aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2004-03-17 15:49:33 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2004-03-17 15:49:33 +0000
commitced566fd0b59417323f6b6f17b51b25e942cff52 (patch)
treec6fe9e2dc64448f48fdaf5e0b2778005ccc1baac
parent81ac585294418460a598ae2c6d3eeaf0d993b18a (diff)
downloadsrc-ced566fd0b59417323f6b6f17b51b25e942cff52.tar.gz
src-ced566fd0b59417323f6b6f17b51b25e942cff52.zip
Vendor import of OpenSSL 0.9.7d.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=127128
-rw-r--r--crypto/openssl/CHANGES45
-rwxr-xr-xcrypto/openssl/Configure19
-rw-r--r--crypto/openssl/FAQ7
-rw-r--r--crypto/openssl/LICENSE2
-rw-r--r--crypto/openssl/Makefile.org10
-rw-r--r--crypto/openssl/Makefile.ssl22
-rw-r--r--crypto/openssl/NEWS8
-rw-r--r--crypto/openssl/README4
-rwxr-xr-xcrypto/openssl/apps/CA.pl2
-rw-r--r--crypto/openssl/apps/Makefile.ssl2
-rw-r--r--crypto/openssl/apps/apps.c563
-rw-r--r--crypto/openssl/apps/apps.h33
-rw-r--r--crypto/openssl/apps/asn1pars.c10
-rw-r--r--crypto/openssl/apps/ca.c549
-rw-r--r--crypto/openssl/apps/der_chop2
-rw-r--r--crypto/openssl/apps/dgst.c5
-rw-r--r--crypto/openssl/apps/enc.c6
-rw-r--r--crypto/openssl/apps/engine.c4
-rw-r--r--crypto/openssl/apps/ocsp.c46
-rw-r--r--crypto/openssl/apps/openssl.cnf5
-rw-r--r--crypto/openssl/apps/pkcs12.c4
-rw-r--r--crypto/openssl/apps/pkcs7.c3
-rw-r--r--crypto/openssl/apps/req.c42
-rw-r--r--crypto/openssl/apps/rsautl.c12
-rw-r--r--crypto/openssl/apps/s_socket.c2
-rw-r--r--crypto/openssl/apps/s_time.c6
-rw-r--r--crypto/openssl/apps/speed.c7
-rw-r--r--crypto/openssl/apps/x509.c86
-rw-r--r--crypto/openssl/certs/expired/vsign3.pem18
-rw-r--r--crypto/openssl/certs/vsign3.pem27
-rwxr-xr-xcrypto/openssl/config13
-rw-r--r--crypto/openssl/crypto/Makefile.ssl8
-rw-r--r--crypto/openssl/crypto/aes/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/aes/aes_cbc.c2
-rw-r--r--crypto/openssl/crypto/asn1/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/asn1/a_gentm.c9
-rw-r--r--crypto/openssl/crypto/asn1/a_mbstr.c4
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_time.c9
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c9
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c4
-rw-r--r--crypto/openssl/crypto/asn1/asn1_par.c6
-rw-r--r--crypto/openssl/crypto/asn1/asn_moid.c9
-rw-r--r--crypto/openssl/crypto/asn1/t_pkey.c4
-rw-r--r--crypto/openssl/crypto/asn1/x_long.c10
-rw-r--r--crypto/openssl/crypto/bf/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/bio/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/bio/b_dump.c32
-rw-r--r--crypto/openssl/crypto/bio/b_print.c12
-rw-r--r--crypto/openssl/crypto/bio/b_sock.c12
-rw-r--r--crypto/openssl/crypto/bio/bio_cb.c36
-rw-r--r--crypto/openssl/crypto/bio/bss_conn.c6
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c10
-rw-r--r--crypto/openssl/crypto/bn/Makefile.ssl5
-rw-r--r--crypto/openssl/crypto/bn/asm/bn-586.pl2
-rw-r--r--crypto/openssl/crypto/bn/asm/x86_64-gcc.c2
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h17
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c8
-rw-r--r--crypto/openssl/crypto/bn/bn_print.c5
-rw-r--r--crypto/openssl/crypto/buffer/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/cast/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/comp/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/conf/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/conf/conf_def.c6
-rw-r--r--crypto/openssl/crypto/conf/conf_mod.c12
-rw-r--r--crypto/openssl/crypto/cversion.c8
-rw-r--r--crypto/openssl/crypto/des/Makefile.ssl30
-rw-r--r--crypto/openssl/crypto/des/cfb_enc.c21
-rw-r--r--crypto/openssl/crypto/des/ecb_enc.c4
-rw-r--r--crypto/openssl/crypto/dh/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/dsa/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/dso/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/dso/dso_lib.c4
-rw-r--r--crypto/openssl/crypto/ec/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/ec/ecp_smpl.c2
-rw-r--r--crypto/openssl/crypto/engine/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/engine/eng_ctrl.c10
-rw-r--r--crypto/openssl/crypto/engine/eng_fat.c6
-rw-r--r--crypto/openssl/crypto/engine/engine.h27
-rw-r--r--crypto/openssl/crypto/engine/hw_cryptodev.c9
-rw-r--r--crypto/openssl/crypto/err/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/err/err.c2
-rw-r--r--crypto/openssl/crypto/evp/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/evp/bio_ok.c2
-rw-r--r--crypto/openssl/crypto/evp/digest.c15
-rw-r--r--crypto/openssl/crypto/evp/evp.h2
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c14
-rw-r--r--crypto/openssl/crypto/evp/evp_pbe.c2
-rw-r--r--crypto/openssl/crypto/evp/evp_pkey.c2
-rw-r--r--crypto/openssl/crypto/hmac/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/idea/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/krb5/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/lhash/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/md2/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/md4/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/md5/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/mem.c18
-rw-r--r--crypto/openssl/crypto/mem_dbg.c17
-rw-r--r--crypto/openssl/crypto/objects/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c4
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.pl4
-rw-r--r--crypto/openssl/crypto/ocsp/Makefile.ssl2
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_ext.c24
-rwxr-xr-xcrypto/openssl/crypto/ocsp/ocsp_lib.c1
-rw-r--r--crypto/openssl/crypto/ocsp/ocsp_vfy.c6
-rw-r--r--crypto/openssl/crypto/opensslconf.h11
-rw-r--r--crypto/openssl/crypto/opensslv.h4
-rw-r--r--crypto/openssl/crypto/pem/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c21
-rw-r--r--crypto/openssl/crypto/pem/pem_pkey.c4
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c58
-rw-r--r--crypto/openssl/crypto/rand/Makefile.ssl10
-rw-r--r--crypto/openssl/crypto/rand/rand_egd.c3
-rw-r--r--crypto/openssl/crypto/rand/rand_unix.c19
-rw-r--r--crypto/openssl/crypto/rand/rand_win.c2
-rw-r--r--crypto/openssl/crypto/rand/randfile.c71
-rw-r--r--crypto/openssl/crypto/rc2/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/rsa/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/sha/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-586.pl291
-rw-r--r--crypto/openssl/crypto/stack/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/threads/mttest.c3
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/ui/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/ui/ui_lib.c13
-rw-r--r--crypto/openssl/crypto/x509/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/x509/by_dir.c34
-rw-r--r--crypto/openssl/crypto/x509/x509.h4
-rw-r--r--crypto/openssl/crypto/x509/x509_txt.c8
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c55
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.h19
-rw-r--r--crypto/openssl/crypto/x509/x509type.c2
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/x509v3/v3_alt.c3
-rw-r--r--crypto/openssl/crypto/x509v3/v3_crld.c2
-rw-r--r--crypto/openssl/crypto/x509v3/v3_info.c11
-rw-r--r--crypto/openssl/crypto/x509v3/v3_purp.c5
-rw-r--r--crypto/openssl/doc/apps/config.pod140
-rw-r--r--crypto/openssl/doc/apps/openssl.pod3
-rw-r--r--crypto/openssl/doc/apps/s_client.pod6
-rw-r--r--crypto/openssl/doc/apps/s_time.pod173
-rw-r--r--crypto/openssl/doc/apps/smime.pod11
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_ssl.pod6
-rw-r--r--crypto/openssl/doc/crypto/CONF_modules_free.pod47
-rw-r--r--crypto/openssl/doc/crypto/CONF_modules_load_file.pod60
-rw-r--r--crypto/openssl/doc/crypto/EVP_BytesToKey.pod2
-rw-r--r--crypto/openssl/doc/crypto/EVP_DigestInit.pod2
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_config.pod82
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod51
-rw-r--r--crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod2
-rw-r--r--crypto/openssl/doc/crypto/RSA_print.pod2
-rw-r--r--crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod5
-rw-r--r--crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod5
-rw-r--r--crypto/openssl/doc/crypto/des.pod2
-rw-r--r--crypto/openssl/doc/crypto/pem.pod6
-rw-r--r--crypto/openssl/doc/crypto/ui.pod2
-rw-r--r--crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod4
-rw-r--r--crypto/openssl/doc/ssleay.txt2
-rw-r--r--crypto/openssl/openssl.spec2
-rw-r--r--crypto/openssl/ssl/Makefile.ssl491
-rw-r--r--crypto/openssl/ssl/kssl.c4
-rw-r--r--crypto/openssl/ssl/s2_clnt.c1
-rw-r--r--crypto/openssl/ssl/s2_enc.c1
-rw-r--r--crypto/openssl/ssl/s2_lib.c3
-rw-r--r--crypto/openssl/ssl/s2_pkt.c1
-rw-r--r--crypto/openssl/ssl/s2_srvr.c1
-rw-r--r--crypto/openssl/ssl/s3_clnt.c5
-rw-r--r--crypto/openssl/ssl/s3_enc.c12
-rw-r--r--crypto/openssl/ssl/s3_lib.c2
-rw-r--r--crypto/openssl/ssl/s3_srvr.c19
-rw-r--r--crypto/openssl/ssl/ssl.h4
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c1
-rw-r--r--crypto/openssl/ssl/ssl_cert.c12
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c85
-rw-r--r--crypto/openssl/ssl/ssl_lib.c1
-rw-r--r--crypto/openssl/ssl/ssl_sess.c1
-rw-r--r--crypto/openssl/ssl/ssltest.c9
-rw-r--r--crypto/openssl/test/Makefile.ssl4
-rw-r--r--crypto/openssl/tools/Makefile.ssl2
-rw-r--r--crypto/openssl/tools/c_rehash2
-rw-r--r--crypto/openssl/util/extract-names.pl2
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl2
-rwxr-xr-xcrypto/openssl/util/mkdef.pl38
-rw-r--r--crypto/openssl/util/pl/OS2-EMX.pl42
190 files changed, 2619 insertions, 1517 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index b8630792adf1..4a0363a1c2dd 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,51 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
+
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ [Joe Orton, Steve Henson]
+
+ *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+ (CAN-2004-0112)
+ [Joe Orton, Steve Henson]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) X509 verify fixes. Disable broken certificate workarounds when
+ X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+ keyUsage extension present. Don't accept CRLs with unhandled critical
+ extensions: since verify currently doesn't process CRL extensions this
+ rejects a CRL with *any* critical extensions. Add new verify error codes
+ for these cases.
+ [Steve Henson]
+
+ *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+ A clarification of RFC2560 will require the use of OCTET STRINGs and
+ some implementations cannot handle the current raw format. Since OpenSSL
+ copies and compares OCSP nonces as opaque blobs without any attempt at
+ parsing them this should not create any compatibility issues.
+ [Steve Henson]
+
+ *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+ calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+ this HMAC (and other) operations are several times slower than OpenSSL
+ < 0.9.7.
+ [Steve Henson]
+
+ *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+ [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+ *) Use the correct content when signing type "other".
+ [Steve Henson]
+
Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 61331dbb517f..4e7883c17abf 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -145,10 +145,10 @@ my %table=(
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
@@ -216,13 +216,13 @@ my %table=(
"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IRIX 6.x configs
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-[g]cc' manually.
+# './Configure irix-cc -o32' manually.
# -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Unified HP-UX ANSI C configs.
# Special notes:
@@ -260,6 +260,7 @@ my %table=(
# 64bit PARISC for GCC without optimization, which seems to make problems.
# Submitted by <ross.alexander@uk.neceur.com>
"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# IA-64 targets
"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
index ca5683def779..0b40039ef81e 100644
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -116,11 +116,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
* Where can I get a compiled version of OpenSSL?
+You can finder pointers to binary distributions in
+http://www.openssl.org/related/binaries.html .
+
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
-If you want to install OpenSSL on a Windows system and you don't have
+If you want to build OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.
diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE
index dddb07842bb3..40277883a592 100644
--- a/crypto/openssl/LICENSE
+++ b/crypto/openssl/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index e80b22a32a18..a987a0298b20 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -456,10 +456,12 @@ do_irix-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( WHOLELIB="-all lib$$i.a -notall"; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
+ set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+ $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -832,7 +834,7 @@ install: all install_docs
fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -857,6 +859,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -873,6 +876,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
index 2a74a3db04f4..c8155a7628f8 100644
--- a/crypto/openssl/Makefile.ssl
+++ b/crypto/openssl/Makefile.ssl
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.7c
+VERSION=0.9.7d
MAJOR=0
MINOR=9.7
SHLIB_VERSION_NUMBER=0.9.7
@@ -12,9 +12,9 @@ SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
SHLIB_MINOR=9.7
SHLIB_EXT=
-PLATFORM=VC-WIN16
+PLATFORM=dist
OPTIONS= no-krb5
-CONFIGURE_ARGS=VC-WIN16
+CONFIGURE_ARGS=dist
SHLIB_TARGET=
# HERE indicates where this Makefile lives. This can be used to indicate
@@ -59,9 +59,9 @@ OPENSSLDIR=/usr/local/ssl
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
-CC= cl
+CC= cc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -DOPENSSL_SYSNAME_WIN16 -DOPENSSL_NO_KRB5
+CFLAG= -DOPENSSL_NO_KRB5 -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
@@ -69,7 +69,7 @@ EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
-PERL= /usr/local/bin/perl5
+PERL= /usr/local/bin/perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
@@ -458,10 +458,12 @@ do_irix-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( WHOLELIB="-all lib$$i.a -notall"; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
+ set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+ $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -834,7 +836,7 @@ install: all install_docs
fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -859,6 +861,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -875,6 +878,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index f0282ebb8755..4c1ba0a241f6 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+
+ o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+ o Security: Fix null-pointer assignment in do_change_cipher_spec()
+ o Allow multiple active certificates with same subject in CA index
+ o Multiple X590 verification fixes
+ o Speed up HMAC and other operations
+
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
o Security: fix various ASN1 parsing bugs.
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 65e3a124263b..f72a21036f9f 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.7c 30 Sep 2003
+ OpenSSL 0.9.7d 17 Mar 2004
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
index 669a016b8432..8b2ce7ea4248 100755
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
index 90e71dee7666..7068286204b2 100644
--- a/crypto/openssl/apps/Makefile.ssl
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -121,7 +121,7 @@ tags:
tests:
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 007e3e06c3e0..93a665e788a3 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -501,7 +501,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password[0] != '\0')
+ if (password && password[0] != '\0')
{
UI_set_result(ui, uis, password);
return 1;
@@ -525,7 +525,7 @@ static int ui_write(UI *ui, UI_STRING *uis)
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password[0] != '\0')
+ if (password && password[0] != '\0')
return 1;
}
default:
@@ -1411,14 +1411,565 @@ int load_config(BIO *err, CONF *cnf)
char *make_config_name()
{
const char *t=X509_get_default_cert_area();
+ size_t len;
char *p;
- p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
- strcpy(p,t);
+ len=strlen(t)+strlen(OPENSSL_CONF)+2;
+ p=OPENSSL_malloc(len);
+ BUF_strlcpy(p,t,len);
#ifndef OPENSSL_SYS_VMS
- strcat(p,"/");
+ BUF_strlcat(p,"/",len);
#endif
- strcat(p,OPENSSL_CONF);
+ BUF_strlcat(p,OPENSSL_CONF,len);
return p;
}
+
+static unsigned long index_serial_hash(const char **a)
+ {
+ const char *n;
+
+ n=a[DB_serial];
+ while (*n == '0') n++;
+ return(lh_strhash(n));
+ }
+
+static int index_serial_cmp(const char **a, const char **b)
+ {
+ const char *aa,*bb;
+
+ for (aa=a[DB_serial]; *aa == '0'; aa++);
+ for (bb=b[DB_serial]; *bb == '0'; bb++);
+ return(strcmp(aa,bb));
+ }
+
+static int index_name_qual(char **a)
+ { return(a[0][0] == 'V'); }
+
+static unsigned long index_name_hash(const char **a)
+ { return(lh_strhash(a[DB_name])); }
+
+int index_name_cmp(const char **a, const char **b)
+ { return(strcmp(a[DB_name],
+ b[DB_name])); }
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
+#undef BSIZE
+#define BSIZE 256
+
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+ {
+ BIO *in=NULL;
+ BIGNUM *ret=NULL;
+ MS_STATIC char buf[1024];
+ ASN1_INTEGER *ai=NULL;
+
+ ai=ASN1_INTEGER_new();
+ if (ai == NULL) goto err;
+
+ if ((in=BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (BIO_read_filename(in,serialfile) <= 0)
+ {
+ if (!create)
+ {
+ perror(serialfile);
+ goto err;
+ }
+ else
+ {
+ ASN1_INTEGER_set(ai,1);
+ ret=BN_new();
+ if (ret == NULL)
+ BIO_printf(bio_err, "Out of memory\n");
+ else
+ BN_one(ret);
+ }
+ }
+ else
+ {
+ if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+ {
+ BIO_printf(bio_err,"unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ ret=ASN1_INTEGER_to_BN(ai,NULL);
+ if (ret == NULL)
+ {
+ BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+ goto err;
+ }
+ }
+
+ if (ret && retai)
+ {
+ *retai = ai;
+ ai = NULL;
+ }
+ err:
+ if (in != NULL) BIO_free(in);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
+ {
+ char buf[1][BSIZE];
+ BIO *out = NULL;
+ int ret=0;
+ ASN1_INTEGER *ai=NULL;
+ int j;
+
+ if (suffix == NULL)
+ j = strlen(serialfile);
+ else
+ j = strlen(serialfile) + strlen(suffix) + 1;
+ if (j >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+ if (suffix == NULL)
+ BUF_strlcpy(buf[0], serialfile, BSIZE);
+ else
+ {
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+#endif
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(serialfile);
+ goto err;
+ }
+
+ if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+ goto err;
+ }
+ i2a_ASN1_INTEGER(out,ai);
+ BIO_puts(out,"\n");
+ ret=1;
+ if (retai)
+ {
+ *retai = ai;
+ ai = NULL;
+ }
+err:
+ if (out != NULL) BIO_free_all(out);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+ {
+ char buf[5][BSIZE];
+ int i,j;
+ struct stat sb;
+
+ i = strlen(serialfile) + strlen(old_suffix);
+ j = strlen(serialfile) + strlen(new_suffix);
+ if (i > j) j = i;
+ if (j + 1 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
+ serialfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
+ serialfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
+ serialfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
+ serialfile, old_suffix);
+#endif
+ if (stat(serialfile,&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR)
+#endif
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ serialfile, buf[1]);
+#endif
+ if (rename(serialfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ serialfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0],serialfile);
+#endif
+ if (rename(buf[0],serialfile) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[0],serialfile);
+ perror("reason");
+ rename(buf[1],serialfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+ }
+
+CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+ {
+ CA_DB *retdb = NULL;
+ TXT_DB *tmpdb = NULL;
+ BIO *in = BIO_new(BIO_s_file());
+ CONF *dbattr_conf = NULL;
+ char buf[1][BSIZE];
+ long errorline= -1;
+
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_read_filename(in,dbfile) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
+ {
+ if (tmpdb != NULL) TXT_DB_free(tmpdb);
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+#else
+ BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+#endif
+ dbattr_conf = NCONF_new(NULL);
+ if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
+ {
+ if (errorline > 0)
+ {
+ BIO_printf(bio_err,
+ "error on line %ld of db attribute file '%s'\n"
+ ,errorline,buf[0]);
+ goto err;
+ }
+ else
+ {
+ NCONF_free(dbattr_conf);
+ dbattr_conf = NULL;
+ }
+ }
+
+ if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
+ {
+ fprintf(stderr, "Out of memory\n");
+ goto err;
+ }
+
+ retdb->db = tmpdb;
+ tmpdb = NULL;
+ if (db_attr)
+ retdb->attributes = *db_attr;
+ else
+ {
+ retdb->attributes.unique_subject = 1;
+ }
+
+ if (dbattr_conf)
+ {
+ char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
+ if (p)
+ {
+ BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
+ switch(*p)
+ {
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ retdb->attributes.unique_subject = 0;
+ break;
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ default:
+ retdb->attributes.unique_subject = 1;
+ break;
+ }
+ }
+ }
+
+ err:
+ if (dbattr_conf) NCONF_free(dbattr_conf);
+ if (tmpdb) TXT_DB_free(tmpdb);
+ if (in) BIO_free_all(in);
+ return retdb;
+ }
+
+int index_index(CA_DB *db)
+ {
+ if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+ LHASH_HASH_FN(index_serial_hash),
+ LHASH_COMP_FN(index_serial_cmp)))
+ {
+ BIO_printf(bio_err,
+ "error creating serial number index:(%ld,%ld,%ld)\n",
+ db->db->error,db->db->arg1,db->db->arg2);
+ return 0;
+ }
+
+ if (db->attributes.unique_subject
+ && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+ LHASH_HASH_FN(index_name_hash),
+ LHASH_COMP_FN(index_name_cmp)))
+ {
+ BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+ db->db->error,db->db->arg1,db->db->arg2);
+ return 0;
+ }
+ return 1;
+ }
+
+int save_index(char *dbfile, char *suffix, CA_DB *db)
+ {
+ char buf[3][BSIZE];
+ BIO *out = BIO_new(BIO_s_file());
+ int j;
+
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ j = strlen(dbfile) + strlen(suffix);
+ if (j + 6 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
+ goto err;
+ }
+ j=TXT_DB_write(out,db->db);
+ if (j <= 0) goto err;
+
+ BIO_free(out);
+
+ out = BIO_new(BIO_s_file());
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
+#endif
+ if (BIO_write_filename(out,buf[1]) <= 0)
+ {
+ perror(buf[2]);
+ BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
+ goto err;
+ }
+ BIO_printf(out,"unique_subject = %s\n",
+ db->attributes.unique_subject ? "yes" : "no");
+ BIO_free(out);
+
+ return 1;
+ err:
+ return 0;
+ }
+
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
+ {
+ char buf[5][BSIZE];
+ int i,j;
+ struct stat sb;
+
+ i = strlen(dbfile) + strlen(old_suffix);
+ j = strlen(dbfile) + strlen(new_suffix);
+ if (i > j) j = i;
+ if (j + 6 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
+ dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
+ dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
+ dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
+ dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
+ dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
+ dbfile, old_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
+ dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
+ dbfile, old_suffix);
+#endif
+ if (stat(dbfile,&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR)
+#endif
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ dbfile, buf[1]);
+#endif
+ if (rename(dbfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ dbfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0],dbfile);
+#endif
