summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2004-04-08 08:03:16 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2004-04-08 08:03:16 +0000
commit39742baebd0068e2a7d7a0d76c0fec797b61e8a6 (patch)
tree51eed0eb1e61754e03f9dc446aed665b129e92c5 /lib/libssl
parent85350a6b297d1fdc832d113428d32eb51d6a68cf (diff)
merge 0.9.7d
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/src/CHANGES45
-rw-r--r--lib/libssl/src/Configure19
-rw-r--r--lib/libssl/src/FAQ7
-rw-r--r--lib/libssl/src/LICENSE2
-rw-r--r--lib/libssl/src/Makefile.org10
-rw-r--r--lib/libssl/src/NEWS8
-rw-r--r--lib/libssl/src/README4
-rw-r--r--lib/libssl/src/apps/apps.c559
-rw-r--r--lib/libssl/src/apps/apps.h33
-rw-r--r--lib/libssl/src/apps/asn1pars.c10
-rw-r--r--lib/libssl/src/apps/ca.c538
-rw-r--r--lib/libssl/src/apps/dgst.c2
-rw-r--r--lib/libssl/src/apps/enc.c6
-rw-r--r--lib/libssl/src/apps/engine.c4
-rw-r--r--lib/libssl/src/apps/ocsp.c46
-rw-r--r--lib/libssl/src/apps/openssl.cnf5
-rw-r--r--lib/libssl/src/apps/pkcs12.c4
-rw-r--r--lib/libssl/src/apps/pkcs7.c3
-rw-r--r--lib/libssl/src/apps/req.c34
-rw-r--r--lib/libssl/src/apps/rsautl.c12
-rw-r--r--lib/libssl/src/apps/s_socket.c2
-rw-r--r--lib/libssl/src/apps/s_time.c6
-rw-r--r--lib/libssl/src/apps/speed.c7
-rw-r--r--lib/libssl/src/apps/x509.c78
-rw-r--r--lib/libssl/src/certs/vsign3.pem27
-rw-r--r--lib/libssl/src/config13
-rw-r--r--lib/libssl/src/crypto/Makefile.ssl4
-rw-r--r--lib/libssl/src/crypto/aes/aes_cbc.c2
-rw-r--r--lib/libssl/src/crypto/asn1/a_gentm.c6
-rw-r--r--lib/libssl/src/crypto/asn1/a_mbstr.c4
-rw-r--r--lib/libssl/src/crypto/asn1/a_strex.c2
-rw-r--r--lib/libssl/src/crypto/asn1/a_time.c6
-rw-r--r--lib/libssl/src/crypto/asn1/a_utctm.c6
-rw-r--r--lib/libssl/src/crypto/asn1/asn1_lib.c4
-rw-r--r--lib/libssl/src/crypto/asn1/asn1_par.c6
-rw-r--r--lib/libssl/src/crypto/asn1/asn_moid.c9
-rw-r--r--lib/libssl/src/crypto/asn1/t_pkey.c4
-rw-r--r--lib/libssl/src/crypto/bf/Makefile.ssl1
-rw-r--r--lib/libssl/src/crypto/bio/b_dump.c24
-rw-r--r--lib/libssl/src/crypto/bio/b_print.c12
-rw-r--r--lib/libssl/src/crypto/bio/b_sock.c12
-rw-r--r--lib/libssl/src/crypto/bio/bio_cb.c30
-rw-r--r--lib/libssl/src/crypto/bio/bss_conn.c6
-rw-r--r--lib/libssl/src/crypto/bio/bss_file.c10
-rw-r--r--lib/libssl/src/crypto/bn/Makefile.ssl3
-rw-r--r--lib/libssl/src/crypto/bn/asm/bn-586.pl2
-rw-r--r--lib/libssl/src/crypto/bn/bn_lcl.h17
-rw-r--r--lib/libssl/src/crypto/bn/bn_lib.c8
-rw-r--r--lib/libssl/src/crypto/bn/bn_print.c4
-rw-r--r--lib/libssl/src/crypto/cast/Makefile.ssl1
-rw-r--r--lib/libssl/src/crypto/conf/conf_def.c6
-rw-r--r--lib/libssl/src/crypto/conf/conf_mod.c12
-rw-r--r--lib/libssl/src/crypto/cversion.c6
-rw-r--r--lib/libssl/src/crypto/des/Makefile.ssl28
-rw-r--r--lib/libssl/src/crypto/des/cfb_enc.c21
-rw-r--r--lib/libssl/src/crypto/des/ecb_enc.c5
-rw-r--r--lib/libssl/src/crypto/dso/dso_lib.c4
-rw-r--r--lib/libssl/src/crypto/ec/ecp_smpl.c2
-rw-r--r--lib/libssl/src/crypto/engine/eng_ctrl.c14
-rw-r--r--lib/libssl/src/crypto/engine/eng_fat.c6
-rw-r--r--lib/libssl/src/crypto/engine/engine.h27
-rw-r--r--lib/libssl/src/crypto/engine/hw_cryptodev.c5
-rw-r--r--lib/libssl/src/crypto/err/err.c2
-rw-r--r--lib/libssl/src/crypto/evp/digest.c15
-rw-r--r--lib/libssl/src/crypto/evp/evp.h2
-rw-r--r--lib/libssl/src/crypto/evp/evp_enc.c14
-rw-r--r--lib/libssl/src/crypto/evp/evp_pbe.c2
-rw-r--r--lib/libssl/src/crypto/evp/evp_pkey.c2
-rw-r--r--lib/libssl/src/crypto/mem.c8
-rw-r--r--lib/libssl/src/crypto/mem_dbg.c16
-rw-r--r--lib/libssl/src/crypto/objects/obj_dat.c4
-rw-r--r--lib/libssl/src/crypto/ocsp/ocsp_ext.c24
-rw-r--r--lib/libssl/src/crypto/ocsp/ocsp_lib.c1
-rw-r--r--lib/libssl/src/crypto/ocsp/ocsp_vfy.c6
-rw-r--r--lib/libssl/src/crypto/opensslv.h4
-rw-r--r--lib/libssl/src/crypto/pem/pem_lib.c19
-rw-r--r--lib/libssl/src/crypto/pem/pem_pkey.c4
-rw-r--r--lib/libssl/src/crypto/pkcs7/pk7_doit.c58
-rw-r--r--lib/libssl/src/crypto/rand/Makefile.ssl8
-rw-r--r--lib/libssl/src/crypto/rand/rand_egd.c3
-rw-r--r--lib/libssl/src/crypto/rand/rand_win.c2
-rw-r--r--lib/libssl/src/crypto/rand/randfile.c22
-rw-r--r--lib/libssl/src/crypto/rc4/Makefile.ssl1
