ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.0h
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
...
compare: ag:openssl-1.0.2t
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

5 Commits
openssl-1. ... openssl-1.

Author SHA1 Message Date
Steve Dower
2653d15ab4 Import OpenSSL 1.0.2t 2019-09-16 11:28:31 +01:00
Steve Dower
e6c823a7e5 Import OpenSSL 1.0.2s 2019-06-17 08:41:08 -07:00
Steve Dower
4155d3c2bd Import OpenSSL 1.0.2q 2018-12-07 11:08:57 -08:00
Steve Dower
4b1c388f4d Import OpenSSL 1.0.2p 2018-08-14 09:04:53 -07:00
Steve Dower
4933cd8231 Update to OpenSSL 1.0.2.o 2018-04-13 17:33:44 +00:00
557 changed files with 144686 additions and 139251 deletions
Expand all files Collapse all files

285
CHANGES
View File

@@ -2,6 +2,284 @@
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.0.2s and 1.0.2t [10 Sep 2019]
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling `EC_GROUP_new_from_ecpkparameters()`/
`EC_GROUP_new_from_ecparameters()`.
This prevents bypass of security hardening and performance gains,
especially for curves with specialized EC_METHODs.
By default, if a key encoded with explicit parameters is loaded and later
serialized, the output is still encoded with explicit parameters, even if
internally a "named" EC_GROUP is used for computation.
[Nicola Tuveri]
*) Compute ECC cofactors if not provided during EC_GROUP construction. Before
this change, EC_GROUP_set_generator would accept order and/or cofactor as
NULL. After this change, only the cofactor parameter can be NULL. It also
does some minimal sanity checks on the passed order.
(CVE-2019-1547)
[Billy Bob Brumley]
*) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
(CVE-2019-1563)
[Bernd Edlinger]
*) Document issue with installation paths in diverse Windows builds
'/usr/local/ssl' is an unsafe prefix for location to install OpenSSL
binaries and run-time config file.
(CVE-2019-1552)
[Richard Levitte]
Changes between 1.0.2r and 1.0.2s [28 May 2019]
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
fixes an omission in earlier changes that changed all RSA, DSA and DH
generation apps to use 2048 bits by default.
[Kurt Roeckx]
*) Add FIPS support for Android Arm 64-bit
Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
Module in Version 2.0.10. For some reason, the corresponding target
'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be
built with FIPS support on Android Arm 64-bit. This omission has been
fixed.
[Matthias St. Pierre]
Changes between 1.0.2q and 1.0.2r [26 Feb 2019]
*) 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC. If the application then behaves differently
based on that in a way that is detectable to the remote peer, then this
amounts to a padding oracle that could be used to decrypt data.
In order for this to be exploitable "non-stitched" ciphersuites must be in
use. Stitched ciphersuites are optimised implementations of certain
commonly used ciphersuites. Also the application must call SSL_shutdown()
twice even if a protocol error has occurred (applications should not do
this but some do anyway).
This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod
Aviram, with additional investigation by Steven Collison and Andrew
Hourselt. It was reported to OpenSSL on 10th December 2018.
(CVE-2019-1559)
[Matt Caswell]
*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]
Changes between 1.0.2p and 1.0.2q [20 Nov 2018]
*) Microarchitecture timing vulnerability in ECC scalar multiplication
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks during
ECDSA signature generation could recover the private key.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro
Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
Nicola Tuveri.
(CVE-2018-5407)
[Billy Brumley]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
Module, accidentally introduced while backporting security fixes from the
development branch and hindering the use of ECC in FIPS mode.
[Nicola Tuveri]
Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe.
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
project.
(CVE-2018-0739)
[Matt Caswell]
Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
*) Read/write after SSL object in error state
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake
then OpenSSL would move into the error state and would immediately fail if
you attempted to continue the handshake. This works as designed for the
explicit handshake functions (SSL_do_handshake(), SSL_accept() and
SSL_connect()), however due to a bug it does not work correctly if
SSL_read() or SSL_write() is called directly. In that scenario, if the
handshake fails then a fatal error will be returned in the initial function
call. If SSL_read()/SSL_write() is subsequently called by the application
for the same SSL object then it will succeed and the data is passed without
being decrypted/encrypted directly from the SSL/TLS record layer.
In order to exploit this issue an application bug would have to be present
that resulted in a call to SSL_read()/SSL_write() being issued after having
already received a fatal error.
This issue was reported to OpenSSL by David Benjamin (Google).
(CVE-2017-3737)
[Matt Caswell]
*) rsaz_1024_mul_avx2 overflow bug on x86_64
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be
significant. However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
This issue was reported to OpenSSL by David Benjamin (Google). The issue
was originally found via the OSS-Fuzz project.
(CVE-2017-3738)
[Andy Polyakov]
Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
Changes between 1.0.2k and 1.0.2l [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
platform rather than 'mingw'.
[Richard Levitte]
Changes between 1.0.2j and 1.0.2k [26 Jan 2017] Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
*) Truncated packet could crash via OOB read *) Truncated packet could crash via OOB read
@@ -1923,8 +2201,11 @@
to work with OPENSSL_NO_SSL_INTERN defined. to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson] [Steve Henson]
*) Add SRP support. *) A long standing patch to add support for SRP from EdelWeb (Peter
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] Sylvester and Christophe Renou) was integrated.
[Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
<peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson] [Steve Henson]

50
CONTRIBUTING
View File

@@ -1,26 +1,26 @@
HOW TO CONTRIBUTE PATCHES TO OpenSSL HOW TO CONTRIBUTE TO OpenSSL
------------------------------------ ----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for (Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.) other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the Development is done on GitHub, https://github.com/openssl/openssl.
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
To submit a patch, make a pull request on GitHub. If you think the patch To request new features or report bugs, please open an issue on GitHub
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
Having addressed the following items before the PR will help make the To submit a patch, please open a pull request on GitHub. If you are thinking
acceptance and review process faster: of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
1. Anything other than trivial contributions will require a contributor To make it easier to review and accept your pull request, please follow these
licensing agreement, giving us permission to use your code. See guidelines:
https://www.openssl.org/policies/cla.html for details.
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with 2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the appropriate comment characters at the start of each line and the
@@ -34,21 +34,21 @@ acceptance and review process faster:
https://www.openssl.org/source/license.html https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase 3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove often. We do not accept merge commits, you will have to remove them
them before a patch is considered acceptable. (usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see 4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without https://www.openssl.org/policies/codingstyle.html) and compile
warnings. Where gcc or clang is availble you should use the without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied --strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. platforms: try to ensure you only use portable features. Clean builds
Clean builds via Travis and AppVeyor are expected, and done whenever via Travis and AppVeyor are required, and they are started automatically
a PR is created or updated. whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can 5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see either be added to an existing test, or completely new. Please see
test/README for information on the test framework. test/README for information on the test framework.
6. New features or changed functionality must include 6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/apps, doc/crypto documentation. Please look at the "pod" files in doc for
and doc/ssl for examples of our style. examples of our style.

60
Configure
View File

@@ -109,7 +109,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
# Minimum warning options... any contributions to OpenSSL should at least get # Minimum warning options... any contributions to OpenSSL should at least get
# past these. # past these.
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
# TODO(openssl-team): fix problems and investigate if (at least) the following # TODO(openssl-team): fix problems and investigate if (at least) the following
# warnings can also be enabled: # warnings can also be enabled:
@@ -118,7 +118,7 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare
# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, # -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
# -Wextended-offsetof # -Wextended-offsetof
my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; my $clang_disabled_warnings = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
# These are used in addition to $gcc_devteam_warn when the compiler is clang. # These are used in addition to $gcc_devteam_warn when the compiler is clang.
# TODO(openssl-team): fix problems and investigate if (at least) the # TODO(openssl-team): fix problems and investigate if (at least) the
@@ -128,7 +128,7 @@ my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initiali
# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, # -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
# -Wextended-offsetof # -Wextended-offsetof
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; my $clang_devteam_warn = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
# Warn that "make depend" should be run? # Warn that "make depend" should be run?
my $warn_make_depend = 0; my $warn_make_depend = 0;
@@ -354,7 +354,7 @@ my %table=(
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", "MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# DEC Alpha OSF/1/Tru64 targets. # DEC Alpha OSF/1/Tru64 targets.
# #
@@ -475,6 +475,7 @@ my %table=(
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### *BSD [do see comment about ${BSDthreads} above!] #### *BSD [do see comment about ${BSDthreads} above!]
"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -592,9 +593,9 @@ my %table=(
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", "debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target # Unified CE target
"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5 # Borland C++ 4.5
@@ -1173,6 +1174,7 @@ foreach (sort (keys %disabled))
$depflags .= " -DOPENSSL_NO_$ALGO"; $depflags .= " -DOPENSSL_NO_$ALGO";
} }
} }
if (/^comp$/) { $zlib = 0; }
} }
print "\n"; print "\n";
@@ -1269,7 +1271,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; } if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; } else { $lflags=$prelflags; undef $prelflags; }
if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{ {
$cflags =~ s/\-mno\-cygwin\s*//; $cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//; $shared_ldflag =~ s/\-mno\-cygwin\s*//;
@@ -1661,18 +1663,32 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2; $shlib_minor=$2;
} }
my $ecc = $cc; my %predefined;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
# collect compiler pre-defines from gcc or gcc-alike...
open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
while (<PIPE>) {
m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
$predefined{$1} = defined($2) ? $2 : "";
}
close(PIPE);
# Xcode did not handle $cc -M before clang support
my $cc_as_makedepend = 0;
if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
&& !defined($predefined{__clang__}))) {
$cc_as_makedepend = 1;
}
if ($strict_warnings) if ($strict_warnings)
{ {
my $wopt; my $wopt;
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn) foreach $wopt (split /\s+/, $gcc_devteam_warn)
{ {
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
} }
if ($ecc eq "clang") if (defined($predefined{__clang__}))
{ {
foreach $wopt (split /\s+/, $clang_devteam_warn) foreach $wopt (split /\s+/, $clang_devteam_warn)
{ {
@@ -1723,15 +1739,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
} }
else { else {
s/^CC=.*$/CC= $cc/; s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/; s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/; s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/; s/^RC=.*/RC= $windres/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
} }
s/^CFLAG=.*$/CFLAG= $cflags/; s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
@@ -2041,12 +2056,13 @@ EOF
close(OUT); close(OUT);
} else { } else {
my $make_command = "$make PERL=\'$perl\'"; my $make_command = "$make PERL=\'$perl\'";
my $make_targets = ""; my @make_targets = ();
$make_targets .= " links" if $symlink; push @make_targets, "links" if $symlink;
$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend;
$make_targets .= " gentests" if $symlink; push @make_targets, "gentests" if $symlink;
(system $make_command.$make_targets) == 0 or exit $? foreach my $make_target (@make_targets) {
if $make_targets ne ""; (system "$make_command $make_target") == 0 or exit $?;
}
if ( $perl =~ m@^/@) { if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
@@ -2056,8 +2072,8 @@ EOF
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
} }
if ($depflags ne $default_depflags && !$make_depend) { if ($depflags ne $default_depflags && !$make_depend) {
$warn_make_depend++; $warn_make_depend++;
} }
} }
# create the ms/version32.rc file if needed # create the ms/version32.rc file if needed

6
INSTALL
View File

@@ -190,10 +190,8 @@
the failure that isn't a problem in OpenSSL itself (like a missing the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself, or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line try removing any compiler optimization flags from the CFLAG line
in Makefile.ssl and run "make clean; make". Please send a bug in Makefile.ssl and run "make clean; make". To report a bug please open an
report to <openssl-bugs@openssl.org>, including the output of issue on GitHub, at https://github.com/openssl/openssl/issues.
"make report" in order to be added to the request tracker at
http://www.openssl.org/support/rt.html.
4. If everything tests ok, install OpenSSL with 4. If everything tests ok, install OpenSSL with

14
INSTALL.DJGPP
View File

@@ -33,8 +33,18 @@
running in a DOS box under Windows. If so, just close the BASH running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again. shell, go back to Windows, and restart BASH. Then run "make" again.
RUN-TIME CAVEAT LECTOR CAVEAT LECTOR
-------------- -------------
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
### Entropy
Quoting FAQ: Quoting FAQ:

24
INSTALL.W32
View File

@@ -34,6 +34,17 @@
get it all to work. See the trouble shooting section later on for if (when?) get it all to work. See the trouble shooting section later on for if (when?)
it goes wrong. it goes wrong.
CAVEAT LECTOR
-------------
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
Visual C++ Visual C++
---------- ----------
@@ -104,7 +115,7 @@
--------------------- ---------------------
* Configure for building with Borland Builder: * Configure for building with Borland Builder:
> perl Configure BC-32 > perl Configure BC-32 --prefix=c:\some\openssl\dir
* Create the appropriate makefile * Create the appropriate makefile
> ms\do_nasm > ms\do_nasm
@@ -196,7 +207,7 @@
* Compile OpenSSL: * Compile OpenSSL:
$ ./config $ ./config --prefix=c:/some/openssl/dir
[...] [...]
$ make $ make
[...] [...]
@@ -206,7 +217,11 @@
and openssl.exe application in apps directory. and openssl.exe application in apps directory.
It is also possible to cross-compile it on Linux by configuring It is also possible to cross-compile it on Linux by configuring
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'. like this:
$ ./Configure --cross-compile-prefix=i386-mingw32- \
--prefix=c:/some/openssl/dir mingw ...
'make test' is naturally not applicable then. 'make test' is naturally not applicable then.
libcrypto.a and libssl.a are the static libraries. To use the DLLs, libcrypto.a and libssl.a are the static libraries. To use the DLLs,
@@ -240,6 +255,9 @@
$ copy /b out32dll\libeay32.dll c:\openssl\bin $ copy /b out32dll\libeay32.dll c:\openssl\bin
$ copy /b out32dll\openssl.exe c:\openssl\bin $ copy /b out32dll\openssl.exe c:\openssl\bin
("c:\openssl" should be whatever you specified to --prefix when
configuring the build)
Of course, you can choose another device than c:. C: is used here Of course, you can choose another device than c:. C: is used here
because that's usually the first (and often only) harddisk device. because that's usually the first (and often only) harddisk device.
Note: in the modssl INSTALL.Win32, p: is used rather than c:. Note: in the modssl INSTALL.Win32, p: is used rather than c:.