+ if (rename(buf[0],dbfile) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[0],dbfile);
+ perror("reason");
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ if (stat(buf[4],&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR)
+#endif
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[4],buf[3]);
+#endif
+ if (rename(buf[4],buf[3]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[4], buf[3]);
+ perror("reason");
+ rename(dbfile,buf[0]);
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[2],buf[4]);
+#endif
+ if (rename(buf[2],buf[4]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[2],buf[4]);
+ perror("reason");
+ rename(buf[3],buf[4]);
+ rename(dbfile,buf[0]);
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+ }
+
+void free_index(CA_DB *db)
+ {
+ TXT_DB_free(db->db);
+ OPENSSL_free(db);
+ }
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index c36b9d256657..8a9c4ab0a054 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -287,7 +287,38 @@ char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, char *str);
-int make_serial_index(TXT_DB *db);
+
+#define DB_type 0
+#define DB_exp_date 1
+#define DB_rev_date 2
+#define DB_serial 3 /* index - unique */
+#define DB_file 4
+#define DB_name 5 /* index - unique when active and not disabled */
+#define DB_NUMBER 6
+
+#define DB_TYPE_REV 'R'
+#define DB_TYPE_EXP 'E'
+#define DB_TYPE_VAL 'V'
+
+typedef struct db_attr_st
+ {
+ int unique_subject;
+ } DB_ATTR;
+typedef struct ca_db_st
+ {
+ DB_ATTR attributes;
+ TXT_DB *db;
+ } CA_DB;
+
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
+CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
+int index_index(CA_DB *db);
+int save_index(char *dbfile, char *suffix, CA_DB *db);
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
+void free_index(CA_DB *db);
+int index_name_cmp(const char **a, const char **b);
X509_NAME *do_subject(char *str, long chtype);
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
index 83674154053a..7db40adf0436 100644
--- a/crypto/openssl/apps/asn1pars.c
+++ b/crypto/openssl/apps/asn1pars.c
@@ -304,7 +304,15 @@ bad:
num=tmplen;
}
- if (length == 0) length=(unsigned int)num;
+ if (offset >= num)
+ {
+ BIO_printf(bio_err, "Error: offset too large\n");
+ goto end;
+ }
+
+ num -= offset;
+
+ if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
if(derout) {
if(BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 7ed60c7a9ac1..2db61b1eae88 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -122,6 +122,7 @@
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
+#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
#define ENV_RANDFILE "RANDFILE"
@@ -143,18 +144,6 @@
#define ENV_DATABASE "database"
-#define DB_type 0
-#define DB_exp_date 1
-#define DB_rev_date 2
-#define DB_serial 3 /* index - unique */
-#define DB_file 4
-#define DB_name 5 /* index - unique for active */
-#define DB_NUMBER 6
-
-#define DB_TYPE_REV 'R'
-#define DB_TYPE_EXP 'E'
-#define DB_TYPE_VAL 'V'
-
/* Additional revocation information types */
#define REV_NONE 0 /* No addditional information */
@@ -211,43 +200,36 @@ extern int EF_ALIGNMENT;
#endif
static void lookup_fail(char *name,char *tag);
-static unsigned long index_serial_hash(const char **a);
-static int index_serial_cmp(const char **a, const char **b);
-static unsigned long index_name_hash(const char **a);
-static int index_name_qual(char **a);
-static int index_name_cmp(const char **a,const char **b);
-static BIGNUM *load_serial(char *serialfile);
-static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect, CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
+ CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
char *startdate, char *enddate, long days, int batch,
char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
+ CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
-static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, TXT_DB *db);
-static int do_updatedb(TXT_DB *db);
+static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, CA_DB *db);
+static int do_updatedb(CA_DB *db);
static int check_time_format(char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
@@ -259,11 +241,6 @@ static char *section=NULL;
static int preserve=0;
static int msie_hack=0;
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
-
int MAIN(int, char **);
@@ -300,6 +277,7 @@ int MAIN(int argc, char **argv)
char *outfile=NULL;
char *outdir=NULL;
char *serialfile=NULL;
+ char *crlnumberfile=NULL;
char *extensions=NULL;
char *extfile=NULL;
char *subj=NULL;
@@ -308,6 +286,7 @@ int MAIN(int argc, char **argv)
int rev_type = REV_NONE;
char *rev_arg = NULL;
BIGNUM *serial=NULL;
+ BIGNUM *crlnumber=NULL;
char *startdate=NULL;
char *enddate=NULL;
long days=0;
@@ -320,14 +299,13 @@ int MAIN(int argc, char **argv)
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
char *dbfile=NULL;
- TXT_DB *db=NULL;
+ CA_DB *db=NULL;
X509_CRL *crl=NULL;
X509_REVOKED *r=NULL;
ASN1_TIME *tmptm;
ASN1_INTEGER *tmpser;
char **pp,*p,*f;
int i,j;
- long l;
const EVP_MD *dgst=NULL;
STACK_OF(CONF_VALUE) *attribs=NULL;
STACK_OF(X509) *cert_sk=NULL;
@@ -339,6 +317,7 @@ int MAIN(int argc, char **argv)
char *engine = NULL;
#endif
char *tofree=NULL;
+ DB_ATTR db_attr;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@@ -579,16 +558,19 @@ bad:
if (configfile == NULL)
{
const char *s=X509_get_default_cert_area();
+ size_t len;
#ifdef OPENSSL_SYS_VMS
- tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+ len = strlen(s)+sizeof(CONFIG_FILE);
+ tofree=OPENSSL_malloc(len);
strcpy(tofree,s);
#else
- tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
- strcpy(tofree,s);
- strcat(tofree,"/");
+ len = strlen(s)+sizeof(CONFIG_FILE)+1;
+ tofree=OPENSSL_malloc(len);
+ BUF_strlcpy(tofree,s,len);
+ BUF_strlcat(tofree,"/",len);
#endif
- strcat(tofree,CONFIG_FILE);
+ BUF_strlcat(tofree,CONFIG_FILE,len);
configfile=tofree;
}
@@ -659,6 +641,39 @@ bad:
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
+
+ db_attr.unique_subject = 1;
+ p = NCONF_get_string(conf, section, "unique_subject");
+ if (p)
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
+#endif
+ switch(*p)
+ {
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ db_attr.unique_subject = 0;
+ break;
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ default:
+ db_attr.unique_subject = 1;
+ break;
+ }
+ }
+#ifdef RL_DEBUG
+ else
+ BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
+ db_attr.unique_subject);
+#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
@@ -679,17 +694,10 @@ bad:
lookup_fail(section,ENV_DATABASE);
goto err;
}
- if (BIO_read_filename(in,dbfile) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- db=TXT_DB_read(in,DB_NUMBER);
+ db = load_index(dbfile,&db_attr);
if (db == NULL) goto err;
- if (!make_serial_index(db))
- goto err;
+ if (!index_index(db)) goto err;
if (get_certificate_status(ser_status,db) != 1)
BIO_printf(bio_err,"Error verifying serial %s!\n",
@@ -849,19 +857,13 @@ bad:
lookup_fail(section,ENV_DATABASE);
goto err;
}
- if (BIO_read_filename(in,dbfile) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- db=TXT_DB_read(in,DB_NUMBER);
+ db = load_index(dbfile, &db_attr);
if (db == NULL) goto err;
/* Lets check some fields */
- for (i=0; i<sk_num(db->data); i++)
+ for (i=0; i<sk_num(db->db->data); i++)
{
- pp=(char **)sk_value(db->data,i);
+ pp=(char **)sk_value(db->db->data,i);
if ((pp[DB_type][0] != DB_TYPE_REV) &&
(pp[DB_rev_date][0] != '\0'))
{
@@ -912,23 +914,13 @@ bad:
out = BIO_push(tmpbio, out);
}
#endif
- TXT_DB_write(out,db);
+ TXT_DB_write(out,db->db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
- db->data->num);
+ db->db->data->num);
BIO_printf(bio_err,"generating index\n");
}
- if (!make_serial_index(db))
- goto err;
-
- if (!TXT_DB_create_index(db, DB_name, index_name_qual,
- LHASH_HASH_FN(index_name_hash),
- LHASH_COMP_FN(index_name_cmp)))
- {
- BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
- db->error,db->arg1,db->arg2);
- goto err;
- }
+ if (!index_index(db)) goto err;
/*****************************************************************/
/* Update the db file for expired certificates */
@@ -951,62 +943,9 @@ bad:
}
else
{
- out = BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
-#endif
- if (j < 0 || j >= sizeof buf[0])
- {
- BIO_printf(bio_err, "file name too long\n");
- goto err;
- }
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",
- dbfile);
- goto err;
- }
- j=TXT_DB_write(out,db);
- if (j <= 0) goto err;
-
- BIO_free(out);
- out = NULL;
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
-#endif
- if (j < 0 || j >= sizeof buf[1])
- {
- BIO_printf(bio_err, "file name too long\n");
- goto err;
- }
- if (rename(dbfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- dbfile, buf[1]);
- perror("reason");
- goto err;
- }
- if (rename(buf[0],dbfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],dbfile);
- perror("reason");
- rename(buf[1],dbfile);
- goto err;
- }
+ if (!save_index(dbfile,"new",db)) goto err;
+
+ if (!rotate_index(dbfile,"new","old")) goto err;
if (verbose) BIO_printf(bio_err,
"Done. %d entries marked as expired\n",i);
@@ -1167,7 +1106,7 @@ bad:
goto err;
}
- if ((serial=load_serial(serialfile)) == NULL)
+ if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
{
BIO_printf(bio_err,"error while loading serial number\n");
goto err;
@@ -1301,38 +1240,9 @@ bad:
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
- if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
- strcpy(buf[0],serialfile);
-
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[0],"-new");
-#else
- strcat(buf[0],".new");
-#endif
-
- if (!save_serial(buf[0],serial)) goto err;
+ if (!save_serial(serialfile,"new",serial,NULL)) goto err;
- strcpy(buf[1],dbfile);
-
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[1],"-new");
-#else
- strcat(buf[1],".new");
-#endif
-
- if (BIO_write_filename(out,buf[1]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- l=TXT_DB_write(out,db);
- if (l <= 0) goto err;
+ if (!save_index(dbfile, "new", db)) goto err;
}
if (verbose)
@@ -1340,7 +1250,7 @@ bad:
for (i=0; i<sk_X509_num(cert_sk); i++)
{
int k;
- unsigned char *n;
+ char *n;
x=sk_X509_value(cert_sk,i);
@@ -1356,15 +1266,19 @@ bad:
strcpy(buf[2],outdir);
#ifndef OPENSSL_SYS_VMS
- strcat(buf[2],"/");
+ BUF_strlcat(buf[2],"/",sizeof(buf[2]));
#endif
- n=(unsigned char *)&(buf[2][strlen(buf[2])]);
+ n=(char *)&(buf[2][strlen(buf[2])]);
if (j > 0)
{
for (k=0; k<j; k++)
{
- sprintf((char *)n,"%02X",(unsigned char)*(p++));
+ if (n >= &(buf[2][sizeof(buf[2])]))
+ break;
+ BIO_snprintf(n,
+ &buf[2][0] + sizeof(buf[2]) - n,
+ "%02X",(unsigned char)*(p++));
n+=2;
}
}
@@ -1390,59 +1304,10 @@ bad:
if (sk_X509_num(cert_sk))
{
/* Rename the database and the serial file */
- strncpy(buf[2],serialfile,BSIZE-4);
- buf[2][BSIZE-4]='\0';
+ if (!rotate_serial(serialfile,"new","old")) goto err;
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[2],"-old");
-#else
- strcat(buf[2],".old");
-#endif
+ if (!rotate_index(dbfile,"new","old")) goto err;
- BIO_free(in);
- BIO_free_all(out);
- in=NULL;
- out=NULL;
- if (rename(serialfile,buf[2]) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- serialfile,buf[2]);
- perror("reason");
- goto err;
- }
- if (rename(buf[0],serialfile) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- buf[0],serialfile);
- perror("reason");
- rename(buf[2],serialfile);
- goto err;
- }
-
- strncpy(buf[2],dbfile,BSIZE-4);
- buf[2][BSIZE-4]='\0';
-
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[2],"-old");
-#else
- strcat(buf[2],".old");
-#endif
-
- if (rename(dbfile,buf[2]) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- dbfile,buf[2]);
- perror("reason");
- goto err;
- }
- if (rename(buf[1],dbfile) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- buf[1],dbfile);
- perror("reason");
- rename(buf[2],dbfile);
- goto err;
- }
BIO_printf(bio_err,"Data Base Updated\n");
}
}
@@ -1473,6 +1338,14 @@ bad:
}
}
+ if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
+ != NULL)
+ if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error while loading CRL number\n");
+ goto err;
+ }
+
if (!crldays && !crlhours)
{
if (!NCONF_get_number(conf,section,
@@ -1501,9 +1374,9 @@ bad:
ASN1_TIME_free(tmptm);
- for (i=0; i<sk_num(db->data); i++)
+ for (i=0; i<sk_num(db->db->data); i++)
{
- pp=(char **)sk_value(db->data,i);
+ pp=(char **)sk_value(db->db->data,i);
if (pp[DB_type][0] == DB_TYPE_REV)
{
if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1549,14 +1422,24 @@ bad:
/* Add any extensions asked for */
- if (crl_ext)
+ if (crl_ext || crlnumberfile != NULL)
{
X509V3_CTX crlctx;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
X509V3_set_nconf(&crlctx, conf);
- if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
- crl_ext, crl)) goto err;
+ if (crl_ext)
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+ crl_ext, crl)) goto err;
+ if (crlnumberfile != NULL)
+ {
+ tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+ if (!tmpser) goto err;
+ X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
+ ASN1_INTEGER_free(tmpser);
+ crl_v2 = 1;
+ if (!BN_add_word(crlnumber,1)) goto err;
+ }
}
if (crl_ext || crl_v2)
{
@@ -1564,9 +1447,17 @@ bad:
goto err; /* version 2 CRL */
}
+
+ if (crlnumberfile != NULL) /* we have a CRL number that need updating */
+ if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
+
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
+
+ if (crlnumberfile != NULL) /* Rename the crlnumber file */
+ if (!rotate_serial(crlnumberfile,"new","old")) goto err;
+
}
/*****************************************************************/
if (dorevoke)
@@ -1587,50 +1478,10 @@ bad:
if (j <= 0) goto err;
X509_free(revcert);
- if(strlen(dbfile) > BSIZE-5)
- {
- BIO_printf(bio_err,"filename too long\n");
- goto err;
- }
+ if (!save_index(dbfile, "new", db)) goto err;
+
+ if (!rotate_index(dbfile, "new", "old")) goto err;
- strcpy(buf[0],dbfile);
-#ifndef OPENSSL_SYS_VMS
- strcat(buf[0],".new");
-#else
- strcat(buf[0],"-new");
-#endif
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- j=TXT_DB_write(out,db);
- if (j <= 0) goto err;
- BIO_free_all(out);
- out = NULL;
- BIO_free_all(in);
- in = NULL;
- strncpy(buf[1],dbfile,BSIZE-4);
- buf[1][BSIZE-4]='\0';
-#ifndef OPENSSL_SYS_VMS
- strcat(buf[1],".old");
-#else
- strcat(buf[1],"-old");
-#endif
- if (rename(dbfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
- perror("reason");
- goto err;
- }
- if (rename(buf[0],dbfile) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
- perror("reason");
- rename(buf[1],dbfile);
- goto err;
- }
BIO_printf(bio_err,"Data Base Updated\n");
}
}
@@ -1652,7 +1503,7 @@ err:
if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
- TXT_DB_free(db);
+ free_index(db);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
@@ -1667,106 +1518,8 @@ static void lookup_fail(char *name, char *tag)
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
-static unsigned long index_serial_hash(const char **a)
- {
- const char *n;
-
- n=a[DB_serial];
- while (*n == '0') n++;
- return(lh_strhash(n));
- }
-
-static int index_serial_cmp(const char **a, const char **b)
- {
- const char *aa,*bb;
-
- for (aa=a[DB_serial]; *aa == '0'; aa++);
- for (bb=b[DB_serial]; *bb == '0'; bb++);
- return(strcmp(aa,bb));
- }
-
-static unsigned long index_name_hash(const char **a)
- { return(lh_strhash(a[DB_name])); }
-
-static int index_name_qual(char **a)
- { return(a[0][0] == 'V'); }
-
-static int index_name_cmp(const char **a, const char **b)
- { return(strcmp(a[DB_name],
- b[DB_name])); }
-
-static BIGNUM *load_serial(char *serialfile)
- {
- BIO *in=NULL;
- BIGNUM *ret=NULL;
- MS_STATIC char buf[1024];
- ASN1_INTEGER *ai=NULL;
-
- if ((in=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (BIO_read_filename(in,serialfile) <= 0)
- {
- perror(serialfile);
- goto err;
- }
- ai=ASN1_INTEGER_new();
- if (ai == NULL) goto err;
- if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
- {
- BIO_printf(bio_err,"unable to load number from %s\n",
- serialfile);
- goto err;
- }
- ret=ASN1_INTEGER_to_BN(ai,NULL);
- if (ret == NULL)
- {
- BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
- goto err;
- }
-err:
- if (in != NULL) BIO_free(in);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
-static int save_serial(char *serialfile, BIGNUM *serial)
- {
- BIO *out;
- int ret=0;
- ASN1_INTEGER *ai=NULL;
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_write_filename(out,serialfile) <= 0)
- {
- perror(serialfile);
- goto err;
- }
-
- if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
- goto err;
- }
- i2a_ASN1_INTEGER(out,ai);
- BIO_puts(out,"\n");
- ret=1;
-err:
- if (out != NULL) BIO_free_all(out);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1828,7 +1581,7 @@ err:
}
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1882,7 +1635,7 @@ err:
}
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1900,7 +1653,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
int ok= -1,i,j,last,nid;
char *p;
CONF_VALUE *cv;
- char *row[DB_NUMBER],**rrow,**irow=NULL;
+ char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
char buf[25];
tmptm=ASN1_UTCTIME_new();
@@ -2137,15 +1890,19 @@ again2:
goto err;
}
- rrow=TXT_DB_get_by_index(db,DB_name,row);
- if (rrow != NULL)
+ if (db->attributes.unique_subject)
{
- BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
- row[DB_name]);
+ rrow=TXT_DB_get_by_index(db->db,DB_name,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
}
- else
+ if (rrow == NULL)
{
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow != NULL)
{
BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
@@ -2352,7 +2109,7 @@ again2:
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
- strcpy(row[DB_file],"unknown");
+ BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
@@ -2369,10 +2126,10 @@ again2:
}
irow[DB_NUMBER]=NULL;
- if (!TXT_DB_insert(db,irow))
+ if (!TXT_DB_insert(db->db,irow))
{
BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
goto err;
}
ok=1;
@@ -2423,7 +2180,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
}
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
@@ -2602,7 +2359,7 @@ static int check_time_format(char *str)
return(ASN1_UTCTIME_check(&tm));
}
-static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
+static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
{
ASN1_UTCTIME *tm=NULL;
char *row[DB_NUMBER],**rrow,**irow;
@@ -2627,10 +2384,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
/* We have to lookup by serial number because name lookup
* skips revoked certs
*/
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow == NULL)
{
- BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
+ BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
/* We now just add it to the database */
row[DB_type]=(char *)OPENSSL_malloc(2);
@@ -2653,7 +2410,7 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
- strcpy(row[DB_file],"unknown");
+ BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
@@ -2670,10 +2427,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
}
irow[DB_NUMBER]=NULL;
- if (!TXT_DB_insert(db,irow))
+ if (!TXT_DB_insert(db->db,irow))
{
BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
goto err;
}
@@ -2718,7 +2475,7 @@ err:
return(ok);
}
-static int get_certificate_status(const char *serial, TXT_DB *db)
+static int get_certificate_status(const char *serial, CA_DB *db)
{
char *row[DB_NUMBER],**rrow;
int ok=-1,i;
@@ -2759,7 +2516,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db)
ok=1;
/* Search for the certificate */
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow == NULL)
{
BIO_printf(bio_err,"Serial %s not present in db.\n",
@@ -2806,7 +2563,7 @@ err:
return(ok);
}
-static int do_updatedb (TXT_DB *db)
+static int do_updatedb (CA_DB *db)
{
ASN1_UTCTIME *a_tm = NULL;
int i, cnt = 0;
@@ -2832,9 +2589,9 @@ static int do_updatedb (TXT_DB *db)
else
a_y2k = 0;
- for (i = 0; i < sk_num(db->data); i++)
+ for (i = 0; i < sk_num(db->db->data); i++)
{
- rrow = (char **) sk_value(db->data, i);
+ rrow = (char **) sk_value(db->db->data, i);
if (rrow[DB_type][0] == 'V')
{
@@ -2977,16 +2734,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
if (!str) return NULL;
- strcpy(str, (char *)revtm->data);
+ BUF_strlcpy(str, (char *)revtm->data, i);
if (reason)
{
- strcat(str, ",");
- strcat(str, reason);
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, reason, i);
}
if (other)
{
- strcat(str, ",");
- strcat(str, other);
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, other, i);
}
ASN1_UTCTIME_free(revtm);
return str;
@@ -3321,17 +3078,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
return ret;
}
-
-int make_serial_index(TXT_DB *db)
- {
- if (!TXT_DB_create_index(db, DB_serial, NULL,
- LHASH_HASH_FN(index_serial_hash),
- LHASH_COMP_FN(index_serial_cmp)))
- {
- BIO_printf(bio_err,
- "error creating serial number index:(%ld,%ld,%ld)\n",
- db->error,db->arg1,db->arg2);
- return 0;
- }
- return 1;
- }
diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop
index 2ee9d6bfd44b..9070b032fc38 100644
--- a/crypto/openssl/apps/der_chop
+++ b/crypto/openssl/apps/der_chop
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
#
# der_chop ... this is one total hack that Eric is really not proud of
# so don't look at it and don't ask for support
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 47d1309b14c1..be25dafef704 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -347,8 +347,9 @@ int MAIN(int argc, char **argv)
}
if(!out_bin)
{
- tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
- sprintf(tmp,"%s(%s)= ",name,argv[i]);
+ size_t len = strlen(name)+strlen(argv[i])+5;
+ tmp=tofree=OPENSSL_malloc(len);
+ BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
}
else
tmp="";
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index 0a9f7310bf51..30378a9542e8 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -373,9 +373,9 @@ bad:
{
char buf[200];
- sprintf(buf,"enter %s %s password:",
- OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
- (enc)?"encryption":"decryption");
+ BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
+ OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+ (enc)?"encryption":"decryption");
strbuf[0]='\0';
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
if (i == 0)
diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c
index c3e1e8de1c38..12283d0aed67 100644
--- a/crypto/openssl/apps/engine.c
+++ b/crypto/openssl/apps/engine.c
@@ -122,8 +122,8 @@ static int append_buf(char **buf, const char *s, int *size, int step)
return 0;
if (**buf != '\0')
- strcat(*buf, ", ");
- strcat(*buf, s);
+ BUF_strlcat(*buf, ", ", *size);
+ BUF_strlcat(*buf, s, *size);
return 1;
}
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index e5f186fd5ea8..856b797b532e 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -68,19 +68,6 @@
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
-/* CA index.txt definitions */
-#define DB_type 0
-#define DB_exp_date 1
-#define DB_rev_date 2
-#define DB_serial 3 /* index - unique */
-#define DB_file 4
-#define DB_name 5 /* index - unique for active */
-#define DB_NUMBER 6
-
-#define DB_TYPE_REV 'R'
-#define DB_TYPE_EXP 'E'
-#define DB_TYPE_VAL 'V'
-
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
STACK_OF(OCSP_CERTID) *ids);
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
@@ -89,12 +76,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK *names, STACK_OF(OCSP_CERTID) *ids,
long nsec, long maxage);
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays);
-static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
@@ -143,7 +130,7 @@ int MAIN(int argc, char **argv)
X509 *rca_cert = NULL;
char *ridx_filename = NULL;
char *rca_filename = NULL;
- TXT_DB *rdb = NULL;
+ CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -700,22 +687,9 @@ int MAIN(int argc, char **argv)
if (ridx_filename && !rdb)
{
- BIO *db_bio = NULL;
- db_bio = BIO_new_file(ridx_filename, "r");
