From ee26f086217016f09154412b171ad62a33a346f6 Mon Sep 17 00:00:00 2001 From: djm <> Date: Mon, 6 Apr 2009 06:33:20 +0000 Subject: resolve conflicts --- src/lib/libcrypto/asn1/asn1.h | 3 +++ src/lib/libcrypto/asn1/asn1_err.c | 2 ++ src/lib/libcrypto/asn1/asn1_par.c | 2 ++ src/lib/libcrypto/asn1/asn_mime.c | 2 -- src/lib/libcrypto/asn1/tasn_dec.c | 44 +++++++++++++++++++++++++++---------- src/lib/libcrypto/bio/bss_mem.c | 22 ++++++++++--------- src/lib/libcrypto/bio/bss_sock.c | 5 +++++ src/lib/libcrypto/cms/cms_smime.c | 4 ++-- src/lib/libcrypto/conf/conf_mod.c | 2 +- src/lib/libcrypto/crypto-lib.com | 8 +++---- src/lib/libcrypto/dh/dh.h | 4 +--- src/lib/libcrypto/dh/dh_err.c | 2 -- src/lib/libcrypto/evp/evp_test.c | 10 ++++----- src/lib/libcrypto/opensslv.h | 6 ++--- src/lib/libcrypto/pem/pem.h | 4 ++++ src/lib/libcrypto/pkcs12/p12_crt.c | 3 +++ src/lib/libcrypto/pkcs7/pk7_smime.c | 3 +-- src/lib/libcrypto/rand/rand_unix.c | 2 +- src/lib/libcrypto/rand/randfile.c | 4 ++-- src/lib/libcrypto/symhacks.h | 4 ++++ src/lib/libcrypto/ui/ui_lib.c | 1 + src/lib/libcrypto/util/domd | 2 +- src/lib/libcrypto/util/libeay.num | 3 ++- src/lib/libcrypto/util/pl/VC-32.pl | 6 ++--- src/lib/libcrypto/x509/x509_cmp.c | 3 ++- src/lib/libcrypto/x509v3/v3_addr.c | 33 ++++++++++++++++------------ src/lib/libcrypto/x509v3/v3_cpols.c | 7 +++++- 27 files changed, 122 insertions(+), 69 deletions(-) (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 424cd348bb..e3385226d4 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h @@ -612,6 +612,7 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_GENERALIZEDTIME #define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ B_ASN1_PRINTABLESTRING| \ B_ASN1_T61STRING| \ B_ASN1_IA5STRING| \ @@ -1217,6 +1218,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -1306,6 +1308,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c index f8a3e2e6cd..5f5de98eed 100644 --- a/src/lib/libcrypto/asn1/asn1_err.c +++ b/src/lib/libcrypto/asn1/asn1_err.c @@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, +{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, {ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, @@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, +{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c index 501b62a4b1..8657f73d66 100644 --- a/src/lib/libcrypto/asn1/asn1_par.c +++ b/src/lib/libcrypto/asn1/asn1_par.c @@ -213,6 +213,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || + (tag == V_ASN1_NUMERICSTRING) || + (tag == V_ASN1_UTF8STRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c index bc80b20d63..d8d9e76cc0 100644 --- a/src/lib/libcrypto/asn1/asn_mime.c +++ b/src/lib/libcrypto/asn1/asn_mime.c @@ -152,7 +152,6 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) { - const EVP_MD *md; int i, have_unknown = 0, write_comma, md_nid; have_unknown = 0; write_comma = 0; @@ -162,7 +161,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) BIO_write(out, ",", 1); write_comma = 1; md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); - md = EVP_get_digestbynid(md_nid); switch(md_nid) { case NID_sha1: diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index ced641698e..48bc1c0d4d 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c @@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, - char inf, int tag, int aclass); + char inf, int tag, int aclass, int depth); static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); @@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, err: ASN1_template_free(val, tt); - *val = NULL; return 0; } @@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, err: ASN1_template_free(val, tt); - *val = NULL; return 0; } @@ -878,7 +876,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, * internally irrespective of the type. So instead just check * for UNIVERSAL class and ignore the tag. */ - if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) + if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { free_cont = 1; goto err; @@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, case V_ASN1_SET: case V_ASN1_SEQUENCE: default: + if (utype == V_ASN1_BMPSTRING && (len & 1)) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_BMPSTRING_IS_WRONG_LENGTH); + goto err; + } + if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); + goto err; + } /* All based on ASN1_STRING and handled the same */ if (!