-rw-r--r--lib/libssl/src/crypto/rc5/Makefile.ssl1
-rw-r--r--lib/libssl/src/crypto/ripemd/Makefile.ssl1
-rw-r--r--lib/libssl/src/crypto/sha/Makefile.ssl1
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha1-586.pl291
-rw-r--r--lib/libssl/src/crypto/threads/mttest.c2
-rw-r--r--lib/libssl/src/crypto/ui/ui_lib.c14
-rw-r--r--lib/libssl/src/crypto/x509/by_dir.c34
-rw-r--r--lib/libssl/src/crypto/x509/x509.h4
-rw-r--r--lib/libssl/src/crypto/x509/x509_txt.c8
-rw-r--r--lib/libssl/src/crypto/x509/x509_vfy.c55
-rw-r--r--lib/libssl/src/crypto/x509/x509_vfy.h19
-rw-r--r--lib/libssl/src/crypto/x509/x509type.c2
-rw-r--r--lib/libssl/src/crypto/x509v3/v3_alt.c4
-rw-r--r--lib/libssl/src/crypto/x509v3/v3_crld.c2
-rw-r--r--lib/libssl/src/crypto/x509v3/v3_info.c6
-rw-r--r--lib/libssl/src/crypto/x509v3/v3_purp.c5
-rw-r--r--lib/libssl/src/doc/apps/config.pod140
-rw-r--r--lib/libssl/src/doc/apps/openssl.pod3
-rw-r--r--lib/libssl/src/doc/apps/s_client.pod6
-rw-r--r--lib/libssl/src/doc/apps/smime.pod11
-rw-r--r--lib/libssl/src/doc/crypto/BIO_f_ssl.pod6
-rw-r--r--lib/libssl/src/doc/crypto/EVP_BytesToKey.pod2
-rw-r--r--lib/libssl/src/doc/crypto/EVP_DigestInit.pod2
-rw-r--r--lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod5
-rw-r--r--lib/libssl/src/doc/crypto/des.pod2
-rw-r--r--lib/libssl/src/doc/crypto/pem.pod6
-rw-r--r--lib/libssl/src/doc/crypto/ui.pod2
-rw-r--r--lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod4
-rw-r--r--lib/libssl/src/doc/ssleay.txt2
-rw-r--r--lib/libssl/src/openssl.spec2
-rw-r--r--lib/libssl/src/os2/OS2-EMX.cmd36
-rw-r--r--lib/libssl/src/ssl/Makefile.ssl489
-rw-r--r--lib/libssl/src/ssl/kssl.c4
-rw-r--r--lib/libssl/src/ssl/s3_clnt.c4
-rw-r--r--lib/libssl/src/ssl/s3_enc.c12
-rw-r--r--lib/libssl/src/ssl/ssl.h4
-rw-r--r--lib/libssl/src/ssl/ssl_cert.c12
-rw-r--r--lib/libssl/src/ssl/ssl_ciph.c79
-rw-r--r--lib/libssl/src/ssl/ssltest.c9
-rw-r--r--lib/libssl/src/util/mk1mf.pl2
-rw-r--r--lib/libssl/src/util/mkdef.pl38
-rw-r--r--lib/libssl/src/util/pl/OS2-EMX.pl42
125 files changed, 1984 insertions, 1409 deletions
diff --git a/lib/libssl/src/CHANGES b/lib/libssl/src/CHANGES
index b8630792adf..4a0363a1c2d 100644
--- a/lib/libssl/src/CHANGES
+++ b/lib/libssl/src/CHANGES
@@ -2,6 +2,51 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
+
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ [Joe Orton, Steve Henson]
+
+ *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+ (CAN-2004-0112)
+ [Joe Orton, Steve Henson]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) X509 verify fixes. Disable broken certificate workarounds when
+ X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+ keyUsage extension present. Don't accept CRLs with unhandled critical
+ extensions: since verify currently doesn't process CRL extensions this
+ rejects a CRL with *any* critical extensions. Add new verify error codes
+ for these cases.
+ [Steve Henson]
+
+ *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+ A clarification of RFC2560 will require the use of OCTET STRINGs and
+ some implementations cannot handle the current raw format. Since OpenSSL
+ copies and compares OCSP nonces as opaque blobs without any attempt at
+ parsing them this should not create any compatibility issues.
+ [Steve Henson]
+
+ *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+ calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+ this HMAC (and other) operations are several times slower than OpenSSL
+ < 0.9.7.
+ [Steve Henson]
+
+ *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+ [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+ *) Use the correct content when signing type "other".
+ [Steve Henson]
+
Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure
index 61331dbb517..4e7883c17ab 100644
--- a/lib/libssl/src/Configure
+++ b/lib/libssl/src/Configure
@@ -145,10 +145,10 @@ my %table=(
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
@@ -216,13 +216,13 @@ my %table=(
"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IRIX 6.x configs
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-[g]cc' manually.