- if (!db_bio)
- {
- BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
- goto end;
- }
- rdb = TXT_DB_read(db_bio, DB_NUMBER);
- BIO_free(db_bio);
- if (!rdb)
- {
- BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
- goto end;
- }
- if (!make_serial_index(rdb))
- goto end;
+ rdb = load_index(ridx_filename, NULL);
+ if (!rdb) goto end;
+ if (!index_index(rdb)) goto end;
}
if (rdb)
@@ -899,7 +873,7 @@ end:
X509_free(cert);
X509_free(rsigner);
X509_free(rca_cert);
- TXT_DB_free(rdb);
+ free_index(rdb);
BIO_free_all(cbio);
BIO_free_all(acbio);
BIO_free(out);
@@ -1041,7 +1015,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
}
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays)
@@ -1133,7 +1107,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *d
}
-static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
{
int i;
BIGNUM *bn = NULL;
@@ -1146,7 +1120,7 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
itmp = BN_bn2hex(bn);
row[DB_serial] = itmp;
BN_free(bn);
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
OPENSSL_free(itmp);
return rrow;
}
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
index eca51c332280..854d1f164eb3 100644
--- a/crypto/openssl/apps/openssl.cnf
+++ b/crypto/openssl/apps/openssl.cnf
@@ -38,10 +38,14 @@ dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
+#crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
@@ -58,6 +62,7 @@ cert_opt = ca_default # Certificate field options
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index 5136acdc5759..71192bdf749c 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -557,7 +557,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
- if (!twopass) strcpy(macpass, pass);
+ if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
/* Turn certbags into encrypted authsafe */
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
iter, bags);
@@ -658,7 +658,7 @@ int MAIN(int argc, char **argv)
CRYPTO_pop_info();
#endif
- if (!twopass) strcpy(macpass, pass);
+ if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
if(macver) {
diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c
index 6c58c67eb279..da4dbe7a07c0 100644
--- a/crypto/openssl/apps/pkcs7.c
+++ b/crypto/openssl/apps/pkcs7.c
@@ -102,6 +102,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index 5f6ec3d33914..1a3d1d0dfab4 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -824,7 +824,7 @@ loop:
if ((x509ss=X509_new()) == NULL) goto end;
/* Set version to V3 */
- if(!X509_set_version(x509ss, 2)) goto end;
+ if(extensions && !X509_set_version(x509ss, 2)) goto end;
if (serial)
{
if (!X509_set_serialNumber(x509ss, serial)) goto end;
@@ -1223,34 +1223,34 @@ start: for (;;)
}
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
-
- if(strlen(v->name) > sizeof buf-9)
+ if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
+ >= sizeof buf)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
}
- sprintf(buf,"%s_default",v->name);
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
- sprintf(buf,"%s_value",v->name);
+
+ BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
value=NULL;
}
- sprintf(buf,"%s_min",v->name);
+ BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
{
ERR_clear_error();
n_min = -1;
}
- sprintf(buf,"%s_max",v->name);
+ BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
{
ERR_clear_error();
@@ -1288,13 +1288,13 @@ start2: for (;;)
if ((nid=OBJ_txt2nid(type)) == NID_undef)
goto start2;
- if(strlen(v->name) > sizeof buf-9)
+ if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
+ >= sizeof buf)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
}
- sprintf(buf,"%s_default",type);
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
@@ -1303,7 +1303,7 @@ start2: for (;;)
}
- sprintf(buf,"%s_value",type);
+ BIO_snprintf(buf,sizeof buf,"%s_value",type);
if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
@@ -1311,11 +1311,11 @@ start2: for (;;)
value=NULL;
}
- sprintf(buf,"%s_min",type);
+ BIO_snprintf(buf,sizeof buf,"%s_min",type);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
n_min = -1;
- sprintf(buf,"%s_max",type);
+ BIO_snprintf(buf,sizeof buf,"%s_max",type);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
n_max = -1;
@@ -1397,9 +1397,8 @@ start:
(void)BIO_flush(bio_err);
if(value != NULL)
{
- OPENSSL_assert(strlen(value) < sizeof buf-2);
- strcpy(buf,value);
- strcat(buf,"\n");
+ BUF_strlcpy(buf,value,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
BIO_printf(bio_err,"%s\n",value);
}
else
@@ -1421,8 +1420,8 @@ start:
{
if ((def == NULL) || (def[0] == '\0'))
return(1);
- strcpy(buf,def);
- strcat(buf,"\n");
+ BUF_strlcpy(buf,def,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
}
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
@@ -1456,9 +1455,8 @@ start:
(void)BIO_flush(bio_err);
if (value != NULL)
{
- OPENSSL_assert(strlen(value) < sizeof buf-2);
- strcpy(buf,value);
- strcat(buf,"\n");
+ BUF_strlcpy(buf,value,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
BIO_printf(bio_err,"%s\n",value);
}
else
@@ -1480,8 +1478,8 @@ start:
{
if ((def == NULL) || (def[0] == '\0'))
return(1);
- strcpy(buf,def);
- strcat(buf,"\n");
+ BUF_strlcpy(buf,def,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
}
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c
index 5a6fd115f41b..5db6fe7cd74f 100644
--- a/crypto/openssl/apps/rsautl.c
+++ b/crypto/openssl/apps/rsautl.c
@@ -97,6 +97,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
+ char *passargin = NULL, *passin = NULL;
int rsa_inlen, rsa_outlen = 0;
int keysize;
@@ -124,6 +125,9 @@ int MAIN(int argc, char **argv)
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1;
keyfile = *(++argv);
+ } else if (!strcmp(*argv,"-passin")) {
+ if (--argc < 1) badarg = 1;
+ passargin= *(++argv);
} else if (strcmp(*argv,"-keyform") == 0) {
if (--argc < 1) badarg = 1;
keyform=str2fmt(*(++argv));
@@ -169,6 +173,10 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
@@ -176,7 +184,7 @@ int MAIN(int argc, char **argv)
switch(key_type) {
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
- NULL, e, "Private Key");
+ passin, e, "Private Key");
break;
case KEY_PUBKEY:
@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if(rsa_in) OPENSSL_free(rsa_in);
if(rsa_out) OPENSSL_free(rsa_out);
+ if(passin) OPENSSL_free(passin);
return ret;
}
@@ -313,6 +322,7 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf (bio_err, "-passin arg pass phrase source\n");
#endif
}
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index a88de6c8c85c..1867890966f6 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -389,7 +389,7 @@ redoit:
perror("OPENSSL_malloc");
return(0);
}
- strcpy(*host,h1->h_name);
+ BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
h2=GetHostByName(*host);
if (h2 == NULL)
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
index 1ad16cd607d4..7d4705746578 100644
--- a/crypto/openssl/apps/s_time.c
+++ b/crypto/openssl/apps/s_time.c
@@ -502,7 +502,7 @@ int MAIN(int argc, char **argv)
if (s_www_path != NULL)
{
- sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
@@ -557,7 +557,7 @@ next:
if (s_www_path != NULL)
{
- sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while (SSL_read(scon,buf,sizeof(buf)) > 0)
;
@@ -595,7 +595,7 @@ next:
if (s_www_path)
{
- sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index ec55b4188cb4..24122000092a 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -773,6 +773,7 @@ int MAIN(int argc, char **argv)
{
dsa_doit[R_DSA_512]=1;
dsa_doit[R_DSA_1024]=1;
+ dsa_doit[R_DSA_2048]=1;
}
else
#endif
@@ -1006,6 +1007,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_RC5][0]=count;
c[D_CBC_BF][0]=count;
c[D_CBC_CAST][0]=count;
+ c[D_CBC_128_AES][0]=count;
+ c[D_CBC_192_AES][0]=count;
+ c[D_CBC_256_AES][0]=count;
for (i=1; i<SIZE_NUM; i++)
{
@@ -1031,6 +1035,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
+ c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
+ c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
+ c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
}
#ifndef OPENSSL_NO_RSA
rsa_c[R_RSA_512][0]=count/2000;
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index 2020b51de064..9b95f7bd3fec 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -1022,31 +1022,31 @@ end:
OPENSSL_EXIT(ret);
}
-static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
+static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
{
char *buf = NULL, *p;
- MS_STATIC char buf2[1024];
- ASN1_INTEGER *bs = NULL, *bs2 = NULL;
- BIO *io = NULL;
+ ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
+ size_t len;
- buf=OPENSSL_malloc( ((serialfile == NULL)
- ?(strlen(CAfile)+strlen(POSTFIX)+1)
- :(strlen(serialfile)))+1);
+ len = ((serialfile == NULL)
+ ?(strlen(CAfile)+strlen(POSTFIX)+1)
+ :(strlen(serialfile)))+1;
+ buf=OPENSSL_malloc(len);
if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
if (serialfile == NULL)
{
- strcpy(buf,CAfile);
+ BUF_strlcpy(buf,CAfile,len);
for (p=buf; *p; p++)
if (*p == '.')
{
*p='\0';
break;
}
- strcat(buf,POSTFIX);
+ BUF_strlcat(buf,POSTFIX,len);
}
else
- strcpy(buf,serialfile);
+ BUF_strlcpy(buf,serialfile,len);
serial=BN_new();
bs=ASN1_INTEGER_new();
if ((serial == NULL) || (bs == NULL))
@@ -1055,72 +1055,18 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
goto end;
}
- io=BIO_new(BIO_s_file());
- if (io == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (BIO_read_filename(io,buf) <= 0)
- {
- if (!create)
- {
- perror(buf);
- goto end;
- }
- else
- {
- ASN1_INTEGER_set(bs,1);
- BN_one(serial);
- }
- }
- else
- {
- if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
- {
- BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
- ERR_print_errors(bio_err);
- goto end;
- }
- else
- {
- serial=BN_bin2bn(bs->data,bs->length,serial);
- if (serial == NULL)
- {
- BIO_printf(bio_err,"error converting bin 2 bn");
- goto end;
- }
- }
- }
+ serial = load_serial(buf, create, NULL);
+ if (serial == NULL) goto end;
if (!BN_add_word(serial,1))
{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
- if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
- { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
- if (BIO_write_filename(io,buf) <= 0)
- {
- BIO_printf(bio_err,"error attempting to write serial number file\n");
- perror(buf);
- goto end;
- }
- i2a_ASN1_INTEGER(io,bs2);
- BIO_puts(io,"\n");
- BIO_free(io);
- if (buf) OPENSSL_free(buf);
- ASN1_INTEGER_free(bs2);
- BN_free(serial);
- io=NULL;
- return bs;
+ if (!save_serial(buf, NULL, serial, &bs)) goto end;
- end:
+ end:
if (buf) OPENSSL_free(buf);
- BIO_free(io);
- ASN1_INTEGER_free(bs);
BN_free(serial);
- return NULL;
-
+ return bs;
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
@@ -1142,7 +1088,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
goto end;
}
if (sno) bs = sno;
- else if (!(bs = load_serial(CAfile, serialfile, create)))
+ else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
goto end;
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
diff --git a/crypto/openssl/certs/expired/vsign3.pem b/crypto/openssl/certs/expired/vsign3.pem
new file mode 100644
index 000000000000..aa5bb4c1f32b
--- /dev/null
+++ b/crypto/openssl/certs/expired/vsign3.pem
@@ -0,0 +1,18 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan 7 23:59:59 2004 GMT
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
+-----END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsign3.pem b/crypto/openssl/certs/vsign3.pem
index aa5bb4c1f32b..4b8c0251cb7b 100644
--- a/crypto/openssl/certs/vsign3.pem
+++ b/crypto/openssl/certs/vsign3.pem
@@ -1,18 +1,17 @@
subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2004 GMT
+notAfter=Aug 1 23:59:59 2028 GMT
-----BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
-----END CERTIFICATE-----
diff --git a/crypto/openssl/config b/crypto/openssl/config
index b3bd96bbfcb6..25a3703c1fe0 100755
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "$HPUXVER" in
1[0-9].*) # HPUX 10 and 11 targets are unified
- echo "${MACHINE}-hp-hpux10"; exit 0
+ echo "${MACHINE}-hp-hpux1x"; exit 0
;;
*)
echo "${MACHINE}-hp-hpux"; exit 0
@@ -410,9 +410,10 @@ if [ "$SYSTEM" = "HP-UX" ];then
GCC_BITS="32"
if [ $GCCVER -ge 30 ]; then
# PA64 support only came in with gcc 3.0.x.
- # We look for the preprocessor symbol __LP64__ indicating
- # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64.
- if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
+ # We check if the preprocessor symbol __LP64__ is defined...
+ if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
+ : # __LP64__ has slipped through, it therefore is not defined
+ else
GCC_BITS="64"
fi
fi
@@ -685,7 +686,7 @@ EOF
if [ $CC = "gcc" ];
then
if [ $GCC_BITS = "64" ]; then
- OUT="hpux64-parisc-gcc"
+ OUT="hpux64-parisc2-gcc"
else
OUT="hpux-parisc-gcc"
fi
@@ -700,7 +701,7 @@ EOF
if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
echo " If you wish to build 32-bit library, the you have to"
- echo " invoke './Configure hpux-ia32-cc' *manually*."
+ echo " invoke './Configure hpux-ia64-cc' *manually*."
if [ "$TEST" = "false" ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
diff --git a/crypto/openssl/crypto/Makefile.ssl b/crypto/openssl/crypto/Makefile.ssl
index 9def17ae601f..b9951a460054 100644
--- a/crypto/openssl/crypto/Makefile.ssl
+++ b/crypto/openssl/crypto/Makefile.ssl
@@ -50,7 +50,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top:
@(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: buildinf.h lib subdirs shared
+all: shared
buildinf.h: ../Makefile.ssl
( echo "#ifndef MK1MF_BUILD"; \
@@ -81,11 +81,11 @@ files:
done;
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@for i in $(SDIRS); do \
(cd $$i && echo "making links in crypto/$$i..." && \
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
@@ -96,7 +96,7 @@ lib: $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
-shared:
+shared: buildinf.h lib subdirs
if [ -n "$(SHARED_LIBS)" ]; then \
(cd ..; $(MAKE) $(SHARED_LIB)); \
fi
diff --git a/crypto/openssl/crypto/aes/Makefile.ssl b/crypto/openssl/crypto/aes/Makefile.ssl
index 364d05bbfe01..f353aeb697dd 100644
--- a/crypto/openssl/crypto/aes/Makefile.ssl
+++ b/crypto/openssl/crypto/aes/Makefile.ssl
@@ -52,7 +52,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/aes/aes_cbc.c b/crypto/openssl/crypto/aes/aes_cbc.c
index 86b27b10d612..1222a21002c1 100644
--- a/crypto/openssl/crypto/aes/aes_cbc.c
+++ b/crypto/openssl/crypto/aes/aes_cbc.c
@@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, tmp, key);
for(n=0; n < len; ++n)
- out[n] ^= ivec[n];
+ out[n] = tmp[n] ^ ivec[n];
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
diff --git a/crypto/openssl/crypto/asn1/Makefile.ssl b/crypto/openssl/crypto/asn1/Makefile.ssl
index 944d8f164ae6..cb45194d48e3 100644
--- a/crypto/openssl/crypto/asn1/Makefile.ssl
+++ b/crypto/openssl/crypto/asn1/Makefile.ssl
@@ -77,7 +77,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/openssl/crypto/asn1/a_gentm.c
index cd09f68b38f6..85810078681e 100644
--- a/crypto/openssl/crypto/asn1/a_gentm.c
+++ b/crypto/openssl/crypto/asn1/a_gentm.c
@@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
char *p;
struct tm *ts;
struct tm data;
+ size_t len = 20;
if (s == NULL)
s=M_ASN1_GENERALIZEDTIME_new();
@@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
return(NULL);
p=(char *)s->data;
- if ((p == NULL) || (s->length < 16))
+ if ((p == NULL) || ((size_t)s->length < len))
{
- p=OPENSSL_malloc(20);
+ p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}
- sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+ BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+ ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
s->length=strlen(p);
s->type=V_ASN1_GENERALIZEDTIME;
#ifdef CHARSET_EBCDIC_not
diff --git a/crypto/openssl/crypto/asn1/a_mbstr.c b/crypto/openssl/crypto/asn1/a_mbstr.c
index e8a26af521f2..208b3ec395f1 100644
--- a/crypto/openssl/crypto/asn1/a_mbstr.c
+++ b/crypto/openssl/crypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
- sprintf(strbuf, "%ld", minsize);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
- sprintf(strbuf, "%ld", maxsize);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 8abfdfe59804..bde666a6ff15 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
-1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */
-1, 1, 1, /* 18-20 */
- -1, 1, -1,-1, /* 21-24 */
+ -1, 1, 1, 1, /* 21-24 */
-1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */
};
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c
index 7348da9457b3..159681fbcb06 100644
--- a/crypto/openssl/crypto/asn1/a_time.c
+++ b/crypto/openssl/crypto/asn1/a_time.c
@@ -128,6 +128,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
{
ASN1_GENERALIZEDTIME *ret;
char *str;
+ int newlen;
if (!ASN1_TIME_check(t)) return NULL;
@@ -150,12 +151,14 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
/* grow the string */
if (!ASN1_STRING_set(ret, NULL, t->length + 2))
return NULL;
+ /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+ newlen = t->length + 2 + 1;
str = (char *)ret->data;
/* Work out the century and prepend */
- if (t->data[0] >= '5') strcpy(str, "19");
- else strcpy(str, "20");
+ if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
+ else BUF_strlcpy(str, "20", newlen);
- BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */
+ BUF_strlcat(str, (char *)t->data, newlen);
return ret;
}
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c
index dbb4a42c9d15..999852dae527 100644
--- a/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/crypto/openssl/crypto/asn1/a_utctm.c
@@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
char *p;
struct tm *ts;
struct tm data;
+ size_t len = 20;
if (s == NULL)
s=M_ASN1_UTCTIME_new();
@@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
return(NULL);
p=(char *)s->data;
- if ((p == NULL) || (s->length < 14))
+ if ((p == NULL) || ((size_t)s->length < len))
{
- p=OPENSSL_malloc(20);
+ p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}
- sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+ BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+ ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
s->length=strlen(p);
s->type=V_ASN1_UTCTIME;
#ifdef CHARSET_EBCDIC_not
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index e30d5dd303c9..a74f1368d34d 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
{
char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
- sprintf(buf1,"%lu",(unsigned long)address);
- sprintf(buf2,"%d",offset);
+ BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
+ BIO_snprintf(buf2,sizeof buf2,"%d",offset);
ERR_add_error_data(4,"address=",buf1," offset=",buf2);
}
diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c
index e48532a24dc7..676d434f034d 100644
--- a/crypto/openssl/crypto/asn1/asn1_par.c
+++ b/crypto/openssl/crypto/asn1/asn1_par.c
@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p=str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
- sprintf(str,"priv [ %d ] ",tag);
+ BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
- sprintf(str,"cont [ %d ]",tag);
+ BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
- sprintf(str,"appl [ %d ]",tag);
+ BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
else p = ASN1_tag2str(tag);
if (p2 != NULL)
diff --git a/crypto/openssl/crypto/asn1/asn_moid.c b/crypto/openssl/crypto/asn1/asn_moid.c
index be20db4bad7f..edb44c988f08 100644
--- a/crypto/openssl/crypto/asn1/asn_moid.c
+++ b/crypto/openssl/crypto/asn1/asn_moid.c
@@ -87,9 +87,14 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
}
}
return 1;
-}
+ }
+
+static void oid_module_finish(CONF_IMODULE *md)
+ {
+ OBJ_cleanup();
+ }
void ASN1_add_oid_module(void)
{
- CONF_module_add("oid_section", oid_module_init, 0);
+ CONF_module_add("oid_section", oid_module_init, oid_module_finish);
}
diff --git a/crypto/openssl/crypto/asn1/t_pkey.c b/crypto/openssl/crypto/asn1/t_pkey.c
index 4e09c9e44e23..d15006e6546c 100644
--- a/crypto/openssl/crypto/asn1/t_pkey.c
+++ b/crypto/openssl/crypto/asn1/t_pkey.c
@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
}
if (x->d == NULL)
- sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n));
+ BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
else
- strcpy(str,"modulus:");
+ BUF_strlcpy(str,"modulus:",sizeof str);
if (!print(bp,str,x->n,m,off)) goto err;
s=(x->d == NULL)?"Exponent:":"publicExponent:";
if (!print(bp,s,x->e,m,off)) goto err;
diff --git a/crypto/openssl/crypto/asn1/x_long.c b/crypto/openssl/crypto/asn1/x_long.c
index c04b192794f1..c5f25956cb28 100644
--- a/crypto/openssl/crypto/asn1/x_long.c
+++ b/crypto/openssl/crypto/asn1/x_long.c
@@ -104,7 +104,12 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
long ltmp;
unsigned long utmp;
int clen, pad, i;
- ltmp = *(long *)pval;
+ /* this exists to bypass broken gcc optimization */
+ char *cp = (char *)pval;
+
+ /* use memcpy, because we may not be long aligned */
+ memcpy(&ltmp, cp, sizeof(long));
+
if(ltmp == it->size) return -1;
/* Convert the long to positive: we subtract one if negative so
* we can cleanly handle the padding if only the MSB of the leading
@@ -136,6 +141,7 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
int neg, i;
long ltmp;
unsigned long utmp = 0;
+ char *cp = (char *)pval;
if(len > sizeof(long)) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
return 0;
@@ -158,6 +164,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
return 0;
}
- *(long *)pval = ltmp;
+ memcpy(cp, &ltmp, sizeof(long));
return 1;
}
diff --git a/crypto/openssl/crypto/bf/Makefile.ssl b/crypto/openssl/crypto/bf/Makefile.ssl
index bb14a0ee8250..be3ad77a0563 100644
--- a/crypto/openssl/crypto/bf/Makefile.ssl
+++ b/crypto/openssl/crypto/bf/Makefile.ssl
@@ -22,6 +22,7 @@ BF_ENC= bf_enc.o
#DES_ENC= bx86-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=bftest.c
@@ -67,7 +68,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/bio/Makefile.ssl b/crypto/openssl/crypto/bio/Makefile.ssl
index 141a03ae1d21..d0b9e297b082 100644
--- a/crypto/openssl/crypto/bio/Makefile.ssl
+++ b/crypto/openssl/crypto/bio/Makefile.ssl
@@ -57,7 +57,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/bio/b_dump.c b/crypto/openssl/crypto/bio/b_dump.c
index 8397cfab6a2c..f671e722fa39 100644
--- a/crypto/openssl/crypto/bio/b_dump.c
+++ b/crypto/openssl/crypto/bio/b_dump.c
@@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
for(i=0;i<rows;i++)
{
buf[0]='\0'; /* start with empty string */
- strcpy(buf,str);
- sprintf(tmp,"%04x - ",i*dump_width);
- strcat(buf,tmp);
+ BUF_strlcpy(buf,str,sizeof buf);
+ BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
+ BUF_strlcat(buf,tmp,sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
{
- strcat(buf," ");
+ BUF_strlcat(buf," ",sizeof buf);
}
else
{
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
- sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
- strcat(buf,tmp);
+ BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
+ j==7?'-':' ');
+ BUF_strlcat(buf,tmp,sizeof buf);
}
}
- strcat(buf," ");
+ BUF_strlcat(buf," ",sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
break;
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
#ifndef CHARSET_EBCDIC
- sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+ BIO_snprintf(tmp,sizeof tmp,"%c",
+ ((ch>=' ')&&(ch<='~'))?ch:'.');
#else
- sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
- ? os_toebcdic[ch]
- : '.');
+ BIO_snprintf(tmp,sizeof tmp,"%c",
+ ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+ ? os_toebcdic[ch]
+ : '.');
#endif
- strcat(buf,tmp);
+ BUF_strlcat(buf,tmp,sizeof buf);
}
- strcat(buf,"\n");
+ BUF_strlcat(buf,"\n",sizeof buf);
/* if this is the last call then update the ddt_dump thing so that
* we will move the selection point in the debug window
*/
@@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
#ifdef TRUNCATE
if (trunc > 0)
{
- sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
+ BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