*pval) { @@ -1128,8 +1138,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) * if it is indefinite length. */ +#ifndef ASN1_MAX_STRING_NEST +/* This determines how many levels of recursion are permitted in ASN1 + * string types. If it is not limited stack overflows can occur. If set + * to zero no recursion is allowed at all. Although zero should be adequate + * examples exist that require a value of 1. So 5 should be more than enough. + */ +#define ASN1_MAX_STRING_NEST 5 +#endif + + static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, - char inf, int tag, int aclass) + char inf, int tag, int aclass, int depth) { const unsigned char *p, *q; long plen; @@ -1171,13 +1191,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, /* If indefinite length constructed update max length */ if (cst) { -#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS - if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) + if (depth >= ASN1_MAX_STRING_NEST) + { + ASN1err(ASN1_F_ASN1_COLLECT, + ASN1_R_NESTED_ASN1_STRING); + return 0; + } + if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, + depth + 1)) return 0; -#else - ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); - return 0; -#endif } else if (plen && !collect_data(buf, &p, plen)) return 0; diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c index a4edb711ae..e7ab9cb3a3 100644 --- a/src/lib/libcrypto/bio/bss_mem.c +++ b/src/lib/libcrypto/bio/bss_mem.c @@ -284,6 +284,7 @@ static int mem_gets(BIO *bp, char *buf, int size) BIO_clear_retry_flags(bp); j=bm->length; + if ((size-1) < j) j=size-1; if (j <= 0) { *buf='\0'; @@ -292,17 +293,18 @@ static int mem_gets(BIO *bp, char *buf, int size) p=bm->data; for (i=0; i 0) buf[i]='\0'; ret=i; diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c index 472dd75821..30c3ceab46 100644 --- a/src/lib/libcrypto/bio/bss_sock.c +++ b/src/lib/libcrypto/bio/bss_sock.c @@ -60,6 +60,9 @@ #include #define USE_SOCKETS #include "cryptlib.h" + +#ifndef OPENSSL_NO_SOCK + #include #ifdef WATT32 @@ -300,3 +303,5 @@ int BIO_sock_non_fatal_error(int err) } return(0); } + +#endif /* #ifndef OPENSSL_NO_SOCK */ diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c index b9463f9abb..f35883aa22 100644 --- a/src/lib/libcrypto/cms/cms_smime.c +++ b/src/lib/libcrypto/cms/cms_smime.c @@ -298,7 +298,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, CMS_R_STORE_INIT_ERROR); goto err; } - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN); + X509_STORE_CTX_set_default(&ctx, "smime_sign"); if (crls) X509_STORE_CTX_set0_crls(&ctx, crls); @@ -425,7 +425,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (!CMS_SignerInfo_verify_content(si, cmsbio)) + if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR); diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c index e286378cb1..ee9c677d9b 100644 --- a/src/lib/libcrypto/conf/conf_mod.c +++ b/src/lib/libcrypto/conf/conf_mod.c @@ -588,7 +588,7 @@ int CONF_parse_list(const char *list_, int sep, int nospc, { if (nospc) { - while(isspace((unsigned char)*lstart)) + while(*lstart && isspace((unsigned char)*lstart)) lstart++; } p = strchr(lstart, sep); diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com index db9c882fb0..e72af90822 100644 --- a/src/lib/libcrypto/crypto-lib.com +++ b/src/lib/libcrypto/crypto-lib.com @@ -169,7 +169,7 @@ $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" $ LIB_MDC2 = "mdc2dgst,mdc2_one" $ LIB_HMAC = "hmac" $ LIB_RIPEMD = "rmd_dgst,rmd_one" -$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - +$ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - "enc_read,enc_writ,ofb64enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - @@ -191,7 +191,7 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - - "bn_depr,bn_const" + "bn_depr,bn_x931p,bn_const,bn_opt" $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - "ec2_smpl,ec2_mult" @@ -211,7 +211,7 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - - "aes_ctr,aes_ige" + "aes_ctr,aes_ige,aes_wrap" $ LIB_BUFFER = "buffer,buf_str,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - @@ -246,7 +246,7 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - "f_int,f_string,n_pkey,"+ - - "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - + "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h index 0a39742773..10475ac4b3 100644 --- a/src/lib/libcrypto/dh/dh.h +++ b/src/lib/libcrypto/dh/dh.h @@ -122,7 +122,7 @@ struct dh_st int version; BIGNUM *p; BIGNUM *g; - int length; /* optional */ + long length; /* optional */ BIGNUM *pub_key; /* g^x */ BIGNUM *priv_key; /* x */ @@ -238,8 +238,6 @@ void ERR_load_DH_strings(void); #define DH_R_KEY_SIZE_TOO_SMALL 104 #define DH_R_MODULUS_TOO_LARGE 103 #define DH_R_NO_PRIVATE_VALUE 100 -#define DH_R_INVALID_PUBKEY 102 -#define DH_R_MODULUS_TOO_LARGE 103 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c index b364362fca..13263c81c1 100644 --- a/src/lib/libcrypto/dh/dh_err.c +++ b/src/lib/libcrypto/dh/dh_err.c @@ -90,8 +90,6 @@ static ERR_STRING_DATA DH_str_reasons[]= {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, -{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, -{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {0,NULL} }; diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index bb6f02c2e9..436be20bf1 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c @@ -220,18 +220,18 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, test1_exit(7); } - if(outl+outl2 != cn) + if(outl+outl2 != pn) { fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", - outl+outl2,cn); + outl+outl2,pn); test1_exit(8); } - if(memcmp(out,plaintext,cn)) + if(memcmp(out,plaintext,pn)) { fprintf(stderr,"Plaintext mismatch\n"); - hexdump(stderr,"Got",out,cn); - hexdump(stderr,"Expected",plaintext,cn); + hexdump(stderr,"Got",out,pn); + hexdump(stderr,"Expected",plaintext,pn); test1_exit(9); } } diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h index 09687b5136..c6207f76b2 100644 --- a/src/lib/libcrypto/opensslv.h +++ b/src/lib/libcrypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009080afL +#define OPENSSL_VERSION_NUMBER 0x009080bfL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j-fips 07 Jan 2009" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k-fips 25 Mar 2009" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j 07 Jan 2009" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k 25 Mar 2009" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index 6f8e01544b..6c193f1cbf 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h @@ -215,7 +215,9 @@ typedef struct pem_ctx_st #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ #else @@ -355,6 +357,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_read_fp(name, type) /**/ #define DECLARE_PEM_write_fp(name, type) /**/ +#define DECLARE_PEM_write_fp_const(name, type) /**/ #define DECLARE_PEM_write_cb_fp(name, type) /**/ #else @@ -392,6 +395,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_read_bio(name, type) /**/ #define DECLARE_PEM_write_bio(name, type) /**/ +#define DECLARE_PEM_write_bio_const(name, type) /**/ #define DECLARE_PEM_write_cb_bio(name, type) /**/ #endif diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c index e863de52ce..9522342fa5 100644 --- a/src/lib/libcrypto/pkcs12/p12_crt.c +++ b/src/lib/libcrypto/pkcs12/p12_crt.c @@ -170,6 +170,9 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, p12 = PKCS12_add_safes(safes, 0); + if (!p12) + goto err; + sk_PKCS7_pop_free(safes, PKCS7_free); safes = NULL; diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index c34db1d6fe..fd18ec3d95 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c @@ -229,8 +229,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, sk_X509_free(signers); return 0; } - X509_STORE_CTX_set_purpose(&cert_ctx, - X509_PURPOSE_SMIME_SIGN); + X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); sk_X509_free(signers); diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c index 