 } 275 }
266 if (stat(buf,&sb) == -1) 276 if (stat(buf,&sb) == -1)
267 if (strlcpy(buf,"/dev/arandom",size) >= size) { 277 if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
268 return(NULL); 278 return(NULL);
269 } 279 }
270 280
diff --git a/src/lib/libcrypto/rc4/Makefile.ssl b/src/lib/libcrypto/rc4/Makefile.ssl
index 9f9e16068f..3e602662be 100644
--- a/src/lib/libcrypto/rc4/Makefile.ssl
+++ b/src/lib/libcrypto/rc4/Makefile.ssl
@@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o
25#RC4_ENC=asm/rx86bdsi.o 25#RC4_ENC=asm/rx86bdsi.o
26 26
27CFLAGS= $(INCLUDES) $(CFLAG) 27CFLAGS= $(INCLUDES) $(CFLAG)
28ASFLAGS= $(INCLUDES) $(ASFLAG)
28 29
29GENERAL=Makefile 30GENERAL=Makefile
30TEST=rc4test.c 31TEST=rc4test.c
diff --git a/src/lib/libcrypto/rc5/Makefile.ssl b/src/lib/libcrypto/rc5/Makefile.ssl
index a86f202f7b..3f9632f8f7 100644
--- a/src/lib/libcrypto/rc5/Makefile.ssl
+++ b/src/lib/libcrypto/rc5/Makefile.ssl
@@ -22,6 +22,7 @@ RC5_ENC= rc5_enc.o
22#DES_ENC= r586-elf.o 22#DES_ENC= r586-elf.o
23 23
24CFLAGS= $(INCLUDES) $(CFLAG) 24CFLAGS= $(INCLUDES) $(CFLAG)
25ASFLAGS= $(INCLUDES) $(ASFLAG)
25 26
26GENERAL=Makefile 27GENERAL=Makefile
27TEST=rc5test.c 28TEST=rc5test.c
diff --git a/src/lib/libcrypto/ripemd/Makefile.ssl b/src/lib/libcrypto/ripemd/Makefile.ssl
index d85515353b..f22ac790ae 100644
--- a/src/lib/libcrypto/ripemd/Makefile.ssl
+++ b/src/lib/libcrypto/ripemd/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
20RIP_ASM_OBJ= 20RIP_ASM_OBJ=
21 21
22CFLAGS= $(INCLUDES) $(CFLAG) 22CFLAGS= $(INCLUDES) $(CFLAG)
23ASFLAGS= $(INCLUDES) $(ASFLAG)
23 24
24GENERAL=Makefile 25GENERAL=Makefile
25TEST=rmdtest.c 26TEST=rmdtest.c
diff --git a/src/lib/libcrypto/sha/Makefile.ssl b/src/lib/libcrypto/sha/Makefile.ssl
index d52fb62b4f..4ba201c787 100644
--- a/src/lib/libcrypto/sha/Makefile.ssl
+++ b/src/lib/libcrypto/sha/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
20SHA1_ASM_OBJ= 20SHA1_ASM_OBJ=
21 21
22CFLAGS= $(INCLUDES) $(CFLAG) 22CFLAGS= $(INCLUDES) $(CFLAG)
23ASFLAGS= $(INCLUDES) $(ASFLAG)
23 24
24GENERAL=Makefile 25GENERAL=Makefile
25TEST=shatest.c sha1test.c 26TEST=shatest.c sha1test.c
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
index fe51fd0794..e00f709553 100644
--- a/src/lib/libcrypto/sha/asm/sha1-586.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-586.pl
@@ -1,5 +1,30 @@
1#!/usr/local/bin/perl 1#!/usr/local/bin/perl
2 2
3# It was noted that Intel IA-32 C compiler generates code which
4# performs ~30% *faster* on P4 CPU than original *hand-coded*
5# SHA1 assembler implementation. To address this problem (and
6# prove that humans are still better than machines:-), the
7# original code was overhauled, which resulted in following
8# performance changes:
9#
10# compared with original compared with Intel cc
11# assembler impl. generated code
12# Pentium -25% +37%
13# PIII/AMD +8% +16%
14# P4 +85%(!) +45%
15#
16# As you can see Pentium came out as looser:-( Yet I reckoned that
17# improvement on P4 outweights the loss and incorporate this
18# re-tuned code to 0.9.7 and later.
19# ----------------------------------------------------------------
20# Those who for any particular reason absolutely must score on
21# Pentium can replace this module with one from 0.9.6 distribution.
22# This "offer" shall be revoked the moment programming interface to
23# this module is changed, in which case this paragraph should be
24# removed.
25# ----------------------------------------------------------------
26# <appro@fy.chalmers.se>
27
3$normal=0; 28$normal=0;
4 29
5push(@INC,"perlasm","../../perlasm"); 30push(@INC,"perlasm","../../perlasm");
@@ -77,54 +102,21 @@ sub BODY_00_15
77 { 102 {
78 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 103 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
79 104
80return if $n & 1;
81 &comment("00_15 $n"); 105 &comment("00_15 $n");
82 106
83 &mov($f,$c);
84
85 &mov($tmp1,$a);
86 &xor($f,$d); # F2
87
88 &rotl($tmp1,5); # A2
89
90 &and($f,$b); # F3
91 &add($tmp1,$e);
92
93 &rotr($b,1); # B1 <- F
94 &mov($e,&swtmp($n)); # G1
95
96 &rotr($b,1); # B1 <- F
97 &xor($f,$d); # F4
98
99 &lea($tmp1,&DWP($K,$tmp1,$e,1));
100
101############################
102# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
103# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
104$n++;
105 local($n0,$n1,$n2,$n3,$np)=&Na($n);
106 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
107
108 &mov($f,$c);
109
110 &add($a,$tmp1); # MOVED DOWN
111 &xor($f,$d); # F2
112
113 &mov($tmp1,$a); 107 &mov($tmp1,$a);
114 &and($f,$b); # F3 108 &mov($f,$c); # f to hold F_00_19(b,c,d)
115 109 &rotl($tmp1,5); # tmp1=ROTATE(a,5)
116 &rotl($tmp1,5); # A2 110 &xor($f,$d);
117 111 &and($f,$b);
118 &add($tmp1,$e); 112 &rotr($b,2); # b=ROTATE(b,30)
119 &mov($e,&swtmp($n)); # G1 113 &add($tmp1,$e); # tmp1+=e;
120 114 &mov($e,&swtmp($n)); # e becomes volatile and
121 &rotr($b,1); # B1 <- F 115 # is loaded with xi
122 &xor($f,$d); # F4 116 &xor($f,$d); # f holds F_00_19(b,c,d)
123 117 &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
124 &rotr($b,1); # B1 <- F 118
125 &lea($tmp1,&DWP($K,$tmp1,$e,1)); 119 &add($f,$tmp1); # f+=tmp1
126
127 &add($f,$tmp1);
128 } 120 }
129 121
130sub BODY_16_19 122sub BODY_16_19
@@ -132,66 +124,24 @@ sub BODY_16_19
132 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 124 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
133 local($n0,$n1,$n2,$n3,$np)=&Na($n); 125 local($n0,$n1,$n2,$n3,$np)=&Na($n);
134 126
135return if $n & 1;
136 &comment("16_19 $n"); 127 &comment("16_19 $n");
137 128
138 &nop() if ($pos < 0); 129 &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd)
139&mov($tmp1,&swtmp($n0)); # X1 130 &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d)
140 &mov($f,&swtmp($n1)); # X2 131 &xor($f,&swtmp($n0));
141&xor($f,$tmp1); # X3 132 &xor($tmp1,$d);
142 &mov($tmp1,&swtmp($n2)); # X4 133 &xor($f,&swtmp($n2));
143&xor($f,$tmp1); # X5 134 &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d)
144 &mov($tmp1,&swtmp($n3)); # X6 135 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
145&xor($f,$tmp1); # X7 - slot 136 &rotr($b,2); # b=ROTATE(b,30)
146 &mov($tmp1,$c); # F1 137 &xor($tmp1,$d); # tmp1=F_00_19(b,c,d)
147&rotl($f,1); # X8 - slot 138 &rotl($f,1); # f=ROATE(f,1)
148 &xor($tmp1,$d); # F2 139 &mov(&swtmp($n0),$f); # xi=f
149&mov(&swtmp($n0),$f); # X9 - anytime 140 &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e
150 &and($tmp1,$b); # F3 141 &mov($e,$a); # e becomes volatile
151&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 142 &add($f,$tmp1); # f+=F_00_19(b,c,d)
152 &xor($tmp1,$d); # F4 143 &rotl($e,5); # e=ROTATE(a,5)
153&mov($e,$a); # A1 144 &add($f,$e); # f+=ROTATE(a,5)
154 &add($f,$tmp1); # tot+=F();
155
156&rotl($e,5); # A2
157
158&rotr($b,1); # B1 <- F
159 &add($f,$e); # tot+=a
160
161############################
162# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
163# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
164$n++;
165 local($n0,$n1,$n2,$n3,$np)=&Na($n);
166 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
167
168
169&mov($f,&swtmp($n0)); # X1
170 &mov($tmp1,&swtmp($n1)); # X2
171&xor($f,$tmp1); # X3
172 &mov($tmp1,&swtmp($n2)); # X4
173&xor($f,$tmp1); # X5
174 &mov($tmp1,&swtmp($n3)); # X6
175&rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN
176 &xor($f,$tmp1); # X7 - slot
177&rotl($f,1); # X8 - slot
178 &mov($tmp1,$c); # F1
179&xor($tmp1,$d); # F2
180 &mov(&swtmp($n0),$f); # X9 - anytime
181&and($tmp1,$b); # F3
182 &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
183
184&xor($tmp1,$d); # F4
185 &mov($e,$a); # A1
186
187&rotl($e,5); # A2
188
189&rotr($b,1); # B1 <- F
190 &add($f,$e); # tot+=a
191
192&rotr($b,1); # B1 <- F
193 &add($f,$tmp1); # tot+=F();
194
195 } 145 }
196 146
197sub BODY_20_39 147sub BODY_20_39
@@ -201,42 +151,21 @@ sub BODY_20_39
201 &comment("20_39 $n"); 151 &comment("20_39 $n");
202 local($n0,$n1,$n2,$n3,$np)=&Na($n); 152 local($n0,$n1,$n2,$n3,$np)=&Na($n);
203 153
204&mov($f,&swtmp($n0)); # X1 154 &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
205 &mov($tmp1,&swtmp($n1)); # X2 155 &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d)
206&xor($f,$tmp1); # X3 156 &xor($f,&swtmp($n1));
207 &mov($tmp1,&swtmp($n2)); # X4 157 &rotr($b,2); # b=ROTATE(b,30)
208&xor($f,$tmp1); # X5 158 &xor($f,&swtmp($n2));
209 &mov($tmp1,&swtmp($n3)); # X6 159 &xor($tmp1,$c);
210&xor($f,$tmp1); # X7 - slot 160 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
211 &mov($tmp1,$b); # F1 161 &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d)
212&rotl($f,1); # X8 - slot 162 &rotl($f,1); # f=ROTATE(f,1)
213 &xor($tmp1,$c); # F2 163 &mov(&swtmp($n0),$f); # xi=f
214&mov(&swtmp($n0),$f); # X9 - anytime 164 &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e
215 &xor($tmp1,$d); # F3 165 &mov($e,$a); # e becomes volatile
216 166 &rotl($e,5); # e=ROTATE(a,5)
217&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 167 &add($f,$tmp1); # f+=F_20_39(b,c,d)
218 &mov($e,$a); # A1 168 &add($f,$e); # f+=ROTATE(a,5)
219
220&rotl($e,5); # A2
221
222if ($n != 79) # last loop
223 {
224 &rotr($b,1); # B1 <- F
225 &add($e,$tmp1); # tmp1=F()+a
226
227 &rotr($b,1); # B2 <- F
228 &add($f,$e); # tot+=tmp1;
229 }
230else
231 {
232 &add($e,$tmp1); # tmp1=F()+a
233 &mov($tmp1,&wparam(0));
234
235 &rotr($b,1); # B1 <- F
236 &add($f,$e); # tot+=tmp1;
237
238 &rotr($b,1); # B2 <- F
239 }
240 } 169 }
241 170
242sub BODY_40_59 171sub BODY_40_59
@@ -244,70 +173,27 @@ sub BODY_40_59
244 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 173 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
245 174
246 &comment("40_59 $n"); 175 &comment("40_59 $n");
247 return if $n & 1;
248 local($n0,$n1,$n2,$n3,$np)=&Na($n); 176 local($n0,$n1,$n2,$n3,$np)=&Na($n);
249 177
250&mov($f,&swtmp($n0)); # X1 178 &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
251 &mov($tmp1,&swtmp($n1)); # X2 179 &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d)
252&xor($f,$tmp1); # X3 180 &xor($f,&swtmp($n1));
253 &mov($tmp1,&swtmp($n2)); # X4 181 &or($tmp1,$c);
254&xor($f,$tmp1); # X5 182 &xor($f,&swtmp($n2));
255 &mov($tmp1,&swtmp($n3)); # X6 183 &and($tmp1,$d);
256&xor($f,$tmp1); # X7 - slot 184 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
257 &mov($tmp1,$b); # F1 185 &rotl($f,1); # f=ROTATE(f,1)
258&rotl($f,1); # X8 - slot 186 &mov(&swtmp($n0),$f); # xi=f
259 &or($tmp1,$c); # F2 187 &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e
260&mov(&swtmp($n0),$f); # X9 - anytime 188 &mov($e,$b); # e becomes volatile and is used
261 &and($tmp1,$d); # F3 189 # to calculate F_40_59(b,c,d)
262 190 &rotr($b,2); # b=ROTATE(b,30)
263&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 191 &and($e,$c);
264 &mov($e,$b); # F4 192 &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d)
265 193 &mov($e,$a);
266&rotr($b,1); # B1 <- F 194 &rotl($e,5); # e=ROTATE(a,5)
267 &and($e,$c); # F5 195 &add($tmp1,$e); # tmp1+=ROTATE(a,5)
268 196 &add($f,$tmp1); # f+=tmp1;
269&or($tmp1,$e); # F6
270 &mov($e,$a); # A1
271
272&rotl($e,5); # A2
273
274&add($tmp1,$e); # tmp1=F()+a
275
276############################
277# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
278# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
279$n++;
280 local($n0,$n1,$n2,$n3,$np)=&Na($n);
281 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
282
283 &mov($f,&swtmp($n0)); # X1
284&add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1
285 &mov($tmp1,&swtmp($n1)); # X2
286&xor($f,$tmp1); # X3
287 &mov($tmp1,&swtmp($n2)); # X4
288&xor($f,$tmp1); # X5
289 &mov($tmp1,&swtmp($n3)); # X6
290&rotr($c,1); # B2 <- F # moved was rotr b,1
291 &xor($f,$tmp1); # X7 - slot
292&rotl($f,1); # X8 - slot
293 &mov($tmp1,$b); # F1
294&mov(&swtmp($n0),$f); # X9 - anytime
295 &or($tmp1,$c); # F2
296&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
297 &mov($e,$b); # F4
298&and($tmp1,$d); # F3
299 &and($e,$c); # F5
300
301&or($tmp1,$e); # F6
302 &mov($e,$a); # A1
303
304&rotl($e,5); # A2
305
306&rotr($b,1); # B1 <- F
307 &add($tmp1,$e); # tmp1=F()+a
308
309&rotr($b,1); # B2 <- F
310 &add($f,$tmp1); # tot+=tmp1;
311 } 197 }
312 198
313sub BODY_60_79 199sub BODY_60_79
@@ -495,8 +381,7 @@ sub sha1_block_data
495 # C -> E 381 # C -> E
496 # D -> T 382 # D -> T
497 383
498 # The last 2 have been moved into the last loop 384 &mov($tmp1,&wparam(0));
499 # &mov($tmp1,&wparam(0));
500 385
501 &mov($D, &DWP(12,$tmp1,"",0)); 386 &mov($D, &DWP(12,$tmp1,"",0));
502 &add($D,$B); 387 &add($D,$B);
diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c
index 8973921778..7588966cb2 100644
--- a/src/lib/libcrypto/threads/mttest.c
+++ b/src/lib/libcrypto/threads/mttest.c
@@ -243,7 +243,7 @@ bad:
243 goto end; 243 goto end;
244 } 244 }
245 245
246 if (cipher == NULL && issetugid() == 0) 246 if (cipher == NULL && OPENSSL_issetugid() == 0)
247 cipher=getenv("SSL_CIPHER"); 247 cipher=getenv("SSL_CIPHER");
248 248
249 SSL_load_error_strings(); 249 SSL_load_error_strings();
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index 33c86d76ef..dbc9711a2d 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
430 len += sizeof(prompt3) - 1; 430 len += sizeof(prompt3) - 1;
431 431
432 prompt = (char *)OPENSSL_malloc(len + 1); 432 prompt = (char *)OPENSSL_malloc(len + 1);
433 strlcpy(prompt, prompt1, len + 1); 433 BUF_strlcpy(prompt, prompt1, len + 1);
434 strlcat(prompt, object_desc, len + 1); 434 BUF_strlcat(prompt, object_desc, len + 1);
435 if (object_name) 435 if (object_name)
436 { 436 {
437 strlcat(prompt, prompt2, len + 1); 437 BUF_strlcat(prompt, prompt2, len + 1);
438 strlcat(prompt, object_name, len + 1); 438 BUF_strlcat(prompt, object_name, len + 1);
439 } 439 }
440 strlcat(prompt, prompt3, len + 1); 440 BUF_strlcat(prompt, prompt3, len + 1);
441 } 441 }
442 return prompt; 442 return prompt;
443 } 443 }
@@ -865,8 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
865 return -1; 865 return -1;
866 } 866 }
867 867
868 strlcpy(uis->result_buf, result, 868 BUF_strlcpy(uis->result_buf, result,
869 uis->_.string_data.result_maxsize + 1); 869 uis->_.string_data.result_maxsize + 1);
870 break; 870 break;
871 case UIT_BOOLEAN: 871 case UIT_BOOLEAN:
872 { 872 {
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index c538f9dffb..b4bc0457e5 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -277,6 +277,8 @@ $defs= <<"EOF";
277 277
278EOF 278EOF
279 279
280$defs .= $preamble if defined $preamble;
281
280if ($platform eq "VC-CE") 282if ($platform eq "VC-CE")
281 { 283 {
282 $defs.= <<"EOF"; 284 $defs.= <<"EOF";
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
index cdd2164c4e..01a1bfda19 100644
--- a/src/lib/libcrypto/util/mkdef.pl
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -1116,27 +1116,55 @@ sub print_test_file
1116 } 1116 }
1117} 1117}
1118 1118
1119sub get_version {
1120 local *MF;
1121 my $v = '?';
1122 open MF, 'Makefile.ssl' or return $v;
1123 while (<MF>) {
1124 $v = $1, last if /^VERSION=(.*?)\s*$/;
1125 }
1126 close MF;
1127 return $v;
1128}
1129
1119sub print_def_file 1130sub print_def_file
1120{ 1131{
1121 (*OUT,my $name,*nums,my @symbols)=@_; 1132 (*OUT,my $name,*nums,my @symbols)=@_;
1122 my $n = 1; my @e; my @r; my @v; my $prev=""; 1133 my $n = 1; my @e; my @r; my @v; my $prev="";
1123 my $liboptions=""; 1134 my $liboptions="";
1135 my $libname = $name;
1136 my $http_vendor = 'www.openssl.org/';
1137 my $version = get_version();
1138 my $what = "OpenSSL: implementation of Secure Socket Layer";
1139 my $description = "$what $version, $name - http://$http_vendor";
1124 1140
1125 if ($W32) 1141 if ($W32)
1126 { $name.="32"; } 1142 { $libname.="32"; }
1127 elsif ($W16) 1143 elsif ($W16)
1128 { $name.="16"; } 1144 { $libname.="16"; }
1129 elsif ($OS2) 1145 elsif ($OS2)
1130 { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } 1146 { # DLL names should not clash on the whole system.
1147 # However, they should not have any particular relationship
1148 # to the name of the static library. Chose descriptive names
1149 # (must be at most 8 chars).
1150 my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
1151 $libname = $translate{$name} || $name;
1152 $liboptions = <<EOO;
1153INITINSTANCE
1154DATA MULTIPLE NONSHARED
1155EOO
1156 # Vendor field can't contain colon, drat; so we omit http://
1157 $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
1158 }
1131 1159
1132 print OUT <<"EOF"; 1160 print OUT <<"EOF";
1133; 1161;
1134; Definition file for the DLL version of the $name library from OpenSSL 1162; Definition file for the DLL version of the $name library from OpenSSL
1135; 1163;
1136 1164
1137LIBRARY $name $liboptions 1165LIBRARY $libname $liboptions
1138 1166
1139DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' 1167DESCRIPTION '$description'
1140 1168
1141EOF 1169EOF
1142 1170
diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl
index d695dda623..ddb3524210 100644
--- a/src/lib/libcrypto/util/pl/OS2-EMX.pl
+++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl
@@ -3,10 +3,12 @@
3# OS2-EMX.pl - for EMX GCC on OS/2 3# OS2-EMX.pl - for EMX GCC on OS/2
4# 4#
5 5
6$o='\\'; 6$o='/';
7$cp='copy'; 7$cp='cp';
8$rm='rm -f'; 8$rm='rm -f';
9 9
10$preamble = "SHELL=sh\n";
11
10# C compiler stuff 12# C compiler stuff
11 13
12$cc='gcc'; 14$cc='gcc';
@@ -48,24 +50,24 @@ $bf_enc_src="";
48 50
49if (!$no_asm) 51if (!$no_asm)
50 { 52 {
51 $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj"; 53 $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
52 $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm"; 54 $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
53 $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj"; 55 $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
54 $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm"; 56 $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
55 $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj"; 57 $bf_enc_obj="crypto/bf/asm/b-os2$obj";
56 $bf_enc_src="crypto\\bf\\asm\\b-os2.asm"; 58 $bf_enc_src="crypto/bf/asm/b-os2.asm";
57 $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj"; 59 $cast_enc_obj="crypto/cast/asm/c-os2$obj";
58 $cast_enc_src="crypto\\cast\\asm\\c-os2.asm"; 60 $cast_enc_src="crypto/cast/asm/c-os2.asm";
59 $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj"; 61 $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
60 $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm"; 62 $rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
61 $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj"; 63 $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
62 $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm"; 64 $rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
63 $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj"; 65 $md5_asm_obj="crypto/md5/asm/m5-os2$obj";
64 $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm"; 66 $md5_asm_src="crypto/md5/asm/m5-os2.asm";
65 $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj"; 67 $sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
66 $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm"; 68 $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
67 $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj"; 69 $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
68 $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm"; 70 $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
69 } 71 }
70 72
71if ($shlib) 73if ($shlib)
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index a5c306f1fd..6207340472 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
302 k=0; 302 k=0;
303 for (;;) 303 for (;;)
304 { 304 {
305 snprintf(b->data,b->max,"%s/%08lx.%s%d",ctx->dirs[i],h, 305 char c = '/';
306 postfix,k); 306#ifdef OPENSSL_SYS_VMS
307 c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
308 if (c != ':' && c != '>' && c != ']')
309 {
310 /* If no separator is present, we assume the
311 directory specifier is a logical name, and
312 add a colon. We really should use better
313 VMS routines for merging things like this,
314 but this will do for now...
315 -- Richard Levitte */
316 c = ':';
317 }
318 else
319 {
320 c = '\0';
321 }
322#endif
323 if (c == '\0')
324 {
325 /* This is special. When c == '\0', no
326 directory separator should be added. */
327 BIO_snprintf(b->data,b->max,
328 "%s%08lx.%s%d",ctx->dirs[i],h,
329 postfix,k);
330 }
331 else
332 {
333 BIO_snprintf(b->data,b->max,
334 "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
335 postfix,k);
336 }
307 k++; 337 k++;
308 if (stat(b->data,&st) < 0) 338 if (stat(b->data,&st) < 0)
309 break; 339 break;
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index eaad5685a8..8d0c7e2e17 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -810,10 +810,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
810X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); 810X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
811X509_NAME *X509_NAME_dup(X509_NAME *xn); 811X509_NAME *X509_NAME_dup(X509_NAME *xn);
812X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); 812X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
813#ifndef OPENSSL_NO_RSA
814RSA *RSAPublicKey_dup(RSA *rsa);
815RSA *RSAPrivateKey_dup(RSA *rsa);
816#endif
817 813
818#endif /* !SSLEAY_MACROS */ 814#endif /* !SSLEAY_MACROS */
819 815
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index 9d09ae17e8..e31ebc6741 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n)
147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: 147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
148 return("unhandled critical extension"); 148 return("unhandled critical extension");
149 149
150 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
151 return("key usage does not include CRL signing");
152
153 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
154 return("unhandled critical CRL extension");
155
150 default: 156 default:
151 snprintf(buf,sizeof buf,"error number %ld",n); 157 BIO_snprintf(buf,sizeof buf,"error number %ld",n);
152 return(buf); 158 return(buf);
153 } 159 }
154 } 160 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 2bb21b443e..2e4d0b823a 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
383 /* Check all untrusted certificates */ 383 /* Check all untrusted certificates */
384 for (i = 0; i < ctx->last_untrusted; i++) 384 for (i = 0; i < ctx->last_untrusted; i++)
385 { 385 {
386 int ret;
386 x = sk_X509_value(ctx->chain, i); 387 x = sk_X509_value(ctx->chain, i);
387 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) 388 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
388 && (x->ex_flags & EXFLAG_CRITICAL)) 389 && (x->ex_flags & EXFLAG_CRITICAL))
@@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
393 ok=cb(0,ctx); 394 ok=cb(0,ctx);
394 if (!ok) goto end; 395 if (!ok) goto end;
395 } 396 }
396 if (!X509_check_purpose(x, ctx->purpose, i)) 397 ret = X509_check_purpose(x, ctx->purpose, i);
398 if ((ret == 0)
399 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
400 && (ret != 1)))
397 { 401 {
398 if (i) 402 if (i)
399 ctx->error = X509_V_ERR_INVALID_CA; 403 ctx->error = X509_V_ERR_INVALID_CA;
@@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
537 541
538 if(issuer) 542 if(issuer)
539 { 543 {
544 /* Check for cRLSign bit if keyUsage present */
545 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
546 !(issuer->ex_kusage & KU_CRL_SIGN))
547 {
548 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
549 ok = ctx->verify_cb(0, ctx);
550 if(!ok) goto err;
551 }
540 552
541 /* Attempt to get issuer certificate public key */ 553 /* Attempt to get issuer certificate public key */
542 ikey = X509_get_pubkey(issuer); 554 ikey = X509_get_pubkey(issuer);
@@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
611 { 623 {
612 int idx, ok; 624 int idx, ok;
613 X509_REVOKED rtmp; 625 X509_REVOKED rtmp;
626 STACK_OF(X509_EXTENSION) *exts;
627 X509_EXTENSION *ext;
614 /* Look for serial number of certificate in CRL */ 628 /* Look for serial number of certificate in CRL */
615 rtmp.serialNumber = X509_get_serialNumber(x); 629 rtmp.serialNumber = X509_get_serialNumber(x);
616 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); 630 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
617 /* Not found: OK */ 631 /* If found assume revoked: want something cleverer than
618 if(idx == -1) return 1;
619 /* Otherwise revoked: want something cleverer than
620 * this to handle entry extensions in V2 CRLs. 632 * this to handle entry extensions in V2 CRLs.
621 */ 633 */
622 ctx->error = X509_V_ERR_CERT_REVOKED; 634 if(idx >= 0)
623 ok = ctx->verify_cb(0, ctx); 635 {
624 return ok; 636 ctx->error = X509_V_ERR_CERT_REVOKED;
637 ok = ctx->verify_cb(0, ctx);
638 if (!ok) return 0;
639 }
640
641 if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
642 return 1;
643
644 /* See if we have any critical CRL extensions: since we
645 * currently don't handle any CRL extensions the CRL must be
646 * rejected.
647 * This code accesses the X509_CRL structure directly: applications
648 * shouldn't do this.
649 */
650
651 exts = crl->crl->extensions;
652
653 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
654 {
655 ext = sk_X509_EXTENSION_value(exts, idx);
656 if (ext->critical > 0)
657 {
658 ctx->error =
659 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
660 ok = ctx->verify_cb(0, ctx);
661 if(!ok) return 0;
662 break;
663 }
664 }
665 return 1;
625 } 666 }
626 667
627static int internal_verify(X509_STORE_CTX *ctx) 668static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index f0be21f452..198495884c 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -304,17 +304,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
304 304
305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
307#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
308#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
307 309
308/* The application is not happy */ 310/* The application is not happy */
309#define X509_V_ERR_APPLICATION_VERIFICATION 50 311#define X509_V_ERR_APPLICATION_VERIFICATION 50
310 312
311/* Certificate verify flags */ 313/* Certificate verify flags */
312 314
313#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */ 315/* Send issuer+subject checks to verify_cb */
314#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */ 316#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
315#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */ 317/* Use check time instead of current time */
316#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */ 318#define X509_V_FLAG_USE_CHECK_TIME 0x2
317#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */ 319/* Lookup CRLs */
320#define X509_V_FLAG_CRL_CHECK 0x4
321/* Lookup CRLs for whole chain */
322#define X509_V_FLAG_CRL_CHECK_ALL 0x8
323/* Ignore unhandled critical extensions */
324#define X509_V_FLAG_IGNORE_CRITICAL 0x10
325/* Disable workarounds for broken certificates */
326#define X509_V_FLAG_X509_STRICT 0x20
318 327
319int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, 328int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
320 X509_NAME *name); 329 X509_NAME *name);
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index f78c2a6b43..c25959a742 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
106 break; 106 break;
107 } 107 }
108 108
109 if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look 109 if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
110 for, not bytes */ 110 for, not bytes */
111 ret|=EVP_PKT_EXP; 111 ret|=EVP_PKT_EXP;
112 if(pkey==NULL) EVP_PKEY_free(pk); 112 if(pkey==NULL) EVP_PKEY_free(pk);
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 0fae31a3a6..58b935a3b6 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -137,8 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
137 X509V3_add_value("IP Address","<invalid>", &ret); 137 X509V3_add_value("IP Address","<invalid>", &ret);
138 break; 138 break;
139 } 139 }
140 snprintf(oline, sizeof oline, "%d.%d.%d.%d", p[0], p[1], p[2], 140 BIO_snprintf(oline, sizeof oline,
141 p[3]); 141 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
142 X509V3_add_value("IP Address",oline, &ret); 142 X509V3_add_value("IP Address",oline, &ret);
143 break; 143 break;
144 144
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 894a8b94d8..f90829c574 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = {
156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) 156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
157 157
158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) 159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) 160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
161 161
162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) 162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index 28cc00686a..53e3f48859 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -121,9 +121,9 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
121 ERR_R_MALLOC_FAILURE); 121 ERR_R_MALLOC_FAILURE);
122 return NULL; 122 return NULL;
123 } 123 }
124 strlcpy(ntmp, objtmp, nlen); 124 BUF_strlcpy(ntmp, objtmp, nlen);
125 strlcat(ntmp, " - ", nlen); 125 BUF_strlcat(ntmp, " - ", nlen);
126 strlcat(ntmp, vtmp->name, nlen); 126 BUF_strlcat(ntmp, vtmp->name, nlen);
127 OPENSSL_free(vtmp->name); 127 OPENSSL_free(vtmp->name);
128 vtmp->name = ntmp; 128 vtmp->name = ntmp;
129 129
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 4d145f71fd..b3d1ae5d1c 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -3,7 +3,7 @@
3 * project 2001. 3 * project 2001.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
415 * 1 is a CA 415 * 1 is a CA
416 * 2 basicConstraints absent so "maybe" a CA 416 * 2 basicConstraints absent so "maybe" a CA
417 * 3 basicConstraints absent but self signed V1. 417 * 3 basicConstraints absent but self signed V1.
418 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
418 */ 419 */
419 420
420#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) 421#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
@@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
436 } else { 437 } else {
437 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; 438 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
438 /* If key usage present it must have certSign so tolerate it */ 439 /* If key usage present it must have certSign so tolerate it */
439 else if (x->ex_flags & EXFLAG_KUSAGE) return 3; 440 else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
440 else return 2; 441 else return 2;
441 } 442 }
442} 443}
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index dddb07842b..40277883a5 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
index eca51c3322..854d1f164e 100644
--- a/src/lib/libssl/doc/openssl.cnf
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -38,10 +38,14 @@ dir = ./demoCA # Where everything is kept
38certs = $dir/certs # Where the issued certs are kept 38certs = $dir/certs # Where the issued certs are kept
39crl_dir = $dir/crl # Where the issued crl are kept 39crl_dir = $dir/crl # Where the issued crl are kept
40database = $dir/index.txt # database index file. 40database = $dir/index.txt # database index file.
41#unique_subject = no # Set to 'no' to allow creation of
42 # several ctificates with same subject.
41new_certs_dir = $dir/newcerts # default place for new certs. 43new_certs_dir = $dir/newcerts # default place for new certs.
42 44
43certificate = $dir/cacert.pem # The CA certificate 45certificate = $dir/cacert.pem # The CA certificate
44serial = $dir/serial # The current serial number 46serial = $dir/serial # The current serial number
47#crlnumber = $dir/crlnumber # the current crl number
48 # must be commented out to leave a V1 CRL
45crl = $dir/crl.pem # The current CRL 49crl = $dir/crl.pem # The current CRL
46private_key = $dir/private/cakey.pem# The private key 50private_key = $dir/private/cakey.pem# The private key
47RANDFILE = $dir/private/.rand # private random number file 51RANDFILE = $dir/private/.rand # private random number file
@@ -58,6 +62,7 @@ cert_opt = ca_default # Certificate field options
58 62
59# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 63# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
60# so this is commented out by default to leave a V1 CRL. 64# so this is commented out by default to leave a V1 CRL.
65# crlnumber must also be commented out to leave a V1 CRL.
61# crl_extensions = crl_ext 66# crl_extensions = crl_ext
62 67
63default_days = 365 # how long to certify for 68default_days = 365 # how long to certify for
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index d51b60e343..36f4a8b4c3 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1946,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1946 if (algs & SSL_kRSA) 1946 if (algs & SSL_kRSA)
1947 { 1947 {
1948 if (rsa == NULL 1948 if (rsa == NULL
1949 || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1949 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1950 { 1950 {
1951 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 1951 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
1952 goto f_err; 1952 goto f_err;
@@ -1958,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1958 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1958 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1959 { 1959 {
1960 if (dh == NULL 1960 if (dh == NULL
1961 || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1961 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1962 { 1962 {
1963 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); 1963 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
1964 goto f_err; 1964 goto f_err;
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index b8630792ad..4a0363a1c2 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,51 @@
2 OpenSSL CHANGES 2 OpenSSL CHANGES
3 _______________ 3 _______________
4 4
5 Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
6
7 *) Fix null-pointer assignment in do_change_cipher_spec() revealed
8 by using the Codenomicon TLS Test Tool (CAN-2004-0079)
9 [Joe Orton, Steve Henson]
10
11 *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
12 (CAN-2004-0112)
13 [Joe Orton, Steve Henson]
14
15 *) Make it possible to have multiple active certificates with the same
16 subject in the CA index file. This is done only if the keyword
17 'unique_subject' is set to 'no' in the main CA section (default
18 if 'CA_default') of the configuration file. The value is saved
19 with the database itself in a separate index attribute file,
20 named like the index file with '.attr' appended to the name.
21 [Richard Levitte]
22
23 *) X509 verify fixes. Disable broken certificate workarounds when
24 X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
25 keyUsage extension present. Don't accept CRLs with unhandled critical
26 extensions: since verify currently doesn't process CRL extensions this
27 rejects a CRL with *any* critical extensions. Add new verify error codes
28 for these cases.
29 [Steve Henson]
30
31 *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
32 A clarification of RFC2560 will require the use of OCTET STRINGs and
33 some implementations cannot handle the current raw format. Since OpenSSL
34 copies and compares OCSP nonces as opaque blobs without any attempt at
35 parsing them this should not create any compatibility issues.
