ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.0h
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
...
compare: ag:openssl-1.0.2t
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

5 Commits
openssl-1. ... openssl-1.

Author SHA1 Message Date
Steve Dower
2653d15ab4 Import OpenSSL 1.0.2t 2019-09-16 11:28:31 +01:00
Steve Dower
e6c823a7e5 Import OpenSSL 1.0.2s 2019-06-17 08:41:08 -07:00
Steve Dower
4155d3c2bd Import OpenSSL 1.0.2q 2018-12-07 11:08:57 -08:00
Steve Dower
4b1c388f4d Import OpenSSL 1.0.2p 2018-08-14 09:04:53 -07:00
Steve Dower
4933cd8231 Update to OpenSSL 1.0.2.o 2018-04-13 17:33:44 +00:00
557 changed files with 144686 additions and 139251 deletions
Expand all files Collapse all files

285
CHANGES
View File

@@ -2,6 +2,284 @@
OpenSSL CHANGES
_______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.0.2s and 1.0.2t [10 Sep 2019]
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling `EC_GROUP_new_from_ecpkparameters()`/
`EC_GROUP_new_from_ecparameters()`.
This prevents bypass of security hardening and performance gains,
especially for curves with specialized EC_METHODs.
By default, if a key encoded with explicit parameters is loaded and later
serialized, the output is still encoded with explicit parameters, even if
internally a "named" EC_GROUP is used for computation.
[Nicola Tuveri]
*) Compute ECC cofactors if not provided during EC_GROUP construction. Before
this change, EC_GROUP_set_generator would accept order and/or cofactor as
NULL. After this change, only the cofactor parameter can be NULL. It also
does some minimal sanity checks on the passed order.
(CVE-2019-1547)
[Billy Bob Brumley]
*) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
(CVE-2019-1563)
[Bernd Edlinger]
*) Document issue with installation paths in diverse Windows builds
'/usr/local/ssl' is an unsafe prefix for location to install OpenSSL
binaries and run-time config file.
(CVE-2019-1552)
[Richard Levitte]
Changes between 1.0.2r and 1.0.2s [28 May 2019]
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
fixes an omission in earlier changes that changed all RSA, DSA and DH
generation apps to use 2048 bits by default.
[Kurt Roeckx]
*) Add FIPS support for Android Arm 64-bit
Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
Module in Version 2.0.10. For some reason, the corresponding target
'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be
built with FIPS support on Android Arm 64-bit. This omission has been
fixed.
[Matthias St. Pierre]
Changes between 1.0.2q and 1.0.2r [26 Feb 2019]
*) 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC. If the application then behaves differently
based on that in a way that is detectable to the remote peer, then this
amounts to a padding oracle that could be used to decrypt data.
In order for this to be exploitable "non-stitched" ciphersuites must be in
use. Stitched ciphersuites are optimised implementations of certain
commonly used ciphersuites. Also the application must call SSL_shutdown()
twice even if a protocol error has occurred (applications should not do
this but some do anyway).
This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod
Aviram, with additional investigation by Steven Collison and Andrew
Hourselt. It was reported to OpenSSL on 10th December 2018.
(CVE-2019-1559)
[Matt Caswell]
*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]
Changes between 1.0.2p and 1.0.2q [20 Nov 2018]
*) Microarchitecture timing vulnerability in ECC scalar multiplication
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks during
ECDSA signature generation could recover the private key.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro
Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
Nicola Tuveri.
(CVE-2018-5407)
[Billy Brumley]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
Module, accidentally introduced while backporting security fixes from the
development branch and hindering the use of ECC in FIPS mode.
[Nicola Tuveri]
Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe.
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
project.
(CVE-2018-0739)
[Matt Caswell]
Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
*) Read/write after SSL object in error state
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake
then OpenSSL would move into the error state and would immediately fail if
you attempted to continue the handshake. This works as designed for the
explicit handshake functions (SSL_do_handshake(), SSL_accept() and
SSL_connect()), however due to a bug it does not work correctly if
SSL_read() or SSL_write() is called directly. In that scenario, if the
handshake fails then a fatal error will be returned in the initial function
call. If SSL_read()/SSL_write() is subsequently called by the application
for the same SSL object then it will succeed and the data is passed without
being decrypted/encrypted directly from the SSL/TLS record layer.
In order to exploit this issue an application bug would have to be present
that resulted in a call to SSL_read()/SSL_write() being issued after having
already received a fatal error.
This issue was reported to OpenSSL by David Benjamin (Google).
(CVE-2017-3737)
[Matt Caswell]
*) rsaz_1024_mul_avx2 overflow bug on x86_64
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be
significant. However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
This issue was reported to OpenSSL by David Benjamin (Google). The issue
was originally found via the OSS-Fuzz project.
(CVE-2017-3738)
[Andy Polyakov]
Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
Changes between 1.0.2k and 1.0.2l [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
platform rather than 'mingw'.
[Richard Levitte]
Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
*) Truncated packet could crash via OOB read
@@ -1923,8 +2201,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]
*) Add SRP support.
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
*) A long standing patch to add support for SRP from EdelWeb (Peter
Sylvester and Christophe Renou) was integrated.
[Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
<peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]

50
CONTRIBUTING
View File

@@ -1,26 +1,26 @@
HOW TO CONTRIBUTE PATCHES TO OpenSSL
------------------------------------
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
Development is done on GitHub, https://github.com/openssl/openssl.
To submit a patch, make a pull request on GitHub. If you think the patch
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
To request new features or report bugs, please open an issue on GitHub
Having addressed the following items before the PR will help make the
acceptance and review process faster:
To submit a patch, please open a pull request on GitHub. If you are thinking
of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
@@ -34,21 +34,21 @@ acceptance and review process faster:
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove
them before a patch is considered acceptable.
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is availble you should use the
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via Travis and AppVeyor are expected, and done whenever
a PR is created or updated.
platforms: try to ensure you only use portable features. Clean builds
via Travis and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/apps, doc/crypto
and doc/ssl for examples of our style.
documentation. Please look at the "pod" files in doc for
examples of our style.

60
Configure
View File

@@ -109,7 +109,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
# TODO(openssl-team): fix problems and investigate if (at least) the following
# warnings can also be enabled:
@@ -118,7 +118,7 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare
# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
# -Wextended-offsetof
my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
my $clang_disabled_warnings = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
# These are used in addition to $gcc_devteam_warn when the compiler is clang.
# TODO(openssl-team): fix problems and investigate if (at least) the
@@ -128,7 +128,7 @@ my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initiali
# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
# -Wextended-offsetof
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
my $clang_devteam_warn = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
# Warn that "make depend" should be run?
my $warn_make_depend = 0;
@@ -354,7 +354,7 @@ my %table=(
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# DEC Alpha OSF/1/Tru64 targets.
#
@@ -475,6 +475,7 @@ my %table=(
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### *BSD [do see comment about ${BSDthreads} above!]
"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -592,9 +593,9 @@ my %table=(
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
@@ -1173,6 +1174,7 @@ foreach (sort (keys %disabled))
$depflags .= " -DOPENSSL_NO_$ALGO";
}
}
if (/^comp$/) { $zlib = 0; }
}
print "\n";
@@ -1269,7 +1271,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; }
if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{
$cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
@@ -1661,18 +1663,32 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
my $ecc = $cc;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
my %predefined;
# collect compiler pre-defines from gcc or gcc-alike...
open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
while (<PIPE>) {
m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
$predefined{$1} = defined($2) ? $2 : "";
}
close(PIPE);
# Xcode did not handle $cc -M before clang support
my $cc_as_makedepend = 0;
if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
&& !defined($predefined{__clang__}))) {
$cc_as_makedepend = 1;
}
if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
if ($ecc eq "clang")
if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
@@ -1723,15 +1739,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
@@ -2041,12 +2056,13 @@ EOF
close(OUT);
} else {
my $make_command = "$make PERL=\'$perl\'";
my $make_targets = "";
$make_targets .= " links" if $symlink;
$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
$make_targets .= " gentests" if $symlink;
(system $make_command.$make_targets) == 0 or exit $?
if $make_targets ne "";
my @make_targets = ();
push @make_targets, "links" if $symlink;
push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend;
push @make_targets, "gentests" if $symlink;
foreach my $make_target (@make_targets) {
(system "$make_command $make_target") == 0 or exit $?;
}
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
@@ -2056,8 +2072,8 @@ EOF
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
$warn_make_depend++;
}
$warn_make_depend++;
}
}
# create the ms/version32.rc file if needed

6
INSTALL
View File

@@ -190,10 +190,8 @@
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
http://www.openssl.org/support/rt.html.
in Makefile.ssl and run "make clean; make". To report a bug please open an
issue on GitHub, at https://github.com/openssl/openssl/issues.
4. If everything tests ok, install OpenSSL with

14
INSTALL.DJGPP
View File

@@ -33,8 +33,18 @@
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.
RUN-TIME CAVEAT LECTOR
--------------
CAVEAT LECTOR
-------------
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
### Entropy
Quoting FAQ:

24
INSTALL.W32
View File

@@ -34,6 +34,17 @@
get it all to work. See the trouble shooting section later on for if (when?)
it goes wrong.
CAVEAT LECTOR
-------------
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
Visual C++
----------
@@ -104,7 +115,7 @@
---------------------
* Configure for building with Borland Builder:
> perl Configure BC-32
> perl Configure BC-32 --prefix=c:\some\openssl\dir
* Create the appropriate makefile
> ms\do_nasm
@@ -196,7 +207,7 @@
* Compile OpenSSL:
$ ./config
$ ./config --prefix=c:/some/openssl/dir
[...]
$ make
[...]
@@ -206,7 +217,11 @@
and openssl.exe application in apps directory.
It is also possible to cross-compile it on Linux by configuring
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
like this:
$ ./Configure --cross-compile-prefix=i386-mingw32- \
--prefix=c:/some/openssl/dir mingw ...
'make test' is naturally not applicable then.
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
@@ -240,6 +255,9 @@
$ copy /b out32dll\libeay32.dll c:\openssl\bin
$ copy /b out32dll\openssl.exe c:\openssl\bin
("c:\openssl" should be whatever you specified to --prefix when
configuring the build)
Of course, you can choose another device than c:. C: is used here
because that's usually the first (and often only) harddisk device.
Note: in the modssl INSTALL.Win32, p: is used rather than c:.