12
INSTALL.W64
View File

@@ -30,6 +30,14 @@
Neither of these is actually big deal and hardly encountered Neither of these is actually big deal and hardly encountered
in real-life applications. in real-life applications.
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
Compiling procedure Compiling procedure
------------------- -------------------
@@ -43,7 +51,7 @@
To build for Win64/x64: To build for Win64/x64:
> perl Configure VC-WIN64A > perl Configure VC-WIN64A --prefix=c:\some\openssl\dir
> ms\do_win64a > ms\do_win64a
> nmake -f ms\ntdll.mak > nmake -f ms\ntdll.mak
> cd out32dll > cd out32dll
@@ -51,7 +59,7 @@
To build for Win64/IA64: To build for Win64/IA64:
> perl Configure VC-WIN64I > perl Configure VC-WIN64I --prefix=c:\some\openssl\dir
> ms\do_win64i > ms\do_win64i
> nmake -f ms\ntdll.mak > nmake -f ms\ntdll.mak
> cd out32dll > cd out32dll

13
INSTALL.WCE
View File

@@ -35,6 +35,17 @@
redirects IO to active sync link, while PortSDK - to NT-like console redirects IO to active sync link, while PortSDK - to NT-like console
driver on the handheld itself. driver on the handheld itself.
CAVEAT LECTOR
-------------
### Default install and config paths
./Configure defaults to '/usr/local/ssl' as installation top. This is
suitable for Unix, but not for Windows, where this usually is a world
writable directory and therefore accessible for change by untrusted users.
It is therefore recommended to set your own --prefix or --openssldir to
some location that is not world writeable (see the example above)
Building Building
-------- --------
@@ -61,7 +72,7 @@
Next you should run Configure: Next you should run Configure:
> perl Configure VC-CE > perl Configure VC-CE --prefix=c:\some\openssl\dir
Next you need to build the Makefiles: Next you need to build the Makefiles:

4
LICENSE
View File

@@ -2,7 +2,7 @@
LICENSE ISSUES LICENSE ISSUES
============== ==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit. the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL Open Source licenses. In case of any license issues related to OpenSSL
@@ -12,7 +12,7 @@
--------------- ---------------
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions

2918
MINFO
View File

File diff suppressed because it is too large Load Diff

14
MacOS/Randomizer.cpp
View File

@@ -266,7 +266,7 @@ void CRandomizer::AddCurrentMouse (void)
if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 && if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2) labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
AddBytes (&mouseLoc, sizeof (mouseLoc), AddBytes (&mouseLoc, sizeof(mouseLoc),
kMousePositionEntropy); kMousePositionEntropy);
if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v) if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
@@ -286,7 +286,7 @@ void CRandomizer::AddCurrentMouse (void)
(kTypicalMouseIdleTicks/(double)lastCheck); (kTypicalMouseIdleTicks/(double)lastCheck);
if (entropy < 0.0) if (entropy < 0.0)
entropy = 0.0; entropy = 0.0;
AddBytes (&mMouseStill, sizeof (mMouseStill), entropy); AddBytes (&mMouseStill, sizeof(mMouseStill), entropy);
mMouseStill = 0; mMouseStill = 0;
} }
mLastMouse = mouseLoc; mLastMouse = mouseLoc;
@@ -299,7 +299,7 @@ void CRandomizer::AddAbsoluteSystemStartupTime (void)
GetDateTime (&now); GetDateTime (&now);
now -= TickCount() / 60; // Time in ticks since machine now -= TickCount() / 60; // Time in ticks since machine
// startup // startup
AddBytes (&now, sizeof (now), kSysStartupEntropy); AddBytes (&now, sizeof(now), kSysStartupEntropy);
} }
void CRandomizer::AddTimeSinceMachineStartup (void) void CRandomizer::AddTimeSinceMachineStartup (void)
@@ -314,7 +314,7 @@ void CRandomizer::AddAppRunningTime (void)
ProcessSerialNumber PSN; ProcessSerialNumber PSN;
ProcessInfoRec ProcessInfo; ProcessInfoRec ProcessInfo;
ProcessInfo.processInfoLength = sizeof (ProcessInfoRec); ProcessInfo.processInfoLength = sizeof(ProcessInfoRec);
ProcessInfo.processName = nil; ProcessInfo.processName = nil;
ProcessInfo.processAppSpec = nil; ProcessInfo.processAppSpec = nil;
@@ -324,7 +324,7 @@ void CRandomizer::AddAppRunningTime (void)
// Now add the amount of time in ticks that the current process // Now add the amount of time in ticks that the current process
// has been active // has been active
AddBytes (&ProcessInfo, sizeof (ProcessInfoRec), AddBytes (&ProcessInfo, sizeof(ProcessInfoRec),
kApplicationUpTimeEntropy); kApplicationUpTimeEntropy);
} }
@@ -353,7 +353,7 @@ void CRandomizer::AddStartupVolumeInfo (void)
// unpredictable, so might as well toss the whole block in. See // unpredictable, so might as well toss the whole block in. See
// comments for entropy estimate justifications. // comments for entropy estimate justifications.
AddBytes (&pb, sizeof (pb), AddBytes (&pb, sizeof(pb),
kVolumeBytesEntropy + kVolumeBytesEntropy +
log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi) log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
* 4294967296.0D + * 4294967296.0D +
@@ -419,7 +419,7 @@ void CRandomizer::AddBytes (void *data, long size, double entropy)
void CRandomizer::AddNow (double millisecondUncertainty) void CRandomizer::AddNow (double millisecondUncertainty)
{ {
long time = SysTimer(); long time = SysTimer();
AddBytes (&time, sizeof (time), log2l (millisecondUncertainty * AddBytes (&time, sizeof(time), log2l (millisecondUncertainty *
mTimebaseTicksPerMillisec)); mTimebaseTicksPerMillisec));
} }

1376
Makefile
View File

File diff suppressed because it is too large Load Diff

1376
Makefile.bak
View File

File diff suppressed because it is too large Load Diff

10
Makefile.org
View File

@@ -424,6 +424,14 @@ clean: libclean
rm -fr $$i/*; \ rm -fr $$i/*; \
done done
distclean: clean
-$(RM) `find . -name .git -prune -o -type l -print`
$(RM) apps/CA.pl
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
$(RM) tools/c_rehash
$(RM) crypto/opensslconf.h
$(RM) Makefile Makefile.bak
makefile.one: files makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \ $(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh sh util/do_ms.sh
@@ -511,7 +519,7 @@ $(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \ \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
| sort > $(TARFILE).list | sort > $(TARFILE).list
tar: $(TARFILE).list tar: $(TARFILE).list

48
NEWS
View File

@@ -5,6 +5,54 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019]
o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
(CVE-2019-1563)
o For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
o Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
o Document issue with installation paths in diverse Windows builds
(CVE-2019-1552)
Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019]
o None
Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
o 0-byte record padding oracle (CVE-2019-1559)
Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018]
o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
o Client DoS due to large DH parameter (CVE-2018-0732)
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
o Read/write after SSL object in error state (CVE-2017-3737)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
o Truncated packet could crash via OOB read (CVE-2017-3731) o Truncated packet could crash via OOB read (CVE-2017-3731)

4
README
View File

@@ -1,7 +1,7 @@
OpenSSL 1.0.2k 26 Jan 2017 OpenSSL 1.0.2t 10 Sep 2019
Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved. All rights reserved.

2
README.md
View File

@@ -1,2 +0,0 @@
# cpython-source-deps
Source for packages that the cpython build process depends on

4
apps/app_rand.c
View File

@@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
#endif #endif
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) { else if (RAND_egd(file) > 0) {
/* /*
* we try if the given filename is an EGD socket. if it is, we don't * we try if the given filename is an EGD socket. if it is, we don't
@@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
return 0; return 0;
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) { if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n"); BIO_printf(bio_e, "unable to write 'random state'\n");
return 0; return 0;

75
apps/apps.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -148,6 +148,10 @@
#ifdef _WIN32 #ifdef _WIN32
static int WIN32_rename(const char *from, const char *to); static int WIN32_rename(const char *from, const char *to);
# define rename(from,to) WIN32_rename((from),(to)) # define rename(from,to) WIN32_rename((from),(to))
# ifdef fileno
# undef fileno
# endif
# define fileno(a) (int)_fileno(a)
#endif #endif
typedef struct { typedef struct {
@@ -1355,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
}; };
if (set_multi_opts(flags, arg, ex_tbl) == 0) if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0; return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0) if (*flags != XN_FLAG_COMPAT
&& (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC; *flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1; return 1;
} }
@@ -1734,9 +1739,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
BUF_strlcpy(buf[0], serialfile, BSIZE); BUF_strlcpy(buf[0], serialfile, BSIZE);
else { else {
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif #endif
} }
#ifdef RL_DEBUG #ifdef RL_DEBUG
@@ -1785,14 +1790,14 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else #else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif #endif
#ifdef RL_DEBUG #ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
@@ -1873,9 +1878,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err; goto err;
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
#else #else
BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
#endif #endif
dbattr_conf = NCONF_new(NULL); dbattr_conf = NCONF_new(NULL);
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
@@ -1963,19 +1968,19 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
#else #else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
#else #else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif #endif
#ifdef RL_DEBUG #ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
@@ -2024,29 +2029,29 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
#else #else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
#else #else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
#else #else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
#else #else
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
#endif #endif
#ifdef RL_DEBUG #ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
@@ -2600,7 +2605,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx); JPAKE_STEP3A_generate(&s3a, ctx);
BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
(void)BIO_flush(bconn); (void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a); JPAKE_STEP3A_release(&s3a);
} }
@@ -2611,7 +2616,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx); JPAKE_STEP3B_generate(&s3b, ctx);
BIO_write(bconn, s3b.hk, sizeof s3b.hk); BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
(void)BIO_flush(bconn); (void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b); JPAKE_STEP3B_release(&s3b);
} }
@@ -2621,7 +2626,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
char buf[10240]; char buf[10240];
int l; int l;
l = BIO_gets(bconn, buf, sizeof buf); l = BIO_gets(bconn, buf, sizeof(buf));
assert(l > 0); assert(l > 0);
assert(buf[l - 1] == '\n'); assert(buf[l - 1] == '\n');
buf[l - 1] = '\0'; buf[l - 1] = '\0';
@@ -2668,8 +2673,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
int l; int l;
JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_init(&s3a);
l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
assert(l == sizeof s3a.hhk); assert(l == sizeof(s3a.hhk));
if (!JPAKE_STEP3A_process(ctx, &s3a)) { if (!JPAKE_STEP3A_process(ctx, &s3a)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
exit(1); exit(1);
@@ -2683,8 +2688,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
int l; int l;
JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_init(&s3b);
l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
assert(l == sizeof s3b.hk); assert(l == sizeof(s3b.hk));
if (!JPAKE_STEP3B_process(ctx, &s3b)) { if (!JPAKE_STEP3B_process(ctx, &s3b)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
exit(1); exit(1);
@@ -2788,13 +2793,13 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
OPENSSL_free(out); OPENSSL_free(out);
return NULL; return NULL;
} }
out[start] = i - start; out[start] = (unsigned char)(i - start);
start = i + 1; start = i + 1;
} else } else
out[i + 1] = in[i]; out[i + 1] = in[i];
} }
*outlen = len + 1; *outlen = (unsigned char)(len + 1);
return out; return out;
} }
#endif /* ndef OPENSSL_NO_TLSEXT */ #endif /* ndef OPENSSL_NO_TLSEXT */

8
apps/asn1pars.c
View File

@@ -295,7 +295,7 @@ int MAIN(int argc, char **argv)
ASN1_TYPE *atmp; ASN1_TYPE *atmp;
int typ; int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i)); j = atoi(sk_OPENSSL_STRING_value(osk, i));
if (j == 0) { if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is an invalid number\n", BIO_printf(bio_err, "'%s' is an invalid number\n",
sk_OPENSSL_STRING_value(osk, i)); sk_OPENSSL_STRING_value(osk, i));
continue; continue;
@@ -327,14 +327,14 @@ int MAIN(int argc, char **argv)
num = tmplen; num = tmplen;
} }
if (offset >= num) { if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset too large\n"); BIO_printf(bio_err, "Error: offset out of range\n");
goto end; goto end;
} }
num -= offset; num -= offset;
if ((length == 0) || ((long)length > num)) if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num; length = (unsigned int)num;
if (derout) { if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) { if (BIO_write(derout, str + offset, length) != (int)length) {

270
apps/ca.c
View File

@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
if (j > 0) { if (j > 0) {
total_done++; total_done++;
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
if (!BN_add_word(serial, 1)) if (!BN_add_word(serial, 1)) {
X509_free(x);
goto err; goto err;
}
if (!sk_X509_push(cert_sk, x)) { if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
X509_free(x);
goto err; goto err;
} }
} }
@@ -1628,8 +1631,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *lconf, unsigned long certopt, unsigned long nameopt, CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign) int default_op, int ext_copy, int selfsign)
{ {
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
NULL;
ASN1_UTCTIME *tm, *tmptm; ASN1_UTCTIME *tm, *tmptm;
ASN1_STRING *str, *str2; ASN1_STRING *str, *str2;
ASN1_OBJECT *obj; ASN1_OBJECT *obj;
@@ -1817,8 +1819,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) { if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) { if (!X509_NAME_add_entry(subject, push, -1, 0)) {
if (push != NULL)
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;
} }
@@ -1836,104 +1836,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err; goto err;
} }
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
/*
* and add it later on because of the method extensions are added
* (altName)
*/
if (email_dn)
dn_subject = subject;
else {
X509_NAME_ENTRY *tmpne;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
}
if (BN_is_zero(serial))
row[DB_serial] = BUF_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto err;
}
/* We are now totally happy, lets make and sign the certificate */ /* We are now totally happy, lets make and sign the certificate */
if (verbose) if (verbose)
BIO_printf(bio_err, BIO_printf(bio_err,
@@ -1985,10 +1887,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */ /* Lets add the extensions, if there are any */
if (ext_sect) { if (ext_sect) {
X509V3_CTX ctx; X509V3_CTX ctx;
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
goto err;
ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/* /*
* Free the current entries if any, there should not be any I believe * Free the current entries if any, there should not be any I believe
@@ -2051,10 +1949,133 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err; goto err;
} }
/* Set the right value for the noemailDN option */ {
if (email_dn == 0) { STACK_OF(X509_EXTENSION) *exts = ci->extensions;
if (!X509_set_subject_name(ret, dn_subject))
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto err;
}
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
if (!email_dn) {
X509_NAME_ENTRY *tmpne;
X509_NAME *dn_subject;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
if (!X509_set_subject_name(ret, dn_subject)) {
X509_NAME_free(dn_subject);
goto err;
}
X509_NAME_free(dn_subject);
}
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (BN_is_zero(serial))
row[DB_serial] = BUF_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (row[DB_name][0] == '\0') {
/*
* An empty subject! We'll use the serial number instead. If
* unique_subject is in use then we don't want different entries with
* empty subjects matching each other.
*/
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto err;
} }
if (!default_op) { if (!default_op) {
@@ -2105,10 +2126,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1); row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1); row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8); row[DB_file] = OPENSSL_malloc(8);
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) || (row[DB_rev_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) { (row[DB_file] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;
} }
@@ -2126,10 +2146,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err; goto err;
} }
for (i = 0; i < DB_NUMBER; i++) { for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i]; irow[i] = row[i];
row[i] = NULL;
}
irow[DB_NUMBER] = NULL; irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) { if (!TXT_DB_insert(db->db, irow)) {
@@ -2137,18 +2155,19 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
goto err; goto err;
} }
irow = NULL;
ok = 1; ok = 1;
err: err:
for (i = 0; i < DB_NUMBER; i++) if (ok != 1) {
if (row[i] != NULL) for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]); OPENSSL_free(row[i]);
}
OPENSSL_free(irow);
if (CAname != NULL) if (CAname != NULL)
X509_NAME_free(CAname); X509_NAME_free(CAname);
if (subject != NULL) if (subject != NULL)
X509_NAME_free(subject); X509_NAME_free(subject);
if ((dn_subject != NULL) && !email_dn)
X509_NAME_free(dn_subject);
if (tmptm != NULL) if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm); ASN1_UTCTIME_free(tmptm);
if (ok <= 0) { if (ok <= 0) {
@@ -2351,6 +2370,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
else else
row[DB_serial] = BN_bn2hex(bn); row[DB_serial] = BN_bn2hex(bn);
BN_free(bn); BN_free(bn);
if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
/* Entries with empty Subjects actually use the serial number instead */
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
}
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;
@@ -2396,18 +2420,20 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
goto err; goto err;
} }
for (i = 0; i < DB_NUMBER; i++) { for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i]; irow[i] = row[i];
row[i] = NULL;
}
irow[DB_NUMBER] = NULL; irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) { if (!TXT_DB_insert(db->db, irow)) {
BIO_printf(bio_err, "failed to update database\n"); BIO_printf(bio_err, "failed to update database\n");
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
OPENSSL_free(irow);
goto err; goto err;
} }
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
/* Revoke Certificate */ /* Revoke Certificate */
if (type == -1) if (type == -1)
ok = 1; ok = 1;