36 [Steve Henson]
37
38 *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
39 calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
40 this HMAC (and other) operations are several times slower than OpenSSL
41 < 0.9.7.
42 [Steve Henson]
43
44 *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
45 [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
46
47 *) Use the correct content when signing type "other".
48 [Steve Henson]
49
5 Changes between 0.9.7b and 0.9.7c [30 Sep 2003] 50 Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
6 51
7 *) Fix various bugs revealed by running the NISCC test suite: 52 *) Fix various bugs revealed by running the NISCC test suite:
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index 61331dbb51..4e7883c17a 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -145,10 +145,10 @@ my %table=(
145"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", 145"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
146"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", 146"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
147"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", 147"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
148"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 148"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
149"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 149"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
150"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 150"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
151"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 151"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
152"dist", "cc:-O::(unknown)::::::", 152"dist", "cc:-O::(unknown)::::::",
153 153
154# Basic configs that should work on any (32 and less bit) box 154# Basic configs that should work on any (32 and less bit) box
@@ -216,13 +216,13 @@ my %table=(
216"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 216"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
217#### IRIX 6.x configs 217#### IRIX 6.x configs
218# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke 218# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
219# './Configure irix-[g]cc' manually. 219# './Configure irix-cc -o32' manually.
220# -mips4 flag is added by ./config when appropriate. 220# -mips4 flag is added by ./config when appropriate.
221"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 221"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
222"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 222"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
223# N64 ABI builds. 223# N64 ABI builds.
224"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 224"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
225"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 225"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
226 226
227#### Unified HP-UX ANSI C configs. 227#### Unified HP-UX ANSI C configs.
228# Special notes: 228# Special notes:
@@ -260,6 +260,7 @@ my %table=(
260# 64bit PARISC for GCC without optimization, which seems to make problems. 260# 64bit PARISC for GCC without optimization, which seems to make problems.
261# Submitted by <ross.alexander@uk.neceur.com> 261# Submitted by <ross.alexander@uk.neceur.com>
262"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 262"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
263"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
263 264
264# IA-64 targets 265# IA-64 targets
265"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 266"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index ca5683def7..0b40039ef8 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
68* Which is the current version of OpenSSL? 68* Which is the current version of OpenSSL?
69 69
70The current version is available from <URL: http://www.openssl.org>. 70The current version is available from <URL: http://www.openssl.org>.
71OpenSSL 0.9.7c was released on September 30, 2003. 71OpenSSL 0.9.7d was released on March 17, 2004.
72 72
73In addition to the current stable release, you can also access daily 73In addition to the current stable release, you can also access daily
74snapshots of the OpenSSL development version at <URL: 74snapshots of the OpenSSL development version at <URL:
@@ -116,11 +116,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
116 116
117* Where can I get a compiled version of OpenSSL? 117* Where can I get a compiled version of OpenSSL?
118 118
119You can finder pointers to binary distributions in
120http://www.openssl.org/related/binaries.html .
121
119Some applications that use OpenSSL are distributed in binary form. 122Some applications that use OpenSSL are distributed in binary form.
120When using such an application, you don't need to install OpenSSL 123When using such an application, you don't need to install OpenSSL
121yourself; the application will include the required parts (e.g. DLLs). 124yourself; the application will include the required parts (e.g. DLLs).
122 125
123If you want to install OpenSSL on a Windows system and you don't have 126If you want to build OpenSSL on a Windows system and you don't have
124a C compiler, read the "Mingw32" section of INSTALL.W32 for information 127a C compiler, read the "Mingw32" section of INSTALL.W32 for information
125on how to obtain and install the free GNU C compiler. 128on how to obtain and install the free GNU C compiler.
126 129
diff --git a/src/lib/libssl/src/LICENSE b/src/lib/libssl/src/LICENSE
index dddb07842b..40277883a5 100644
--- a/src/lib/libssl/src/LICENSE
+++ b/src/lib/libssl/src/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index e80b22a32a..a987a0298b 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -456,10 +456,12 @@ do_irix-shared:
456 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ 456 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
457 libs="$(LIBKRB5) $$libs"; \ 457 libs="$(LIBKRB5) $$libs"; \
458 fi; \ 458 fi; \
459 ( set -x; ${CC} ${SHARED_LDFLAGS} \ 459 ( WHOLELIB="-all lib$$i.a -notall"; \
460 (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
461 set -x; ${CC} ${SHARED_LDFLAGS} \
460 -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 462 -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
461 -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 463 -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
462 -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \ 464 $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
463 libs="-l$$i $$libs"; \ 465 libs="-l$$i $$libs"; \
464 done; \ 466 done; \
465 fi 467 fi
@@ -832,7 +834,7 @@ install: all install_docs
832 fi; \ 834 fi; \
833 fi 835 fi
834 cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig 836 cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
835 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig 837 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
836 838
837install_docs: 839install_docs:
838 @$(PERL) $(TOP)/util/mkdir-p.pl \ 840 @$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -857,6 +859,7 @@ install_docs:
857 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ 859 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
858 $(PERL) util/extract-names.pl < $$i | \ 860 $(PERL) util/extract-names.pl < $$i | \
859 grep -v $$filecase "^$$fn\$$" | \ 861 grep -v $$filecase "^$$fn\$$" | \
862 grep -v "[ ]" | \
860 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ 863 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
861 while read n; do \ 864 while read n; do \
862 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ 865 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -873,6 +876,7 @@ install_docs:
873 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ 876 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
874 $(PERL) util/extract-names.pl < $$i | \ 877 $(PERL) util/extract-names.pl < $$i | \
875 grep -v $$filecase "^$$fn\$$" | \ 878 grep -v $$filecase "^$$fn\$$" | \
879 grep -v "[ ]" | \
876 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ 880 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
877 while read n; do \ 881 while read n; do \
878 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ 882 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index f0282ebb87..4c1ba0a241 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,6 +5,14 @@
5 This file gives a brief overview of the major changes between each OpenSSL 5 This file gives a brief overview of the major changes between each OpenSSL
6 release. For more details please read the CHANGES file. 6 release. For more details please read the CHANGES file.
7 7
8 Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
9
10 o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
11 o Security: Fix null-pointer assignment in do_change_cipher_spec()
12 o Allow multiple active certificates with same subject in CA index
13 o Multiple X590 verification fixes
14 o Speed up HMAC and other operations
15
8 Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: 16 Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
9 17
10 o Security: fix various ASN1 parsing bugs. 18 o Security: fix various ASN1 parsing bugs.
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index 65e3a12426..f72a21036f 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,7 +1,7 @@
1 1
2 OpenSSL 0.9.7c 30 Sep 2003 2 OpenSSL 0.9.7d 17 Mar 2004
3 3
4 Copyright (c) 1998-2003 The OpenSSL Project 4 Copyright (c) 1998-2004 The OpenSSL Project
5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
6 All rights reserved. 6 All rights reserved.
7 7
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index c4dfafd778..93a665e788 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -501,7 +501,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
501 { 501 {
502 const char *password = 502 const char *password =
503 ((PW_CB_DATA *)UI_get0_user_data(ui))->password; 503 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
504 if (password[0] != '\0') 504 if (password && password[0] != '\0')
505 { 505 {
506 UI_set_result(ui, uis, password); 506 UI_set_result(ui, uis, password);
507 return 1; 507 return 1;
@@ -525,7 +525,7 @@ static int ui_write(UI *ui, UI_STRING *uis)
525 { 525 {
526 const char *password = 526 const char *password =
527 ((PW_CB_DATA *)UI_get0_user_data(ui))->password; 527 ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
528 if (password[0] != '\0') 528 if (password && password[0] != '\0')
529 return 1; 529 return 1;
530 } 530 }
531 default: 531 default:
@@ -1416,11 +1416,560 @@ char *make_config_name()
1416 1416
1417 len=strlen(t)+strlen(OPENSSL_CONF)+2; 1417 len=strlen(t)+strlen(OPENSSL_CONF)+2;
1418 p=OPENSSL_malloc(len); 1418 p=OPENSSL_malloc(len);
1419 strlcpy(p,t,len); 1419 BUF_strlcpy(p,t,len);
1420#ifndef OPENSSL_SYS_VMS 1420#ifndef OPENSSL_SYS_VMS
1421 strlcat(p,"/",len); 1421 BUF_strlcat(p,"/",len);
1422#endif 1422#endif
1423 strlcat(p,OPENSSL_CONF,len); 1423 BUF_strlcat(p,OPENSSL_CONF,len);
1424 1424
1425 return p; 1425 return p;
1426 } 1426 }
1427
1428static unsigned long index_serial_hash(const char **a)
1429 {
1430 const char *n;
1431
1432 n=a[DB_serial];
1433 while (*n == '0') n++;
1434 return(lh_strhash(n));
1435 }
1436
1437static int index_serial_cmp(const char **a, const char **b)
1438 {
1439 const char *aa,*bb;
1440
1441 for (aa=a[DB_serial]; *aa == '0'; aa++);
1442 for (bb=b[DB_serial]; *bb == '0'; bb++);
1443 return(strcmp(aa,bb));
1444 }
1445
1446static int index_name_qual(char **a)
1447 { return(a[0][0] == 'V'); }
1448
1449static unsigned long index_name_hash(const char **a)
1450 { return(lh_strhash(a[DB_name])); }
1451
1452int index_name_cmp(const char **a, const char **b)
1453 { return(strcmp(a[DB_name],
1454 b[DB_name])); }
1455
1456static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
1457static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
1458static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
1459static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
1460
1461#undef BSIZE
1462#define BSIZE 256
1463
1464BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
1465 {
1466 BIO *in=NULL;
1467 BIGNUM *ret=NULL;
1468 MS_STATIC char buf[1024];
1469 ASN1_INTEGER *ai=NULL;
1470
1471 ai=ASN1_INTEGER_new();
1472 if (ai == NULL) goto err;
1473
1474 if ((in=BIO_new(BIO_s_file())) == NULL)
1475 {
1476 ERR_print_errors(bio_err);
1477 goto err;
1478 }
1479
1480 if (BIO_read_filename(in,serialfile) <= 0)
1481 {
1482 if (!create)
1483 {
1484 perror(serialfile);
1485 goto err;
1486 }
1487 else
1488 {
1489 ASN1_INTEGER_set(ai,1);
1490 ret=BN_new();
1491 if (ret == NULL)
1492 BIO_printf(bio_err, "Out of memory\n");
1493 else
1494 BN_one(ret);
1495 }
1496 }
1497 else
1498 {
1499 if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
1500 {
1501 BIO_printf(bio_err,"unable to load number from %s\n",
1502 serialfile);
1503 goto err;
1504 }
1505 ret=ASN1_INTEGER_to_BN(ai,NULL);
1506 if (ret == NULL)
1507 {
1508 BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
1509 goto err;
1510 }
1511 }
1512
1513 if (ret && retai)
1514 {
1515 *retai = ai;
1516 ai = NULL;
1517 }
1518 err:
1519 if (in != NULL) BIO_free(in);
1520 if (ai != NULL) ASN1_INTEGER_free(ai);
1521 return(ret);
1522 }
1523
1524int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
1525 {
1526 char buf[1][BSIZE];
1527 BIO *out = NULL;
1528 int ret=0;
1529 ASN1_INTEGER *ai=NULL;
1530 int j;
1531
1532 if (suffix == NULL)
1533 j = strlen(serialfile);
1534 else
1535 j = strlen(serialfile) + strlen(suffix) + 1;
1536 if (j >= BSIZE)
1537 {
1538 BIO_printf(bio_err,"file name too long\n");
1539 goto err;
1540 }
1541
1542 if (suffix == NULL)
1543 BUF_strlcpy(buf[0], serialfile, BSIZE);
1544 else
1545 {
1546#ifndef OPENSSL_SYS_VMS
1547 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
1548#else
1549 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
1550#endif
1551 }
1552#ifdef RL_DEBUG
1553 BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1554#endif
1555 out=BIO_new(BIO_s_file());
1556 if (out == NULL)
1557 {
1558 ERR_print_errors(bio_err);
1559 goto err;
1560 }
1561 if (BIO_write_filename(out,buf[0]) <= 0)
1562 {
1563 perror(serialfile);
1564 goto err;
1565 }
1566
1567 if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
1568 {
1569 BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
1570 goto err;
1571 }
1572 i2a_ASN1_INTEGER(out,ai);
1573 BIO_puts(out,"\n");
1574 ret=1;
1575 if (retai)
1576 {
1577 *retai = ai;
1578 ai = NULL;
1579 }
1580err:
1581 if (out != NULL) BIO_free_all(out);
1582 if (ai != NULL) ASN1_INTEGER_free(ai);
1583 return(ret);
1584 }
1585
1586int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1587 {
1588 char buf[5][BSIZE];
1589 int i,j;
1590 struct stat sb;
1591
1592 i = strlen(serialfile) + strlen(old_suffix);
1593 j = strlen(serialfile) + strlen(new_suffix);
1594 if (i > j) j = i;
1595 if (j + 1 >= BSIZE)
1596 {
1597 BIO_printf(bio_err,"file name too long\n");
1598 goto err;
1599 }
1600
1601#ifndef OPENSSL_SYS_VMS
1602 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1603 serialfile, new_suffix);
1604#else
1605 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1606 serialfile, new_suffix);
1607#endif
1608#ifndef OPENSSL_SYS_VMS
1609 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1610 serialfile, old_suffix);
1611#else
1612 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1613 serialfile, old_suffix);
1614#endif
1615 if (stat(serialfile,&sb) < 0)
1616 {
1617 if (errno != ENOENT
1618#ifdef ENOTDIR
1619 && errno != ENOTDIR)
1620#endif
1621 goto err;
1622 }
1623 else
1624 {
1625#ifdef RL_DEBUG
1626 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1627 serialfile, buf[1]);
1628#endif
1629 if (rename(serialfile,buf[1]) < 0)
1630 {
1631 BIO_printf(bio_err,
1632 "unable to rename %s to %s\n",
1633 serialfile, buf[1]);
1634 perror("reason");
1635 goto err;
1636 }
1637 }
1638#ifdef RL_DEBUG
1639 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1640 buf[0],serialfile);
1641#endif
1642 if (rename(buf[0],serialfile) < 0)
1643 {
1644 BIO_printf(bio_err,
1645 "unable to rename %s to %s\n",
1646 buf[0],serialfile);
1647 perror("reason");
1648 rename(buf[1],serialfile);
1649 goto err;
1650 }
1651 return 1;
1652 err:
1653 return 0;
1654 }
1655
1656CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
1657 {
1658 CA_DB *retdb = NULL;
1659 TXT_DB *tmpdb = NULL;
1660 BIO *in = BIO_new(BIO_s_file());
1661 CONF *dbattr_conf = NULL;
1662 char buf[1][BSIZE];
1663 long errorline= -1;
1664
1665 if (in == NULL)
1666 {
1667 ERR_print_errors(bio_err);
1668 goto err;
1669 }
1670 if (BIO_read_filename(in,dbfile) <= 0)
1671 {
1672 perror(dbfile);
1673 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1674 goto err;
1675 }
1676 if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
1677 {
1678 if (tmpdb != NULL) TXT_DB_free(tmpdb);
1679 goto err;
1680 }
1681
1682#ifndef OPENSSL_SYS_VMS
1683 BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
1684#else
1685 BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
1686#endif
1687 dbattr_conf = NCONF_new(NULL);
1688 if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
1689 {
1690 if (errorline > 0)
1691 {
1692 BIO_printf(bio_err,
1693 "error on line %ld of db attribute file '%s'\n"
1694 ,errorline,buf[0]);
1695 goto err;
1696 }
1697 else
1698 {
1699 NCONF_free(dbattr_conf);
1700 dbattr_conf = NULL;
1701 }
1702 }
1703
1704 if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
1705 {
1706 fprintf(stderr, "Out of memory\n");
1707 goto err;
1708 }
1709
1710 retdb->db = tmpdb;
1711 tmpdb = NULL;
1712 if (db_attr)
1713 retdb->attributes = *db_attr;
1714 else
1715 {
1716 retdb->attributes.unique_subject = 1;
1717 }
1718
1719 if (dbattr_conf)
1720 {
1721 char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
1722 if (p)
1723 {
1724 BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
1725 switch(*p)
1726 {
1727 case 'f': /* false */
1728 case 'F': /* FALSE */
1729 case 'n': /* no */
1730 case 'N': /* NO */
1731 retdb->attributes.unique_subject = 0;
1732 break;
1733 case 't': /* true */
1734 case 'T': /* TRUE */
1735 case 'y': /* yes */
1736 case 'Y': /* YES */
1737 default:
1738 retdb->attributes.unique_subject = 1;
1739 break;
1740 }
1741 }
1742 }
1743
1744 err:
1745 if (dbattr_conf) NCONF_free(dbattr_conf);
1746 if (tmpdb) TXT_DB_free(tmpdb);
1747 if (in) BIO_free_all(in);
1748 return retdb;
1749 }
1750
1751int index_index(CA_DB *db)
1752 {
1753 if (!TXT_DB_create_index(db->db, DB_serial, NULL,
1754 LHASH_HASH_FN(index_serial_hash),
1755 LHASH_COMP_FN(index_serial_cmp)))
1756 {
1757 BIO_printf(bio_err,
1758 "error creating serial number index:(%ld,%ld,%ld)\n",
1759 db->db->error,db->db->arg1,db->db->arg2);
1760 return 0;
1761 }
1762
1763 if (db->attributes.unique_subject
1764 && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
1765 LHASH_HASH_FN(index_name_hash),
1766 LHASH_COMP_FN(index_name_cmp)))
1767 {
1768 BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
1769 db->db->error,db->db->arg1,db->db->arg2);
1770 return 0;
1771 }
1772 return 1;
1773 }
1774
1775int save_index(char *dbfile, char *suffix, CA_DB *db)
1776 {
1777 char buf[3][BSIZE];
1778 BIO *out = BIO_new(BIO_s_file());
1779 int j;
1780
1781 if (out == NULL)
1782 {
1783 ERR_print_errors(bio_err);
1784 goto err;
1785 }
1786
1787 j = strlen(dbfile) + strlen(suffix);
1788 if (j + 6 >= BSIZE)
1789 {
1790 BIO_printf(bio_err,"file name too long\n");
1791 goto err;
1792 }
1793
1794#ifndef OPENSSL_SYS_VMS
1795 j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
1796#else
1797 j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
1798#endif
1799#ifndef OPENSSL_SYS_VMS
1800 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
1801#else
1802 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
1803#endif
1804#ifndef OPENSSL_SYS_VMS
1805 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
1806#else
1807 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
1808#endif
1809#ifdef RL_DEBUG
1810 BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
1811#endif
1812 if (BIO_write_filename(out,buf[0]) <= 0)
1813 {
1814 perror(dbfile);
1815 BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
1816 goto err;
1817 }
1818 j=TXT_DB_write(out,db->db);
1819 if (j <= 0) goto err;
1820
1821 BIO_free(out);
1822
1823 out = BIO_new(BIO_s_file());
1824#ifdef RL_DEBUG
1825 BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
1826#endif
1827 if (BIO_write_filename(out,buf[1]) <= 0)
1828 {
1829 perror(buf[2]);
1830 BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
1831 goto err;
1832 }
1833 BIO_printf(out,"unique_subject = %s\n",
1834 db->attributes.unique_subject ? "yes" : "no");
1835 BIO_free(out);
1836
1837 return 1;
1838 err:
1839 return 0;
1840 }
1841
1842int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
1843 {
1844 char buf[5][BSIZE];
1845 int i,j;
1846 struct stat sb;
1847
1848 i = strlen(dbfile) + strlen(old_suffix);
1849 j = strlen(dbfile) + strlen(new_suffix);
1850 if (i > j) j = i;
1851 if (j + 6 >= BSIZE)
1852 {
1853 BIO_printf(bio_err,"file name too long\n");
1854 goto err;
1855 }
1856
1857#ifndef OPENSSL_SYS_VMS
1858 j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
1859#else
1860 j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
1861#endif
1862#ifndef OPENSSL_SYS_VMS
1863 j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
1864 dbfile, new_suffix);
1865#else
1866 j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
1867 dbfile, new_suffix);
1868#endif
1869#ifndef OPENSSL_SYS_VMS
1870 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
1871 dbfile, new_suffix);
1872#else
1873 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
1874 dbfile, new_suffix);
1875#endif
1876#ifndef OPENSSL_SYS_VMS
1877 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
1878 dbfile, old_suffix);
1879#else
1880 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
1881 dbfile, old_suffix);
1882#endif
1883#ifndef OPENSSL_SYS_VMS
1884 j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
1885 dbfile, old_suffix);
1886#else
1887 j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
1888 dbfile, old_suffix);
1889#endif
1890 if (stat(dbfile,&sb) < 0)
1891 {
1892 if (errno != ENOENT
1893#ifdef ENOTDIR
1894 && errno != ENOTDIR)
1895#endif
1896 goto err;
1897 }
1898 else
1899 {
1900#ifdef RL_DEBUG
1901 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1902 dbfile, buf[1]);
1903#endif
1904 if (rename(dbfile,buf[1]) < 0)
1905 {
1906 BIO_printf(bio_err,
1907 "unable to rename %s to %s\n",
1908 dbfile, buf[1]);
1909 perror("reason");
1910 goto err;
1911 }
1912 }
1913#ifdef RL_DEBUG
1914 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1915 buf[0],dbfile);
1916#endif
1917 if (rename(buf[0],dbfile) < 0)
1918 {
1919 BIO_printf(bio_err,
1920 "unable to rename %s to %s\n",
1921 buf[0],dbfile);
1922 perror("reason");
1923 rename(buf[1],dbfile);
1924 goto err;
1925 }
1926 if (stat(buf[4],&sb) < 0)
1927 {
1928 if (errno != ENOENT
1929#ifdef ENOTDIR
1930 && errno != ENOTDIR)
1931#endif
1932 goto err;
1933 }
1934 else
1935 {
1936#ifdef RL_DEBUG
1937 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1938 buf[4],buf[3]);
1939#endif
1940 if (rename(buf[4],buf[3]) < 0)
1941 {
1942 BIO_printf(bio_err,
1943 "unable to rename %s to %s\n",
1944 buf[4], buf[3]);
1945 perror("reason");
1946 rename(dbfile,buf[0]);
1947 rename(buf[1],dbfile);
1948 goto err;
1949 }
1950 }
1951#ifdef RL_DEBUG
1952 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
1953 buf[2],buf[4]);
1954#endif
1955 if (rename(buf[2],buf[4]) < 0)
1956 {
1957 BIO_printf(bio_err,
1958 "unable to rename %s to %s\n",
1959 buf[2],buf[4]);
1960 perror("reason");
1961 rename(buf[3],buf[4]);
1962 rename(dbfile,buf[0]);
1963 rename(buf[1],dbfile);
1964 goto err;
1965 }
1966 return 1;
1967 err:
1968 return 0;
1969 }
1970
1971void free_index(CA_DB *db)
1972 {
1973 TXT_DB_free(db->db);
1974 OPENSSL_free(db);
1975 }
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index c36b9d2566..8a9c4ab0a0 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -287,7 +287,38 @@ char *make_config_name(void);
287/* Functions defined in ca.c and also used in ocsp.c */ 287/* Functions defined in ca.c and also used in ocsp.c */
288int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, 288int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
289 ASN1_GENERALIZEDTIME **pinvtm, char *str); 289 ASN1_GENERALIZEDTIME **pinvtm, char *str);
290int make_serial_index(TXT_DB *db); 290
291#define DB_type 0
292#define DB_exp_date 1
293#define DB_rev_date 2
294#define DB_serial 3 /* index - unique */
295#define DB_file 4
296#define DB_name 5 /* index - unique when active and not disabled */
297#define DB_NUMBER 6
298
299#define DB_TYPE_REV 'R'
300#define DB_TYPE_EXP 'E'
301#define DB_TYPE_VAL 'V'
302
303typedef struct db_attr_st
304 {
305 int unique_subject;
306 } DB_ATTR;
307typedef struct ca_db_st
308 {
309 DB_ATTR attributes;
310 TXT_DB *db;
311 } CA_DB;
312
313BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
314int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
315int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
316CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
317int index_index(CA_DB *db);
318int save_index(char *dbfile, char *suffix, CA_DB *db);
319int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
320void free_index(CA_DB *db);
321int index_name_cmp(const char **a, const char **b);
291 322
292X509_NAME *do_subject(char *str, long chtype); 323X509_NAME *do_subject(char *str, long chtype);
293 324
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index 8367415405..7db40adf04 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -304,7 +304,15 @@ bad:
304 num=tmplen; 304 num=tmplen;
305 } 305 }
306 306
307 if (length == 0) length=(unsigned int)num; 307 if (offset >= num)
308 {
309 BIO_printf(bio_err, "Error: offset too large\n");
310 goto end;
311 }
312
313 num -= offset;
314
315 if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
308 if(derout) { 316 if(derout) {
309 if(BIO_write(derout, str + offset, length) != (int)length) { 317 if(BIO_write(derout, str + offset, length) != (int)length) {
310 BIO_printf(bio_err, "Error writing output\n"); 318 BIO_printf(bio_err, "Error writing output\n");
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index f979dfe85f..33362389cc 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -122,6 +122,7 @@
122#define ENV_NEW_CERTS_DIR "new_certs_dir" 122#define ENV_NEW_CERTS_DIR "new_certs_dir"
123#define ENV_CERTIFICATE "certificate" 123#define ENV_CERTIFICATE "certificate"
124#define ENV_SERIAL "serial" 124#define ENV_SERIAL "serial"
125#define ENV_CRLNUMBER "crlnumber"
125#define ENV_CRL "crl" 126#define ENV_CRL "crl"
126#define ENV_PRIVATE_KEY "private_key" 127#define ENV_PRIVATE_KEY "private_key"
127#define ENV_RANDFILE "RANDFILE" 128#define ENV_RANDFILE "RANDFILE"
@@ -143,18 +144,6 @@
143 144
144#define ENV_DATABASE "database" 145#define ENV_DATABASE "database"
145 146
146#define DB_type 0
147#define DB_exp_date 1
148#define DB_rev_date 2
149#define DB_serial 3 /* index - unique */
150#define DB_file 4
151#define DB_name 5 /* index - unique for active */
152#define DB_NUMBER 6
153
154#define DB_TYPE_REV 'R'
155#define DB_TYPE_EXP 'E'
156#define DB_TYPE_VAL 'V'
157
158/* Additional revocation information types */ 147/* Additional revocation information types */
159 148
160#define REV_NONE 0 /* No addditional information */ 149#define REV_NONE 0 /* No addditional information */
@@ -211,43 +200,36 @@ extern int EF_ALIGNMENT;
211#endif 200#endif
212 201
213static void lookup_fail(char *name,char *tag); 202static void lookup_fail(char *name,char *tag);
214static unsigned long index_serial_hash(const char **a);
215static int index_serial_cmp(const char **a, const char **b);
216static unsigned long index_name_hash(const char **a);
217static int index_name_qual(char **a);
218static int index_name_cmp(const char **a,const char **b);
219static BIGNUM *load_serial(char *serialfile);
220static int save_serial(char *serialfile, BIGNUM *serial);
221static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 203static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
222 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, 204 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
223 BIGNUM *serial, char *subj, int email_dn, char *startdate, 205 BIGNUM *serial, char *subj, int email_dn, char *startdate,
224 char *enddate, long days, int batch, char *ext_sect, CONF *conf, 206 char *enddate, long days, int batch, char *ext_sect, CONF *conf,
225 int verbose, unsigned long certopt, unsigned long nameopt, 207 int verbose, unsigned long certopt, unsigned long nameopt,
226 int default_op, int ext_copy); 208 int default_op, int ext_copy);
227static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 209static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
228 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, 210 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
229 TXT_DB *db, BIGNUM *serial, char *subj, int email_dn, 211 CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
230 char *startdate, char *enddate, long days, int batch, 212 char *startdate, char *enddate, long days, int batch,
231 char *ext_sect, CONF *conf,int verbose, unsigned long certopt, 213 char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
232 unsigned long nameopt, int default_op, int ext_copy, 214 unsigned long nameopt, int default_op, int ext_copy,
233 ENGINE *e); 215 ENGINE *e);
234static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 216static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
235 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, 217 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
236 TXT_DB *db, BIGNUM *serial,char *subj, int email_dn, 218 CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
237 char *startdate, char *enddate, long days, char *ext_sect, 219 char *startdate, char *enddate, long days, char *ext_sect,
238 CONF *conf, int verbose, unsigned long certopt, 220 CONF *conf, int verbose, unsigned long certopt,
239 unsigned long nameopt, int default_op, int ext_copy); 221 unsigned long nameopt, int default_op, int ext_copy);
240static int fix_data(int nid, int *type); 222static int fix_data(int nid, int *type);
241static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); 223static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
242static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 224static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
243 STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, 225 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
244 int email_dn, char *startdate, char *enddate, long days, int batch, 226 int email_dn, char *startdate, char *enddate, long days, int batch,
245 int verbose, X509_REQ *req, char *ext_sect, CONF *conf, 227 int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
246 unsigned long certopt, unsigned long nameopt, int default_op, 228 unsigned long certopt, unsigned long nameopt, int default_op,
247 int ext_copy); 229 int ext_copy);
248static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval); 230static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
249static int get_certificate_status(const char *ser_status, TXT_DB *db); 231static int get_certificate_status(const char *ser_status, CA_DB *db);
250static int do_updatedb(TXT_DB *db); 232static int do_updatedb(CA_DB *db);
251static int check_time_format(char *str); 233static int check_time_format(char *str);
252char *make_revocation_str(int rev_type, char *rev_arg); 234char *make_revocation_str(int rev_type, char *rev_arg);
253int make_revoked(X509_REVOKED *rev, char *str); 235int make_revoked(X509_REVOKED *rev, char *str);
@@ -259,11 +241,6 @@ static char *section=NULL;
259static int preserve=0; 241static int preserve=0;
260static int msie_hack=0; 242static int msie_hack=0;
261 243
262static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
263static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
264static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
265static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
266
267 244
268int MAIN(int, char **); 245int MAIN(int, char **);
269 246
@@ -300,6 +277,7 @@ int MAIN(int argc, char **argv)
300 char *outfile=NULL; 277 char *outfile=NULL;
301 char *outdir=NULL; 278 char *outdir=NULL;
302 char *serialfile=NULL; 279 char *serialfile=NULL;
280 char *crlnumberfile=NULL;
303 char *extensions=NULL; 281 char *extensions=NULL;
304 char *extfile=NULL; 282 char *extfile=NULL;
305 char *subj=NULL; 283 char *subj=NULL;
@@ -308,6 +286,7 @@ int MAIN(int argc, char **argv)
308 int rev_type = REV_NONE; 286 int rev_type = REV_NONE;
309 char *rev_arg = NULL; 287 char *rev_arg = NULL;
310 BIGNUM *serial=NULL; 288 BIGNUM *serial=NULL;
289 BIGNUM *crlnumber=NULL;
311 char *startdate=NULL; 290 char *startdate=NULL;
312 char *enddate=NULL; 291 char *enddate=NULL;
313 long days=0; 292 long days=0;
@@ -320,14 +299,13 @@ int MAIN(int argc, char **argv)
320 X509 *x=NULL; 299 X509 *x=NULL;
321 BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; 300 BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
322 char *dbfile=NULL; 301 char *dbfile=NULL;
323 TXT_DB *db=NULL; 302 CA_DB *db=NULL;
324 X509_CRL *crl=NULL; 303 X509_CRL *crl=NULL;
325 X509_REVOKED *r=NULL; 304 X509_REVOKED *r=NULL;
326 ASN1_TIME *tmptm; 305 ASN1_TIME *tmptm;
327 ASN1_INTEGER *tmpser; 306 ASN1_INTEGER *tmpser;
328 char **pp,*p,*f; 307 char **pp,*p,*f;
329 int i,j; 308 int i,j;
330 long l;
331 const EVP_MD *dgst=NULL; 309 const EVP_MD *dgst=NULL;
332 STACK_OF(CONF_VALUE) *attribs=NULL; 310 STACK_OF(CONF_VALUE) *attribs=NULL;
333 STACK_OF(X509) *cert_sk=NULL; 311 STACK_OF(X509) *cert_sk=NULL;
@@ -339,6 +317,7 @@ int MAIN(int argc, char **argv)
339 char *engine = NULL; 317 char *engine = NULL;
340#endif 318#endif
341 char *tofree=NULL; 319 char *tofree=NULL;
320 DB_ATTR db_attr;
342 321
343#ifdef EFENCE 322#ifdef EFENCE
344EF_PROTECT_FREE=1; 323EF_PROTECT_FREE=1;
@@ -588,10 +567,10 @@ bad:
588#else 567#else
589 len = strlen(s)+sizeof(CONFIG_FILE)+1; 568 len = strlen(s)+sizeof(CONFIG_FILE)+1;
590 tofree=OPENSSL_malloc(len); 569 tofree=OPENSSL_malloc(len);
591 strlcpy(tofree,s,len); 570 BUF_strlcpy(tofree,s,len);