964d25833c..58c6173094 100644 --- a/src/lib/libcrypto/rand/rand_unix.c +++ b/src/lib/libcrypto/rand/rand_unix.c @@ -226,7 +226,7 @@ int RAND_poll(void) t.tv_sec = 0; t.tv_usec = usec; - if (FD_SETSIZE > 0 && fd >= FD_SETSIZE) + if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) { /* can't use select, so just try to read once anyway */ try_read = 1; diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index f63fbc1731..d108353bbc 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c @@ -261,7 +261,7 @@ const char *RAND_file_name(char *buf, size_t size) struct stat sb; #endif - if (issetugid() == 0) + if (OPENSSL_issetugid() == 0) s=getenv("RANDFILE"); if (s != NULL && *s && strlen(s) + 1 < size) { @@ -270,7 +270,7 @@ const char *RAND_file_name(char *buf, size_t size) } else { - if (issetugid() == 0) + if (OPENSSL_issetugid() == 0) s=getenv("HOME"); #ifdef DEFAULT_HOME if (s == NULL) diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h index 6cfb5fe479..8728e6124d 100644 --- a/src/lib/libcrypto/symhacks.h +++ b/src/lib/libcrypto/symhacks.h @@ -62,6 +62,10 @@ VAX. */ #ifdef OPENSSL_SYS_VMS +/* Hack a long name in crypto/cryptlib.c */ +#undef int_CRYPTO_set_do_dynlock_callback +#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb + /* Hack a long name in crypto/ex_data.c */ #undef CRYPTO_get_ex_data_implementation #define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c index 7ab249c3be..ac0100808f 100644 --- a/src/lib/libcrypto/ui/ui_lib.c +++ b/src/lib/libcrypto/ui/ui_lib.c @@ -90,6 +90,7 @@ UI *UI_new_method(const UI_METHOD *method) ret->strings=NULL; ret->user_data=NULL; + ret->flags=0; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); return ret; } diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd index 691be7a440..560ebeaf82 100644 --- a/src/lib/libcrypto/util/domd +++ b/src/lib/libcrypto/util/domd @@ -22,7 +22,7 @@ if [ "$MAKEDEPEND" = "gcc" ]; then done sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp - gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp + ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new rm -f Makefile.tmp else diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index 0eb54ddc89..74eb337227 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num @@ -3667,7 +3667,8 @@ CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE -int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION: +int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION: +int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION: FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl index 166785db8d..8eb3c6c4bd 100644 --- a/src/lib/libcrypto/util/pl/VC-32.pl +++ b/src/lib/libcrypto/util/pl/VC-32.pl @@ -164,7 +164,7 @@ if ($FLAVOR =~ /NT/) $ex_libs="unicows.lib $ex_libs"; } # static library stuff -$mklib='lib'; +$mklib='lib /nologo'; $ranlib=''; $plib=""; $libp=".lib"; @@ -184,7 +184,7 @@ if ($nasm) { $asm.=' /Zi' if $debug; $afile='/Fo'; } else { - $asm='ml /Cp /coff /c /Cx'; + $asm='ml /nologo /Cp /coff /c /Cx'; $asm.=" /Zi" if $debug; $afile='/Fo'; } @@ -404,7 +404,7 @@ sub do_link_rule if ($standalone == 1) { $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; - $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); + $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); $ret.="$files $libs\n<<\n"; } elsif ($standalone == 2) diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index e4c682fc44..2faf92514a 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c @@ -288,7 +288,8 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) if (!(nabit & STR_TYPE_CMP) || !