12
INSTALL.W64
View File

@@ -30,6 +30,14 @@
Neither of these is actually big deal and hardly encountered
in real-life applications.
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
Compiling procedure
-------------------
@@ -43,7 +51,7 @@
To build for Win64/x64:
> perl Configure VC-WIN64A
> perl Configure VC-WIN64A --prefix=c:\some\openssl\dir
> ms\do_win64a
> nmake -f ms\ntdll.mak
> cd out32dll
@@ -51,7 +59,7 @@
To build for Win64/IA64:
> perl Configure VC-WIN64I
> perl Configure VC-WIN64I --prefix=c:\some\openssl\dir
> ms\do_win64i
> nmake -f ms\ntdll.mak
> cd out32dll

13
INSTALL.WCE
View File

@@ -35,6 +35,17 @@
redirects IO to active sync link, while PortSDK - to NT-like console
driver on the handheld itself.
CAVEAT LECTOR
-------------
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
Building
--------
@@ -61,7 +72,7 @@
Next you should run Configure:
> perl Configure VC-CE
> perl Configure VC-CE --prefix=c:\some\openssl\dir
Next you need to build the Makefiles:

4
LICENSE
View File

@@ -2,7 +2,7 @@
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

2918
MINFO
View File

File diff suppressed because it is too large Load Diff

14
MacOS/Randomizer.cpp
View File

@@ -266,7 +266,7 @@ void CRandomizer::AddCurrentMouse (void)
if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
AddBytes (&mouseLoc, sizeof (mouseLoc),
AddBytes (&mouseLoc, sizeof(mouseLoc),
kMousePositionEntropy);
if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
@@ -286,7 +286,7 @@ void CRandomizer::AddCurrentMouse (void)
(kTypicalMouseIdleTicks/(double)lastCheck);
if (entropy < 0.0)
entropy = 0.0;
AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
AddBytes (&mMouseStill, sizeof(mMouseStill), entropy);
mMouseStill = 0;
}
mLastMouse = mouseLoc;
@@ -299,7 +299,7 @@ void CRandomizer::AddAbsoluteSystemStartupTime (void)
GetDateTime (&now);
now -= TickCount() / 60; // Time in ticks since machine
// startup
AddBytes (&now, sizeof (now), kSysStartupEntropy);
AddBytes (&now, sizeof(now), kSysStartupEntropy);
}
void CRandomizer::AddTimeSinceMachineStartup (void)
@@ -314,7 +314,7 @@ void CRandomizer::AddAppRunningTime (void)
ProcessSerialNumber PSN;
ProcessInfoRec ProcessInfo;
ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
ProcessInfo.processInfoLength = sizeof(ProcessInfoRec);
ProcessInfo.processName = nil;
ProcessInfo.processAppSpec = nil;
@@ -324,7 +324,7 @@ void CRandomizer::AddAppRunningTime (void)
// Now add the amount of time in ticks that the current process
// has been active
AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
AddBytes (&ProcessInfo, sizeof(ProcessInfoRec),
kApplicationUpTimeEntropy);
}
@@ -353,7 +353,7 @@ void CRandomizer::AddStartupVolumeInfo (void)
// unpredictable, so might as well toss the whole block in. See
// comments for entropy estimate justifications.
AddBytes (&pb, sizeof (pb),
AddBytes (&pb, sizeof(pb),
kVolumeBytesEntropy +
log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
* 4294967296.0D +
@@ -419,7 +419,7 @@ void CRandomizer::AddBytes (void *data, long size, double entropy)
void CRandomizer::AddNow (double millisecondUncertainty)
{
long time = SysTimer();
AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
AddBytes (&time, sizeof(time), log2l (millisecondUncertainty *
mTimebaseTicksPerMillisec));
}

1376
Makefile
View File

File diff suppressed because it is too large Load Diff

1376
Makefile.bak
View File

File diff suppressed because it is too large Load Diff

10
Makefile.org
View File

@@ -424,6 +424,14 @@ clean: libclean
rm -fr $$i/*; \
done
distclean: clean
-$(RM) `find . -name .git -prune -o -type l -print`
$(RM) apps/CA.pl
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
$(RM) tools/c_rehash
$(RM) crypto/opensslconf.h
$(RM) Makefile Makefile.bak
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
@@ -511,7 +519,7 @@ $(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
\! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list

48
NEWS
View File

@@ -5,6 +5,54 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019]
o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
(CVE-2019-1563)
o For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
o Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
o Document issue with installation paths in diverse Windows builds
(CVE-2019-1552)
Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019]
o None
Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
o 0-byte record padding oracle (CVE-2019-1559)
Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018]
o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
o Client DoS due to large DH parameter (CVE-2018-0732)
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
o Read/write after SSL object in error state (CVE-2017-3737)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
o Truncated packet could crash via OOB read (CVE-2017-3731)

4
README
View File

@@ -1,7 +1,7 @@
OpenSSL 1.0.2k 26 Jan 2017
OpenSSL 1.0.2t 10 Sep 2019
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

2
README.md
View File

@@ -1,2 +0,0 @@
# cpython-source-deps
Source for packages that the cpython build process depends on

4
apps/app_rand.c
View File

@@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
#endif
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) {
/*
* we try if the given filename is an EGD socket. if it is, we don't
@@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
return 0;
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n");
return 0;

75
apps/apps.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -148,6 +148,10 @@
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
# define rename(from,to) WIN32_rename((from),(to))
# ifdef fileno
# undef fileno
# endif
# define fileno(a) (int)_fileno(a)
#endif
typedef struct {
@@ -1355,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0)
if (*flags != XN_FLAG_COMPAT
&& (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
@@ -1734,9 +1739,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
BUF_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
#ifdef RL_DEBUG
@@ -1785,14 +1790,14 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
@@ -1873,9 +1878,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err;
#ifndef OPENSSL_SYS_VMS
BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
#else
BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
#endif
dbattr_conf = NCONF_new(NULL);
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
@@ -1963,19 +1968,19 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
#else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
#else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
@@ -2024,29 +2029,29 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
#else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
#else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
#else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
#else
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
@@ -2600,7 +2605,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx);
BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
(void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a);
}
@@ -2611,7 +2616,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx);
BIO_write(bconn, s3b.hk, sizeof s3b.hk);
BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
(void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b);
}
@@ -2621,7 +2626,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
char buf[10240];
int l;
l = BIO_gets(bconn, buf, sizeof buf);
l = BIO_gets(bconn, buf, sizeof(buf));
assert(l > 0);
assert(buf[l - 1] == '\n');
buf[l - 1] = '\0';
@@ -2668,8 +2673,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
int l;
JPAKE_STEP3A_init(&s3a);
l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
assert(l == sizeof s3a.hhk);
l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
assert(l == sizeof(s3a.hhk));
if (!JPAKE_STEP3A_process(ctx, &s3a)) {
ERR_print_errors(bio_err);
exit(1);
@@ -2683,8 +2688,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
int l;
JPAKE_STEP3B_init(&s3b);
l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
assert(l == sizeof s3b.hk);
l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
assert(l == sizeof(s3b.hk));
if (!JPAKE_STEP3B_process(ctx, &s3b)) {
ERR_print_errors(bio_err);
exit(1);
@@ -2788,13 +2793,13 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
OPENSSL_free(out);
return NULL;
}
out[start] = i - start;
out[start] = (unsigned char)(i - start);
start = i + 1;
} else
out[i + 1] = in[i];
}
*outlen = len + 1;
*outlen = (unsigned char)(len + 1);
return out;
}
#endif /* ndef OPENSSL_NO_TLSEXT */

8
apps/asn1pars.c
View File

@@ -295,7 +295,7 @@ int MAIN(int argc, char **argv)
ASN1_TYPE *atmp;
int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i));
if (j == 0) {
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is an invalid number\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
@@ -327,14 +327,14 @@ int MAIN(int argc, char **argv)
num = tmplen;
}
if (offset >= num) {
BIO_printf(bio_err, "Error: offset too large\n");
if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
if ((length == 0) || ((long)length > num))
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) {

270
apps/ca.c
View File

@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1))
if (!BN_add_word(serial, 1)) {
X509_free(x);
goto err;
}
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
X509_free(x);
goto err;
}
}
@@ -1628,8 +1631,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
NULL;
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
ASN1_UTCTIME *tm, *tmptm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
@@ -1817,8 +1819,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
if (push != NULL)
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -1836,104 +1836,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
/*
* and add it later on because of the method extensions are added
* (altName)
*/
if (email_dn)
dn_subject = subject;
else {
X509_NAME_ENTRY *tmpne;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
}
if (BN_is_zero(serial))
row[DB_serial] = BUF_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto err;
}
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,
@@ -1985,10 +1887,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
goto err;
ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/*
* Free the current entries if any, there should not be any I believe
@@ -2051,10 +1949,133 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
{
STACK_OF(X509_EXTENSION) *exts = ci->extensions;
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto err;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
if (!email_dn) {
X509_NAME_ENTRY *tmpne;
X509_NAME *dn_subject;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
if (!X509_set_subject_name(ret, dn_subject)) {
X509_NAME_free(dn_subject);
goto err;
}
X509_NAME_free(dn_subject);
}
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (BN_is_zero(serial))
row[DB_serial] = BUF_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (row[DB_name][0] == '\0') {
/*
* An empty subject! We'll use the serial number instead. If
* unique_subject is in use then we don't want different entries with
* empty subjects matching each other.
*/
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto err;
}
if (!default_op) {
@@ -2105,10 +2126,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8);
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) {
(row[DB_file] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -2126,10 +2146,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
for (i = 0; i < DB_NUMBER; i++) {
for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
row[i] = NULL;
}
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
@@ -2137,18 +2155,19 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
goto err;
}
irow = NULL;
ok = 1;
err:
for (i = 0; i < DB_NUMBER; i++)
if (row[i] != NULL)
if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
}
OPENSSL_free(irow);
if (CAname != NULL)
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
if ((dn_subject != NULL) && !email_dn)
X509_NAME_free(dn_subject);
if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm);
if (ok <= 0) {
@@ -2351,6 +2370,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
/* Entries with empty Subjects actually use the serial number instead */
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
}
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
@@ -2396,18 +2420,20 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
goto err;
}
for (i = 0; i < DB_NUMBER; i++) {
for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
row[i] = NULL;
}
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
BIO_printf(bio_err, "failed to update database\n");
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
OPENSSL_free(irow);
goto err;
}
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
/* Revoke Certificate */
if (type == -1)
ok = 1;