+ len+trunc);
ret+=BIO_write(bio,(char *)buf,strlen(buf));
}
#endif
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c
index 2cfc689dd6b4..fbff33179680 100644
--- a/crypto/openssl/crypto/bio/b_print.c
+++ b/crypto/openssl/crypto/bio/b_print.c
@@ -576,12 +576,12 @@ abs_val(LDOUBLE value)
}
static LDOUBLE
-pow10(int exp)
+pow10(int in_exp)
{
LDOUBLE result = 1;
- while (exp) {
+ while (in_exp) {
result *= 10;
- exp--;
+ in_exp--;
}
return result;
}
@@ -652,8 +652,8 @@ fmtfp(
(caps ? "0123456789ABCDEF"
: "0123456789abcdef")[intpart % 10];
intpart = (intpart / 10);
- } while (intpart && (iplace < sizeof iplace));
- if (iplace == sizeof iplace)
+ } while (intpart && (iplace < sizeof iconvert));
+ if (iplace == sizeof iconvert)
iplace--;
iconvert[iplace] = 0;
@@ -664,7 +664,7 @@ fmtfp(
: "0123456789abcdef")[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace < max);
- if (fplace == sizeof fplace)
+ if (fplace == sizeof fconvert)
fplace--;
fconvert[fplace] = 0;
diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c
index 601a14f37c5b..c851298d1e60 100644
--- a/crypto/openssl/crypto/bio/b_sock.c
+++ b/crypto/openssl/crypto/bio/b_sock.c
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
}
*addr=p;
}
- sprintf(*addr,"%d.%d.%d.%d:%d",
- (unsigned char)(l>>24L)&0xff,
- (unsigned char)(l>>16L)&0xff,
- (unsigned char)(l>> 8L)&0xff,
- (unsigned char)(l )&0xff,
- port);
+ BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
+ (unsigned char)(l>>24L)&0xff,
+ (unsigned char)(l>>16L)&0xff,
+ (unsigned char)(l>> 8L)&0xff,
+ (unsigned char)(l )&0xff,
+ port);
end:
return(ret);
}
diff --git a/crypto/openssl/crypto/bio/bio_cb.c b/crypto/openssl/crypto/bio/bio_cb.c
index 0ffa4d21367f..6f4254a1141a 100644
--- a/crypto/openssl/crypto/bio/bio_cb.c
+++ b/crypto/openssl/crypto/bio/bio_cb.c
@@ -70,55 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
MS_STATIC char buf[256];
char *p;
long r=1;
+ size_t p_maxlen;
if (BIO_CB_RETURN & cmd)
r=ret;
- sprintf(buf,"BIO[%08lX]:",(unsigned long)bio);
+ BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
p= &(buf[14]);
+ p_maxlen = sizeof buf - 14;
switch (cmd)
{
case BIO_CB_FREE:
- sprintf(p,"Free - %s\n",bio->method->name);
+ BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
break;
case BIO_CB_READ:
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
- sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+ BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
+ bio->num,argi,bio->method->name,bio->num);
else
- sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+ BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
+ bio->num,argi,bio->method->name);
break;
case BIO_CB_WRITE:
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
- sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
+ BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
+ bio->num,argi,bio->method->name,bio->num);
else
- sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
+ BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
+ bio->num,argi,bio->method->name);
break;
case BIO_CB_PUTS:
- sprintf(p,"puts() - %s\n",bio->method->name);
+ BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
break;
case BIO_CB_GETS:
- sprintf(p,"gets(%d) - %s\n",argi,bio->method->name);
+ BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
break;
case BIO_CB_CTRL:
- sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name);
+ BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
break;
case BIO_CB_RETURN|BIO_CB_READ:
- sprintf(p,"read return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_WRITE:
- sprintf(p,"write return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_GETS:
- sprintf(p,"gets return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_PUTS:
- sprintf(p,"puts return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_CTRL:
- sprintf(p,"ctrl return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
break;
default:
- sprintf(p,"bio callback - unknown type (%d)\n",cmd);
+ BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
break;
}
diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/openssl/crypto/bio/bss_conn.c
index 743db6ff94a0..f5d0e759e230 100644
--- a/crypto/openssl/crypto/bio/bss_conn.c
+++ b/crypto/openssl/crypto/bio/bss_conn.c
@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
char buf[16];
unsigned char *p = ptr;
- sprintf(buf,"%d.%d.%d.%d",
- p[0],p[1],p[2],p[3]);
+ BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
+ p[0],p[1],p[2],p[3]);
if (data->param_hostname != NULL)
OPENSSL_free(data->param_hostname);
data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
{
char buf[DECIMAL_SIZE(int)+1];
- sprintf(buf,"%d",*(int *)ptr);
+ BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
if (data->param_port != NULL)
OPENSSL_free(data->param_port);
data->param_port=BUF_strdup(buf);
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c
index 6904b5c081c4..9cdf159f82f8 100644
--- a/crypto/openssl/crypto/bio/bss_file.c
+++ b/crypto/openssl/crypto/bio/bss_file.c
@@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
if (num & BIO_FP_APPEND)
{
if (num & BIO_FP_READ)
- strcpy(p,"a+");
- else strcpy(p,"a");
+ BUF_strlcpy(p,"a+",sizeof p);
+ else BUF_strlcpy(p,"a",sizeof p);
}
else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
- strcpy(p,"r+");
+ BUF_strlcpy(p,"r+",sizeof p);
else if (num & BIO_FP_WRITE)
- strcpy(p,"w");
+ BUF_strlcpy(p,"w",sizeof p);
else if (num & BIO_FP_READ)
- strcpy(p,"r");
+ BUF_strlcpy(p,"r",sizeof p);
else
{
BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl
index 090fccdf7d29..50892ef44c6b 100644
--- a/crypto/openssl/crypto/bn/Makefile.ssl
+++ b/crypto/openssl/crypto/bn/Makefile.ssl
@@ -120,11 +120,14 @@ asm/ia64-cpp.o: asm/ia64.S
asm/x86_64-gcc.o: asm/x86_64-gcc.c
+asm/pa-risc2W.o: asm/pa-risc2W.s
+ /usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
+
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/bn/asm/bn-586.pl b/crypto/openssl/crypto/bn/asm/bn-586.pl
index 33f61259201a..c4de4a2beece 100644
--- a/crypto/openssl/crypto/bn/asm/bn-586.pl
+++ b/crypto/openssl/crypto/bn/asm/bn-586.pl
@@ -11,7 +11,7 @@ require "x86asm.pl";
&bn_div_words("bn_div_words");
&bn_add_words("bn_add_words");
&bn_sub_words("bn_sub_words");
-&bn_sub_part_words("bn_sub_part_words");
+#&bn_sub_part_words("bn_sub_part_words");
&asm_finish();
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
index b97b394661aa..450e8e43228e 100644
--- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -142,7 +142,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
{ BN_ULONG ret,waste;
- asm ("divq %3"
+ asm ("divq %4"
: "=a"(ret),"=d"(waste)
: "a"(l),"d"(h),"g"(d)
: "cc");
diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h
index 5614bc6164cf..253e195e2385 100644
--- a/crypto/openssl/crypto/bn/bn_lcl.h
+++ b/crypto/openssl/crypto/bn/bn_lcl.h
@@ -433,19 +433,18 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
int cl, int dl);
-#if 0
-/* bn_mul.c rollback <appro> */
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- int dna,int dnb,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
- int n,int tna,int tnb,BN_ULONG *t);
-#endif
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
+#ifdef BN_RECURSION
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+ int n, BN_ULONG *t);
void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
BN_ULONG *t);
void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
+#endif
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
#ifdef __cplusplus
}
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index fa0ff485ade4..e1660450bc0f 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -145,11 +145,11 @@ char *BN_options(void)
{
init++;
#ifdef BN_LLONG
- sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
- (int)sizeof(BN_ULONG)*8);
+ BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+ (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
#else
- sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
- (int)sizeof(BN_ULONG)*8);
+ BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+ (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
#endif
}
return(data);
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c
index 5f46b1826c03..0d942603b1b1 100644
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/openssl/crypto/bn/bn_print.c
@@ -119,6 +119,7 @@ char *BN_bn2dec(const BIGNUM *a)
}
if ((t=BN_dup(a)) == NULL) goto err;
+#define BUF_REMAIN (num+3 - (size_t)(p - buf))
p=buf;
lp=bn_data;
if (t->neg) *(p++)='-';
@@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
/* We now have a series of blocks, BN_DEC_NUM chars
* in length, where the last one needs truncation.
* The blocks need to be reversed in order. */
- sprintf(p,BN_DEC_FMT1,*lp);
+ BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
while (*p) p++;
while (lp != bn_data)
{
lp--;
- sprintf(p,BN_DEC_FMT2,*lp);
+ BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
while (*p) p++;
}
}
diff --git a/crypto/openssl/crypto/buffer/Makefile.ssl b/crypto/openssl/crypto/buffer/Makefile.ssl
index e8b6c9693a94..b131ca307894 100644
--- a/crypto/openssl/crypto/buffer/Makefile.ssl
+++ b/crypto/openssl/crypto/buffer/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/cast/Makefile.ssl b/crypto/openssl/crypto/cast/Makefile.ssl
index 70c47bf8e695..98393a37ba5d 100644
--- a/crypto/openssl/crypto/cast/Makefile.ssl
+++ b/crypto/openssl/crypto/cast/Makefile.ssl
@@ -25,6 +25,7 @@ CAST_ENC=c_enc.o
#CAST_ENC=asm/cx86bdsi.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=casttest.c
@@ -70,7 +71,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/comp/Makefile.ssl b/crypto/openssl/crypto/comp/Makefile.ssl
index f60c7a1afc7b..f70ba1b2853d 100644
--- a/crypto/openssl/crypto/comp/Makefile.ssl
+++ b/crypto/openssl/crypto/comp/Makefile.ssl
@@ -50,7 +50,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/conf/Makefile.ssl b/crypto/openssl/crypto/conf/Makefile.ssl
index 28b3f9ac0b55..c5873bc6e782 100644
--- a/crypto/openssl/crypto/conf/Makefile.ssl
+++ b/crypto/openssl/crypto/conf/Makefile.ssl
@@ -50,7 +50,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c
index 57d2739ae0c8..2e9f52f1fd50 100644
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/openssl/crypto/conf/conf_def.c
@@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
- strcpy(section,"default");
+ BUF_strlcpy(section,"default",10);
if (_CONF_new_data(conf) == 0)
{
@@ -392,7 +392,7 @@ again:
ERR_R_MALLOC_FAILURE);
goto err;
}
- strcpy(v->name,pname);
+ BUF_strlcpy(v->name,pname,strlen(pname)+1);
if (!str_copy(conf,psection,&(v->value),start)) goto err;
if (strcmp(psection,section) != 0)
@@ -447,7 +447,7 @@ err:
if (buff != NULL) BUF_MEM_free(buff);
if (section != NULL) OPENSSL_free(section);
if (line != NULL) *line=eline;
- sprintf(btmp,"%ld",eline);
+ BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
ERR_add_error_data(2,"line ",btmp);
if ((h != conf->data) && (conf->data != NULL))
{
diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/openssl/crypto/conf/conf_mod.c
index edcc08921c2f..d45adea85131 100644
--- a/crypto/openssl/crypto/conf/conf_mod.c
+++ b/crypto/openssl/crypto/conf/conf_mod.c
@@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
{
char rcode[DECIMAL_SIZE(ret)+1];
CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
- sprintf(rcode, "%-8d", ret);
+ BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
}
}
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
if (!file)
return NULL;
- strcpy(file,X509_get_default_cert_area());
+ BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
#ifndef OPENSSL_SYS_VMS
- strcat(file,"/");
+ BUF_strlcat(file,"/",len + 1);
#endif
- strcat(file,OPENSSL_CONF);
+ BUF_strlcat(file,OPENSSL_CONF,len + 1);
return file;
}
@@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
* be used to parse comma separated lists for example.
*/
-int CONF_parse_list(const char *list, int sep, int nospc,
+int CONF_parse_list(const char *list_, int sep, int nospc,
int (*list_cb)(const char *elem, int len, void *usr), void *arg)
{
int ret;
const char *lstart, *tmpend, *p;
- lstart = list;
+ lstart = list_;
for(;;)
{
diff --git a/crypto/openssl/crypto/cversion.c b/crypto/openssl/crypto/cversion.c
index 8ecfba7b16ba..beeeb14013e7 100644
--- a/crypto/openssl/crypto/cversion.c
+++ b/crypto/openssl/crypto/cversion.c
@@ -61,7 +61,9 @@
#include "cryptlib.h"
#include <openssl/crypto.h>
+#ifndef NO_WINDOWS_BRAINDEATH
#include "buildinf.h"
+#endif
const char *SSLeay_version(int t)
{
@@ -72,7 +74,7 @@ const char *SSLeay_version(int t)
#ifdef DATE
static char buf[sizeof(DATE)+11];
- sprintf(buf,"built on: %s",DATE);
+ BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
return(buf);
#else
return("built on: date not available");
@@ -83,7 +85,7 @@ const char *SSLeay_version(int t)
#ifdef CFLAGS
static char buf[sizeof(CFLAGS)+11];
- sprintf(buf,"compiler: %s",CFLAGS);
+ BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
return(buf);
#else
return("compiler: information not available");
@@ -94,7 +96,7 @@ const char *SSLeay_version(int t)
#ifdef PLATFORM
static char buf[sizeof(PLATFORM)+11];
- sprintf(buf,"platform: %s", PLATFORM);
+ BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
return(buf);
#else
return("platform: information not available");
diff --git a/crypto/openssl/crypto/des/Makefile.ssl b/crypto/openssl/crypto/des/Makefile.ssl
index 548573f4b185..0d9ba2b42f27 100644
--- a/crypto/openssl/crypto/des/Makefile.ssl
+++ b/crypto/openssl/crypto/des/Makefile.ssl
@@ -22,6 +22,7 @@ DES_ENC= des_enc.o fcrypt_b.o
#DES_ENC= dx86-elf.o yx86-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=destest.c
@@ -96,7 +97,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -157,12 +158,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
cfb64enc.o: cfb64enc.c des_locl.h
-cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb_enc.o: cfb_enc.c des_locl.h
des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -191,13 +193,13 @@ ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
ecb3_enc.o: des_locl.h ecb3_enc.c
-ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
-ecb_enc.o: spr.h
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h
ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
diff --git a/crypto/openssl/crypto/des/cfb_enc.c b/crypto/openssl/crypto/des/cfb_enc.c
index 2600bdfc93a9..03cabb223cdf 100644
--- a/crypto/openssl/crypto/des/cfb_enc.c
+++ b/crypto/openssl/crypto/des/cfb_enc.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include "e_os.h"
#include "des_locl.h"
/* The input and output are loaded in multiples of 8 bits.
@@ -64,17 +65,15 @@
* the second. The second 12 bits will come from the 3rd and half the 4th
* byte.
*/
-/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
- * length */
/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
* will not be compatible with any encryption prior to that date. Ben. */
void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
long length, DES_key_schedule *schedule, DES_cblock *ivec,
int enc)
{
- register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
- register unsigned long l=length;
- register int num=numbits;
+ register DES_LONG d0,d1,v0,v1;
+ register unsigned long l=length,n=(numbits+7)/8;
+ register int num=numbits,i;
DES_LONG ti[2];
unsigned char *iv;
unsigned char ovec[16];
@@ -114,10 +113,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
- for(n=0 ; n < 8 ; ++n)
+ for(i=0 ; i < 8 ; ++i)
{
- ovec[n]<<=num%8;
- ovec[n]|=ovec[n+1]>>(8-num%8);
+ ovec[i]<<=num%8;
+ ovec[i]|=ovec[i+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
@@ -152,10 +151,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
- for(n=0 ; n < 8 ; ++n)
+ for(i=0 ; i < 8 ; ++i)
{
- ovec[n]<<=num%8;
- ovec[n]|=ovec[n+1]>>(8-num%8);
+ ovec[i]<<=num%8;
+ ovec[i]|=ovec[i+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
diff --git a/crypto/openssl/crypto/des/ecb_enc.c b/crypto/openssl/crypto/des/ecb_enc.c
index 1b70f68806d9..784aa5ba23d2 100644
--- a/crypto/openssl/crypto/des/ecb_enc.c
+++ b/crypto/openssl/crypto/des/ecb_enc.c
@@ -60,6 +60,7 @@
#include "des_ver.h"
#include "spr.h"
#include <openssl/opensslv.h>
+#include <openssl/bio.h>
OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
@@ -97,7 +98,8 @@ const char *DES_options(void)
size="int";
else
size="long";
- sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+ BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+ size);
init=0;
}
return(buf);
diff --git a/crypto/openssl/crypto/dh/Makefile.ssl b/crypto/openssl/crypto/dh/Makefile.ssl
index 1c447e971f87..e05fc01a1283 100644
--- a/crypto/openssl/crypto/dh/Makefile.ssl
+++ b/crypto/openssl/crypto/dh/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/dsa/Makefile.ssl b/crypto/openssl/crypto/dsa/Makefile.ssl
index 014d0063477e..e5f8a8cf514f 100644
--- a/crypto/openssl/crypto/dsa/Makefile.ssl
+++ b/crypto/openssl/crypto/dsa/Makefile.ssl
@@ -49,7 +49,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/dso/Makefile.ssl b/crypto/openssl/crypto/dso/Makefile.ssl
index 3d00363bb664..c0449d184e5b 100644
--- a/crypto/openssl/crypto/dso/Makefile.ssl
+++ b/crypto/openssl/crypto/dso/Makefile.ssl
@@ -49,7 +49,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/dso/dso_lib.c b/crypto/openssl/crypto/dso/dso_lib.c
index 556069b9b824..48d9fdb25e2b 100644
--- a/crypto/openssl/crypto/dso/dso_lib.c
+++ b/crypto/openssl/crypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
return(0);
}
- strcpy(copied, filename);
+ BUF_strlcpy(copied, filename, strlen(filename) + 1);
if(dso->filename)
OPENSSL_free(dso->filename);
dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
ERR_R_MALLOC_FAILURE);
return(NULL);
}
- strcpy(result, filename);
+ BUF_strlcpy(result, filename, strlen(filename) + 1);
}
return(result);
}
diff --git a/crypto/openssl/crypto/ec/Makefile.ssl b/crypto/openssl/crypto/ec/Makefile.ssl
index c34a49c1b149..a2805c47a2f5 100644
--- a/crypto/openssl/crypto/ec/Makefile.ssl
+++ b/crypto/openssl/crypto/ec/Makefile.ssl
@@ -50,7 +50,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/openssl/crypto/ec/ecp_smpl.c
index 4666a052bfab..e9a51fb87a1c 100644
--- a/crypto/openssl/crypto/ec/ecp_smpl.c
+++ b/crypto/openssl/crypto/ec/ecp_smpl.c
@@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
form = buf[0];
y_bit = form & 1;
- form = form & ~1;
+ form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID))
diff --git a/crypto/openssl/crypto/engine/Makefile.ssl b/crypto/openssl/crypto/engine/Makefile.ssl
index 847d6724000c..30a4446ff969 100644
--- a/crypto/openssl/crypto/engine/Makefile.ssl
+++ b/crypto/openssl/crypto/engine/Makefile.ssl
@@ -57,7 +57,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/engine/eng_ctrl.c b/crypto/openssl/crypto/engine/eng_ctrl.c
index ad3858395bed..412c73fb0fd3 100644
--- a/crypto/openssl/crypto/engine/eng_ctrl.c
+++ b/crypto/openssl/crypto/engine/eng_ctrl.c
@@ -160,15 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
return strlen(e->cmd_defns[idx].cmd_name);
case ENGINE_CTRL_GET_NAME_FROM_CMD:
- return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
+ return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
+ "%s", e->cmd_defns[idx].cmd_name);
case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
if(e->cmd_defns[idx].cmd_desc)
return strlen(e->cmd_defns[idx].cmd_desc);
return strlen(int_no_description);
case ENGINE_CTRL_GET_DESC_FROM_CMD:
if(e->cmd_defns[idx].cmd_desc)
- return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
- return sprintf(s, "%s", int_no_description);
+ return BIO_snprintf(s,
+ strlen(e->cmd_defns[idx].cmd_desc) + 1,
+ "%s", e->cmd_defns[idx].cmd_desc);
+ return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
+ int_no_description);
case ENGINE_CTRL_GET_CMD_FLAGS:
return e->cmd_defns[idx].cmd_flags;
}
diff --git a/crypto/openssl/crypto/engine/eng_fat.c b/crypto/openssl/crypto/engine/eng_fat.c
index 0d7dae00b243..7ccf7022ee38 100644
--- a/crypto/openssl/crypto/engine/eng_fat.c
+++ b/crypto/openssl/crypto/engine/eng_fat.c
@@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg)
}
-int ENGINE_set_default_string(ENGINE *e, const char *list)
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
{
unsigned int flags = 0;
- if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags))
+ if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
ENGINE_R_INVALID_STRING);
- ERR_add_error_data(2, "str=",list);
+ ERR_add_error_data(2, "str=",def_list);
return 0;
}
return ENGINE_set_default(e, flags);
diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/openssl/crypto/engine/engine.h
index 9c3ab182d379..900f75ce8d6d 100644
--- a/crypto/openssl/crypto/engine/engine.h
+++ b/crypto/openssl/crypto/engine/engine.h
@@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
* structure will have had its reference count up'd so the caller
* should still free their own reference 'e'. */
int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *list);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
@@ -616,17 +616,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
const dynamic_fns *fns);
#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
- if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
- fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
- return 0; \
- CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
- CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
- CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
- CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
- CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
- if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
- return 0; \
- if(!ERR_set_implementation(fns->err_fns)) return 0; \
+ if (ERR_get_implementation() != fns->err_fns) \
+ { \
+ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+ return 0; \
+ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+ return 0; \
+ if(!ERR_set_implementation(fns->err_fns)) return 0; \
+ } \
if(!fn(e,id)) return 0; \
return 1; }
diff --git a/crypto/openssl/crypto/engine/hw_cryptodev.c b/crypto/openssl/crypto/engine/hw_cryptodev.c
index 40af97ac248b..467c0daa1b66 100644
--- a/crypto/openssl/crypto/engine/hw_cryptodev.c
+++ b/crypto/openssl/crypto/engine/hw_cryptodev.c
@@ -12,9 +12,6 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the author nor the names of contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
@@ -874,7 +871,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
goto err;
}
- printf("bar\n");
memset(&kop, 0, sizeof kop);
kop.crk_op = CRK_DSA_SIGN;
@@ -1054,14 +1050,17 @@ ENGINE_load_cryptodev(void)
if (engine == NULL)
return;
- if ((fd = get_dev_crypto()) < 0)
+ if ((fd = get_dev_crypto()) < 0) {
+ ENGINE_free(engine);
return;
+ }
/*
* find out what asymmetric crypto algorithms we support
*/
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
close(fd);
+ ENGINE_free(engine);
return;
}
close(fd);
diff --git a/crypto/openssl/crypto/err/Makefile.ssl b/crypto/openssl/crypto/err/Makefile.ssl
index 390bde1f1680..b253061d0727 100644
--- a/crypto/openssl/crypto/err/Makefile.ssl
+++ b/crypto/openssl/crypto/err/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index 633a1addfe8c..792f32960096 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...)
else
str=p;
}
- strcat(str,a);
+ BUF_strlcat(str,a,s+1);
}
}
ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
diff --git a/crypto/openssl/crypto/evp/Makefile.ssl b/crypto/openssl/crypto/evp/Makefile.ssl
index 772afd71f5a0..f33aebd33a2c 100644
--- a/crypto/openssl/crypto/evp/Makefile.ssl
+++ b/crypto/openssl/crypto/evp/Makefile.ssl
@@ -67,7 +67,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
cp $(TESTDATA) ../../test
diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c
index 530ab937cea7..4e3f10141bf3 100644
--- a/crypto/openssl/crypto/evp/bio_ok.c
+++ b/crypto/openssl/crypto/evp/bio_ok.c
@@ -102,7 +102,7 @@
*) digest is initialized with random seed instead of
standardized one.