+# './Configure irix-cc -o32' manually.
# -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Unified HP-UX ANSI C configs.
# Special notes:
@@ -260,6 +260,7 @@ my %table=(
# 64bit PARISC for GCC without optimization, which seems to make problems.
# Submitted by <ross.alexander@uk.neceur.com>
"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# IA-64 targets
"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ
index ca5683def77..0b40039ef81 100644
--- a/lib/libssl/src/FAQ
+++ b/lib/libssl/src/FAQ
@@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -116,11 +116,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
* Where can I get a compiled version of OpenSSL?
+You can finder pointers to binary distributions in
+http://www.openssl.org/related/binaries.html .
+
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
-If you want to install OpenSSL on a Windows system and you don't have
+If you want to build OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.
diff --git a/lib/libssl/src/LICENSE b/lib/libssl/src/LICENSE
index dddb07842bb..40277883a59 100644
--- a/lib/libssl/src/LICENSE
+++ b/lib/libssl/src/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/lib/libssl/src/Makefile.org b/lib/libssl/src/Makefile.org
index e80b22a32a1..a987a0298b2 100644
--- a/lib/libssl/src/Makefile.org
+++ b/lib/libssl/src/Makefile.org
@@ -456,10 +456,12 @@ do_irix-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( WHOLELIB="-all lib$$i.a -notall"; \
+ (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
+ set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+ $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -832,7 +834,7 @@ install: all install_docs
fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -857,6 +859,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -873,6 +876,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/lib/libssl/src/NEWS b/lib/libssl/src/NEWS
index f0282ebb875..4c1ba0a241f 100644
--- a/lib/libssl/src/NEWS
+++ b/lib/libssl/src/NEWS
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+
+ o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+ o Security: Fix null-pointer assignment in do_change_cipher_spec()
+ o Allow multiple active certificates with same subject in CA index
+ o Multiple X590 verification fixes
+ o Speed up HMAC and other operations
+
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
o Security: fix various ASN1 parsing bugs.
diff --git a/lib/libssl/src/README b/lib/libssl/src/README
index 65e3a124263..f72a21036f9 100644
--- a/lib/libssl/src/README
+++ b/lib/libssl/src/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.7c 30 Sep 2003
+ OpenSSL 0.9.7d 17 Mar 2004
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/lib/libssl/src/apps/apps.c b/lib/libssl/src/apps/apps.c
index c4dfafd778d..93a665e788a 100644
--- a/lib/libssl/src/apps/apps.c
+++ b/lib/libssl/src/apps/apps.c
@@ -501,7 +501,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password[0] != '\0')
+ if (password && password[0] != '\0')
{
UI_set_result(ui, uis, password);
return 1;
@@ -525,7 +525,7 @@ static int ui_write(UI *ui, UI_STRING *uis)
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password[0] != '\0')
+ if (password && password[0] != '\0')
return 1;
}
default:
@@ -1416,11 +1416,560 @@ char *make_config_name()
len=strlen(t)+strlen(OPENSSL_CONF)+2;
p=OPENSSL_malloc(len);
- strlcpy(p,t,len);
+ BUF_strlcpy(p,t,len);
#ifndef OPENSSL_SYS_VMS
- strlcat(p,"/",len);
+ BUF_strlcat(p,"/",len);
#endif
- strlcat(p,OPENSSL_CONF,len);
+ BUF_strlcat(p,OPENSSL_CONF,len);
return p;
}
+
+static unsigned long index_serial_hash(const char **a)
+ {
+ const char *n;
+
+ n=a[DB_serial];
+ while (*n == '0') n++;
+ return(lh_strhash(n));
+ }
+
+static int index_serial_cmp(const char **a, const char **b)
+ {
+ const char *aa,*bb;
+
+ for (aa=a[DB_serial]; *aa == '0'; aa++);
+ for (bb=b[DB_serial]; *bb == '0'; bb++);
+ return(strcmp(aa,bb));
+ }
+
+static int index_name_qual(char **a)
+ { return(a[0][0] == 'V'); }
+
+static unsigned long index_name_hash(const char **a)
+ { return(lh_strhash(a[DB_name])); }
+
+int index_name_cmp(const char **a, const char **b)
+ { return(strcmp(a[DB_name],
+ b[DB_name])); }
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
+#undef BSIZE
+#define BSIZE 256
+
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+ {
+ BIO *in=NULL;
+ BIGNUM *ret=NULL;
+ MS_STATIC char buf[1024];
+ ASN1_INTEGER *ai=NULL;
+
+ ai=ASN1_INTEGER_new();
+ if (ai == NULL) goto err;
+
+ if ((in=BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (BIO_read_filename(in,serialfile) <= 0)
+ {
+ if (!create)
+ {
+ perror(serialfile);
+ goto err;
+ }
+ else
+ {
+ ASN1_INTEGER_set(ai,1);
+ ret=BN_new();
+ if (ret == NULL)
+ BIO_printf(bio_err, "Out of memory\n");
+ else
+ BN_one(ret);
+ }
+ }
+ else
+ {
+ if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+ {
+ BIO_printf(bio_err,"unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ ret=ASN1_INTEGER_to_BN(ai,NULL);
+ if (ret == NULL)
+ {
+ BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+ goto err;
+ }
+ }
+
+ if (ret && retai)
+ {
+ *retai = ai;
+ ai = NULL;
+ }
+ err:
+ if (in != NULL) BIO_free(in);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
+ {
+ char buf[1][BSIZE];
+ BIO *out = NULL;
+ int ret=0;
+ ASN1_INTEGER *ai=NULL;
+ int j;
+
+ if (suffix == NULL)
+ j = strlen(serialfile);
+ else
+ j = strlen(serialfile) + strlen(suffix) + 1;