592 strlcat(tofree,"/",len); 571 BUF_strlcat(tofree,"/",len);
593#endif 572#endif
594 strlcat(tofree,CONFIG_FILE,len); 573 BUF_strlcat(tofree,CONFIG_FILE,len);
595 configfile=tofree; 574 configfile=tofree;
596 } 575 }
597 576
@@ -662,6 +641,39 @@ bad:
662 if (randfile == NULL) 641 if (randfile == NULL)
663 ERR_clear_error(); 642 ERR_clear_error();
664 app_RAND_load_file(randfile, bio_err, 0); 643 app_RAND_load_file(randfile, bio_err, 0);
644
645 db_attr.unique_subject = 1;
646 p = NCONF_get_string(conf, section, "unique_subject");
647 if (p)
648 {
649#ifdef RL_DEBUG
650 BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
651#endif
652 switch(*p)
653 {
654 case 'f': /* false */
655 case 'F': /* FALSE */
656 case 'n': /* no */
657 case 'N': /* NO */
658 db_attr.unique_subject = 0;
659 break;
660 case 't': /* true */
661 case 'T': /* TRUE */
662 case 'y': /* yes */
663 case 'Y': /* YES */
664 default:
665 db_attr.unique_subject = 1;
666 break;
667 }
668 }
669#ifdef RL_DEBUG
670 else
671 BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
672#endif
673#ifdef RL_DEBUG
674 BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
675 db_attr.unique_subject);
676#endif
665 677
666 in=BIO_new(BIO_s_file()); 678 in=BIO_new(BIO_s_file());
667 out=BIO_new(BIO_s_file()); 679 out=BIO_new(BIO_s_file());
@@ -682,17 +694,10 @@ bad:
682 lookup_fail(section,ENV_DATABASE); 694 lookup_fail(section,ENV_DATABASE);
683 goto err; 695 goto err;
684 } 696 }
685 if (BIO_read_filename(in,dbfile) <= 0) 697 db = load_index(dbfile,&db_attr);
686 {
687 perror(dbfile);
688 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
689 goto err;
690 }
691 db=TXT_DB_read(in,DB_NUMBER);
692 if (db == NULL) goto err; 698 if (db == NULL) goto err;
693 699
694 if (!make_serial_index(db)) 700 if (!index_index(db)) goto err;
695 goto err;
696 701
697 if (get_certificate_status(ser_status,db) != 1) 702 if (get_certificate_status(ser_status,db) != 1)
698 BIO_printf(bio_err,"Error verifying serial %s!\n", 703 BIO_printf(bio_err,"Error verifying serial %s!\n",
@@ -852,19 +857,13 @@ bad:
852 lookup_fail(section,ENV_DATABASE); 857 lookup_fail(section,ENV_DATABASE);
853 goto err; 858 goto err;
854 } 859 }
855 if (BIO_read_filename(in,dbfile) <= 0) 860 db = load_index(dbfile, &db_attr);
856 {
857 perror(dbfile);
858 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
859 goto err;
860 }
861 db=TXT_DB_read(in,DB_NUMBER);
862 if (db == NULL) goto err; 861 if (db == NULL) goto err;
863 862
864 /* Lets check some fields */ 863 /* Lets check some fields */
865 for (i=0; i<sk_num(db->data); i++) 864 for (i=0; i<sk_num(db->db->data); i++)
866 { 865 {
867 pp=(char **)sk_value(db->data,i); 866 pp=(char **)sk_value(db->db->data,i);
868 if ((pp[DB_type][0] != DB_TYPE_REV) && 867 if ((pp[DB_type][0] != DB_TYPE_REV) &&
869 (pp[DB_rev_date][0] != '\0')) 868 (pp[DB_rev_date][0] != '\0'))
870 { 869 {
@@ -915,23 +914,13 @@ bad:
915 out = BIO_push(tmpbio, out); 914 out = BIO_push(tmpbio, out);
916 } 915 }
917#endif 916#endif
918 TXT_DB_write(out,db); 917 TXT_DB_write(out,db->db);
919 BIO_printf(bio_err,"%d entries loaded from the database\n", 918 BIO_printf(bio_err,"%d entries loaded from the database\n",
920 db->data->num); 919 db->db->data->num);
921 BIO_printf(bio_err,"generating index\n"); 920 BIO_printf(bio_err,"generating index\n");
922 } 921 }
923 922
924 if (!make_serial_index(db)) 923 if (!index_index(db)) goto err;
925 goto err;
926
927 if (!TXT_DB_create_index(db, DB_name, index_name_qual,
928 LHASH_HASH_FN(index_name_hash),
929 LHASH_COMP_FN(index_name_cmp)))
930 {
931 BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
932 db->error,db->arg1,db->arg2);
933 goto err;
934 }
935 924
936 /*****************************************************************/ 925 /*****************************************************************/
937 /* Update the db file for expired certificates */ 926 /* Update the db file for expired certificates */
@@ -954,62 +943,9 @@ bad:
954 } 943 }
955 else 944 else
956 { 945 {
957 out = BIO_new(BIO_s_file()); 946 if (!save_index(dbfile,"new",db)) goto err;
958 if (out == NULL) 947
959 { 948 if (!rotate_index(dbfile,"new","old")) goto err;
960 ERR_print_errors(bio_err);
961 goto err;
962 }
963
964#ifndef OPENSSL_SYS_VMS
965 j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
966#else
967 j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
968#endif
969 if (j < 0 || j >= sizeof buf[0])
970 {
971 BIO_printf(bio_err, "file name too long\n");
972 goto err;
973 }
974 if (BIO_write_filename(out,buf[0]) <= 0)
975 {
976 perror(dbfile);
977 BIO_printf(bio_err,"unable to open '%s'\n",
978 dbfile);
979 goto err;
980 }
981 j=TXT_DB_write(out,db);
982 if (j <= 0) goto err;
983
984 BIO_free(out);
985 out = NULL;
986#ifndef OPENSSL_SYS_VMS
987 j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
988#else
989 j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
990#endif
991 if (j < 0 || j >= sizeof buf[1])
992 {
993 BIO_printf(bio_err, "file name too long\n");
994 goto err;
995 }
996 if (rename(dbfile,buf[1]) < 0)
997 {
998 BIO_printf(bio_err,
999 "unable to rename %s to %s\n",
1000 dbfile, buf[1]);
1001 perror("reason");
1002 goto err;
1003 }
1004 if (rename(buf[0],dbfile) < 0)
1005 {
1006 BIO_printf(bio_err,
1007 "unable to rename %s to %s\n",
1008 buf[0],dbfile);
1009 perror("reason");
1010 rename(buf[1],dbfile);
1011 goto err;
1012 }
1013 949
1014 if (verbose) BIO_printf(bio_err, 950 if (verbose) BIO_printf(bio_err,
1015 "Done. %d entries marked as expired\n",i); 951 "Done. %d entries marked as expired\n",i);
@@ -1170,7 +1106,7 @@ bad:
1170 goto err; 1106 goto err;
1171 } 1107 }
1172 1108
1173 if ((serial=load_serial(serialfile)) == NULL) 1109 if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
1174 { 1110 {
1175 BIO_printf(bio_err,"error while loading serial number\n"); 1111 BIO_printf(bio_err,"error while loading serial number\n");
1176 goto err; 1112 goto err;
@@ -1304,38 +1240,9 @@ bad:
1304 1240
1305 BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); 1241 BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
1306 1242
1307 if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) 1243 if (!save_serial(serialfile,"new",serial,NULL)) goto err;
1308 {
1309 BIO_printf(bio_err,"file name too long\n");
1310 goto err;
1311 }
1312
1313 strcpy(buf[0],serialfile);
1314
1315#ifdef OPENSSL_SYS_VMS
1316 strcat(buf[0],"-new");
1317#else
1318 strlcat(buf[0],".new",sizeof(buf[0]));
1319#endif
1320
1321 if (!save_serial(buf[0],serial)) goto err;
1322
1323 strcpy(buf[1],dbfile);
1324 1244
1325#ifdef OPENSSL_SYS_VMS 1245 if (!save_index(dbfile, "new", db)) goto err;
1326 strcat(buf[1],"-new");
1327#else
1328 strlcat(buf[1],".new",sizeof(buf[1]));
1329#endif
1330
1331 if (BIO_write_filename(out,buf[1]) <= 0)
1332 {
1333 perror(dbfile);
1334 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1335 goto err;
1336 }
1337 l=TXT_DB_write(out,db);
1338 if (l <= 0) goto err;
1339 } 1246 }
1340 1247
1341 if (verbose) 1248 if (verbose)
@@ -1359,7 +1266,7 @@ bad:
1359 strcpy(buf[2],outdir); 1266 strcpy(buf[2],outdir);
1360 1267
1361#ifndef OPENSSL_SYS_VMS 1268#ifndef OPENSSL_SYS_VMS
1362 strlcat(buf[2],"/",sizeof(buf[2])); 1269 BUF_strlcat(buf[2],"/",sizeof(buf[2]));
1363#endif 1270#endif
1364 1271
1365 n=(char *)&(buf[2][strlen(buf[2])]); 1272 n=(char *)&(buf[2][strlen(buf[2])]);
@@ -1369,9 +1276,9 @@ bad:
1369 { 1276 {
1370 if (n >= &(buf[2][sizeof(buf[2])])) 1277 if (n >= &(buf[2][sizeof(buf[2])]))
1371 break; 1278 break;
1372 snprintf(n, 1279 BIO_snprintf(n,
1373 &buf[2][0] + sizeof(buf[2]) - n, 1280 &buf[2][0] + sizeof(buf[2]) - n,
1374 "%02X",(unsigned char)*(p++)); 1281 "%02X",(unsigned char)*(p++));
1375 n+=2; 1282 n+=2;
1376 } 1283 }
1377 } 1284 }
@@ -1397,59 +1304,10 @@ bad:
1397 if (sk_X509_num(cert_sk)) 1304 if (sk_X509_num(cert_sk))
1398 { 1305 {
1399 /* Rename the database and the serial file */ 1306 /* Rename the database and the serial file */
1400 strncpy(buf[2],serialfile,BSIZE-4); 1307 if (!rotate_serial(serialfile,"new","old")) goto err;
1401 buf[2][BSIZE-4]='\0';
1402 1308
1403#ifdef OPENSSL_SYS_VMS 1309 if (!rotate_index(dbfile,"new","old")) goto err;
1404 strcat(buf[2],"-old");
1405#else
1406 strlcat(buf[2],".old",sizeof(buf[2]));
1407#endif
1408 1310
1409 BIO_free(in);
1410 BIO_free_all(out);
1411 in=NULL;
1412 out=NULL;
1413 if (rename(serialfile,buf[2]) < 0)
1414 {
1415 BIO_printf(bio_err,"unable to rename %s to %s\n",
1416 serialfile,buf[2]);
1417 perror("reason");
1418 goto err;
1419 }
1420 if (rename(buf[0],serialfile) < 0)
1421 {
1422 BIO_printf(bio_err,"unable to rename %s to %s\n",
1423 buf[0],serialfile);
1424 perror("reason");
1425 rename(buf[2],serialfile);
1426 goto err;
1427 }
1428
1429 strncpy(buf[2],dbfile,BSIZE-4);
1430 buf[2][BSIZE-4]='\0';
1431
1432#ifdef OPENSSL_SYS_VMS
1433 strcat(buf[2],"-old");
1434#else
1435 strlcat(buf[2],".old",sizeof(buf[2]));
1436#endif
1437
1438 if (rename(dbfile,buf[2]) < 0)
1439 {
1440 BIO_printf(bio_err,"unable to rename %s to %s\n",
1441 dbfile,buf[2]);
1442 perror("reason");
1443 goto err;
1444 }
1445 if (rename(buf[1],dbfile) < 0)
1446 {
1447 BIO_printf(bio_err,"unable to rename %s to %s\n",
1448 buf[1],dbfile);
1449 perror("reason");
1450 rename(buf[2],dbfile);
1451 goto err;
1452 }
1453 BIO_printf(bio_err,"Data Base Updated\n"); 1311 BIO_printf(bio_err,"Data Base Updated\n");
1454 } 1312 }
1455 } 1313 }
@@ -1480,6 +1338,14 @@ bad:
1480 } 1338 }
1481 } 1339 }
1482 1340
1341 if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
1342 != NULL)
1343 if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
1344 {
1345 BIO_printf(bio_err,"error while loading CRL number\n");
1346 goto err;
1347 }
1348
1483 if (!crldays && !crlhours) 1349 if (!crldays && !crlhours)
1484 { 1350 {
1485 if (!NCONF_get_number(conf,section, 1351 if (!NCONF_get_number(conf,section,
@@ -1508,9 +1374,9 @@ bad:
1508 1374
1509 ASN1_TIME_free(tmptm); 1375 ASN1_TIME_free(tmptm);
1510 1376
1511 for (i=0; i<sk_num(db->data); i++) 1377 for (i=0; i<sk_num(db->db->data); i++)
1512 { 1378 {
1513 pp=(char **)sk_value(db->data,i); 1379 pp=(char **)sk_value(db->db->data,i);
1514 if (pp[DB_type][0] == DB_TYPE_REV) 1380 if (pp[DB_type][0] == DB_TYPE_REV)
1515 { 1381 {
1516 if ((r=X509_REVOKED_new()) == NULL) goto err; 1382 if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1556,14 +1422,24 @@ bad:
1556 1422
1557 /* Add any extensions asked for */ 1423 /* Add any extensions asked for */
1558 1424
1559 if (crl_ext) 1425 if (crl_ext || crlnumberfile != NULL)
1560 { 1426 {
1561 X509V3_CTX crlctx; 1427 X509V3_CTX crlctx;
1562 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); 1428 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
1563 X509V3_set_nconf(&crlctx, conf); 1429 X509V3_set_nconf(&crlctx, conf);
1564 1430
1565 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, 1431 if (crl_ext)
1566 crl_ext, crl)) goto err; 1432 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
1433 crl_ext, crl)) goto err;
1434 if (crlnumberfile != NULL)
1435 {
1436 tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
1437 if (!tmpser) goto err;
1438 X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
1439 ASN1_INTEGER_free(tmpser);
1440 crl_v2 = 1;
1441 if (!BN_add_word(crlnumber,1)) goto err;
1442 }
1567 } 1443 }
1568 if (crl_ext || crl_v2) 1444 if (crl_ext || crl_v2)
1569 { 1445 {
@@ -1571,9 +1447,17 @@ bad:
1571 goto err; /* version 2 CRL */ 1447 goto err; /* version 2 CRL */
1572 } 1448 }
1573 1449
1450
1451 if (crlnumberfile != NULL) /* we have a CRL number that need updating */
1452 if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
1453
1574 if (!X509_CRL_sign(crl,pkey,dgst)) goto err; 1454 if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
1575 1455
1576 PEM_write_bio_X509_CRL(Sout,crl); 1456 PEM_write_bio_X509_CRL(Sout,crl);
1457
1458 if (crlnumberfile != NULL) /* Rename the crlnumber file */
1459 if (!rotate_serial(crlnumberfile,"new","old")) goto err;
1460
1577 } 1461 }
1578 /*****************************************************************/ 1462 /*****************************************************************/
1579 if (dorevoke) 1463 if (dorevoke)
@@ -1594,50 +1478,10 @@ bad:
1594 if (j <= 0) goto err; 1478 if (j <= 0) goto err;
1595 X509_free(revcert); 1479 X509_free(revcert);
1596 1480
1597 if(strlen(dbfile) > BSIZE-5) 1481 if (!save_index(dbfile, "new", db)) goto err;
1598 { 1482
1599 BIO_printf(bio_err,"filename too long\n"); 1483 if (!rotate_index(dbfile, "new", "old")) goto err;
1600 goto err;
1601 }
1602 1484
1603 strcpy(buf[0],dbfile);
1604#ifndef OPENSSL_SYS_VMS
1605 strlcat(buf[0],".new",sizeof(buf[0]));
1606#else
1607 strcat(buf[0],"-new");
1608#endif
1609 if (BIO_write_filename(out,buf[0]) <= 0)
1610 {
1611 perror(dbfile);
1612 BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
1613 goto err;
1614 }
1615 j=TXT_DB_write(out,db);
1616 if (j <= 0) goto err;
1617 BIO_free_all(out);
1618 out = NULL;
1619 BIO_free_all(in);
1620 in = NULL;
1621 strncpy(buf[1],dbfile,BSIZE-4);
1622 buf[1][BSIZE-4]='\0';
1623#ifndef OPENSSL_SYS_VMS
1624 strlcat(buf[1],".old",sizeof(buf[1]));
1625#else
1626 strcat(buf[1],"-old");
1627#endif
1628 if (rename(dbfile,buf[1]) < 0)
1629 {
1630 BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
1631 perror("reason");
1632 goto err;
1633 }
1634 if (rename(buf[0],dbfile) < 0)
1635 {
1636 BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
1637 perror("reason");
1638 rename(buf[1],dbfile);
1639 goto err;
1640 }
1641 BIO_printf(bio_err,"Data Base Updated\n"); 1485 BIO_printf(bio_err,"Data Base Updated\n");
1642 } 1486 }
1643 } 1487 }
@@ -1659,7 +1503,7 @@ err:
1659 if (free_key && key) 1503 if (free_key && key)
1660 OPENSSL_free(key); 1504 OPENSSL_free(key);
1661 BN_free(serial); 1505 BN_free(serial);
1662 TXT_DB_free(db); 1506 free_index(db);
1663 EVP_PKEY_free(pkey); 1507 EVP_PKEY_free(pkey);
1664 X509_free(x509); 1508 X509_free(x509);
1665 X509_CRL_free(crl); 1509 X509_CRL_free(crl);
@@ -1674,106 +1518,8 @@ static void lookup_fail(char *name, char *tag)
1674 BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); 1518 BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
1675 } 1519 }
1676 1520
1677static unsigned long index_serial_hash(const char **a)
1678 {
1679 const char *n;
1680
1681 n=a[DB_serial];
1682 while (*n == '0') n++;
1683 return(lh_strhash(n));
1684 }
1685
1686static int index_serial_cmp(const char **a, const char **b)
1687 {
1688 const char *aa,*bb;
1689
1690 for (aa=a[DB_serial]; *aa == '0'; aa++);
1691 for (bb=b[DB_serial]; *bb == '0'; bb++);
1692 return(strcmp(aa,bb));
1693 }
1694
1695static unsigned long index_name_hash(const char **a)
1696 { return(lh_strhash(a[DB_name])); }
1697
1698static int index_name_qual(char **a)
1699 { return(a[0][0] == 'V'); }
1700
1701static int index_name_cmp(const char **a, const char **b)
1702 { return(strcmp(a[DB_name],
1703 b[DB_name])); }
1704
1705static BIGNUM *load_serial(char *serialfile)
1706 {
1707 BIO *in=NULL;
1708 BIGNUM *ret=NULL;
1709 MS_STATIC char buf[1024];
1710 ASN1_INTEGER *ai=NULL;
1711
1712 if ((in=BIO_new(BIO_s_file())) == NULL)
1713 {
1714 ERR_print_errors(bio_err);
1715 goto err;
1716 }
1717
1718 if (BIO_read_filename(in,serialfile) <= 0)
1719 {
1720 perror(serialfile);
1721 goto err;
1722 }
1723 ai=ASN1_INTEGER_new();
1724 if (ai == NULL) goto err;
1725 if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
1726 {
1727 BIO_printf(bio_err,"unable to load number from %s\n",
1728 serialfile);
1729 goto err;
1730 }
1731 ret=ASN1_INTEGER_to_BN(ai,NULL);
1732 if (ret == NULL)
1733 {
1734 BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
1735 goto err;
1736 }
1737err:
1738 if (in != NULL) BIO_free(in);
1739 if (ai != NULL) ASN1_INTEGER_free(ai);
1740 return(ret);
1741 }
1742
1743static int save_serial(char *serialfile, BIGNUM *serial)
1744 {
1745 BIO *out;
1746 int ret=0;
1747 ASN1_INTEGER *ai=NULL;
1748
1749 out=BIO_new(BIO_s_file());
1750 if (out == NULL)
1751 {
1752 ERR_print_errors(bio_err);
1753 goto err;
1754 }
1755 if (BIO_write_filename(out,serialfile) <= 0)
1756 {
1757 perror(serialfile);
1758 goto err;
1759 }
1760
1761 if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
1762 {
1763 BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
1764 goto err;
1765 }
1766 i2a_ASN1_INTEGER(out,ai);
1767 BIO_puts(out,"\n");
1768 ret=1;
1769err:
1770 if (out != NULL) BIO_free_all(out);
1771 if (ai != NULL) ASN1_INTEGER_free(ai);
1772 return(ret);
1773 }
1774
1775static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1521static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
1776 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, 1522 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
1777 BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, 1523 BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
1778 long days, int batch, char *ext_sect, CONF *lconf, int verbose, 1524 long days, int batch, char *ext_sect, CONF *lconf, int verbose,
1779 unsigned long certopt, unsigned long nameopt, int default_op, 1525 unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1835,7 +1581,7 @@ err:
1835 } 1581 }
1836 1582
1837static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1583static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
1838 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, 1584 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
1839 BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, 1585 BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
1840 long days, int batch, char *ext_sect, CONF *lconf, int verbose, 1586 long days, int batch, char *ext_sect, CONF *lconf, int verbose,
1841 unsigned long certopt, unsigned long nameopt, int default_op, 1587 unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1889,7 +1635,7 @@ err:
1889 } 1635 }
1890 1636
1891static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 1637static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1892 STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, 1638 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
1893 int email_dn, char *startdate, char *enddate, long days, int batch, 1639 int email_dn, char *startdate, char *enddate, long days, int batch,
1894 int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, 1640 int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
1895 unsigned long certopt, unsigned long nameopt, int default_op, 1641 unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1907,7 +1653,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1907 int ok= -1,i,j,last,nid; 1653 int ok= -1,i,j,last,nid;
1908 char *p; 1654 char *p;
1909 CONF_VALUE *cv; 1655 CONF_VALUE *cv;
1910 char *row[DB_NUMBER],**rrow,**irow=NULL; 1656 char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
1911 char buf[25]; 1657 char buf[25];
1912 1658
1913 tmptm=ASN1_UTCTIME_new(); 1659 tmptm=ASN1_UTCTIME_new();
@@ -2144,15 +1890,19 @@ again2:
2144 goto err; 1890 goto err;
2145 } 1891 }
2146 1892
2147 rrow=TXT_DB_get_by_index(db,DB_name,row); 1893 if (db->attributes.unique_subject)
2148 if (rrow != NULL)
2149 { 1894 {
2150 BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", 1895 rrow=TXT_DB_get_by_index(db->db,DB_name,row);
2151 row[DB_name]); 1896 if (rrow != NULL)
1897 {
1898 BIO_printf(bio_err,
1899 "ERROR:There is already a certificate for %s\n",
1900 row[DB_name]);
1901 }
2152 } 1902 }
2153 else 1903 if (rrow == NULL)
2154 { 1904 {
2155 rrow=TXT_DB_get_by_index(db,DB_serial,row); 1905 rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
2156 if (rrow != NULL) 1906 if (rrow != NULL)
2157 { 1907 {
2158 BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", 1908 BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
@@ -2359,7 +2109,7 @@ again2:
2359 BIO_printf(bio_err,"Memory allocation failure\n"); 2109 BIO_printf(bio_err,"Memory allocation failure\n");
2360 goto err; 2110 goto err;
2361 } 2111 }
2362 strlcpy(row[DB_file],"unknown",8); 2112 BUF_strlcpy(row[DB_file],"unknown",8);
2363 row[DB_type][0]='V'; 2113 row[DB_type][0]='V';
2364 row[DB_type][1]='\0'; 2114 row[DB_type][1]='\0';
2365 2115
@@ -2376,10 +2126,10 @@ again2:
2376 } 2126 }
2377 irow[DB_NUMBER]=NULL; 2127 irow[DB_NUMBER]=NULL;
2378 2128
2379 if (!TXT_DB_insert(db,irow)) 2129 if (!TXT_DB_insert(db->db,irow))
2380 { 2130 {
2381 BIO_printf(bio_err,"failed to update database\n"); 2131 BIO_printf(bio_err,"failed to update database\n");
2382 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); 2132 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
2383 goto err; 2133 goto err;
2384 } 2134 }
2385 ok=1; 2135 ok=1;
@@ -2430,7 +2180,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
2430 } 2180 }
2431 2181
2432static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 2182static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2433 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, 2183 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
2434 BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, 2184 BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
2435 long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, 2185 long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
2436 unsigned long nameopt, int default_op, int ext_copy) 2186 unsigned long nameopt, int default_op, int ext_copy)
@@ -2609,7 +2359,7 @@ static int check_time_format(char *str)
2609 return(ASN1_UTCTIME_check(&tm)); 2359 return(ASN1_UTCTIME_check(&tm));
2610 } 2360 }
2611 2361
2612static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) 2362static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
2613 { 2363 {
2614 ASN1_UTCTIME *tm=NULL; 2364 ASN1_UTCTIME *tm=NULL;
2615 char *row[DB_NUMBER],**rrow,**irow; 2365 char *row[DB_NUMBER],**rrow,**irow;
@@ -2634,10 +2384,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
2634 /* We have to lookup by serial number because name lookup 2384 /* We have to lookup by serial number because name lookup
2635 * skips revoked certs 2385 * skips revoked certs
2636 */ 2386 */
2637 rrow=TXT_DB_get_by_index(db,DB_serial,row); 2387 rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
2638 if (rrow == NULL) 2388 if (rrow == NULL)
2639 { 2389 {
2640 BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); 2390 BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
2641 2391
2642 /* We now just add it to the database */ 2392 /* We now just add it to the database */
2643 row[DB_type]=(char *)OPENSSL_malloc(2); 2393 row[DB_type]=(char *)OPENSSL_malloc(2);
@@ -2660,7 +2410,7 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
2660 BIO_printf(bio_err,"Memory allocation failure\n"); 2410 BIO_printf(bio_err,"Memory allocation failure\n");
2661 goto err; 2411 goto err;
2662 } 2412 }
2663 strlcpy(row[DB_file],"unknown",8); 2413 BUF_strlcpy(row[DB_file],"unknown",8);
2664 row[DB_type][0]='V'; 2414 row[DB_type][0]='V';
2665 row[DB_type][1]='\0'; 2415 row[DB_type][1]='\0';
2666 2416
@@ -2677,10 +2427,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
2677 } 2427 }
2678 irow[DB_NUMBER]=NULL; 2428 irow[DB_NUMBER]=NULL;
2679 2429
2680 if (!TXT_DB_insert(db,irow)) 2430 if (!TXT_DB_insert(db->db,irow))
2681 { 2431 {
2682 BIO_printf(bio_err,"failed to update database\n"); 2432 BIO_printf(bio_err,"failed to update database\n");
2683 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); 2433 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
2684 goto err; 2434 goto err;
2685 } 2435 }
2686 2436
@@ -2725,7 +2475,7 @@ err:
2725 return(ok); 2475 return(ok);
2726 } 2476 }
2727 2477
2728static int get_certificate_status(const char *serial, TXT_DB *db) 2478static int get_certificate_status(const char *serial, CA_DB *db)
2729 { 2479 {
2730 char *row[DB_NUMBER],**rrow; 2480 char *row[DB_NUMBER],**rrow;
2731 int ok=-1,i; 2481 int ok=-1,i;
@@ -2766,7 +2516,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db)
2766 ok=1; 2516 ok=1;
2767 2517
2768 /* Search for the certificate */ 2518 /* Search for the certificate */
2769 rrow=TXT_DB_get_by_index(db,DB_serial,row); 2519 rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
2770 if (rrow == NULL) 2520 if (rrow == NULL)
2771 { 2521 {
2772 BIO_printf(bio_err,"Serial %s not present in db.\n", 2522 BIO_printf(bio_err,"Serial %s not present in db.\n",
@@ -2813,7 +2563,7 @@ err:
2813 return(ok); 2563 return(ok);
2814 } 2564 }
2815 2565
2816static int do_updatedb (TXT_DB *db) 2566static int do_updatedb (CA_DB *db)
2817 { 2567 {
2818 ASN1_UTCTIME *a_tm = NULL; 2568 ASN1_UTCTIME *a_tm = NULL;
2819 int i, cnt = 0; 2569 int i, cnt = 0;
@@ -2839,9 +2589,9 @@ static int do_updatedb (TXT_DB *db)
2839 else 2589 else
2840 a_y2k = 0; 2590 a_y2k = 0;
2841 2591
2842 for (i = 0; i < sk_num(db->data); i++) 2592 for (i = 0; i < sk_num(db->db->data); i++)
2843 { 2593 {
2844 rrow = (char **) sk_value(db->data, i); 2594 rrow = (char **) sk_value(db->db->data, i);
2845 2595
2846 if (rrow[DB_type][0] == 'V') 2596 if (rrow[DB_type][0] == 'V')
2847 { 2597 {
@@ -2984,16 +2734,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
2984 2734
2985 if (!str) return NULL; 2735 if (!str) return NULL;
2986 2736
2987 strlcpy(str, (char *)revtm->data, i); 2737 BUF_strlcpy(str, (char *)revtm->data, i);
2988 if (reason) 2738 if (reason)
2989 { 2739 {
2990 strlcat(str, ",", i); 2740 BUF_strlcat(str, ",", i);
2991 strlcat(str, reason, i); 2741 BUF_strlcat(str, reason, i);
2992 } 2742 }
2993 if (other) 2743 if (other)
2994 { 2744 {
2995 strlcat(str, ",", i); 2745 BUF_strlcat(str, ",", i);
2996 strlcat(str, other, i); 2746 BUF_strlcat(str, other, i);
2997 } 2747 }
2998 ASN1_UTCTIME_free(revtm); 2748 ASN1_UTCTIME_free(revtm);
2999 return str; 2749 return str;
@@ -3328,17 +3078,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
3328 3078
3329 return ret; 3079 return ret;
3330 } 3080 }
3331
3332int make_serial_index(TXT_DB *db)
3333 {
3334 if (!TXT_DB_create_index(db, DB_serial, NULL,
3335 LHASH_HASH_FN(index_serial_hash),
3336 LHASH_COMP_FN(index_serial_cmp)))
3337 {
3338 BIO_printf(bio_err,
3339 "error creating serial number index:(%ld,%ld,%ld)\n",
3340 db->error,db->arg1,db->arg2);
3341 return 0;
3342 }
3343 return 1;
3344 }
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 71298b7524..be25dafef7 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -349,7 +349,7 @@ int MAIN(int argc, char **argv)
349 { 349 {
350 size_t len = strlen(name)+strlen(argv[i])+5; 350 size_t len = strlen(name)+strlen(argv[i])+5;
351 tmp=tofree=OPENSSL_malloc(len); 351 tmp=tofree=OPENSSL_malloc(len);
352 snprintf(tmp,len,"%s(%s)= ",name,argv[i]); 352 BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
353 } 353 }
354 else 354 else
355 tmp=""; 355 tmp="";
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index 9299ab3e13..30378a9542 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -373,9 +373,9 @@ bad:
373 { 373 {
374 char buf[200]; 374 char buf[200];
375 375
376 snprintf(buf,sizeof buf,"enter %s %s password:", 376 BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
377 OBJ_nid2ln(EVP_CIPHER_nid(cipher)), 377 OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
378 (enc)?"encryption":"decryption"); 378 (enc)?"encryption":"decryption");
379 strbuf[0]='\0'; 379 strbuf[0]='\0';
380 i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); 380 i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
381 if (i == 0) 381 if (i == 0)
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c
index 0e7082abb9..12283d0aed 100644
--- a/src/lib/libssl/src/apps/engine.c
+++ b/src/lib/libssl/src/apps/engine.c
@@ -122,8 +122,8 @@ static int append_buf(char **buf, const char *s, int *size, int step)
122 return 0; 122 return 0;
123 123
124 if (**buf != '\0') 124 if (**buf != '\0')
125 strlcat(*buf, ", ", *size); 125 BUF_strlcat(*buf, ", ", *size);
126 strlcat(*buf, s, *size); 126 BUF_strlcat(*buf, s, *size);
127 127
128 return 1; 128 return 1;
129 } 129 }
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index e5f186fd5e..856b797b53 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -68,19 +68,6 @@
68/* Maximum leeway in validity period: default 5 minutes */ 68/* Maximum leeway in validity period: default 5 minutes */
69#define MAX_VALIDITY_PERIOD (5 * 60) 69#define MAX_VALIDITY_PERIOD (5 * 60)
70 70
71/* CA index.txt definitions */
72#define DB_type 0
73#define DB_exp_date 1
74#define DB_rev_date 2
75#define DB_serial 3 /* index - unique */
76#define DB_file 4
77#define DB_name 5 /* index - unique for active */
78#define DB_NUMBER 6
79
80#define DB_TYPE_REV 'R'
81#define DB_TYPE_EXP 'E'
82#define DB_TYPE_VAL 'V'
83
84static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, 71static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
85 STACK_OF(OCSP_CERTID) *ids); 72 STACK_OF(OCSP_CERTID) *ids);
86static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, 73static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
@@ -89,12 +76,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
89 STACK *names, STACK_OF(OCSP_CERTID) *ids, 76 STACK *names, STACK_OF(OCSP_CERTID) *ids,
90 long nsec, long maxage); 77 long nsec, long maxage);
91 78
92static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, 79static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
93 X509 *ca, X509 *rcert, EVP_PKEY *rkey, 80 X509 *ca, X509 *rcert, EVP_PKEY *rkey,
94 STACK_OF(X509) *rother, unsigned long flags, 81 STACK_OF(X509) *rother, unsigned long flags,
95 int nmin, int ndays); 82 int nmin, int ndays);
96 83
97static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser); 84static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
98static BIO *init_responder(char *port); 85static BIO *init_responder(char *port);
99static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); 86static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
100static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); 87static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
@@ -143,7 +130,7 @@ int MAIN(int argc, char **argv)
143 X509 *rca_cert = NULL; 130 X509 *rca_cert = NULL;
144 char *ridx_filename = NULL; 131 char *ridx_filename = NULL;
145 char *rca_filename = NULL; 132 char *rca_filename = NULL;
146 TXT_DB *rdb = NULL; 133 CA_DB *rdb = NULL;
147 int nmin = 0, ndays = -1; 134 int nmin = 0, ndays = -1;
148 135
149 if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 136 if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -700,22 +687,9 @@ int MAIN(int argc, char **argv)
700 687
701 if (ridx_filename && !rdb) 688 if (ridx_filename && !rdb)
702 { 689 {
703 BIO *db_bio = NULL; 690 rdb = load_index(ridx_filename, NULL);
704 db_bio = BIO_new_file(ridx_filename, "r"); 691 if (!rdb) goto end;
705 if (!db_bio) 692 if (!index_index(rdb)) goto end;
706 {
707 BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
708 goto end;
709 }
710 rdb = TXT_DB_read(db_bio, DB_NUMBER);
711 BIO_free(db_bio);
712 if (!rdb)
713 {
714 BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
715 goto end;
716 }
717 if (!make_serial_index(rdb))
718 goto end;
719 } 693 }
720 694
721 if (rdb) 695 if (rdb)
@@ -899,7 +873,7 @@ end:
899 X509_free(cert); 873 X509_free(cert);
900 X509_free(rsigner); 874 X509_free(rsigner);
901 X509_free(rca_cert); 875 X509_free(rca_cert);
902 TXT_DB_free(rdb); 876 free_index(rdb);
903 BIO_free_all(cbio); 877 BIO_free_all(cbio);
904 BIO_free_all(acbio); 878 BIO_free_all(acbio);
905 BIO_free(out); 879 BIO_free(out);
@@ -1041,7 +1015,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
1041 } 1015 }
1042 1016
1043 1017
1044static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, 1018static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
1045 X509 *ca, X509 *rcert, EVP_PKEY *rkey, 1019 X509 *ca, X509 *rcert, EVP_PKEY *rkey,
1046 STACK_OF(X509) *rother, unsigned long flags, 1020 STACK_OF(X509) *rother, unsigned long flags,
1047 int nmin, int ndays) 1021 int nmin, int ndays)
@@ -1133,7 +1107,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *d
1133 1107
1134 } 1108 }
1135 1109
1136static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) 1110static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
1137 { 1111 {
1138 int i; 1112 int i;
1139 BIGNUM *bn = NULL; 1113 BIGNUM *bn = NULL;
@@ -1146,7 +1120,7 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
1146 itmp = BN_bn2hex(bn); 1120 itmp = BN_bn2hex(bn);
1147 row[DB_serial] = itmp; 1121 row[DB_serial] = itmp;
1148 BN_free(bn); 1122 BN_free(bn);
1149 rrow=TXT_DB_get_by_index(db,DB_serial,row); 1123 rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
1150 OPENSSL_free(itmp); 1124 OPENSSL_free(itmp);
1151 return rrow; 1125 return rrow;
1152 } 1126 }
diff --git a/src/lib/libssl/src/apps/openssl.cnf b/src/lib/libssl/src/apps/openssl.cnf
index eca51c3322..854d1f164e 100644
--- a/src/lib/libssl/src/apps/openssl.cnf
+++ b/src/lib/libssl/src/apps/openssl.cnf
@@ -38,10 +38,14 @@ dir = ./demoCA # Where everything is kept
38certs = $dir/certs # Where the issued certs are kept 38certs = $dir/certs # Where the issued certs are kept
39crl_dir = $dir/crl # Where the issued crl are kept 39crl_dir = $dir/crl # Where the issued crl are kept
40database = $dir/index.txt # database index file. 40database = $dir/index.txt # database index file.
41#unique_subject = no # Set to 'no' to allow creation of
42 # several ctificates with same subject.
41new_certs_dir = $dir/newcerts # default place for new certs. 43new_certs_dir = $dir/newcerts # default place for new certs.
42 44
43certificate = $dir/cacert.pem # The CA certificate 45certificate = $dir/cacert.pem # The CA certificate
44serial = $dir/serial # The current serial number 46serial = $dir/serial # The current serial number
47#crlnumber = $dir/crlnumber # the current crl number
48 # must be commented out to leave a V1 CRL
45crl = $dir/crl.pem # The current CRL 49crl = $dir/crl.pem # The current CRL
46private_key = $dir/private/cakey.pem# The private key 50private_key = $dir/private/cakey.pem# The private key
47RANDFILE = $dir/private/.rand # private random number file 51RANDFILE = $dir/private/.rand # private random number file
@@ -58,6 +62,7 @@ cert_opt = ca_default # Certificate field options
58 62
59# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 63# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
60# so this is commented out by default to leave a V1 CRL. 64# so this is commented out by default to leave a V1 CRL.
65# crlnumber must also be commented out to leave a V1 CRL.