2
apps/ciphers.c
View File

@@ -217,7 +217,7 @@ int MAIN(int argc, char **argv)
BIO_printf(STDout, "%s - ", nm);
}
#endif
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}

10
apps/cms.c
View File

@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -977,12 +977,16 @@ int MAIN(int argc, char **argv)
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
if (!signer) {
ret = 2;
goto end;
}
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
if (!key)
if (!key) {
ret = 2;
goto end;
}
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;

2
apps/dgst.c
View File

@@ -145,7 +145,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
program_name(argv[0], pname, sizeof(pname));
md = EVP_get_digestbyname(pname);

24
apps/dhparam.c
View File

@@ -381,10 +381,19 @@ int MAIN(int argc, char **argv)
} else
# endif
{
if (informat == FORMAT_ASN1)
if (informat == FORMAT_ASN1) {
/*
* We have no PEM header to determine what type of DH params it
* is. We'll just try both.
*/
dh = d2i_DHparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
/* BIO_reset() returns 0 for success for file BIOs only!!! */
if (dh == NULL && BIO_reset(in) == 0)
dh = d2i_DHxparams_bio(in, NULL);
} else {
/* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
}
if (dh == NULL) {
BIO_printf(bio_err, "unable to load DH parameters\n");
@@ -484,10 +493,13 @@ int MAIN(int argc, char **argv)
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
else if (outformat == FORMAT_PEM) {
if (dh->q)
if (outformat == FORMAT_ASN1) {
if (dh->q != NULL)
i = i2d_DHxparams_bio(out, dh);
else
i = i2d_DHparams_bio(out, dh);
} else if (outformat == FORMAT_PEM) {
if (dh->q != NULL)
i = PEM_write_bio_DHxparams(out, dh);
else
i = PEM_write_bio_DHparams(out, dh);

3
apps/dsa.c
View File

@@ -327,6 +327,9 @@ int MAIN(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);

3
apps/dsaparam.c
View File

@@ -382,6 +382,9 @@ int MAIN(int argc, char **argv)
printf("\treturn(dsa);\n\t}\n");
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);

8
apps/ecparam.c
View File

@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -546,6 +546,9 @@ int MAIN(int argc, char **argv)
BIO_printf(out, "\treturn(group);\n\t}\n");
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
@@ -582,6 +585,9 @@ int MAIN(int argc, char **argv)
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
EC_KEY_free(eckey);
goto end;

57
apps/enc.c
View File

@@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out, int size);
#define BSIZE (8*1024)
#define PROG enc_main
static void show_ciphers(const OBJ_NAME *name, void *bio_)
struct doall_enc_ciphers {
BIO *bio;
int n;
};
static void show_ciphers(const OBJ_NAME *name, void *arg)
{
BIO *bio = bio_;
static int n;
struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
const EVP_CIPHER *cipher;
if (!islower((unsigned char)*name->name))
return;
BIO_printf(bio, "-%-25s", name->name);
if (++n == 3) {
BIO_printf(bio, "\n");
n = 0;
/* Filter out ciphers that we cannot use */
cipher = EVP_get_cipherbyname(name->name);
if (cipher == NULL ||
(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else
BIO_printf(bio, " ");
BIO_printf(dec->bio, " ");
}
int MAIN(int, char **);
@@ -102,7 +114,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
static const char magic[] = "Salted__";
char mbuf[sizeof magic - 1];
char mbuf[sizeof(magic) - 1];
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
@@ -130,6 +142,7 @@ int MAIN(int argc, char **argv)
ENGINE *e = NULL;
const EVP_MD *dgst = NULL;
int non_fips_allow = 0;
struct doall_enc_ciphers dec;
apps_startup();
@@ -141,7 +154,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0)
base64 = 1;
#ifdef ZLIB
@@ -234,7 +247,7 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0] = '\0';
if (!fgets(buf, sizeof buf, infile)) {
if (!fgets(buf, sizeof(buf), infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad;
}
@@ -311,8 +324,10 @@ int MAIN(int argc, char **argv)
#endif
BIO_printf(bio_err, "Cipher Types\n");
dec.n = 0;
dec.bio = bio_err;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, bio_err);
show_ciphers, &dec);
BIO_printf(bio_err, "\n");
goto end;
@@ -417,7 +432,7 @@ int MAIN(int argc, char **argv)
for (;;) {
char buf[200];
BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
@@ -502,31 +517,31 @@ int MAIN(int argc, char **argv)
else {
if (enc) {
if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) {
if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_bytes(salt, sizeof salt) <= 0)
} else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end;
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1
sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
sizeof salt) != sizeof salt)) {
sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
} else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof salt) != sizeof salt) {
sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) {
} else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
@@ -549,7 +564,7 @@ int MAIN(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) {
} else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}

9
apps/engine.c
View File

@@ -108,13 +108,16 @@ static int append_buf(char **buf, const char *s, int *size, int step)
}
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
char *p = *buf;
*size += step;
*buf = OPENSSL_realloc(*buf, *size);
if (*buf == NULL) {
OPENSSL_free(p);
return 0;
}
}
if (*buf == NULL)
return 0;
if (**buf != '\0')
BUF_strlcat(*buf, ", ", *size);
BUF_strlcat(*buf, s, *size);

2
apps/errstr.c
View File

@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
for (i = 1; i < argc; i++) {
if (sscanf(argv[i], "%lx", &l)) {
ERR_error_string_n(l, buf, sizeof buf);
ERR_error_string_n(l, buf, sizeof(buf));
printf("%s\n", buf);
} else {
printf("%s: bad error code\n", argv[i]);

5
apps/ocsp.c
View File

@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -787,7 +787,6 @@ int MAIN(int argc, char **argv)
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
ret = 0;
goto end;
}
@@ -1195,7 +1194,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
*pcbio = cbio;
for (;;) {
len = BIO_gets(cbio, inbuf, sizeof inbuf);
len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */

6
apps/openssl.c
View File

@@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[])
prog = prog_init();
/* first check the program name */
program_name(Argv[0], pname, sizeof pname);
program_name(Argv[0], pname, sizeof(pname));
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
@@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[])
for (;;) {
ret = 0;
p = buf;
n = sizeof buf;
n = sizeof(buf);
i = 0;
for (;;) {
p[0] = '\0';
@@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void)
/* Purely so it looks nice when the user hits ? */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
qsort(functions, i, sizeof *functions, SortFnByName);
qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new()) == NULL)
return (NULL);

20
apps/passwd.c
View File

@@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
/* ignore rest of line */
char trash[BUFSIZ];
do
r = BIO_gets(in, trash, sizeof trash);
r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n')));
}
@@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
out_buf[0] = '$';
out_buf[1] = 0;
assert(strlen(magic) <= 4); /* "1" or "apr1" */
strncat(out_buf, magic, 4);
strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8);
BUF_strlcat(out_buf, magic, sizeof(out_buf));
BUF_strlcat(out_buf, "$", sizeof(out_buf));
BUF_strlcat(out_buf, salt, sizeof(out_buf));
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
@@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
EVP_DigestUpdate(&md, buf, sizeof buf);
for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf))
EVP_DigestUpdate(&md, buf, sizeof(buf));
EVP_DigestUpdate(&md, buf, i);
n = passwd_len;
@@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
for (i = 0; i < 1000; i++) {
EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf);
(i & 1) ? passwd_len : sizeof(buf));
if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof buf : passwd_len);
(i & 1) ? sizeof(buf) : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
}
EVP_MD_CTX_cleanup(&md2);
@@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
/* transform buf into output string */
unsigned char buf_perm[sizeof buf];
unsigned char buf_perm[sizeof(buf)];
int dest, source;
char *output;
@@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
assert(16 == sizeof buf_perm);
assert(16 == sizeof(buf_perm));
# endif
output = salt_out + salt_len;

10
apps/pkcs12.c
View File

@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read MAC password");
# endif
if (EVP_read_pw_string
(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
(macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -629,13 +629,13 @@ int MAIN(int argc, char **argv)
# endif
if (!noprompt &&
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass);
BUF_strlcpy(macpass, pass, sizeof(macpass));
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -698,7 +698,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read import password");
# endif
if (!noprompt
&& EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
&& EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
@@ -708,7 +708,7 @@ int MAIN(int argc, char **argv)
# endif
if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass);
BUF_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && p12->mac)
BIO_printf(bio_err, "MAC Iteration %ld\n",

4
apps/pkcs8.c
View File

@@ -277,7 +277,7 @@ int MAIN(int argc, char **argv)
else {
p8pass = pass;
if (EVP_read_pw_string
(pass, sizeof pass, "Enter Encryption Password:", 1))
(pass, sizeof(pass), "Enter Encryption Password:", 1))
goto end;
}
app_RAND_load_file(NULL, bio_err, 0);
@@ -331,7 +331,7 @@ int MAIN(int argc, char **argv)
p8pass = passin;
else {
p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0);
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}

4
apps/pkeyutl.c
View File

@@ -322,8 +322,10 @@ int MAIN(int argc, char **argv)
buf_in, (size_t)buf_inlen);
if (rv == 0)
BIO_puts(out, "Signature Verification Failure\n");
else if (rv == 1)
else if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
ret = 0;
}
if (rv >= 0)
goto end;
} else {

3
apps/prime.c
View File

@@ -155,5 +155,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "%-14s hex\n", "-hex");
BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
BIO_printf(bio_err, "%-14s generate prime\n", "-generate");
BIO_printf(bio_err, "%-14s number of bits\n", "-bits <n>");
BIO_printf(bio_err, "%-14s safe prime\n", "-safe");
return 1;
}