+ if (j >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+ if (suffix == NULL)
+ BUF_strlcpy(buf[0], serialfile, BSIZE);
+ else
+ {
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+#endif
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(serialfile);
+ goto err;
+ }
+
+ if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+ goto err;
+ }
+ i2a_ASN1_INTEGER(out,ai);
+ BIO_puts(out,"\n");
+ ret=1;
+ if (retai)
+ {
+ *retai = ai;
+ ai = NULL;
+ }
+err:
+ if (out != NULL) BIO_free_all(out);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+ {
+ char buf[5][BSIZE];
+ int i,j;
+ struct stat sb;
+
+ i = strlen(serialfile) + strlen(old_suffix);
+ j = strlen(serialfile) + strlen(new_suffix);
+ if (i > j) j = i;
+ if (j + 1 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
+ serialfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
+ serialfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
+ serialfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
+ serialfile, old_suffix);
+#endif
+ if (stat(serialfile,&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR)
+#endif
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ serialfile, buf[1]);
+#endif
+ if (rename(serialfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ serialfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0],serialfile);
+#endif
+ if (rename(buf[0],serialfile) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[0],serialfile);
+ perror("reason");
+ rename(buf[1],serialfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+ }
+
+CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+ {
+ CA_DB *retdb = NULL;
+ TXT_DB *tmpdb = NULL;
+ BIO *in = BIO_new(BIO_s_file());
+ CONF *dbattr_conf = NULL;
+ char buf[1][BSIZE];
+ long errorline= -1;
+
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_read_filename(in,dbfile) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
+ {
+ if (tmpdb != NULL) TXT_DB_free(tmpdb);
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+#else
+ BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+#endif
+ dbattr_conf = NCONF_new(NULL);
+ if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
+ {
+ if (errorline > 0)
+ {
+ BIO_printf(bio_err,
+ "error on line %ld of db attribute file '%s'\n"
+ ,errorline,buf[0]);
+ goto err;
+ }
+ else
+ {
+ NCONF_free(dbattr_conf);
+ dbattr_conf = NULL;
+ }
+ }
+
+ if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
+ {
+ fprintf(stderr, "Out of memory\n");
+ goto err;
+ }
+
+ retdb->db = tmpdb;
+ tmpdb = NULL;
+ if (db_attr)
+ retdb->attributes = *db_attr;
+ else
+ {
+ retdb->attributes.unique_subject = 1;
+ }
+
+ if (dbattr_conf)
+ {
+ char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
+ if (p)
+ {
+ BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
+ switch(*p)
+ {
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ retdb->attributes.unique_subject = 0;
+ break;
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ default:
+ retdb->attributes.unique_subject = 1;
+ break;
+ }
+ }
+ }
+
+ err:
+ if (dbattr_conf) NCONF_free(dbattr_conf);
+ if (tmpdb) TXT_DB_free(tmpdb);
+ if (in) BIO_free_all(in);
+ return retdb;
+ }
+
+int index_index(CA_DB *db)
+ {
+ if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+ LHASH_HASH_FN(index_serial_hash),
+ LHASH_COMP_FN(index_serial_cmp)))
+ {
+ BIO_printf(bio_err,
+ "error creating serial number index:(%ld,%ld,%ld)\n",
+ db->db->error,db->db->arg1,db->db->arg2);
+ return 0;
+ }
+
+ if (db->attributes.unique_subject
+ && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+ LHASH_HASH_FN(index_name_hash),
+ LHASH_COMP_FN(index_name_cmp)))
+ {
+ BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+ db->db->error,db->db->arg1,db->db->arg2);
+ return 0;
+ }
+ return 1;
+ }
+
+int save_index(char *dbfile, char *suffix, CA_DB *db)
+ {
+ char buf[3][BSIZE];
+ BIO *out = BIO_new(BIO_s_file());
+ int j;
+
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ j = strlen(dbfile) + strlen(suffix);
+ if (j + 6 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ if (BIO_write_filename(out,buf[0]) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
+ goto err;
+ }
+ j=TXT_DB_write(out,db->db);
+ if (j <= 0) goto err;
+
+ BIO_free(out);
+
+ out = BIO_new(BIO_s_file());
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
+#endif
+ if (BIO_write_filename(out,buf[1]) <= 0)
+ {
+ perror(buf[2]);
+ BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
+ goto err;
+ }
+ BIO_printf(out,"unique_subject = %s\n",
+ db->attributes.unique_subject ? "yes" : "no");
+ BIO_free(out);
+
+ return 1;
+ err:
+ return 0;
+ }
+
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
+ {
+ char buf[5][BSIZE];
+ int i,j;
+ struct stat sb;
+
+ i = strlen(dbfile) + strlen(old_suffix);
+ j = strlen(dbfile) + strlen(new_suffix);
+ if (i > j) j = i;
+ if (j + 6 >= BSIZE)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
+ dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
+ dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
+ dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
+ dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
+ dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
+ dbfile, old_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
+ dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
+ dbfile, old_suffix);
+#endif
+ if (stat(dbfile,&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR)
+#endif
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ dbfile, buf[1]);