61# crl_extensions = crl_ext 66# crl_extensions = crl_ext
62 67
63default_days = 365 # how long to certify for 68default_days = 365 # how long to certify for
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index bb446d6b65..71192bdf74 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -557,7 +557,7 @@ int MAIN(int argc, char **argv)
557 BIO_printf (bio_err, "Can't read Password\n"); 557 BIO_printf (bio_err, "Can't read Password\n");
558 goto export_end; 558 goto export_end;
559 } 559 }
560 if (!twopass) strlcpy(macpass, pass, sizeof macpass); 560 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
561 /* Turn certbags into encrypted authsafe */ 561 /* Turn certbags into encrypted authsafe */
562 authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, 562 authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
563 iter, bags); 563 iter, bags);
@@ -658,7 +658,7 @@ int MAIN(int argc, char **argv)
658 CRYPTO_pop_info(); 658 CRYPTO_pop_info();
659#endif 659#endif
660 660
661 if (!twopass) strlcpy(macpass, pass, sizeof macpass); 661 if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
662 662
663 if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); 663 if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
664 if(macver) { 664 if(macver) {
diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c
index 6c58c67eb2..da4dbe7a07 100644
--- a/src/lib/libssl/src/apps/pkcs7.c
+++ b/src/lib/libssl/src/apps/pkcs7.c
@@ -102,6 +102,9 @@ int MAIN(int argc, char **argv)
102 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 102 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
103 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 103 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
104 104
105 if (!load_config(bio_err, NULL))
106 goto end;
107
105 infile=NULL; 108 infile=NULL;
106 outfile=NULL; 109 outfile=NULL;
107 informat=FORMAT_PEM; 110 informat=FORMAT_PEM;
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index c6464e9401..1a3d1d0dfa 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -824,7 +824,7 @@ loop:
824 if ((x509ss=X509_new()) == NULL) goto end; 824 if ((x509ss=X509_new()) == NULL) goto end;
825 825
826 /* Set version to V3 */ 826 /* Set version to V3 */
827 if(!X509_set_version(x509ss, 2)) goto end; 827 if(extensions && !X509_set_version(x509ss, 2)) goto end;
828 if (serial) 828 if (serial)
829 { 829 {
830 if (!X509_set_serialNumber(x509ss, serial)) goto end; 830 if (!X509_set_serialNumber(x509ss, serial)) goto end;
@@ -1223,7 +1223,7 @@ start: for (;;)
1223 } 1223 }
1224 /* If OBJ not recognised ignore it */ 1224 /* If OBJ not recognised ignore it */
1225 if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; 1225 if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
1226 if (snprintf(buf,sizeof buf,"%s_default",v->name) 1226 if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
1227 >= sizeof buf) 1227 >= sizeof buf)
1228 { 1228 {
1229 BIO_printf(bio_err,"Name '%s' too long\n",v->name); 1229 BIO_printf(bio_err,"Name '%s' too long\n",v->name);
@@ -1236,21 +1236,21 @@ start: for (;;)
1236 def=""; 1236 def="";
1237 } 1237 }
1238 1238
1239 snprintf(buf,sizeof buf,"%s_value",v->name); 1239 BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
1240 if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) 1240 if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
1241 { 1241 {
1242 ERR_clear_error(); 1242 ERR_clear_error();
1243 value=NULL; 1243 value=NULL;
1244 } 1244 }
1245 1245
1246 snprintf(buf,sizeof buf,"%s_min",v->name); 1246 BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
1247 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) 1247 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
1248 { 1248 {
1249 ERR_clear_error(); 1249 ERR_clear_error();
1250 n_min = -1; 1250 n_min = -1;
1251 } 1251 }
1252 1252
1253 snprintf(buf,sizeof buf,"%s_max",v->name); 1253 BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
1254 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) 1254 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
1255 { 1255 {
1256 ERR_clear_error(); 1256 ERR_clear_error();
@@ -1288,7 +1288,7 @@ start2: for (;;)
1288 if ((nid=OBJ_txt2nid(type)) == NID_undef) 1288 if ((nid=OBJ_txt2nid(type)) == NID_undef)
1289 goto start2; 1289 goto start2;
1290 1290
1291 if (snprintf(buf,sizeof buf,"%s_default",type) 1291 if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
1292 >= sizeof buf) 1292 >= sizeof buf)
1293 { 1293 {
1294 BIO_printf(bio_err,"Name '%s' too long\n",v->name); 1294 BIO_printf(bio_err,"Name '%s' too long\n",v->name);
@@ -1303,7 +1303,7 @@ start2: for (;;)
1303 } 1303 }
1304 1304
1305 1305
1306 snprintf(buf,sizeof buf,"%s_value",type); 1306 BIO_snprintf(buf,sizeof buf,"%s_value",type);
1307 if ((value=NCONF_get_string(req_conf,attr_sect,buf)) 1307 if ((value=NCONF_get_string(req_conf,attr_sect,buf))
1308 == NULL) 1308 == NULL)
1309 { 1309 {
@@ -1311,11 +1311,11 @@ start2: for (;;)
1311 value=NULL; 1311 value=NULL;
1312 } 1312 }
1313 1313
1314 snprintf(buf,sizeof buf,"%s_min",type); 1314 BIO_snprintf(buf,sizeof buf,"%s_min",type);
1315 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) 1315 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
1316 n_min = -1; 1316 n_min = -1;
1317 1317
1318 snprintf(buf,sizeof buf,"%s_max",type); 1318 BIO_snprintf(buf,sizeof buf,"%s_max",type);
1319 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) 1319 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
1320 n_max = -1; 1320 n_max = -1;
1321 1321
@@ -1397,8 +1397,8 @@ start:
1397 (void)BIO_flush(bio_err); 1397 (void)BIO_flush(bio_err);
1398 if(value != NULL) 1398 if(value != NULL)
1399 { 1399 {
1400 strlcpy(buf,value,sizeof buf); 1400 BUF_strlcpy(buf,value,sizeof buf);
1401 strlcat(buf,"\n",sizeof buf); 1401 BUF_strlcat(buf,"\n",sizeof buf);
1402 BIO_printf(bio_err,"%s\n",value); 1402 BIO_printf(bio_err,"%s\n",value);
1403 } 1403 }
1404 else 1404 else
@@ -1420,8 +1420,8 @@ start:
1420 { 1420 {
1421 if ((def == NULL) || (def[0] == '\0')) 1421 if ((def == NULL) || (def[0] == '\0'))
1422 return(1); 1422 return(1);
1423 strlcpy(buf,def,sizeof buf); 1423 BUF_strlcpy(buf,def,sizeof buf);
1424 strlcat(buf,"\n",sizeof buf); 1424 BUF_strlcat(buf,"\n",sizeof buf);
1425 } 1425 }
1426 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); 1426 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
1427 1427
@@ -1455,8 +1455,8 @@ start:
1455 (void)BIO_flush(bio_err); 1455 (void)BIO_flush(bio_err);
1456 if (value != NULL) 1456 if (value != NULL)
1457 { 1457 {
1458 strlcpy(buf,value,sizeof buf); 1458 BUF_strlcpy(buf,value,sizeof buf);
1459 strlcat(buf,"\n",sizeof buf); 1459 BUF_strlcat(buf,"\n",sizeof buf);
1460 BIO_printf(bio_err,"%s\n",value); 1460 BIO_printf(bio_err,"%s\n",value);
1461 } 1461 }
1462 else 1462 else
@@ -1478,8 +1478,8 @@ start:
1478 { 1478 {
1479 if ((def == NULL) || (def[0] == '\0')) 1479 if ((def == NULL) || (def[0] == '\0'))
1480 return(1); 1480 return(1);
1481 strlcpy(buf,def,sizeof buf); 1481 BUF_strlcpy(buf,def,sizeof buf);
1482 strlcat(buf,"\n",sizeof buf); 1482 BUF_strlcat(buf,"\n",sizeof buf);
1483 } 1483 }
1484 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); 1484 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
1485 1485
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 5a6fd115f4..5db6fe7cd7 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -97,6 +97,7 @@ int MAIN(int argc, char **argv)
97 EVP_PKEY *pkey = NULL; 97 EVP_PKEY *pkey = NULL;
98 RSA *rsa = NULL; 98 RSA *rsa = NULL;
99 unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; 99 unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
100 char *passargin = NULL, *passin = NULL;
100 int rsa_inlen, rsa_outlen = 0; 101 int rsa_inlen, rsa_outlen = 0;
101 int keysize; 102 int keysize;
102 103
@@ -124,6 +125,9 @@ int MAIN(int argc, char **argv)
124 } else if(!strcmp(*argv, "-inkey")) { 125 } else if(!strcmp(*argv, "-inkey")) {
125 if (--argc < 1) badarg = 1; 126 if (--argc < 1) badarg = 1;
126 keyfile = *(++argv); 127 keyfile = *(++argv);
128 } else if (!strcmp(*argv,"-passin")) {
129 if (--argc < 1) badarg = 1;
130 passargin= *(++argv);
127 } else if (strcmp(*argv,"-keyform") == 0) { 131 } else if (strcmp(*argv,"-keyform") == 0) {
128 if (--argc < 1) badarg = 1; 132 if (--argc < 1) badarg = 1;
129 keyform=str2fmt(*(++argv)); 133 keyform=str2fmt(*(++argv));
@@ -169,6 +173,10 @@ int MAIN(int argc, char **argv)
169#ifndef OPENSSL_NO_ENGINE 173#ifndef OPENSSL_NO_ENGINE
170 e = setup_engine(bio_err, engine, 0); 174 e = setup_engine(bio_err, engine, 0);
171#endif 175#endif
176 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
177 BIO_printf(bio_err, "Error getting password\n");
178 goto end;
179 }
172 180
173/* FIXME: seed PRNG only if needed */ 181/* FIXME: seed PRNG only if needed */
174 app_RAND_load_file(NULL, bio_err, 0); 182 app_RAND_load_file(NULL, bio_err, 0);
@@ -176,7 +184,7 @@ int MAIN(int argc, char **argv)
176 switch(key_type) { 184 switch(key_type) {
177 case KEY_PRIVKEY: 185 case KEY_PRIVKEY:
178 pkey = load_key(bio_err, keyfile, keyform, 0, 186 pkey = load_key(bio_err, keyfile, keyform, 0,
179 NULL, e, "Private Key"); 187 passin, e, "Private Key");
180 break; 188 break;
181 189
182 case KEY_PUBKEY: 190 case KEY_PUBKEY:
@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
290 BIO_free_all(out); 298 BIO_free_all(out);
291 if(rsa_in) OPENSSL_free(rsa_in); 299 if(rsa_in) OPENSSL_free(rsa_in);
292 if(rsa_out) OPENSSL_free(rsa_out); 300 if(rsa_out) OPENSSL_free(rsa_out);
301 if(passin) OPENSSL_free(passin);
293 return ret; 302 return ret;
294} 303}
295 304
@@ -313,6 +322,7 @@ static void usage()
313 BIO_printf(bio_err, "-hexdump hex dump output\n"); 322 BIO_printf(bio_err, "-hexdump hex dump output\n");
314#ifndef OPENSSL_NO_ENGINE 323#ifndef OPENSSL_NO_ENGINE
315 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); 324 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
325 BIO_printf (bio_err, "-passin arg pass phrase source\n");
316#endif 326#endif
317 327
318} 328}
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
index 3b36d2dff8..9f92bcb3ae 100644
--- a/src/lib/libssl/src/apps/s_socket.c
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -378,7 +378,7 @@ redoit:
378 perror("OPENSSL_malloc"); 378 perror("OPENSSL_malloc");
379 return(0); 379 return(0);
380 } 380 }
381 strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); 381 BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
382 382
383 h2=GetHostByName(*host); 383 h2=GetHostByName(*host);
384 if (h2 == NULL) 384 if (h2 == NULL)
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
index 8a699de0ea..7d47057465 100644
--- a/src/lib/libssl/src/apps/s_time.c
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -502,7 +502,7 @@ int MAIN(int argc, char **argv)
502 502
503 if (s_www_path != NULL) 503 if (s_www_path != NULL)
504 { 504 {
505 snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 505 BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
506 SSL_write(scon,buf,strlen(buf)); 506 SSL_write(scon,buf,strlen(buf));
507 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) 507 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
508 bytes_read+=i; 508 bytes_read+=i;
@@ -557,7 +557,7 @@ next:
557 557
558 if (s_www_path != NULL) 558 if (s_www_path != NULL)
559 { 559 {
560 snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 560 BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
561 SSL_write(scon,buf,strlen(buf)); 561 SSL_write(scon,buf,strlen(buf));
562 while (SSL_read(scon,buf,sizeof(buf)) > 0) 562 while (SSL_read(scon,buf,sizeof(buf)) > 0)
563 ; 563 ;
@@ -595,7 +595,7 @@ next:
595 595
596 if (s_www_path) 596 if (s_www_path)
597 { 597 {
598 snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 598 BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
599 SSL_write(scon,buf,strlen(buf)); 599 SSL_write(scon,buf,strlen(buf));
600 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) 600 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
601 bytes_read+=i; 601 bytes_read+=i;
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index ec55b4188c..2412200009 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -773,6 +773,7 @@ int MAIN(int argc, char **argv)
773 { 773 {
774 dsa_doit[R_DSA_512]=1; 774 dsa_doit[R_DSA_512]=1;
775 dsa_doit[R_DSA_1024]=1; 775 dsa_doit[R_DSA_1024]=1;
776 dsa_doit[R_DSA_2048]=1;
776 } 777 }
777 else 778 else
778#endif 779#endif
@@ -1006,6 +1007,9 @@ int MAIN(int argc, char **argv)
1006 c[D_CBC_RC5][0]=count; 1007 c[D_CBC_RC5][0]=count;
1007 c[D_CBC_BF][0]=count; 1008 c[D_CBC_BF][0]=count;
1008 c[D_CBC_CAST][0]=count; 1009 c[D_CBC_CAST][0]=count;
1010 c[D_CBC_128_AES][0]=count;
1011 c[D_CBC_192_AES][0]=count;
1012 c[D_CBC_256_AES][0]=count;
1009 1013
1010 for (i=1; i<SIZE_NUM; i++) 1014 for (i=1; i<SIZE_NUM; i++)
1011 { 1015 {
@@ -1031,6 +1035,9 @@ int MAIN(int argc, char **argv)
1031 c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; 1035 c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
1032 c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; 1036 c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
1033 c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; 1037 c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
1038 c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
1039 c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
1040 c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
1034 } 1041 }
1035#ifndef OPENSSL_NO_RSA 1042#ifndef OPENSSL_NO_RSA
1036 rsa_c[R_RSA_512][0]=count/2000; 1043 rsa_c[R_RSA_512][0]=count/2000;
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 64e233e444..9b95f7bd3f 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -1022,12 +1022,10 @@ end:
1022 OPENSSL_EXIT(ret); 1022 OPENSSL_EXIT(ret);
1023 } 1023 }
1024 1024
1025static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) 1025static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
1026 { 1026 {
1027 char *buf = NULL, *p; 1027 char *buf = NULL, *p;
1028 MS_STATIC char buf2[1024]; 1028 ASN1_INTEGER *bs = NULL;
1029 ASN1_INTEGER *bs = NULL, *bs2 = NULL;
1030 BIO *io = NULL;
1031 BIGNUM *serial = NULL; 1029 BIGNUM *serial = NULL;
1032 size_t len; 1030 size_t len;
1033 1031
@@ -1038,17 +1036,17 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
1038 if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } 1036 if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
1039 if (serialfile == NULL) 1037 if (serialfile == NULL)
1040 { 1038 {
1041 strlcpy(buf,CAfile,len); 1039 BUF_strlcpy(buf,CAfile,len);
1042 for (p=buf; *p; p++) 1040 for (p=buf; *p; p++)
1043 if (*p == '.') 1041 if (*p == '.')
1044 { 1042 {
1045 *p='\0'; 1043 *p='\0';
1046 break; 1044 break;
1047 } 1045 }
1048 strlcat(buf,POSTFIX,len); 1046 BUF_strlcat(buf,POSTFIX,len);
1049 } 1047 }
1050 else 1048 else
1051 strlcpy(buf,serialfile,len); 1049 BUF_strlcpy(buf,serialfile,len);
1052 serial=BN_new(); 1050 serial=BN_new();
1053 bs=ASN1_INTEGER_new(); 1051 bs=ASN1_INTEGER_new();
1054 if ((serial == NULL) || (bs == NULL)) 1052 if ((serial == NULL) || (bs == NULL))
@@ -1057,72 +1055,18 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
1057 goto end; 1055 goto end;
1058 } 1056 }
1059 1057
1060 io=BIO_new(BIO_s_file()); 1058 serial = load_serial(buf, create, NULL);
1061 if (io == NULL) 1059 if (serial == NULL) goto end;
1062 {
1063 ERR_print_errors(bio_err);
1064 goto end;
1065 }
1066
1067 if (BIO_read_filename(io,buf) <= 0)
1068 {
1069 if (!create)
1070 {
1071 perror(buf);
1072 goto end;
1073 }
1074 else
1075 {
1076 ASN1_INTEGER_set(bs,1);
1077 BN_one(serial);
1078 }
1079 }
1080 else
1081 {
1082 if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
1083 {
1084 BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
1085 ERR_print_errors(bio_err);
1086 goto end;
1087 }
1088 else
1089 {
1090 serial=BN_bin2bn(bs->data,bs->length,serial);
1091 if (serial == NULL)
1092 {
1093 BIO_printf(bio_err,"error converting bin 2 bn");
1094 goto end;
1095 }
1096 }
1097 }
1098 1060
1099 if (!BN_add_word(serial,1)) 1061 if (!BN_add_word(serial,1))
1100 { BIO_printf(bio_err,"add_word failure\n"); goto end; } 1062 { BIO_printf(bio_err,"add_word failure\n"); goto end; }
1101 if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
1102 { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
1103 if (BIO_write_filename(io,buf) <= 0)
1104 {
1105 BIO_printf(bio_err,"error attempting to write serial number file\n");
1106 perror(buf);
1107 goto end;
1108 }
1109 i2a_ASN1_INTEGER(io,bs2);
1110 BIO_puts(io,"\n");
1111 1063
1112 BIO_free(io); 1064 if (!save_serial(buf, NULL, serial, &bs)) goto end;
1113 if (buf) OPENSSL_free(buf);
1114 ASN1_INTEGER_free(bs2);
1115 BN_free(serial);
1116 io=NULL;
1117 return bs;
1118 1065
1119 end: 1066 end:
1120 if (buf) OPENSSL_free(buf); 1067 if (buf) OPENSSL_free(buf);
1121 BIO_free(io);
1122 ASN1_INTEGER_free(bs);
1123 BN_free(serial); 1068 BN_free(serial);
1124 return NULL; 1069 return bs;
1125
1126 } 1070 }
1127 1071
1128static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, 1072static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
@@ -1144,7 +1088,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
1144 goto end; 1088 goto end;
1145 } 1089 }
1146 if (sno) bs = sno; 1090 if (sno) bs = sno;
1147 else if (!(bs = load_serial(CAfile, serialfile, create))) 1091 else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
1148 goto end; 1092 goto end;
1149 1093
1150/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ 1094/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
diff --git a/src/lib/libssl/src/certs/vsign3.pem b/src/lib/libssl/src/certs/vsign3.pem
index aa5bb4c1f3..4b8c0251cb 100644
--- a/src/lib/libssl/src/certs/vsign3.pem
+++ b/src/lib/libssl/src/certs/vsign3.pem
@@ -1,18 +1,17 @@
1subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 1subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
2notBefore=Jan 29 00:00:00 1996 GMT 2notBefore=Jan 29 00:00:00 1996 GMT
3notAfter=Jan 7 23:59:59 2004 GMT 3notAfter=Aug 1 23:59:59 2028 GMT
4-----BEGIN CERTIFICATE----- 4-----BEGIN CERTIFICATE-----
5MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ 5MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
6BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh 6A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
7c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 7cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
8NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD 8MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
9VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp 9BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
10bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB 10YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
11jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo 11ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
12RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4 12BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
13rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN 13I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
14BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp 14CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
15STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH 15lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
16ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ 16AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
17pA==
18-----END CERTIFICATE----- 17-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index b3bd96bbfc..25a3703c1f 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
134 HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'` 134 HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
135 case "$HPUXVER" in 135 case "$HPUXVER" in
136 1[0-9].*) # HPUX 10 and 11 targets are unified 136 1[0-9].*) # HPUX 10 and 11 targets are unified
137 echo "${MACHINE}-hp-hpux10"; exit 0 137 echo "${MACHINE}-hp-hpux1x"; exit 0
138 ;; 138 ;;
139 *) 139 *)
140 echo "${MACHINE}-hp-hpux"; exit 0 140 echo "${MACHINE}-hp-hpux"; exit 0
@@ -410,9 +410,10 @@ if [ "$SYSTEM" = "HP-UX" ];then
410 GCC_BITS="32" 410 GCC_BITS="32"
411 if [ $GCCVER -ge 30 ]; then 411 if [ $GCCVER -ge 30 ]; then
412 # PA64 support only came in with gcc 3.0.x. 412 # PA64 support only came in with gcc 3.0.x.
413 # We look for the preprocessor symbol __LP64__ indicating 413 # We check if the preprocessor symbol __LP64__ is defined...
414 # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64. 414 if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
415 if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then 415 : # __LP64__ has slipped through, it therefore is not defined
416 else
416 GCC_BITS="64" 417 GCC_BITS="64"
417 fi 418 fi
418 fi 419 fi
@@ -685,7 +686,7 @@ EOF
685 if [ $CC = "gcc" ]; 686 if [ $CC = "gcc" ];
686 then 687 then
687 if [ $GCC_BITS = "64" ]; then 688 if [ $GCC_BITS = "64" ]; then
688 OUT="hpux64-parisc-gcc" 689 OUT="hpux64-parisc2-gcc"
689 else 690 else
690 OUT="hpux-parisc-gcc" 691 OUT="hpux-parisc-gcc"
691 fi 692 fi
@@ -700,7 +701,7 @@ EOF
700 if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU 701 if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
701 echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi." 702 echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
702 echo " If you wish to build 32-bit library, the you have to" 703 echo " If you wish to build 32-bit library, the you have to"
703 echo " invoke './Configure hpux-ia32-cc' *manually*." 704 echo " invoke './Configure hpux-ia64-cc' *manually*."
704 if [ "$TEST" = "false" ]; then 705 if [ "$TEST" = "false" ]; then
705 echo " You have about 5 seconds to press Ctrl-C to abort." 706 echo " You have about 5 seconds to press Ctrl-C to abort."
706 (stty -icanon min 0 time 50; read waste) < /dev/tty 707 (stty -icanon min 0 time 50; read waste) < /dev/tty
diff --git a/src/lib/libssl/src/crypto/Makefile.ssl b/src/lib/libssl/src/crypto/Makefile.ssl
index 3071e3cb86..b9951a4600 100644
--- a/src/lib/libssl/src/crypto/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/Makefile.ssl
@@ -50,7 +50,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
50top: 50top:
51 @(cd ..; $(MAKE) DIRS=$(DIR) all) 51 @(cd ..; $(MAKE) DIRS=$(DIR) all)
52 52
53all: buildinf.h lib subdirs shared 53all: shared
54 54
55buildinf.h: ../Makefile.ssl 55buildinf.h: ../Makefile.ssl
56 ( echo "#ifndef MK1MF_BUILD"; \ 56 ( echo "#ifndef MK1MF_BUILD"; \
@@ -96,7 +96,7 @@ lib: $(LIBOBJ)
96 $(RANLIB) $(LIB) || echo Never mind. 96 $(RANLIB) $(LIB) || echo Never mind.
97 @touch lib 97 @touch lib
98 98
99shared: 99shared: buildinf.h lib subdirs
100 if [ -n "$(SHARED_LIBS)" ]; then \ 100 if [ -n "$(SHARED_LIBS)" ]; then \
101 (cd ..; $(MAKE) $(SHARED_LIB)); \ 101 (cd ..; $(MAKE) $(SHARED_LIB)); \
102 fi 102 fi
diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c
index 86b27b10d6..1222a21002 100644
--- a/src/lib/libssl/src/crypto/aes/aes_cbc.c
+++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c
@@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
104 memcpy(tmp, in, AES_BLOCK_SIZE); 104 memcpy(tmp, in, AES_BLOCK_SIZE);
105 AES_decrypt(tmp, tmp, key); 105 AES_decrypt(tmp, tmp, key);
106 for(n=0; n < len; ++n) 106 for(n=0; n < len; ++n)
107 out[n] ^= ivec[n]; 107 out[n] = tmp[n] ^ ivec[n];
108 memcpy(ivec, tmp, AES_BLOCK_SIZE); 108 memcpy(ivec, tmp, AES_BLOCK_SIZE);
109 } 109 }
110 } 110 }
diff --git a/src/lib/libssl/src/crypto/asn1/a_gentm.c b/src/lib/libssl/src/crypto/asn1/a_gentm.c
index 48b923de1f..8581007868 100644
--- a/src/lib/libssl/src/crypto/asn1/a_gentm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_gentm.c
@@ -220,7 +220,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
220 return(NULL); 220 return(NULL);
221 221
222 p=(char *)s->data; 222 p=(char *)s->data;
223 if ((p == NULL) || (s->length < len)) 223 if ((p == NULL) || ((size_t)s->length < len))
224 { 224 {
225 p=OPENSSL_malloc(len); 225 p=OPENSSL_malloc(len);
226 if (p == NULL) return(NULL); 226 if (p == NULL) return(NULL);
@@ -229,8 +229,8 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
229 s->data=(unsigned char *)p; 229 s->data=(unsigned char *)p;
230 } 230 }
231 231
232 snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, 232 BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
233 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); 233 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
234 s->length=strlen(p); 234 s->length=strlen(p);
235 s->type=V_ASN1_GENERALIZEDTIME; 235 s->type=V_ASN1_GENERALIZEDTIME;
236#ifdef CHARSET_EBCDIC_not 236#ifdef CHARSET_EBCDIC_not
diff --git a/src/lib/libssl/src/crypto/asn1/a_mbstr.c b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
index c811b11776..208b3ec395 100644
--- a/src/lib/libssl/src/crypto/asn1/a_mbstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
145 145
146 if((minsize > 0) && (nchar < minsize)) { 146 if((minsize > 0) && (nchar < minsize)) {
147 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); 147 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
148 snprintf(strbuf, sizeof strbuf, "%ld", minsize); 148 BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
149 ERR_add_error_data(2, "minsize=", strbuf); 149 ERR_add_error_data(2, "minsize=", strbuf);
150 return -1; 150 return -1;
151 } 151 }
152 152
153 if((maxsize > 0) && (nchar > maxsize)) { 153 if((maxsize > 0) && (nchar > maxsize)) {
154 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); 154 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
155 snprintf(strbuf, sizeof strbuf, "%ld", maxsize); 155 BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
156 ERR_add_error_data(2, "maxsize=", strbuf); 156 ERR_add_error_data(2, "maxsize=", strbuf);
157 return -1; 157 return -1;
158 } 158 }
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c
index 8abfdfe598..bde666a6ff 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strex.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strex.c
@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
285 -1, -1, 0, -1, /* 10-13 */ 285 -1, -1, 0, -1, /* 10-13 */
286 -1, -1, -1, -1, /* 15-17 */ 286 -1, -1, -1, -1, /* 15-17 */
287 -1, 1, 1, /* 18-20 */ 287 -1, 1, 1, /* 18-20 */
288 -1, 1, -1,-1, /* 21-24 */ 288 -1, 1, 1, 1, /* 21-24 */
289 -1, 1, -1, /* 25-27 */ 289 -1, 1, -1, /* 25-27 */
290 4, -1, 2 /* 28-30 */ 290 4, -1, 2 /* 28-30 */
291}; 291};
diff --git a/src/lib/libssl/src/crypto/asn1/a_time.c b/src/lib/libssl/src/crypto/asn1/a_time.c
index b8c031fc8f..159681fbcb 100644
--- a/src/lib/libssl/src/crypto/asn1/a_time.c
+++ b/src/lib/libssl/src/crypto/asn1/a_time.c
@@ -155,10 +155,10 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
155 newlen = t->length + 2 + 1; 155 newlen = t->length + 2 + 1;
156 str = (char *)ret->data; 156 str = (char *)ret->data;
157 /* Work out the century and prepend */ 157 /* Work out the century and prepend */
158 if (t->data[0] >= '5') strlcpy(str, "19", newlen); 158 if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
159 else strlcpy(str, "20", newlen); 159 else BUF_strlcpy(str, "20", newlen);
160 160
161 strlcat(str, (char *)t->data, newlen); 161 BUF_strlcat(str, (char *)t->data, newlen);
162 162
163 return ret; 163 return ret;
164 } 164 }
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c
index 41f6d421bb..999852dae5 100644
--- a/src/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -200,7 +200,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
200 return(NULL); 200 return(NULL);
201 201
202 p=(char *)s->data; 202 p=(char *)s->data;
203 if ((p == NULL) || (s->length < len)) 203 if ((p == NULL) || ((size_t)s->length < len))
204 { 204 {
205 p=OPENSSL_malloc(len); 205 p=OPENSSL_malloc(len);
206 if (p == NULL) return(NULL); 206 if (p == NULL) return(NULL);
@@ -209,8 +209,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
209 s->data=(unsigned char *)p; 209 s->data=(unsigned char *)p;
210 } 210 }
211 211
212 snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, 212 BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
213 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); 213 ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
214 s->length=strlen(p); 214 s->length=strlen(p);
215 s->type=V_ASN1_UTCTIME; 215 s->type=V_ASN1_UTCTIME;
216#ifdef CHARSET_EBCDIC_not 216#ifdef CHARSET_EBCDIC_not
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index aed2895400..a74f1368d3 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
414 { 414 {
415 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; 415 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
416 416
417 snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); 417 BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
418 snprintf(buf2,sizeof buf2,"%d",offset); 418 BIO_snprintf(buf2,sizeof buf2,"%d",offset);
419 ERR_add_error_data(4,"address=",buf1," offset=",buf2); 419 ERR_add_error_data(4,"address=",buf1," offset=",buf2);
420 } 420 }
421 421
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c
index 1799657141..676d434f03 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_par.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c
@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
83 83
84 p=str; 84 p=str;
85 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) 85 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
86 snprintf(str,sizeof str,"priv [ %d ] ",tag); 86 BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
87 else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) 87 else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
88 snprintf(str,sizeof str,"cont [ %d ]",tag); 88 BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
89 else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) 89 else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
90 snprintf(str,sizeof str,"appl [ %d ]",tag); 90 BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
91 else p = ASN1_tag2str(tag); 91 else p = ASN1_tag2str(tag);
92 92
93 if (p2 != NULL) 93 if (p2 != NULL)
diff --git a/src/lib/libssl/src/crypto/asn1/asn_moid.c b/src/lib/libssl/src/crypto/asn1/asn_moid.c
index be20db4bad..edb44c988f 100644
--- a/src/lib/libssl/src/crypto/asn1/asn_moid.c
+++ b/src/lib/libssl/src/crypto/asn1/asn_moid.c
@@ -87,9 +87,14 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
87 } 87 }
88 } 88 }
89 return 1; 89 return 1;
90} 90 }
91
92static void oid_module_finish(CONF_IMODULE *md)
93 {
94 OBJ_cleanup();
95 }
91 96
92void ASN1_add_oid_module(void) 97void ASN1_add_oid_module(void)
93 { 98 {
94 CONF_module_add("oid_section", oid_module_init, 0); 99 CONF_module_add("oid_section", oid_module_init, oid_module_finish);
95 } 100 }
diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c
index e1c5e5ae13..d15006e654 100644
--- a/src/lib/libssl/src/crypto/asn1/t_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c
@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
139 } 139 }
140 140
141 if (x->d == NULL) 141 if (x->d == NULL)
142 snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); 142 BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
143 else 143 else
144 strlcpy(str,"modulus:",sizeof str); 144 BUF_strlcpy(str,"modulus:",sizeof str);
145 if (!print(bp,str,x->n,m,off)) goto err; 145 if (!print(bp,str,x->n,m,off)) goto err;
146 s=(x->d == NULL)?"Exponent:":"publicExponent:"; 146 s=(x->d == NULL)?"Exponent:":"publicExponent:";
147 if (!print(bp,s,x->e,m,off)) goto err; 147 if (!print(bp,s,x->e,m,off)) goto err;
diff --git a/src/lib/libssl/src/crypto/bf/Makefile.ssl b/src/lib/libssl/src/crypto/bf/Makefile.ssl
index 7dfdf9d871..be3ad77a05 100644
--- a/src/lib/libssl/src/crypto/bf/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bf/Makefile.ssl
@@ -22,6 +22,7 @@ BF_ENC= bf_enc.o
22#DES_ENC= bx86-elf.o 22#DES_ENC= bx86-elf.o
23 23
24CFLAGS= $(INCLUDES) $(CFLAG) 24CFLAGS= $(INCLUDES) $(CFLAG)
25ASFLAGS= $(INCLUDES) $(ASFLAG)
25 26
26GENERAL=Makefile 27GENERAL=Makefile
27TEST=bftest.c 28TEST=bftest.c
diff --git a/src/lib/libssl/src/crypto/bio/b_dump.c b/src/lib/libssl/src/crypto/bio/b_dump.c
index 983604fb49..f671e722fa 100644
--- a/src/lib/libssl/src/crypto/bio/b_dump.c
+++ b/src/lib/libssl/src/crypto/bio/b_dump.c
@@ -104,41 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
104 for(i=0;i<rows;i++) 104 for(i=0;i<rows;i++)
105 { 105 {
106 buf[0]='\0'; /* start with empty string */ 106 buf[0]='\0'; /* start with empty string */
107 strlcpy(buf,str,sizeof buf); 107 BUF_strlcpy(buf,str,sizeof buf);
108 snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width); 108 BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
109 strlcat(buf,tmp,sizeof buf); 109 BUF_strlcat(buf,tmp,sizeof buf);
110 for(j=0;j<dump_width;j++) 110 for(j=0;j<dump_width;j++)
111 { 111 {
112 if (((i*dump_width)+j)>=len) 112 if (((i*dump_width)+j)>=len)
113 { 113 {
114 strlcat(buf," ",sizeof buf); 114 BUF_strlcat(buf," ",sizeof buf);
115 } 115 }
116 else 116 else
117 { 117 {
118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
119 snprintf(tmp,sizeof tmp,"%02x%c",ch, 119 BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
120 j==7?'-':' '); 120 j==7?'-':' ');
121 strlcat(buf,tmp,sizeof buf); 121 BUF_strlcat(buf,tmp,sizeof buf);
122 } 122 }
123 } 123 }
124 strlcat(buf," ",sizeof buf); 124 BUF_strlcat(buf," ",sizeof buf);
125 for(j=0;j<dump_width;j++) 125 for(j=0;j<dump_width;j++)
126 { 126 {
127 if (((i*dump_width)+j)>=len) 127 if (((i*dump_width)+j)>=len)
128 break; 128 break;
129 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 129 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
130#ifndef CHARSET_EBCDIC 130#ifndef CHARSET_EBCDIC
131 snprintf(tmp,sizeof tmp,"%c", 131 BIO_snprintf(tmp,sizeof tmp,"%c",
132 ((ch>=' ')&&(ch<='~'))?ch:'.'); 132 ((ch>=' ')&&(ch<='~'))?ch:'.');
133#else 133#else
134 snprintf(tmp,sizeof tmp,"%c", 134 BIO_snprintf(tmp,sizeof tmp,"%c",
135 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) 135 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
136 ? os_toebcdic[ch] 136 ? os_toebcdic[ch]
137 : '.'); 137 : '.');
138#endif 138#endif
139 strlcat(buf,tmp,sizeof buf); 139 BUF_strlcat(buf,tmp,sizeof buf);
140 } 140 }
141 strlcat(buf,"\n",sizeof buf); 141 BUF_strlcat(buf,"\n",sizeof buf);
142 /* if this is the last call then update the ddt_dump thing so that 142 /* if this is the last call then update the ddt_dump thing so that
143 * we will move the selection point in the debug window 143 * we will move the selection point in the debug window
144 */ 144 */
@@ -147,7 +147,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
147#ifdef TRUNCATE 147#ifdef TRUNCATE
148 if (trunc > 0) 148 if (trunc > 0)
149 { 149 {
150 snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str, 150 BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
151 len+trunc); 151 len+trunc);
152 ret+=BIO_write(bio,(char *)buf,strlen(buf)); 152 ret+=BIO_write(bio,(char *)buf,strlen(buf));
153 } 153 }
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index 2cfc689dd6..fbff331796 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -576,12 +576,12 @@ abs_val(LDOUBLE value)
576} 576}
577 577
578static LDOUBLE 578static LDOUBLE
579pow10(int exp) 579pow10(int in_exp)
580{ 580{
581 LDOUBLE result = 1; 581 LDOUBLE result = 1;
582 while (exp) { 582 while (in_exp) {
583 result *= 10; 583 result *= 10;
584 exp--; 584 in_exp--;
585 } 585 }
586 return result; 586 return result;
587} 587}
@@ -652,8 +652,8 @@ fmtfp(
652 (caps ? "0123456789ABCDEF" 652 (caps ? "0123456789ABCDEF"
653 : "0123456789abcdef")[intpart % 10]; 653 : "0123456789abcdef")[intpart % 10];
654 intpart = (intpart / 10); 654 intpart = (intpart / 10);
655 } while (intpart && (iplace < sizeof iplace)); 655 } while (intpart && (iplace < sizeof iconvert));
656 if (iplace == sizeof iplace) 656 if (iplace == sizeof iconvert)
657 iplace--; 657 iplace--;
658 iconvert[iplace] = 0; 658 iconvert[iplace] = 0;
659 659
@@ -664,7 +664,7 @@ fmtfp(
664 : "0123456789abcdef")[fracpart % 10]; 664 : "0123456789abcdef")[fracpart % 10];
665 fracpart = (fracpart / 10); 665 fracpart = (fracpart / 10);
666 } while (fplace < max); 666 } while (fplace < max);
667 if (fplace == sizeof fplace) 667 if (fplace == sizeof fconvert)
668 fplace--; 668 fplace--;
669 fconvert[fplace] = 0; 669 fconvert[fplace] = 0;
670 670
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c
index 5282f8a8f7..c851298d1e 100644
--- a/src/lib/libssl/src/crypto/bio/b_sock.c
+++ b/src/lib/libssl/src/crypto/bio/b_sock.c
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
709 } 709 }
710 *addr=p; 710 *addr=p;
711 } 711 }
712 snprintf(*addr,24,"%d.%d.%d.%d:%d", 712 BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
713 (unsigned char)(l>>24L)&0xff, 713 (unsigned char)(l>>24L)&0xff,
714 (unsigned char)(l>>16L)&0xff, 714 (unsigned char)(l>>16L)&0xff,
715 (unsigned char)(l>> 8L)&0xff, 715 (unsigned char)(l>> 8L)&0xff,
716 (unsigned char)(l )&0xff, 716 (unsigned char)(l )&0xff,
717 port); 717 port);
718end: 718end:
719 return(ret); 719 return(ret);
720 } 720 }
diff --git a/src/lib/libssl/src/crypto/bio/bio_cb.c b/src/lib/libssl/src/crypto/bio/bio_cb.c
index ee9159ebd8..6f4254a114 100644
--- a/src/lib/libssl/src/crypto/bio/bio_cb.c
+++ b/src/lib/libssl/src/crypto/bio/bio_cb.c
@@ -75,56 +75,56 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
75 if (BIO_CB_RETURN & cmd) 75 if (BIO_CB_RETURN & cmd)
76 r=ret; 76 r=ret;
77 77
78 snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio); 78 BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
79 p= &(buf[14]); 79 p= &(buf[14]);
80 p_maxlen = sizeof buf - 14; 80 p_maxlen = sizeof buf - 14;
81 switch (cmd) 81 switch (cmd)
82 { 82 {
83 case BIO_CB_FREE: 83 case BIO_CB_FREE:
84 snprintf(p,p_maxlen,"Free - %s\n",bio->method->name); 84 BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
85 break; 85 break;
86 case BIO_CB_READ: 86 case BIO_CB_READ:
87 if (bio->method->type & BIO_TYPE_DESCRIPTOR) 87 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
88 snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", 88 BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
89 bio->num,argi,bio->method->name,bio->num); 89 bio->num,argi,bio->method->name,bio->num);
90 else 90 else
91 snprintf(p,p_maxlen,"read(%d,%d) - %s\n", 91 BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
92 bio->num,argi,bio->method->name); 92 bio->num,argi,bio->method->name);
93 break; 93 break;
94 case BIO_CB_WRITE: 94 case BIO_CB_WRITE:
95 if (bio->method->type & BIO_TYPE_DESCRIPTOR) 95 if (bio->method->type & BIO_TYPE_DESCRIPTOR)
96 snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", 96 BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
97 bio->num,argi,bio->method->name,bio->num); 97 bio->num,argi,bio->method->name,bio->num);
98 else 98 else
99 snprintf(p,p_maxlen,"write(%d,%d) - %s\n", 99 BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
100 bio->num,argi,bio->method->name); 100 bio->num,argi,bio->method->name);
101 break; 101 break;
102 case BIO_CB_PUTS: 102 case BIO_CB_PUTS:
103 snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); 103 BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
104 break; 104 break;
105 case BIO_CB_GETS: 105 case BIO_CB_GETS:
106 snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); 106 BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