2
apps/ciphers.c
View File

@@ -217,7 +217,7 @@ int MAIN(int argc, char **argv)
BIO_printf(STDout, "%s - ", nm); BIO_printf(STDout, "%s - ", nm);
} }
#endif #endif
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
} }
} }

10
apps/cms.c
View File

@@ -4,7 +4,7 @@
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved. * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -977,12 +977,16 @@ int MAIN(int argc, char **argv)
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate"); e, "signer certificate");
if (!signer) if (!signer) {
ret = 2;
goto end; goto end;
}
key = load_key(bio_err, keyfile, keyform, 0, passin, e, key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file"); "signing key file");
if (!key) if (!key) {
ret = 2;
goto end; goto end;
}
for (kparam = key_first; kparam; kparam = kparam->next) { for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) { if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM; tflags |= CMS_KEY_PARAM;

2
apps/dgst.c
View File

@@ -145,7 +145,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
/* first check the program name */ /* first check the program name */
program_name(argv[0], pname, sizeof pname); program_name(argv[0], pname, sizeof(pname));
md = EVP_get_digestbyname(pname); md = EVP_get_digestbyname(pname);

24
apps/dhparam.c
View File

@@ -381,10 +381,19 @@ int MAIN(int argc, char **argv)
} else } else
# endif # endif
{ {
if (informat == FORMAT_ASN1) if (informat == FORMAT_ASN1) {
/*
* We have no PEM header to determine what type of DH params it
* is. We'll just try both.
*/
dh = d2i_DHparams_bio(in, NULL); dh = d2i_DHparams_bio(in, NULL);
else /* informat == FORMAT_PEM */ /* BIO_reset() returns 0 for success for file BIOs only!!! */
if (dh == NULL && BIO_reset(in) == 0)
dh = d2i_DHxparams_bio(in, NULL);
} else {
/* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
}
if (dh == NULL) { if (dh == NULL) {
BIO_printf(bio_err, "unable to load DH parameters\n"); BIO_printf(bio_err, "unable to load DH parameters\n");
@@ -484,10 +493,13 @@ int MAIN(int argc, char **argv)
} }
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1) {
i = i2d_DHparams_bio(out, dh); if (dh->q != NULL)
else if (outformat == FORMAT_PEM) { i = i2d_DHxparams_bio(out, dh);
if (dh->q) else
i = i2d_DHparams_bio(out, dh);
} else if (outformat == FORMAT_PEM) {
if (dh->q != NULL)
i = PEM_write_bio_DHxparams(out, dh); i = PEM_write_bio_DHxparams(out, dh);
else else
i = PEM_write_bio_DHparams(out, dh); i = PEM_write_bio_DHparams(out, dh);

3
apps/dsa.c
View File

@@ -327,6 +327,9 @@ int MAIN(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk; EVP_PKEY *pk;
pk = EVP_PKEY_new(); pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa); EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK) if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);

3
apps/dsaparam.c
View File

@@ -382,6 +382,9 @@ int MAIN(int argc, char **argv)
printf("\treturn(dsa);\n\t}\n"); printf("\treturn(dsa);\n\t}\n");
} }
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa); i = i2d_DSAparams_bio(out, dsa);

8
apps/ecparam.c
View File

@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project. * Written by Nils Larsch for the OpenSSL project.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -546,6 +546,9 @@ int MAIN(int argc, char **argv)
BIO_printf(out, "\treturn(group);\n\t}\n"); BIO_printf(out, "\treturn(group);\n\t}\n");
} }
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group); i = i2d_ECPKParameters_bio(out, group);
@@ -582,6 +585,9 @@ int MAIN(int argc, char **argv)
if (EC_KEY_set_group(eckey, group) == 0) if (EC_KEY_set_group(eckey, group) == 0)
goto end; goto end;
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) { if (!EC_KEY_generate_key(eckey)) {
EC_KEY_free(eckey); EC_KEY_free(eckey);
goto end; goto end;

57
apps/enc.c
View File

@@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out, int size);
#define BSIZE (8*1024) #define BSIZE (8*1024)
#define PROG enc_main #define PROG enc_main
static void show_ciphers(const OBJ_NAME *name, void *bio_) struct doall_enc_ciphers {
BIO *bio;
int n;
};
static void show_ciphers(const OBJ_NAME *name, void *arg)
{ {
BIO *bio = bio_; struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
static int n; const EVP_CIPHER *cipher;
if (!islower((unsigned char)*name->name)) if (!islower((unsigned char)*name->name))
return; return;
BIO_printf(bio, "-%-25s", name->name); /* Filter out ciphers that we cannot use */
if (++n == 3) { cipher = EVP_get_cipherbyname(name->name);
BIO_printf(bio, "\n"); if (cipher == NULL ||
n = 0; (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else } else
BIO_printf(bio, " "); BIO_printf(dec->bio, " ");
} }
int MAIN(int, char **); int MAIN(int, char **);
@@ -102,7 +114,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
static const char magic[] = "Salted__"; static const char magic[] = "Salted__";
char mbuf[sizeof magic - 1]; char mbuf[sizeof(magic) - 1];
char *strbuf = NULL; char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL; unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0; int bsize = BSIZE, verbose = 0;
@@ -130,6 +142,7 @@ int MAIN(int argc, char **argv)
ENGINE *e = NULL; ENGINE *e = NULL;
const EVP_MD *dgst = NULL; const EVP_MD *dgst = NULL;
int non_fips_allow = 0; int non_fips_allow = 0;
struct doall_enc_ciphers dec;
apps_startup(); apps_startup();
@@ -141,7 +154,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
/* first check the program name */ /* first check the program name */
program_name(argv[0], pname, sizeof pname); program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0) if (strcmp(pname, "base64") == 0)
base64 = 1; base64 = 1;
#ifdef ZLIB #ifdef ZLIB
@@ -234,7 +247,7 @@ int MAIN(int argc, char **argv)
goto bad; goto bad;
} }
buf[0] = '\0'; buf[0] = '\0';
if (!fgets(buf, sizeof buf, infile)) { if (!fgets(buf, sizeof(buf), infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file); BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad; goto bad;
} }
@@ -311,8 +324,10 @@ int MAIN(int argc, char **argv)
#endif #endif
BIO_printf(bio_err, "Cipher Types\n"); BIO_printf(bio_err, "Cipher Types\n");
dec.n = 0;
dec.bio = bio_err;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, bio_err); show_ciphers, &dec);
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
goto end; goto end;
@@ -417,7 +432,7 @@ int MAIN(int argc, char **argv)
for (;;) { for (;;) {
char buf[200]; char buf[200];
BIO_snprintf(buf, sizeof buf, "enter %s %s password:", BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)), OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption"); (enc) ? "encryption" : "decryption");
strbuf[0] = '\0'; strbuf[0] = '\0';
@@ -502,31 +517,31 @@ int MAIN(int argc, char **argv)
else { else {
if (enc) { if (enc) {
if (hsalt) { if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) { if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n"); BIO_printf(bio_err, "invalid hex salt value\n");
goto end; goto end;
} }
} else if (RAND_bytes(salt, sizeof salt) <= 0) } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end; goto end;
/* /*
* If -P option then don't bother writing * If -P option then don't bother writing
*/ */
if ((printkey != 2) if ((printkey != 2)
&& (BIO_write(wbio, magic, && (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1 sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio, || BIO_write(wbio,
(char *)salt, (char *)salt,
sizeof salt) != sizeof salt)) { sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n"); BIO_printf(bio_err, "error writing output file\n");
goto end; goto end;
} }
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio, || BIO_read(rbio,
(unsigned char *)salt, (unsigned char *)salt,
sizeof salt) != sizeof salt) { sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n"); BIO_printf(bio_err, "error reading input file\n");
goto end; goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) { } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n"); BIO_printf(bio_err, "bad magic number\n");
goto end; goto end;
} }
@@ -549,7 +564,7 @@ int MAIN(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher); int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) { if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n"); BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) { } else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n"); BIO_printf(bio_err, "invalid hex iv value\n");
goto end; goto end;
} }

9
apps/engine.c
View File

@@ -108,13 +108,16 @@ static int append_buf(char **buf, const char *s, int *size, int step)
} }
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
char *p = *buf;
*size += step; *size += step;
*buf = OPENSSL_realloc(*buf, *size); *buf = OPENSSL_realloc(*buf, *size);
if (*buf == NULL) {
OPENSSL_free(p);
return 0;
}
} }
if (*buf == NULL)
return 0;
if (**buf != '\0') if (**buf != '\0')
BUF_strlcat(*buf, ", ", *size); BUF_strlcat(*buf, ", ", *size);
BUF_strlcat(*buf, s, *size); BUF_strlcat(*buf, s, *size);

2
apps/errstr.c
View File

@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
for (i = 1; i < argc; i++) { for (i = 1; i < argc; i++) {
if (sscanf(argv[i], "%lx", &l)) { if (sscanf(argv[i], "%lx", &l)) {
ERR_error_string_n(l, buf, sizeof buf); ERR_error_string_n(l, buf, sizeof(buf));
printf("%s\n", buf); printf("%s\n", buf);
} else { } else {
printf("%s: bad error code\n", argv[i]); printf("%s: bad error code\n", argv[i]);

5
apps/ocsp.c
View File

@@ -4,7 +4,7 @@
* 2000. * 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -787,7 +787,6 @@ int MAIN(int argc, char **argv)
OCSP_response_status_str(i), i); OCSP_response_status_str(i), i);
if (ignore_err) if (ignore_err)
goto redo_accept; goto redo_accept;
ret = 0;
goto end; goto end;
} }
@@ -1195,7 +1194,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
*pcbio = cbio; *pcbio = cbio;
for (;;) { for (;;) {
len = BIO_gets(cbio, inbuf, sizeof inbuf); len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0) if (len <= 0)
return 1; return 1;
/* Look for "POST" signalling start of query */ /* Look for "POST" signalling start of query */

6
apps/openssl.c
View File

@@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[])
prog = prog_init(); prog = prog_init();
/* first check the program name */ /* first check the program name */
program_name(Argv[0], pname, sizeof pname); program_name(Argv[0], pname, sizeof(pname));
f.name = pname; f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f); fp = lh_FUNCTION_retrieve(prog, &f);
@@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[])
for (;;) { for (;;) {
ret = 0; ret = 0;
p = buf; p = buf;
n = sizeof buf; n = sizeof(buf);
i = 0; i = 0;
for (;;) { for (;;) {
p[0] = '\0'; p[0] = '\0';
@@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void)
/* Purely so it looks nice when the user hits ? */ /* Purely so it looks nice when the user hits ? */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
qsort(functions, i, sizeof *functions, SortFnByName); qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new()) == NULL) if ((ret = lh_FUNCTION_new()) == NULL)
return (NULL); return (NULL);

20
apps/passwd.c
View File

@@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
/* ignore rest of line */ /* ignore rest of line */
char trash[BUFSIZ]; char trash[BUFSIZ];
do do
r = BIO_gets(in, trash, sizeof trash); r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n'))); while ((r > 0) && (!strchr(trash, '\n')));
} }
@@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
out_buf[0] = '$'; out_buf[0] = '$';
out_buf[1] = 0; out_buf[1] = 0;
assert(strlen(magic) <= 4); /* "1" or "apr1" */ assert(strlen(magic) <= 4); /* "1" or "apr1" */
strncat(out_buf, magic, 4); BUF_strlcat(out_buf, magic, sizeof(out_buf));
strncat(out_buf, "$", 1); BUF_strlcat(out_buf, "$", sizeof(out_buf));
strncat(out_buf, salt, 8); BUF_strlcat(out_buf, salt, sizeof(out_buf));
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic); salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out); salt_len = strlen(salt_out);
@@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(&md2, buf, NULL);
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf))
EVP_DigestUpdate(&md, buf, sizeof buf); EVP_DigestUpdate(&md, buf, sizeof(buf));
EVP_DigestUpdate(&md, buf, i); EVP_DigestUpdate(&md, buf, i);
n = passwd_len; n = passwd_len;
@@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf); (i & 1) ? passwd_len : sizeof(buf));
if (i % 3) if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7) if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof buf : passwd_len); (i & 1) ? sizeof(buf) : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(&md2, buf, NULL);
} }
EVP_MD_CTX_cleanup(&md2); EVP_MD_CTX_cleanup(&md2);
@@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{ {
/* transform buf into output string */ /* transform buf into output string */
unsigned char buf_perm[sizeof buf]; unsigned char buf_perm[sizeof(buf)];
int dest, source; int dest, source;
char *output; char *output;
@@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[15] = buf[11]; buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no # ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */ * effect" warning */
assert(16 == sizeof buf_perm); assert(16 == sizeof(buf_perm));
# endif # endif
output = salt_out + salt_len; output = salt_out + salt_len;

10
apps/pkcs12.c
View File

@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read MAC password"); CRYPTO_push_info("read MAC password");
# endif # endif
if (EVP_read_pw_string if (EVP_read_pw_string
(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
} }
@@ -629,13 +629,13 @@ int MAIN(int argc, char **argv)
# endif # endif
if (!noprompt && if (!noprompt &&
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) { 1)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto export_end; goto export_end;
} }
if (!twopass) if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass); BUF_strlcpy(macpass, pass, sizeof(macpass));
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
@@ -698,7 +698,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read import password"); CRYPTO_push_info("read import password");
# endif # endif
if (!noprompt if (!noprompt
&& EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) { 0)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
@@ -708,7 +708,7 @@ int MAIN(int argc, char **argv)
# endif # endif
if (!twopass) if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass); BUF_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && p12->mac) if ((options & INFO) && p12->mac)
BIO_printf(bio_err, "MAC Iteration %ld\n", BIO_printf(bio_err, "MAC Iteration %ld\n",

4
apps/pkcs8.c
View File

@@ -277,7 +277,7 @@ int MAIN(int argc, char **argv)
else { else {
p8pass = pass; p8pass = pass;
if (EVP_read_pw_string if (EVP_read_pw_string
(pass, sizeof pass, "Enter Encryption Password:", 1)) (pass, sizeof(pass), "Enter Encryption Password:", 1))
goto end; goto end;
} }
app_RAND_load_file(NULL, bio_err, 0); app_RAND_load_file(NULL, bio_err, 0);
@@ -331,7 +331,7 @@ int MAIN(int argc, char **argv)
p8pass = passin; p8pass = passin;
else { else {
p8pass = pass; p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0);
} }
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
} }

4
apps/pkeyutl.c
View File

@@ -322,8 +322,10 @@ int MAIN(int argc, char **argv)
buf_in, (size_t)buf_inlen); buf_in, (size_t)buf_inlen);
if (rv == 0) if (rv == 0)
BIO_puts(out, "Signature Verification Failure\n"); BIO_puts(out, "Signature Verification Failure\n");
else if (rv == 1) else if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n"); BIO_puts(out, "Signature Verified Successfully\n");
ret = 0;
}
if (rv >= 0) if (rv >= 0)
goto end; goto end;
} else { } else {

3
apps/prime.c
View File

@@ -155,5 +155,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "%-14s hex\n", "-hex"); BIO_printf(bio_err, "%-14s hex\n", "-hex");
BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>"); BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
BIO_printf(bio_err, "%-14s generate prime\n", "-generate");
BIO_printf(bio_err, "%-14s number of bits\n", "-bits <n>");
BIO_printf(bio_err, "%-14s safe prime\n", "-safe");
return 1; return 1;
} }