(nbbit & STR_TYPE_CMP)) return j; - j = asn1_string_memcmp(na->value, nb->value); + if (!asn1_string_memcmp(na->value, nb->value)) + j = 0; } else if (na->value->type == V_ASN1_PRINTABLESTRING) j=nocase_spacenorm_cmp(na->value, nb->value); diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index a37f844d3c..efdf7c3ba7 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c @@ -61,7 +61,7 @@ #include #include -#include + #include "cryptlib.h" #include #include @@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi) /* * Extract the AFI from an IPAddressFamily. */ -unsigned v3_addr_get_afi(const IPAddressFamily *f) +unsigned int v3_addr_get_afi(const IPAddressFamily *f) { return ((f != NULL && f->addressFamily != NULL && @@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr, const int length, const unsigned char fill) { - assert(bs->length >= 0 && bs->length <= length); + OPENSSL_assert(bs->length >= 0 && bs->length <= length); if (bs->length > 0) { memcpy(addr, bs->data, bs->length); if ((bs->flags & 7) != 0) { @@ -190,6 +190,8 @@ static int i2r_address(BIO *out, BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); if (i < 16) BIO_puts(out, ":"); + if (i == 0) + BIO_puts(out, ":"); break; default: for (i = 0; i < bs->length; i++) @@ -243,7 +245,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - const unsigned afi = v3_addr_get_afi(f); + const unsigned int afi = v3_addr_get_afi(f); switch (afi) { case IANA_AFI_IPV4: BIO_printf(out, "%*sIPv4", indent, ""); @@ -453,7 +455,7 @@ static int make_addressRange(IPAddressOrRange **result, if ((aor = IPAddressOrRange_new()) == NULL) return 0; aor->type = IPAddressOrRange_addressRange; - assert(aor->u.addressRange == NULL); + OPENSSL_assert(aor->u.addressRange == NULL); if ((aor->u.addressRange = IPAddressRange_new()) == NULL) goto err; if (aor->u.addressRange->min == NULL && @@ -522,7 +524,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { f = sk_IPAddressFamily_value(addr, i); - assert(f->addressFamily->data != NULL); + OPENSSL_assert(f->addressFamily->data != NULL); if (f->addressFamily->length == keylen && !memcmp(f->addressFamily->data, key, keylen)) return f; @@ -654,7 +656,7 @@ static void extract_min_max(IPAddressOrRange *aor, unsigned char *max, int length) { - assert(aor != NULL && min != NULL && max != NULL); + OPENSSL_assert(aor != NULL && min != NULL && max != NULL); switch (aor->type) { case IPAddressOrRange_addressPrefix: addr_expand(min, aor->u.addressPrefix, length, 0x00); @@ -880,7 +882,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) } (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); - assert(v3_addr_is_canonical(addr)); + OPENSSL_assert(v3_addr_is_canonical(addr)); return 1; } @@ -1127,7 +1129,10 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) for (i = 0; i < sk_IPAddressFamily_num(a); i++) { IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); int j = sk_IPAddressFamily_find(b, fa); - IPAddressFamily *fb = sk_IPAddressFamily_value(b, j); + IPAddressFamily *fb; + fb = sk_IPAddressFamily_value(b, j); + if (fb == NULL) + return 0; if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, fa->ipAddressChoice->u.addressesOrRanges, length_from_afi(v3_addr_get_afi(fb)))) @@ -1164,9 +1169,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, int i, j, ret = 1; X509 *x = NULL; - assert(chain != NULL && sk_X509_num(chain) > 0); - assert(ctx != NULL || ext != NULL); - assert(ctx == NULL || ctx->verify_cb != NULL); + OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); + OPENSSL_assert(ctx != NULL || ext != NULL); + OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); /* * Figure out where to start. If we don't have an extension to @@ -1178,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if ((ext = x->rfc3779_addr) == NULL) goto done; } @@ -1197,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - assert(x != NULL); + OPENSSL_assert(x != NULL); if (!v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_addr == NULL) { diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c index 95596055ab..ad0506d75c 100644 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ b/src/lib/libcrypto/x509v3/v3_cpols.c @@ -181,7 +181,11 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, pol = POLICYINFO_new(); pol->policyid = pobj; } - sk_POLICYINFO_push(pols, pol); + if (!sk_POLICYINFO_push(pols, pol)){ + POLICYINFO_free(pol); + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } } sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; @@ -447,3 +451,4 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } +IMPLEMENT_STACK_OF(X509_POLICY_NODE) -- cgit v1.2.3-55-g6feb