107 break; 107 break;
108 case BIO_CB_CTRL: 108 case BIO_CB_CTRL:
109 snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); 109 BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
110 break; 110 break;
111 case BIO_CB_RETURN|BIO_CB_READ: 111 case BIO_CB_RETURN|BIO_CB_READ:
112 snprintf(p,p_maxlen,"read return %ld\n",ret); 112 BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
113 break; 113 break;
114 case BIO_CB_RETURN|BIO_CB_WRITE: 114 case BIO_CB_RETURN|BIO_CB_WRITE:
115 snprintf(p,p_maxlen,"write return %ld\n",ret); 115 BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
116 break; 116 break;
117 case BIO_CB_RETURN|BIO_CB_GETS: 117 case BIO_CB_RETURN|BIO_CB_GETS:
118 snprintf(p,p_maxlen,"gets return %ld\n",ret); 118 BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
119 break; 119 break;
120 case BIO_CB_RETURN|BIO_CB_PUTS: 120 case BIO_CB_RETURN|BIO_CB_PUTS:
121 snprintf(p,p_maxlen,"puts return %ld\n",ret); 121 BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
122 break; 122 break;
123 case BIO_CB_RETURN|BIO_CB_CTRL: 123 case BIO_CB_RETURN|BIO_CB_CTRL:
124 snprintf(p,p_maxlen,"ctrl return %ld\n",ret); 124 BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
125 break; 125 break;
126 default: 126 default:
127 snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd); 127 BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
128 break; 128 break;
129 } 129 }
130 130
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c
index 8c694140ed..f5d0e759e2 100644
--- a/src/lib/libssl/src/crypto/bio/bss_conn.c
+++ b/src/lib/libssl/src/crypto/bio/bss_conn.c
@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
521 char buf[16]; 521 char buf[16];
522 unsigned char *p = ptr; 522 unsigned char *p = ptr;
523 523
524 snprintf(buf,sizeof buf,"%d.%d.%d.%d", 524 BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
525 p[0],p[1],p[2],p[3]); 525 p[0],p[1],p[2],p[3]);
526 if (data->param_hostname != NULL) 526 if (data->param_hostname != NULL)
527 OPENSSL_free(data->param_hostname); 527 OPENSSL_free(data->param_hostname);
528 data->param_hostname=BUF_strdup(buf); 528 data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
532 { 532 {
533 char buf[DECIMAL_SIZE(int)+1]; 533 char buf[DECIMAL_SIZE(int)+1];
534 534
535 snprintf(buf,sizeof buf,"%d",*(int *)ptr); 535 BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
536 if (data->param_port != NULL) 536 if (data->param_port != NULL)
537 OPENSSL_free(data->param_port); 537 OPENSSL_free(data->param_port);
538 data->param_port=BUF_strdup(buf); 538 data->param_port=BUF_strdup(buf);
diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c
index 0ca603ee0a..9cdf159f82 100644
--- a/src/lib/libssl/src/crypto/bio/bss_file.c
+++ b/src/lib/libssl/src/crypto/bio/bss_file.c
@@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
249 if (num & BIO_FP_APPEND) 249 if (num & BIO_FP_APPEND)
250 { 250 {
251 if (num & BIO_FP_READ) 251 if (num & BIO_FP_READ)
252 strlcpy(p,"a+",sizeof p); 252 BUF_strlcpy(p,"a+",sizeof p);
253 else strlcpy(p,"a",sizeof p); 253 else BUF_strlcpy(p,"a",sizeof p);
254 } 254 }
255 else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) 255 else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
256 strlcpy(p,"r+",sizeof p); 256 BUF_strlcpy(p,"r+",sizeof p);
257 else if (num & BIO_FP_WRITE) 257 else if (num & BIO_FP_WRITE)
258 strlcpy(p,"w",sizeof p); 258 BUF_strlcpy(p,"w",sizeof p);
259 else if (num & BIO_FP_READ) 259 else if (num & BIO_FP_READ)
260 strlcpy(p,"r",sizeof p); 260 BUF_strlcpy(p,"r",sizeof p);
261 else 261 else
262 { 262 {
263 BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); 263 BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
diff --git a/src/lib/libssl/src/crypto/bn/Makefile.ssl b/src/lib/libssl/src/crypto/bn/Makefile.ssl
index 0c6e796d17..50892ef44c 100644
--- a/src/lib/libssl/src/crypto/bn/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/bn/Makefile.ssl
@@ -120,6 +120,9 @@ asm/ia64-cpp.o: asm/ia64.S
120 120
121asm/x86_64-gcc.o: asm/x86_64-gcc.c 121asm/x86_64-gcc.o: asm/x86_64-gcc.c
122 122
123asm/pa-risc2W.o: asm/pa-risc2W.s
124 /usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
125
123files: 126files:
124 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO 127 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
125 128
diff --git a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
index 9a78f63be1..c4de4a2bee 100644
--- a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl
@@ -11,7 +11,7 @@ require "x86asm.pl";
11&bn_div_words("bn_div_words"); 11&bn_div_words("bn_div_words");
12&bn_add_words("bn_add_words"); 12&bn_add_words("bn_add_words");
13&bn_sub_words("bn_sub_words"); 13&bn_sub_words("bn_sub_words");
14&bn_sub_part_words("bn_sub_part_words") unless $main'openbsd; 14#&bn_sub_part_words("bn_sub_part_words");
15 15
16&asm_finish(); 16&asm_finish();
17 17
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
index 5614bc6164..253e195e23 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -433,19 +433,18 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
433int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); 433int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
434int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, 434int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
435 int cl, int dl); 435 int cl, int dl);
436#if 0 436#ifdef BN_RECURSION
437/* bn_mul.c rollback <appro> */ 437void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
438void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 438 BN_ULONG *t);
439 int dna,int dnb,BN_ULONG *t); 439void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
440void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, 440 int n, BN_ULONG *t);
441 int n,int tna,int tnb,BN_ULONG *t);
442#endif
443void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
444void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
445void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, 441void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
446 BN_ULONG *t); 442 BN_ULONG *t);
447void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, 443void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
448 BN_ULONG *t); 444 BN_ULONG *t);
445void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
446#endif
447void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
449 448
450#ifdef __cplusplus 449#ifdef __cplusplus
451} 450}
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index 463463cfcb..e1660450bc 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -145,11 +145,11 @@ char *BN_options(void)
145 { 145 {
146 init++; 146 init++;
147#ifdef BN_LLONG 147#ifdef BN_LLONG
148 snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8, 148 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
149 (int)sizeof(BN_ULONG)*8); 149 (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
150#else 150#else
151 snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8, 151 BIO_snprintf(data,sizeof data,"bn(%d,%d)",
152 (int)sizeof(BN_ULONG)*8); 152 (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
153#endif 153#endif
154 } 154 }
155 return(data); 155 return(data);
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c
index ad80dab325..acba7ed7ee 100644
--- a/src/lib/libssl/src/crypto/bn/bn_print.c
+++ b/src/lib/libssl/src/crypto/bn/bn_print.c
@@ -140,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
140 /* We now have a series of blocks, BN_DEC_NUM chars 140 /* We now have a series of blocks, BN_DEC_NUM chars
141 * in length, where the last one needs truncation. 141 * in length, where the last one needs truncation.
142 * The blocks need to be reversed in order. */ 142 * The blocks need to be reversed in order. */
143 snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); 143 BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
144 while (*p) p++; 144 while (*p) p++;
145 while (lp != bn_data) 145 while (lp != bn_data)
146 { 146 {
147 lp--; 147 lp--;
148 snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); 148 BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
149 while (*p) p++; 149 while (*p) p++;
150 } 150 }
151 } 151 }
diff --git a/src/lib/libssl/src/crypto/cast/Makefile.ssl b/src/lib/libssl/src/crypto/cast/Makefile.ssl
index 2dc1c855ad..98393a37ba 100644
--- a/src/lib/libssl/src/crypto/cast/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/cast/Makefile.ssl
@@ -25,6 +25,7 @@ CAST_ENC=c_enc.o
25#CAST_ENC=asm/cx86bdsi.o 25#CAST_ENC=asm/cx86bdsi.o
26 26
27CFLAGS= $(INCLUDES) $(CFLAG) 27CFLAGS= $(INCLUDES) $(CFLAG)
28ASFLAGS= $(INCLUDES) $(ASFLAG)
28 29
29GENERAL=Makefile 30GENERAL=Makefile
30TEST=casttest.c 31TEST=casttest.c
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index b52ee01a3c..2e9f52f1fd 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
235 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); 235 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
236 goto err; 236 goto err;
237 } 237 }
238 strlcpy(section,"default",10); 238 BUF_strlcpy(section,"default",10);
239 239
240 if (_CONF_new_data(conf) == 0) 240 if (_CONF_new_data(conf) == 0)
241 { 241 {
@@ -392,7 +392,7 @@ again:
392 ERR_R_MALLOC_FAILURE); 392 ERR_R_MALLOC_FAILURE);
393 goto err; 393 goto err;
394 } 394 }
395 strlcpy(v->name,pname,strlen(pname)+1); 395 BUF_strlcpy(v->name,pname,strlen(pname)+1);
396 if (!str_copy(conf,psection,&(v->value),start)) goto err; 396 if (!str_copy(conf,psection,&(v->value),start)) goto err;
397 397
398 if (strcmp(psection,section) != 0) 398 if (strcmp(psection,section) != 0)
@@ -447,7 +447,7 @@ err:
447 if (buff != NULL) BUF_MEM_free(buff); 447 if (buff != NULL) BUF_MEM_free(buff);
448 if (section != NULL) OPENSSL_free(section); 448 if (section != NULL) OPENSSL_free(section);
449 if (line != NULL) *line=eline; 449 if (line != NULL) *line=eline;
450 snprintf(btmp,sizeof btmp,"%ld",eline); 450 BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
451 ERR_add_error_data(2,"line ",btmp); 451 ERR_add_error_data(2,"line ",btmp);
452 if ((h != conf->data) && (conf->data != NULL)) 452 if ((h != conf->data) && (conf->data != NULL))
453 { 453 {
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c
index 5a747e8c84..d45adea851 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
232 { 232 {
233 char rcode[DECIMAL_SIZE(ret)+1]; 233 char rcode[DECIMAL_SIZE(ret)+1];
234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); 234 CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
235 snprintf(rcode, sizeof rcode, "%-8d", ret); 235 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); 236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
237 } 237 }
238 } 238 }
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
561 561
562 if (!file) 562 if (!file)
563 return NULL; 563 return NULL;
564 strlcpy(file,X509_get_default_cert_area(),len + 1); 564 BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
565#ifndef OPENSSL_SYS_VMS 565#ifndef OPENSSL_SYS_VMS
566 strlcat(file,"/",len + 1); 566 BUF_strlcat(file,"/",len + 1);
567#endif 567#endif
568 strlcat(file,OPENSSL_CONF,len + 1); 568 BUF_strlcat(file,OPENSSL_CONF,len + 1);
569 569
570 return file; 570 return file;
571 } 571 }
@@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
576 * be used to parse comma separated lists for example. 576 * be used to parse comma separated lists for example.
577 */ 577 */
578 578
579int CONF_parse_list(const char *list, int sep, int nospc, 579int CONF_parse_list(const char *list_, int sep, int nospc,
580 int (*list_cb)(const char *elem, int len, void *usr), void *arg) 580 int (*list_cb)(const char *elem, int len, void *usr), void *arg)
581 { 581 {
582 int ret; 582 int ret;
583 const char *lstart, *tmpend, *p; 583 const char *lstart, *tmpend, *p;
584 lstart = list; 584 lstart = list_;
585 585
586 for(;;) 586 for(;;)
587 { 587 {
diff --git a/src/lib/libssl/src/crypto/cversion.c b/src/lib/libssl/src/crypto/cversion.c
index 56471fa74c..beeeb14013 100644
--- a/src/lib/libssl/src/crypto/cversion.c
+++ b/src/lib/libssl/src/crypto/cversion.c
@@ -74,7 +74,7 @@ const char *SSLeay_version(int t)
74#ifdef DATE 74#ifdef DATE
75 static char buf[sizeof(DATE)+11]; 75 static char buf[sizeof(DATE)+11];
76 76
77 snprintf(buf,sizeof buf,"built on: %s",DATE); 77 BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
78 return(buf); 78 return(buf);
79#else 79#else
80 return("built on: date not available"); 80 return("built on: date not available");
@@ -85,7 +85,7 @@ const char *SSLeay_version(int t)
85#ifdef CFLAGS 85#ifdef CFLAGS
86 static char buf[sizeof(CFLAGS)+11]; 86 static char buf[sizeof(CFLAGS)+11];
87 87
88 snprintf(buf,sizeof buf,"compiler: %s",CFLAGS); 88 BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
89 return(buf); 89 return(buf);
90#else 90#else
91 return("compiler: information not available"); 91 return("compiler: information not available");
@@ -96,7 +96,7 @@ const char *SSLeay_version(int t)
96#ifdef PLATFORM 96#ifdef PLATFORM
97 static char buf[sizeof(PLATFORM)+11]; 97 static char buf[sizeof(PLATFORM)+11];
98 98
99 snprintf(buf,sizeof buf,"platform: %s", PLATFORM); 99 BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
100 return(buf); 100 return(buf);
101#else 101#else
102 return("platform: information not available"); 102 return("platform: information not available");
diff --git a/src/lib/libssl/src/crypto/des/Makefile.ssl b/src/lib/libssl/src/crypto/des/Makefile.ssl
index 45eba0b3c9..0d9ba2b42f 100644
--- a/src/lib/libssl/src/crypto/des/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/des/Makefile.ssl
@@ -22,6 +22,7 @@ DES_ENC= des_enc.o fcrypt_b.o
22#DES_ENC= dx86-elf.o yx86-elf.o 22#DES_ENC= dx86-elf.o yx86-elf.o
23 23
24CFLAGS= $(INCLUDES) $(CFLAG) 24CFLAGS= $(INCLUDES) $(CFLAG)
25ASFLAGS= $(INCLUDES) $(ASFLAG)
25 26
26GENERAL=Makefile 27GENERAL=Makefile
27TEST=destest.c 28TEST=destest.c
@@ -157,12 +158,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
157cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 158cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
158cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 159cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
159cfb64enc.o: cfb64enc.c des_locl.h 160cfb64enc.o: cfb64enc.c des_locl.h
160cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 161cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
161cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 162cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
162cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 163cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
163cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 164cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
164cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h 165cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
165cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h 166cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
167cfb_enc.o: cfb_enc.c des_locl.h
166des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 168des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
167des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 169des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
168des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 170des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -191,13 +193,13 @@ ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
191ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 193ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
192ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 194ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
193ecb3_enc.o: des_locl.h ecb3_enc.c 195ecb3_enc.o: des_locl.h ecb3_enc.c
194ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 196ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
195ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 197ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
196ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 198ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
197ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 199ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
198ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h 200ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
199ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c 201ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
200ecb_enc.o: spr.h 202ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h
201ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h 203ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
202ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h 204ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
203ede_cbcm_enc.o: ../../include/openssl/opensslconf.h 205ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/des/cfb_enc.c b/src/lib/libssl/src/crypto/des/cfb_enc.c
index 2600bdfc93..03cabb223c 100644
--- a/src/lib/libssl/src/crypto/des/cfb_enc.c
+++ b/src/lib/libssl/src/crypto/des/cfb_enc.c
@@ -56,6 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include "e_os.h"
59#include "des_locl.h" 60#include "des_locl.h"
60 61
61/* The input and output are loaded in multiples of 8 bits. 62/* The input and output are loaded in multiples of 8 bits.
@@ -64,17 +65,15 @@
64 * the second. The second 12 bits will come from the 3rd and half the 4th 65 * the second. The second 12 bits will come from the 3rd and half the 4th
65 * byte. 66 * byte.
66 */ 67 */
67/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
68 * length */
69/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it 68/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
70 * will not be compatible with any encryption prior to that date. Ben. */ 69 * will not be compatible with any encryption prior to that date. Ben. */
71void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, 70void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
72 long length, DES_key_schedule *schedule, DES_cblock *ivec, 71 long length, DES_key_schedule *schedule, DES_cblock *ivec,
73 int enc) 72 int enc)
74 { 73 {
75 register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; 74 register DES_LONG d0,d1,v0,v1;
76 register unsigned long l=length; 75 register unsigned long l=length,n=(numbits+7)/8;
77 register int num=numbits; 76 register int num=numbits,i;
78 DES_LONG ti[2]; 77 DES_LONG ti[2];
79 unsigned char *iv; 78 unsigned char *iv;
80 unsigned char ovec[16]; 79 unsigned char ovec[16];
@@ -114,10 +113,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
114 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); 113 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
115 /* now the remaining bits */ 114 /* now the remaining bits */
116 if(num%8 != 0) 115 if(num%8 != 0)
117 for(n=0 ; n < 8 ; ++n) 116 for(i=0 ; i < 8 ; ++i)
118 { 117 {
119 ovec[n]<<=num%8; 118 ovec[i]<<=num%8;
120 ovec[n]|=ovec[n+1]>>(8-num%8); 119 ovec[i]|=ovec[i+1]>>(8-num%8);
121 } 120 }
122 iv=&ovec[0]; 121 iv=&ovec[0];
123 c2l(iv,v0); 122 c2l(iv,v0);
@@ -152,10 +151,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
152 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); 151 memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
153 /* now the remaining bits */ 152 /* now the remaining bits */
154 if(num%8 != 0) 153 if(num%8 != 0)
155 for(n=0 ; n < 8 ; ++n) 154 for(i=0 ; i < 8 ; ++i)
156 { 155 {
157 ovec[n]<<=num%8; 156 ovec[i]<<=num%8;
158 ovec[n]|=ovec[n+1]>>(8-num%8); 157 ovec[i]|=ovec[i+1]>>(8-num%8);
159 } 158 }
160 iv=&ovec[0]; 159 iv=&ovec[0];
161 c2l(iv,v0); 160 c2l(iv,v0);
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c
index c828bdd45d..784aa5ba23 100644
--- a/src/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/src/lib/libssl/src/crypto/des/ecb_enc.c
@@ -60,6 +60,7 @@
60#include "des_ver.h" 60#include "des_ver.h"
61#include "spr.h" 61#include "spr.h"
62#include <openssl/opensslv.h> 62#include <openssl/opensslv.h>
63#include <openssl/bio.h>
63 64
64OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; 65OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
65OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; 66OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
@@ -97,8 +98,8 @@ const char *DES_options(void)
97 size="int"; 98 size="int";
98 else 99 else
99 size="long"; 100 size="long";
100 snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, 101 BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
101 size); 102 size);
102 init=0; 103 init=0;
103 } 104 }
104 return(buf); 105 return(buf);
diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c
index 85ac5103cd..48d9fdb25e 100644
--- a/src/lib/libssl/src/crypto/dso/dso_lib.c
+++ b/src/lib/libssl/src/crypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); 383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
384 return(0); 384 return(0);
385 } 385 }
386 strlcpy(copied, filename, strlen(filename) + 1); 386 BUF_strlcpy(copied, filename, strlen(filename) + 1);
387 if(dso->filename) 387 if(dso->filename)
388 OPENSSL_free(dso->filename); 388 OPENSSL_free(dso->filename);
389 dso->filename = copied; 389 dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
422 ERR_R_MALLOC_FAILURE); 422 ERR_R_MALLOC_FAILURE);
423 return(NULL); 423 return(NULL);
424 } 424 }
425 strlcpy(result, filename, strlen(filename) + 1); 425 BUF_strlcpy(result, filename, strlen(filename) + 1);
426 } 426 }
427 return(result); 427 return(result);
428 } 428 }
diff --git a/src/lib/libssl/src/crypto/ec/ecp_smpl.c b/src/lib/libssl/src/crypto/ec/ecp_smpl.c
index 4666a052bf..e9a51fb87a 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_smpl.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_smpl.c
@@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
896 } 896 }
897 form = buf[0]; 897 form = buf[0];
898 y_bit = form & 1; 898 y_bit = form & 1;
899 form = form & ~1; 899 form = form & ~1U;
900 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) 900 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
901 && (form != POINT_CONVERSION_UNCOMPRESSED) 901 && (form != POINT_CONVERSION_UNCOMPRESSED)
902 && (form != POINT_CONVERSION_HYBRID)) 902 && (form != POINT_CONVERSION_HYBRID))
diff --git a/src/lib/libssl/src/crypto/engine/eng_ctrl.c b/src/lib/libssl/src/crypto/engine/eng_ctrl.c
index 0d56e69d27..412c73fb0f 100644
--- a/src/lib/libssl/src/crypto/engine/eng_ctrl.c
+++ b/src/lib/libssl/src/crypto/engine/eng_ctrl.c
@@ -160,19 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: 160 case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
161 return strlen(e->cmd_defns[idx].cmd_name); 161 return strlen(e->cmd_defns[idx].cmd_name);
162 case ENGINE_CTRL_GET_NAME_FROM_CMD: 162 case ENGINE_CTRL_GET_NAME_FROM_CMD:
163 return snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1, 163 return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
164 "%s", e->cmd_defns[idx].cmd_name); 164 "%s", e->cmd_defns[idx].cmd_name);
165 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: 165 case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
166 if(e->cmd_defns[idx].cmd_desc) 166 if(e->cmd_defns[idx].cmd_desc)
167 return strlen(e->cmd_defns[idx].cmd_desc); 167 return strlen(e->cmd_defns[idx].cmd_desc);
168 return strlen(int_no_description); 168 return strlen(int_no_description);
169 case ENGINE_CTRL_GET_DESC_FROM_CMD: 169 case ENGINE_CTRL_GET_DESC_FROM_CMD:
170 if(e->cmd_defns[idx].cmd_desc) 170 if(e->cmd_defns[idx].cmd_desc)
171 return snprintf(s, 171 return BIO_snprintf(s,
172 strlen(e->cmd_defns[idx].cmd_desc) + 1, 172 strlen(e->cmd_defns[idx].cmd_desc) + 1,
173 "%s", e->cmd_defns[idx].cmd_desc); 173 "%s", e->cmd_defns[idx].cmd_desc);
174 return snprintf(s, strlen(int_no_description) + 1,"%s", 174 return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
175 int_no_description); 175 int_no_description);
176 case ENGINE_CTRL_GET_CMD_FLAGS: 176 case ENGINE_CTRL_GET_CMD_FLAGS:
177 return e->cmd_defns[idx].cmd_flags; 177 return e->cmd_defns[idx].cmd_flags;
178 } 178 }
diff --git a/src/lib/libssl/src/crypto/engine/eng_fat.c b/src/lib/libssl/src/crypto/engine/eng_fat.c
index 0d7dae00b2..7ccf7022ee 100644
--- a/src/lib/libssl/src/crypto/engine/eng_fat.c
+++ b/src/lib/libssl/src/crypto/engine/eng_fat.c
@@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg)
107 } 107 }
108 108
109 109
110int ENGINE_set_default_string(ENGINE *e, const char *list) 110int ENGINE_set_default_string(ENGINE *e, const char *def_list)
111 { 111 {
112 unsigned int flags = 0; 112 unsigned int flags = 0;
113 if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags)) 113 if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
114 { 114 {
115 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, 115 ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
116 ENGINE_R_INVALID_STRING); 116 ENGINE_R_INVALID_STRING);
117 ERR_add_error_data(2, "str=",list); 117 ERR_add_error_data(2, "str=",def_list);
118 return 0; 118 return 0;
119 } 119 }
120 return ENGINE_set_default(e, flags); 120 return ENGINE_set_default(e, flags);
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h
index 9c3ab182d3..900f75ce8d 100644
--- a/src/lib/libssl/src/crypto/engine/engine.h
+++ b/src/lib/libssl/src/crypto/engine/engine.h
@@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
513 * structure will have had its reference count up'd so the caller 513 * structure will have had its reference count up'd so the caller
514 * should still free their own reference 'e'. */ 514 * should still free their own reference 'e'. */
515int ENGINE_set_default_RSA(ENGINE *e); 515int ENGINE_set_default_RSA(ENGINE *e);
516int ENGINE_set_default_string(ENGINE *e, const char *list); 516int ENGINE_set_default_string(ENGINE *e, const char *def_list);
517/* Same for the other "methods" */ 517/* Same for the other "methods" */
518int ENGINE_set_default_DSA(ENGINE *e); 518int ENGINE_set_default_DSA(ENGINE *e);
519int ENGINE_set_default_DH(ENGINE *e); 519int ENGINE_set_default_DH(ENGINE *e);
@@ -616,17 +616,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
616 const dynamic_fns *fns); 616 const dynamic_fns *fns);
617#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ 617#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
618 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ 618 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
619 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ 619 if (ERR_get_implementation() != fns->err_fns) \
620 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ 620 { \
621 return 0; \ 621 if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
622 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ 622 fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
623 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ 623 return 0; \
624 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ 624 CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
625 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ 625 CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
626 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ 626 CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
627 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ 627 CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
628 return 0; \ 628 CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
629 if(!ERR_set_implementation(fns->err_fns)) return 0; \ 629 if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
630 return 0; \
631 if(!ERR_set_implementation(fns->err_fns)) return 0; \
632 } \
630 if(!fn(e,id)) return 0; \ 633 if(!fn(e,id)) return 0; \
631 return 1; } 634 return 1; }
632 635
diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
index 2fe84a5002..21de0a9fdd 100644
--- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
+++ b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c
@@ -1257,14 +1257,17 @@ ENGINE_load_cryptodev(void)
1257 1257
1258 if (engine == NULL) 1258 if (engine == NULL)
1259 return; 1259 return;
1260 if ((fd = get_dev_crypto()) < 0) 1260 if ((fd = get_dev_crypto()) < 0) {
1261 ENGINE_free(engine);
1261 return; 1262 return;
1263 }
1262 1264
1263 /* 1265 /*
1264 * find out what asymmetric crypto algorithms we support 1266 * find out what asymmetric crypto algorithms we support
1265 */ 1267 */
1266 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { 1268 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1267 close(fd); 1269 close(fd);
1270 ENGINE_free(engine);
1268 return; 1271 return;
1269 } 1272 }
1270 close(fd); 1273 close(fd);
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index 6ab119c1ef..792f329600 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...)
1065 else 1065 else
1066 str=p; 1066 str=p;
1067 } 1067 }
1068 strlcat(str,a,s+1); 1068 BUF_strlcat(str,a,s+1);
1069 } 1069 }
1070 } 1070 }
1071 ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); 1071 ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c
index b22eed4421..0623ddf1f0 100644
--- a/src/lib/libssl/src/crypto/evp/digest.c
+++ b/src/lib/libssl/src/crypto/evp/digest.c
@@ -248,6 +248,7 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
248 248
249int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) 249int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
250 { 250 {
251 unsigned char *tmp_buf;
251 if ((in == NULL) || (in->digest == NULL)) 252 if ((in == NULL) || (in->digest == NULL))
252 { 253 {
253 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); 254 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
@@ -262,15 +263,22 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
262 } 263 }
263#endif 264#endif
264 265
266 if (out->digest == in->digest)
267 {
268 tmp_buf = out->md_data;
269 EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
270 }
271 else tmp_buf = NULL;
265 EVP_MD_CTX_cleanup(out); 272 EVP_MD_CTX_cleanup(out);
266 memcpy(out,in,sizeof *out); 273 memcpy(out,in,sizeof *out);
267 274
268 if (out->digest->ctx_size) 275 if (out->digest->ctx_size)
269 { 276 {
270 out->md_data=OPENSSL_malloc(out->digest->ctx_size); 277 if (tmp_buf) out->md_data = tmp_buf;
278 else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
271 memcpy(out->md_data,in->md_data,out->digest->ctx_size); 279 memcpy(out->md_data,in->md_data,out->digest->ctx_size);
272 } 280 }
273 281
274 if (out->digest->copy) 282 if (out->digest->copy)
275 return out->digest->copy(out,in); 283 return out->digest->copy(out,in);
276 284
@@ -308,7 +316,8 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
308 if (ctx->digest && ctx->digest->cleanup 316 if (ctx->digest && ctx->digest->cleanup
309 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) 317 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
310 ctx->digest->cleanup(ctx); 318 ctx->digest->cleanup(ctx);
311 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) 319 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
320 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
312 { 321 {
313 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); 322 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
314 OPENSSL_free(ctx->md_data); 323 OPENSSL_free(ctx->md_data);
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 5d8a07d33c..f9b48792ce 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -275,6 +275,8 @@ struct env_md_ctx_st
275 * once only */ 275 * once only */
276#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been 276#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
277 * cleaned */ 277 * cleaned */
278#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
279 * in EVP_MD_CTX_cleanup */
278 280
279struct evp_cipher_st 281struct evp_cipher_st
280 { 282 {
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
index be0758a879..8ea5aa935d 100644
--- a/src/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
148#endif 148#endif
149 149
150 ctx->cipher=cipher; 150 ctx->cipher=cipher;
151 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 151 if (ctx->cipher->ctx_size)
152 {
153 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
154 if (!ctx->cipher_data)
155 {
156 EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
157 return 0;
158 }
159 }
160 else
161 {
162 ctx->cipher_data = NULL;
163 }
152 ctx->key_len = cipher->key_len; 164 ctx->key_len = cipher->key_len;
153 ctx->flags = 0; 165 ctx->flags = 0;
154 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) 166 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c
index bc98e63363..91e545a141 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pbe.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c
@@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
87 if (i == -1) { 87 if (i == -1) {
88 char obj_tmp[80]; 88 char obj_tmp[80];
89 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); 89 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
90 if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 90 if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
91 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); 91 else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
92 ERR_add_error_data(2, "TYPE=", obj_tmp); 92 ERR_add_error_data(2, "TYPE=", obj_tmp);
93 return 0; 93 return 0;
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c
index 30b6fbb03d..eb481ec661 100644
--- a/src/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
210#endif 210#endif
211 default: 211 default:
212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); 212 EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
213 if (!a->algorithm) strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 213 if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
214 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); 214 else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
215 ERR_add_error_data(2, "TYPE=", obj_tmp); 215 ERR_add_error_data(2, "TYPE=", obj_tmp);
216 EVP_PKEY_free (pkey); 216 EVP_PKEY_free (pkey);
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
index bb862db499..dd86733b77 100644
--- a/src/lib/libssl/src/crypto/mem.c
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
252 void *ret = NULL; 252 void *ret = NULL;
253 extern unsigned char cleanse_ctr; 253 extern unsigned char cleanse_ctr;
254 254
255 if (num < 0) return NULL; 255 if (num <= 0) return NULL;
256 256
257 allow_customize = 0; 257 allow_customize = 0;
258 if (malloc_debug_func != NULL) 258 if (malloc_debug_func != NULL)
@@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
293 void *ret = NULL; 293 void *ret = NULL;
294 extern unsigned char cleanse_ctr; 294 extern unsigned char cleanse_ctr;
295 295
296 if (num < 0) return NULL; 296 if (num <= 0) return NULL;
297 297
298 allow_customize = 0; 298 allow_customize = 0;
299 if (malloc_debug_func != NULL) 299 if (malloc_debug_func != NULL)
@@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
324 if (str == NULL) 324 if (str == NULL)
325 return CRYPTO_malloc(num, file, line); 325 return CRYPTO_malloc(num, file, line);
326 326
327 if (num < 0) return NULL; 327 if (num <= 0) return NULL;
328 328
329 if (realloc_debug_func != NULL) 329 if (realloc_debug_func != NULL)
330 realloc_debug_func(str, NULL, num, file, line, 0); 330 realloc_debug_func(str, NULL, num, file, line, 0);
@@ -346,7 +346,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
346 if (str == NULL) 346 if (str == NULL)
347 return CRYPTO_malloc(num, file, line); 347 return CRYPTO_malloc(num, file, line);
348 348
349 if (num < 0) return NULL; 349 if (num <= 0) return NULL;
350 350
351 if (realloc_debug_func != NULL) 351 if (realloc_debug_func != NULL)
352 realloc_debug_func(str, NULL, num, file, line, 0); 352 realloc_debug_func(str, NULL, num, file, line, 0);
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c
index 9221df00bd..e212de27e4 100644
--- a/src/lib/libssl/src/crypto/mem_dbg.c
+++ b/src/lib/libssl/src/crypto/mem_dbg.c
@@ -606,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
606 { 606 {
607 lcl = localtime(&m->time); 607 lcl = localtime(&m->time);
608 608
609 snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", 609 BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
610 lcl->tm_hour,lcl->tm_min,lcl->tm_sec); 610 lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
611 bufp += strlen(bufp); 611 bufp += strlen(bufp);
612 } 612 }
613 613
614 snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", 614 BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
615 m->order,m->file,m->line); 615 m->order,m->file,m->line);
616 bufp += strlen(bufp); 616 bufp += strlen(bufp);
617 617
618 if (options & V_CRYPTO_MDEBUG_THREAD) 618 if (options & V_CRYPTO_MDEBUG_THREAD)
619 { 619 {
620 snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); 620 BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
621 bufp += strlen(bufp); 621 bufp += strlen(bufp);
622 } 622 }
623 623
624 snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", 624 BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
625 m->num,(unsigned long)m->addr); 625 m->num,(unsigned long)m->addr);
626 bufp += strlen(bufp); 626 bufp += strlen(bufp);
627 627
@@ -643,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
643 643
644 ami_cnt++; 644 ami_cnt++;
645 memset(buf,'>',ami_cnt); 645 memset(buf,'>',ami_cnt);
646 snprintf(buf + ami_cnt, sizeof buf - ami_cnt, 646 BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
647 " thread=%lu, file=%s, line=%d, info=\"", 647 " thread=%lu, file=%s, line=%d, info=\"",
648 amip->thread, amip->file, amip->line); 648 amip->thread, amip->file, amip->line);
649 buf_len=strlen(buf); 649 buf_len=strlen(buf);
@@ -655,11 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
655 } 655 }
656 else 656 else
657 { 657 {
658 strlcpy(buf + buf_len, amip->info, 658 BUF_strlcpy(buf + buf_len, amip->info,
659 sizeof buf - buf_len); 659 sizeof buf - buf_len);
660 buf_len = strlen(buf); 660 buf_len = strlen(buf);
661 } 661 }
662 snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); 662 BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
663 663
664 BIO_puts(l->bio,buf); 664 BIO_puts(l->bio,buf);
665 665
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index ae97108e93..4534dc0985 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
462 if (i > 2) i=2; 462 if (i > 2) i=2;
463 l-=(long)(i*40); 463 l-=(long)(i*40);
464 464
465 snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); 465 BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
466 i=strlen(tbuf); 466 i=strlen(tbuf);
467 BUF_strlcpy(buf,tbuf,buf_len); 467 BUF_strlcpy(buf,tbuf,buf_len);
468 buf_len-=i; 468 buf_len-=i;
@@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
473 for (; idx<len; idx++) { 473 for (; idx<len; idx++) {
474 l|=p[idx]&0x7f; 474 l|=p[idx]&0x7f;
475 if (!(p[idx] & 0x80)) { 475 if (!(p[idx] & 0x80)) {
476 snprintf(tbuf,sizeof tbuf,".%lu",l); 476 BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
477 i=strlen(tbuf); 477 i=strlen(tbuf);
478 if (buf_len > 0) 478 if (buf_len > 0)
479 BUF_strlcpy(buf,tbuf,buf_len); 479 BUF_strlcpy(buf,tbuf,buf_len);
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
index d6c8899f58..57399433fc 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
@@ -305,6 +305,8 @@ err:
305 305
306/* Add a nonce to an extension stack. A nonce can be specificed or if NULL 306/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
307 * a random nonce will be generated. 307 * a random nonce will be generated.