2
apps/progs.h
View File

@@ -58,7 +58,7 @@ extern int srp_main(int argc, char *argv[]);
typedef struct { typedef struct {
int type; int type;
const char *name; const char *name;
int (*func) (int argc, char *argv[]); int (*func)(int argc, char *argv[]);
} FUNCTION; } FUNCTION;
DECLARE_LHASH_OF(FUNCTION); DECLARE_LHASH_OF(FUNCTION);

30
apps/progs.pl
View File

@@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n";
grep(s/^asn1pars$/asn1parse/,@ARGV); grep(s/^asn1pars$/asn1parse/,@ARGV);
foreach (@ARGV) foreach (@ARGV)
{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; } { printf "extern int %s_main(int argc, char *argv[]);\n",$_; }
print <<'EOF'; print <<'EOF';
#define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2 #define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3 #define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4 #define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5 #define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6 #define FUNC_TYPE_CIPHER_ALG 6
typedef struct { typedef struct {
int type; int type;
const char *name; const char *name;
int (*func)(int argc,char *argv[]); int (*func)(int argc, char *argv[]);
} FUNCTION; } FUNCTION;
DECLARE_LHASH_OF(FUNCTION); DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = { FUNCTION functions[] = {
@@ -30,7 +30,7 @@ EOF
foreach (@ARGV) foreach (@ARGV)
{ {
push(@files,$_); push(@files,$_);
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
elsif ( ($_ =~ /^speed$/)) elsif ( ($_ =~ /^speed$/))
@@ -60,7 +60,7 @@ foreach (@ARGV)
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160") foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
{ {
push(@files,$_); push(@files,$_);
printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; printf "#ifndef OPENSSL_NO_".uc($_)."\n {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n";
} }
foreach ( foreach (
@@ -86,7 +86,7 @@ foreach (
{ {
push(@files,$_); push(@files,$_);
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_);
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
@@ -101,4 +101,4 @@ foreach (
print $t; print $t;
} }
print "\t{0,NULL,NULL}\n\t};\n"; print " {0, NULL, NULL}\n};\n";

2
apps/rand.c
View File

@@ -198,7 +198,7 @@ int MAIN(int argc, char **argv)
chunk = num; chunk = num;
if (chunk > (int)sizeof(buf)) if (chunk > (int)sizeof(buf))
chunk = sizeof buf; chunk = sizeof(buf);
r = RAND_bytes(buf, chunk); r = RAND_bytes(buf, chunk);
if (r <= 0) if (r <= 0)
goto err; goto err;

45
apps/req.c
View File

@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-text") == 0) else if (strcmp(*argv, "-text") == 0)
text = 1; text = 1;
else if (strcmp(*argv, "-x509") == 0) { else if (strcmp(*argv, "-x509") == 0) {
newreq = 1;
x509 = 1; x509 = 1;
} else if (strcmp(*argv, "-asn1-kludge") == 0) } else if (strcmp(*argv, "-asn1-kludge") == 0)
kludge = 1; kludge = 1;
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv)
goto end; goto end;
} }
if (x509 && infile == NULL)
newreq = 1;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n"); BIO_printf(bio_err, "Error getting passwords\n");
@@ -657,8 +659,7 @@ int MAIN(int argc, char **argv)
} }
} }
BIO_printf(bio_err, "Generating a %ld bit %s private key\n", BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
newkey, keyalgstr);
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(genctx, bio_err); EVP_PKEY_CTX_set_app_data(genctx, bio_err);
@@ -753,7 +754,7 @@ int MAIN(int argc, char **argv)
} }
} }
if (newreq) { if (newreq || x509) {
if (pkey == NULL) { if (pkey == NULL) {
BIO_printf(bio_err, "you need to specify a private key\n"); BIO_printf(bio_err, "you need to specify a private key\n");
goto end; goto end;
@@ -1191,7 +1192,7 @@ static int prompt_info(X509_REQ *req,
/* If OBJ not recognised ignore it */ /* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef) if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start; goto start;
if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name) if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) { >= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name); BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0; return 0;
@@ -1202,19 +1203,19 @@ static int prompt_info(X509_REQ *req,
def = ""; def = "";
} }
BIO_snprintf(buf, sizeof buf, "%s_value", v->name); BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error(); ERR_clear_error();
value = NULL; value = NULL;
} }
BIO_snprintf(buf, sizeof buf, "%s_min", v->name); BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error(); ERR_clear_error();
n_min = -1; n_min = -1;
} }
BIO_snprintf(buf, sizeof buf, "%s_max", v->name); BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error(); ERR_clear_error();
n_max = -1; n_max = -1;
@@ -1250,7 +1251,7 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef) if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2; goto start2;
if (BIO_snprintf(buf, sizeof buf, "%s_default", type) if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) { >= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name); BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0; return 0;
@@ -1262,20 +1263,20 @@ static int prompt_info(X509_REQ *req,
def = ""; def = "";
} }
BIO_snprintf(buf, sizeof buf, "%s_value", type); BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf)) if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) { == NULL) {
ERR_clear_error(); ERR_clear_error();
value = NULL; value = NULL;
} }
BIO_snprintf(buf, sizeof buf, "%s_min", type); BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error(); ERR_clear_error();
n_min = -1; n_min = -1;
} }
BIO_snprintf(buf, sizeof buf, "%s_max", type); BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error(); ERR_clear_error();
n_max = -1; n_max = -1;
@@ -1370,13 +1371,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def); BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
if (value != NULL) { if (value != NULL) {
BUF_strlcpy(buf, value, sizeof buf); BUF_strlcpy(buf, value, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value); BIO_printf(bio_err, "%s\n", value);
} else { } else {
buf[0] = '\0'; buf[0] = '\0';
if (!batch) { if (!batch) {
if (!fgets(buf, sizeof buf, stdin)) if (!fgets(buf, sizeof(buf), stdin))
return 0; return 0;
} else { } else {
buf[0] = '\n'; buf[0] = '\n';
@@ -1389,8 +1390,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
else if (buf[0] == '\n') { else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0')) if ((def == NULL) || (def[0] == '\0'))
return (1); return (1);
BUF_strlcpy(buf, def, sizeof buf); BUF_strlcpy(buf, def, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n')) } else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1); return (1);
@@ -1429,13 +1430,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def); BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
if (value != NULL) { if (value != NULL) {
BUF_strlcpy(buf, value, sizeof buf); BUF_strlcpy(buf, value, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value); BIO_printf(bio_err, "%s\n", value);
} else { } else {
buf[0] = '\0'; buf[0] = '\0';
if (!batch) { if (!batch) {
if (!fgets(buf, sizeof buf, stdin)) if (!fgets(buf, sizeof(buf), stdin))
return 0; return 0;
} else { } else {
buf[0] = '\n'; buf[0] = '\n';
@@ -1448,8 +1449,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
else if (buf[0] == '\n') { else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0')) if ((def == NULL) || (def[0] == '\0'))
return (1); return (1);
BUF_strlcpy(buf, def, sizeof buf); BUF_strlcpy(buf, def, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n')) } else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1); return (1);

7
apps/s_apps.h
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -152,9 +152,8 @@ typedef fd_mask fd_set;
#define PROTOCOL "tcp" #define PROTOCOL "tcp"
int do_server(int port, int type, int *ret, int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype, int (*cb) (int s, int stype, unsigned char *context),
unsigned char *context), unsigned char *context, unsigned char *context, int naccept);
int naccept);
#ifdef HEADER_X509_H #ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif #endif

26
apps/s_client.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -337,7 +337,7 @@ static void sc_usage(void)
BIO_printf(bio_err, BIO_printf(bio_err,
" -prexit - print session information even on connection failure\n"); " -prexit - print session information even on connection failure\n");
BIO_printf(bio_err, BIO_printf(bio_err,
" -showcerts - show all certificates in the chain\n"); " -showcerts - Show all certificates sent by the server\n");
BIO_printf(bio_err, " -debug - extra output\n"); BIO_printf(bio_err, " -debug - extra output\n");
#ifdef WATT32 #ifdef WATT32
BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
@@ -630,10 +630,11 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
unsigned char ext_buf[4 + 65536]; unsigned char ext_buf[4 + 65536];
/* Reconstruct the type/len fields prior to extension data */ /* Reconstruct the type/len fields prior to extension data */
ext_buf[0] = ext_type >> 8; inlen &= 0xffff; /* for formal memcpy correctness */
ext_buf[1] = ext_type & 0xFF; ext_buf[0] = (unsigned char)(ext_type >> 8);
ext_buf[2] = inlen >> 8; ext_buf[1] = (unsigned char)(ext_type);
ext_buf[3] = inlen & 0xFF; ext_buf[2] = (unsigned char)(inlen >> 8);
ext_buf[3] = (unsigned char)(inlen);
memcpy(ext_buf + 4, in, inlen); memcpy(ext_buf + 4, in, inlen);
BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
@@ -1667,6 +1668,8 @@ int MAIN(int argc, char **argv)
if (strstr(mbuf, "/stream:features>")) if (strstr(mbuf, "/stream:features>"))
goto shut; goto shut;
seen = BIO_read(sbio, mbuf, BUFSIZZ); seen = BIO_read(sbio, mbuf, BUFSIZZ);
if (seen <= 0)
goto shut;
mbuf[seen] = 0; mbuf[seen] = 0;
} }
BIO_printf(sbio, BIO_printf(sbio,
@@ -2132,6 +2135,7 @@ int MAIN(int argc, char **argv)
BIO_free(bio_c_msg); BIO_free(bio_c_msg);
bio_c_msg = NULL; bio_c_msg = NULL;
} }
SSL_COMP_free_compression_methods();
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -2162,10 +2166,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n"); BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) { for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
buf, sizeof buf); buf, sizeof(buf));
BIO_printf(bio, "%2d s:%s\n", i, buf); BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
buf, sizeof buf); buf, sizeof(buf));
BIO_printf(bio, " i:%s\n", buf); BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts) if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i)); PEM_write_bio_X509(bio, sk_X509_value(sk, i));
@@ -2180,9 +2184,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */ /* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain)) if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer); PEM_write_bio_X509(bio, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio, "subject=%s\n", buf); BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio, "issuer=%s\n", buf); BIO_printf(bio, "issuer=%s\n", buf);
} else } else
BIO_printf(bio, "no peer certificate available\n"); BIO_printf(bio, "no peer certificate available\n");
@@ -2199,7 +2203,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
} else { } else {
BIO_printf(bio, "---\nNo client certificate CA names sent\n"); BIO_printf(bio, "---\nNo client certificate CA names sent\n");
} }
p = SSL_get_shared_ciphers(s, buf, sizeof buf); p = SSL_get_shared_ciphers(s, buf, sizeof(buf));
if (p != NULL) { if (p != NULL) {
/* /*
* This works only for SSL 2. In later protocol versions, the * This works only for SSL 2. In later protocol versions, the

48
apps/s_server.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -209,9 +209,9 @@ typedef unsigned int u_int;
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif #endif
static int sv_body(char *hostname, int s, int stype, unsigned char *context); static int sv_body(int s, int stype, unsigned char *context);
static int www_body(char *hostname, int s, int stype, unsigned char *context); static int www_body(int s, int stype, unsigned char *context);
static int rev_body(char *hostname, int s, int stype, unsigned char *context); static int rev_body(int s, int stype, unsigned char *context);
static void close_accept_socket(void); static void close_accept_socket(void);
static void sv_usage(void); static void sv_usage(void);
static int init_ssl_connection(SSL *s); static int init_ssl_connection(SSL *s);
@@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[])
char *chCApath = NULL, *chCAfile = NULL; char *chCApath = NULL, *chCAfile = NULL;
char *vfyCApath = NULL, *vfyCAfile = NULL; char *vfyCApath = NULL, *vfyCAfile = NULL;
unsigned char *context = NULL; unsigned char *context = NULL;
#ifndef OPENSSL_NO_DH
char *dhfile = NULL; char *dhfile = NULL;
int no_dhe = 0;
#endif
int badop = 0; int badop = 0;
int ret = 1; int ret = 1;
int build_chain = 0; int build_chain = 0;
int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0; int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0;
int state = 0; int state = 0;
const SSL_METHOD *meth = NULL; const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM; int socket_type = SOCK_STREAM;
@@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
s_chain_file = *(++argv); s_chain_file = *(++argv);
} else if (strcmp(*argv, "-dhparam") == 0) { }
#ifndef OPENSSL_NO_DH
else if (strcmp(*argv, "-dhparam") == 0) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
dhfile = *(++argv); dhfile = *(++argv);
} else if (strcmp(*argv, "-dcertform") == 0) { }
#endif
else if (strcmp(*argv, "-dcertform") == 0) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
s_dcert_format = str2fmt(*(++argv)); s_dcert_format = str2fmt(*(++argv));
@@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[])
verify_quiet = 1; verify_quiet = 1;
} else if (strcmp(*argv, "-no_tmp_rsa") == 0) { } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
no_tmp_rsa = 1; no_tmp_rsa = 1;
} else if (strcmp(*argv, "-no_dhe") == 0) { }
#ifndef OPENSSL_NO_DH
else if (strcmp(*argv, "-no_dhe") == 0) {
no_dhe = 1; no_dhe = 1;
} else if (strcmp(*argv, "-no_ecdhe") == 0) { }
#endif
else if (strcmp(*argv, "-no_ecdhe") == 0) {
no_ecdhe = 1; no_ecdhe = 1;
} else if (strcmp(*argv, "-no_resume_ephemeral") == 0) { } else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
no_resume_ephemeral = 1; no_resume_ephemeral = 1;
@@ -2008,7 +2019,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context, SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
sizeof s_server_session_id_context); sizeof(s_server_session_id_context));
/* Set DTLS cookie generation and verification callbacks */ /* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
@@ -2019,7 +2030,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx2, SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context, (void *)&s_server_session_id_context,
sizeof s_server_session_id_context); sizeof(s_server_session_id_context));
tlsextcbp.biodebug = bio_s_out; tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
@@ -2132,6 +2143,7 @@ int MAIN(int argc, char *argv[])
BIO_free(bio_s_msg); BIO_free(bio_s_msg);
bio_s_msg = NULL; bio_s_msg = NULL;
} }
SSL_COMP_free_compression_methods();
apps_shutdown(); apps_shutdown();
OPENSSL_EXIT(ret); OPENSSL_EXIT(ret);
} }
@@ -2164,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx)); SSL_CTX_sess_get_cache_size(ssl_ctx));
} }
static int sv_body(char *hostname, int s, int stype, unsigned char *context) static int sv_body(int s, int stype, unsigned char *context)
{ {
char *buf = NULL; char *buf = NULL;
fd_set readfds; fd_set readfds;
@@ -2665,14 +2677,14 @@ static int init_ssl_connection(SSL *con)
if (peer != NULL) { if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n"); BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer); PEM_write_bio_X509(bio_s_out, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "subject=%s\n", buf); BIO_printf(bio_s_out, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "issuer=%s\n", buf); BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer); X509_free(peer);
} }
if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con); ssl_print_sigalgs(bio_s_out, con);
@@ -2779,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file)
} }
#endif #endif
static int www_body(char *hostname, int s, int stype, unsigned char *context) static int www_body(int s, int stype, unsigned char *context)
{ {
char *buf = NULL; char *buf = NULL;
int ret = 1; int ret = 1;
@@ -3016,7 +3028,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer); PEM_write_bio_X509(io, peer);
} else } else
BIO_puts(io, "no client certificate available\n"); BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n"); BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break; break;
} else if ((www == 2 || www == 3) } else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) { && (strncmp("GET /", buf, 5) == 0)) {
@@ -3182,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
return (ret); return (ret);
} }
static int rev_body(char *hostname, int s, int stype, unsigned char *context) static int rev_body(int s, int stype, unsigned char *context)
{ {
char *buf = NULL; char *buf = NULL;
int i; int i;