- *) same seed is written to ouput
+ *) same seed is written to output
*) well-known text is then hashed and the output
of the digest is also written to output.
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c
index b22eed442115..0623ddf1f05f 100644
--- a/crypto/openssl/crypto/evp/digest.c
+++ b/crypto/openssl/crypto/evp/digest.c
@@ -248,6 +248,7 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
{
+ unsigned char *tmp_buf;
if ((in == NULL) || (in->digest == NULL))
{
EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
@@ -262,15 +263,22 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
}
#endif
+ if (out->digest == in->digest)
+ {
+ tmp_buf = out->md_data;
+ EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
+ }
+ else tmp_buf = NULL;
EVP_MD_CTX_cleanup(out);
memcpy(out,in,sizeof *out);
if (out->digest->ctx_size)
{
- out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+ if (tmp_buf) out->md_data = tmp_buf;
+ else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}
-
+
if (out->digest->copy)
return out->digest->copy(out,in);
@@ -308,7 +316,8 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
if (ctx->digest && ctx->digest->cleanup
&& !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
ctx->digest->cleanup(ctx);
- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
{
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
index 45a25f968d9f..4801d8eaa3b5 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/openssl/crypto/evp/evp.h
@@ -329,6 +329,8 @@ struct env_md_ctx_st
* once only */
#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
* cleaned */
+#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
+ * in EVP_MD_CTX_cleanup */
struct evp_cipher_st
{
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index be0758a87965..8ea5aa935dda 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
#endif
ctx->cipher=cipher;
- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+ if (ctx->cipher->ctx_size)
+ {
+ ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+ if (!ctx->cipher_data)
+ {
+ EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ else
+ {
+ ctx->cipher_data = NULL;
+ }
ctx->key_len = cipher->key_len;
ctx->flags = 0;
if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/openssl/crypto/evp/evp_pbe.c
index 0da88fdcffe2..91e545a1416d 100644
--- a/crypto/openssl/crypto/evp/evp_pbe.c
+++ b/crypto/openssl/crypto/evp/evp_pbe.c
@@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
if (i == -1) {
char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
- if (!pbe_obj) strcpy (obj_tmp, "NULL");
+ if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0;
diff --git a/crypto/openssl/crypto/evp/evp_pkey.c b/crypto/openssl/crypto/evp/evp_pkey.c
index 34b5b1d21ccb..eb481ec661da 100644
--- a/crypto/openssl/crypto/evp/evp_pkey.c
+++ b/crypto/openssl/crypto/evp/evp_pkey.c
@@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
#endif
default:
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
- if (!a->algorithm) strcpy (obj_tmp, "NULL");
+ if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
ERR_add_error_data(2, "TYPE=", obj_tmp);
EVP_PKEY_free (pkey);
diff --git a/crypto/openssl/crypto/hmac/Makefile.ssl b/crypto/openssl/crypto/hmac/Makefile.ssl
index d48df0597e02..f1c07322c4bb 100644
--- a/crypto/openssl/crypto/hmac/Makefile.ssl
+++ b/crypto/openssl/crypto/hmac/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/idea/Makefile.ssl b/crypto/openssl/crypto/idea/Makefile.ssl
index ca4b76fc2f4a..fa016ea399e3 100644
--- a/crypto/openssl/crypto/idea/Makefile.ssl
+++ b/crypto/openssl/crypto/idea/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/krb5/Makefile.ssl b/crypto/openssl/crypto/krb5/Makefile.ssl
index 7136d7a4023c..d9224c0f092d 100644
--- a/crypto/openssl/crypto/krb5/Makefile.ssl
+++ b/crypto/openssl/crypto/krb5/Makefile.ssl
@@ -48,7 +48,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile ;
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/lhash/Makefile.ssl b/crypto/openssl/crypto/lhash/Makefile.ssl
index 1902e4a8998d..60e7ee339315 100644
--- a/crypto/openssl/crypto/lhash/Makefile.ssl
+++ b/crypto/openssl/crypto/lhash/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/md2/Makefile.ssl b/crypto/openssl/crypto/md2/Makefile.ssl
index e5b3265a442e..3206924c900a 100644
--- a/crypto/openssl/crypto/md2/Makefile.ssl
+++ b/crypto/openssl/crypto/md2/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/md4/Makefile.ssl b/crypto/openssl/crypto/md4/Makefile.ssl
index 4d2d7369e621..7d2e8d8d3b31 100644
--- a/crypto/openssl/crypto/md4/Makefile.ssl
+++ b/crypto/openssl/crypto/md4/Makefile.ssl
@@ -48,7 +48,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/md5/Makefile.ssl b/crypto/openssl/crypto/md5/Makefile.ssl
index 2d4df972ffb6..2361775a2dc8 100644
--- a/crypto/openssl/crypto/md5/Makefile.ssl
+++ b/crypto/openssl/crypto/md5/Makefile.ssl
@@ -84,7 +84,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/mdc2/Makefile.ssl b/crypto/openssl/crypto/mdc2/Makefile.ssl
index 387d7f8cd895..33f366fb087d 100644
--- a/crypto/openssl/crypto/mdc2/Makefile.ssl
+++ b/crypto/openssl/crypto/mdc2/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c
index 29df7d35b248..dd86733b7705 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/openssl/crypto/mem.c
@@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
void *ret = NULL;
extern unsigned char cleanse_ctr;
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
@@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
void *ret = NULL;
extern unsigned char cleanse_ctr;
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
@@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
if (str == NULL)
return CRYPTO_malloc(num, file, line);
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
@@ -346,17 +346,21 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
if (str == NULL)
return CRYPTO_malloc(num, file, line);
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret=malloc_ex_func(num,file,line);
if(ret)
+ {
memcpy(ret,str,old_len);
- OPENSSL_cleanse(str,old_len);
- free_func(str);
+ OPENSSL_cleanse(str,old_len);
+ free_func(str);
+ }
#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num);
+ fprintf(stderr,
+ "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n",
+ str, ret, num);
#endif
if (realloc_debug_func != NULL)
realloc_debug_func(str, ret, num, file, line, 1);
diff --git a/crypto/openssl/crypto/mem_dbg.c b/crypto/openssl/crypto/mem_dbg.c
index 57bd08f65d92..e212de27e488 100644
--- a/crypto/openssl/crypto/mem_dbg.c
+++ b/crypto/openssl/crypto/mem_dbg.c
@@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
struct tm *lcl = NULL;
unsigned long ti;
+#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
+
if(m->addr == (char *)l->bio)
return;
@@ -604,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
{
lcl = localtime(&m->time);
- sprintf(bufp, "[%02d:%02d:%02d] ",
+ BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
bufp += strlen(bufp);
}
- sprintf(bufp, "%5lu file=%s, line=%d, ",
+ BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
m->order,m->file,m->line);
bufp += strlen(bufp);
if (options & V_CRYPTO_MDEBUG_THREAD)
{
- sprintf(bufp, "thread=%lu, ", m->thread);
+ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
bufp += strlen(bufp);
}
- sprintf(bufp, "number=%d, address=%08lX\n",
+ BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
m->num,(unsigned long)m->addr);
bufp += strlen(bufp);
@@ -641,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
ami_cnt++;
memset(buf,'>',ami_cnt);
- sprintf(buf + ami_cnt,
+ BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
" thread=%lu, file=%s, line=%d, info=\"",
amip->thread, amip->file, amip->line);
buf_len=strlen(buf);
@@ -653,10 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
}
else
{
- strcpy(buf + buf_len, amip->info);
+ BUF_strlcpy(buf + buf_len, amip->info,
+ sizeof buf - buf_len);
buf_len = strlen(buf);
}
- sprintf(buf + buf_len, "\"\n");
+ BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
BIO_puts(l->bio,buf);
diff --git a/crypto/openssl/crypto/objects/Makefile.ssl b/crypto/openssl/crypto/objects/Makefile.ssl
index 1f5d213495b9..3e7a194cf990 100644
--- a/crypto/openssl/crypto/objects/Makefile.ssl
+++ b/crypto/openssl/crypto/objects/Makefile.ssl
@@ -55,7 +55,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c
index 5d983e3ed472..4534dc09856e 100644
--- a/crypto/openssl/crypto/objects/obj_dat.c
+++ b/crypto/openssl/crypto/objects/obj_dat.c
@@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
if (i > 2) i=2;
l-=(long)(i*40);
- sprintf(tbuf,"%d.%lu",i,l);
+ BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
i=strlen(tbuf);
BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
@@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
for (; idx<len; idx++) {
l|=p[idx]&0x7f;
if (!(p[idx] & 0x80)) {
- sprintf(tbuf,".%lu",l);
+ BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
i=strlen(tbuf);
if (buf_len > 0)
BUF_strlcpy(buf,tbuf,buf_len);
diff --git a/crypto/openssl/crypto/objects/obj_dat.pl b/crypto/openssl/crypto/objects/obj_dat.pl
index 5dfb84ea0045..d0371661f973 100644
--- a/crypto/openssl/crypto/objects/obj_dat.pl
+++ b/crypto/openssl/crypto/objects/obj_dat.pl
@@ -1,5 +1,9 @@
#!/usr/local/bin/perl
+# fixes bug in floating point emulation on sparc64 when
+# this script produces off-by-one output on sparc64
+use integer;
+
sub obj_cmp
{
local(@a,@b,$_,$r);
diff --git a/crypto/openssl/crypto/ocsp/Makefile.ssl b/crypto/openssl/crypto/ocsp/Makefile.ssl
index 8d5a85a55cae..02477be53868 100644
--- a/crypto/openssl/crypto/ocsp/Makefile.ssl
+++ b/crypto/openssl/crypto/ocsp/Makefile.ssl
@@ -50,7 +50,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile ;
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ext.c b/crypto/openssl/crypto/ocsp/ocsp_ext.c
index d6c8899f58e0..57399433fc42 100755
--- a/crypto/openssl/crypto/ocsp/ocsp_ext.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_ext.c
@@ -305,6 +305,8 @@ err:
/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
* a random nonce will be generated.
+ * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
+ * nonce, previous versions used the raw nonce.
*/
static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
@@ -313,20 +315,28 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
ASN1_OCTET_STRING os;
int ret = 0;
if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
- if (val) tmpval = val;
+ /* Create the OCTET STRING manually by writing out the header and
+ * appending the content octets. This avoids an extra memory allocation
+ * operation in some cases. Applications should *NOT* do this because
+ * it relies on library internals.
+ */
+ os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+ os.data = OPENSSL_malloc(os.length);
+ if (os.data == NULL)
+ goto err;
+ tmpval = os.data;
+ ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+ if (val)
+ memcpy(tmpval, val, len);
else
- {
- if (!(tmpval = OPENSSL_malloc(len))) goto err;
RAND_pseudo_bytes(tmpval, len);
- }
- os.data = tmpval;
- os.length = len;
if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE))
goto err;
ret = 1;
err:
- if(!val) OPENSSL_free(tmpval);
+ if (os.data)
+ OPENSSL_free(os.data);
return ret;
}
diff --git a/crypto/openssl/crypto/ocsp/ocsp_lib.c b/crypto/openssl/crypto/ocsp/ocsp_lib.c
index 3875af165c71..9e87fc78957e 100755
--- a/crypto/openssl/crypto/ocsp/ocsp_lib.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_lib.c
@@ -253,6 +253,7 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
err:
+ if (buf) OPENSSL_free(buf);
if (*ppath) OPENSSL_free(*ppath);
if (*pport) OPENSSL_free(*pport);
if (*phost) OPENSSL_free(*phost);
diff --git a/crypto/openssl/crypto/ocsp/ocsp_vfy.c b/crypto/openssl/crypto/ocsp/ocsp_vfy.c
index 1f5fda7ca310..3d58dfb06cf3 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_vfy.c
@@ -3,7 +3,7 @@
* project 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -272,7 +272,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
for (i = 1; i < idcount; i++)
{
- tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
/* Check to see if IDs match */
if (OCSP_id_issuer_cmp(cid, tmpid))
{
@@ -330,7 +330,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
OCSP_CERTID *tmpid;
for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
{
- tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
ret = ocsp_match_issuerid(cert, tmpid, NULL);
if (ret <= 0) return ret;
}
diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/openssl/crypto/opensslconf.h
index fe6ff88bdc6a..492041bc7cb5 100644
--- a/crypto/openssl/crypto/opensslconf.h
+++ b/crypto/openssl/crypto/opensslconf.h
@@ -2,9 +2,6 @@
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_SYSNAME_WIN16
-# define OPENSSL_SYSNAME_WIN16
-#endif
#ifndef OPENSSL_DOING_MAKEDEPEND
#ifndef OPENSSL_NO_KRB5
@@ -44,7 +41,7 @@
#endif
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned char
+#define MD2_INT unsigned int
#endif
#if defined(HEADER_RC2_H) && !defined(RC2_INT)
@@ -101,7 +98,7 @@
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
* speedup on x86 */
-#define RC4_INDEX
+#undef RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
@@ -115,7 +112,7 @@
/* the following is tweaked from a config script, that is why it is a
* protected undef/define */
#ifndef DES_PTR
-#define DES_PTR
+#undef DES_PTR
#endif
/* This helps C compiler generate the correct code for multiple functional
@@ -136,7 +133,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
* Very mucy CPU dependant */
#ifndef DES_UNROLL
-#define DES_UNROLL
+#undef DES_UNROLL
#endif
/* These default values were supplied by
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index e226d9de7969..02f1710fb3f6 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090703fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
+#define OPENSSL_VERSION_NUMBER 0x0090704fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d 17 Mar 2004"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/pem/Makefile.ssl b/crypto/openssl/crypto/pem/Makefile.ssl
index 90eda931f73a..d3043eb4013f 100644
--- a/crypto/openssl/crypto/pem/Makefile.ssl
+++ b/crypto/openssl/crypto/pem/Makefile.ssl
@@ -50,7 +50,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links: $(EXHEADER)
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c
index 70b5446797e9..7785039b993c 100644
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
else
str="BAD-TYPE";
- strcat(buf,"Proc-Type: 4,");
- strcat(buf,str);
- strcat(buf,"\n");
+ BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
+ BUF_strlcat(buf,str,PEM_BUFSIZE);
+ BUF_strlcat(buf,"\n",PEM_BUFSIZE);
}
void PEM_dek_info(char *buf, const char *type, int len, char *str)
@@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
long i;
int j;
- strcat(buf,"DEK-Info: ");
- strcat(buf,type);
- strcat(buf,",");
+ BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
+ BUF_strlcat(buf,type,PEM_BUFSIZE);
+ BUF_strlcat(buf,",",PEM_BUFSIZE);
j=strlen(buf);
+ if (j + (len * 2) + 1 > PEM_BUFSIZE)
+ return;
for (i=0; i<len; i++)
{
buf[j+i*2] =map[(str[i]>>4)&0x0f];
@@ -533,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
long len)
{
int nlen,n,i,j,outl;
- unsigned char *buf;
+ unsigned char *buf = NULL;
EVP_ENCODE_CTX ctx;
int reason=ERR_R_BUF_LIB;
@@ -553,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
goto err;
}
- buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
+ buf = OPENSSL_malloc(PEM_BUFSIZE*8);
if (buf == NULL)
{
reason=ERR_R_MALLOC_FAILURE;
@@ -574,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
EVP_EncodeFinal(&ctx,buf,&outl);
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
OPENSSL_free(buf);
+ buf = NULL;
if ( (BIO_write(bp,"-----END ",9) != 9) ||
(BIO_write(bp,name,nlen) != nlen) ||
(BIO_write(bp,"-----\n",6) != 6))
goto err;
return(i+outl);
err:
+ if (buf)
+ OPENSSL_free(buf);
PEMerr(PEM_F_PEM_WRITE_BIO,reason);
return(0);
}
diff --git a/crypto/openssl/crypto/pem/pem_pkey.c b/crypto/openssl/crypto/pem/pem_pkey.c
index d96ecf694067..f77c949e87b3 100644
--- a/crypto/openssl/crypto/pem/pem_pkey.c
+++ b/crypto/openssl/crypto/pem/pem_pkey.c
@@ -87,6 +87,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
if(!p8inf) goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
+ if(x) {
+ if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+ *x = ret;
+ }
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
diff --git a/crypto/openssl/crypto/pkcs12/Makefile.ssl b/crypto/openssl/crypto/pkcs12/Makefile.ssl
index b4c564262cb3..a6e47b40855b 100644
--- a/crypto/openssl/crypto/pkcs12/Makefile.ssl
+++ b/crypto/openssl/crypto/pkcs12/Makefile.ssl
@@ -53,7 +53,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/pkcs7/Makefile.ssl b/crypto/openssl/crypto/pkcs7/Makefile.ssl
index 69cddb04b8b3..c3bfc7d560e9 100644
--- a/crypto/openssl/crypto/pkcs7/Makefile.ssl
+++ b/crypto/openssl/crypto/pkcs7/Makefile.ssl
@@ -68,7 +68,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c
index 190ca0e9bf57..35c7dcd0b3e7 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c
@@ -91,17 +91,19 @@ static int PKCS7_type_is_other(PKCS7* p7)
}
-static int PKCS7_type_is_octet_string(PKCS7* p7)
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
{
- if ( 0==PKCS7_type_is_other(p7) )
- return 0;
-
- return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
+ if ( PKCS7_type_is_data(p7))
+ return p7->d.data;
+ if ( PKCS7_type_is_other(p7) && p7->d.other
+ && (p7->d.other->type == V_ASN1_OCTET_STRING))
+ return p7->d.other->value.octet_string;
+ return NULL;
}
BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
{
- int i,j;
+ int i;
BIO *out=NULL,*btmp=NULL;
X509_ALGOR *xa;
const EVP_MD *evp_md;
@@ -159,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
goto err;
}
- j=OBJ_obj2nid(xa->algorithm);
- evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+ evp_md=EVP_get_digestbyobj(xa->algorithm);
if (evp_md == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -250,29 +251,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
btmp=NULL;
}
- if (bio == NULL) {
+ if (bio == NULL)
+ {
if (PKCS7_is_detached(p7))
bio=BIO_new(BIO_s_null());
- else {
- if (PKCS7_type_is_signed(p7) ) {
- if ( PKCS7_type_is_data(p7->d.sign->contents)) {
- ASN1_OCTET_STRING *os;
- os=p7->d.sign->contents->d.data;
- if (os->length > 0)
- bio = BIO_new_mem_buf(os->data, os->length);
- }
- else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
- ASN1_OCTET_STRING *os;
- os=p7->d.sign->contents->d.other->value.octet_string;
- if (os->length > 0)
- bio = BIO_new_mem_buf(os->data, os->length);
- }
- }
- if(bio == NULL) {
+ else
+ {
+ ASN1_OCTET_STRING *os;
+ os = PKCS7_get_octet_string(p7->d.sign->contents);
+ if (os && os->length > 0)
+ bio = BIO_new_mem_buf(os->data, os->length);
+ if(bio == NULL)
+ {
bio=BIO_new(BIO_s_mem());
BIO_set_mem_eof_return(bio,0);
+ }
}
- }
}
BIO_push(out,bio);
bio=NULL;
@@ -311,7 +305,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
switch (i)
{
case NID_pkcs7_signed:
- data_body=p7->d.sign->contents->d.data;
+ data_body=PKCS7_get_octet_string(p7->d.sign->contents);
md_sk=p7->d.sign->md_algs;
break;
case NID_pkcs7_signedAndEnveloped:
@@ -319,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
md_sk=p7->d.signed_and_enveloped->md_algs;
data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
- evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+ evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -331,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
rsk=p7->d.enveloped->recipientinfo;
enc_alg=p7->d.enveloped->enc_data->algorithm;
data_body=p7->d.enveloped->enc_data->enc_data;
- evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+ evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -357,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}
j=OBJ_obj2nid(xa->algorithm);
- evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+ evp_md=EVP_get_digestbynid(j);
if (evp_md == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -531,9 +525,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_signed:
si_sk=p7->d.sign->signer_info;
- os=p7->d.sign->contents->d.data;
+ os=PKCS7_get_octet_string(p7->d.sign->contents);
/* If detached data then the content is excluded */
- if(p7->detached) {
+ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
p7->d.sign->contents->d.data = NULL;
}
diff --git a/crypto/openssl/crypto/rand/Makefile.ssl b/crypto/openssl/crypto/rand/Makefile.ssl
index b25421e3ab45..e5cbe5319c3c 100644
--- a/crypto/openssl/crypto/rand/Makefile.ssl
+++ b/crypto/openssl/crypto/rand/Makefile.ssl
@@ -49,7 +49,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -101,7 +101,8 @@ md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
md_rand.o: md_rand.c rand_lcl.h
-rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
+rand_egd.o: ../../include/openssl/opensslconf.h
rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
rand_egd.o: rand_egd.c
rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
@@ -186,8 +187,9 @@ rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
-randfile.o: ../../e_os.h ../../include/openssl/crypto.h
-randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+randfile.o: ../../e_os.h ../../include/openssl/buffer.h
+randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h
randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/crypto/openssl/crypto/rand/rand_egd.c b/crypto/openssl/crypto/rand/rand_egd.c
index 1f168221e3c9..6f742900a0a2 100644
--- a/crypto/openssl/crypto/rand/rand_egd.c
+++ b/crypto/openssl/crypto/rand/rand_egd.c
@@ -56,6 +56,7 @@
#include <openssl/e_os2.h>
#include <openssl/rand.h>
+#include <openssl/buffer.h>
/*
* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
@@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
addr.sun_family = AF_UNIX;
if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
- strcpy(addr.sun_path,path);
+ BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) return (-1);
diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c
index a776e522431b..0599719dd1d0 100644
--- a/crypto/openssl/crypto/rand/rand_unix.c
+++ b/crypto/openssl/crypto/rand/rand_unix.c
@@ -124,6 +124,24 @@
#include <unistd.h>
#include <time.h>
+#ifdef __OpenBSD__
+int RAND_poll(void)
+{
+ u_int32_t rnd = 0, i;
+ unsigned char buf[ENTROPY_NEEDED];
+
+ for (i = 0; i < sizeof(buf); i++) {
+ if (i % 4 == 0)
+ rnd = arc4random();
+ buf[i] = rnd;
+ rnd >>= 8;
+ }
+ RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+ memset(buf, 0, sizeof(buf));
+
+ return 1;
+}
+#else
int RAND_poll(void)
{
unsigned long l;
@@ -236,6 +254,7 @@ int RAND_poll(void)
}
#endif
+#endif
#if defined(OPENSSL_SYS_VXWORKS)
int RAND_poll(void)
diff --git a/crypto/openssl/crypto/rand/rand_win.c b/crypto/openssl/crypto/rand/rand_win.c
index 263068d25699..3584842224c0 100644
--- a/crypto/openssl/crypto/rand/rand_win.c
+++ b/crypto/openssl/crypto/rand/rand_win.c
@@ -646,7 +646,7 @@ static void readtimer(void)
* Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
*
* Code adapted from
- * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
+ * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
* the original copyright message is:
*
* (C) Copyright Microsoft Corp. 1993. All rights reserved.
diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c
index 41574768ab76..f5d0843d139d 100644
--- a/crypto/openssl/crypto/rand/randfile.c
+++ b/crypto/openssl/crypto/rand/randfile.c
@@ -56,6 +56,9 @@
* [including the GNU Public Licence.]