308 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
309 * nonce, previous versions used the raw nonce.
308 */ 310 */
309 311
310static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) 312static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
@@ -313,20 +315,28 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
313 ASN1_OCTET_STRING os; 315 ASN1_OCTET_STRING os;
314 int ret = 0; 316 int ret = 0;
315 if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; 317 if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
316 if (val) tmpval = val; 318 /* Create the OCTET STRING manually by writing out the header and
319 * appending the content octets. This avoids an extra memory allocation
320 * operation in some cases. Applications should *NOT* do this because
321 * it relies on library internals.
322 */
323 os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
324 os.data = OPENSSL_malloc(os.length);
325 if (os.data == NULL)
326 goto err;
327 tmpval = os.data;
328 ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
329 if (val)
330 memcpy(tmpval, val, len);
317 else 331 else
318 {
319 if (!(tmpval = OPENSSL_malloc(len))) goto err;
320 RAND_pseudo_bytes(tmpval, len); 332 RAND_pseudo_bytes(tmpval, len);
321 }
322 os.data = tmpval;
323 os.length = len;
324 if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, 333 if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
325 &os, 0, X509V3_ADD_REPLACE)) 334 &os, 0, X509V3_ADD_REPLACE))
326 goto err; 335 goto err;
327 ret = 1; 336 ret = 1;
328 err: 337 err:
329 if(!val) OPENSSL_free(tmpval); 338 if (os.data)
339 OPENSSL_free(os.data);
330 return ret; 340 return ret;
331 } 341 }
332 342
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
index 3875af165c..9e87fc7895 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
@@ -253,6 +253,7 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
253 253
254 254
255 err: 255 err:
256 if (buf) OPENSSL_free(buf);
256 if (*ppath) OPENSSL_free(*ppath); 257 if (*ppath) OPENSSL_free(*ppath);
257 if (*pport) OPENSSL_free(*pport); 258 if (*pport) OPENSSL_free(*pport);
258 if (*phost) OPENSSL_free(*phost); 259 if (*phost) OPENSSL_free(*phost);
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
index 1f5fda7ca3..3d58dfb06c 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -272,7 +272,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
272 272
273 for (i = 1; i < idcount; i++) 273 for (i = 1; i < idcount; i++)
274 { 274 {
275 tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; 275 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
276 /* Check to see if IDs match */ 276 /* Check to see if IDs match */
277 if (OCSP_id_issuer_cmp(cid, tmpid)) 277 if (OCSP_id_issuer_cmp(cid, tmpid))
278 { 278 {
@@ -330,7 +330,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
330 OCSP_CERTID *tmpid; 330 OCSP_CERTID *tmpid;
331 for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) 331 for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
332 { 332 {
333 tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; 333 tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
334 ret = ocsp_match_issuerid(cert, tmpid, NULL); 334 ret = ocsp_match_issuerid(cert, tmpid, NULL);
335 if (ret <= 0) return ret; 335 if (ret <= 0) return ret;
336 } 336 }
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index e226d9de79..02f1710fb3 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090703fL 28#define OPENSSL_VERSION_NUMBER 0x0090704fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d 17 Mar 2004"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index 3bec2d7e9f..7785039b99 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
131 else 131 else
132 str="BAD-TYPE"; 132 str="BAD-TYPE";
133 133
134 strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); 134 BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
135 strlcat(buf,str,PEM_BUFSIZE); 135 BUF_strlcat(buf,str,PEM_BUFSIZE);
136 strlcat(buf,"\n",PEM_BUFSIZE); 136 BUF_strlcat(buf,"\n",PEM_BUFSIZE);
137 } 137 }
138 138
139void PEM_dek_info(char *buf, const char *type, int len, char *str) 139void PEM_dek_info(char *buf, const char *type, int len, char *str)
@@ -142,9 +142,9 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
142 long i; 142 long i;
143 int j; 143 int j;
144 144
145 strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); 145 BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
146 strlcat(buf,type,PEM_BUFSIZE); 146 BUF_strlcat(buf,type,PEM_BUFSIZE);
147 strlcat(buf,",",PEM_BUFSIZE); 147 BUF_strlcat(buf,",",PEM_BUFSIZE);
148 j=strlen(buf); 148 j=strlen(buf);
149 if (j + (len * 2) + 1 > PEM_BUFSIZE) 149 if (j + (len * 2) + 1 > PEM_BUFSIZE)
150 return; 150 return;
@@ -535,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
535 long len) 535 long len)
536 { 536 {
537 int nlen,n,i,j,outl; 537 int nlen,n,i,j,outl;
538 unsigned char *buf; 538 unsigned char *buf = NULL;
539 EVP_ENCODE_CTX ctx; 539 EVP_ENCODE_CTX ctx;
540 int reason=ERR_R_BUF_LIB; 540 int reason=ERR_R_BUF_LIB;
541 541
@@ -555,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
555 goto err; 555 goto err;
556 } 556 }
557 557
558 buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8); 558 buf = OPENSSL_malloc(PEM_BUFSIZE*8);
559 if (buf == NULL) 559 if (buf == NULL)
560 { 560 {
561 reason=ERR_R_MALLOC_FAILURE; 561 reason=ERR_R_MALLOC_FAILURE;
@@ -576,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
576 EVP_EncodeFinal(&ctx,buf,&outl); 576 EVP_EncodeFinal(&ctx,buf,&outl);
577 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; 577 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
578 OPENSSL_free(buf); 578 OPENSSL_free(buf);
579 buf = NULL;
579 if ( (BIO_write(bp,"-----END ",9) != 9) || 580 if ( (BIO_write(bp,"-----END ",9) != 9) ||
580 (BIO_write(bp,name,nlen) != nlen) || 581 (BIO_write(bp,name,nlen) != nlen) ||
581 (BIO_write(bp,"-----\n",6) != 6)) 582 (BIO_write(bp,"-----\n",6) != 6))
582 goto err; 583 goto err;
583 return(i+outl); 584 return(i+outl);
584err: 585err:
586 if (buf)
587 OPENSSL_free(buf);
585 PEMerr(PEM_F_PEM_WRITE_BIO,reason); 588 PEMerr(PEM_F_PEM_WRITE_BIO,reason);
586 return(0); 589 return(0);
587 } 590 }
diff --git a/src/lib/libssl/src/crypto/pem/pem_pkey.c b/src/lib/libssl/src/crypto/pem/pem_pkey.c
index d96ecf6940..f77c949e87 100644
--- a/src/lib/libssl/src/crypto/pem/pem_pkey.c
+++ b/src/lib/libssl/src/crypto/pem/pem_pkey.c
@@ -87,6 +87,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
87 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 87 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
88 if(!p8inf) goto p8err; 88 if(!p8inf) goto p8err;
89 ret = EVP_PKCS82PKEY(p8inf); 89 ret = EVP_PKCS82PKEY(p8inf);
90 if(x) {
91 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
92 *x = ret;
93 }
90 PKCS8_PRIV_KEY_INFO_free(p8inf); 94 PKCS8_PRIV_KEY_INFO_free(p8inf);
91 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { 95 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
92 PKCS8_PRIV_KEY_INFO *p8inf; 96 PKCS8_PRIV_KEY_INFO *p8inf;
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 190ca0e9bf..35c7dcd0b3 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -91,17 +91,19 @@ static int PKCS7_type_is_other(PKCS7* p7)
91 91
92 } 92 }
93 93
94static int PKCS7_type_is_octet_string(PKCS7* p7) 94static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
95 { 95 {
96 if ( 0==PKCS7_type_is_other(p7) ) 96 if ( PKCS7_type_is_data(p7))
97 return 0; 97 return p7->d.data;
98 98 if ( PKCS7_type_is_other(p7) && p7->d.other
99 return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; 99 && (p7->d.other->type == V_ASN1_OCTET_STRING))
100 return p7->d.other->value.octet_string;
101 return NULL;
100 } 102 }
101 103
102BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 104BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
103 { 105 {
104 int i,j; 106 int i;
105 BIO *out=NULL,*btmp=NULL; 107 BIO *out=NULL,*btmp=NULL;
106 X509_ALGOR *xa; 108 X509_ALGOR *xa;
107 const EVP_MD *evp_md; 109 const EVP_MD *evp_md;
@@ -159,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
159 goto err; 161 goto err;
160 } 162 }
161 163
162 j=OBJ_obj2nid(xa->algorithm); 164 evp_md=EVP_get_digestbyobj(xa->algorithm);
163 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
164 if (evp_md == NULL) 165 if (evp_md == NULL)
165 { 166 {
166 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); 167 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -250,29 +251,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
250 btmp=NULL; 251 btmp=NULL;
251 } 252 }
252 253
253 if (bio == NULL) { 254 if (bio == NULL)
255 {
254 if (PKCS7_is_detached(p7)) 256 if (PKCS7_is_detached(p7))
255 bio=BIO_new(BIO_s_null()); 257 bio=BIO_new(BIO_s_null());
256 else { 258 else
257 if (PKCS7_type_is_signed(p7) ) { 259 {
258 if ( PKCS7_type_is_data(p7->d.sign->contents)) { 260 ASN1_OCTET_STRING *os;
259 ASN1_OCTET_STRING *os; 261 os = PKCS7_get_octet_string(p7->d.sign->contents);
260 os=p7->d.sign->contents->d.data; 262 if (os && os->length > 0)
261 if (os->length > 0) 263 bio = BIO_new_mem_buf(os->data, os->length);
262 bio = BIO_new_mem_buf(os->data, os->length); 264 if(bio == NULL)
263 } 265 {
264 else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
265 ASN1_OCTET_STRING *os;
266 os=p7->d.sign->contents->d.other->value.octet_string;
267 if (os->length > 0)
268 bio = BIO_new_mem_buf(os->data, os->length);
269 }
270 }
271 if(bio == NULL) {
272 bio=BIO_new(BIO_s_mem()); 266 bio=BIO_new(BIO_s_mem());
273 BIO_set_mem_eof_return(bio,0); 267 BIO_set_mem_eof_return(bio,0);
268 }
274 } 269 }
275 }
276 } 270 }
277 BIO_push(out,bio); 271 BIO_push(out,bio);
278 bio=NULL; 272 bio=NULL;
@@ -311,7 +305,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
311 switch (i) 305 switch (i)
312 { 306 {
313 case NID_pkcs7_signed: 307 case NID_pkcs7_signed:
314 data_body=p7->d.sign->contents->d.data; 308 data_body=PKCS7_get_octet_string(p7->d.sign->contents);
315 md_sk=p7->d.sign->md_algs; 309 md_sk=p7->d.sign->md_algs;
316 break; 310 break;
317 case NID_pkcs7_signedAndEnveloped: 311 case NID_pkcs7_signedAndEnveloped:
@@ -319,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
319 md_sk=p7->d.signed_and_enveloped->md_algs; 313 md_sk=p7->d.signed_and_enveloped->md_algs;
320 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 314 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
321 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 315 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
322 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); 316 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
323 if (evp_cipher == NULL) 317 if (evp_cipher == NULL)
324 { 318 {
325 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 319 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -331,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
331 rsk=p7->d.enveloped->recipientinfo; 325 rsk=p7->d.enveloped->recipientinfo;
332 enc_alg=p7->d.enveloped->enc_data->algorithm; 326 enc_alg=p7->d.enveloped->enc_data->algorithm;
333 data_body=p7->d.enveloped->enc_data->enc_data; 327 data_body=p7->d.enveloped->enc_data->enc_data;
334 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); 328 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
335 if (evp_cipher == NULL) 329 if (evp_cipher == NULL)
336 { 330 {
337 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 331 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -357,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
357 } 351 }
358 352
359 j=OBJ_obj2nid(xa->algorithm); 353 j=OBJ_obj2nid(xa->algorithm);
360 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); 354 evp_md=EVP_get_digestbynid(j);
361 if (evp_md == NULL) 355 if (evp_md == NULL)
362 { 356 {
363 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 357 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -531,9 +525,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
531 break; 525 break;
532 case NID_pkcs7_signed: 526 case NID_pkcs7_signed:
533 si_sk=p7->d.sign->signer_info; 527 si_sk=p7->d.sign->signer_info;
534 os=p7->d.sign->contents->d.data; 528 os=PKCS7_get_octet_string(p7->d.sign->contents);
535 /* If detached data then the content is excluded */ 529 /* If detached data then the content is excluded */
536 if(p7->detached) { 530 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
537 M_ASN1_OCTET_STRING_free(os); 531 M_ASN1_OCTET_STRING_free(os);
538 p7->d.sign->contents->d.data = NULL; 532 p7->d.sign->contents->d.data = NULL;
539 } 533 }
diff --git a/src/lib/libssl/src/crypto/rand/Makefile.ssl b/src/lib/libssl/src/crypto/rand/Makefile.ssl
index df80702373..e5cbe5319c 100644
--- a/src/lib/libssl/src/crypto/rand/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rand/Makefile.ssl
@@ -101,7 +101,8 @@ md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
101md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 101md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
102md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 102md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
103md_rand.o: md_rand.c rand_lcl.h 103md_rand.o: md_rand.c rand_lcl.h
104rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h 104rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
105rand_egd.o: ../../include/openssl/opensslconf.h
105rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 106rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
106rand_egd.o: rand_egd.c 107rand_egd.o: rand_egd.c
107rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 108rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
@@ -186,8 +187,9 @@ rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
186rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 187rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
187rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 188rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
188rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c 189rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
189randfile.o: ../../e_os.h ../../include/openssl/crypto.h 190randfile.o: ../../e_os.h ../../include/openssl/buffer.h
190randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h 191randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
192randfile.o: ../../include/openssl/opensslconf.h
191randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 193randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
192randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 194randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
193randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 195randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c
index 895967476e..6f742900a0 100644
--- a/src/lib/libssl/src/crypto/rand/rand_egd.c
+++ b/src/lib/libssl/src/crypto/rand/rand_egd.c
@@ -56,6 +56,7 @@
56 56
57#include <openssl/e_os2.h> 57#include <openssl/e_os2.h>
58#include <openssl/rand.h> 58#include <openssl/rand.h>
59#include <openssl/buffer.h>
59 60
60/* 61/*
61 * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. 62 * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
@@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
145 addr.sun_family = AF_UNIX; 146 addr.sun_family = AF_UNIX;
146 if (strlen(path) >= sizeof(addr.sun_path)) 147 if (strlen(path) >= sizeof(addr.sun_path))
147 return (-1); 148 return (-1);
148 strlcpy(addr.sun_path,path,sizeof addr.sun_path); 149 BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
149 len = offsetof(struct sockaddr_un, sun_path) + strlen(path); 150 len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
150 fd = socket(AF_UNIX, SOCK_STREAM, 0); 151 fd = socket(AF_UNIX, SOCK_STREAM, 0);
151 if (fd == -1) return (-1); 152 if (fd == -1) return (-1);
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c
index 263068d256..3584842224 100644
--- a/src/lib/libssl/src/crypto/rand/rand_win.c
+++ b/src/lib/libssl/src/crypto/rand/rand_win.c
@@ -646,7 +646,7 @@ static void readtimer(void)
646 * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. 646 * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
647 * 647 *
648 * Code adapted from 648 * Code adapted from
649 * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>; 649 * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
650 * the original copyright message is: 650 * the original copyright message is:
651 * 651 *
652 * (C) Copyright Microsoft Corp. 1993. All rights reserved. 652 * (C) Copyright Microsoft Corp. 1993. All rights reserved.
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index cfbec2ac1f..d88ee0d780 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -56,6 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* We need to define this to get macros like S_IFBLK and S_IFCHR */
60#define _XOPEN_SOURCE 1
61
59#include <errno.h> 62#include <errno.h>
60#include <stdio.h> 63#include <stdio.h>
61#include <stdlib.h> 64#include <stdlib.h>
@@ -64,6 +67,7 @@
64#include "e_os.h" 67#include "e_os.h"
65#include <openssl/crypto.h> 68#include <openssl/crypto.h>
66#include <openssl/rand.h> 69#include <openssl/rand.h>
70#include <openssl/buffer.h>
67 71
68#ifdef OPENSSL_SYS_VMS 72#ifdef OPENSSL_SYS_VMS
69#include <unixio.h> 73#include <unixio.h>
@@ -106,6 +110,7 @@ int RAND_load_file(const char *file, long bytes)
106 110
107 in=fopen(file,"rb"); 111 in=fopen(file,"rb");
108 if (in == NULL) goto err; 112 if (in == NULL) goto err;
113#if defined(S_IFBLK) && defined(S_IFCHR)
109 if (sb.st_mode & (S_IFBLK | S_IFCHR)) { 114 if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
110 /* this file is a device. we don't want read an infinite number 115 /* this file is a device. we don't want read an infinite number
111 * of bytes from a random device, nor do we want to use buffered 116 * of bytes from a random device, nor do we want to use buffered
@@ -114,6 +119,7 @@ int RAND_load_file(const char *file, long bytes)
114 bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ 119 bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
115 setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ 120 setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
116 } 121 }
122#endif
117 for (;;) 123 for (;;)
118 { 124 {
119 if (bytes > 0) 125 if (bytes > 0)
@@ -147,6 +153,7 @@ int RAND_write_file(const char *file)
147 153
148 i=stat(file,&sb); 154 i=stat(file,&sb);
149 if (i != -1) { 155 if (i != -1) {
156#if defined(S_IFBLK) && defined(S_IFCHR)
150 if (sb.st_mode & (S_IFBLK | S_IFCHR)) { 157 if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
151 /* this file is a device. we don't write back to it. 158 /* this file is a device. we don't write back to it.
152 * we "succeed" on the assumption this is some sort 159 * we "succeed" on the assumption this is some sort
@@ -155,6 +162,7 @@ int RAND_write_file(const char *file)
155 */ 162 */
156 return(1); 163 return(1);
157 } 164 }
165#endif
158 } 166 }
159 167
160#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) 168#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
@@ -219,13 +227,15 @@ const char *RAND_file_name(char *buf, size_t size)
219 { 227 {
220 char *s=NULL; 228 char *s=NULL;
221 int ok = 0; 229 int ok = 0;
230#ifdef __OpenBSD__
222 struct stat sb; 231 struct stat sb;
232#endif
223 233
224 if (issetugid() == 0) 234 if (issetugid() == 0)
225 s=getenv("RANDFILE"); 235 s=getenv("RANDFILE");
226 if (s != NULL && *s && strlen(s) + 1 < size) 236 if (s != NULL && *s && strlen(s) + 1 < size)
227 { 237 {
228 if (strlcpy(buf,s,size) >= size) 238 if (BUF_strlcpy(buf,s,size) >= size)
229 return NULL; 239 return NULL;
230 } 240 }
231 else 241 else
@@ -240,11 +250,11 @@ const char *RAND_file_name(char *buf, size_t size)
240#endif 250#endif
241 if (s && *s && strlen(s)+strlen(RFILE)+2 < size) 251 if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
242 { 252 {
243 strlcpy(buf,s,size); 253 BUF_strlcpy(buf,s,size);
244#ifndef OPENSSL_SYS_VMS 254#ifndef OPENSSL_SYS_VMS
245 strlcat(buf,"/",size); 255 BUF_strlcat(buf,"/",size);
246#endif 256#endif
247 strlcat(buf,RFILE,size); 257 BUF_strlcat(buf,RFILE,size);
248 ok = 1; 258 ok = 1;
249 } 259 }
250 else 260 else
@@ -260,11 +270,11 @@ const char *RAND_file_name(char *buf, size_t size)
260 */ 270 */
261 271
262 if (!ok) 272 if (!ok)
263 if (strlcpy(buf,"/dev/arandom",size) >= size) { 273 if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
264 return(NULL); 274 return(NULL);
265 } 275 }
266 if (stat(buf,&sb) == -1) 276 if (stat(buf,&sb) == -1)
267 if (strlcpy(buf,"/dev/arandom",size) >= size) { 277 if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
268 return(NULL); 278 return(NULL);
269 } 279 }
270 280
diff --git a/src/lib/libssl/src/crypto/rc4/Makefile.ssl b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
index 9f9e16068f..3e602662be 100644
--- a/src/lib/libssl/src/crypto/rc4/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rc4/Makefile.ssl
@@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o
25#RC4_ENC=asm/rx86bdsi.o 25#RC4_ENC=asm/rx86bdsi.o
26 26
27CFLAGS= $(INCLUDES) $(CFLAG) 27CFLAGS= $(INCLUDES) $(CFLAG)
28ASFLAGS= $(INCLUDES) $(ASFLAG)
28 29
29GENERAL=Makefile 30GENERAL=Makefile
30TEST=rc4test.c 31TEST=rc4test.c
diff --git a/src/lib/libssl/src/crypto/rc5/Makefile.ssl b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
index a86f202f7b..3f9632f8f7 100644
--- a/src/lib/libssl/src/crypto/rc5/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/rc5/Makefile.ssl
@@ -22,6 +22,7 @@ RC5_ENC= rc5_enc.o
22#DES_ENC= r586-elf.o 22#DES_ENC= r586-elf.o
23 23
24CFLAGS= $(INCLUDES) $(CFLAG) 24CFLAGS= $(INCLUDES) $(CFLAG)
25ASFLAGS= $(INCLUDES) $(ASFLAG)
25 26
26GENERAL=Makefile 27GENERAL=Makefile
27TEST=rc5test.c 28TEST=rc5test.c
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
index d85515353b..f22ac790ae 100644
--- a/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
20RIP_ASM_OBJ= 20RIP_ASM_OBJ=
21 21
22CFLAGS= $(INCLUDES) $(CFLAG) 22CFLAGS= $(INCLUDES) $(CFLAG)
23ASFLAGS= $(INCLUDES) $(ASFLAG)
23 24
24GENERAL=Makefile 25GENERAL=Makefile
25TEST=rmdtest.c 26TEST=rmdtest.c
diff --git a/src/lib/libssl/src/crypto/sha/Makefile.ssl b/src/lib/libssl/src/crypto/sha/Makefile.ssl
index d52fb62b4f..4ba201c787 100644
--- a/src/lib/libssl/src/crypto/sha/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/sha/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
20SHA1_ASM_OBJ= 20SHA1_ASM_OBJ=
21 21
22CFLAGS= $(INCLUDES) $(CFLAG) 22CFLAGS= $(INCLUDES) $(CFLAG)
23ASFLAGS= $(INCLUDES) $(ASFLAG)
23 24
24GENERAL=Makefile 25GENERAL=Makefile
25TEST=shatest.c sha1test.c 26TEST=shatest.c sha1test.c
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
index fe51fd0794..e00f709553 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
@@ -1,5 +1,30 @@
1#!/usr/local/bin/perl 1#!/usr/local/bin/perl
2 2
3# It was noted that Intel IA-32 C compiler generates code which
4# performs ~30% *faster* on P4 CPU than original *hand-coded*
5# SHA1 assembler implementation. To address this problem (and
6# prove that humans are still better than machines:-), the
7# original code was overhauled, which resulted in following
8# performance changes:
9#
10# compared with original compared with Intel cc
11# assembler impl. generated code
12# Pentium -25% +37%
13# PIII/AMD +8% +16%
14# P4 +85%(!) +45%
15#
16# As you can see Pentium came out as looser:-( Yet I reckoned that
17# improvement on P4 outweights the loss and incorporate this
18# re-tuned code to 0.9.7 and later.
19# ----------------------------------------------------------------
20# Those who for any particular reason absolutely must score on
21# Pentium can replace this module with one from 0.9.6 distribution.
22# This "offer" shall be revoked the moment programming interface to
23# this module is changed, in which case this paragraph should be
24# removed.
25# ----------------------------------------------------------------
26# <appro@fy.chalmers.se>
27
3$normal=0; 28$normal=0;
4 29
5push(@INC,"perlasm","../../perlasm"); 30push(@INC,"perlasm","../../perlasm");
@@ -77,54 +102,21 @@ sub BODY_00_15
77 { 102 {
78 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 103 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
79 104
80return if $n & 1;
81 &comment("00_15 $n"); 105 &comment("00_15 $n");
82 106
83 &mov($f,$c);
84
85 &mov($tmp1,$a);
86 &xor($f,$d); # F2
87
88 &rotl($tmp1,5); # A2
89
90 &and($f,$b); # F3
91 &add($tmp1,$e);
92
93 &rotr($b,1); # B1 <- F
94 &mov($e,&swtmp($n)); # G1
95
96 &rotr($b,1); # B1 <- F
97 &xor($f,$d); # F4
98
99 &lea($tmp1,&DWP($K,$tmp1,$e,1));
100
101############################
102# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
103# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
104$n++;
105 local($n0,$n1,$n2,$n3,$np)=&Na($n);
106 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
107
108 &mov($f,$c);
109
110 &add($a,$tmp1); # MOVED DOWN
111 &xor($f,$d); # F2
112
113 &mov($tmp1,$a); 107 &mov($tmp1,$a);
114 &and($f,$b); # F3 108 &mov($f,$c); # f to hold F_00_19(b,c,d)
115 109 &rotl($tmp1,5); # tmp1=ROTATE(a,5)
116 &rotl($tmp1,5); # A2 110 &xor($f,$d);
117 111 &and($f,$b);
118 &add($tmp1,$e); 112 &rotr($b,2); # b=ROTATE(b,30)
119 &mov($e,&swtmp($n)); # G1 113 &add($tmp1,$e); # tmp1+=e;
120 114 &mov($e,&swtmp($n)); # e becomes volatile and
121 &rotr($b,1); # B1 <- F 115 # is loaded with xi
122 &xor($f,$d); # F4 116 &xor($f,$d); # f holds F_00_19(b,c,d)
123 117 &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
124 &rotr($b,1); # B1 <- F 118
125 &lea($tmp1,&DWP($K,$tmp1,$e,1)); 119 &add($f,$tmp1); # f+=tmp1
126
127 &add($f,$tmp1);
128 } 120 }
129 121
130sub BODY_16_19 122sub BODY_16_19
@@ -132,66 +124,24 @@ sub BODY_16_19
132 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 124 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
133 local($n0,$n1,$n2,$n3,$np)=&Na($n); 125 local($n0,$n1,$n2,$n3,$np)=&Na($n);
134 126
135return if $n & 1;
136 &comment("16_19 $n"); 127 &comment("16_19 $n");
137 128
138 &nop() if ($pos < 0); 129 &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd)
139&mov($tmp1,&swtmp($n0)); # X1 130 &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d)
140 &mov($f,&swtmp($n1)); # X2 131 &xor($f,&swtmp($n0));
141&xor($f,$tmp1); # X3 132 &xor($tmp1,$d);
142 &mov($tmp1,&swtmp($n2)); # X4 133 &xor($f,&swtmp($n2));
143&xor($f,$tmp1); # X5 134 &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d)
144 &mov($tmp1,&swtmp($n3)); # X6 135 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
145&xor($f,$tmp1); # X7 - slot 136 &rotr($b,2); # b=ROTATE(b,30)
146 &mov($tmp1,$c); # F1 137 &xor($tmp1,$d); # tmp1=F_00_19(b,c,d)
147&rotl($f,1); # X8 - slot 138 &rotl($f,1); # f=ROATE(f,1)
148 &xor($tmp1,$d); # F2 139 &mov(&swtmp($n0),$f); # xi=f
149&mov(&swtmp($n0),$f); # X9 - anytime 140 &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e
150 &and($tmp1,$b); # F3 141 &mov($e,$a); # e becomes volatile
151&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 142 &add($f,$tmp1); # f+=F_00_19(b,c,d)
152 &xor($tmp1,$d); # F4 143 &rotl($e,5); # e=ROTATE(a,5)
153&mov($e,$a); # A1 144 &add($f,$e); # f+=ROTATE(a,5)
154 &add($f,$tmp1); # tot+=F();
155
156&rotl($e,5); # A2
157
158&rotr($b,1); # B1 <- F
159 &add($f,$e); # tot+=a
160
161############################
162# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
163# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
164$n++;
165 local($n0,$n1,$n2,$n3,$np)=&Na($n);
166 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
167
168
169&mov($f,&swtmp($n0)); # X1
170 &mov($tmp1,&swtmp($n1)); # X2
171&xor($f,$tmp1); # X3
172 &mov($tmp1,&swtmp($n2)); # X4
173&xor($f,$tmp1); # X5
174 &mov($tmp1,&swtmp($n3)); # X6
175&rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN
176 &xor($f,$tmp1); # X7 - slot
177&rotl($f,1); # X8 - slot
178 &mov($tmp1,$c); # F1
179&xor($tmp1,$d); # F2
180 &mov(&swtmp($n0),$f); # X9 - anytime
181&and($tmp1,$b); # F3
182 &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
183
184&xor($tmp1,$d); # F4
185 &mov($e,$a); # A1
186
187&rotl($e,5); # A2
188
189&rotr($b,1); # B1 <- F
190 &add($f,$e); # tot+=a
191
192&rotr($b,1); # B1 <- F
193 &add($f,$tmp1); # tot+=F();
194
195 } 145 }
196 146
197sub BODY_20_39 147sub BODY_20_39
@@ -201,42 +151,21 @@ sub BODY_20_39
201 &comment("20_39 $n"); 151 &comment("20_39 $n");
202 local($n0,$n1,$n2,$n3,$np)=&Na($n); 152 local($n0,$n1,$n2,$n3,$np)=&Na($n);
203 153
204&mov($f,&swtmp($n0)); # X1 154 &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
205 &mov($tmp1,&swtmp($n1)); # X2 155 &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d)
206&xor($f,$tmp1); # X3 156 &xor($f,&swtmp($n1));
207 &mov($tmp1,&swtmp($n2)); # X4 157 &rotr($b,2); # b=ROTATE(b,30)
208&xor($f,$tmp1); # X5 158 &xor($f,&swtmp($n2));
209 &mov($tmp1,&swtmp($n3)); # X6 159 &xor($tmp1,$c);
210&xor($f,$tmp1); # X7 - slot 160 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
211 &mov($tmp1,$b); # F1 161 &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d)
212&rotl($f,1); # X8 - slot 162 &rotl($f,1); # f=ROTATE(f,1)
213 &xor($tmp1,$c); # F2 163 &mov(&swtmp($n0),$f); # xi=f
214&mov(&swtmp($n0),$f); # X9 - anytime 164 &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e
215 &xor($tmp1,$d); # F3 165 &mov($e,$a); # e becomes volatile
216 166 &rotl($e,5); # e=ROTATE(a,5)
217&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 167 &add($f,$tmp1); # f+=F_20_39(b,c,d)
218 &mov($e,$a); # A1 168 &add($f,$e); # f+=ROTATE(a,5)
219
220&rotl($e,5); # A2
221
222if ($n != 79) # last loop
223 {
224 &rotr($b,1); # B1 <- F
225 &add($e,$tmp1); # tmp1=F()+a
226
227 &rotr($b,1); # B2 <- F
228 &add($f,$e); # tot+=tmp1;
229 }
230else
231 {
232 &add($e,$tmp1); # tmp1=F()+a
233 &mov($tmp1,&wparam(0));
234
235 &rotr($b,1); # B1 <- F
236 &add($f,$e); # tot+=tmp1;
237
238 &rotr($b,1); # B2 <- F
239 }
240 } 169 }
241 170
242sub BODY_40_59 171sub BODY_40_59
@@ -244,70 +173,27 @@ sub BODY_40_59
244 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; 173 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
245 174
246 &comment("40_59 $n"); 175 &comment("40_59 $n");
247 return if $n & 1;
248 local($n0,$n1,$n2,$n3,$np)=&Na($n); 176 local($n0,$n1,$n2,$n3,$np)=&Na($n);
249 177
250&mov($f,&swtmp($n0)); # X1 178 &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
251 &mov($tmp1,&swtmp($n1)); # X2 179 &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d)
252&xor($f,$tmp1); # X3 180 &xor($f,&swtmp($n1));
253 &mov($tmp1,&swtmp($n2)); # X4 181 &or($tmp1,$c);
254&xor($f,$tmp1); # X5 182 &xor($f,&swtmp($n2));
255 &mov($tmp1,&swtmp($n3)); # X6 183 &and($tmp1,$d);
256&xor($f,$tmp1); # X7 - slot 184 &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
257 &mov($tmp1,$b); # F1 185 &rotl($f,1); # f=ROTATE(f,1)
258&rotl($f,1); # X8 - slot 186 &mov(&swtmp($n0),$f); # xi=f
259 &or($tmp1,$c); # F2 187 &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e
260&mov(&swtmp($n0),$f); # X9 - anytime 188 &mov($e,$b); # e becomes volatile and is used
261 &and($tmp1,$d); # F3 189 # to calculate F_40_59(b,c,d)
262 190 &rotr($b,2); # b=ROTATE(b,30)
263&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e 191 &and($e,$c);
264 &mov($e,$b); # F4 192 &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d)
265 193 &mov($e,$a);
266&rotr($b,1); # B1 <- F 194 &rotl($e,5); # e=ROTATE(a,5)
267 &and($e,$c); # F5 195 &add($tmp1,$e); # tmp1+=ROTATE(a,5)
268 196 &add($f,$tmp1); # f+=tmp1;
269&or($tmp1,$e); # F6
270 &mov($e,$a); # A1
271
272&rotl($e,5); # A2
273
274&add($tmp1,$e); # tmp1=F()+a
275
276############################
277# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
278# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
279$n++;
280 local($n0,$n1,$n2,$n3,$np)=&Na($n);
281 ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
282
283 &mov($f,&swtmp($n0)); # X1
284&add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1
285 &mov($tmp1,&swtmp($n1)); # X2
286&xor($f,$tmp1); # X3
287 &mov($tmp1,&swtmp($n2)); # X4
288&xor($f,$tmp1); # X5
289 &mov($tmp1,&swtmp($n3)); # X6
290&rotr($c,1); # B2 <- F # moved was rotr b,1
291 &xor($f,$tmp1); # X7 - slot
292&rotl($f,1); # X8 - slot
293 &mov($tmp1,$b); # F1
294&mov(&swtmp($n0),$f); # X9 - anytime
295 &or($tmp1,$c); # F2
296&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
297 &mov($e,$b); # F4
298&and($tmp1,$d); # F3
299 &and($e,$c); # F5
300
301&or($tmp1,$e); # F6
302 &mov($e,$a); # A1
303
304&rotl($e,5); # A2
305
306&rotr($b,1); # B1 <- F
307 &add($tmp1,$e); # tmp1=F()+a
308
309&rotr($b,1); # B2 <- F
310 &add($f,$tmp1); # tot+=tmp1;
311 } 197 }
312 198
313sub BODY_60_79 199sub BODY_60_79
@@ -495,8 +381,7 @@ sub sha1_block_data
495 # C -> E 381 # C -> E
496 # D -> T 382 # D -> T
497 383
498 # The last 2 have been moved into the last loop 384 &mov($tmp1,&wparam(0));
499 # &mov($tmp1,&wparam(0));
500 385
501 &mov($D, &DWP(12,$tmp1,"",0)); 386 &mov($D, &DWP(12,$tmp1,"",0));
502 &add($D,$B); 387 &add($D,$B);
diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c
index 8973921778..7588966cb2 100644
--- a/src/lib/libssl/src/crypto/threads/mttest.c
+++ b/src/lib/libssl/src/crypto/threads/mttest.c
@@ -243,7 +243,7 @@ bad:
243 goto end; 243 goto end;
244 } 244 }
245 245
246 if (cipher == NULL && issetugid() == 0) 246 if (cipher == NULL && OPENSSL_issetugid() == 0)
247 cipher=getenv("SSL_CIPHER"); 247 cipher=getenv("SSL_CIPHER");
248 248
249 SSL_load_error_strings(); 249 SSL_load_error_strings();
diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c
index 33c86d76ef..dbc9711a2d 100644
--- a/src/lib/libssl/src/crypto/ui/ui_lib.c
+++ b/src/lib/libssl/src/crypto/ui/ui_lib.c
@@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
430 len += sizeof(prompt3) - 1; 430 len += sizeof(prompt3) - 1;
431 431
432 prompt = (char *)OPENSSL_malloc(len + 1); 432 prompt = (char *)OPENSSL_malloc(len + 1);
433 strlcpy(prompt, prompt1, len + 1); 433 BUF_strlcpy(prompt, prompt1, len + 1);
434 strlcat(prompt, object_desc, len + 1); 434 BUF_strlcat(prompt, object_desc, len + 1);
435 if (object_name) 435 if (object_name)
436 { 436 {
437 strlcat(prompt, prompt2, len + 1); 437 BUF_strlcat(prompt, prompt2, len + 1);
438 strlcat(prompt, object_name, len + 1); 438 BUF_strlcat(prompt, object_name, len + 1);
439 } 439 }
440 strlcat(prompt, prompt3, len + 1); 440 BUF_strlcat(prompt, prompt3, len + 1);
441 } 441 }
442 return prompt; 442 return prompt;
443 } 443 }
@@ -865,8 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
865 return -1; 865 return -1;
866 } 866 }
867 867
868 strlcpy(uis->result_buf, result, 868 BUF_strlcpy(uis->result_buf, result,
869 uis->_.string_data.result_maxsize + 1); 869 uis->_.string_data.result_maxsize + 1);
870 break; 870 break;
871 case UIT_BOOLEAN: 871 case UIT_BOOLEAN:
872 { 872 {
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index a5c306f1fd..6207340472 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
302 k=0; 302 k=0;
303 for (;;) 303 for (;;)
304 { 304 {
305 snprintf(b->data,b->max,"%s/%08lx.%s%d",ctx->dirs[i],h, 305 char c = '/';
306 postfix,k); 306#ifdef OPENSSL_SYS_VMS
307 c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
308 if (c != ':' && c != '>' && c != ']')
309 {
310 /* If no separator is present, we assume the
311 directory specifier is a logical name, and
312 add a colon. We really should use better
313 VMS routines for merging things like this,
314 but this will do for now...