81
apps/s_socket.c
View File

@@ -109,7 +109,7 @@ static int ssl_sock_init(void);
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
static int init_server(int *sock, int port, int type); static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port, char *ip, int type); static int init_server_long(int *sock, int port, char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host); static int do_accept(int acc_sock, int *sock);
static int host_ip(char *str, unsigned char ip[4]); static int host_ip(char *str, unsigned char ip[4]);
# ifdef OPENSSL_SYS_WIN16 # ifdef OPENSSL_SYS_WIN16
@@ -235,7 +235,7 @@ int init_client(int *sock, char *host, int port, int type)
{ {
unsigned char ip[4]; unsigned char ip[4];
memset(ip, '\0', sizeof ip); memset(ip, '\0', sizeof(ip));
if (!host_ip(host, &(ip[0]))) if (!host_ip(host, &(ip[0])))
return 0; return 0;
return init_client_ip(sock, ip, port, type); return init_client_ip(sock, ip, port, type);
@@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
} }
int do_server(int port, int type, int *ret, int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype, int (*cb) (int s, int stype, unsigned char *context),
unsigned char *context), unsigned char *context, unsigned char *context, int naccept)
int naccept)
{ {
int sock; int sock;
char *name = NULL;
int accept_socket = 0; int accept_socket = 0;
int i; int i;
@@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret,
} }
for (;;) { for (;;) {
if (type == SOCK_STREAM) { if (type == SOCK_STREAM) {
if (do_accept(accept_socket, &sock, &name) == 0) { if (do_accept(accept_socket, &sock) == 0) {
SHUTDOWN(accept_socket); SHUTDOWN(accept_socket);
return (0); return (0);
} }
} else } else
sock = accept_socket; sock = accept_socket;
i = (*cb) (name, sock, type, context); i = (*cb) (sock, type, context);
if (name != NULL)
OPENSSL_free(name);
if (type == SOCK_STREAM) if (type == SOCK_STREAM)
SHUTDOWN2(sock); SHUTDOWN2(sock);
if (naccept != -1) if (naccept != -1)
@@ -360,7 +356,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
# if defined SOL_SOCKET && defined SO_REUSEADDR # if defined SOL_SOCKET && defined SO_REUSEADDR
{ {
int j = 1; int j = 1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
} }
# endif # endif
if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
@@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type)
return (init_server_long(sock, port, NULL, type)); return (init_server_long(sock, port, NULL, type));
} }
static int do_accept(int acc_sock, int *sock, char **host) static int do_accept(int acc_sock, int *sock)
{ {
int ret; int ret;
struct hostent *h1, *h2;
static struct sockaddr_in from;
int len;
/* struct linger ling; */
if (!ssl_sock_init()) if (!ssl_sock_init())
return (0); return 0;
# ifndef OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_WINDOWS
redoit: redoit:
# endif # endif
memset((char *)&from, 0, sizeof(from));
len = sizeof(from);
/* /*
* Note: under VMS with SOCKETSHR the fourth parameter is currently of * Note: under VMS with SOCKETSHR the fourth parameter is currently of
* type (int *) whereas under other systems it is (void *) if you don't * type (int *) whereas under other systems it is (void *) if you don't
* have a cast it will choke the compiler: if you do have a cast then you * have a cast it will choke the compiler: if you do have a cast then you
* can either go for (int *) or (void *). * can either go for (int *) or (void *).
*/ */
ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len); ret = accept(acc_sock, NULL, NULL);
if (ret == INVALID_SOCKET) { if (ret == INVALID_SOCKET) {
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
int i; int i;
@@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **host)
fprintf(stderr, "errno=%d ", errno); fprintf(stderr, "errno=%d ", errno);
perror("accept"); perror("accept");
# endif # endif
return (0); return 0;
} }
/*-
ling.l_onoff=1;
ling.l_linger=0;
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
if (i < 0) { perror("linger"); return(0); }
i=0;
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
*/
if (host == NULL)
goto end;
# ifndef BIT_FIELD_LIMITS
/* I should use WSAAsyncGetHostByName() under windows */
h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
sizeof(from.sin_addr.s_addr), AF_INET);
# else
h1 = gethostbyaddr((char *)&from.sin_addr,
sizeof(struct in_addr), AF_INET);
# endif
if (h1 == NULL) {
BIO_printf(bio_err, "bad gethostbyaddr\n");
*host = NULL;
/* return(0); */
} else {
if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
perror("OPENSSL_malloc");
closesocket(ret);
return (0);
}
BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
h2 = GetHostByName(*host);
if (h2 == NULL) {
BIO_printf(bio_err, "gethostbyname failure\n");
closesocket(ret);
return (0);
}
if (h2->h_addrtype != AF_INET) {
BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
closesocket(ret);
return (0);
}
}
end:
*sock = ret; *sock = ret;
return (1); return 1;
} }
int extract_host_port(char *str, char **host_ptr, unsigned char *ip, int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
@@ -595,7 +540,7 @@ static struct hostent *GetHostByName(char *name)
if (ret == NULL) if (ret == NULL)
return (NULL); return (NULL);
/* else add to cache */ /* else add to cache */
if (strlen(name) < sizeof ghbn_cache[0].name) { if (strlen(name) < sizeof(ghbn_cache[0].name)) {
strcpy(ghbn_cache[lowi].name, name); strcpy(ghbn_cache[lowi].name, name);
memcpy((char *)&(ghbn_cache[lowi].ent), ret, memcpy((char *)&(ghbn_cache[lowi].ent), ret,
sizeof(struct hostent)); sizeof(struct hostent));

6
apps/s_time.c
View File

@@ -422,7 +422,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
if (s_www_path != NULL) { if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path); s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
} }
if (s_www_path != NULL) { if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path); BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while (SSL_read(scon, buf, sizeof(buf)) > 0) ; while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
} }
@@ -517,7 +517,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
if (s_www_path) { if (s_www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path); s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)

20
apps/speed.c
View File

@@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM) # if !defined(SIGALRM)
# define SIGALRM # define SIGALRM
# endif # endif
static unsigned int lapse, schlock; static volatile unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs) static void alarm_win32(unsigned int secs)
{ {
lapse = secs * 1000; lapse = secs * 1000;
@@ -725,6 +726,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no EVP given\n"); BIO_printf(bio_err, "no EVP given\n");
goto end; goto end;
} }
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(*argv); evp_cipher = EVP_get_cipherbyname(*argv);
if (!evp_cipher) { if (!evp_cipher) {
evp_md = EVP_get_digestbyname(*argv); evp_md = EVP_get_digestbyname(*argv);
@@ -2089,7 +2091,7 @@ int MAIN(int argc, char **argv)
RAND_pseudo_bytes(buf, 20); RAND_pseudo_bytes(buf, 20);
# ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1; rnd_fake = 1;
} }
for (j = 0; j < DSA_NUM; j++) { for (j = 0; j < DSA_NUM; j++) {
@@ -2168,7 +2170,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDSA # ifndef OPENSSL_NO_ECDSA
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1; rnd_fake = 1;
} }
for (j = 0; j < EC_NUM; j++) { for (j = 0; j < EC_NUM; j++) {
@@ -2263,7 +2265,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDH # ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1; rnd_fake = 1;
} }
for (j = 0; j < EC_NUM; j++) { for (j = 0; j < EC_NUM; j++) {
@@ -2586,7 +2588,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0) if (**string == 0)
return NULL; return NULL;
memset(isdelim, 0, sizeof isdelim); memset(isdelim, 0, sizeof(isdelim));
isdelim[0] = 1; isdelim[0] = 1;
while (*delim) { while (*delim) {
@@ -2613,7 +2615,7 @@ static int do_multi(int multi)
int *fds; int *fds;
static char sep[] = ":"; static char sep[] = ":";
fds = malloc(multi * sizeof *fds); fds = malloc(multi * sizeof(*fds));
if (fds == NULL) { if (fds == NULL) {
fprintf(stderr, "Out of memory in speed (do_multi)\n"); fprintf(stderr, "Out of memory in speed (do_multi)\n");
exit(1); exit(1);
@@ -2651,7 +2653,7 @@ static int do_multi(int multi)
char *p; char *p;
f = fdopen(fds[n], "r"); f = fdopen(fds[n], "r");
while (fgets(buf, sizeof buf, f)) { while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n'); p = strchr(buf, '\n');
if (p) if (p)
*p = '\0'; *p = '\0';
@@ -2827,8 +2829,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
RAND_bytes(out, 16); RAND_bytes(out, 16);
len += 16; len += 16;
aad[11] = len >> 8; aad[11] = (unsigned char)(len >> 8);
aad[12] = len; aad[12] = (unsigned char)(len);
pad = EVP_CIPHER_CTX_ctrl(&ctx, pad = EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_AEAD_TLS1_AAD, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN, aad); EVP_AEAD_TLS1_AAD_LEN, aad);

19
apps/spkac.c
View File

@@ -5,7 +5,7 @@
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -185,20 +185,23 @@ int MAIN(int argc, char **argv)
} }
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
if (keyfile) { if (keyfile != NULL) {
pkey = load_key(bio_err, pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL, strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key"); FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) { if (pkey == NULL)
goto end; goto end;
}
spki = NETSCAPE_SPKI_new(); spki = NETSCAPE_SPKI_new();
if (challenge) if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge, ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge)); challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki); spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
if (outfile) if (outfile)
out = BIO_new_file(outfile, "w"); out = BIO_new_file(outfile, "w");
@@ -253,7 +256,7 @@ int MAIN(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) { if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n"); BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@@ -282,9 +285,9 @@ int MAIN(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki); pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) { if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey); i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0) if (i > 0) {
BIO_printf(bio_err, "Signature OK\n"); BIO_printf(bio_err, "Signature OK\n");
else { } else {
BIO_printf(bio_err, "Signature Failure\n"); BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;

70
apps/srp.c
View File

@@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
int i; int i;
if (id == NULL) if (id == NULL)
return -1; return -1;
if (type == DB_SRP_INDEX) if (type == DB_SRP_INDEX) {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i); pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX if (pp[DB_srptype][0] == DB_SRP_INDEX
&& !strcmp(id, pp[DB_srpid])) && !strcmp(id, pp[DB_srpid]))
return i; return i;
} else }
} else {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i); pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
&& !strcmp(id, pp[DB_srpid])) && !strcmp(id, pp[DB_srpid]))
return i; return i;
} }
}
return -1; return -1;
} }
@@ -177,16 +179,14 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
char **irow; char **irow;
int i; int i;
if ((irow = irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { if (irow == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
return 0; return 0;
} }
for (i = 0; i < DB_NUMBER; i++) { for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i]; irow[i] = row[i];
row[i] = NULL;
}
irow[DB_NUMBER] = NULL; irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) { if (!TXT_DB_insert(db->db, irow)) {
@@ -207,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
char *srp_usersalt, const char *g, const char *N, char *srp_usersalt, const char *g, const char *N,
const char *passin, BIO *bio, int verbose) const char *passin, BIO *bio, int verbose)
{ {
char password[1024]; char password[1025];
PW_CB_DATA cb_tmp; PW_CB_DATA cb_tmp;
char *verifier = NULL; char *verifier = NULL;
char *gNid = NULL; char *gNid = NULL;
int len;
cb_tmp.prompt_info = user; cb_tmp.prompt_info = user;
cb_tmp.password = passin; cb_tmp.password = passin;
if (password_callback(password, 1024, 0, &cb_tmp) > 0) { len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio, VERBOSE BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N); user, srp_verifier, srp_usersalt, g, N);
BIO_printf(bio, "Pass %s\n", password); VVERBOSE BIO_printf(bio, "Pass %s\n", password);
if (! if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
(gNid = &verifier, N, g))) {
SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n"); BIO_printf(bio, "Internal error validating SRP verifier\n");
} else { } else {
if (strcmp(verifier, srp_verifier)) if (strcmp(verifier, srp_verifier))
gNid = NULL; gNid = NULL;
OPENSSL_free(verifier); OPENSSL_free(verifier);
} }
OPENSSL_cleanse(password, len);
} }
return gNid; return gNid;
} }
@@ -239,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
char **srp_usersalt, char *g, char *N, char **srp_usersalt, char *g, char *N,
char *passout, BIO *bio, int verbose) char *passout, BIO *bio, int verbose)
{ {
char password[1024]; char password[1025];
PW_CB_DATA cb_tmp; PW_CB_DATA cb_tmp;
char *gNid = NULL; char *gNid = NULL;
char *salt = NULL; char *salt = NULL;
int len;
cb_tmp.prompt_info = user; cb_tmp.prompt_info = user;
cb_tmp.password = passout; cb_tmp.password = passout;
if (password_callback(password, 1024, 1, &cb_tmp) > 0) { len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio, VERBOSE BIO_printf(bio,
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N); user, g, N);
if (! if (!(gNid = SRP_create_verifier(user, password, &salt,
(gNid = srp_verifier, N, g))) {
SRP_create_verifier(user, password, &salt, srp_verifier, N,
g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n"); BIO_printf(bio, "Internal error creating SRP verifier\n");
} else } else {
*srp_usersalt = salt; *srp_usersalt = salt;
}
OPENSSL_cleanse(password, len);
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier); gNid, salt, *srp_verifier);
@@ -316,9 +321,9 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
while (argc >= 1 && badops == 0) { while (argc >= 1 && badops == 0) {
if (strcmp(*argv, "-verbose") == 0) if (strcmp(*argv, "-verbose") == 0) {
verbose++; verbose++;
else if (strcmp(*argv, "-config") == 0) { } else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
configfile = *(++argv); configfile = *(++argv);
@@ -330,15 +335,15 @@ int MAIN(int argc, char **argv)
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
dbfile = *(++argv); dbfile = *(++argv);
} else if (strcmp(*argv, "-add") == 0) } else if (strcmp(*argv, "-add") == 0) {
add_user = 1; add_user = 1;
else if (strcmp(*argv, "-delete") == 0) } else if (strcmp(*argv, "-delete") == 0) {
delete_user = 1; delete_user = 1;
else if (strcmp(*argv, "-modify") == 0) } else if (strcmp(*argv, "-modify") == 0) {
modify_user = 1; modify_user = 1;
else if (strcmp(*argv, "-list") == 0) } else if (strcmp(*argv, "-list") == 0) {
list_user = 1; list_user = 1;
else if (strcmp(*argv, "-gn") == 0) { } else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
gN = *(++argv); gN = *(++argv);
@@ -368,8 +373,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
} else } else {
break; break;
}
argc--; argc--;
argv++; argv++;
@@ -390,7 +396,7 @@ int MAIN(int argc, char **argv)
"Need at least one user for options -add, -delete, -modify. \n"); "Need at least one user for options -add, -delete, -modify. \n");
badops = 1; badops = 1;
} }
if ((passin || passout) && argc != 1) { if ((passargin || passargout) && argc != 1) {
BIO_printf(bio_err, BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n"); "-passin, -passout arguments only valid with one user.\n");
badops = 1; badops = 1;
@@ -708,9 +714,9 @@ int MAIN(int argc, char **argv)
doupdatedb = 1; doupdatedb = 1;
} }
} }
if (--argc > 0) if (--argc > 0) {
user = *(argv++); user = *(argv++);
else { } else {
user = NULL; user = NULL;
list_user = 0; list_user = 0;
} }