*/
+/* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#define _XOPEN_SOURCE 1
+
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@@ -64,6 +67,7 @@
#include "e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
+#include <openssl/buffer.h>
#ifdef OPENSSL_SYS_VMS
#include <unixio.h>
@@ -106,6 +110,16 @@ int RAND_load_file(const char *file, long bytes)
in=fopen(file,"rb");
if (in == NULL) goto err;
+#if defined(S_IFBLK) && defined(S_IFCHR)
+ if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+ /* this file is a device. we don't want read an infinite number
+ * of bytes from a random device, nor do we want to use buffered
+ * I/O because we will waste system entropy.
+ */
+ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+ setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+ }
+#endif
for (;;)
{
if (bytes > 0)
@@ -135,7 +149,22 @@ int RAND_write_file(const char *file)
int i,ret=0,rand_err=0;
FILE *out = NULL;
int n;
+ struct stat sb;
+ i=stat(file,&sb);
+ if (i != -1) {
+#if defined(S_IFBLK) && defined(S_IFCHR)
+ if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+ /* this file is a device. we don't write back to it.
+ * we "succeed" on the assumption this is some sort
+ * of random device. Otherwise attempting to write to
+ * and chmod the device causes problems.
+ */
+ return(1);
+ }
+#endif
+ }
+
#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
/* For some reason Win32 can't write to files created this way */
@@ -197,16 +226,17 @@ err:
const char *RAND_file_name(char *buf, size_t size)
{
char *s=NULL;
- char *ret=NULL;
+ int ok = 0;
+#ifdef __OpenBSD__
+ struct stat sb;
+#endif
if (OPENSSL_issetugid() == 0)
s=getenv("RANDFILE");
- if (s != NULL)
+ if (s != NULL && *s && strlen(s) + 1 < size)
{
- if(strlen(s) >= size)
+ if (BUF_strlcpy(buf,s,size) >= size)
return NULL;
- strcpy(buf,s);
- ret=buf;
}
else
{
@@ -218,17 +248,36 @@ const char *RAND_file_name(char *buf, size_t size)
s = DEFAULT_HOME;
}
#endif
- if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+ if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
{
- strcpy(buf,s);
+ BUF_strlcpy(buf,s,size);
#ifndef OPENSSL_SYS_VMS
- strcat(buf,"/");
+ BUF_strlcat(buf,"/",size);
#endif
- strcat(buf,RFILE);
- ret=buf;
+ BUF_strlcat(buf,RFILE,size);
+ ok = 1;
}
else
buf[0] = '\0'; /* no file name */
}
- return(ret);
+
+#ifdef __OpenBSD__
+ /* given that all random loads just fail if the file can't be
+ * seen on a stat, we stat the file we're returning, if it
+ * fails, use /dev/arandom instead. this allows the user to
+ * use their own source for good random data, but defaults
+ * to something hopefully decent if that isn't available.
+ */
+
+ if (!ok)
+ if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+ return(NULL);
+ }
+ if (stat(buf,&sb) == -1)
+ if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+ return(NULL);
+ }
+
+#endif
+ return(buf);
}
diff --git a/crypto/openssl/crypto/rc2/Makefile.ssl b/crypto/openssl/crypto/rc2/Makefile.ssl
index aa73dea5b601..98d5960d5d6c 100644
--- a/crypto/openssl/crypto/rc2/Makefile.ssl
+++ b/crypto/openssl/crypto/rc2/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/rc4/Makefile.ssl b/crypto/openssl/crypto/rc4/Makefile.ssl
index b210b42f8f4b..3e602662be2b 100644
--- a/crypto/openssl/crypto/rc4/Makefile.ssl
+++ b/crypto/openssl/crypto/rc4/Makefile.ssl
@@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o
#RC4_ENC=asm/rx86bdsi.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=rc4test.c
@@ -70,7 +71,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/rc5/Makefile.ssl b/crypto/openssl/crypto/rc5/Makefile.ssl
index 3ad665594686..3f9632f8f753 100644
--- a/crypto/openssl/crypto/rc5/Makefile.ssl
+++ b/crypto/openssl/crypto/rc5/Makefile.ssl
@@ -22,6 +22,7 @@ RC5_ENC= rc5_enc.o
#DES_ENC= r586-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=rc5test.c
@@ -67,7 +68,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/ripemd/Makefile.ssl b/crypto/openssl/crypto/ripemd/Makefile.ssl
index 3583dfdcaf32..f22ac790aed3 100644
--- a/crypto/openssl/crypto/ripemd/Makefile.ssl
+++ b/crypto/openssl/crypto/ripemd/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
RIP_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=rmdtest.c
@@ -65,7 +66,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/rsa/Makefile.ssl b/crypto/openssl/crypto/rsa/Makefile.ssl
index ce3f818e5b62..8089344a046f 100644
--- a/crypto/openssl/crypto/rsa/Makefile.ssl
+++ b/crypto/openssl/crypto/rsa/Makefile.ssl
@@ -51,7 +51,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/sha/Makefile.ssl b/crypto/openssl/crypto/sha/Makefile.ssl
index 864645c8b547..4ba201c787de 100644
--- a/crypto/openssl/crypto/sha/Makefile.ssl
+++ b/crypto/openssl/crypto/sha/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
SHA1_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=shatest.c sha1test.c
@@ -65,7 +66,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/openssl/crypto/sha/asm/sha1-586.pl
index fe51fd079457..e00f70955384 100644
--- a/crypto/openssl/crypto/sha/asm/sha1-586.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-586.pl
@@ -1,5 +1,30 @@
#!/usr/local/bin/perl
+# It was noted that Intel IA-32 C compiler generates code which
+# performs ~30% *faster* on P4 CPU than original *hand-coded*
+# SHA1 assembler implementation. To address this problem (and
+# prove that humans are still better than machines:-), the
+# original code was overhauled, which resulted in following
+# performance changes:
+#
+# compared with original compared with Intel cc
+# assembler impl. generated code
+# Pentium -25% +37%
+# PIII/AMD +8% +16%
+# P4 +85%(!) +45%
+#
+# As you can see Pentium came out as looser:-( Yet I reckoned that
+# improvement on P4 outweights the loss and incorporate this
+# re-tuned code to 0.9.7 and later.
+# ----------------------------------------------------------------
+# Those who for any particular reason absolutely must score on
+# Pentium can replace this module with one from 0.9.6 distribution.
+# This "offer" shall be revoked the moment programming interface to
+# this module is changed, in which case this paragraph should be
+# removed.
+# ----------------------------------------------------------------
+# <appro@fy.chalmers.se>
+
$normal=0;
push(@INC,"perlasm","../../perlasm");
@@ -77,54 +102,21 @@ sub BODY_00_15
{
local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
-return if $n & 1;
&comment("00_15 $n");
- &mov($f,$c);
-
- &mov($tmp1,$a);
- &xor($f,$d); # F2
-
- &rotl($tmp1,5); # A2
-
- &and($f,$b); # F3
- &add($tmp1,$e);
-
- &rotr($b,1); # B1 <- F
- &mov($e,&swtmp($n)); # G1
-
- &rotr($b,1); # B1 <- F
- &xor($f,$d); # F4
-
- &lea($tmp1,&DWP($K,$tmp1,$e,1));
-
-############################
-# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
-# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
-$n++;
- local($n0,$n1,$n2,$n3,$np)=&Na($n);
- ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
-
- &mov($f,$c);
-
- &add($a,$tmp1); # MOVED DOWN
- &xor($f,$d); # F2
-
&mov($tmp1,$a);
- &and($f,$b); # F3
-
- &rotl($tmp1,5); # A2
-
- &add($tmp1,$e);
- &mov($e,&swtmp($n)); # G1
-
- &rotr($b,1); # B1 <- F
- &xor($f,$d); # F4
-
- &rotr($b,1); # B1 <- F
- &lea($tmp1,&DWP($K,$tmp1,$e,1));
-
- &add($f,$tmp1);
+ &mov($f,$c); # f to hold F_00_19(b,c,d)
+ &rotl($tmp1,5); # tmp1=ROTATE(a,5)
+ &xor($f,$d);
+ &and($f,$b);
+ &rotr($b,2); # b=ROTATE(b,30)
+ &add($tmp1,$e); # tmp1+=e;
+ &mov($e,&swtmp($n)); # e becomes volatile and
+ # is loaded with xi
+ &xor($f,$d); # f holds F_00_19(b,c,d)
+ &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
+
+ &add($f,$tmp1); # f+=tmp1
}
sub BODY_16_19
@@ -132,66 +124,24 @@ sub BODY_16_19
local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
local($n0,$n1,$n2,$n3,$np)=&Na($n);
-return if $n & 1;
&comment("16_19 $n");
- &nop() if ($pos < 0);
-&mov($tmp1,&swtmp($n0)); # X1
- &mov($f,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&xor($f,$tmp1); # X7 - slot
- &mov($tmp1,$c); # F1
-&rotl($f,1); # X8 - slot
- &xor($tmp1,$d); # F2
-&mov(&swtmp($n0),$f); # X9 - anytime
- &and($tmp1,$b); # F3
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &xor($tmp1,$d); # F4
-&mov($e,$a); # A1
- &add($f,$tmp1); # tot+=F();
-
-&rotl($e,5); # A2
-
-&rotr($b,1); # B1 <- F
- &add($f,$e); # tot+=a
-
-############################
-# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
-# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
-$n++;
- local($n0,$n1,$n2,$n3,$np)=&Na($n);
- ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
-
-
-&mov($f,&swtmp($n0)); # X1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN
- &xor($f,$tmp1); # X7 - slot
-&rotl($f,1); # X8 - slot
- &mov($tmp1,$c); # F1
-&xor($tmp1,$d); # F2
- &mov(&swtmp($n0),$f); # X9 - anytime
-&and($tmp1,$b); # F3
- &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
-
-&xor($tmp1,$d); # F4
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-&rotr($b,1); # B1 <- F
- &add($f,$e); # tot+=a
-
-&rotr($b,1); # B1 <- F
- &add($f,$tmp1); # tot+=F();
-
+ &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd)
+ &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d)
+ &xor($f,&swtmp($n0));
+ &xor($tmp1,$d);
+ &xor($f,&swtmp($n2));
+ &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d)
+ &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
+ &rotr($b,2); # b=ROTATE(b,30)
+ &xor($tmp1,$d); # tmp1=F_00_19(b,c,d)
+ &rotl($f,1); # f=ROATE(f,1)
+ &mov(&swtmp($n0),$f); # xi=f
+ &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e
+ &mov($e,$a); # e becomes volatile
+ &add($f,$tmp1); # f+=F_00_19(b,c,d)
+ &rotl($e,5); # e=ROTATE(a,5)
+ &add($f,$e); # f+=ROTATE(a,5)
}
sub BODY_20_39
@@ -201,42 +151,21 @@ sub BODY_20_39
&comment("20_39 $n");
local($n0,$n1,$n2,$n3,$np)=&Na($n);
-&mov($f,&swtmp($n0)); # X1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&xor($f,$tmp1); # X7 - slot
- &mov($tmp1,$b); # F1
-&rotl($f,1); # X8 - slot
- &xor($tmp1,$c); # F2
-&mov(&swtmp($n0),$f); # X9 - anytime
- &xor($tmp1,$d); # F3
-
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-if ($n != 79) # last loop
- {
- &rotr($b,1); # B1 <- F
- &add($e,$tmp1); # tmp1=F()+a
-
- &rotr($b,1); # B2 <- F
- &add($f,$e); # tot+=tmp1;
- }
-else
- {
- &add($e,$tmp1); # tmp1=F()+a
- &mov($tmp1,&wparam(0));
-
- &rotr($b,1); # B1 <- F
- &add($f,$e); # tot+=tmp1;
-
- &rotr($b,1); # B2 <- F
- }
+ &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
+ &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d)
+ &xor($f,&swtmp($n1));
+ &rotr($b,2); # b=ROTATE(b,30)
+ &xor($f,&swtmp($n2));
+ &xor($tmp1,$c);
+ &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
+ &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d)
+ &rotl($f,1); # f=ROTATE(f,1)
+ &mov(&swtmp($n0),$f); # xi=f
+ &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e
+ &mov($e,$a); # e becomes volatile
+ &rotl($e,5); # e=ROTATE(a,5)
+ &add($f,$tmp1); # f+=F_20_39(b,c,d)
+ &add($f,$e); # f+=ROTATE(a,5)
}
sub BODY_40_59
@@ -244,70 +173,27 @@ sub BODY_40_59
local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
&comment("40_59 $n");
- return if $n & 1;
local($n0,$n1,$n2,$n3,$np)=&Na($n);
-&mov($f,&swtmp($n0)); # X1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&xor($f,$tmp1); # X7 - slot
- &mov($tmp1,$b); # F1
-&rotl($f,1); # X8 - slot
- &or($tmp1,$c); # F2
-&mov(&swtmp($n0),$f); # X9 - anytime
- &and($tmp1,$d); # F3
-
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &mov($e,$b); # F4
-
-&rotr($b,1); # B1 <- F
- &and($e,$c); # F5
-
-&or($tmp1,$e); # F6
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-&add($tmp1,$e); # tmp1=F()+a
-
-############################
-# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
-# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
-$n++;
- local($n0,$n1,$n2,$n3,$np)=&Na($n);
- ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
-
- &mov($f,&swtmp($n0)); # X1
-&add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&rotr($c,1); # B2 <- F # moved was rotr b,1
- &xor($f,$tmp1); # X7 - slot
-&rotl($f,1); # X8 - slot
- &mov($tmp1,$b); # F1
-&mov(&swtmp($n0),$f); # X9 - anytime
- &or($tmp1,$c); # F2
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &mov($e,$b); # F4
-&and($tmp1,$d); # F3
- &and($e,$c); # F5
-
-&or($tmp1,$e); # F6
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-&rotr($b,1); # B1 <- F
- &add($tmp1,$e); # tmp1=F()+a
-
-&rotr($b,1); # B2 <- F
- &add($f,$tmp1); # tot+=tmp1;
+ &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
+ &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d)
+ &xor($f,&swtmp($n1));
+ &or($tmp1,$c);
+ &xor($f,&swtmp($n2));
+ &and($tmp1,$d);
+ &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
+ &rotl($f,1); # f=ROTATE(f,1)
+ &mov(&swtmp($n0),$f); # xi=f
+ &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e
+ &mov($e,$b); # e becomes volatile and is used
+ # to calculate F_40_59(b,c,d)
+ &rotr($b,2); # b=ROTATE(b,30)
+ &and($e,$c);
+ &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d)
+ &mov($e,$a);
+ &rotl($e,5); # e=ROTATE(a,5)
+ &add($tmp1,$e); # tmp1+=ROTATE(a,5)
+ &add($f,$tmp1); # f+=tmp1;
}
sub BODY_60_79
@@ -495,8 +381,7 @@ sub sha1_block_data
# C -> E
# D -> T
- # The last 2 have been moved into the last loop
- # &mov($tmp1,&wparam(0));
+ &mov($tmp1,&wparam(0));
&mov($D, &DWP(12,$tmp1,"",0));
&add($D,$B);
diff --git a/crypto/openssl/crypto/stack/Makefile.ssl b/crypto/openssl/crypto/stack/Makefile.ssl
index e4acfe6aba22..7120fb804a07 100644
--- a/crypto/openssl/crypto/stack/Makefile.ssl
+++ b/crypto/openssl/crypto/stack/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/openssl/crypto/threads/mttest.c
index 54d598565d53..7588966cb219 100644
--- a/crypto/openssl/crypto/threads/mttest.c
+++ b/crypto/openssl/crypto/threads/mttest.c
@@ -243,7 +243,8 @@ bad:
goto end;
}
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+ if (cipher == NULL && OPENSSL_issetugid() == 0)
+ cipher=getenv("SSL_CIPHER");
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
diff --git a/crypto/openssl/crypto/txt_db/Makefile.ssl b/crypto/openssl/crypto/txt_db/Makefile.ssl
index 313f75313b78..6221dfae4d10 100644
--- a/crypto/openssl/crypto/txt_db/Makefile.ssl
+++ b/crypto/openssl/crypto/txt_db/Makefile.ssl
@@ -47,7 +47,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/ui/Makefile.ssl b/crypto/openssl/crypto/ui/Makefile.ssl
index 90ae7d4a4a24..ba46951d1c39 100644
--- a/crypto/openssl/crypto/ui/Makefile.ssl
+++ b/crypto/openssl/crypto/ui/Makefile.ssl
@@ -51,7 +51,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/ui/ui_lib.c b/crypto/openssl/crypto/ui/ui_lib.c
index 13e5f20dcb2a..dbc9711a2def 100644
--- a/crypto/openssl/crypto/ui/ui_lib.c
+++ b/crypto/openssl/crypto/ui/ui_lib.c
@@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
len += sizeof(prompt3) - 1;
prompt = (char *)OPENSSL_malloc(len + 1);
- strcpy(prompt, prompt1);
- strcat(prompt, object_desc);
+ BUF_strlcpy(prompt, prompt1, len + 1);
+ BUF_strlcat(prompt, object_desc, len + 1);
if (object_name)
{
- strcat(prompt, prompt2);
- strcat(prompt, object_name);
+ BUF_strlcat(prompt, prompt2, len + 1);
+ BUF_strlcat(prompt, object_name, len + 1);
}
- strcat(prompt, prompt3);
+ BUF_strlcat(prompt, prompt3, len + 1);
}
return prompt;
}
@@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
return -1;
}
- strcpy(uis->result_buf, result);
+ BUF_strlcpy(uis->result_buf, result,
+ uis->_.string_data.result_maxsize + 1);
break;
case UIT_BOOLEAN:
{
diff --git a/crypto/openssl/crypto/x509/Makefile.ssl b/crypto/openssl/crypto/x509/Makefile.ssl
index 6a5a87969190..3a3452536c5a 100644
--- a/crypto/openssl/crypto/x509/Makefile.ssl
+++ b/crypto/openssl/crypto/x509/Makefile.ssl
@@ -57,7 +57,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c
index 448bd7e69cca..6207340472e4 100644
--- a/crypto/openssl/crypto/x509/by_dir.c
+++ b/crypto/openssl/crypto/x509/by_dir.c
@@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
k=0;
for (;;)
{
- sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h,
- postfix,k);
+ char c = '/';
+#ifdef OPENSSL_SYS_VMS
+ c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
+ if (c != ':' && c != '>' && c != ']')
+ {
+ /* If no separator is present, we assume the
+ directory specifier is a logical name, and
+ add a colon. We really should use better
+ VMS routines for merging things like this,
+ but this will do for now...
+ -- Richard Levitte */
+ c = ':';
+ }
+ else
+ {
+ c = '\0';
+ }
+#endif
+ if (c == '\0')
+ {
+ /* This is special. When c == '\0', no
+ directory separator should be added. */
+ BIO_snprintf(b->data,b->max,
+ "%s%08lx.%s%d",ctx->dirs[i],h,
+ postfix,k);
+ }
+ else
+ {
+ BIO_snprintf(b->data,b->max,
+ "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
+ postfix,k);
+ }
k++;
if (stat(b->data,&st) < 0)
break;
diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/openssl/crypto/x509/x509.h
index eaad5685a8f8..8d0c7e2e1792 100644
--- a/crypto/openssl/crypto/x509/x509.h
+++ b/crypto/openssl/crypto/x509/x509.h
@@ -810,10 +810,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-#ifndef OPENSSL_NO_RSA
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-#endif
#endif /* !SSLEAY_MACROS */
diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/openssl/crypto/x509/x509_txt.c
index 4f83db8ba2f5..e31ebc6741a0 100644
--- a/crypto/openssl/crypto/x509/x509_txt.c
+++ b/crypto/openssl/crypto/x509/x509_txt.c
@@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n)
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
return("unhandled critical extension");
+ case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+ return("key usage does not include CRL signing");
+
+ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+ return("unhandled critical CRL extension");
+
default:
- sprintf(buf,"error number %ld",n);
+ BIO_snprintf(buf,sizeof buf,"error number %ld",n);
return(buf);
}
}
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 2bb21b443ec0..2e4d0b823abe 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
/* Check all untrusted certificates */
for (i = 0; i < ctx->last_untrusted; i++)
{
+ int ret;
x = sk_X509_value(ctx->chain, i);
if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
&& (x->ex_flags & EXFLAG_CRITICAL))
@@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
ok=cb(0,ctx);
if (!ok) goto end;
}
- if (!X509_check_purpose(x, ctx->purpose, i))
+ ret = X509_check_purpose(x, ctx->purpose, i);
+ if ((ret == 0)
+ || ((ctx->flags & X509_V_FLAG_X509_STRICT)
+ && (ret != 1)))
{
if (i)
ctx->error = X509_V_ERR_INVALID_CA;
@@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
if(issuer)
{
+ /* Check for cRLSign bit if keyUsage present */
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+ !(issuer->ex_kusage & KU_CRL_SIGN))
+ {
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+ ok = ctx->verify_cb(0, ctx);
+ if(!ok) goto err;
+ }
/* Attempt to get issuer certificate public key */
ikey = X509_get_pubkey(issuer);
@@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
{
int idx, ok;
X509_REVOKED rtmp;
+ STACK_OF(X509_EXTENSION) *exts;
+ X509_EXTENSION *ext;
/* Look for serial number of certificate in CRL */
rtmp.serialNumber = X509_get_serialNumber(x);
idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
- /* Not found: OK */
- if(idx == -1) return 1;
- /* Otherwise revoked: want something cleverer than
+ /* If found assume revoked: want something cleverer than
* this to handle entry extensions in V2 CRLs.
*/
- ctx->error = X509_V_ERR_CERT_REVOKED;
- ok = ctx->verify_cb(0, ctx);
- return ok;
+ if(idx >= 0)
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok) return 0;
+ }
+
+ if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ return 1;
+
+ /* See if we have any critical CRL extensions: since we
+ * currently don't handle any CRL extensions the CRL must be
+ * rejected.
+ * This code accesses the X509_CRL structure directly: applications
+ * shouldn't do this.
