aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2017-11-02 17:35:19 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2017-11-02 17:35:19 +0000
commitb6a9311a3edd056eaacbcbae2fcb723df5d99057 (patch)
tree720225dbdc898757e7df9a925ec85ade660013c1 /apps
parent12df5ad9af4981f5d3c31a9819d31618c0f1af51 (diff)
downloadsrc-b6a9311a3edd056eaacbcbae2fcb723df5d99057.tar.gz
src-b6a9311a3edd056eaacbcbae2fcb723df5d99057.zip
Import OpenSSL 1.0.2m.vendor/openssl/1.0.2m
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=325326 svn path=/vendor-crypto/openssl/1.0.2m/; revision=325327; tag=vendor/openssl/1.0.2m
Diffstat (limited to 'apps')
-rw-r--r--apps/ca.c13
-rw-r--r--apps/s_client.c2
-rw-r--r--apps/s_server.c2
-rw-r--r--apps/speed.c4
-rw-r--r--apps/spkac.c19
-rw-r--r--apps/srp.c66
-rw-r--r--apps/tsget1
7 files changed, 63 insertions, 44 deletions
diff --git a/apps/ca.c b/apps/ca.c
index f90f033baed3..9a839969a204 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
- if (ci->version == NULL)
- if ((ci->version = ASN1_INTEGER_new()) == NULL)
- goto err;
- ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/*
* Free the current entries if any, there should not be any I believe
@@ -2051,6 +2047,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
+ {
+ STACK_OF(X509_EXTENSION) *exts = ci->extensions;
+
+ if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(ret, 2))
+ goto err;
+ }
+
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
diff --git a/apps/s_client.c b/apps/s_client.c
index 85c1b6b57944..dc467994f8e2 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1667,6 +1667,8 @@ int MAIN(int argc, char **argv)
if (strstr(mbuf, "/stream:features>"))
goto shut;
seen = BIO_read(sbio, mbuf, BUFSIZZ);
+ if (seen <= 0)
+ goto shut;
mbuf[seen] = 0;
}
BIO_printf(sbio,
diff --git a/apps/s_server.c b/apps/s_server.c
index d75871386928..98ffc09314a3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3017,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer);
} else
BIO_puts(io, "no client certificate available\n");
- BIO_puts(io, "</BODY></HTML>\r\n\r\n");
+ BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) {
diff --git a/apps/speed.c b/apps/speed.c
index 6cd102152504..5259c16f1218 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM)
# define SIGALRM
# endif
-static unsigned int lapse, schlock;
+static volatile unsigned int lapse;
+static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs)
{
lapse = secs * 1000;
@@ -725,6 +726,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no EVP given\n");
goto end;
}
+ evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(*argv);
if (!evp_cipher) {
evp_md = EVP_get_digestbyname(*argv);
diff --git a/apps/spkac.c b/apps/spkac.c
index 7f5333fe832e..4b4106d03b99 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -5,7 +5,7 @@
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -185,20 +185,23 @@ int MAIN(int argc, char **argv)
}
e = setup_engine(bio_err, engine, 0);
- if (keyfile) {
+ if (keyfile != NULL) {
pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
- if (!pkey) {
+ if (pkey == NULL)
goto end;
- }
spki = NETSCAPE_SPKI_new();
- if (challenge)
+ if (spki == NULL)
+ goto end;
+ if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
+ if (spkstr == NULL)
+ goto end;
if (outfile)
out = BIO_new_file(outfile, "w");
@@ -253,7 +256,7 @@ int MAIN(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
- if (!spki) {
+ if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
@@ -282,9 +285,9 @@ int MAIN(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
- if (i > 0)
+ if (i > 0) {
BIO_printf(bio_err, "Signature OK\n");
- else {
+ } else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;
diff --git a/apps/srp.c b/apps/srp.c
index ce01a24f2a78..491445df60b0 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
int i;
if (id == NULL)
return -1;
- if (type == DB_SRP_INDEX)
+ if (type == DB_SRP_INDEX) {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX
&& !strcmp(id, pp[DB_srpid]))
return i;
- } else
+ }
+ } else {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
&& !strcmp(id, pp[DB_srpid]))
return i;
}
+ }
return -1;
}
@@ -177,8 +179,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
char **irow;
int i;
- if ((irow =
- (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
+ irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
+ if (irow == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
return 0;
}
@@ -205,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
char *srp_usersalt, const char *g, const char *N,
const char *passin, BIO *bio, int verbose)
{
- char password[1024];
+ char password[1025];
PW_CB_DATA cb_tmp;
char *verifier = NULL;
char *gNid = NULL;
+ int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
- if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
+ len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
+ if (len > 0) {
+ password[len] = 0;
VERBOSE BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N);
- BIO_printf(bio, "Pass %s\n", password);
+ VVERBOSE BIO_printf(bio, "Pass %s\n", password);
- if (!