1
apps/tsget
View File

@@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v}; STDERR->printflush(", $output written.\n") if $options{v};
} }
$curl->cleanup(); $curl->cleanup();
WWW::Curl::Easy::global_cleanup();

1
apps/verify.c
View File

@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
X509_STORE_set_flags(ctx, vflags); X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
X509_STORE_CTX_free(csc);
goto end; goto end;
} }
if (tchain) if (tchain)

12
apps/vms_term_sock.c
View File

@@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[])
** Process the terminal input ** Process the terminal input
*/ */
LogMessage ("Waiting on terminal I/O ...\n"); LogMessage ("Waiting on terminal I/O ...\n");
len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ; len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ;
TermBuff[len] = '\0'; TermBuff[len] = '\0';
LogMessage ("Received terminal I/O [%s]", TermBuff); LogMessage ("Received terminal I/O [%s]", TermBuff);
@@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket)
TerminalDeviceAst, TerminalDeviceAst,
0, 0,
TerminalDeviceBuff, TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 2, sizeof(TerminalDeviceBuff) - 2,
0, 0, 0, 0); 0, 0, 0, 0);
if (! (status & 1)) { if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
@@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily,
/* /*
** Initialize the socket information ** Initialize the socket information
*/ */
slen = sizeof (sin); slen = sizeof(sin);
memset ((char *) &sin, 0, slen); memset ((char *) &sin, 0, slen);
sin.sin_family = SocketFamily; sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr); sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
@@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily,
/* /*
** Now issue the connect ** Now issue the connect
*/ */
memset ((char *) &sin, 0, sizeof (sin)) ; memset ((char *) &sin, 0, sizeof(sin)) ;
sin.sin_family = SocketFamily; sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
sin.sin_port = LocalHostPort ; sin.sin_port = LocalHostPort ;
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin)); status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin));
if (status < 0 ) { if (status < 0 ) {
LogMessage ("CreateSocketPair: connect () - %d", errno); LogMessage ("CreateSocketPair: connect () - %d", errno);
sys$cantim (&sptb, 0); sys$cantim (&sptb, 0);
@@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm)
TerminalDeviceAst, TerminalDeviceAst,
0, 0,
TerminalDeviceBuff, TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 1, sizeof(TerminalDeviceBuff) - 1,
0, 0, 0, 0); 0, 0, 0, 0);
/* /*

2
apps/winrand.c
View File

@@ -77,7 +77,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
char buffer[200]; char buffer[200];
if (cmdline[0] == '\0') if (cmdline[0] == '\0')
filename = RAND_file_name(buffer, sizeof buffer); filename = RAND_file_name(buffer, sizeof(buffer));
else else
filename = cmdline; filename = cmdline;

4
apps/x509.c
View File

@@ -817,10 +817,10 @@ int MAIN(int argc, char **argv)
char *m; char *m;
int y, z; int y, z;
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
BIO_printf(STDout, "/* subject:%s */\n", buf); BIO_printf(STDout, "/* subject:%s */\n", buf);
m = X509_NAME_oneline(X509_get_issuer_name(x), buf, m = X509_NAME_oneline(X509_get_issuer_name(x), buf,
sizeof buf); sizeof(buf));
BIO_printf(STDout, "/* issuer :%s */\n", buf); BIO_printf(STDout, "/* issuer :%s */\n", buf);
z = i2d_X509(x, NULL); z = i2d_X509(x, NULL);

8
appveyor.yml
View File

@@ -50,11 +50,3 @@ build_script:
test_script: test_script:
- nmake /f ms\%MAK% test - nmake /f ms\%MAK% test
notifications:
- provider: Email
to:
- openssl-commits@openssl.org
on_build_success: false
on_build_failure: true
on_build_status_changed: true

11
config
View File

@@ -344,6 +344,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "mips-sony-newsos4"; exit 0; echo "mips-sony-newsos4"; exit 0;
;; ;;
# The following combinations are supported
# MINGW64* on x86_64 => mingw64
# MINGW32* on x86_64 => mingw
# MINGW32* on i?86 => mingw
#
# MINGW64* on i?86 isn't expected to work...
MINGW64*:*:*:x86_64)
echo "${MACHINE}-whatever-mingw64"; exit 0;
;;
MINGW*) MINGW*)
echo "${MACHINE}-whatever-mingw"; exit 0; echo "${MACHINE}-whatever-mingw"; exit 0;
;; ;;
@@ -862,6 +871,7 @@ case "$GUESSOS" in
*-*-qnx6) OUT="QNX6" ;; *-*-qnx6) OUT="QNX6" ;;
x86-*-android|i?86-*-android) OUT="android-x86" ;; x86-*-android|i?86-*-android) OUT="android-x86" ;;
armv[7-9]*-*-android) OUT="android-armv7" ;; armv[7-9]*-*-android) OUT="android-armv7" ;;
aarch64-*-android) OUT="android64-aarch64" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac esac
@@ -983,5 +993,6 @@ if [ $? = "0" ]; then
fi fi
else else
echo "This system ($OUT) is not supported. See file INSTALL for details." echo "This system ($OUT) is not supported. See file INSTALL for details."
exit 1
fi fi
) )

17
crypto/LPdir_win.c
View File

@@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
TCHAR *wdir = NULL; TCHAR *wdir = NULL;
/* len_0 denotes string length *with* trailing 0 */ /* len_0 denotes string length *with* trailing 0 */
size_t index = 0, len_0 = strlen(extdir) + 1; size_t index = 0, len_0 = strlen(extdir) + 1;
size_t amount;
wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); /*
* Size check
* The reasoning is that absolutely worst case, each byte in
* extdir will take up one TCHAR each, so the maximum size in
* bytes that we can tolerate is MAX_PATH TCHARs... not counting
* the ending NUL.
*/
if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) {
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
amount = len_0 * sizeof(TCHAR);
wdir = (TCHAR *)malloc(amount);
if (wdir == NULL) { if (wdir == NULL) {
if (extdirbuf != NULL) { if (extdirbuf != NULL) {
free(extdirbuf); free(extdirbuf);

15
crypto/Makefile
View File

@@ -36,16 +36,18 @@ TEST=constant_time_test.c
LIB= $(TOP)/libcrypto.a LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT) SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \
getenv.c
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \
$(CPUID_OBJ)
SRC= $(LIBSRC) SRC= $(LIBSRC)
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h ossl_typ.h
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
constant_time_locl.h $(EXHEADER) constant_time_locl.h bn_int.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER) ALL= $(GENERAL) $(SRC) $(HEADER)
@@ -178,6 +180,13 @@ ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
ex_data.o: ex_data.c ex_data.o: ex_data.c
fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c
getenv.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
getenv.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
getenv.o: ../include/openssl/err.h ../include/openssl/lhash.h
getenv.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
getenv.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
getenv.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
getenv.o: getenv.c
mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem.o: ../include/openssl/err.h ../include/openssl/lhash.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h

2
crypto/aes/Makefile
View File

@@ -133,7 +133,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE) mv -f Makefile.new $(MAKEFILE)
clean: clean:
rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it. # DO NOT DELETE THIS LINE -- make depend depends on it.

6
crypto/aes/asm/aes-armv4.pl
View File

@@ -184,7 +184,7 @@ AES_encrypt:
#if __ARM_ARCH__<7 #if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt sub r3,pc,#8 @ AES_encrypt
#else #else
adr r3,AES_encrypt adr r3,.
#endif #endif
stmdb sp!,{r1,r4-r12,lr} stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp mov $rounds,r0 @ inp
@@ -430,7 +430,7 @@ _armv4_AES_set_encrypt_key:
#if __ARM_ARCH__<7 #if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key sub r3,pc,#8 @ AES_set_encrypt_key
#else #else
adr r3,private_AES_set_encrypt_key adr r3,.
#endif #endif
teq r0,#0 teq r0,#0
#if __ARM_ARCH__>=7 #if __ARM_ARCH__>=7
@@ -952,7 +952,7 @@ AES_decrypt:
#if __ARM_ARCH__<7 #if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt sub r3,pc,#8 @ AES_decrypt
#else #else
adr r3,AES_decrypt adr r3,.
#endif #endif
stmdb sp!,{r1,r4-r12,lr} stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp mov $rounds,r0 @ inp

1
crypto/aes/asm/aesni-sha1-x86_64.pl
View File

@@ -1702,6 +1702,7 @@ $code.=<<___;
mov 240($key),$rounds mov 240($key),$rounds
sub $in0,$out sub $in0,$out
movups ($key),$rndkey0 # $key[0] movups ($key),$rndkey0 # $key[0]
movups ($ivp),$iv # load IV
movups 16($key),$rndkey[0] # forward reference movups 16($key),$rndkey[0] # forward reference
lea 112($key),$key # size optimization lea 112($key),$key # size optimization

1
crypto/aes/asm/aesni-sha256-x86_64.pl
View File

@@ -1299,6 +1299,7 @@ $code.=<<___;
mov 240($key),$rounds mov 240($key),$rounds
sub $in0,$out sub $in0,$out
movups ($key),$rndkey0 # $key[0] movups ($key),$rndkey0 # $key[0]
movups ($ivp),$iv # load IV
movups 16($key),$rndkey[0] # forward reference movups 16($key),$rndkey[0] # forward reference
lea 112($key),$key # size optimization lea 112($key),$key # size optimization

8
crypto/aes/asm/bsaes-armv7.pl
View File

@@ -724,7 +724,7 @@ $code.=<<___;
.type _bsaes_decrypt8,%function .type _bsaes_decrypt8,%function
.align 4 .align 4
_bsaes_decrypt8: _bsaes_decrypt8:
adr $const,_bsaes_decrypt8 adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key vldmia $key!, {@XMM[9]} @ round 0 key
add $const,$const,#.LM0ISR-_bsaes_decrypt8 add $const,$const,#.LM0ISR-_bsaes_decrypt8
@@ -819,7 +819,7 @@ _bsaes_const:
.type _bsaes_encrypt8,%function .type _bsaes_encrypt8,%function
.align 4 .align 4
_bsaes_encrypt8: _bsaes_encrypt8:
adr $const,_bsaes_encrypt8 adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key vldmia $key!, {@XMM[9]} @ round 0 key
sub $const,$const,#_bsaes_encrypt8-.LM0SR sub $const,$const,#_bsaes_encrypt8-.LM0SR
@@ -923,7 +923,7 @@ $code.=<<___;
.type _bsaes_key_convert,%function .type _bsaes_key_convert,%function
.align 4 .align 4
_bsaes_key_convert: _bsaes_key_convert:
adr $const,_bsaes_key_convert adr $const,.
vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
sub $const,$const,#_bsaes_key_convert-.LM0 sub $const,$const,#_bsaes_key_convert-.LM0
vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key
@@ -1333,7 +1333,7 @@ bsaes_cbc_encrypt:
vmov @XMM[4],@XMM[15] @ just in case ensure that IV vmov @XMM[4],@XMM[15] @ just in case ensure that IV
vmov @XMM[5],@XMM[0] @ and input are preserved vmov @XMM[5],@XMM[0] @ and input are preserved
bl AES_decrypt bl AES_decrypt
vld1.8 {@XMM[0]}, [$fp,:64] @ load result vld1.8 {@XMM[0]}, [$fp] @ load result
veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV
vmov @XMM[15], @XMM[5] @ @XMM[5] holds input vmov @XMM[15], @XMM[5] @ @XMM[5] holds input
vst1.8 {@XMM[0]}, [$rounds] @ write output vst1.8 {@XMM[0]}, [$rounds] @ write output

2
crypto/arm_arch.h
View File

@@ -64,7 +64,7 @@
# endif # endif
# endif # endif
# if !__ASSEMBLER__ # ifndef __ASSEMBLER__
extern unsigned int OPENSSL_armcap_P; extern unsigned int OPENSSL_armcap_P;
# endif # endif

1
crypto/armcap.c
View File

@@ -5,6 +5,7 @@
#include <signal.h> #include <signal.h>
#include <crypto.h> #include <crypto.h>
#include "cryptlib.h"
#include "arm_arch.h" #include "arm_arch.h"
unsigned int OPENSSL_armcap_P = 0; unsigned int OPENSSL_armcap_P = 0;

4
crypto/asn1/Makefile
View File

@@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

13
crypto/asn1/a_bitstr.c
View File

@@ -56,6 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include <limits.h>
#include <stdio.h> #include <stdio.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
@@ -114,10 +115,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
*(p++) = (unsigned char)bits; *(p++) = (unsigned char)bits;
d = a->data; d = a->data;
memcpy(p, d, len); if (len > 0) {
p += len; memcpy(p, d, len);
if (len > 0) p += len;
p[-1] &= (0xff << bits); p[-1] &= (0xff << bits);
}
*pp = p; *pp = p;
return (ret); return (ret);
} }
@@ -135,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err; goto err;
} }
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) { if ((a == NULL) || ((*a) == NULL)) {
if ((ret = M_ASN1_BIT_STRING_new()) == NULL) if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
return (NULL); return (NULL);

24
crypto/asn1/a_bool.c
View File

@@ -63,17 +63,31 @@
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
{ {
int r; int r;
unsigned char *p; unsigned char *p, *allocated = NULL;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL) if (pp == NULL)
return (r); return (r);
p = *pp;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
*(p++) = (unsigned char)a; *p = (unsigned char)a;
*pp = p;
return (r);
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + 1;
return r;
} }
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)

8
crypto/asn1/a_digest.c
View File

@@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
p = str; p = str;
i2d(data, &p); i2d(data, &p);
if (!EVP_Digest(str, i, md, len, type, NULL)) if (!EVP_Digest(str, i, md, len, type, NULL)) {
OPENSSL_free(str);
return 0; return 0;
}
OPENSSL_free(str); OPENSSL_free(str);
return (1); return (1);
} }
@@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
if (!str) if (!str)
return (0); return (0);
if (!EVP_Digest(str, i, md, len, type, NULL)) if (!EVP_Digest(str, i, md, len, type, NULL)) {
OPENSSL_free(str);
return 0; return 0;
}
OPENSSL_free(str); OPENSSL_free(str);
return (1); return (1);
} }

4
crypto/asn1/a_gentm.c
View File

@@ -78,7 +78,7 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
ASN1_STRING tmpstr = *(ASN1_STRING *)a; ASN1_STRING tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length; len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp; tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr; a = (ASN1_GENERALIZEDTIME *)&tmpstr;
@@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
if (a[o] == 'Z') if (a[o] == 'Z')
o++; o++;
else if ((a[o] == '+') || (a[o] == '-')) { else if ((a[o] == '+') || (a[o] == '-')) {
int offsign = a[o] == '-' ? -1 : 1, offset = 0; int offsign = a[o] == '-' ? 1 : -1, offset = 0;
o++; o++;
if (o + 4 > l) if (o + 4 > l)
goto err; goto err;

3
crypto/asn1/a_i2d_fp.c
View File

@@ -87,6 +87,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
int i, j = 0, n, ret = 1; int i, j = 0, n, ret = 1;
n = i2d(x, NULL); n = i2d(x, NULL);
if (n <= 0)
return 0;
b = (char *)OPENSSL_malloc(n); b = (char *)OPENSSL_malloc(n);
if (b == NULL) { if (b == NULL) {
ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);

4
crypto/asn1/a_mbstr.c
View File

@@ -149,14 +149,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if ((minsize > 0) && (nchar < minsize)) { if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf); ERR_add_error_data(2, "minsize=", strbuf);
return -1; return -1;
} }
if ((maxsize > 0) && (nchar > maxsize)) { if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf); ERR_add_error_data(2, "maxsize=", strbuf);
return -1; return -1;
} }