+ */
+
+ exts = crl->crl->extensions;
+
+ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
+ {
+ ext = sk_X509_EXTENSION_value(exts, idx);
+ if (ext->critical > 0)
+ {
+ ctx->error =
+ X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+ ok = ctx->verify_cb(0, ctx);
+ if(!ok) return 0;
+ break;
+ }
+ }
+ return 1;
}
static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/openssl/crypto/x509/x509_vfy.h
index f0be21f4525c..198495884cfa 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.h
+++ b/crypto/openssl/crypto/x509/x509_vfy.h
@@ -304,17 +304,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
+#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
+#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
/* Certificate verify flags */
-#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */
-#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
-#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */
-#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */
-#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */
+/* Send issuer+subject checks to verify_cb */
+#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
+/* Use check time instead of current time */
+#define X509_V_FLAG_USE_CHECK_TIME 0x2
+/* Lookup CRLs */
+#define X509_V_FLAG_CRL_CHECK 0x4
+/* Lookup CRLs for whole chain */
+#define X509_V_FLAG_CRL_CHECK_ALL 0x8
+/* Ignore unhandled critical extensions */
+#define X509_V_FLAG_IGNORE_CRITICAL 0x10
+/* Disable workarounds for broken certificates */
+#define X509_V_FLAG_X509_STRICT 0x20
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name);
diff --git a/crypto/openssl/crypto/x509/x509type.c b/crypto/openssl/crypto/x509/x509type.c
index f78c2a6b4380..c25959a74282 100644
--- a/crypto/openssl/crypto/x509/x509type.c
+++ b/crypto/openssl/crypto/x509/x509type.c
@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
break;
}
- if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
+ if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
for, not bytes */
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
diff --git a/crypto/openssl/crypto/x509v3/Makefile.ssl b/crypto/openssl/crypto/x509v3/Makefile.ssl
index 5ca169c37cd6..66df90c34624 100644
--- a/crypto/openssl/crypto/x509v3/Makefile.ssl
+++ b/crypto/openssl/crypto/x509v3/Makefile.ssl
@@ -53,7 +53,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c
index 0e9e7dcb4fda..58b935a3b6b8 100644
--- a/crypto/openssl/crypto/x509v3/v3_alt.c
+++ b/crypto/openssl/crypto/x509v3/v3_alt.c
@@ -137,7 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
X509V3_add_value("IP Address","<invalid>", &ret);
break;
}
- sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+ BIO_snprintf(oline, sizeof oline,
+ "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
X509V3_add_value("IP Address",oline, &ret);
break;
diff --git a/crypto/openssl/crypto/x509v3/v3_crld.c b/crypto/openssl/crypto/x509v3/v3_crld.c
index 894a8b94d802..f90829c574e7 100644
--- a/crypto/openssl/crypto/x509v3/v3_crld.c
+++ b/crypto/openssl/crypto/x509v3/v3_crld.c
@@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = {
IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/crypto/openssl/crypto/x509v3/v3_info.c b/crypto/openssl/crypto/x509v3/v3_info.c
index e269df1373b0..53e3f4885904 100644
--- a/crypto/openssl/crypto/x509v3/v3_info.c
+++ b/crypto/openssl/crypto/x509v3/v3_info.c
@@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
STACK_OF(CONF_VALUE) *ret)
{
ACCESS_DESCRIPTION *desc;
- int i;
+ int i,nlen;
char objtmp[80], *ntmp;
CONF_VALUE *vtmp;
for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
@@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
if(!ret) break;
vtmp = sk_CONF_VALUE_value(ret, i);
i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
- ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+ nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+ ntmp = OPENSSL_malloc(nlen);
if(!ntmp) {
X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
ERR_R_MALLOC_FAILURE);
return NULL;
}
- strcpy(ntmp, objtmp);
- strcat(ntmp, " - ");
- strcat(ntmp, vtmp->name);
+ BUF_strlcpy(ntmp, objtmp, nlen);
+ BUF_strlcat(ntmp, " - ", nlen);
+ BUF_strlcat(ntmp, vtmp->name, nlen);
OPENSSL_free(vtmp->name);
vtmp->name = ntmp;
diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c
index 4d145f71fd03..b3d1ae5d1cc8 100644
--- a/crypto/openssl/crypto/x509v3/v3_purp.c
+++ b/crypto/openssl/crypto/x509v3/v3_purp.c
@@ -3,7 +3,7 @@
* project 2001.
*/
/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
* 1 is a CA
* 2 basicConstraints absent so "maybe" a CA
* 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
*/
#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
@@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
} else {
if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
/* If key usage present it must have certSign so tolerate it */
- else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
+ else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
else return 2;
}
}
diff --git a/crypto/openssl/doc/apps/config.pod b/crypto/openssl/doc/apps/config.pod
index ce874a42ce13..8f823fa6d69d 100644
--- a/crypto/openssl/doc/apps/config.pod
+++ b/crypto/openssl/doc/apps/config.pod
@@ -10,7 +10,8 @@ config - OpenSSL CONF library configuration files
The OpenSSL CONF library can be used to read configuration files.
It is used for the OpenSSL master configuration file B<openssl.cnf>
and in a few other places like B<SPKAC> files and certificate extension
-files for the B<x509> utility.
+files for the B<x509> utility. OpenSSL applications can also use the
+CONF library for their own purposes.
A configuration file is divided into a number of sections. Each section
starts with a line B<[ section_name ]> and ends when a new section is
@@ -51,13 +52,146 @@ or the B<\> character. By making the last character of a line a B<\>
a B<value> string can be spread across multiple lines. In addition
the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
+=head1 OPENSSL LIBRARY CONFIGURATION
+
+In OpenSSL 0.9.7 and later applications can automatically configure certain
+aspects of OpenSSL using the master OpenSSL configuration file, or optionally
+an alternative configuration file. The B<openssl> utility includes this
+functionality: any sub command uses the master OpenSSL configuration file
+unless an option is used in the sub command to use an alternative configuration
+file.
+
+To enable library configuration the default section needs to contain an
+appropriate line which points to the main configuration section. The default
+name is B<openssl_conf> which is used by the B<openssl> utility. Other
+applications may use an alternative name such as B<myapplicaton_conf>.
+
+The configuration section should consist of a set of name value pairs which
+contain specific module configuration information. The B<name> represents
+the name of the I<configuration module> the meaning of the B<value> is
+module specific: it may, for example, represent a further configuration
+section containing configuration module specific information. E.g.
+
+ openssl_conf = openssl_init
+
+ [openssl_init]
+
+ oid_section = new_oids
+ engines = engine_section
+
+ [new_oids]
+
+ ... new oids here ...
+
+ [engine_section]
+
+ ... engine stuff here ...
+
+Currently there are two configuration modules. One for ASN1 objects another
+for ENGINE configuration.
+
+=head2 ASN1 OBJECT CONFIGURATION MODULE
+
+This module has the name B<oid_section>. The value of this variable points
+to a section containing name value pairs of OIDs: the name is the OID short
+and long name, the value is the numerical form of the OID. Although some of
+the B<openssl> utility sub commands already have their own ASN1 OBJECT section
+functionality not all do. By using the ASN1 OBJECT configuration module
+B<all> the B<openssl> utility sub commands can see the new objects as well
+as any compliant applications. For example:
+
+ [new_oids]
+
+ some_new_oid = 1.2.3.4
+ some_other_oid = 1.2.3.5
+
+=head2 ENGINE CONFIGURATION MODULE
+
+This ENGINE configuration module has the name B<engines>. The value of this
+variable points to a section containing further ENGINE configuration
+information.
+
+The section pointed to by B<engines> is a table of engine names (though see
+B<engine_id> below) and further sections containing configuration informations
+specific to each ENGINE.
+
+Each ENGINE specific section is used to set default algorithms, load
+dynamic, perform initialization and send ctrls. The actual operation performed
+depends on the I<command> name which is the name of the name value pair. The
+currently supported commands are listed below.
+
+For example:
+
+ [engine_section]
+
+ # Configure ENGINE named "foo"
+ foo = foo_section
+ # Configure ENGINE named "bar"
+ bar = bar_section
+
+ [foo_section]
+ ... foo ENGINE specific commands ...
+
+ [bar_section]
+ ... "bar" ENGINE specific commands ...
+
+The command B<engine_id> is used to give the ENGINE name. If used this
+command must be first. For example:
+
+ [engine_section]
+ # This would normally handle an ENGINE named "foo"
+ foo = foo_section
+
+ [foo_section]
+ # Override default name and use "myfoo" instead.
+ engine_id = myfoo
+
+The command B<dynamic_path> loads and adds an ENGINE from the given path. It
+is equivalent to sending the ctrls B<SO_PATH> with the path argument followed
+by B<LIST_ADD> with value 2 and B<LOAD> to the dynamic ENGINE. If this is
+not the required behaviour then alternative ctrls can be sent directly
+to the dynamic ENGINE using ctrl commands.
+
+The command B<init> determines whether to initialize the ENGINE. If the value
+is B<0> the ENGINE will not be initialized, if B<1> and attempt it made to
+initialized the ENGINE immediately. If the B<init> command is not present
+then an attempt will be made to initialize the ENGINE after all commands in
+its section have been processed.
+
+The command B<default_algorithms> sets the default algorithms an ENGINE will
+supply using the functions B<ENGINE_set_default_string()>
+
+If the name matches none of the above command names it is assumed to be a
+ctrl command which is sent to the ENGINE. The value of the command is the
+argument to the ctrl command. If the value is the string B<EMPTY> then no
+value is sent to the command.
+
+For example:
+
+
+ [engine_section]
+
+ # Configure ENGINE named "foo"
+ foo = foo_section
+
+ [foo_section]
+ # Load engine from DSO
+ dynamic_path = /some/path/fooengine.so
+ # A foo specific ctrl.
+ some_ctrl = some_value
+ # Another ctrl that doesn't take a value.
+ other_ctrl = EMPTY
+ # Supply all default algorithms
+ default_algorithms = ALL
+
=head1 NOTES
If a configuration file attempts to expand a variable that doesn't exist
then an error is flagged and the file will not load. This can happen
if an attempt is made to expand an environment variable that doesn't
-exist. For example the default OpenSSL master configuration file used
-the value of B<HOME> which may not be defined on non Unix systems.
+exist. For example in a previous version of OpenSSL the default OpenSSL
+master configuration file used the value of B<HOME> which may not be
+defined on non Unix systems and would cause an error.
This can be worked around by including a B<default> section to provide
a default value: then if the environment lookup fails the default value
diff --git a/crypto/openssl/doc/apps/openssl.pod b/crypto/openssl/doc/apps/openssl.pod
index 07dd80eabe56..dc0f49ddca63 100644
--- a/crypto/openssl/doc/apps/openssl.pod
+++ b/crypto/openssl/doc/apps/openssl.pod
@@ -329,7 +329,8 @@ L<passwd(1)|passwd(1)>,
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
-L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
+L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod
index d061326c1fca..8d19079973a4 100644
--- a/crypto/openssl/doc/apps/s_client.pod
+++ b/crypto/openssl/doc/apps/s_client.pod
@@ -8,7 +8,7 @@ s_client - SSL/TLS client program
=head1 SYNOPSIS
B<openssl> B<s_client>
-[B<-connect> host:port>]
+[B<-connect host:port>]
[B<-verify depth>]
[B<-cert filename>]
[B<-key filename>]
@@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page.
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
-B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried
+B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
in case it is a buggy server. In particular you should play with these
options B<before> submitting a bug report to an OpenSSL mailing list.
@@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it
requests a certificate. By using B<s_client> the CA list can be viewed
and checked. However some servers only request client authentication
after a specific URL is requested. To obtain the list in this case it
-is necessary to use the B<-prexit> command and send an HTTP request
+is necessary to use the B<-prexit> option and send an HTTP request
for an appropriate page.
If a certificate is specified on the command line using the B<-cert>
diff --git a/crypto/openssl/doc/apps/s_time.pod b/crypto/openssl/doc/apps/s_time.pod
new file mode 100644
index 000000000000..5a38aa2e0394
--- /dev/null
+++ b/crypto/openssl/doc/apps/s_time.pod
@@ -0,0 +1,173 @@
+
+=pod
+
+=head1 NAME
+
+s_time - SSL/TLS performance timing program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_time>
+[B<-connect host:port>]
+[B<-www page>]
+[B<-cert filename>]
+[B<-key filename>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-reuse>]
+[B<-new>]
+[B<-verify depth>]
+[B<-nbio>]
+[B<-time seconds>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-bugs>]
+[B<-cipher cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<s_client> command implements a generic SSL/TLS client which connects to a
+remote host using SSL/TLS. It can request a page from the server and includes
+the time to transfer the payload data in its timing measurements. It measures
+the number of connections within a given timeframe, the amount of data
+transferred (if any), and calculates the average time spent for one connection.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-connect host:port>
+
+This specifies the host and optional port to connect to.
+
+=item B<-www page>
+
+This specifies the page to GET from the server. A value of '/' gets the
+index.htm[l] page. If this parameter is not specified, then B<s_time> will only
+perform the handshake to establish SSL connections but not transfer any
+payload data.
+
+=item B<-cert certname>
+
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate. The file is in PEM format.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used. The file is in PEM format.
+
+=item B<-verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+
+=item B<-CApath directory>
+
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+
+=item B<-new>
+
+performs the timing test using a new session ID for each connection.
+If neither B<-new> nor B<-reuse> are specified, they are both on by default
+and executed in sequence.
+
+=item B<-reuse>
+
+performs the timing test using the same session ID; this can be used as a test
+that session caching is working. If neither B<-new> nor B<-reuse> are
+specified, they are both on by default and executed in sequence.
+
+=item B<-nbio>
+
+turns on non-blocking I/O.
+
+=item B<-ssl2>, B<-ssl3>
+
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+The timing program is not as rich in options to turn protocols on and off as
+the L<s_client(1)|s_client(1)> program and may not connect to all servers.
+
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if TLS is turned off with the B<-ssl3> option; others
+will only support SSL v2 and may need the B<-ssl2> option.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client.
+See the L<ciphers(1)|ciphers(1)> command for more information.
+
+=item B<-time length>
+
+specifies how long (in seconds) B<s_time> should establish connections and
+optionally transfer payload data from a server. Server and client performance
+and the link speed determine how many connections B<s_time> can establish.
+
+=back
+
+=head1 NOTES
+
+B<s_client> can be used to measure the performance of an SSL connection.
+To connect to an SSL HTTP server and get the default page the command
+
+ openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
+
+would typically be used (https uses port 443). 'commoncipher' is a cipher to
+which both client and server can agree, see the L<ciphers(1)|ciphers(1)> command
+for details.
+
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
+B<-ssl3> options can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using L<s_client(1)|s_client(1)> the CA list can be
+viewed and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> option of L<s_client(1)|s_client(1)> and
+send an HTTP request for an appropriate page.
+
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+
+=head1 BUGS
+
+Because this program does not have all the options of the
+L<s_client(1)|s_client(1)> program to turn protocols on and off, you may not be
+able to measure the performance of all protocols with all servers.
+
+The B<-verify> option should really exit if the server verification
+fails.
+
+=head1 SEE ALSO
+
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/crypto/openssl/doc/apps/smime.pod b/crypto/openssl/doc/apps/smime.pod
index 2453dd2738d1..84b673f791ea 100644
--- a/crypto/openssl/doc/apps/smime.pod
+++ b/crypto/openssl/doc/apps/smime.pod
@@ -17,6 +17,9 @@ B<openssl> B<smime>
[B<-rc2-40>]
[B<-rc2-64>]
[B<-rc2-128>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
[B<-in file>]
[B<-certfile file>]
[B<-signer file>]
@@ -126,11 +129,11 @@ B<-verify>. This directory must be a standard certificate directory: that
is a hash of each subject name (using B<x509 -hash>) should be linked
to each certificate.
-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
+=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256>
-the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
-or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
-used. Only used with B<-encrypt>.
+the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
+40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not
+specified 40 bit RC2 is used. Only used with B<-encrypt>.
=item B<-nointern>
diff --git a/crypto/openssl/doc/crypto/BIO_f_ssl.pod b/crypto/openssl/doc/crypto/BIO_f_ssl.pod
index a56ee2b92f2b..f0b731731f50 100644
--- a/crypto/openssl/doc/crypto/BIO_f_ssl.pod
+++ b/crypto/openssl/doc/crypto/BIO_f_ssl.pod
@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
return 0;
}
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
BIO_puts(sbio, "--------------------------------------------------\r\n");
for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
}
BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "</pre>\r\n");
+ BIO_puts(sbio, "\r\n");
/* Since there is a buffering BIO present we had better flush it */
BIO_flush(sbio);
diff --git a/crypto/openssl/doc/crypto/CONF_modules_free.pod b/crypto/openssl/doc/crypto/CONF_modules_free.pod
new file mode 100644
index 000000000000..af8ae6a5c92d
--- /dev/null
+++ b/crypto/openssl/doc/crypto/CONF_modules_free.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+ CONF_modules_free, CONF_modules_load, CONF_modules_unload -
+ OpenSSL configuration cleanup functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ void CONF_modules_free(void);
+ void CONF_modules_unload(int all);
+ void CONF_modules_finish(void);
+
+=head1 DESCRIPTION
+
+CONF_modules_free() closes down and frees up all memory allocated by all
+configuration modules.
+
+CONF_modules_finish() calls each configuration modules B<finish> handler
+to free up any configuration that module may have performed.
+
+CONF_modules_unload() finishes and unloads configuration modules. If
+B<all> is set to B<0> only modules loaded from DSOs will be unloads. If
+B<all> is B<1> all modules, including builtin modules will be unloaded.
+
+=head1 NOTES
+
+Normally applications will only call CONF_modules_free() at application to
+tidy up any configuration performed.
+
+=head1 RETURN VALUE
+
+None of the functions return a value.
+
+=head1 SEE ALSO
+
+L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
+L<CONF_modules_load_file(3), CONF_modules_load_file(3)>
+
+=head1 HISTORY
+
+CONF_modules_free(), CONF_modules_unload(), and CONF_modules_finish()
+first appeared in OpenSSL 0.9.7.
+
+=cut
diff --git a/crypto/openssl/doc/crypto/CONF_modules_load_file.pod b/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
new file mode 100644
index 000000000000..9965d69bf2ec
--- /dev/null
+++ b/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+ CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ int CONF_modules_load_file(const char *filename, const char *appname,
+ unsigned long flags);
+ int CONF_modules_load(const CONF *cnf, const char *appname,
+ unsigned long flags);
+
+=head1 DESCRIPTION
+
+The function CONF_modules_load_file() configures OpenSSL using file
+B<filename> and application name B<appname>. If B<filename> is NULL
+the standard OpenSSL configuration file is used. If B<appname> is
+NULL the standard OpenSSL application name B<openssl_conf> is used.
+The behaviour can be cutomized using B<flags>.
+
+CONF_modules_load() is idential to CONF_modules_load_file() except it
+read configuration information from B<cnf>.
+
+=head1 NOTES
+
+The following B<flags> are currently recognized:
+
+B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual
+configuration modules are ignored. If not set the first module error is
+considered fatal and no further modules are loads.
+
+Normally any modules errors will add error information to the error queue. If
+B<CONF_MFLAGS_SILENT> is set no error information is added.
+
+If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
+disabled.
+
+B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file()
+ignore missing configuration files. Normally a missing configuration file
+return an error.
+
+=head1 RETURN VALUE
+
+These functions return 1 for success and a zero or negative value for
+failure. If module errors are not ignored the return code will reflect the
+return value of the failing module (this will always be zero or negative).
+
+=head1 SEE ALSO
+
+L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
+L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)>
+
+=head1 HISTORY
+
+CONF_modules_load_file and CONF_modules_load first appeared in OpenSSL 0.9.7.
+
+=cut
diff --git a/crypto/openssl/doc/crypto/EVP_BytesToKey.pod b/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
index 5ce4add0821c..016381f3e994 100644
--- a/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
+++ b/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
@@ -2,7 +2,7 @@
=head1 NAME
- EVP_BytesToKey - password based encryption routine
+EVP_BytesToKey - password based encryption routine
=head1 SYNOPSIS
diff --git a/crypto/openssl/doc/crypto/EVP_DigestInit.pod b/crypto/openssl/doc/crypto/EVP_DigestInit.pod
index 5901c3952660..1cb315e739dd 100644
--- a/crypto/openssl/doc/crypto/EVP_DigestInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_DigestInit.pod
@@ -4,7 +4,7 @@
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
diff --git a/crypto/openssl/doc/crypto/OPENSSL_config.pod b/crypto/openssl/doc/crypto/OPENSSL_config.pod
new file mode 100644
index 000000000000..16600620ccf3
--- /dev/null
+++ b/crypto/openssl/doc/crypto/OPENSSL_config.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ void OPENSSL_config(const char *config_name);
+ void OPENSSL_no_config(void);
+
+=head1 DESCRIPTION
+
+OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
+configuration file name using B<config_name>. If B<config_name> is NULL then
+the default name B<openssl_conf> will be used. Any errors are ignored. Further
+calls to OPENSSL_config() will have no effect. The configuration file format
+is documented in the L<conf(5)|conf(5)> manual page.
+
+OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
+no configuration takes place.
+
+=head1 NOTES
+
+It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
+or the more sophisticated functions such as CONF_modules_load() during
+initialization (that is before starting any threads). By doing this
+an application does not need to keep track of all configuration options
+and some new functionality can be supported automatically.
+
+It is also possible to automatically call OPENSSL_config() when an application
+calls OPENSSL_add_all_algorithms() by compiling an application with the
+preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
+can be added without source changes.
+
+The environment variable B<OPENSSL_CONFIG> can be set to specify the location
+of the configuration file.
+
+Currently ASN1 OBJECTs and ENGINE configuration can be performed future
+versions of OpenSSL will add new configuration options.
+
+There are several reasons why calling the OpenSSL configuration routines is
+advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
+In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
+used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
+However very few applications currently support the control interface and so
+very few can load and use dynamic ENGINEs. Equally in future more sophisticated
+ENGINEs will require certain control operations to customize them. If an
+application calls OPENSSL_config() it doesn't need to know or care about
+ENGINE control operations because they can be performed by editing a
+configuration file.
+
+Applications should free up configuration at application closedown by calling
+CONF_modules_free().
+
+=head1 RESTRICTIONS
+
+The OPENSSL_config() function is designed to be a very simple "call it and
+forget it" function. As a result its behaviour is somewhat limited. It ignores
+all errors silently and it can only load from the standard configuration file
+location for example.
+
+It is however B<much> better than nothing. Applications which need finer
+control over their configuration functionality should use the configuration
+functions such as CONF_load_modules() directly.
+
+=head1 RETURN VALUES
+
+Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
+
+=head1 SEE ALSO
+
+L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
+L<CONF_modules_free(3),CONF_modules_free(3)>
+
+=head1 HISTORY
+
+OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7
+
+=cut
diff --git a/crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod b/crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod
new file mode 100644
index 000000000000..f14dfaf005dd
--- /dev/null
+++ b/crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_load_builtin_modules - add standard configuration modules
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ void OPENSSL_load_builtin_modules(void);
+ void ASN1_add_oid_module(void);
+ ENGINE_add_conf_module();
+
+=head1 DESCRIPTION
+
+The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL
+configuration modules to the internal list. They can then be used by the
+OpenSSL configuration code.
+
+ASN1_add_oid_module() adds just the ASN1 OBJECT module.
+
+ENGINE_add_conf_module() adds just the ENGINE configuration module.
+
+=head1 NOTES
+
+If the simple configuration function OPENSSL_config() is called then
+OPENSSL_load_builtin_modules() is called automatically.
+
+Applications which use the configuration functions directly will need to
+call OPENSSL_load_builtin_modules() themselves I<before> any other
+configuration code.
+
+Applications should call OPENSSL_load_builtin_modules() to load all
+configuration modules instead of adding modules selectively: otherwise
+functionality may be missing from the application if an when new
+modules are added.