+#endif
+ if (rename(dbfile,buf[1]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ dbfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0],dbfile);
+#endif
+ if (rename(buf[0],dbfile) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[0],dbfile);
+ perror("reason");
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ if (stat(buf[4],&sb) < 0)
+ {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR)
+#endif
+ goto err;
+ }
+ else
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[4],buf[3]);
+#endif
+ if (rename(buf[4],buf[3]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[4], buf[3]);
+ perror("reason");
+ rename(dbfile,buf[0]);
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[2],buf[4]);
+#endif
+ if (rename(buf[2],buf[4]) < 0)
+ {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n",
+ buf[2],buf[4]);
+ perror("reason");
+ rename(buf[3],buf[4]);
+ rename(dbfile,buf[0]);
+ rename(buf[1],dbfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+ }
+
+void free_index(CA_DB *db)
+ {
+ TXT_DB_free(db->db);
+ OPENSSL_free(db);
+ }
diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h
index c36b9d25665..8a9c4ab0a05 100644
--- a/lib/libssl/src/apps/apps.h
+++ b/lib/libssl/src/apps/apps.h
@@ -287,7 +287,38 @@ char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, char *str);
-int make_serial_index(TXT_DB *db);
+
+#define DB_type 0
+#define DB_exp_date 1
+#define DB_rev_date 2
+#define DB_serial 3 /* index - unique */
+#define DB_file 4
+#define DB_name 5 /* index - unique when active and not disabled */
+#define DB_NUMBER 6
+
+#define DB_TYPE_REV 'R'
+#define DB_TYPE_EXP 'E'
+#define DB_TYPE_VAL 'V'
+
+typedef struct db_attr_st
+ {
+ int unique_subject;
+ } DB_ATTR;
+typedef struct ca_db_st
+ {
+ DB_ATTR attributes;
+ TXT_DB *db;
+ } CA_DB;
+
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
+CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
+int index_index(CA_DB *db);
+int save_index(char *dbfile, char *suffix, CA_DB *db);
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
+void free_index(CA_DB *db);
+int index_name_cmp(const char **a, const char **b);
X509_NAME *do_subject(char *str, long chtype);
diff --git a/lib/libssl/src/apps/asn1pars.c b/lib/libssl/src/apps/asn1pars.c
index 83674154053..7db40adf043 100644
--- a/lib/libssl/src/apps/asn1pars.c
+++ b/lib/libssl/src/apps/asn1pars.c
@@ -304,7 +304,15 @@ bad:
num=tmplen;
}
- if (length == 0) length=(unsigned int)num;
+ if (offset >= num)
+ {
+ BIO_printf(bio_err, "Error: offset too large\n");
+ goto end;
+ }
+
+ num -= offset;
+
+ if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
if(derout) {
if(BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
diff --git a/lib/libssl/src/apps/ca.c b/lib/libssl/src/apps/ca.c
index f979dfe85fd..33362389ccb 100644
--- a/lib/libssl/src/apps/ca.c
+++ b/lib/libssl/src/apps/ca.c
@@ -122,6 +122,7 @@
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
+#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
#define ENV_RANDFILE "RANDFILE"
@@ -143,18 +144,6 @@
#define ENV_DATABASE "database"
-#define DB_type 0
-#define DB_exp_date 1
-#define DB_rev_date 2
-#define DB_serial 3 /* index - unique */
-#define DB_file 4
-#define DB_name 5 /* index - unique for active */
-#define DB_NUMBER 6
-
-#define DB_TYPE_REV 'R'
-#define DB_TYPE_EXP 'E'
-#define DB_TYPE_VAL 'V'
-
/* Additional revocation information types */
#define REV_NONE 0 /* No addditional information */
@@ -211,43 +200,36 @@ extern int EF_ALIGNMENT;
#endif
static void lookup_fail(char *name,char *tag);
-static unsigned long index_serial_hash(const char **a);
-static int index_serial_cmp(const char **a, const char **b);
-static unsigned long index_name_hash(const char **a);
-static int index_name_qual(char **a);
-static int index_name_cmp(const char **a,const char **b);
-static BIGNUM *load_serial(char *serialfile);
-static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
+ const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect, CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
+ CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
char *startdate, char *enddate, long days, int batch,
char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
+ CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
-static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, TXT_DB *db);
-static int do_updatedb(TXT_DB *db);
+static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, CA_DB *db);
+static int do_updatedb(CA_DB *db);
static int check_time_format(char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
@@ -259,11 +241,6 @@ static char *section=NULL;
static int preserve=0;
static int msie_hack=0;
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
-
int MAIN(int, char **);
@@ -300,6 +277,7 @@ int MAIN(int argc, char **argv)
char *outfile=NULL;
char *outdir=NULL;
char *serialfile=NULL;
+ char *crlnumberfile=NULL;
char *extensions=NULL;
char *extfile=NULL;
char *subj=NULL;
@@ -308,6 +286,7 @@ int MAIN(int argc, char **argv)
int rev_type = REV_NONE;
char *rev_arg = NULL;
BIGNUM *serial=NULL;
+ BIGNUM *crlnumber=NULL;
char *startdate=NULL;
char *enddate=NULL;
long days=0;
@@ -320,14 +299,13 @@ int MAIN(int argc, char **argv)
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
char *dbfile=NULL;
- TXT_DB *db=NULL;
+ CA_DB *db=NULL;
X509_CRL *crl=NULL;
X509_REVOKED *r=NULL;
ASN1_TIME *tmptm;
ASN1_INTEGER *tmpser;