- (gNid =
- SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
- g))) {
+ if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
+ &verifier, N, g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n");
} else {
if (strcmp(verifier, srp_verifier))
gNid = NULL;
OPENSSL_free(verifier);
}
+ OPENSSL_cleanse(password, len);
}
return gNid;
}
@@ -237,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
char **srp_usersalt, char *g, char *N,
char *passout, BIO *bio, int verbose)
{
- char password[1024];
+ char password[1025];
PW_CB_DATA cb_tmp;
char *gNid = NULL;
char *salt = NULL;
+ int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passout;
- if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
+ len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
+ if (len > 0) {
+ password[len] = 0;
VERBOSE BIO_printf(bio,
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N);
- if (!
- (gNid =
- SRP_create_verifier(user, password, &salt, srp_verifier, N,
- g))) {
+ if (!(gNid = SRP_create_verifier(user, password, &salt,
+ srp_verifier, N, g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n");
- } else
+ } else {
*srp_usersalt = salt;
+ }
+ OPENSSL_cleanse(password, len);
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier);
@@ -314,9 +321,9 @@ int MAIN(int argc, char **argv)
argc--;
argv++;
while (argc >= 1 && badops == 0) {
- if (strcmp(*argv, "-verbose") == 0)
+ if (strcmp(*argv, "-verbose") == 0) {
verbose++;
- else if (strcmp(*argv, "-config") == 0) {
+ } else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
configfile = *(++argv);
@@ -328,15 +335,15 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
dbfile = *(++argv);
- } else if (strcmp(*argv, "-add") == 0)
+ } else if (strcmp(*argv, "-add") == 0) {
add_user = 1;
- else if (strcmp(*argv, "-delete") == 0)
+ } else if (strcmp(*argv, "-delete") == 0) {
delete_user = 1;
- else if (strcmp(*argv, "-modify") == 0)
+ } else if (strcmp(*argv, "-modify") == 0) {
modify_user = 1;
- else if (strcmp(*argv, "-list") == 0)
+ } else if (strcmp(*argv, "-list") == 0) {
list_user = 1;
- else if (strcmp(*argv, "-gn") == 0) {
+ } else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1)
goto bad;
gN = *(++argv);
@@ -366,8 +373,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
- } else
+ } else {
break;
+ }
argc--;
argv++;
@@ -388,7 +396,7 @@ int MAIN(int argc, char **argv)
"Need at least one user for options -add, -delete, -modify. \n");
badops = 1;
}
- if ((passin || passout) && argc != 1) {
+ if ((passargin || passargout) && argc != 1) {
BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n");
badops = 1;
@@ -706,9 +714,9 @@ int MAIN(int argc, char **argv)
doupdatedb = 1;
}
}
- if (--argc > 0)
+ if (--argc > 0) {
user = *(argv++);
- else {
+ } else {
user = NULL;
list_user = 0;
}
diff --git a/apps/tsget b/apps/tsget
index 0d54e9fc9a76..0fca99f4385a 100644
--- a/apps/tsget
+++ b/apps/tsget
@@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
-WWW::Curl::Easy::global_cleanup();