2
apps/progs.h
View File

@@ -58,7 +58,7 @@ extern int srp_main(int argc, char *argv[]);
typedef struct {
int type;
const char *name;
int (*func) (int argc, char *argv[]);
int (*func)(int argc, char *argv[]);
} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);

30
apps/progs.pl
View File

@@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n";
grep(s/^asn1pars$/asn1parse/,@ARGV);
foreach (@ARGV)
{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
{ printf "extern int %s_main(int argc, char *argv[]);\n",$_; }
print <<'EOF';
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6
typedef struct {
int type;
const char *name;
int (*func)(int argc,char *argv[]);
} FUNCTION;
int type;
const char *name;
int (*func)(int argc, char *argv[]);
} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = {
@@ -30,7 +30,7 @@ EOF
foreach (@ARGV)
{
push(@files,$_);
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
$str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
elsif ( ($_ =~ /^speed$/))
@@ -60,7 +60,7 @@ foreach (@ARGV)
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
{
push(@files,$_);
printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
printf "#ifndef OPENSSL_NO_".uc($_)."\n {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n";
}
foreach (
@@ -86,7 +86,7 @@ foreach (
{
push(@files,$_);
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
$t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_);
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
@@ -101,4 +101,4 @@ foreach (
print $t;
}
print "\t{0,NULL,NULL}\n\t};\n";
print " {0, NULL, NULL}\n};\n";

2
apps/rand.c
View File

@@ -198,7 +198,7 @@ int MAIN(int argc, char **argv)
chunk = num;
if (chunk > (int)sizeof(buf))
chunk = sizeof buf;
chunk = sizeof(buf);
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;

45
apps/req.c
View File

@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-x509") == 0) {
newreq = 1;
x509 = 1;
} else if (strcmp(*argv, "-asn1-kludge") == 0)
kludge = 1;
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (x509 && infile == NULL)
newreq = 1;
ERR_load_crypto_strings();
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -657,8 +659,7 @@ int MAIN(int argc, char **argv)
}
}
BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
newkey, keyalgstr);
BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
@@ -753,7 +754,7 @@ int MAIN(int argc, char **argv)
}
}
if (newreq) {
if (newreq || x509) {
if (pkey == NULL) {
BIO_printf(bio_err, "you need to specify a private key\n");
goto end;
@@ -1191,7 +1192,7 @@ static int prompt_info(X509_REQ *req,
/* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start;
if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name)
if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -1202,19 +1203,19 @@ static int prompt_info(X509_REQ *req,
def = "";
}
BIO_snprintf(buf, sizeof buf, "%s_value", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error();
value = NULL;
}
BIO_snprintf(buf, sizeof buf, "%s_min", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
BIO_snprintf(buf, sizeof buf, "%s_max", v->name);
BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1250,7 +1251,7 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2;
if (BIO_snprintf(buf, sizeof buf, "%s_default", type)
if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -1262,20 +1263,20 @@ static int prompt_info(X509_REQ *req,
def = "";
}
BIO_snprintf(buf, sizeof buf, "%s_value", type);
BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) {
ERR_clear_error();
value = NULL;
}
BIO_snprintf(buf, sizeof buf, "%s_min", type);
BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
BIO_snprintf(buf, sizeof buf, "%s_max", type);
BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1370,13 +1371,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
BUF_strlcpy(buf, value, sizeof buf);
BUF_strlcat(buf, "\n", sizeof buf);
BUF_strlcpy(buf, value, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
if (!fgets(buf, sizeof buf, stdin))
if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1389,8 +1390,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
BUF_strlcpy(buf, def, sizeof buf);
BUF_strlcat(buf, "\n", sizeof buf);
BUF_strlcpy(buf, def, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);
@@ -1429,13 +1430,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
BUF_strlcpy(buf, value, sizeof buf);
BUF_strlcat(buf, "\n", sizeof buf);
BUF_strlcpy(buf, value, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
if (!fgets(buf, sizeof buf, stdin))
if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1448,8 +1449,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
BUF_strlcpy(buf, def, sizeof buf);
BUF_strlcat(buf, "\n", sizeof buf);
BUF_strlcpy(buf, def, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);

7
apps/s_apps.h
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -152,9 +152,8 @@ typedef fd_mask fd_set;
#define PROTOCOL "tcp"
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
int naccept);
int (*cb) (int s, int stype, unsigned char *context),
unsigned char *context, int naccept);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif

26
apps/s_client.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -337,7 +337,7 @@ static void sc_usage(void)
BIO_printf(bio_err,
" -prexit - print session information even on connection failure\n");
BIO_printf(bio_err,
" -showcerts - show all certificates in the chain\n");
" -showcerts - Show all certificates sent by the server\n");
BIO_printf(bio_err, " -debug - extra output\n");
#ifdef WATT32
BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
@@ -630,10 +630,11 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
unsigned char ext_buf[4 + 65536];
/* Reconstruct the type/len fields prior to extension data */
ext_buf[0] = ext_type >> 8;
ext_buf[1] = ext_type & 0xFF;
ext_buf[2] = inlen >> 8;
ext_buf[3] = inlen & 0xFF;
inlen &= 0xffff; /* for formal memcpy correctness */
ext_buf[0] = (unsigned char)(ext_type >> 8);
ext_buf[1] = (unsigned char)(ext_type);
ext_buf[2] = (unsigned char)(inlen >> 8);
ext_buf[3] = (unsigned char)(inlen);
memcpy(ext_buf + 4, in, inlen);
BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
@@ -1667,6 +1668,8 @@ int MAIN(int argc, char **argv)
if (strstr(mbuf, "/stream:features>"))
goto shut;
seen = BIO_read(sbio, mbuf, BUFSIZZ);
if (seen <= 0)
goto shut;
mbuf[seen] = 0;
}
BIO_printf(sbio,
@@ -2132,6 +2135,7 @@ int MAIN(int argc, char **argv)
BIO_free(bio_c_msg);
bio_c_msg = NULL;
}
SSL_COMP_free_compression_methods();
apps_shutdown();
OPENSSL_EXIT(ret);
}
@@ -2162,10 +2166,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
buf, sizeof buf);
buf, sizeof(buf));
BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
buf, sizeof buf);
buf, sizeof(buf));
BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i));
@@ -2180,9 +2184,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio, "issuer=%s\n", buf);
} else
BIO_printf(bio, "no peer certificate available\n");
@@ -2199,7 +2203,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
} else {
BIO_printf(bio, "---\nNo client certificate CA names sent\n");
}
p = SSL_get_shared_ciphers(s, buf, sizeof buf);
p = SSL_get_shared_ciphers(s, buf, sizeof(buf));
if (p != NULL) {
/*
* This works only for SSL 2. In later protocol versions, the

48
apps/s_server.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -209,9 +209,9 @@ typedef unsigned int u_int;
#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif
static int sv_body(char *hostname, int s, int stype, unsigned char *context);
static int www_body(char *hostname, int s, int stype, unsigned char *context);
static int rev_body(char *hostname, int s, int stype, unsigned char *context);
static int sv_body(int s, int stype, unsigned char *context);
static int www_body(int s, int stype, unsigned char *context);
static int rev_body(int s, int stype, unsigned char *context);
static void close_accept_socket(void);
static void sv_usage(void);
static int init_ssl_connection(SSL *s);
@@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[])
char *chCApath = NULL, *chCAfile = NULL;
char *vfyCApath = NULL, *vfyCAfile = NULL;
unsigned char *context = NULL;
#ifndef OPENSSL_NO_DH
char *dhfile = NULL;
int no_dhe = 0;
#endif
int badop = 0;
int ret = 1;
int build_chain = 0;
int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0;
int state = 0;
const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM;
@@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[])
if (--argc < 1)
goto bad;
s_chain_file = *(++argv);
} else if (strcmp(*argv, "-dhparam") == 0) {
}
#ifndef OPENSSL_NO_DH
else if (strcmp(*argv, "-dhparam") == 0) {
if (--argc < 1)
goto bad;
dhfile = *(++argv);
} else if (strcmp(*argv, "-dcertform") == 0) {
}
#endif
else if (strcmp(*argv, "-dcertform") == 0) {
if (--argc < 1)
goto bad;
s_dcert_format = str2fmt(*(++argv));
@@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[])
verify_quiet = 1;
} else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
no_tmp_rsa = 1;
} else if (strcmp(*argv, "-no_dhe") == 0) {
}
#ifndef OPENSSL_NO_DH
else if (strcmp(*argv, "-no_dhe") == 0) {
no_dhe = 1;
} else if (strcmp(*argv, "-no_ecdhe") == 0) {
}
#endif
else if (strcmp(*argv, "-no_ecdhe") == 0) {
no_ecdhe = 1;
} else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
no_resume_ephemeral = 1;
@@ -2008,7 +2019,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
sizeof s_server_session_id_context);
sizeof(s_server_session_id_context));
/* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
@@ -2019,7 +2030,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context,
sizeof s_server_session_id_context);
sizeof(s_server_session_id_context));
tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
@@ -2132,6 +2143,7 @@ int MAIN(int argc, char *argv[])
BIO_free(bio_s_msg);
bio_s_msg = NULL;
}
SSL_COMP_free_compression_methods();
apps_shutdown();
OPENSSL_EXIT(ret);
}
@@ -2164,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
static int sv_body(char *hostname, int s, int stype, unsigned char *context)
static int sv_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
fd_set readfds;
@@ -2665,14 +2677,14 @@ static int init_ssl_connection(SSL *con)
if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer);
}
if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con);
@@ -2779,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file)
}
#endif
static int www_body(char *hostname, int s, int stype, unsigned char *context)
static int www_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int ret = 1;
@@ -3016,7 +3028,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer);
} else
BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n");
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) {
@@ -3182,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
return (ret);
}
static int rev_body(char *hostname, int s, int stype, unsigned char *context)
static int rev_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int i;