+
+=head1 RETURN VALUE
+
+None of the functions return a value.
+
+=head1 SEE ALSO
+
+L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)>
+
+=head1 HISTORY
+
+These functions first appeared in OpenSSL 0.9.7.
+
+=cut
diff --git a/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod b/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod
index 486c90343078..e63411b5bba0 100644
--- a/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod
+++ b/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -36,7 +36,7 @@ None of the functions return a value.
=head1 NOTES
-A typical application will will call OpenSSL_add_all_algorithms() initially and
+A typical application will call OpenSSL_add_all_algorithms() initially and
EVP_cleanup() before exiting.
An application does not need to add algorithms to use them explicitly, for example
diff --git a/crypto/openssl/doc/crypto/RSA_print.pod b/crypto/openssl/doc/crypto/RSA_print.pod
index e28d107d1c6e..c971e91f4db6 100644
--- a/crypto/openssl/doc/crypto/RSA_print.pod
+++ b/crypto/openssl/doc/crypto/RSA_print.pod
@@ -44,6 +44,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
DH_print_fp() are available in all versions of SSLeay and OpenSSL.
-DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
+DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
=cut
diff --git a/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod b/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod
index 6ebd30427b88..22c1b50f2288 100644
--- a/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod
+++ b/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod
@@ -9,6 +9,7 @@ and parsing functions.
=head1 SYNOPSIS
#include <openssl/dsa.h>
+ #include <openssl/x509.h>
DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
@@ -35,8 +36,8 @@ and parsing functions.
d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
components structure.
-d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a
-SubjectPublicKeyInfo (certificate public key) structure.
+d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
components.
diff --git a/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod b/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
index 7c71bcbf3dbd..279b29c873c0 100644
--- a/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
+++ b/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
@@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
=head1 SYNOPSIS
#include <openssl/rsa.h>
+ #include <openssl/x509.h>
RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
@@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
structure.
-d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a
-SubjectPublicKeyInfo (certificate public key) structure.
+d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
structure.
diff --git a/crypto/openssl/doc/crypto/des.pod b/crypto/openssl/doc/crypto/des.pod
index 528c73acac61..6f0cf1cc5e5f 100644
--- a/crypto/openssl/doc/crypto/des.pod
+++ b/crypto/openssl/doc/crypto/des.pod
@@ -283,7 +283,7 @@ DES_cbc_encrypt is used.
=head1 NOTES
Single-key DES is insecure due to its short key size. ECB mode is
-not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
+not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
The L<evp(3)|evp(3)> library provides higher-level encryption functions.
diff --git a/crypto/openssl/doc/crypto/pem.pod b/crypto/openssl/doc/crypto/pem.pod
index a4f8cc33376a..8613114452e8 100644
--- a/crypto/openssl/doc/crypto/pem.pod
+++ b/crypto/openssl/doc/crypto/pem.pod
@@ -330,7 +330,7 @@ most of them are set to 0 or NULL.
Read a certificate in PEM format from a BIO:
X509 *x;
- x = PEM_read_bio(bp, NULL, 0, NULL);
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
if (x == NULL)
{
/* Error */
@@ -459,12 +459,12 @@ returned by EVP_bytestokey().
The PEM read routines in some versions of OpenSSL will not correctly reuse
an existing structure. Therefore the following:
- PEM_read_bio(bp, &x, 0, NULL);
+ PEM_read_bio_X509(bp, &x, 0, NULL);
where B<x> already contains a valid certificate, may not work, whereas:
X509_free(x);
- x = PEM_read_bio(bp, NULL, 0, NULL);
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
is guaranteed to work.
diff --git a/crypto/openssl/doc/crypto/ui.pod b/crypto/openssl/doc/crypto/ui.pod
index 2b3535a74618..6df68d604a82 100644
--- a/crypto/openssl/doc/crypto/ui.pod
+++ b/crypto/openssl/doc/crypto/ui.pod
@@ -5,7 +5,7 @@
UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-UI_add_error_string, UI_dup_error_string, UI_construct_prompt
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
diff --git a/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod b/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
index 2a987391147c..42fa66b19751 100644
--- a/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
=over 4
-=item 1
+=item 0
The operation succeeded.
-=item 0
+=item 1
The operation failed. Check the error queue to find out the reason.
diff --git a/crypto/openssl/doc/ssleay.txt b/crypto/openssl/doc/ssleay.txt
index c6049d5e53ba..d44d2f04a022 100644
--- a/crypto/openssl/doc/ssleay.txt
+++ b/crypto/openssl/doc/ssleay.txt
@@ -6245,7 +6245,7 @@ SSL_get_app_data
void SSL_CTX_set_default_verify
/* This callback, if set, totaly overrides the normal SSLeay verification
- * functions and should return 1 on sucesss and 0 on failure */
+ * functions and should return 1 on success and 0 on failure */
void SSL_CTX_set_cert_verify_callback
/* The following are the same as the equivilent SSL_xxx functions.
diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec
index 9ce236e0d21e..6a272f69698e 100644
--- a/crypto/openssl/openssl.spec
+++ b/crypto/openssl/openssl.spec
@@ -1,7 +1,7 @@
%define libmaj 0
%define libmin 9
%define librel 7
-%define librev c
+%define librev d
Release: 1
%define openssldir /var/ssl
diff --git a/crypto/openssl/ssl/Makefile.ssl b/crypto/openssl/ssl/Makefile.ssl
index e36a79b2d6ff..3ae3561ac1b3 100644
--- a/crypto/openssl/ssl/Makefile.ssl
+++ b/crypto/openssl/ssl/Makefile.ssl
@@ -55,14 +55,14 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: lib shared
+all: shared
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
-shared:
+shared: lib
if [ -n "$(SHARED_LIBS)" ]; then \
(cd ..; $(MAKE) $(SHARED_LIB)); \
fi
@@ -71,7 +71,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
@@ -280,84 +280,82 @@ s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
s23_srvr.o: ssl_locl.h
-s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
-s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
-s2_enc.o: ssl_locl.h
-s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
-s2_lib.o: ssl_locl.h
+s2_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
+s2_clnt.o: ssl_locl.h
+s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
+s2_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -383,58 +381,57 @@ s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
-s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
-s2_pkt.o: ssl_locl.h
-s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
+s2_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
+s2_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
+s2_srvr.o: ssl_locl.h
s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -461,32 +458,32 @@ s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
s3_both.o: ssl_locl.h
-s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
+s3_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_clnt.o: s3_clnt.c ssl_locl.h
s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -587,16 +584,15 @@ s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
-s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+s3_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
@@ -639,32 +635,32 @@ ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
-ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
+ssl_asn1.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
+ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_asn1.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
+ssl_asn1.o: ssl_locl.h
ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -766,33 +762,32 @@ ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
-ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
-ssl_lib.o: ssl_lib.c ssl_locl.h
+ssl_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ssl_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -818,32 +813,32 @@ ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
-ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h
-ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
+ssl_sess.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_sess.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ssl_sess.c
ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
diff --git a/crypto/openssl/ssl/kssl.c b/crypto/openssl/ssl/kssl.c
index 7c45f8ff4e6d..51378897f6e2 100644
--- a/crypto/openssl/ssl/kssl.c
+++ b/crypto/openssl/ssl/kssl.c
@@ -953,7 +953,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
printf("%s, authdata==0\n", label);
return;
}
- printf("%s [%p]\n", label, adata);
+ printf("%s [%p]\n", label, (void *)adata);
#if 0
{
int i;
@@ -1725,7 +1725,7 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
return;
}
else
- printf("%p\n", kssl_ctx);
+ printf("%p\n", (void *)kssl_ctx);
printf("\tservice:\t%s\n",
(kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 1d24dedc918b..43b32eb4159f 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -116,7 +116,6 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
index d3b144f1c52c..21a06f76cb07 100644
--- a/crypto/openssl/ssl/s2_enc.c
+++ b/crypto/openssl/ssl/s2_enc.c
@@ -59,7 +59,6 @@
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
-#include "cryptlib.h"
int ssl2_enc_init(SSL *s, int client)
{
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index 910b9fe097d4..edcef4dda291 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -63,7 +63,6 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
-#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -139,6 +138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL_ALL_STRENGTHS,
},
/* IDEA_128_CBC_WITH_MD5 */
+#ifndef OPENSSL_NO_IDEA
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
@@ -151,6 +151,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
/* DES_64_CBC_WITH_MD5 */
{
1,
diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
index d82f1376135e..a10929a757f9 100644
--- a/crypto/openssl/ssl/s2_pkt.c
+++ b/crypto/openssl/ssl/s2_pkt.c
@@ -113,7 +113,6 @@
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <errno.h>
-#include "cryptlib.h"
#define USE_SOCKETS
static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index 62859a2d950e..5da2a54af37f 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -116,7 +116,6 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index eb7daebfdfb3..26ce0cb9639d 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -117,7 +117,6 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
-#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -1947,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
if (algs & SSL_kRSA)
{
if (rsa == NULL
- || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+ || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
@@ -1959,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
- || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+ || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 559924d3681b..92efb9597d38 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -199,10 +199,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
COMP_METHOD *comp;
const EVP_MD *m;
EVP_MD_CTX md;
- int exp,n,i,j,k,cl;
+ int is_exp,n,i,j,k,cl;
int reuse_dd = 0;
- exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+ is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
if (s->s3->tmp.new_compression == NULL)
@@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
- j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+ j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
@@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_MD_CTX_init(&md);
memcpy(mac_secret,ms,i);
- if (exp)
+ if (is_exp)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 896b12fc4f38..d04096016ce3 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
/* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
@@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
/* Cipher 08 */
{
1,
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index 881f68b99891..deb3cffabeb5 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -121,9 +121,10 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_KRB5
#include <openssl/krb5_asn.h>
+#endif
#include <openssl/md5.h>
-#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -1587,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i);
enc_ticket.length = i;
+
+ if (n < enc_ticket.length + 6)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
enc_ticket.data = (char *)p;
p+=enc_ticket.length;
n2s(p,i);
authenticator.length = i;
+
+ if (n < enc_ticket.length + authenticator.length + 6)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
authenticator.data = (char *)p;
p+=authenticator.length;
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index 4ae845825949..913bd40eea4a 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value);
const char *SSL_alert_desc_string_long(int value);
const char *SSL_alert_desc_string(int value);
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
int SSL_add_client_CA(SSL *ssl,X509 *x);
diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c
index 16bc11b559b1..d8ff8fc4a3dc 100644
--- a/crypto/openssl/ssl/ssl_asn1.c
+++ b/crypto/openssl/ssl/ssl_asn1.c
@@ -62,7 +62,6 @@
#include <openssl/asn1_mac.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index da90078a378b..2cfb6158787a 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
return(i);
}
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
{
if (*ca_list != NULL)
sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
- *ca_list=list;
+ *ca_list=name_list;
}
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
return(ret);
}
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
{
- set_client_CA_list(&(s->client_CA),list);
+ set_client_CA_list(&(s->client_CA),name_list);
}
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
{
- set_client_CA_list(&(ctx->client_CA),list);
+ set_client_CA_list(&(ctx->client_CA),name_list);
}
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
index 888b667fa12c..44c503eb048e 100644
--- a/crypto/openssl/ssl/ssl_ciph.c
+++ b/crypto/openssl/ssl/ssl_ciph.c
@@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
+#ifndef OPENSSL_NO_IDEA
{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
+#endif
{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
@@ -166,8 +168,12 @@ static void load_ciphers(void)
EVP_get_cipherbyname(SN_rc4);
ssl_cipher_methods[SSL_ENC_RC2_IDX]=
EVP_get_cipherbyname(SN_rc2_cbc);
+#ifndef OPENSSL_NO_IDEA
ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
EVP_get_cipherbyname(SN_idea_cbc);
+#else
+ ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
+#endif
ssl_cipher_methods[SSL_ENC_AES128_IDX]=
EVP_get_cipherbyname(SN_aes_128_cbc);
ssl_cipher_methods[SSL_ENC_AES256_IDX]=
@@ -334,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
}
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
- int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+ int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
- int i, list_num;
+ int i, co_list_num;
SSL_CIPHER *c;
/*
@@ -348,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
*/
/* Get the initial list of ciphers */
- list_num = 0; /* actual count of ciphers */
+ co_list_num = 0; /* actual count of ciphers */
for (i = 0; i < num_of_ciphers; i++)
{
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid && !(c->algorithms & mask))
{
- list[list_num].cipher = c;
- list[list_num].next = NULL;
- list[list_num].prev = NULL;
- list[list_num].active = 0;
- list_num++;
+ co_list[co_list_num].cipher = c;
+ co_list[co_list_num].next = NULL;
+ co_list[co_list_num].prev = NULL;
+ co_list[co_list_num].active = 0;
+ co_list_num++;
#ifdef KSSL_DEBUG
printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
#endif /* KSSL_DEBUG */
@@ -372,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
/*
* Prepare linked list from list entries
*/
- for (i = 1; i < list_num - 1; i++)
+ for (i = 1; i < co_list_num - 1; i++)
{
- list[i].prev = &(list[i-1]);
- list[i].next = &(list[i+1]);
+ co_list[i].prev = &(co_list[i-1]);
+ co_list[i].next = &(co_list[i+1]);
}
- if (list_num > 0)
+ if (co_list_num > 0)
{
- (*head_p) = &(list[0]);
+ (*head_p) = &(co_list[0]);
(*head_p)->prev = NULL;
- (*head_p)->next = &(list[1]);
- (*tail_p) = &(list[list_num - 1]);
- (*tail_p)->prev = &(list[list_num - 2]);
+ (*head_p)->next = &(co_list[1]);
+ (*tail_p) = &(co_list[co_list_num - 1]);
+ (*tail_p)->prev = &(co_list[co_list_num - 2]);
(*tail_p)->next = NULL;
}
}
@@ -429,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long mask_strength,
- int rule, int strength_bits, CIPHER_ORDER *list,
+ int rule, int strength_bits, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -524,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
*tail_p = tail;
}
-static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p)
+static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+ CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p)
{
int max_strength_bits, i, *number_uses;
CIPHER_ORDER *curr;
@@ -570,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
- list, head_p, tail_p);
+ co_list, head_p, tail_p);
OPENSSL_free(number_uses);
return(1);
}
static int ssl_cipher_process_rulestr(const char *rule_str,
- CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+ CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
{
unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -702,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
ok = 0;
if ((buflen == 8) &&
!strncmp(buf, "STRENGTH", 8))
- ok = ssl_cipher_strength_sort(list,
+ ok = ssl_cipher_strength_sort(co_list,
head_p, tail_p);
else
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -722,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
{
ssl_cipher_apply_rule(algorithms, mask,
algo_strength, mask_strength, rule, -1,
- list, head_p, tail_p);
+ co_list, head_p, tail_p);
}
else
{
@@ -744,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
unsigned long disabled_mask;
STACK_OF(SSL_CIPHER) *cipherstack;
const char *rule_p;
- CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+ CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
SSL_CIPHER **ca_list = NULL;
/*
@@ -774,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
#ifdef KSSL_DEBUG
printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
#endif /* KSSL_DEBUG */
- list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
- if (list == NULL)
+ co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+ if (co_list == NULL)
{
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
- list, &head, &tail);
+ co_list, &head, &tail);
/*
* We also need cipher aliases for selecting based on the rule_str.
@@ -798,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
if (ca_list == NULL)
{
- OPENSSL_free(list);
+ OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
@@ -814,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
if (strncmp(rule_str,"DEFAULT",7) == 0)
{
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
- list, &head, &tail, ca_list);
+ co_list, &head, &tail, ca_list);
rule_p += 7;
if (*rule_p == ':')
rule_p++;
}
if (ok && (strlen(rule_p) > 0))
- ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+ ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
ca_list);
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok)
{ /* Rule processing failure */
- OPENSSL_free(list);
+ OPENSSL_free(co_list);
return(NULL);
}
/*
@@ -837,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
{
- OPENSSL_free(list);
+ OPENSSL_free(co_list);
return(NULL);
}
@@ -855,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
#endif
}
}
- OPENSSL_free(list); /* Not needed any longer */
+ OPENSSL_free(co_list); /* Not needed any longer */
/*
* The following passage is a little bit odd. If pointer variables
@@ -905,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
- char *ver,*exp;
+ char *ver,*exp_str;
char *kx,*au,*enc,*mac;
unsigned long alg,alg2,alg_s;
#ifdef KSSL_DEBUG
@@ -921,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
is_export=SSL_C_IS_EXPORT(cipher);
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
- exp=is_export?" export":"";
+ exp_str=is_export?" export":"";
if (alg & SSL_SSLV2)
ver="SSLv2";
@@ -1040,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
return("Buffer too small");
#ifdef KSSL_DEBUG
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
+ BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
#else
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+ BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
#endif /* KSSL_DEBUG */
return(buf);
}
@@ -1129,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
MemCheck_on();
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
- return(0);
+ return(1);
}
else
{
MemCheck_on();
- return(1);
+ return(0);
}
}
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 6d698906884a..ee9a82d5860d 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -121,7 +121,6 @@
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
-#include "cryptlib.h"
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
index fabcdefa6ed6..7016c87d3b2d 100644
--- a/crypto/openssl/ssl/ssl_sess.c
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -60,7 +60,6 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
-#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
index 42289c255b27..28095148e740 100644
--- a/crypto/openssl/ssl/ssltest.c
+++ b/crypto/openssl/ssl/ssltest.c
@@ -564,7 +564,14 @@ bad:
if (cm != NULL)
{
if (cm->type != NID_undef)
- SSL_COMP_add_compression_method(comp, cm);
+ {
+ if (SSL_COMP_add_compression_method(comp, cm) != 0)
+ {
+ fprintf(stderr,
+ "Failed to add compression method\n");
+ ERR_print_errors_fp(stderr);
+ }
+ }
else
{
fprintf(stderr,
diff --git a/crypto/openssl/test/Makefile.ssl b/crypto/openssl/test/Makefile.ssl
index a3339ca5d5b1..373f17a92978 100644
--- a/crypto/openssl/test/Makefile.ssl
+++ b/crypto/openssl/test/Makefile.ssl
@@ -103,11 +103,11 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @@$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
generate: $(SRC)
$(SRC):
- @$(TOP)/util/point.sh dummytest.c $@
+ @sh $(TOP)/util/point.sh dummytest.c $@
errors:
diff --git a/crypto/openssl/tools/Makefile.ssl b/crypto/openssl/tools/Makefile.ssl
index bf0cd29c7745..cb33d4a41eee 100644
--- a/crypto/openssl/tools/Makefile.ssl
+++ b/crypto/openssl/tools/Makefile.ssl
@@ -42,7 +42,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @$(TOP)/util/point.sh Makefile.ssl Makefile
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile
lint:
diff --git a/crypto/openssl/tools/c_rehash b/crypto/openssl/tools/c_rehash
index e614fb546667..3e9ba1efe490 100644
--- a/crypto/openssl/tools/c_rehash
+++ b/crypto/openssl/tools/c_rehash
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
# Perl c_rehash script, scan all files in a directory
diff --git a/crypto/openssl/util/extract-names.pl b/crypto/openssl/util/extract-names.pl
index 9f2ad5ef166c..744a8e2324e6 100644
--- a/crypto/openssl/util/extract-names.pl
+++ b/crypto/openssl/util/extract-names.pl
@@ -10,6 +10,8 @@ while(<STDIN>) {
if (/ - /) {
s/ - .*//;
s/,[ \t]+/,/g;
+ s/^[ \t]+//g;
+ s/[ \t]+$//g;
push @words, split ',';
}
}
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
index c538f9dffb1d..b4bc0457e54a 100755
--- a/crypto/openssl/util/mk1mf.pl
+++ b/crypto/openssl/util/mk1mf.pl
@@ -277,6 +277,8 @@ $defs= <<"EOF";
EOF
+$defs .= $preamble if defined $preamble;
+
if ($platform eq "VC-CE")
{
$defs.= <<"EOF";
diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl
index cdd2164c4e25..01a1bfda197c 100755
--- a/crypto/openssl/util/mkdef.pl
+++ b/crypto/openssl/util/mkdef.pl
@@ -1116,27 +1116,55 @@ sub print_test_file
}
}
+sub get_version {
+ local *MF;
+ my $v = '?';
+ open MF, 'Makefile.ssl' or return $v;
+ while (<MF>) {
+ $v = $1, last if /^VERSION=(.*?)\s*$/;
+ }
+ close MF;
+ return $v;
+}
+
sub print_def_file
{
(*OUT,my $name,*nums,my @symbols)=@_;
my $n = 1; my @e; my @r; my @v; my $prev="";
my $liboptions="";
+ my $libname = $name;
+ my $http_vendor = 'www.openssl.org/';
+ my $version = get_version();
+ my $what = "OpenSSL: implementation of Secure Socket Layer";
+ my $description = "$what $version, $name - http://$http_vendor";
if ($W32)
- { $name.="32"; }
+ { $libname.="32"; }
elsif ($W16)
- { $name.="16"; }
+ { $libname.="16"; }
elsif ($OS2)
- { $liboptions = "INITINSTANCE\nDATA NONSHARED"; }
+ { # DLL names should not clash on the whole system.
+ # However, they should not have any particular relationship
+ # to the name of the static library. Chose descriptive names
+ # (must be at most 8 chars).
+ my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
+ $libname = $translate{$name} || $name;
+ $liboptions = <<EOO;
+INITINSTANCE
+DATA MULTIPLE NONSHARED
+EOO
+ # Vendor field can't contain colon, drat; so we omit http://
+ $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
+ }
print OUT <<"EOF";
;
; Definition file for the DLL version of the $name library from OpenSSL
;
-LIBRARY $name $liboptions
+LIBRARY $libname $liboptions
-DESCRIPTION 'OpenSSL $name - http://www.openssl.org/'
+DESCRIPTION '$description'
EOF
diff --git a/crypto/openssl/util/pl/OS2-EMX.pl b/crypto/openssl/util/pl/OS2-EMX.pl
index d695dda623dc..ddb35242108c 100644
--- a/crypto/openssl/util/pl/OS2-EMX.pl
+++ b/crypto/openssl/util/pl/OS2-EMX.pl
@@ -3,10 +3,12 @@
# OS2-EMX.pl - for EMX GCC on OS/2
#
-$o='\\';
-$cp='copy';
+$o='/';
+$cp='cp';
$rm='rm -f';
+$preamble = "SHELL=sh\n";
+
# C compiler stuff
$cc='gcc';
@@ -48,24 +50,24 @@ $bf_enc_src="";
if (!$no_asm)
{
- $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj";
- $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm";
- $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj";
- $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm";
- $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj";
- $bf_enc_src="crypto\\bf\\asm\\b-os2.asm";
- $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj";
- $cast_enc_src="crypto\\cast\\asm\\c-os2.asm";
- $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj";
- $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm";
- $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj";
- $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm";
- $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj";
- $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm";
- $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj";
- $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm";
- $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj";
- $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm";
+ $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
+ $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
+ $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
+ $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
+ $bf_enc_obj="crypto/bf/asm/b-os2$obj";
+ $bf_enc_src="crypto/bf/asm/b-os2.asm";
+ $cast_enc_obj="crypto/cast/asm/c-os2$obj";
+ $cast_enc_src="crypto/cast/asm/c-os2.asm";
+ $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
+ $rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
+ $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
+ $rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
+ $md5_asm_obj="crypto/md5/asm/m5-os2$obj";
+ $md5_asm_src="crypto/md5/asm/m5-os2.asm";
+ $sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
+ $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
+ $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
+ $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
}
if ($shlib)