315 -- Richard Levitte */
316 c = ':';
317 }
318 else
319 {
320 c = '\0';
321 }
322#endif
323 if (c == '\0')
324 {
325 /* This is special. When c == '\0', no
326 directory separator should be added. */
327 BIO_snprintf(b->data,b->max,
328 "%s%08lx.%s%d",ctx->dirs[i],h,
329 postfix,k);
330 }
331 else
332 {
333 BIO_snprintf(b->data,b->max,
334 "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
335 postfix,k);
336 }
307 k++; 337 k++;
308 if (stat(b->data,&st) < 0) 338 if (stat(b->data,&st) < 0)
309 break; 339 break;
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h
index eaad5685a8..8d0c7e2e17 100644
--- a/src/lib/libssl/src/crypto/x509/x509.h
+++ b/src/lib/libssl/src/crypto/x509/x509.h
@@ -810,10 +810,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
810X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); 810X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
811X509_NAME *X509_NAME_dup(X509_NAME *xn); 811X509_NAME *X509_NAME_dup(X509_NAME *xn);
812X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); 812X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
813#ifndef OPENSSL_NO_RSA
814RSA *RSAPublicKey_dup(RSA *rsa);
815RSA *RSAPrivateKey_dup(RSA *rsa);
816#endif
817 813
818#endif /* !SSLEAY_MACROS */ 814#endif /* !SSLEAY_MACROS */
819 815
diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c
index 9d09ae17e8..e31ebc6741 100644
--- a/src/lib/libssl/src/crypto/x509/x509_txt.c
+++ b/src/lib/libssl/src/crypto/x509/x509_txt.c
@@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n)
147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: 147 case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
148 return("unhandled critical extension"); 148 return("unhandled critical extension");
149 149
150 case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
151 return("key usage does not include CRL signing");
152
153 case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
154 return("unhandled critical CRL extension");
155
150 default: 156 default:
151 snprintf(buf,sizeof buf,"error number %ld",n); 157 BIO_snprintf(buf,sizeof buf,"error number %ld",n);
152 return(buf); 158 return(buf);
153 } 159 }
154 } 160 }
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index 2bb21b443e..2e4d0b823a 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
383 /* Check all untrusted certificates */ 383 /* Check all untrusted certificates */
384 for (i = 0; i < ctx->last_untrusted; i++) 384 for (i = 0; i < ctx->last_untrusted; i++)
385 { 385 {
386 int ret;
386 x = sk_X509_value(ctx->chain, i); 387 x = sk_X509_value(ctx->chain, i);
387 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) 388 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
388 && (x->ex_flags & EXFLAG_CRITICAL)) 389 && (x->ex_flags & EXFLAG_CRITICAL))
@@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
393 ok=cb(0,ctx); 394 ok=cb(0,ctx);
394 if (!ok) goto end; 395 if (!ok) goto end;
395 } 396 }
396 if (!X509_check_purpose(x, ctx->purpose, i)) 397 ret = X509_check_purpose(x, ctx->purpose, i);
398 if ((ret == 0)
399 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
400 && (ret != 1)))
397 { 401 {
398 if (i) 402 if (i)
399 ctx->error = X509_V_ERR_INVALID_CA; 403 ctx->error = X509_V_ERR_INVALID_CA;
@@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
537 541
538 if(issuer) 542 if(issuer)
539 { 543 {
544 /* Check for cRLSign bit if keyUsage present */
545 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
546 !(issuer->ex_kusage & KU_CRL_SIGN))
547 {
548 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
549 ok = ctx->verify_cb(0, ctx);
550 if(!ok) goto err;
551 }
540 552
541 /* Attempt to get issuer certificate public key */ 553 /* Attempt to get issuer certificate public key */
542 ikey = X509_get_pubkey(issuer); 554 ikey = X509_get_pubkey(issuer);
@@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
611 { 623 {
612 int idx, ok; 624 int idx, ok;
613 X509_REVOKED rtmp; 625 X509_REVOKED rtmp;
626 STACK_OF(X509_EXTENSION) *exts;
627 X509_EXTENSION *ext;
614 /* Look for serial number of certificate in CRL */ 628 /* Look for serial number of certificate in CRL */
615 rtmp.serialNumber = X509_get_serialNumber(x); 629 rtmp.serialNumber = X509_get_serialNumber(x);
616 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); 630 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
617 /* Not found: OK */ 631 /* If found assume revoked: want something cleverer than
618 if(idx == -1) return 1;
619 /* Otherwise revoked: want something cleverer than
620 * this to handle entry extensions in V2 CRLs. 632 * this to handle entry extensions in V2 CRLs.
621 */ 633 */
622 ctx->error = X509_V_ERR_CERT_REVOKED; 634 if(idx >= 0)
623 ok = ctx->verify_cb(0, ctx); 635 {
624 return ok; 636 ctx->error = X509_V_ERR_CERT_REVOKED;
637 ok = ctx->verify_cb(0, ctx);
638 if (!ok) return 0;
639 }
640
641 if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
642 return 1;
643
644 /* See if we have any critical CRL extensions: since we
645 * currently don't handle any CRL extensions the CRL must be
646 * rejected.
647 * This code accesses the X509_CRL structure directly: applications
648 * shouldn't do this.
649 */
650
651 exts = crl->crl->extensions;
652
653 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
654 {
655 ext = sk_X509_EXTENSION_value(exts, idx);
656 if (ext->critical > 0)
657 {
658 ctx->error =
659 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
660 ok = ctx->verify_cb(0, ctx);
661 if(!ok) return 0;
662 break;
663 }
664 }
665 return 1;
625 } 666 }
626 667
627static int internal_verify(X509_STORE_CTX *ctx) 668static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.h b/src/lib/libssl/src/crypto/x509/x509_vfy.h
index f0be21f452..198495884c 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.h
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.h
@@ -304,17 +304,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
304 304
305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 305#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 306#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
307#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
308#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
307 309
308/* The application is not happy */ 310/* The application is not happy */
309#define X509_V_ERR_APPLICATION_VERIFICATION 50 311#define X509_V_ERR_APPLICATION_VERIFICATION 50
310 312
311/* Certificate verify flags */ 313/* Certificate verify flags */
312 314
313#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */ 315/* Send issuer+subject checks to verify_cb */
314#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */ 316#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
315#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */ 317/* Use check time instead of current time */
316#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */ 318#define X509_V_FLAG_USE_CHECK_TIME 0x2
317#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */ 319/* Lookup CRLs */
320#define X509_V_FLAG_CRL_CHECK 0x4
321/* Lookup CRLs for whole chain */
322#define X509_V_FLAG_CRL_CHECK_ALL 0x8
323/* Ignore unhandled critical extensions */
324#define X509_V_FLAG_IGNORE_CRITICAL 0x10
325/* Disable workarounds for broken certificates */
326#define X509_V_FLAG_X509_STRICT 0x20
318 327
319int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, 328int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
320 X509_NAME *name); 329 X509_NAME *name);
diff --git a/src/lib/libssl/src/crypto/x509/x509type.c b/src/lib/libssl/src/crypto/x509/x509type.c
index f78c2a6b43..c25959a742 100644
--- a/src/lib/libssl/src/crypto/x509/x509type.c
+++ b/src/lib/libssl/src/crypto/x509/x509type.c
@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
106 break; 106 break;
107 } 107 }
108 108
109 if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look 109 if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
110 for, not bytes */ 110 for, not bytes */
111 ret|=EVP_PKT_EXP; 111 ret|=EVP_PKT_EXP;
112 if(pkey==NULL) EVP_PKEY_free(pk); 112 if(pkey==NULL) EVP_PKEY_free(pk);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
index 0fae31a3a6..58b935a3b6 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -137,8 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
137 X509V3_add_value("IP Address","<invalid>", &ret); 137 X509V3_add_value("IP Address","<invalid>", &ret);
138 break; 138 break;
139 } 139 }
140 snprintf(oline, sizeof oline, "%d.%d.%d.%d", p[0], p[1], p[2], 140 BIO_snprintf(oline, sizeof oline,
141 p[3]); 141 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
142 X509V3_add_value("IP Address",oline, &ret); 142 X509V3_add_value("IP Address",oline, &ret);
143 break; 143 break;
144 144
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
index 894a8b94d8..f90829c574 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c
@@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = {
156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) 156IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
157 157
158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 158ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) 159 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) 160ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
161 161
162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) 162IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c
index 28cc00686a..53e3f48859 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_info.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c
@@ -121,9 +121,9 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
121 ERR_R_MALLOC_FAILURE); 121 ERR_R_MALLOC_FAILURE);
122 return NULL; 122 return NULL;
123 } 123 }
124 strlcpy(ntmp, objtmp, nlen); 124 BUF_strlcpy(ntmp, objtmp, nlen);
125 strlcat(ntmp, " - ", nlen); 125 BUF_strlcat(ntmp, " - ", nlen);
126 strlcat(ntmp, vtmp->name, nlen); 126 BUF_strlcat(ntmp, vtmp->name, nlen);
127 OPENSSL_free(vtmp->name); 127 OPENSSL_free(vtmp->name);
128 vtmp->name = ntmp; 128 vtmp->name = ntmp;
129 129
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
index 4d145f71fd..b3d1ae5d1c 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -3,7 +3,7 @@
3 * project 2001. 3 * project 2001.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
415 * 1 is a CA 415 * 1 is a CA
416 * 2 basicConstraints absent so "maybe" a CA 416 * 2 basicConstraints absent so "maybe" a CA
417 * 3 basicConstraints absent but self signed V1. 417 * 3 basicConstraints absent but self signed V1.
418 * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
418 */ 419 */
419 420
420#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) 421#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
@@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
436 } else { 437 } else {
437 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; 438 if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
438 /* If key usage present it must have certSign so tolerate it */ 439 /* If key usage present it must have certSign so tolerate it */
439 else if (x->ex_flags & EXFLAG_KUSAGE) return 3; 440 else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
440 else return 2; 441 else return 2;
441 } 442 }
442} 443}
diff --git a/src/lib/libssl/src/doc/apps/config.pod b/src/lib/libssl/src/doc/apps/config.pod
index ce874a42ce..8f823fa6d6 100644
--- a/src/lib/libssl/src/doc/apps/config.pod
+++ b/src/lib/libssl/src/doc/apps/config.pod
@@ -10,7 +10,8 @@ config - OpenSSL CONF library configuration files
10The OpenSSL CONF library can be used to read configuration files. 10The OpenSSL CONF library can be used to read configuration files.
11It is used for the OpenSSL master configuration file B<openssl.cnf> 11It is used for the OpenSSL master configuration file B<openssl.cnf>
12and in a few other places like B<SPKAC> files and certificate extension 12and in a few other places like B<SPKAC> files and certificate extension
13files for the B<x509> utility. 13files for the B<x509> utility. OpenSSL applications can also use the
14CONF library for their own purposes.
14 15
15A configuration file is divided into a number of sections. Each section 16A configuration file is divided into a number of sections. Each section
16starts with a line B<[ section_name ]> and ends when a new section is 17starts with a line B<[ section_name ]> and ends when a new section is
@@ -51,13 +52,146 @@ or the B<\> character. By making the last character of a line a B<\>
51a B<value> string can be spread across multiple lines. In addition 52a B<value> string can be spread across multiple lines. In addition
52the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized. 53the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
53 54
55=head1 OPENSSL LIBRARY CONFIGURATION
56
57In OpenSSL 0.9.7 and later applications can automatically configure certain
58aspects of OpenSSL using the master OpenSSL configuration file, or optionally
59an alternative configuration file. The B<openssl> utility includes this
60functionality: any sub command uses the master OpenSSL configuration file
61unless an option is used in the sub command to use an alternative configuration
62file.
63
64To enable library configuration the default section needs to contain an
65appropriate line which points to the main configuration section. The default
66name is B<openssl_conf> which is used by the B<openssl> utility. Other
67applications may use an alternative name such as B<myapplicaton_conf>.
68
69The configuration section should consist of a set of name value pairs which
70contain specific module configuration information. The B<name> represents
71the name of the I<configuration module> the meaning of the B<value> is
72module specific: it may, for example, represent a further configuration
73section containing configuration module specific information. E.g.
74
75 openssl_conf = openssl_init
76
77 [openssl_init]
78
79 oid_section = new_oids
80 engines = engine_section
81
82 [new_oids]
83
84 ... new oids here ...
85
86 [engine_section]
87
88 ... engine stuff here ...
89
90Currently there are two configuration modules. One for ASN1 objects another
91for ENGINE configuration.
92
93=head2 ASN1 OBJECT CONFIGURATION MODULE
94
95This module has the name B<oid_section>. The value of this variable points
96to a section containing name value pairs of OIDs: the name is the OID short
97and long name, the value is the numerical form of the OID. Although some of
98the B<openssl> utility sub commands already have their own ASN1 OBJECT section
99functionality not all do. By using the ASN1 OBJECT configuration module
100B<all> the B<openssl> utility sub commands can see the new objects as well
101as any compliant applications. For example:
102
103 [new_oids]
104
105 some_new_oid = 1.2.3.4
106 some_other_oid = 1.2.3.5
107
108=head2 ENGINE CONFIGURATION MODULE
109
110This ENGINE configuration module has the name B<engines>. The value of this
111variable points to a section containing further ENGINE configuration
112information.
113
114The section pointed to by B<engines> is a table of engine names (though see
115B<engine_id> below) and further sections containing configuration informations
116specific to each ENGINE.
117
118Each ENGINE specific section is used to set default algorithms, load
119dynamic, perform initialization and send ctrls. The actual operation performed
120depends on the I<command> name which is the name of the name value pair. The
121currently supported commands are listed below.
122
123For example:
124
125 [engine_section]
126
127 # Configure ENGINE named "foo"
128 foo = foo_section
129 # Configure ENGINE named "bar"
130 bar = bar_section
131
132 [foo_section]
133 ... foo ENGINE specific commands ...
134
135 [bar_section]
136 ... "bar" ENGINE specific commands ...
137
138The command B<engine_id> is used to give the ENGINE name. If used this
139command must be first. For example:
140
141 [engine_section]
142 # This would normally handle an ENGINE named "foo"
143 foo = foo_section
144
145 [foo_section]
146 # Override default name and use "myfoo" instead.
147 engine_id = myfoo
148
149The command B<dynamic_path> loads and adds an ENGINE from the given path. It
150is equivalent to sending the ctrls B<SO_PATH> with the path argument followed
151by B<LIST_ADD> with value 2 and B<LOAD> to the dynamic ENGINE. If this is
152not the required behaviour then alternative ctrls can be sent directly
153to the dynamic ENGINE using ctrl commands.
154
155The command B<init> determines whether to initialize the ENGINE. If the value
156is B<0> the ENGINE will not be initialized, if B<1> and attempt it made to
157initialized the ENGINE immediately. If the B<init> command is not present
158then an attempt will be made to initialize the ENGINE after all commands in
159its section have been processed.
160
161The command B<default_algorithms> sets the default algorithms an ENGINE will
162supply using the functions B<ENGINE_set_default_string()>
163
164If the name matches none of the above command names it is assumed to be a
165ctrl command which is sent to the ENGINE. The value of the command is the
166argument to the ctrl command. If the value is the string B<EMPTY> then no
167value is sent to the command.
168
169For example:
170
171
172 [engine_section]
173
174 # Configure ENGINE named "foo"
175 foo = foo_section
176
177 [foo_section]
178 # Load engine from DSO
179 dynamic_path = /some/path/fooengine.so
180 # A foo specific ctrl.
181 some_ctrl = some_value
182 # Another ctrl that doesn't take a value.
183 other_ctrl = EMPTY
184 # Supply all default algorithms
185 default_algorithms = ALL
186
54=head1 NOTES 187=head1 NOTES
55 188
56If a configuration file attempts to expand a variable that doesn't exist 189If a configuration file attempts to expand a variable that doesn't exist
57then an error is flagged and the file will not load. This can happen 190then an error is flagged and the file will not load. This can happen
58if an attempt is made to expand an environment variable that doesn't 191if an attempt is made to expand an environment variable that doesn't
59exist. For example the default OpenSSL master configuration file used 192exist. For example in a previous version of OpenSSL the default OpenSSL
60the value of B<HOME> which may not be defined on non Unix systems. 193master configuration file used the value of B<HOME> which may not be
194defined on non Unix systems and would cause an error.
61 195
62This can be worked around by including a B<default> section to provide 196This can be worked around by including a B<default> section to provide
63a default value: then if the environment lookup fails the default value 197a default value: then if the environment lookup fails the default value
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod
index 07dd80eabe..dc0f49ddca 100644
--- a/src/lib/libssl/src/doc/apps/openssl.pod
+++ b/src/lib/libssl/src/doc/apps/openssl.pod
@@ -329,7 +329,8 @@ L<passwd(1)|passwd(1)>,
329L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, 329L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
330L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, 330L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
331L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, 331L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
332L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, 332L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
333L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
333L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, 334L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
334L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> 335L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
335 336
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod
index d061326c1f..8d19079973 100644
--- a/src/lib/libssl/src/doc/apps/s_client.pod
+++ b/src/lib/libssl/src/doc/apps/s_client.pod
@@ -8,7 +8,7 @@ s_client - SSL/TLS client program
8=head1 SYNOPSIS 8=head1 SYNOPSIS
9 9
10B<openssl> B<s_client> 10B<openssl> B<s_client>
11[B<-connect> host:port>] 11[B<-connect host:port>]
12[B<-verify depth>] 12[B<-verify depth>]
13[B<-cert filename>] 13[B<-cert filename>]
14[B<-key filename>] 14[B<-key filename>]
@@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page.
208 208
209If the handshake fails then there are several possible causes, if it is 209If the handshake fails then there are several possible causes, if it is
210nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, 210nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
211B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried 211B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
212in case it is a buggy server. In particular you should play with these 212in case it is a buggy server. In particular you should play with these
213options B<before> submitting a bug report to an OpenSSL mailing list. 213options B<before> submitting a bug report to an OpenSSL mailing list.
214 214
@@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it
219requests a certificate. By using B<s_client> the CA list can be viewed 219requests a certificate. By using B<s_client> the CA list can be viewed
220and checked. However some servers only request client authentication 220and checked. However some servers only request client authentication
221after a specific URL is requested. To obtain the list in this case it 221after a specific URL is requested. To obtain the list in this case it
222is necessary to use the B<-prexit> command and send an HTTP request 222is necessary to use the B<-prexit> option and send an HTTP request
223for an appropriate page. 223for an appropriate page.
224 224
225If a certificate is specified on the command line using the B<-cert> 225If a certificate is specified on the command line using the B<-cert>
diff --git a/src/lib/libssl/src/doc/apps/smime.pod b/src/lib/libssl/src/doc/apps/smime.pod
index 2453dd2738..84b673f791 100644
--- a/src/lib/libssl/src/doc/apps/smime.pod
+++ b/src/lib/libssl/src/doc/apps/smime.pod
@@ -17,6 +17,9 @@ B<openssl> B<smime>
17[B<-rc2-40>] 17[B<-rc2-40>]
18[B<-rc2-64>] 18[B<-rc2-64>]
19[B<-rc2-128>] 19[B<-rc2-128>]
20[B<-aes128>]
21[B<-aes192>]
22[B<-aes256>]
20[B<-in file>] 23[B<-in file>]
21[B<-certfile file>] 24[B<-certfile file>]
22[B<-signer file>] 25[B<-signer file>]
@@ -126,11 +129,11 @@ B<-verify>. This directory must be a standard certificate directory: that
126is a hash of each subject name (using B<x509 -hash>) should be linked 129is a hash of each subject name (using B<x509 -hash>) should be linked
127to each certificate. 130to each certificate.
128 131
129=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128> 132=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256>
130 133
131the encryption algorithm to use. DES (56 bits), triple DES (168 bits) 134the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
132or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is 13540, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not
133used. Only used with B<-encrypt>. 136specified 40 bit RC2 is used. Only used with B<-encrypt>.
134 137
135=item B<-nointern> 138=item B<-nointern>
136 139
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
index a56ee2b92f..f0b731731f 100644
--- a/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
+++ b/src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
287 return 0; 287 return 0;
288 } 288 }
289 289
290 BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n"); 290 BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
291 BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n"); 291 BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
292 BIO_puts(sbio, "--------------------------------------------------\r\n"); 292 BIO_puts(sbio, "--------------------------------------------------\r\n");
293 293
294 for(;;) { 294 for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
301 } 301 }
302 302
303 BIO_puts(sbio, "--------------------------------------------------\r\n"); 303 BIO_puts(sbio, "--------------------------------------------------\r\n");
304 BIO_puts(sbio, "</pre>\r\n"); 304 BIO_puts(sbio, "\r\n");
305 305
306 /* Since there is a buffering BIO present we had better flush it */ 306 /* Since there is a buffering BIO present we had better flush it */
307 BIO_flush(sbio); 307 BIO_flush(sbio);
diff --git a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
index 5ce4add082..016381f3e9 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
@@ -2,7 +2,7 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5 EVP_BytesToKey - password based encryption routine 5EVP_BytesToKey - password based encryption routine
6 6
7=head1 SYNOPSIS 7=head1 SYNOPSIS
8 8
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 58afd8f0b8..faa992286b 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -4,7 +4,7 @@
4 4
5EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, 5EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
6EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, 6EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
7EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, 7EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
8EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, 8EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
9EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, 9EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
10EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - 10EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
diff --git a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
index 7c71bcbf3d..279b29c873 100644
--- a/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
+++ b/src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
@@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
9=head1 SYNOPSIS 9=head1 SYNOPSIS
10 10
11 #include <openssl/rsa.h> 11 #include <openssl/rsa.h>
12 #include <openssl/x509.h>
12 13
13 RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); 14 RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
14 15
@@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
31d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey 32d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
32structure. 33structure.
33 34
34d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a 35d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
35SubjectPublicKeyInfo (certificate public key) structure. 36a SubjectPublicKeyInfo (certificate public key) structure.
36 37
37d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey 38d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
38structure. 39structure.
diff --git a/src/lib/libssl/src/doc/crypto/des.pod b/src/lib/libssl/src/doc/crypto/des.pod
index 528c73acac..6f0cf1cc5e 100644
--- a/src/lib/libssl/src/doc/crypto/des.pod
+++ b/src/lib/libssl/src/doc/crypto/des.pod
@@ -283,7 +283,7 @@ DES_cbc_encrypt is used.
283=head1 NOTES 283=head1 NOTES
284 284
285Single-key DES is insecure due to its short key size. ECB mode is 285Single-key DES is insecure due to its short key size. ECB mode is
286not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>. 286not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
287 287
288The L<evp(3)|evp(3)> library provides higher-level encryption functions. 288The L<evp(3)|evp(3)> library provides higher-level encryption functions.
289 289
diff --git a/src/lib/libssl/src/doc/crypto/pem.pod b/src/lib/libssl/src/doc/crypto/pem.pod
index a4f8cc3337..8613114452 100644
--- a/src/lib/libssl/src/doc/crypto/pem.pod
+++ b/src/lib/libssl/src/doc/crypto/pem.pod
@@ -330,7 +330,7 @@ most of them are set to 0 or NULL.
330Read a certificate in PEM format from a BIO: 330Read a certificate in PEM format from a BIO:
331 331
332 X509 *x; 332 X509 *x;
333 x = PEM_read_bio(bp, NULL, 0, NULL); 333 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
334 if (x == NULL) 334 if (x == NULL)
335 { 335 {
336 /* Error */ 336 /* Error */
@@ -459,12 +459,12 @@ returned by EVP_bytestokey().
459The PEM read routines in some versions of OpenSSL will not correctly reuse 459The PEM read routines in some versions of OpenSSL will not correctly reuse
460an existing structure. Therefore the following: 460an existing structure. Therefore the following:
461 461
462 PEM_read_bio(bp, &x, 0, NULL); 462 PEM_read_bio_X509(bp, &x, 0, NULL);
463 463
464where B<x> already contains a valid certificate, may not work, whereas: 464where B<x> already contains a valid certificate, may not work, whereas:
465 465
466 X509_free(x); 466 X509_free(x);
467 x = PEM_read_bio(bp, NULL, 0, NULL); 467 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
468 468
469is guaranteed to work. 469is guaranteed to work.
470 470
diff --git a/src/lib/libssl/src/doc/crypto/ui.pod b/src/lib/libssl/src/doc/crypto/ui.pod
index 2b3535a746..6df68d604a 100644
--- a/src/lib/libssl/src/doc/crypto/ui.pod
+++ b/src/lib/libssl/src/doc/crypto/ui.pod
@@ -5,7 +5,7 @@
5UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, 5UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
6UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, 6UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
7UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, 7UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
8UI_add_error_string, UI_dup_error_string, UI_construct_prompt 8UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
9UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, 9UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
10UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, 10UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
11UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface 11UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
diff --git a/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod b/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod
index 2a98739114..42fa66b197 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
53 53
54=over 4 54=over 4
55 55
56=item 1 56=item 0
57 57
58The operation succeeded. 58The operation succeeded.
59 59
60=item 0 60=item 1
61 61
62The operation failed. Check the error queue to find out the reason. 62The operation failed. Check the error queue to find out the reason.
63 63
diff --git a/src/lib/libssl/src/doc/ssleay.txt b/src/lib/libssl/src/doc/ssleay.txt
index d19da310eb..d44d2f04a0 100644
--- a/src/lib/libssl/src/doc/ssleay.txt
+++ b/src/lib/libssl/src/doc/ssleay.txt
@@ -6245,7 +6245,7 @@ SSL_get_app_data
6245void SSL_CTX_set_default_verify 6245void SSL_CTX_set_default_verify
6246 6246
6247/* This callback, if set, totaly overrides the normal SSLeay verification 6247/* This callback, if set, totaly overrides the normal SSLeay verification
6248 * functions and should return 1 on successs and 0 on failure */ 6248 * functions and should return 1 on success and 0 on failure */
6249void SSL_CTX_set_cert_verify_callback 6249void SSL_CTX_set_cert_verify_callback
6250 6250
6251/* The following are the same as the equivilent SSL_xxx functions. 6251/* The following are the same as the equivilent SSL_xxx functions.
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 9ce236e0d2..6a272f6969 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,7 +1,7 @@
1%define libmaj 0 1%define libmaj 0
2%define libmin 9 2%define libmin 9
3%define librel 7 3%define librel 7
4%define librev c 4%define librev d
5Release: 1 5Release: 1
6 6
7%define openssldir /var/ssl 7%define openssldir /var/ssl
diff --git a/src/lib/libssl/src/os2/OS2-EMX.cmd b/src/lib/libssl/src/os2/OS2-EMX.cmd
index acab99ac39..5924b50b6d 100644
--- a/src/lib/libssl/src/os2/OS2-EMX.cmd
+++ b/src/lib/libssl/src/os2/OS2-EMX.cmd
@@ -64,3 +64,39 @@ echo RC5\32
64cd crypto\rc5\asm 64cd crypto\rc5\asm
65perl rc5-586.pl a.out > r5-os2.asm 65perl rc5-586.pl a.out > r5-os2.asm
66cd ..\..\.. 66cd ..\..\..
67
68cd os2
69
70if exist noname\backward_ssl.def goto nomkdir
71mkdir noname
72:nomkdir
73
74perl backwardify.pl crypto.def >backward_crypto.def
75perl backwardify.pl ssl.def >backward_ssl.def
76perl backwardify.pl -noname crypto.def >noname\backward_crypto.def
77perl backwardify.pl -noname ssl.def >noname\backward_ssl.def
78
79echo Creating backward compatibility forwarder dlls:
80echo crypto.dll
81gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085
82echo ssl.dll
83gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085
84
85echo Creating smaller backward compatibility forwarder dlls:
86echo These DLLs are not good for runtime resolution of symbols.
87echo noname\crypto.dll
88gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085
89echo noname\ssl.dll
90gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085
91
92echo Compressing forwarders (it is ok if lxlite is not found):
93lxlite *.dll noname/*.dll
94
95cd ..
96
97echo Now run:
98echo For static build:
99echo make -f OS2-EMX.mak
100echo For dynamic build:
101echo make -f OS2-EMX-DLL.mak
102echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll
diff --git a/src/lib/libssl/src/ssl/Makefile.ssl b/src/lib/libssl/src/ssl/Makefile.ssl
index e48b5cedfb..3ae3561ac1 100644
--- a/src/lib/libssl/src/ssl/Makefile.ssl
+++ b/src/lib/libssl/src/ssl/Makefile.ssl
@@ -55,14 +55,14 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
55top: 55top:
56 (cd ..; $(MAKE) DIRS=$(DIR) all) 56 (cd ..; $(MAKE) DIRS=$(DIR) all)
57 57
58all: lib shared 58all: shared
59 59
60lib: $(LIBOBJ) 60lib: $(LIBOBJ)
61 $(AR) $(LIB) $(LIBOBJ) 61 $(AR) $(LIB) $(LIBOBJ)
62 $(RANLIB) $(LIB) || echo Never mind. 62 $(RANLIB) $(LIB) || echo Never mind.