81
apps/s_socket.c
View File

@@ -109,7 +109,7 @@ static int ssl_sock_init(void);
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port, char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host);
static int do_accept(int acc_sock, int *sock);
static int host_ip(char *str, unsigned char ip[4]);
# ifdef OPENSSL_SYS_WIN16
@@ -235,7 +235,7 @@ int init_client(int *sock, char *host, int port, int type)
{
unsigned char ip[4];
memset(ip, '\0', sizeof ip);
memset(ip, '\0', sizeof(ip));
if (!host_ip(host, &(ip[0])))
return 0;
return init_client_ip(sock, ip, port, type);
@@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
}
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
int naccept)
int (*cb) (int s, int stype, unsigned char *context),
unsigned char *context, int naccept)
{
int sock;
char *name = NULL;
int accept_socket = 0;
int i;
@@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret,
}
for (;;) {
if (type == SOCK_STREAM) {
if (do_accept(accept_socket, &sock, &name) == 0) {
if (do_accept(accept_socket, &sock) == 0) {
SHUTDOWN(accept_socket);
return (0);
}
} else
sock = accept_socket;
i = (*cb) (name, sock, type, context);
if (name != NULL)
OPENSSL_free(name);
i = (*cb) (sock, type, context);
if (type == SOCK_STREAM)
SHUTDOWN2(sock);
if (naccept != -1)
@@ -360,7 +356,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
# if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
}
# endif
if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
@@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type)
return (init_server_long(sock, port, NULL, type));
}
static int do_accept(int acc_sock, int *sock, char **host)
static int do_accept(int acc_sock, int *sock)
{
int ret;
struct hostent *h1, *h2;
static struct sockaddr_in from;
int len;
/* struct linger ling; */
if (!ssl_sock_init())
return (0);
return 0;
# ifndef OPENSSL_SYS_WINDOWS
redoit:
# endif
memset((char *)&from, 0, sizeof(from));
len = sizeof(from);
/*
* Note: under VMS with SOCKETSHR the fourth parameter is currently of
* type (int *) whereas under other systems it is (void *) if you don't
* have a cast it will choke the compiler: if you do have a cast then you
* can either go for (int *) or (void *).
*/
ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
ret = accept(acc_sock, NULL, NULL);
if (ret == INVALID_SOCKET) {
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
int i;
@@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **host)
fprintf(stderr, "errno=%d ", errno);
perror("accept");
# endif
return (0);
return 0;
}
/*-
ling.l_onoff=1;
ling.l_linger=0;
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
if (i < 0) { perror("linger"); return(0); }
i=0;
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
*/
if (host == NULL)
goto end;
# ifndef BIT_FIELD_LIMITS
/* I should use WSAAsyncGetHostByName() under windows */
h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
sizeof(from.sin_addr.s_addr), AF_INET);
# else
h1 = gethostbyaddr((char *)&from.sin_addr,
sizeof(struct in_addr), AF_INET);
# endif
if (h1 == NULL) {
BIO_printf(bio_err, "bad gethostbyaddr\n");
*host = NULL;
/* return(0); */
} else {
if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
perror("OPENSSL_malloc");
closesocket(ret);
return (0);
}
BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
h2 = GetHostByName(*host);
if (h2 == NULL) {
BIO_printf(bio_err, "gethostbyname failure\n");
closesocket(ret);
return (0);
}
if (h2->h_addrtype != AF_INET) {
BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
closesocket(ret);
return (0);
}
}
end:
*sock = ret;
return (1);
return 1;
}
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
@@ -595,7 +540,7 @@ static struct hostent *GetHostByName(char *name)
if (ret == NULL)
return (NULL);
/* else add to cache */
if (strlen(name) < sizeof ghbn_cache[0].name) {
if (strlen(name) < sizeof(ghbn_cache[0].name)) {
strcpy(ghbn_cache[lowi].name, name);
memcpy((char *)&(ghbn_cache[lowi].ent), ret,
sizeof(struct hostent));

6
apps/s_time.c
View File

@@ -422,7 +422,7 @@ int MAIN(int argc, char **argv)
goto end;
if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
}
if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path);
SSL_write(scon, buf, strlen(buf));
while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
}
@@ -517,7 +517,7 @@ int MAIN(int argc, char **argv)
goto end;
if (s_www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)

20
apps/speed.c
View File

@@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM)
# define SIGALRM
# endif
static unsigned int lapse, schlock;
static volatile unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs)
{
lapse = secs * 1000;
@@ -725,6 +726,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no EVP given\n");
goto end;
}
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(*argv);
if (!evp_cipher) {
evp_md = EVP_get_digestbyname(*argv);
@@ -2089,7 +2091,7 @@ int MAIN(int argc, char **argv)
RAND_pseudo_bytes(buf, 20);
# ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1;
}
for (j = 0; j < DSA_NUM; j++) {
@@ -2168,7 +2170,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDSA
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1;
}
for (j = 0; j < EC_NUM; j++) {
@@ -2263,7 +2265,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1;
}
for (j = 0; j < EC_NUM; j++) {
@@ -2586,7 +2588,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0)
return NULL;
memset(isdelim, 0, sizeof isdelim);
memset(isdelim, 0, sizeof(isdelim));
isdelim[0] = 1;
while (*delim) {
@@ -2613,7 +2615,7 @@ static int do_multi(int multi)
int *fds;
static char sep[] = ":";
fds = malloc(multi * sizeof *fds);
fds = malloc(multi * sizeof(*fds));
if (fds == NULL) {
fprintf(stderr, "Out of memory in speed (do_multi)\n");
exit(1);
@@ -2651,7 +2653,7 @@ static int do_multi(int multi)
char *p;
f = fdopen(fds[n], "r");
while (fgets(buf, sizeof buf, f)) {
while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n');
if (p)
*p = '\0';
@@ -2827,8 +2829,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
RAND_bytes(out, 16);
len += 16;
aad[11] = len >> 8;
aad[12] = len;
aad[11] = (unsigned char)(len >> 8);
aad[12] = (unsigned char)(len);
pad = EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN, aad);

19
apps/spkac.c
View File

@@ -5,7 +5,7 @@
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -185,20 +185,23 @@ int MAIN(int argc, char **argv)
}
e = setup_engine(bio_err, engine, 0);
if (keyfile) {
if (keyfile != NULL) {
pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) {
if (pkey == NULL)
goto end;
}
spki = NETSCAPE_SPKI_new();
if (challenge)
if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
if (outfile)
out = BIO_new_file(outfile, "w");
@@ -253,7 +256,7 @@ int MAIN(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) {
if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
@@ -282,9 +285,9 @@ int MAIN(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0)
if (i > 0) {
BIO_printf(bio_err, "Signature OK\n");
else {
} else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;

70
apps/srp.c
View File

@@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
int i;
if (id == NULL)
return -1;
if (type == DB_SRP_INDEX)
if (type == DB_SRP_INDEX) {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX
&& !strcmp(id, pp[DB_srpid]))
return i;
} else
}
} else {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
&& !strcmp(id, pp[DB_srpid]))
return i;
}
}
return -1;
}
@@ -177,16 +179,14 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
char **irow;
int i;
if ((irow =
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
if (irow == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
return 0;
}
for (i = 0; i < DB_NUMBER; i++) {
for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
row[i] = NULL;
}
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
@@ -207,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
char *srp_usersalt, const char *g, const char *N,
const char *passin, BIO *bio, int verbose)
{
char password[1024];
char password[1025];
PW_CB_DATA cb_tmp;
char *verifier = NULL;
char *gNid = NULL;
int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N);
BIO_printf(bio, "Pass %s\n", password);
VVERBOSE BIO_printf(bio, "Pass %s\n", password);
if (!
(gNid =
SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
g))) {
if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
&verifier, N, g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n");
} else {
if (strcmp(verifier, srp_verifier))
gNid = NULL;
OPENSSL_free(verifier);
}
OPENSSL_cleanse(password, len);
}
return gNid;
}
@@ -239,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
char **srp_usersalt, char *g, char *N,
char *passout, BIO *bio, int verbose)
{
char password[1024];
char password[1025];
PW_CB_DATA cb_tmp;
char *gNid = NULL;
char *salt = NULL;
int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passout;
if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio,
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N);
if (!
(gNid =
SRP_create_verifier(user, password, &salt, srp_verifier, N,
g))) {
if (!(gNid = SRP_create_verifier(user, password, &salt,
srp_verifier, N, g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n");
} else
} else {
*srp_usersalt = salt;
}
OPENSSL_cleanse(password, len);
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier);
@@ -316,9 +321,9 @@ int MAIN(int argc, char **argv)
argc--;
argv++;
while (argc >= 1 && badops == 0) {
if (strcmp(*argv, "-verbose") == 0)
if (strcmp(*argv, "-verbose") == 0) {
verbose++;
else if (strcmp(*argv, "-config") == 0) {
} else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
configfile = *(++argv);
@@ -330,15 +335,15 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
dbfile = *(++argv);
} else if (strcmp(*argv, "-add") == 0)
} else if (strcmp(*argv, "-add") == 0) {
add_user = 1;
else if (strcmp(*argv, "-delete") == 0)
} else if (strcmp(*argv, "-delete") == 0) {
delete_user = 1;
else if (strcmp(*argv, "-modify") == 0)
} else if (strcmp(*argv, "-modify") == 0) {
modify_user = 1;
else if (strcmp(*argv, "-list") == 0)
} else if (strcmp(*argv, "-list") == 0) {
list_user = 1;
else if (strcmp(*argv, "-gn") == 0) {
} else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1)
goto bad;
gN = *(++argv);
@@ -368,8 +373,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
} else
} else {
break;
}
argc--;
argv++;
@@ -390,7 +396,7 @@ int MAIN(int argc, char **argv)
"Need at least one user for options -add, -delete, -modify. \n");
badops = 1;
}
if ((passin || passout) && argc != 1) {
if ((passargin || passargout) && argc != 1) {
BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n");
badops = 1;
@@ -708,9 +714,9 @@ int MAIN(int argc, char **argv)
doupdatedb = 1;
}
}
if (--argc > 0)
if (--argc > 0) {
user = *(argv++);
else {
} else {
user = NULL;
list_user = 0;
}

1
apps/tsget
View File

@@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::Easy::global_cleanup();

1
apps/verify.c
View File

@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
ERR_print_errors(bio_err);
X509_STORE_CTX_free(csc);
goto end;
}
if (tchain)