char **pp,*p,*f;
int i,j;
- long l;
const EVP_MD *dgst=NULL;
STACK_OF(CONF_VALUE) *attribs=NULL;
STACK_OF(X509) *cert_sk=NULL;
@@ -339,6 +317,7 @@ int MAIN(int argc, char **argv)
char *engine = NULL;
#endif
char *tofree=NULL;
+ DB_ATTR db_attr;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@@ -588,10 +567,10 @@ bad:
#else
len = strlen(s)+sizeof(CONFIG_FILE)+1;
tofree=OPENSSL_malloc(len);
- strlcpy(tofree,s,len);
- strlcat(tofree,"/",len);
+ BUF_strlcpy(tofree,s,len);
+ BUF_strlcat(tofree,"/",len);
#endif
- strlcat(tofree,CONFIG_FILE,len);
+ BUF_strlcat(tofree,CONFIG_FILE,len);
configfile=tofree;
}
@@ -662,6 +641,39 @@ bad:
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
+
+ db_attr.unique_subject = 1;
+ p = NCONF_get_string(conf, section, "unique_subject");
+ if (p)
+ {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
+#endif
+ switch(*p)
+ {
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ db_attr.unique_subject = 0;
+ break;
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ default:
+ db_attr.unique_subject = 1;
+ break;
+ }
+ }
+#ifdef RL_DEBUG
+ else
+ BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
+ db_attr.unique_subject);
+#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
@@ -682,17 +694,10 @@ bad:
lookup_fail(section,ENV_DATABASE);
goto err;
}
- if (BIO_read_filename(in,dbfile) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- db=TXT_DB_read(in,DB_NUMBER);
+ db = load_index(dbfile,&db_attr);
if (db == NULL) goto err;
- if (!make_serial_index(db))
- goto err;
+ if (!index_index(db)) goto err;
if (get_certificate_status(ser_status,db) != 1)
BIO_printf(bio_err,"Error verifying serial %s!\n",
@@ -852,19 +857,13 @@ bad:
lookup_fail(section,ENV_DATABASE);
goto err;
}
- if (BIO_read_filename(in,dbfile) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- db=TXT_DB_read(in,DB_NUMBER);
+ db = load_index(dbfile, &db_attr);
if (db == NULL) goto err;
/* Lets check some fields */
- for (i=0; i<sk_num(db->data); i++)
+ for (i=0; i<sk_num(db->db->data); i++)
{
- pp=(char **)sk_value(db->data,i);
+ pp=(char **)sk_value(db->db->data,i);
if ((pp[DB_type][0] != DB_TYPE_REV) &&
(pp[DB_rev_date][0] != '\0'))
{
@@ -915,23 +914,13 @@ bad:
out = BIO_push(tmpbio, out);
}
#endif
- TXT_DB_write(out,db);
+ TXT_DB_write(out,db->db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
- db->data->num);
+ db->db->data->num);
BIO_printf(bio_err,"generating index\n");
}
- if (!make_serial_index(db))
- goto err;
-
- if (!TXT_DB_create_index(db, DB_name, index_name_qual,
- LHASH_HASH_FN(index_name_hash),
- LHASH_COMP_FN(index_name_cmp)))
- {
- BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
- db->error,db->arg1,db->arg2);
- goto err;
- }
+ if (!index_index(db)) goto err;
/*****************************************************************/
/* Update the db file for expired certificates */
@@ -954,62 +943,9 @@ bad:
}
else
{
- out = BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
-#endif
- if (j < 0 || j >= sizeof buf[0])
- {
- BIO_printf(bio_err, "file name too long\n");
- goto err;
- }
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",
- dbfile);
- goto err;
- }
- j=TXT_DB_write(out,db);
- if (j <= 0) goto err;
-
- BIO_free(out);
- out = NULL;
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
-#endif
- if (j < 0 || j >= sizeof buf[1])
- {
- BIO_printf(bio_err, "file name too long\n");
- goto err;
- }
- if (rename(dbfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- dbfile, buf[1]);
- perror("reason");
- goto err;
- }
- if (rename(buf[0],dbfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],dbfile);
- perror("reason");
- rename(buf[1],dbfile);
- goto err;
- }
+ if (!save_index(dbfile,"new",db)) goto err;
+
+ if (!rotate_index(dbfile,"new","old")) goto err;
if (verbose) BIO_printf(bio_err,
"Done. %d entries marked as expired\n",i);
@@ -1170,7 +1106,7 @@ bad:
goto err;
}
- if ((serial=load_serial(serialfile)) == NULL)
+ if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
{
BIO_printf(bio_err,"error while loading serial number\n");
goto err;
@@ -1304,38 +1240,9 @@ bad:
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
- if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
- strcpy(buf[0],serialfile);
-
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[0],"-new");
-#else
- strlcat(buf[0],".new",sizeof(buf[0]));
-#endif
-
- if (!save_serial(buf[0],serial)) goto err;
-
- strcpy(buf[1],dbfile);
+ if (!save_serial(serialfile,"new",serial,NULL)) goto err;
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[1],"-new");
-#else
- strlcat(buf[1],".new",sizeof(buf[1]));
-#endif
-
- if (BIO_write_filename(out,buf[1]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- l=TXT_DB_write(out,db);
- if (l <= 0) goto err;
+ if (!save_index(dbfile, "new", db)) goto err;
}
if (verbose)
@@ -1359,7 +1266,7 @@ bad:
strcpy(buf[2],outdir);
#ifndef OPENSSL_SYS_VMS
- strlcat(buf[2],"/",sizeof(buf[2]));
+ BUF_strlcat(buf[2],"/",sizeof(buf[2]));
#endif
n=(char *)&(buf[2][strlen(buf[2])]);
@@ -1369,9 +1276,9 @@ bad:
{
if (n >= &(buf[2][sizeof(buf[2])]))
break;
- snprintf(n,
- &buf[2][0] + sizeof(buf[2]) - n,
- "%02X",(unsigned char)*(p++));
+ BIO_snprintf(n,
+ &buf[2][0] + sizeof(buf[2]) - n,
+ "%02X",(unsigned char)*(p++));
n+=2;
}
}
@@ -1397,59 +1304,10 @@ bad:
if (sk_X509_num(cert_sk))
{
/* Rename the database and the serial file */
- strncpy(buf[2],serialfile,BSIZE-4);
- buf[2][BSIZE-4]='\0';