63 @touch lib 63 @touch lib
64 64
65shared: 65shared: lib
66 if [ -n "$(SHARED_LIBS)" ]; then \ 66 if [ -n "$(SHARED_LIBS)" ]; then \
67 (cd ..; $(MAKE) $(SHARED_LIB)); \ 67 (cd ..; $(MAKE) $(SHARED_LIB)); \
68 fi 68 fi
@@ -280,84 +280,82 @@ s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
280s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 280s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
281s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c 281s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
282s23_srvr.o: ssl_locl.h 282s23_srvr.o: ssl_locl.h
283s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 283s2_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
284s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h 284s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
285s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 285s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
286s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h 286s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
287s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 287s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
288s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h 288s2_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
289s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h 289s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
290s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h 290s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
291s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h 291s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
292s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 292s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
293s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h 293s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
294s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h 294s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
295s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 295s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
296s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 296s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
297s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 297s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
298s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 298s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
299s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h 299s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
300s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h 300s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
301s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h 301s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
302s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h 302s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
303s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 303s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
304s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 304s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
305s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 305s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
306s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h 306s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
307s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 307s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
308s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h 308s2_clnt.o: ssl_locl.h
309s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 309s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
310s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h 310s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
311s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 311s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
312s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h 312s2_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
313s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h 313s2_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
314s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h 314s2_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
315s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h 315s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
316s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h 316s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
317s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h 317s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
318s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 318s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
319s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h 319s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
320s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h 320s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
321s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 321s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
322s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 322s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
323s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 323s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
324s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 324s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
325s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h 325s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
326s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h 326s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
327s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 327s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
328s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h 328s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
329s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 329s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
330s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 330s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
331s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 331s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
332s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 332s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
333s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c 333s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
334s2_enc.o: ssl_locl.h 334s2_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
335s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 335s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
336s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h 336s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
337s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 337s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
338s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h 338s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
339s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h 339s2_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
340s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h 340s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
341s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h 341s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
342s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h 342s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
343s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h 343s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
344s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 344s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
345s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h 345s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
346s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h 346s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
347s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 347s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
348s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 348s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
349s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 349s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
350s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 350s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
351s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h 351s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
352s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h 352s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
353s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 353s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
354s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h 354s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
355s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 355s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
356s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 356s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
357s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 357s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
358s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 358s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
359s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
360s2_lib.o: ssl_locl.h
361s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h 359s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
362s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 360s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
363s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h 361s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -383,58 +381,57 @@ s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
383s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h 381s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
384s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 382s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
385s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h 383s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
386s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 384s2_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
387s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h 385s2_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
388s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 386s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
389s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h 387s2_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
390s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 388s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
391s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h 389s2_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
392s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h 390s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
393s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h 391s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
394s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h 392s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
395s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 393s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
396s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h 394s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
397s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h 395s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
398s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 396s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
399s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 397s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
400s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 398s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
401s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 399s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
402s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h 400s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
403s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h 401s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
404s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 402s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
405s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h 403s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
406s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 404s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
407s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 405s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
408s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 406s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
409s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 407s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
410s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c 408s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
411s2_pkt.o: ssl_locl.h 409s2_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
412s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 410s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
413s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h 411s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
414s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 412s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
415s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h 413s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
416s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h 414s2_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
417s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h 415s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
418s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h 416s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
419s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h 417s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
420s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h 418s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
421s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 419s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
422s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h 420s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
423s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h 421s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
424s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 422s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
425s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 423s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
426s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 424s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
427s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 425s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
428s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h 426s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
429s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h 427s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
430s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h 428s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
431s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h 429s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
432s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 430s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
433s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 431s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
434s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 432s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
435s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h 433s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
436s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 434s2_srvr.o: ssl_locl.h
437s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
438s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h 435s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
439s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 436s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
440s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h 437s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -461,32 +458,32 @@ s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
461s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h 458s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
462s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c 459s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
463s3_both.o: ssl_locl.h 460s3_both.o: ssl_locl.h
464s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 461s3_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
465s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h 462s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
466s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 463s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
467s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h 464s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
468s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 465s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
469s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h 466s3_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
470s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h 467s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
471s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h 468s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
472s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h 469s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
473s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 470s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
474s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h 471s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
475s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h 472s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
476s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 473s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
477s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 474s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
478s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 475s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
479s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 476s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
480s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h 477s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
481s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h 478s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
482s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h 479s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
483s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h 480s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
484s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 481s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
485s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 482s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
486s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 483s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
487s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h 484s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
488s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 485s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
489s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h 486s3_clnt.o: s3_clnt.c ssl_locl.h
490s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h 487s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
491s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 488s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
492s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h 489s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -587,16 +584,15 @@ s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
587s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h 584s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
588s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 585s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
589s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h 586s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
590s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 587s3_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
591s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h 588s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
592s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 589s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
593s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h 590s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
594s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h 591s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
595s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h 592s3_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
596s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h 593s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
597s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h 594s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
598s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h 595s3_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
599s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
600s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h 596s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
601s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h 597s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
602s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h 598s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
@@ -639,32 +635,32 @@ ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
639ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h 635ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h
640ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 636ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
641ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h 637ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
642ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 638ssl_asn1.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
643ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h 639ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
644ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 640ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
645ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h 641ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
646ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h 642ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
647ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h 643ssl_asn1.o: ../include/openssl/des.h ../include/openssl/des_old.h
648ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h 644ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
649ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h 645ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/err.h
650ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h 646ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h
651ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h 647ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
652ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h 648ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
653ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h 649ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
654ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h 650ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
655ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 651ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
656ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 652ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
657ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h 653ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
658ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h 654ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
659ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h 655ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
660ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h 656ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
661ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h 657ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
662ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 658ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
663ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 659ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
664ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 660ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
665ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h 661ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
666ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 662ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
667ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h 663ssl_asn1.o: ssl_locl.h
668ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h 664ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
669ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 665ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
670ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h 666ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -766,33 +762,32 @@ ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
766ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h 762ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h
767ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 763ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
768ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c 764ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
769ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 765ssl_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
770ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h 766ssl_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
771ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 767ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
772ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h 768ssl_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
773ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h 769ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
774ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h 770ssl_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
775ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h 771ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
776ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h 772ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
777ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h 773ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
778ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h 774ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
779ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h 775ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
780ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h 776ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
781ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h 777ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
782ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 778ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
783ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 779ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
784ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h 780ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
785ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h 781ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
786ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h 782ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
787ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h 783ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
788ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h 784ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
789ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 785ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
790ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 786ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
791ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 787ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
792ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h 788ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
793ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 789ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
794ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h 790ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
795ssl_lib.o: ssl_lib.c ssl_locl.h
796ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h 791ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
797ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 792ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
798ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h 793ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -818,32 +813,32 @@ ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
818ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h 813ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h
819ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 814ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
820ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c 815ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
821ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h 816ssl_sess.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
822ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h 817ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
823ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h 818ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
824ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h 819ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
825ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h 820ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
826ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h 821ssl_sess.o: ../include/openssl/des_old.h ../include/openssl/dh.h
827ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h 822ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
828ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h 823ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
829ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h 824ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h
830ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 825ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
831ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h 826ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
832ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h 827ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
833ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 828ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
834ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 829ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
835ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 830ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
836ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 831ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
837ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h 832ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
838ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h 833ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
839ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h 834ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
840ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h 835ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h
841ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 836ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
842ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 837ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
843ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 838ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
844ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h 839ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
845ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h 840ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
846ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c 841ssl_sess.o: ssl_sess.c
847ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h 842ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
848ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h 843ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
849ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h 844ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c
index 7c45f8ff4e..51378897f6 100644
--- a/src/lib/libssl/src/ssl/kssl.c
+++ b/src/lib/libssl/src/ssl/kssl.c
@@ -953,7 +953,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
953 printf("%s, authdata==0\n", label); 953 printf("%s, authdata==0\n", label);
954 return; 954 return;
955 } 955 }
956 printf("%s [%p]\n", label, adata); 956 printf("%s [%p]\n", label, (void *)adata);
957#if 0 957#if 0
958 { 958 {
959 int i; 959 int i;
@@ -1725,7 +1725,7 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
1725 return; 1725 return;
1726 } 1726 }
1727 else 1727 else
1728 printf("%p\n", kssl_ctx); 1728 printf("%p\n", (void *)kssl_ctx);
1729 1729
1730 printf("\tservice:\t%s\n", 1730 printf("\tservice:\t%s\n",
1731 (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); 1731 (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index d51b60e343..36f4a8b4c3 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1946,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1946 if (algs & SSL_kRSA) 1946 if (algs & SSL_kRSA)
1947 { 1947 {
1948 if (rsa == NULL 1948 if (rsa == NULL
1949 || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1949 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1950 { 1950 {
1951 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 1951 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
1952 goto f_err; 1952 goto f_err;
@@ -1958,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1958 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1958 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1959 { 1959 {
1960 if (dh == NULL 1960 if (dh == NULL
1961 || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1961 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1962 { 1962 {
1963 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); 1963 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
1964 goto f_err; 1964 goto f_err;
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 559924d368..92efb9597d 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -199,10 +199,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
199 COMP_METHOD *comp; 199 COMP_METHOD *comp;
200 const EVP_MD *m; 200 const EVP_MD *m;
201 EVP_MD_CTX md; 201 EVP_MD_CTX md;
202 int exp,n,i,j,k,cl; 202 int is_exp,n,i,j,k,cl;
203 int reuse_dd = 0; 203 int reuse_dd = 0;
204 204
205 exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 205 is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
206 c=s->s3->tmp.new_sym_enc; 206 c=s->s3->tmp.new_sym_enc;
207 m=s->s3->tmp.new_hash; 207 m=s->s3->tmp.new_hash;
208 if (s->s3->tmp.new_compression == NULL) 208 if (s->s3->tmp.new_compression == NULL)
@@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
276 p=s->s3->tmp.key_block; 276 p=s->s3->tmp.key_block;
277 i=EVP_MD_size(m); 277 i=EVP_MD_size(m);
278 cl=EVP_CIPHER_key_length(c); 278 cl=EVP_CIPHER_key_length(c);
279 j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? 279 j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
280 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; 280 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
281 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ 281 /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
282 k=EVP_CIPHER_iv_length(c); 282 k=EVP_CIPHER_iv_length(c);
283 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 283 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
284 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) 284 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
@@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
307 307
308 EVP_MD_CTX_init(&md); 308 EVP_MD_CTX_init(&md);
309 memcpy(mac_secret,ms,i); 309 memcpy(mac_secret,ms,i);
310 if (exp) 310 if (is_exp)
311 { 311 {
312 /* In here I set both the read and write key/iv to the 312 /* In here I set both the read and write key/iv to the
313 * same value since only the correct one will be used :-). 313 * same value since only the correct one will be used :-).
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 4ae8458259..913bd40eea 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value);
1357const char *SSL_alert_desc_string_long(int value); 1357const char *SSL_alert_desc_string_long(int value);
1358const char *SSL_alert_desc_string(int value); 1358const char *SSL_alert_desc_string(int value);
1359 1359
1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); 1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); 1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); 1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); 1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
1364int SSL_add_client_CA(SSL *ssl,X509 *x); 1364int SSL_add_client_CA(SSL *ssl,X509 *x);
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index da90078a37..2cfb615878 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
505 return(i); 505 return(i);
506 } 506 }
507 507
508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) 508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
509 { 509 {
510 if (*ca_list != NULL) 510 if (*ca_list != NULL)
511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); 511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
512 512
513 *ca_list=list; 513 *ca_list=name_list;
514 } 514 }
515 515
516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) 516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
532 return(ret); 532 return(ret);
533 } 533 }
534 534
535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) 535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
536 { 536 {
537 set_client_CA_list(&(s->client_CA),list); 537 set_client_CA_list(&(s->client_CA),name_list);
538 } 538 }
539 539
540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) 540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
541 { 541 {
542 set_client_CA_list(&(ctx->client_CA),list); 542 set_client_CA_list(&(ctx->client_CA),name_list);
543 } 543 }
544 544
545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) 545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 532fb4e80d..2d6eab20c3 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -340,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
340 } 340 }
341 341
342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, 343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
345 { 345 {
346 int i, list_num; 346 int i, co_list_num;
347 SSL_CIPHER *c; 347 SSL_CIPHER *c;
348 348
349 /* 349 /*
@@ -354,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
354 */ 354 */
355 355
356 /* Get the initial list of ciphers */ 356 /* Get the initial list of ciphers */
357 list_num = 0; /* actual count of ciphers */ 357 co_list_num = 0; /* actual count of ciphers */
358 for (i = 0; i < num_of_ciphers; i++) 358 for (i = 0; i < num_of_ciphers; i++)
359 { 359 {
360 c = ssl_method->get_cipher(i); 360 c = ssl_method->get_cipher(i);
361 /* drop those that use any of that is not available */ 361 /* drop those that use any of that is not available */
362 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 362 if ((c != NULL) && c->valid && !(c->algorithms & mask))
363 { 363 {
364 list[list_num].cipher = c; 364 co_list[co_list_num].cipher = c;
365 list[list_num].next = NULL; 365 co_list[co_list_num].next = NULL;
366 list[list_num].prev = NULL; 366 co_list[co_list_num].prev = NULL;
367 list[list_num].active = 0; 367 co_list[co_list_num].active = 0;
368 list_num++; 368 co_list_num++;
369#ifdef KSSL_DEBUG 369#ifdef KSSL_DEBUG
370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
371#endif /* KSSL_DEBUG */ 371#endif /* KSSL_DEBUG */
@@ -378,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
378 /* 378 /*
379 * Prepare linked list from list entries 379 * Prepare linked list from list entries
380 */ 380 */
381 for (i = 1; i < list_num - 1; i++) 381 for (i = 1; i < co_list_num - 1; i++)
382 { 382 {
383 list[i].prev = &(list[i-1]); 383 co_list[i].prev = &(co_list[i-1]);
384 list[i].next = &(list[i+1]); 384 co_list[i].next = &(co_list[i+1]);
385 } 385 }
386 if (list_num > 0) 386 if (co_list_num > 0)
387 { 387 {
388 (*head_p) = &(list[0]); 388 (*head_p) = &(co_list[0]);
389 (*head_p)->prev = NULL; 389 (*head_p)->prev = NULL;
390 (*head_p)->next = &(list[1]); 390 (*head_p)->next = &(co_list[1]);
391 (*tail_p) = &(list[list_num - 1]); 391 (*tail_p) = &(co_list[co_list_num - 1]);
392 (*tail_p)->prev = &(list[list_num - 2]); 392 (*tail_p)->prev = &(co_list[co_list_num - 2]);
393 (*tail_p)->next = NULL; 393 (*tail_p)->next = NULL;
394 } 394 }
395 } 395 }
@@ -435,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
435 435
436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, 436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
437 unsigned long algo_strength, unsigned long mask_strength, 437 unsigned long algo_strength, unsigned long mask_strength,
438 int rule, int strength_bits, CIPHER_ORDER *list, 438 int rule, int strength_bits, CIPHER_ORDER *co_list,
439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
440 { 440 {
441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -530,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
530 *tail_p = tail; 530 *tail_p = tail;
531 } 531 }
532 532
533static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, 533static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
534 CIPHER_ORDER **tail_p) 534 CIPHER_ORDER **head_p,
535 CIPHER_ORDER **tail_p)
535 { 536 {
536 int max_strength_bits, i, *number_uses; 537 int max_strength_bits, i, *number_uses;
537 CIPHER_ORDER *curr; 538 CIPHER_ORDER *curr;
@@ -576,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
576 for (i = max_strength_bits; i >= 0; i--) 577 for (i = max_strength_bits; i >= 0; i--)
577 if (number_uses[i] > 0) 578 if (number_uses[i] > 0)
578 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, 579 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
579 list, head_p, tail_p); 580 co_list, head_p, tail_p);
580 581
581 OPENSSL_free(number_uses); 582 OPENSSL_free(number_uses);
582 return(1); 583 return(1);
583 } 584 }
584 585
585static int ssl_cipher_process_rulestr(const char *rule_str, 586static int ssl_cipher_process_rulestr(const char *rule_str,
586 CIPHER_ORDER *list, CIPHER_ORDER **head_p, 587 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
587 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 588 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
588 { 589 {
589 unsigned long algorithms, mask, algo_strength, mask_strength; 590 unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -708,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
708 ok = 0; 709 ok = 0;
709 if ((buflen == 8) && 710 if ((buflen == 8) &&
710 !strncmp(buf, "STRENGTH", 8)) 711 !strncmp(buf, "STRENGTH", 8))
711 ok = ssl_cipher_strength_sort(list, 712 ok = ssl_cipher_strength_sort(co_list,
712 head_p, tail_p); 713 head_p, tail_p);
713 else 714 else
714 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 715 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -728,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
728 { 729 {
729 ssl_cipher_apply_rule(algorithms, mask, 730 ssl_cipher_apply_rule(algorithms, mask,
730 algo_strength, mask_strength, rule, -1, 731 algo_strength, mask_strength, rule, -1,
731 list, head_p, tail_p); 732 co_list, head_p, tail_p);
732 } 733 }
733 else 734 else
734 { 735 {
@@ -750,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
750 unsigned long disabled_mask; 751 unsigned long disabled_mask;
751 STACK_OF(SSL_CIPHER) *cipherstack; 752 STACK_OF(SSL_CIPHER) *cipherstack;
752 const char *rule_p; 753 const char *rule_p;
753 CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; 754 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
754 SSL_CIPHER **ca_list = NULL; 755 SSL_CIPHER **ca_list = NULL;
755 756
756 /* 757 /*
@@ -780,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
780#ifdef KSSL_DEBUG 781#ifdef KSSL_DEBUG
781 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 782 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
782#endif /* KSSL_DEBUG */ 783#endif /* KSSL_DEBUG */
783 list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 784 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
784 if (list == NULL) 785 if (co_list == NULL)
785 { 786 {
786 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 787 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
787 return(NULL); /* Failure */ 788 return(NULL); /* Failure */
788 } 789 }
789 790
790 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 791 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
791 list, &head, &tail); 792 co_list, &head, &tail);
792 793
793 /* 794 /*
794 * We also need cipher aliases for selecting based on the rule_str. 795 * We also need cipher aliases for selecting based on the rule_str.
@@ -804,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
804 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 805 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
805 if (ca_list == NULL) 806 if (ca_list == NULL)
806 { 807 {
807 OPENSSL_free(list); 808 OPENSSL_free(co_list);
808 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 809 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
809 return(NULL); /* Failure */ 810 return(NULL); /* Failure */
810 } 811 }
@@ -820,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
820 if (strncmp(rule_str,"DEFAULT",7) == 0) 821 if (strncmp(rule_str,"DEFAULT",7) == 0)
821 { 822 {
822 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 823 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
823 list, &head, &tail, ca_list); 824 co_list, &head, &tail, ca_list);
824 rule_p += 7; 825 rule_p += 7;
825 if (*rule_p == ':') 826 if (*rule_p == ':')
826 rule_p++; 827 rule_p++;
827 } 828 }
828 829
829 if (ok && (strlen(rule_p) > 0)) 830 if (ok && (strlen(rule_p) > 0))
830 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, 831 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
831 ca_list); 832 ca_list);
832 833
833 OPENSSL_free(ca_list); /* Not needed anymore */ 834 OPENSSL_free(ca_list); /* Not needed anymore */
834 835
835 if (!ok) 836 if (!ok)
836 { /* Rule processing failure */ 837 { /* Rule processing failure */
837 OPENSSL_free(list); 838 OPENSSL_free(co_list);
838 return(NULL); 839 return(NULL);
839 } 840 }
840 /* 841 /*
@@ -843,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
843 */ 844 */
844 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 845 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
845 { 846 {
846 OPENSSL_free(list); 847 OPENSSL_free(co_list);
847 return(NULL); 848 return(NULL);
848 } 849 }
849 850
@@ -861,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
861#endif 862#endif
862 } 863 }
863 } 864 }
864 OPENSSL_free(list); /* Not needed any longer */ 865 OPENSSL_free(co_list); /* Not needed any longer */
865 866
866 /* 867 /*
867 * The following passage is a little bit odd. If pointer variables 868 * The following passage is a little bit odd. If pointer variables
@@ -911,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
911char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 912char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
912 { 913 {
913 int is_export,pkl,kl; 914 int is_export,pkl,kl;
914 char *ver,*exp; 915 char *ver,*exp_str;
915 char *kx,*au,*enc,*mac; 916 char *kx,*au,*enc,*mac;
916 unsigned long alg,alg2,alg_s; 917 unsigned long alg,alg2,alg_s;
917#ifdef KSSL_DEBUG 918#ifdef KSSL_DEBUG
@@ -927,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
927 is_export=SSL_C_IS_EXPORT(cipher); 928 is_export=SSL_C_IS_EXPORT(cipher);
928 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 929 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
929 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 930 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
930 exp=is_export?" export":""; 931 exp_str=is_export?" export":"";
931 932
932 if (alg & SSL_SSLV2) 933 if (alg & SSL_SSLV2)
933 ver="SSLv2"; 934 ver="SSLv2";
@@ -1046,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1046 return("Buffer too small"); 1047 return("Buffer too small");
1047 1048
1048#ifdef KSSL_DEBUG 1049#ifdef KSSL_DEBUG
1049 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); 1050 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1050#else 1051#else
1051 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); 1052 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1052#endif /* KSSL_DEBUG */ 1053#endif /* KSSL_DEBUG */
1053 return(buf); 1054 return(buf);
1054 } 1055 }
@@ -1135,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1135 { 1136 {
1136 MemCheck_on(); 1137 MemCheck_on();
1137 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1138 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1138 return(0); 1139 return(1);
1139 } 1140 }
1140 else 1141 else
1141 { 1142 {
1142 MemCheck_on(); 1143 MemCheck_on();
1143 return(1); 1144 return(0);
1144 } 1145 }
1145 } 1146 }
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 84c25d2c30..033f309ffe 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -565,7 +565,14 @@ bad:
565 if (cm != NULL) 565 if (cm != NULL)
566 { 566 {
567 if (cm->type != NID_undef) 567 if (cm->type != NID_undef)
568 SSL_COMP_add_compression_method(comp, cm); 568 {
569 if (SSL_COMP_add_compression_method(comp, cm) != 0)
570 {
571 fprintf(stderr,
572 "Failed to add compression method\n");
573 ERR_print_errors_fp(stderr);
574 }
575 }
569 else 576 else
570 { 577 {
571 fprintf(stderr, 578 fprintf(stderr,
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index c538f9dffb..b4bc0457e5 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -277,6 +277,8 @@ $defs= <<"EOF";
277 277
278EOF 278EOF
279 279
280$defs .= $preamble if defined $preamble;
281
280if ($platform eq "VC-CE") 282if ($platform eq "VC-CE")
281 { 283 {
282 $defs.= <<"EOF"; 284 $defs.= <<"EOF";
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
index cdd2164c4e..01a1bfda19 100644
--- a/src/lib/libssl/src/util/mkdef.pl
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -1116,27 +1116,55 @@ sub print_test_file
1116 } 1116 }
1117} 1117}
1118 1118
1119sub get_version {
1120 local *MF;
1121 my $v = '?';
1122 open MF, 'Makefile.ssl' or return $v;
1123 while (<MF>) {
1124 $v = $1, last if /^VERSION=(.*?)\s*$/;
1125 }
1126 close MF;
1127 return $v;
1128}
1129
1119sub print_def_file 1130sub print_def_file
1120{ 1131{
1121 (*OUT,my $name,*nums,my @symbols)=@_; 1132 (*OUT,my $name,*nums,my @symbols)=@_;
1122 my $n = 1; my @e; my @r; my @v; my $prev=""; 1133 my $n = 1; my @e; my @r; my @v; my $prev="";
1123 my $liboptions=""; 1134 my $liboptions="";
1135 my $libname = $name;
1136 my $http_vendor = 'www.openssl.org/';
1137 my $version = get_version();
1138 my $what = "OpenSSL: implementation of Secure Socket Layer";
1139 my $description = "$what $version, $name - http://$http_vendor";
1124 1140
1125 if ($W32) 1141 if ($W32)
1126 { $name.="32"; } 1142 { $libname.="32"; }
1127 elsif ($W16) 1143 elsif ($W16)
1128 { $name.="16"; } 1144 { $libname.="16"; }
1129 elsif ($OS2) 1145 elsif ($OS2)
1130 { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } 1146 { # DLL names should not clash on the whole system.
1147 # However, they should not have any particular relationship
1148 # to the name of the static library. Chose descriptive names
1149 # (must be at most 8 chars).
1150 my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
1151 $libname = $translate{$name} || $name;
1152 $liboptions = <<EOO;
1153INITINSTANCE
1154DATA MULTIPLE NONSHARED
1155EOO
1156 # Vendor field can't contain colon, drat; so we omit http://
1157 $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
1158 }
1131 1159
1132 print OUT <<"EOF"; 1160 print OUT <<"EOF";
1133; 1161;
1134; Definition file for the DLL version of the $name library from OpenSSL 1162; Definition file for the DLL version of the $name library from OpenSSL
1135; 1163;
1136 1164
1137LIBRARY $name $liboptions 1165LIBRARY $libname $liboptions
1138 1166
1139DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' 1167DESCRIPTION '$description'
1140 1168
1141EOF 1169EOF
1142 1170
diff --git a/src/lib/libssl/src/util/pl/OS2-EMX.pl b/src/lib/libssl/src/util/pl/OS2-EMX.pl
index d695dda623..ddb3524210 100644
--- a/src/lib/libssl/src/util/pl/OS2-EMX.pl
+++ b/src/lib/libssl/src/util/pl/OS2-EMX.pl
@@ -3,10 +3,12 @@
3# OS2-EMX.pl - for EMX GCC on OS/2 3# OS2-EMX.pl - for EMX GCC on OS/2
4# 4#
5 5
6$o='\\'; 6$o='/';
7$cp='copy'; 7$cp='cp';
8$rm='rm -f'; 8$rm='rm -f';
9 9
10$preamble = "SHELL=sh\n";
11
10# C compiler stuff 12# C compiler stuff
11 13
12$cc='gcc'; 14$cc='gcc';
@@ -48,24 +50,24 @@ $bf_enc_src="";
48 50
49if (!$no_asm) 51if (!$no_asm)
50 { 52 {
51 $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj"; 53 $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
52 $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm"; 54 $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
53 $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj"; 55 $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
54 $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm"; 56 $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
55 $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj"; 57 $bf_enc_obj="crypto/bf/asm/b-os2$obj";
56 $bf_enc_src="crypto\\bf\\asm\\b-os2.asm"; 58 $bf_enc_src="crypto/bf/asm/b-os2.asm";
57 $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj"; 59 $cast_enc_obj="crypto/cast/asm/c-os2$obj";
58 $cast_enc_src="crypto\\cast\\asm\\c-os2.asm"; 60 $cast_enc_src="crypto/cast/asm/c-os2.asm";
59 $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj"; 61 $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
60 $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm"; 62 $rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
61 $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj"; 63 $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
62 $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm"; 64 $rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
63 $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj"; 65 $md5_asm_obj="crypto/md5/asm/m5-os2$obj";
64 $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm"; 66 $md5_asm_src="crypto/md5/asm/m5-os2.asm";
65 $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj"; 67 $sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
66 $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm"; 68 $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
67 $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj"; 69 $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
68 $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm"; 70 $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
69 } 71 }
70 72
71if ($shlib) 73if ($shlib)
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 4ae8458259..913bd40eea 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value);
1357const char *SSL_alert_desc_string_long(int value); 1357const char *SSL_alert_desc_string_long(int value);
1358const char *SSL_alert_desc_string(int value); 1358const char *SSL_alert_desc_string(int value);
1359 1359
1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); 1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); 1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); 1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); 1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
1364int SSL_add_client_CA(SSL *ssl,X509 *x); 1364int SSL_add_client_CA(SSL *ssl,X509 *x);
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index da90078a37..2cfb615878 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
505 return(i); 505 return(i);
506 } 506 }
507 507
508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) 508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
509 { 509 {
510 if (*ca_list != NULL) 510 if (*ca_list != NULL)
511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); 511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
512 512
513 *ca_list=list; 513 *ca_list=name_list;
514 } 514 }
515 515
516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) 516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
532 return(ret); 532 return(ret);
533 } 533 }
534 534
535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) 535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
536 { 536 {
537 set_client_CA_list(&(s->client_CA),list); 537 set_client_CA_list(&(s->client_CA),name_list);
538 } 538 }
539 539
540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) 540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
541 { 541 {
542 set_client_CA_list(&(ctx->client_CA),list); 542 set_client_CA_list(&(ctx->client_CA),name_list);
543 } 543 }
544 544
545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) 545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 532fb4e80d..2d6eab20c3 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -340,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
340 } 340 }
341 341
342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, 343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
345 { 345 {
346 int i, list_num; 346 int i, co_list_num;
347 SSL_CIPHER *c; 347 SSL_CIPHER *c;
348 348
349 /* 349 /*
@@ -354,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
354 */ 354 */
355 355
356 /* Get the initial list of ciphers */ 356 /* Get the initial list of ciphers */
357 list_num = 0; /* actual count of ciphers */ 357 co_list_num = 0; /* actual count of ciphers */
358 for (i = 0; i < num_of_ciphers; i++) 358 for (i = 0; i < num_of_ciphers; i++)
359 { 359 {
360 c = ssl_method->get_cipher(i); 360 c = ssl_method->get_cipher(i);
361 /* drop those that use any of that is not available */ 361 /* drop those that use any of that is not available */
362 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 362 if ((c != NULL) && c->valid && !(c->algorithms & mask))
363 { 363 {
364 list[list_num].cipher = c; 364 co_list[co_list_num].cipher = c;
365 list[list_num].next = NULL; 365 co_list[co_list_num].next = NULL;
366 list[list_num].prev = NULL; 366 co_list[co_list_num].prev = NULL;
367 list[list_num].active = 0; 367 co_list[co_list_num].active = 0;
368 list_num++; 368 co_list_num++;
369#ifdef KSSL_DEBUG 369#ifdef KSSL_DEBUG
370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
371#endif /* KSSL_DEBUG */ 371#endif /* KSSL_DEBUG */
@@ -378,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
378 /* 378 /*
379 * Prepare linked list from list entries 379 * Prepare linked list from list entries
380 */ 380 */
381 for (i = 1; i < list_num - 1; i++) 381 for (i = 1; i < co_list_num - 1; i++)
382 { 382 {
383 list[i].prev = &(list[i-1]); 383 co_list[i].prev = &(co_list[i-1]);
384 list[i].next = &(list[i+1]); 384 co_list[i].next = &(co_list[i+1]);
385 } 385 }
386 if (list_num > 0) 386 if (co_list_num > 0)
387 { 387 {
388 (*head_p) = &(list[0]); 388 (*head_p) = &(co_list[0]);
389 (*head_p)->prev = NULL; 389 (*head_p)->prev = NULL;
390 (*head_p)->next = &(list[1]); 390 (*head_p)->next = &(co_list[1]);
391 (*tail_p) = &(list[list_num - 1]); 391 (*tail_p) = &(co_list[co_list_num - 1]);
392 (*tail_p)->prev = &(list[list_num - 2]); 392 (*tail_p)->prev = &(co_list[co_list_num - 2]);
393 (*tail_p)->next = NULL; 393 (*tail_p)->next = NULL;
394 } 394 }
395 } 395 }
@@ -435,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
435 435
436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, 436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
437 unsigned long algo_strength, unsigned long mask_strength, 437 unsigned long algo_strength, unsigned long mask_strength,
438 int rule, int strength_bits, CIPHER_ORDER *list, 438 int rule, int strength_bits, CIPHER_ORDER *co_list,
439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
440 { 440 {
441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -530,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
530 *tail_p = tail; 530 *tail_p = tail;
531 } 531 }
532 532
533static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, 533static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
534 CIPHER_ORDER **tail_p) 534 CIPHER_ORDER **head_p,
535 CIPHER_ORDER **tail_p)
535 { 536 {
536 int max_strength_bits, i, *number_uses; 537 int max_strength_bits, i, *number_uses;
537 CIPHER_ORDER *curr; 538 CIPHER_ORDER *curr;
@@ -576,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
576 for (i = max_strength_bits; i >= 0; i--) 577 for (i = max_strength_bits; i >= 0; i--)
577 if (number_uses[i] > 0) 578 if (number_uses[i] > 0)
578 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, 579 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
579 list, head_p, tail_p); 580 co_list, head_p, tail_p);
580 581
581 OPENSSL_free(number_uses); 582 OPENSSL_free(number_uses);
582 return(1); 583 return(1);
583 } 584 }
584 585
585static int ssl_cipher_process_rulestr(const char *rule_str, 586static int ssl_cipher_process_rulestr(const char *rule_str,
586 CIPHER_ORDER *list, CIPHER_ORDER **head_p, 587 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
587 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 588 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
588 { 589 {
589 unsigned long algorithms, mask, algo_strength, mask_strength; 590 unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -708,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
708 ok = 0; 709 ok = 0;
709 if ((buflen == 8) && 710 if ((buflen == 8) &&
710 !strncmp(buf, "STRENGTH", 8)) 711 !strncmp(buf, "STRENGTH", 8))
711 ok = ssl_cipher_strength_sort(list, 712 ok = ssl_cipher_strength_sort(co_list,
712 head_p, tail_p); 713 head_p, tail_p);
713 else 714 else
714 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 715 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -728,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
728 { 729 {
729 ssl_cipher_apply_rule(algorithms, mask, 730 ssl_cipher_apply_rule(algorithms, mask,
730 algo_strength, mask_strength, rule, -1, 731 algo_strength, mask_strength, rule, -1,
731 list, head_p, tail_p); 732 co_list, head_p, tail_p);
732 } 733 }
733 else 734 else
734 { 735 {
@@ -750,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
750 unsigned long disabled_mask; 751 unsigned long disabled_mask;
751 STACK_OF(SSL_CIPHER) *cipherstack; 752 STACK_OF(SSL_CIPHER) *cipherstack;
752 const char *rule_p; 753 const char *rule_p;
753 CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; 754 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
754 SSL_CIPHER **ca_list = NULL; 755 SSL_CIPHER **ca_list = NULL;
755 756
756 /* 757 /*
@@ -780,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
780#ifdef KSSL_DEBUG 781#ifdef KSSL_DEBUG
781 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 782 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
782#endif /* KSSL_DEBUG */ 783#endif /* KSSL_DEBUG */
783 list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 784 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
784 if (list == NULL) 785 if (co_list == NULL)
785 { 786 {
786 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 787 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
787 return(NULL); /* Failure */ 788 return(NULL); /* Failure */
788 } 789 }
789 790
790 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 791 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
791 list, &head, &tail); 792 co_list, &head, &tail);
792 793
793 /* 794 /*
794 * We also need cipher aliases for selecting based on the rule_str. 795 * We also need cipher aliases for selecting based on the rule_str.
@@ -804,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
804 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 805 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
805 if (ca_list == NULL) 806 if (ca_list == NULL)
806 { 807 {
807 OPENSSL_free(list); 808 OPENSSL_free(co_list);
808 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 809 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
809 return(NULL); /* Failure */ 810 return(NULL); /* Failure */
810 } 811 }
@@ -820,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
820 if (strncmp(rule_str,"DEFAULT",7) == 0) 821 if (strncmp(rule_str,"DEFAULT",7) == 0)
821 { 822 {
822 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 823 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
823 list, &head, &tail, ca_list); 824 co_list, &head, &tail, ca_list);
824 rule_p += 7; 825 rule_p += 7;
825 if (*rule_p == ':') 826 if (*rule_p == ':')
826 rule_p++; 827 rule_p++;
827 } 828 }
828 829
829 if (ok && (strlen(rule_p) > 0)) 830 if (ok && (strlen(rule_p) > 0))
830 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, 831 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
831 ca_list); 832 ca_list);
832 833
833 OPENSSL_free(ca_list); /* Not needed anymore */ 834 OPENSSL_free(ca_list); /* Not needed anymore */
834 835
835 if (!ok) 836 if (!ok)
836 { /* Rule processing failure */ 837 { /* Rule processing failure */
837 OPENSSL_free(list); 838 OPENSSL_free(co_list);
838 return(NULL); 839 return(NULL);
839 } 840 }
840 /* 841 /*
@@ -843,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
843 */ 844 */
844 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 845 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
845 { 846 {
846 OPENSSL_free(list); 847 OPENSSL_free(co_list);
847 return(NULL); 848 return(NULL);
848 } 849 }
849 850
@@ -861,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
861#endif 862#endif
862 } 863 }
863 } 864 }
864 OPENSSL_free(list); /* Not needed any longer */ 865 OPENSSL_free(co_list); /* Not needed any longer */
865 866
866 /* 867 /*
867 * The following passage is a little bit odd. If pointer variables 868 * The following passage is a little bit odd. If pointer variables
@@ -911,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
911char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 912char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
912 { 913 {
913 int is_export,pkl,kl; 914 int is_export,pkl,kl;
914 char *ver,*exp; 915 char *ver,*exp_str;
915 char *kx,*au,*enc,*mac; 916 char *kx,*au,*enc,*mac;
916 unsigned long alg,alg2,alg_s; 917 unsigned long alg,alg2,alg_s;
917#ifdef KSSL_DEBUG 918#ifdef KSSL_DEBUG
@@ -927,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
927 is_export=SSL_C_IS_EXPORT(cipher); 928 is_export=SSL_C_IS_EXPORT(cipher);
928 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 929 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
929 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 930 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
930 exp=is_export?" export":""; 931 exp_str=is_export?" export":"";
931 932
932 if (alg & SSL_SSLV2) 933 if (alg & SSL_SSLV2)
933 ver="SSLv2"; 934 ver="SSLv2";
@@ -1046,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1046 return("Buffer too small"); 1047 return("Buffer too small");
1047 1048
1048#ifdef KSSL_DEBUG 1049#ifdef KSSL_DEBUG
1049 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); 1050 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1050#else 1051#else
1051 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); 1052 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1052#endif /* KSSL_DEBUG */ 1053#endif /* KSSL_DEBUG */
1053 return(buf); 1054 return(buf);
1054 } 1055 }
@@ -1135,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1135 { 1136 {
1136 MemCheck_on(); 1137 MemCheck_on();
1137 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1138 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1138 return(0); 1139 return(1);
1139 } 1140 }
1140 else 1141 else
1141 { 1142 {
1142 MemCheck_on(); 1143 MemCheck_on();
1143 return(1); 1144 return(0);
1144 } 1145 }
1145 } 1146 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 23:34:23 +0000