12
apps/vms_term_sock.c
View File

@@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[])
** Process the terminal input
*/
LogMessage ("Waiting on terminal I/O ...\n");
len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ;
len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
TermBuff[len] = '\0';
LogMessage ("Received terminal I/O [%s]", TermBuff);
@@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 2,
sizeof(TerminalDeviceBuff) - 2,
0, 0, 0, 0);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
@@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily,
/*
** Initialize the socket information
*/
slen = sizeof (sin);
slen = sizeof(sin);
memset ((char *) &sin, 0, slen);
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
@@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily,
/*
** Now issue the connect
*/
memset ((char *) &sin, 0, sizeof (sin)) ;
memset ((char *) &sin, 0, sizeof(sin)) ;
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
sin.sin_port = LocalHostPort ;
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin));
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
if (status < 0 ) {
LogMessage ("CreateSocketPair: connect () - %d", errno);
sys$cantim (&sptb, 0);
@@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm)
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 1,
sizeof(TerminalDeviceBuff) - 1,
0, 0, 0, 0);
/*

2
apps/winrand.c
View File

@@ -77,7 +77,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
char buffer[200];
if (cmdline[0] == '\0')
filename = RAND_file_name(buffer, sizeof buffer);
filename = RAND_file_name(buffer, sizeof(buffer));
else
filename = cmdline;

4
apps/x509.c
View File

@@ -817,10 +817,10 @@ int MAIN(int argc, char **argv)
char *m;
int y, z;
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
BIO_printf(STDout, "/* subject:%s */\n", buf);
m = X509_NAME_oneline(X509_get_issuer_name(x), buf,
sizeof buf);
sizeof(buf));
BIO_printf(STDout, "/* issuer :%s */\n", buf);
z = i2d_X509(x, NULL);

8
appveyor.yml
View File

@@ -50,11 +50,3 @@ build_script:
test_script:
- nmake /f ms\%MAK% test
notifications:
- provider: Email
to:
- openssl-commits@openssl.org
on_build_success: false
on_build_failure: true
on_build_status_changed: true

11
config
View File

@@ -344,6 +344,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "mips-sony-newsos4"; exit 0;
;;
# The following combinations are supported
# MINGW64* on x86_64 => mingw64
# MINGW32* on x86_64 => mingw
# MINGW32* on i?86 => mingw
#
# MINGW64* on i?86 isn't expected to work...
MINGW64*:*:*:x86_64)
echo "${MACHINE}-whatever-mingw64"; exit 0;
;;
MINGW*)
echo "${MACHINE}-whatever-mingw"; exit 0;
;;
@@ -862,6 +871,7 @@ case "$GUESSOS" in
*-*-qnx6) OUT="QNX6" ;;
x86-*-android|i?86-*-android) OUT="android-x86" ;;
armv[7-9]*-*-android) OUT="android-armv7" ;;
aarch64-*-android) OUT="android64-aarch64" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
@@ -983,5 +993,6 @@ if [ $? = "0" ]; then
fi
else
echo "This system ($OUT) is not supported. See file INSTALL for details."
exit 1
fi
)

17
crypto/LPdir_win.c
View File

@@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
TCHAR *wdir = NULL;
/* len_0 denotes string length *with* trailing 0 */
size_t index = 0, len_0 = strlen(extdir) + 1;
size_t amount;
wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
/*
* Size check
* The reasoning is that absolutely worst case, each byte in
* extdir will take up one TCHAR each, so the maximum size in
* bytes that we can tolerate is MAX_PATH TCHARs... not counting
* the ending NUL.
*/
if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) {
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
amount = len_0 * sizeof(TCHAR);
wdir = (TCHAR *)malloc(amount);
if (wdir == NULL) {
if (extdirbuf != NULL) {
free(extdirbuf);

15
crypto/Makefile
View File

@@ -36,16 +36,18 @@ TEST=constant_time_test.c
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \
getenv.c
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \
$(CPUID_OBJ)
SRC= $(LIBSRC)
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
constant_time_locl.h $(EXHEADER)
constant_time_locl.h bn_int.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
@@ -178,6 +180,13 @@ ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
ex_data.o: ex_data.c
fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c
getenv.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
getenv.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
getenv.o: ../include/openssl/err.h ../include/openssl/lhash.h
getenv.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
getenv.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
getenv.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
getenv.o: getenv.c
mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem.o: ../include/openssl/err.h ../include/openssl/lhash.h

2
crypto/aes/Makefile
View File

@@ -133,7 +133,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.

6
crypto/aes/asm/aes-armv4.pl
View File

@@ -184,7 +184,7 @@ AES_encrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt
#else
adr r3,AES_encrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
@@ -430,7 +430,7 @@ _armv4_AES_set_encrypt_key:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key
#else
adr r3,private_AES_set_encrypt_key
adr r3,.
#endif
teq r0,#0
#if __ARM_ARCH__>=7
@@ -952,7 +952,7 @@ AES_decrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt
#else
adr r3,AES_decrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp

1
crypto/aes/asm/aesni-sha1-x86_64.pl
View File

@@ -1702,6 +1702,7 @@ $code.=<<___;
mov 240($key),$rounds
sub $in0,$out
movups ($key),$rndkey0 # $key[0]
movups ($ivp),$iv # load IV
movups 16($key),$rndkey[0] # forward reference
lea 112($key),$key # size optimization

1
crypto/aes/asm/aesni-sha256-x86_64.pl
View File

@@ -1299,6 +1299,7 @@ $code.=<<___;
mov 240($key),$rounds
sub $in0,$out
movups ($key),$rndkey0 # $key[0]
movups ($ivp),$iv # load IV
movups 16($key),$rndkey[0] # forward reference
lea 112($key),$key # size optimization

8
crypto/aes/asm/bsaes-armv7.pl
View File

@@ -724,7 +724,7 @@ $code.=<<___;
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
adr $const,_bsaes_decrypt8
adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
add $const,$const,#.LM0ISR-_bsaes_decrypt8
@@ -819,7 +819,7 @@ _bsaes_const:
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
adr $const,_bsaes_encrypt8
adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
sub $const,$const,#_bsaes_encrypt8-.LM0SR
@@ -923,7 +923,7 @@ $code.=<<___;
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
adr $const,_bsaes_key_convert
adr $const,.
vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
sub $const,$const,#_bsaes_key_convert-.LM0
vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key
@@ -1333,7 +1333,7 @@ bsaes_cbc_encrypt:
vmov @XMM[4],@XMM[15] @ just in case ensure that IV
vmov @XMM[5],@XMM[0] @ and input are preserved
bl AES_decrypt
vld1.8 {@XMM[0]}, [$fp,:64] @ load result
vld1.8 {@XMM[0]}, [$fp] @ load result
veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV
vmov @XMM[15], @XMM[5] @ @XMM[5] holds input
vst1.8 {@XMM[0]}, [$rounds] @ write output

2
crypto/arm_arch.h
View File

@@ -64,7 +64,7 @@
# endif
# endif
# if !__ASSEMBLER__
# ifndef __ASSEMBLER__
extern unsigned int OPENSSL_armcap_P;
# endif

1
crypto/armcap.c
View File

@@ -5,6 +5,7 @@
#include <signal.h>
#include <crypto.h>
#include "cryptlib.h"
#include "arm_arch.h"
unsigned int OPENSSL_armcap_P = 0;

4
crypto/asn1/Makefile
View File

@@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

13
crypto/asn1/a_bitstr.c
View File

@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <limits.h>
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
@@ -114,10 +115,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
*(p++) = (unsigned char)bits;
d = a->data;
memcpy(p, d, len);
p += len;
if (len > 0)
if (len > 0) {
memcpy(p, d, len);
p += len;
p[-1] &= (0xff << bits);
}
*pp = p;
return (ret);
}
@@ -135,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err;
}
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
return (NULL);

24
crypto/asn1/a_bool.c
View File

@@ -63,17 +63,31 @@
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
{
int r;
unsigned char *p;
unsigned char *p, *allocated = NULL;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL)
return (r);
p = *pp;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
*(p++) = (unsigned char)a;
*pp = p;
return (r);
*p = (unsigned char)a;
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + 1;
return r;
}
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)

8
crypto/asn1/a_digest.c
View File

@@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
p = str;
i2d(data, &p);
if (!EVP_Digest(str, i, md, len, type, NULL))
if (!EVP_Digest(str, i, md, len, type, NULL)) {
OPENSSL_free(str);
return 0;
}
OPENSSL_free(str);
return (1);
}
@@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
if (!str)
return (0);
if (!EVP_Digest(str, i, md, len, type, NULL))
if (!EVP_Digest(str, i, md, len, type, NULL)) {
OPENSSL_free(str);
return 0;
}
OPENSSL_free(str);
return (1);
}

4
crypto/asn1/a_gentm.c
View File

@@ -78,7 +78,7 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
ASN1_STRING tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr;
@@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
if (a[o] == 'Z')
o++;
else if ((a[o] == '+') || (a[o] == '-')) {
int offsign = a[o] == '-' ? -1 : 1, offset = 0;
int offsign = a[o] == '-' ? 1 : -1, offset = 0;
o++;
if (o + 4 > l)
goto err;

3
crypto/asn1/a_i2d_fp.c
View File

@@ -87,6 +87,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
int i, j = 0, n, ret = 1;
n = i2d(x, NULL);
if (n <= 0)
return 0;
b = (char *)OPENSSL_malloc(n);
if (b == NULL) {
ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);

4
crypto/asn1/a_mbstr.c
View File

@@ -149,14 +149,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}

25
crypto/asn1/a_object.c
View File

@@ -66,7 +66,7 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
unsigned char *p;
unsigned char *p, *allocated = NULL;
int objsize;
if ((a == NULL) || (a->data == NULL))
@@ -76,20 +76,31 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1)
return objsize;
p = *pp;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length);
p += a->length;
*pp = p;
return (objsize);
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + a->length;
return objsize;
}
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{
int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp;
int tmpsize = sizeof ftmp;
int tmpsize = sizeof(ftmp);
const char *p;
unsigned long l;
BIGNUM *bl = NULL;
@@ -226,7 +237,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4));
i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) {
p = OPENSSL_malloc(i + 1);
if (!p)