25
crypto/asn1/a_object.c
View File

@@ -66,7 +66,7 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{ {
unsigned char *p; unsigned char *p, *allocated = NULL;
int objsize; int objsize;
if ((a == NULL) || (a->data == NULL)) if ((a == NULL) || (a->data == NULL))
@@ -76,20 +76,31 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1) if (pp == NULL || objsize == -1)
return objsize; return objsize;
p = *pp; if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length); memcpy(p, a->data, a->length);
p += a->length;
*pp = p; /*
return (objsize); * If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + a->length;
return objsize;
} }
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{ {
int i, first, len = 0, c, use_bn; int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp; char ftmp[24], *tmp = ftmp;
int tmpsize = sizeof ftmp; int tmpsize = sizeof(ftmp);
const char *p; const char *p;
unsigned long l; unsigned long l;
BIGNUM *bl = NULL; BIGNUM *bl = NULL;
@@ -226,7 +237,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL)) if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4)); return (BIO_write(bp, "NULL", 4));
i = i2t_ASN1_OBJECT(buf, sizeof buf, a); i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) { if (i > (int)(sizeof(buf) - 1)) {
p = OPENSSL_malloc(i + 1); p = OPENSSL_malloc(i + 1);
if (!p) if (!p)

35
crypto/asn1/a_strex.c
View File

@@ -4,7 +4,7 @@
* 2000. * 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -130,13 +130,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL) if (c > 0xffffffffL)
return -1; return -1;
if (c > 0xffff) { if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
if (!io_ch(arg, tmphex, 10)) if (!io_ch(arg, tmphex, 10))
return -1; return -1;
return 10; return 10;
} }
if (c > 0xff) { if (c > 0xff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
if (!io_ch(arg, tmphex, 6)) if (!io_ch(arg, tmphex, 6))
return -1; return -1;
return 6; return 6;
@@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch, int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg) void *arg)
{ {
int i, outlen, len; int i, outlen, len, charwidth;
unsigned char orflags, *p, *q; unsigned char orflags, *p, *q;
unsigned long c; unsigned long c;
p = buf; p = buf;
q = buf + buflen; q = buf + buflen;
outlen = 0; outlen = 0;
charwidth = type & BUF_TYPE_WIDTH_MASK;
switch (charwidth) {
case 4:
if (buflen & 3) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
break;
case 2:
if (buflen & 1) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
break;
default:
break;
}
while (p != q) { while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253) if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253; orflags = CHARTYPE_FIRST_ESC_2253;
else else
orflags = 0; orflags = 0;
switch (type & BUF_TYPE_WIDTH_MASK) {
switch (charwidth) {
case 4: case 4:
c = ((unsigned long)*p++) << 24; c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16; c |= ((unsigned long)*p++) << 16;
@@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c); i = UTF8_getc(p, buflen, &c);
if (i < 0) if (i < 0)
return -1; /* Invalid UTF8String */ return -1; /* Invalid UTF8String */
buflen -= i;
p += i; p += i;
break; break;
default: default:
@@ -236,7 +257,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (type & BUF_TYPE_CONVUTF8) { if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6]; unsigned char utfbuf[6];
int utflen; int utflen;
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
for (i = 0; i < utflen; i++) { for (i = 0; i < utflen; i++) {
/* /*
* We don't need to worry about setting orflags correctly * We don't need to worry about setting orflags correctly
@@ -533,7 +554,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
if (fn_opt != XN_FLAG_FN_NONE) { if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len; int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
fld_len = 0; /* XXX: what should this be? */ fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp; objbuf = objtmp;
} else { } else {

3
crypto/asn1/a_strnid.c
View File

@@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
}; };
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,

28
crypto/asn1/a_time.c
View File

@@ -86,7 +86,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
tmpstr = *(ASN1_STRING *)a; tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length; len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, ebcdic2ascii(tmp, tmpstr.data,
(len >= sizeof tmp) ? sizeof tmp : len); (len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp; tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr; a = (ASN1_GENERALIZEDTIME *)&tmpstr;
} }
@@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t)
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
ASN1_GENERALIZEDTIME **out) ASN1_GENERALIZEDTIME **out)
{ {
ASN1_GENERALIZEDTIME *ret; ASN1_GENERALIZEDTIME *ret = NULL;
char *str; char *str;
int newlen; int newlen;
@@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
if (!out || !*out) { if (!out || !*out) {
if (!(ret = ASN1_GENERALIZEDTIME_new())) if (!(ret = ASN1_GENERALIZEDTIME_new()))
return NULL; goto err;
if (out) } else {
*out = ret;
} else
ret = *out; ret = *out;
}
/* If already GeneralizedTime just copy across */ /* If already GeneralizedTime just copy across */
if (t->type == V_ASN1_GENERALIZEDTIME) { if (t->type == V_ASN1_GENERALIZEDTIME) {
if (!ASN1_STRING_set(ret, t->data, t->length)) if (!ASN1_STRING_set(ret, t->data, t->length))
return NULL; goto err;
return ret; goto done;
} }
/* grow the string */ /* grow the string */
if (!ASN1_STRING_set(ret, NULL, t->length + 2)) if (!ASN1_STRING_set(ret, NULL, t->length + 2))
return NULL; goto err;
/* ASN1_STRING_set() allocated 'len + 1' bytes. */ /* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t->length + 2 + 1; newlen = t->length + 2 + 1;
str = (char *)ret->data; str = (char *)ret->data;
@@ -173,9 +172,18 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
BUF_strlcat(str, (char *)t->data, newlen); BUF_strlcat(str, (char *)t->data, newlen);
return ret; done:
if (out != NULL && *out == NULL)
*out = ret;
return ret;
err:
if (out == NULL || *out != ret)
ASN1_GENERALIZEDTIME_free(ret);
return NULL;
} }
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{ {
ASN1_TIME t; ASN1_TIME t;

6
crypto/asn1/a_utctm.c
View File

@@ -76,7 +76,7 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
ASN1_STRING x = *(ASN1_STRING *)a; ASN1_STRING x = *(ASN1_STRING *)a;
len = x.length; len = x.length;
ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
x.data = tmp; x.data = tmp;
return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
# endif # endif
@@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
if (a[o] == 'Z') if (a[o] == 'Z')
o++; o++;
else if ((a[o] == '+') || (a[o] == '-')) { else if ((a[o] == '+') || (a[o] == '-')) {
int offsign = a[o] == '-' ? -1 : 1, offset = 0; int offsign = a[o] == '-' ? 1 : -1, offset = 0;
o++; o++;
if (o + 4 > l) if (o + 4 > l)
goto err; goto err;
@@ -317,7 +317,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
struct tm tm; struct tm tm;
int offset; int offset;
memset(&tm, '\0', sizeof tm); memset(&tm, '\0', sizeof(tm));
# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
tm.tm_year = g2(s->data); tm.tm_year = g2(s->data);

17
crypto/asn1/ameth_lib.c
View File

@@ -3,7 +3,7 @@
* 2006. * 2006.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -234,6 +234,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{ {
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((ameth->pem_str == NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
|| (ameth->pem_str != NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
return 0;
}
if (app_methods == NULL) { if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (!app_methods) if (!app_methods)

9
crypto/asn1/asn1.h
View File

@@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out);
* The following lines are auto generated by the script mkerr.pl. Any changes * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run. * made after this point may be overwritten when the script is next run.
*/ */
void ERR_load_ASN1_strings(void); void ERR_load_ASN1_strings(void);
/* Error codes for the ASN1 functions. */ /* Error codes for the ASN1 functions. */
@@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159 # define ASN1_F_D2I_X509_PKEY 159
# define ASN1_F_DO_BUF 221
# define ASN1_F_I2D_ASN1_BIO_STREAM 211 # define ASN1_F_I2D_ASN1_BIO_STREAM 211
# define ASN1_F_I2D_ASN1_BOOLEAN 223
# define ASN1_F_I2D_ASN1_OBJECT 222
# define ASN1_F_I2D_ASN1_SET 188 # define ASN1_F_I2D_ASN1_SET 188
# define ASN1_F_I2D_ASN1_TIME 160 # define ASN1_F_I2D_ASN1_TIME 160
# define ASN1_F_I2D_DSA_PUBKEY 161 # define ASN1_F_I2D_DSA_PUBKEY 161
@@ -1365,6 +1369,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_NOT_UNIVERSAL 139
# define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_MSTRING_WRONG_TAG 140
# define ASN1_R_NESTED_ASN1_STRING 197 # define ASN1_R_NESTED_ASN1_STRING 197
# define ASN1_R_NESTED_TOO_DEEP 219
# define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NON_HEX_CHARACTERS 141
# define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ASCII_FORMAT 190
# define ASN1_R_NOT_ENOUGH_DATA 142 # define ASN1_R_NOT_ENOUGH_DATA 142
@@ -1413,7 +1418,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TAG 168
# define ASN1_R_WRONG_TYPE 169 # define ASN1_R_WRONG_TYPE 169
#ifdef __cplusplus # ifdef __cplusplus
} }
#endif # endif
#endif #endif

6
crypto/asn1/asn1_err.c
View File

@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */ /* crypto/asn1/asn1_err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
{ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
{ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
@@ -279,6 +282,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},

63
crypto/asn1/asn1_int.h Normal file
View File

@@ -0,0 +1,63 @@
/* asn1t.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Internal ASN1 template structures and functions: not for application use */
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);

4
crypto/asn1/asn1_lib.c
View File

@@ -456,8 +456,8 @@ void asn1_add_error(const unsigned char *address, int offset)
{ {
char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address);
BIO_snprintf(buf2, sizeof buf2, "%d", offset); BIO_snprintf(buf2, sizeof(buf2), "%d", offset);
ERR_add_error_data(4, "address=", buf1, " offset=", buf2); ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
} }

8
crypto/asn1/asn1_par.c
View File

@@ -87,13 +87,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p = str; p = str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
else if (tag > 30) else if (tag > 30)
BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag); BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
else else
p = ASN1_tag2str(tag); p = ASN1_tag2str(tag);

3
crypto/asn1/asn_mime.c
View File

@@ -4,7 +4,7 @@
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -473,6 +473,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free); sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL; return NULL;
} }

2
crypto/asn1/f_enum.c
View File

@@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
bufp = (unsigned char *)buf; bufp = (unsigned char *)buf;
if (first) { if (first) {
first = 0; first = 0;
if ((bufp[0] == '0') && (buf[1] == '0')) { if ((bufp[0] == '0') && (bufp[1] == '0')) {
bufp += 2; bufp += 2;
i -= 2; i -= 2;
} }

2
crypto/asn1/f_int.c
View File

@@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
bufp = (unsigned char *)buf; bufp = (unsigned char *)buf;
if (first) { if (first) {
first = 0; first = 0;
if ((bufp[0] == '0') && (buf[1] == '0')) { if ((bufp[0] == '0') && (bufp[1] == '0')) {
bufp += 2; bufp += 2;
i -= 2; i -= 2;
} }

4
crypto/asn1/t_x509a.c
View File

@@ -81,7 +81,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", "); BIO_puts(out, ", ");
else else
first = 0; first = 0;
OBJ_obj2txt(oidstr, sizeof oidstr, OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->trust, i), 0); sk_ASN1_OBJECT_value(aux->trust, i), 0);
BIO_puts(out, oidstr); BIO_puts(out, oidstr);
} }
@@ -96,7 +96,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", "); BIO_puts(out, ", ");
else else
first = 0; first = 0;
OBJ_obj2txt(oidstr, sizeof oidstr, OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->reject, i), 0); sk_ASN1_OBJECT_value(aux->reject, i), 0);
BIO_puts(out, oidstr); BIO_puts(out, oidstr);
} }

65
crypto/asn1/tasn_dec.c
View File

@@ -4,7 +4,7 @@
* 2000. * 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -65,6 +65,14 @@
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/err.h> #include <openssl/err.h>
/*
* Constructed types with a recursive definition (such as can be found in PKCS7)
* could eventually exceed the stack given malicious input with excessive
* recursion. Therefore we limit the stack depth. This is the maximum number of
* recursive invocations of asn1_item_embed_d2i().
*/
#define ASN1_MAX_CONSTRUCTED_NEST 30
static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf); static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval, static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx); ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx); ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_ITEM *it, const ASN1_ITEM *it,
@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
{ {
ASN1_TLC c; ASN1_TLC c;
asn1_tlc_clear_nc(&c); asn1_tlc_clear_nc(&c);
return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
} }
/* /*
* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
* tag mismatch return -1 to handle OPTIONAL * tag mismatch return -1 to handle OPTIONAL
*/ */
static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, long len, const ASN1_ITEM *it, int tag, int aclass,
const ASN1_ITEM *it, char opt, ASN1_TLC *ctx, int depth)
int tag, int aclass, char opt, ASN1_TLC *ctx)
{ {
const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_COMPAT_FUNCS *cf; const ASN1_COMPAT_FUNCS *cf;
@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
else else
asn1_cb = 0; asn1_cb = 0;
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
goto err;
}
switch (it->itype) { switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE: case ASN1_ITYPE_PRIMITIVE:
if (it->templates) { if (it->templates) {
@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
goto err; goto err;
} }
return asn1_template_ex_d2i(pval, in, len, return asn1_template_ex_d2i(pval, in, len,
it->templates, opt, ctx); it->templates, opt, ctx, depth);
} }
return asn1_d2i_ex_primitive(pval, in, len, it, return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx); tag, aclass, opt, ctx);
@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/* /*
* We mark field as OPTIONAL so its absence can be recognised. * We mark field as OPTIONAL so its absence can be recognised.
*/ */
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */ /* If field not present, try the next one */
if (ret == -1) if (ret == -1)
continue; continue;
@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
* attempt to read in field, allowing each to be OPTIONAL * attempt to read in field, allowing each to be OPTIONAL
*/ */
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
depth);
if (!ret) { if (!ret) {
errtt = seqtt; errtt = seqtt;
goto err; goto err;
@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
return 0; return 0;
} }
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
}
/* /*
* Templates are handled with two separate functions. One handles any * Templates are handled with two separate functions. One handles any
* EXPLICIT tag and the other handles the rest. * EXPLICIT tag and the other handles the rest.
@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen, const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx) ASN1_TLC *ctx, int depth)
{ {
int flags, aclass; int flags, aclass;
int ret; int ret;
@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0; return 0;
} }
/* We've found the field so it can't be OPTIONAL now */ /* We've found the field so it can't be OPTIONAL now */
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0; return 0;
@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
} }
} }
} else } else
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p; *in = p;
return 1; return 1;
@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx) ASN1_TLC *ctx, int depth)
{ {
int flags, aclass; int flags, aclass;
int ret; int ret;
@@ -665,14 +685,15 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
break; break;
} }
skfield = NULL; skfield = NULL;
if (!ASN1_item_ex_d2i(&skfield, &p, len, if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { -1, 0, 0, ctx, depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR); ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
} }
len -= p - q; len -= p - q;
if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item));
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
@@ -683,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} }
} else if (flags & ASN1_TFLG_IMPTAG) { } else if (flags & ASN1_TFLG_IMPTAG) {
/* IMPLICIT tagging */ /* IMPLICIT tagging */
ret = ASN1_item_ex_d2i(val, &p, len, ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, aclass, opt, ctx, depth);
ctx);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
@@ -693,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
return -1; return -1;
} else { } else {
/* Nothing special */ /* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
depth);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;

4
crypto/asn1/tasn_enc.c
View File

@@ -4,7 +4,7 @@
* 2000. * 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval; otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data; cont = otmp->data;
len = otmp->length; len = otmp->length;
if (cont == NULL || len == 0)
return -1;
break; break;
case V_ASN1_NULL: case V_ASN1_NULL:

7
crypto/asn1/tasn_fre.c
View File

@@ -61,9 +61,7 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include "asn1_int.h"
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
/* Free up an ASN1 structure */ /* Free up an ASN1 structure */
@@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_combine_free(pval, it, 0); asn1_item_combine_free(pval, it, 0);
} }
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
int combine)
{ {
const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef; const ASN1_EXTERN_FUNCS *ef;

12
crypto/asn1/tasn_new.c
View File

@@ -63,6 +63,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <string.h> #include <string.h>
#include "asn1_int.h"
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine); int combine);
@@ -158,7 +159,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
} }
asn1_set_choice_selector(pval, -1, it); asn1_set_choice_selector(pval, -1, it);
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr; goto auxerr2;
break; break;
case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -186,10 +187,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt); pseqval = asn1_get_field_ptr(pval, tt);
if (!ASN1_template_new(pseqval, tt)) if (!ASN1_template_new(pseqval, tt))
goto memerr; goto memerr2;
} }
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr; goto auxerr2;
break; break;
} }
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
@@ -198,6 +199,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
#endif #endif
return 1; return 1;
memerr2:
asn1_item_combine_free(pval, it, combine);
memerr: memerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
@@ -206,9 +209,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
#endif #endif
return 0; return 0;
auxerr2:
asn1_item_combine_free(pval, it, combine);
auxerr: auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
if (it->sname) if (it->sname)
CRYPTO_pop_info(); CRYPTO_pop_info();

2
crypto/asn1/tasn_prn.c
View File

@@ -463,7 +463,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
ln = OBJ_nid2ln(OBJ_obj2nid(oid)); ln = OBJ_nid2ln(OBJ_obj2nid(oid));
if (!ln) if (!ln)
ln = ""; ln = "";
OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
return 0; return 0;
return 1; return 1;

38
crypto/asn1/x_long.c
View File

@@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
* set. * set.
*/ */
if (ltmp < 0) if (ltmp < 0)
utmp = -ltmp - 1; utmp = 0 - (unsigned long)ltmp - 1;
else else
utmp = ltmp; utmp = ltmp;
clen = BN_num_bits_word(utmp); clen = BN_num_bits_word(utmp);
@@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it) int utype, char *free_cont, const ASN1_ITEM *it)
{ {
int neg, i; int neg = -1, i;
long ltmp; long ltmp;
unsigned long utmp = 0; unsigned long utmp = 0;
char *cp = (char *)pval; char *cp = (char *)pval;
if (len) {
/*
* Check possible pad byte. Worst case, we're skipping past actual
* content, but since that's only with 0x00 and 0xff and we set neg
* accordingly, the result will be correct in the end anyway.
*/
switch (cont[0]) {
case 0xff:
cont++;
len--;
neg = 1;
break;
case 0:
cont++;
len--;
neg = 0;
break;
}
}
if (len > (int)sizeof(long)) { if (len > (int)sizeof(long)) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
return 0; return 0;
} }
/* Is it negative? */ if (neg == -1) {
if (len && (cont[0] & 0x80)) /* Is it negative? */
neg = 1; if (len && (cont[0] & 0x80))
else neg = 1;
neg = 0; else
neg = 0;
}
utmp = 0; utmp = 0;
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
utmp <<= 8; utmp <<= 8;
@@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
} }
ltmp = (long)utmp; ltmp = (long)utmp;
if (neg) { if (neg) {
ltmp++;
ltmp = -ltmp; ltmp = -ltmp;
ltmp--;
} }
if (ltmp == it->size) { if (ltmp == it->size) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);

53
crypto/asn1/x_name.c
View File

@@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
*pval = NULL; *pval = NULL;
} }
static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_free(ne);
}
static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
}
static int x509_name_ex_d2i(ASN1_VALUE **val, static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_ITEM *it, int tag, int aclass, const ASN1_ITEM *it, int tag, int aclass,
@@ -228,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
entry->set = i; entry->set = i;
if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
goto err; goto err;
sk_X509_NAME_ENTRY_set(entries, j, NULL);
} }
sk_X509_NAME_ENTRY_free(entries);
} }
sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
ret = x509_name_canon(nm.x); ret = x509_name_canon(nm.x);
if (!ret) if (!ret)
goto err; goto err;
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
local_sk_X509_NAME_ENTRY_free);
nm.x->modified = 0; nm.x->modified = 0;
*val = nm.a; *val = nm.a;
*in = p; *in = p;
@@ -242,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
err: err:
if (nm.x != NULL) if (nm.x != NULL)
X509_NAME_free(nm.x); X509_NAME_free(nm.x);
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
local_sk_X509_NAME_ENTRY_pop_free);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0; return 0;
} }
@@ -267,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
return ret; return ret;
} }
static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_free(ne);
}
static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
}
static int x509_name_encode(X509_NAME *a) static int x509_name_encode(X509_NAME *a)
{ {
union { union {
@@ -299,8 +302,10 @@ static int x509_name_encode(X509_NAME *a)
entries = sk_X509_NAME_ENTRY_new_null(); entries = sk_X509_NAME_ENTRY_new_null();
if (!entries) if (!entries)
goto memerr; goto memerr;
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto memerr; goto memerr;
}
set = entry->set; set = entry->set;
} }
if (!sk_X509_NAME_ENTRY_push(entries, entry)) if (!sk_X509_NAME_ENTRY_push(entries, entry))
@@ -370,8 +375,10 @@ static int x509_name_canon(X509_NAME *a)
entries = sk_X509_NAME_ENTRY_new_null(); entries = sk_X509_NAME_ENTRY_new_null();
if (!entries) if (!entries)
goto err; goto err;
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto err; goto err;
}
set = entry->set; set = entry->set;
} }
tmpentry = X509_NAME_ENTRY_new(); tmpentry = X509_NAME_ENTRY_new();
@@ -516,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
int X509_NAME_set(X509_NAME **xn, X509_NAME *name) int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{ {
X509_NAME *in; if ((name = X509_NAME_dup(name)) == NULL)
return 0;
if (!xn || !name) X509_NAME_free(*xn);
return (0); *xn = name;
return 1;
if (*xn != name) {
in = X509_NAME_dup(name);
if (in != NULL) {
X509_NAME_free(*xn);
*xn = in;
}
}
return (*xn != NULL);
} }
IMPLEMENT_STACK_OF(X509_NAME_ENTRY) IMPLEMENT_STACK_OF(X509_NAME_ENTRY)

21
crypto/asn1/x_pkey.c
View File

@@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void)
X509_PKEY *ret = NULL; X509_PKEY *ret = NULL;
ASN1_CTX c; ASN1_CTX c;
M_ASN1_New_Malloc(ret, X509_PKEY); ret = OPENSSL_malloc(sizeof(X509_PKEY));
if (ret == NULL) {
c.line = __LINE__;
goto err;
}
ret->version = 0; ret->version = 0;
M_ASN1_New(ret->enc_algor, X509_ALGOR_new); ret->enc_algor = X509_ALGOR_new();
M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); ret->enc_pkey = M_ASN1_OCTET_STRING_new();
ret->dec_pkey = NULL; ret->dec_pkey = NULL;
ret->key_length = 0; ret->key_length = 0;
ret->key_data = NULL; ret->key_data = NULL;
@@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void)
ret->cipher.cipher = NULL; ret->cipher.cipher = NULL;
memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
ret->references = 1; ret->references = 1;
return (ret); if (ret->enc_algor == NULL || ret->enc_pkey == NULL) {
M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); c.line = __LINE__;
goto err;
}
return ret;
err:
X509_PKEY_free(ret);
ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line);
return NULL;
} }
void X509_PKEY_free(X509_PKEY *x) void X509_PKEY_free(X509_PKEY *x)

6
crypto/bf/bftest.c
View File

@@ -462,9 +462,9 @@ static int test(void)
len = strlen(cbc_data) + 1; len = strlen(cbc_data) + 1;
BF_set_key(&key, 16, cbc_key); BF_set_key(&key, 16, cbc_key);
memset(cbc_in, 0, sizeof cbc_in); memset(cbc_in, 0, sizeof(cbc_in));
memset(cbc_out, 0, sizeof cbc_out); memset(cbc_out, 0, sizeof(cbc_out));
memcpy(iv, cbc_iv, sizeof iv); memcpy(iv, cbc_iv, sizeof(iv));
BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len,
&key, iv, BF_ENCRYPT); &key, iv, BF_ENCRYPT);
if (memcmp(cbc_out, cbc_ok, 32) != 0) { if (memcmp(cbc_out, cbc_ok, 32) != 0) {

41
crypto/bio/b_dump.c
View File

@@ -64,7 +64,6 @@
#include "cryptlib.h" #include "cryptlib.h"
#include "bio_lcl.h" #include "bio_lcl.h"
#define TRUNCATE
#define DUMP_WIDTH 16 #define DUMP_WIDTH 16
#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
@@ -79,17 +78,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
{ {
int ret = 0; int ret = 0;
char buf[288 + 1], tmp[20], str[128 + 1]; char buf[288 + 1], tmp[20], str[128 + 1];
int i, j, rows, trc; int i, j, rows;
unsigned char ch; unsigned char ch;
int dump_width; int dump_width;
trc = 0;
#ifdef TRUNCATE
for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
trc++;
#endif
if (indent < 0) if (indent < 0)
indent = 0; indent = 0;
if (indent) { if (indent) {
@@ -104,50 +96,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
if ((rows * dump_width) < len) if ((rows * dump_width) < len)
rows++; rows++;
for (i = 0; i < rows; i++) { for (i = 0; i < rows; i++) {
BUF_strlcpy(buf, str, sizeof buf); BUF_strlcpy(buf, str, sizeof(buf));
BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
BUF_strlcat(buf, tmp, sizeof buf); BUF_strlcat(buf, tmp, sizeof(buf));
for (j = 0; j < dump_width; j++) { for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len) { if (((i * dump_width) + j) >= len) {
BUF_strlcat(buf, " ", sizeof buf); BUF_strlcat(buf, " ", sizeof(buf));
} else { } else {
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
j == 7 ? '-' : ' '); j == 7 ? '-' : ' ');
BUF_strlcat(buf, tmp, sizeof buf); BUF_strlcat(buf, tmp, sizeof(buf));
} }
} }
BUF_strlcat(buf, " ", sizeof buf); BUF_strlcat(buf, " ", sizeof(buf));
for (j = 0; j < dump_width; j++) { for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len) if (((i * dump_width) + j) >= len)
break; break;
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
#ifndef CHARSET_EBCDIC #ifndef CHARSET_EBCDIC
BIO_snprintf(tmp, sizeof tmp, "%c", BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= ' ') && (ch <= '~')) ? ch : '.'); ((ch >= ' ') && (ch <= '~')) ? ch : '.');
#else #else
BIO_snprintf(tmp, sizeof tmp, "%c", BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
? os_toebcdic[ch] ? os_toebcdic[ch]
: '.'); : '.');
#endif #endif
BUF_strlcat(buf, tmp, sizeof buf); BUF_strlcat(buf, tmp, sizeof(buf));
} }
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
/* /*
* if this is the last call then update the ddt_dump thing so that we * if this is the last call then update the ddt_dump thing so that we
* will move the selection point in the debug window * will move the selection point in the debug window
*/ */
ret += cb((void *)buf, strlen(buf), u); ret += cb((void *)buf, strlen(buf), u);
} }
#ifdef TRUNCATE return ret;
if (trc > 0) {
BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str,
len + trc);
ret += cb((void *)buf, strlen(buf), u);
}
#endif
return (ret);
} }
#ifndef OPENSSL_NO_FP_API #ifndef OPENSSL_NO_FP_API

8
crypto/bio/b_print.c
View File

@@ -385,7 +385,7 @@ _dopr(char **sbuffer,
if (cflags == DP_C_SHORT) { if (cflags == DP_C_SHORT) {
short int *num; short int *num;
num = va_arg(args, short int *); num = va_arg(args, short int *);
*num = currlen; *num = (short int)currlen;
} else if (cflags == DP_C_LONG) { /* XXX */ } else if (cflags == DP_C_LONG) { /* XXX */
long int *num; long int *num;
num = va_arg(args, long int *); num = va_arg(args, long int *);
@@ -502,7 +502,7 @@ fmtint(char **sbuffer,
if (!(flags & DP_F_UNSIGNED)) { if (!(flags & DP_F_UNSIGNED)) {
if (value < 0) { if (value < 0) {
signvalue = '-'; signvalue = '-';
uvalue = -value; uvalue = 0 - (unsigned LLONG)value;
} else if (flags & DP_F_PLUS) } else if (flags & DP_F_PLUS)
signvalue = '+'; signvalue = '+';
else if (flags & DP_F_SPACE) else if (flags & DP_F_SPACE)
@@ -663,7 +663,7 @@ fmtfp(char **sbuffer,
iconvert[iplace++] = "0123456789"[intpart % 10]; iconvert[iplace++] = "0123456789"[intpart % 10];
intpart = (intpart / 10); intpart = (intpart / 10);
} while (intpart && (iplace < (int)sizeof(iconvert))); } while (intpart && (iplace < (int)sizeof(iconvert)));
if (iplace == sizeof iconvert) if (iplace == sizeof(iconvert))
iplace--; iplace--;
iconvert[iplace] = 0; iconvert[iplace] = 0;
@@ -672,7 +672,7 @@ fmtfp(char **sbuffer,
fconvert[fplace++] = "0123456789"[fracpart % 10]; fconvert[fplace++] = "0123456789"[fracpart % 10];
fracpart = (fracpart / 10); fracpart = (fracpart / 10);
} while (fplace < max); } while (fplace < max);
if (fplace == sizeof fconvert) if (fplace == sizeof(fconvert))
fplace--; fplace--;
fconvert[fplace] = 0; fconvert[fplace] = 0;

23
crypto/bio/b_sock.c
View File

@@ -56,6 +56,9 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#define _DEFAULT_SOURCE
#define _BSD_SOURCE
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <errno.h> #include <errno.h>
@@ -83,6 +86,11 @@ NETDB_DEFINE_CONTEXT
static int wsa_init_done = 0; static int wsa_init_done = 0;
# endif # endif
# if defined(__GLIBC__)
# define HAVE_GETHOSTBYNAME_R
# define GETHOSTNAME_R_BUF (2 * 1024)
# endif
/* /*
* WSAAPI specifier is required to make indirect calls to run-time * WSAAPI specifier is required to make indirect calls to run-time
* linked WinSock 2 functions used in this module, to be specific * linked WinSock 2 functions used in this module, to be specific
@@ -116,7 +124,12 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
int i; int i;
int err = 1; int err = 1;
int locked = 0; int locked = 0;
struct hostent *he; struct hostent *he = NULL;
# ifdef HAVE_GETHOSTBYNAME_R
char buf[GETHOSTNAME_R_BUF];
struct hostent hostent;
int h_errnop;
# endif
i = get_ip(str, ip); i = get_ip(str, ip);
if (i < 0) { if (i < 0) {
@@ -138,10 +151,18 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
if (i > 0) if (i > 0)
return (1); return (1);
/* if gethostbyname_r is supported, use it. */
# ifdef HAVE_GETHOSTBYNAME_R
memset(&hostent, 0x00, sizeof(hostent));
/* gethostbyname_r() sets |he| to NULL on error, we check it further down */
gethostbyname_r(str, &hostent, buf, sizeof(buf), &he, &h_errnop);
# else
/* do a gethostbyname */ /* do a gethostbyname */
CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
locked = 1; locked = 1;
he = BIO_gethostbyname(str); he = BIO_gethostbyname(str);
# endif
if (he == NULL) { if (he == NULL) {
BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP);
goto err; goto err;

Some files were not shown because too many files have changed in this diff Show More