35
crypto/asn1/a_strex.c
View File

@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -130,13 +130,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL)
return -1;
if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
if (!io_ch(arg, tmphex, 10))
return -1;
return 10;
}
if (c > 0xff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
if (!io_ch(arg, tmphex, 6))
return -1;
return 6;
@@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg)
{
int i, outlen, len;
int i, outlen, len, charwidth;
unsigned char orflags, *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
outlen = 0;
charwidth = type & BUF_TYPE_WIDTH_MASK;
switch (charwidth) {
case 4:
if (buflen & 3) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
break;
case 2:
if (buflen & 1) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
break;
default:
break;
}
while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253;
else
orflags = 0;
switch (type & BUF_TYPE_WIDTH_MASK) {
switch (charwidth) {
case 4:
c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16;
@@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c);
if (i < 0)
return -1; /* Invalid UTF8String */
buflen -= i;
p += i;
break;
default:
@@ -236,7 +257,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
int utflen;
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
for (i = 0; i < utflen; i++) {
/*
* We don't need to worry about setting orflags correctly
@@ -533,7 +554,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {

3
crypto/asn1/a_strnid.c
View File

@@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
};
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,

28
crypto/asn1/a_time.c
View File

@@ -86,7 +86,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data,
(len >= sizeof tmp) ? sizeof tmp : len);
(len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr;
}
@@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t)
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
ASN1_GENERALIZEDTIME **out)
{
ASN1_GENERALIZEDTIME *ret;
ASN1_GENERALIZEDTIME *ret = NULL;
char *str;
int newlen;
@@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
if (!out || !*out) {
if (!(ret = ASN1_GENERALIZEDTIME_new()))
return NULL;
if (out)
*out = ret;
} else
goto err;
} else {
ret = *out;
}
/* If already GeneralizedTime just copy across */
if (t->type == V_ASN1_GENERALIZEDTIME) {
if (!ASN1_STRING_set(ret, t->data, t->length))
return NULL;
return ret;
goto err;
goto done;
}
/* grow the string */
if (!ASN1_STRING_set(ret, NULL, t->length + 2))
return NULL;
goto err;
/* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t->length + 2 + 1;
str = (char *)ret->data;
@@ -173,9 +172,18 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
BUF_strlcat(str, (char *)t->data, newlen);
return ret;
done:
if (out != NULL && *out == NULL)
*out = ret;
return ret;
err:
if (out == NULL || *out != ret)
ASN1_GENERALIZEDTIME_free(ret);
return NULL;
}
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{
ASN1_TIME t;

6
crypto/asn1/a_utctm.c
View File

@@ -76,7 +76,7 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
ASN1_STRING x = *(ASN1_STRING *)a;
len = x.length;
ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
x.data = tmp;
return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
# endif
@@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
if (a[o] == 'Z')
o++;
else if ((a[o] == '+') || (a[o] == '-')) {
int offsign = a[o] == '-' ? -1 : 1, offset = 0;
int offsign = a[o] == '-' ? 1 : -1, offset = 0;
o++;
if (o + 4 > l)
goto err;
@@ -317,7 +317,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
struct tm tm;
int offset;
memset(&tm, '\0', sizeof tm);
memset(&tm, '\0', sizeof(tm));
# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
tm.tm_year = g2(s->data);

17
crypto/asn1/ameth_lib.c
View File

@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -234,6 +234,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((ameth->pem_str == NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
|| (ameth->pem_str != NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
return 0;
}
if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (!app_methods)

9
crypto/asn1/asn1.h
View File

@@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ASN1_strings(void);
/* Error codes for the ASN1 functions. */
@@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
# define ASN1_F_DO_BUF 221
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
# define ASN1_F_I2D_ASN1_BOOLEAN 223
# define ASN1_F_I2D_ASN1_OBJECT 222
# define ASN1_F_I2D_ASN1_SET 188
# define ASN1_F_I2D_ASN1_TIME 160
# define ASN1_F_I2D_DSA_PUBKEY 161
@@ -1365,6 +1369,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_MSTRING_NOT_UNIVERSAL 139
# define ASN1_R_MSTRING_WRONG_TAG 140
# define ASN1_R_NESTED_ASN1_STRING 197
# define ASN1_R_NESTED_TOO_DEEP 219
# define ASN1_R_NON_HEX_CHARACTERS 141
# define ASN1_R_NOT_ASCII_FORMAT 190
# define ASN1_R_NOT_ENOUGH_DATA 142
@@ -1413,7 +1418,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_WRONG_TAG 168
# define ASN1_R_WRONG_TYPE 169
#ifdef __cplusplus
# ifdef __cplusplus
}
#endif
# endif
#endif

6
crypto/asn1/asn1_err.c
View File

@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
* Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
{ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
{ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
@@ -279,6 +282,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},

63
crypto/asn1/asn1_int.h Normal file
View File

@@ -0,0 +1,63 @@
/* asn1t.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Internal ASN1 template structures and functions: not for application use */
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);

4
crypto/asn1/asn1_lib.c
View File

@@ -456,8 +456,8 @@ void asn1_add_error(const unsigned char *address, int offset)
{
char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address);
BIO_snprintf(buf2, sizeof buf2, "%d", offset);
BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address);
BIO_snprintf(buf2, sizeof(buf2), "%d", offset);
ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
}

8
crypto/asn1/asn1_par.c
View File

@@ -87,13 +87,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p = str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
else if (tag > 30)
BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
else
p = ASN1_tag2str(tag);

3
crypto/asn1/asn_mime.c
View File

@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -473,6 +473,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL;
}

2
crypto/asn1/f_enum.c
View File

@@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
bufp = (unsigned char *)buf;
if (first) {
first = 0;
if ((bufp[0] == '0') && (buf[1] == '0')) {
if ((bufp[0] == '0') && (bufp[1] == '0')) {
bufp += 2;
i -= 2;
}

2
crypto/asn1/f_int.c
View File

@@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
bufp = (unsigned char *)buf;
if (first) {
first = 0;
if ((bufp[0] == '0') && (buf[1] == '0')) {
if ((bufp[0] == '0') && (bufp[1] == '0')) {
bufp += 2;
i -= 2;
}

4
crypto/asn1/t_x509a.c
View File

@@ -81,7 +81,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", ");
else
first = 0;
OBJ_obj2txt(oidstr, sizeof oidstr,
OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->trust, i), 0);
BIO_puts(out, oidstr);
}
@@ -96,7 +96,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", ");
else
first = 0;
OBJ_obj2txt(oidstr, sizeof oidstr,
OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->reject, i), 0);
BIO_puts(out, oidstr);
}

65
crypto/asn1/tasn_dec.c
View File

@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -65,6 +65,14 @@
#include <openssl/buffer.h>
#include <openssl/err.h>
/*
* Constructed types with a recursive definition (such as can be found in PKCS7)
* could eventually exceed the stack given malicious input with excessive
* recursion. Therefore we limit the stack depth. This is the maximum number of
* recursive invocations of asn1_item_embed_d2i().
*/
#define ASN1_MAX_CONSTRUCTED_NEST 30
static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx);
ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx);
ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
{
ASN1_TLC c;
asn1_tlc_clear_nc(&c);
return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
}
/*
* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
* tag mismatch return -1 to handle OPTIONAL
*/
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it, int tag, int aclass,
char opt, ASN1_TLC *ctx, int depth)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_COMPAT_FUNCS *cf;
@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
else
asn1_cb = 0;
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
goto err;
}
switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
goto err;
}
return asn1_template_ex_d2i(pval, in, len,
it->templates, opt, ctx);
it->templates, opt, ctx, depth);
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/*
* We mark field as OPTIONAL so its absence can be recognised.
*/
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */
if (ret == -1)
continue;
@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
* attempt to read in field, allowing each to be OPTIONAL
*/
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
depth);
if (!ret) {
errtt = seqtt;
goto err;
@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
return 0;
}
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
}
/*
* Templates are handled with two separate functions. One handles any
* EXPLICIT tag and the other handles the rest.
@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx)
ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0;
}
/* We've found the field so it can't be OPTIONAL now */
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
}
}
} else
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p;
return 1;
@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx)
ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -665,14 +685,15 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
break;
}
skfield = NULL;
if (!ASN1_item_ex_d2i(&skfield, &p, len,
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
-1, 0, 0, ctx, depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
goto err;
}
len -= p - q;
if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item));
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -683,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
}
} else if (flags & ASN1_TFLG_IMPTAG) {
/* IMPLICIT tagging */
ret = ASN1_item_ex_d2i(val, &p, len,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
ctx);
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
aclass, opt, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
@@ -693,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
return -1;
} else {
/* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;

4
crypto/asn1/tasn_enc.c
View File

@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data;
len = otmp->length;
if (cont == NULL || len == 0)
return -1;
break;
case V_ASN1_NULL:

7
crypto/asn1/tasn_fre.c
View File

@@ -61,9 +61,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
#include "asn1_int.h"
/* Free up an ASN1 structure */
@@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_combine_free(pval, it, 0);
}
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine)
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;

12
crypto/asn1/tasn_new.c
View File

@@ -63,6 +63,7 @@
#include <openssl/err.h>
#include <openssl/asn1t.h>
#include <string.h>
#include "asn1_int.h"
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
@@ -158,7 +159,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
asn1_set_choice_selector(pval, -1, it);
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr;
goto auxerr2;
break;
case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -186,10 +187,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);
if (!ASN1_template_new(pseqval, tt))
goto memerr;
goto memerr2;
}
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr;
goto auxerr2;
break;
}
#ifdef CRYPTO_MDEBUG
@@ -198,6 +199,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
#endif
return 1;
memerr2:
asn1_item_combine_free(pval, it, combine);
memerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
@@ -206,9 +209,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
#endif
return 0;
auxerr2:
asn1_item_combine_free(pval, it, combine);
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_pop_info();

2
crypto/asn1/tasn_prn.c
View File

@@ -463,7 +463,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
ln = OBJ_nid2ln(OBJ_obj2nid(oid));
if (!ln)
ln = "";
OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
return 0;
return 1;

38
crypto/asn1/x_long.c
View File

@@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
* set.
*/
if (ltmp < 0)
utmp = -ltmp - 1;
utmp = 0 - (unsigned long)ltmp - 1;
else
utmp = ltmp;
clen = BN_num_bits_word(utmp);
@@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it)
{
int neg, i;
int neg = -1, i;
long ltmp;
unsigned long utmp = 0;
char *cp = (char *)pval;
if (len) {
/*
* Check possible pad byte. Worst case, we're skipping past actual
* content, but since that's only with 0x00 and 0xff and we set neg
* accordingly, the result will be correct in the end anyway.
*/
switch (cont[0]) {
case 0xff:
cont++;
len--;
neg = 1;
break;
case 0:
cont++;
len--;
neg = 0;
break;
}
}
if (len > (int)sizeof(long)) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
return 0;
}
/* Is it negative? */
if (len && (cont[0] & 0x80))
neg = 1;
else
neg = 0;
if (neg == -1) {
/* Is it negative? */
if (len && (cont[0] & 0x80))
neg = 1;
else
neg = 0;
}
utmp = 0;
for (i = 0; i < len; i++) {
utmp <<= 8;
@@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
}
ltmp = (long)utmp;
if (neg) {
ltmp++;
ltmp = -ltmp;
ltmp--;
}
if (ltmp == it->size) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);

53
crypto/asn1/x_name.c
View File

@@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
*pval = NULL;
}
static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_free(ne);
}
static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
}
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it, int tag, int aclass,
@@ -228,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
entry->set = i;
if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
goto err;
sk_X509_NAME_ENTRY_set(entries, j, NULL);
}
sk_X509_NAME_ENTRY_free(entries);
}
sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
ret = x509_name_canon(nm.x);
if (!ret)
goto err;
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
local_sk_X509_NAME_ENTRY_free);
nm.x->modified = 0;
*val = nm.a;
*in = p;
@@ -242,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
err:
if (nm.x != NULL)
X509_NAME_free(nm.x);
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
local_sk_X509_NAME_ENTRY_pop_free);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
@@ -267,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
return ret;
}
static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_free(ne);
}
static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
}
static int x509_name_encode(X509_NAME *a)
{
union {
@@ -299,8 +302,10 @@ static int x509_name_encode(X509_NAME *a)
entries = sk_X509_NAME_ENTRY_new_null();
if (!entries)
goto memerr;
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries))
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto memerr;
}
set = entry->set;
}
if (!sk_X509_NAME_ENTRY_push(entries, entry))
@@ -370,8 +375,10 @@ static int x509_name_canon(X509_NAME *a)
entries = sk_X509_NAME_ENTRY_new_null();
if (!entries)
goto err;
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto err;
}
set = entry->set;
}
tmpentry = X509_NAME_ENTRY_new();
@@ -516,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{
X509_NAME *in;
if (!xn || !name)
return (0);
if (*xn != name) {
in = X509_NAME_dup(name);
if (in != NULL) {
X509_NAME_free(*xn);
*xn = in;
}
}
return (*xn != NULL);
if ((name = X509_NAME_dup(name)) == NULL)
return 0;
X509_NAME_free(*xn);
*xn = name;
return 1;
}
IMPLEMENT_STACK_OF(X509_NAME_ENTRY)

21
crypto/asn1/x_pkey.c
View File

@@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void)
X509_PKEY *ret = NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, X509_PKEY);
ret = OPENSSL_malloc(sizeof(X509_PKEY));
if (ret == NULL) {
c.line = __LINE__;
goto err;
}
ret->version = 0;
M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
ret->enc_algor = X509_ALGOR_new();
ret->enc_pkey = M_ASN1_OCTET_STRING_new();
ret->dec_pkey = NULL;
ret->key_length = 0;
ret->key_data = NULL;
@@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void)
ret->cipher.cipher = NULL;
memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
ret->references = 1;
return (ret);
M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
if (ret->enc_algor == NULL || ret->enc_pkey == NULL) {
c.line = __LINE__;
goto err;
}
return ret;
err:
X509_PKEY_free(ret);
ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line);
return NULL;
}
void X509_PKEY_free(X509_PKEY *x)

6
crypto/bf/bftest.c
View File

@@ -462,9 +462,9 @@ static int test(void)
len = strlen(cbc_data) + 1;
BF_set_key(&key, 16, cbc_key);
memset(cbc_in, 0, sizeof cbc_in);
memset(cbc_out, 0, sizeof cbc_out);
memcpy(iv, cbc_iv, sizeof iv);
memset(cbc_in, 0, sizeof(cbc_in));
memset(cbc_out, 0, sizeof(cbc_out));
memcpy(iv, cbc_iv, sizeof(iv));
BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len,
&key, iv, BF_ENCRYPT);
if (memcmp(cbc_out, cbc_ok, 32) != 0) {

41
crypto/bio/b_dump.c
View File

@@ -64,7 +64,6 @@
#include "cryptlib.h"
#include "bio_lcl.h"
#define TRUNCATE
#define DUMP_WIDTH 16
#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
@@ -79,17 +78,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
{
int ret = 0;
char buf[288 + 1], tmp[20], str[128 + 1];
int i, j, rows, trc;
int i, j, rows;
unsigned char ch;
int dump_width;
trc = 0;
#ifdef TRUNCATE
for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
trc++;
#endif
if (indent < 0)
indent = 0;
if (indent) {
@@ -104,50 +96,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
if ((rows * dump_width) < len)
rows++;
for (i = 0; i < rows; i++) {
BUF_strlcpy(buf, str, sizeof buf);
BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
BUF_strlcat(buf, tmp, sizeof buf);
BUF_strlcpy(buf, str, sizeof(buf));
BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
BUF_strlcat(buf, tmp, sizeof(buf));
for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len) {
BUF_strlcat(buf, " ", sizeof buf);
BUF_strlcat(buf, " ", sizeof(buf));
} else {
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch,
BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
j == 7 ? '-' : ' ');
BUF_strlcat(buf, tmp, sizeof buf);
BUF_strlcat(buf, tmp, sizeof(buf));
}
}
BUF_strlcat(buf, " ", sizeof buf);
BUF_strlcat(buf, " ", sizeof(buf));
for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len)
break;
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
#ifndef CHARSET_EBCDIC
BIO_snprintf(tmp, sizeof tmp, "%c",
BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= ' ') && (ch <= '~')) ? ch : '.');
#else
BIO_snprintf(tmp, sizeof tmp, "%c",
BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
? os_toebcdic[ch]
: '.');
#endif
BUF_strlcat(buf, tmp, sizeof buf);
BUF_strlcat(buf, tmp, sizeof(buf));
}
BUF_strlcat(buf, "\n", sizeof buf);
BUF_strlcat(buf, "\n", sizeof(buf));
/*
* if this is the last call then update the ddt_dump thing so that we
* will move the selection point in the debug window
*/
ret += cb((void *)buf, strlen(buf), u);
}
#ifdef TRUNCATE
if (trc > 0) {
BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str,
len + trc);
ret += cb((void *)buf, strlen(buf), u);
}
#endif
return (ret);
return ret;
}
#ifndef OPENSSL_NO_FP_API

8
crypto/bio/b_print.c
View File

@@ -385,7 +385,7 @@ _dopr(char **sbuffer,
if (cflags == DP_C_SHORT) {
short int *num;
num = va_arg(args, short int *);
*num = currlen;
*num = (short int)currlen;
} else if (cflags == DP_C_LONG) { /* XXX */
long int *num;
num = va_arg(args, long int *);
@@ -502,7 +502,7 @@ fmtint(char **sbuffer,
if (!(flags & DP_F_UNSIGNED)) {
if (value < 0) {
signvalue = '-';
uvalue = -value;
uvalue = 0 - (unsigned LLONG)value;
} else if (flags & DP_F_PLUS)
signvalue = '+';
else if (flags & DP_F_SPACE)
@@ -663,7 +663,7 @@ fmtfp(char **sbuffer,
iconvert[iplace++] = "0123456789"[intpart % 10];
intpart = (intpart / 10);
} while (intpart && (iplace < (int)sizeof(iconvert)));
if (iplace == sizeof iconvert)
if (iplace == sizeof(iconvert))
iplace--;
iconvert[iplace] = 0;
@@ -672,7 +672,7 @@ fmtfp(char **sbuffer,
fconvert[fplace++] = "0123456789"[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace < max);
if (fplace == sizeof fconvert)
if (fplace == sizeof(fconvert))
fplace--;
fconvert[fplace] = 0;

23
crypto/bio/b_sock.c
View File

@@ -56,6 +56,9 @@
* [including the GNU Public Licence.]
*/
#define _DEFAULT_SOURCE
#define _BSD_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
@@ -83,6 +86,11 @@ NETDB_DEFINE_CONTEXT
static int wsa_init_done = 0;
# endif
# if defined(__GLIBC__)
# define HAVE_GETHOSTBYNAME_R
# define GETHOSTNAME_R_BUF (2 * 1024)
# endif
/*
* WSAAPI specifier is required to make indirect calls to run-time
* linked WinSock 2 functions used in this module, to be specific
@@ -116,7 +124,12 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
int i;
int err = 1;
int locked = 0;
struct hostent *he;
struct hostent *he = NULL;
# ifdef HAVE_GETHOSTBYNAME_R
char buf[GETHOSTNAME_R_BUF];
struct hostent hostent;
int h_errnop;
# endif
i = get_ip(str, ip);
if (i < 0) {
@@ -138,10 +151,18 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
if (i > 0)
return (1);
/* if gethostbyname_r is supported, use it. */
# ifdef HAVE_GETHOSTBYNAME_R
memset(&hostent, 0x00, sizeof(hostent));
/* gethostbyname_r() sets |he| to NULL on error, we check it further down */
gethostbyname_r(str, &hostent, buf, sizeof(buf), &he, &h_errnop);
# else
/* do a gethostbyname */
CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
locked = 1;
he = BIO_gethostbyname(str);
# endif
if (he == NULL) {
BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP);
goto err;

Some files were not shown because too many files have changed in this diff Show More