+ if (!rotate_serial(serialfile,"new","old")) goto err;
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[2],"-old");
-#else
- strlcat(buf[2],".old",sizeof(buf[2]));
-#endif
+ if (!rotate_index(dbfile,"new","old")) goto err;
- BIO_free(in);
- BIO_free_all(out);
- in=NULL;
- out=NULL;
- if (rename(serialfile,buf[2]) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- serialfile,buf[2]);
- perror("reason");
- goto err;
- }
- if (rename(buf[0],serialfile) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- buf[0],serialfile);
- perror("reason");
- rename(buf[2],serialfile);
- goto err;
- }
-
- strncpy(buf[2],dbfile,BSIZE-4);
- buf[2][BSIZE-4]='\0';
-
-#ifdef OPENSSL_SYS_VMS
- strcat(buf[2],"-old");
-#else
- strlcat(buf[2],".old",sizeof(buf[2]));
-#endif
-
- if (rename(dbfile,buf[2]) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- dbfile,buf[2]);
- perror("reason");
- goto err;
- }
- if (rename(buf[1],dbfile) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n",
- buf[1],dbfile);
- perror("reason");
- rename(buf[2],dbfile);
- goto err;
- }
BIO_printf(bio_err,"Data Base Updated\n");
}
}
@@ -1480,6 +1338,14 @@ bad:
}
}
+ if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
+ != NULL)
+ if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error while loading CRL number\n");
+ goto err;
+ }
+
if (!crldays && !crlhours)
{
if (!NCONF_get_number(conf,section,
@@ -1508,9 +1374,9 @@ bad:
ASN1_TIME_free(tmptm);
- for (i=0; i<sk_num(db->data); i++)
+ for (i=0; i<sk_num(db->db->data); i++)
{
- pp=(char **)sk_value(db->data,i);
+ pp=(char **)sk_value(db->db->data,i);
if (pp[DB_type][0] == DB_TYPE_REV)
{
if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1556,14 +1422,24 @@ bad:
/* Add any extensions asked for */
- if (crl_ext)
+ if (crl_ext || crlnumberfile != NULL)
{
X509V3_CTX crlctx;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
X509V3_set_nconf(&crlctx, conf);
- if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
- crl_ext, crl)) goto err;
+ if (crl_ext)
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+ crl_ext, crl)) goto err;
+ if (crlnumberfile != NULL)
+ {
+ tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+ if (!tmpser) goto err;
+ X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
+ ASN1_INTEGER_free(tmpser);
+ crl_v2 = 1;
+ if (!BN_add_word(crlnumber,1)) goto err;
+ }
}
if (crl_ext || crl_v2)
{
@@ -1571,9 +1447,17 @@ bad:
goto err; /* version 2 CRL */
}
+
+ if (crlnumberfile != NULL) /* we have a CRL number that need updating */
+ if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
+
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
+
+ if (crlnumberfile != NULL) /* Rename the crlnumber file */
+ if (!rotate_serial(crlnumberfile,"new","old")) goto err;
+
}
/*****************************************************************/
if (dorevoke)
@@ -1594,50 +1478,10 @@ bad:
if (j <= 0) goto err;
X509_free(revcert);
- if(strlen(dbfile) > BSIZE-5)
- {
- BIO_printf(bio_err,"filename too long\n");
- goto err;
- }
+ if (!save_index(dbfile, "new", db)) goto err;
+
+ if (!rotate_index(dbfile, "new", "old")) goto err;
- strcpy(buf[0],dbfile);
-#ifndef OPENSSL_SYS_VMS
- strlcat(buf[0],".new",sizeof(buf[0]));
-#else
- strcat(buf[0],"-new");
-#endif
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- j=TXT_DB_write(out,db);
- if (j <= 0) goto err;
- BIO_free_all(out);
- out = NULL;
- BIO_free_all(in);
- in = NULL;
- strncpy(buf[1],dbfile,BSIZE-4);
- buf[1][BSIZE-4]='\0';
-#ifndef OPENSSL_SYS_VMS
- strlcat(buf[1],".old",sizeof(buf[1]));
-#else
- strcat(buf[1],"-old");
-#endif
- if (rename(dbfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
- perror("reason");
- goto err;
- }
- if (rename(buf[0],dbfile) < 0)
- {
- BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
- perror("reason");
- rename(buf[1],dbfile);
- goto err;
- }
BIO_printf(bio_err,"Data Base Updated\n");
}
}
@@ -1659,7 +1503,7 @@ err:
if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
- TXT_DB_free(db);
+ free_index(db);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
@@ -1674,106 +1518,8 @@ static void lookup_fail(char *name, char *tag)
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
-static unsigned long index_serial_hash(const char **a)
- {
- const char *n;
-
- n=a[DB_serial];
- while (*n == '0') n++;
- return(lh_strhash(n));
- }
-
-static int index_serial_cmp(const char **a, const char **b)
- {
- const char *aa,*bb;
-
- for (aa=a[DB_serial]; *aa == '0'; aa++);
- for (bb=b[DB_serial]; *bb == '0'; bb++);
- return(strcmp(aa,bb));
- }
-
-static unsigned long index_name_hash(const char **a)
- { return(lh_strhash(a[DB_name])); }
-
-static int index_name_qual(char **a)
- { return(a[0][0] == 'V'); }
-
-static int index_name_cmp(const char **a, const char **b)
- { return(strcmp(a[DB_name],
- b[DB_name])); }
-
-static BIGNUM *load_serial(char *serialfile)
- {
- BIO *in=NULL;
- BIGNUM *ret=NULL;
- MS_STATIC char buf[1024];
- ASN1_INTEGER *ai=NULL;
-
- if ((in=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (BIO_read_filename(in,serialfile) <= 0)
- {
- perror(serialfile);
- goto err;
- }
- ai=ASN1_INTEGER_new();
- if (ai == NULL) goto err;
- if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
- {
- BIO_printf(bio_err,"unable to load number from %s\n",
- serialfile);
- goto err;
- }
- ret=ASN1_INTEGER_to_BN(ai,NULL);
- if (ret == NULL)
- {
- BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
- goto err;
- }
-err:
- if (in != NULL) BIO_free(in);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
-static int save_serial(char *serialfile, BIGNUM *serial)
- {
- BIO *out;
- int ret=0;
- ASN1_INTEGER *ai=NULL;
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_write_filename(out,serialfile) <= 0)
- {
- perror(serialfile);
- goto err;
- }
-
- if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
- goto err;
- }
- i2a_ASN1_INTEGER(out,ai);
- BIO_puts(out,"\n");
- ret=1;
-err:
- if (out != NULL) BIO_free_all(out);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1835,7 +1581,7 @@ err:
}
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1889,7 +1635,7 @@ err:
}
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1907,7 +1653,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
int ok= -1,i,j,last,nid;
char *p;
CONF_VALUE *cv;
- char *row[DB_NUMBER],**rrow,**irow=NULL;
+ char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
char buf[25];
tmptm=ASN1_UTCTIME_new();
@@ -2144,15 +1890,19 @@ again2:
goto err;
}
- rrow=TXT_DB_get_by_index(db,DB_name,row);
- if (rrow != NULL)
+ if (db->attributes.unique_subject)
{
- BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
- row[DB_name]);
+ rrow=TXT_DB_get_by_index(db->db,DB_name,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
}
- else
+ if (rrow == NULL)
{
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow != NULL)
{
BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
@@ -2359,7 +2109,7 @@ again2:
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
- strlcpy(row[DB_file],"unknown",8);
+ BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
@@ -2376,10 +2126,10 @@ again2:
}
irow[DB_NUMBER]=NULL;
- if (!TXT_DB_insert(db,irow))
+ if (!TXT_DB_insert(db->db,irow))
{
BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
goto err;
}
ok=1;
@@ -2430,7 +2180,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
}
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
@@ -2609,7 +2359,7 @@ static int check_time_format(char *str)
return(ASN1_UTCTIME_check(&tm));
}
-static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
+static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
{
ASN1_UTCTIME *tm=NULL;
char *row[DB_NUMBER],**rrow,**irow;
@@ -2634,10 +2384,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
/* We have to lookup by serial number because name lookup
* skips revoked certs
*/
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow == NULL)
{
- BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
+ BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
/* We now just add it to the database */
row[DB_type]=(char *)OPENSSL_malloc(2);
@@ -2660,7 +2410,7 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
- strlcpy(row[DB_file],"unknown",8);
+ BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
@@ -2677,10 +2427,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
}
irow[DB_NUMBER]=NULL;
- if (!TXT_DB_insert(db,irow))
+ if (!TXT_DB_insert(db->db,irow))
{
BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
goto err;
}
@@ -2725,7 +2475,7 @@ err:
return(ok);
}
-static int get_certificate_status(const char *serial, TXT_DB *db)
+static int get_certificate_status(const char *serial, CA_DB *db)
{
char *row[DB_NUMBER],**rrow;
int ok=-1,i;
@@ -2766,7 +2516,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db)
ok=1;
/* Search for the certificate */
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow == NULL)
{
BIO_printf(bio_err,"Serial %s not present in db.\n",
@@ -2813,7 +2563,7 @@ err:
return(ok);
}
-static int do_updatedb (TXT_DB *db)
+static int do_updatedb (CA_DB *db)
{
ASN1_UTCTIME *a_tm = NULL;
int i, cnt = 0;
@@ -2839,9 +2589,9 @@ static int do_updatedb (TXT_DB *db)
else
a_y2k = 0;
- for (i = 0; i < sk_num(db->data); i++)
+ for (i = 0; i < sk_num(db->db->data); i++)
{
- rrow = (char **) sk_value(db->data, i);
+ rrow = (char **) sk_value(db->db->data, i);
if (rrow[DB_type][0] == 'V')
{
@@ -2984,16 +2734,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
if (!str) return NULL;
- strlcpy(str, (char *)revtm->data, i);
+ BUF_strlcpy(str, (char *)revtm->data, i);
if (reason)
{
- strlcat(str, ",", i);
- strlcat(str, reason, i);
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, reason, i);
}
if (other)
{
- strlcat(str, ",", i);
- strlcat(str, other, i);
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, other, i);
}
ASN1_UTCTIME_free(revtm);
return str;
@@ -3328,17 +3078,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
return ret;
}
-
-int make_serial_index(TXT_DB *db)
- {
- if (!TXT_DB_create_index(db, DB_serial, NULL,
- LHASH_HASH_FN(index_serial_hash),
- LHASH_COMP_FN(index_serial_cmp)))
- {
- BIO_printf(bio_err,
- "error creating serial number index:(%ld,%ld,%ld)\n",
- db->error,db->arg1,db->arg2);
- return 0;
- }
- return 1;
- }
diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c
index 71298b75243..be25dafef70 100644
--- a/lib/libssl/src/apps/dgst.c
+++ b/lib/libssl/src/apps/dgst.c
@@ -349,7 +349,7 @@ int MAIN(int argc, char **argv)
{
size_t len = strlen(name)+strlen(argv[i])+5;
tmp=tofree=OPENSSL_malloc(len);
- snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
+ BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
}
else
tmp="";
diff --git a/lib/libssl/src/apps/enc.c b/lib/libssl/src/apps/enc.c
index 9299ab3e131..30378a9542e 100644
--- a/lib/libssl/src/apps/enc.c
+++ b/lib/libssl/src/apps/enc.c
@@ -373,9 +373,9 @@ bad:
{
char buf[200];
- snprintf(buf,sizeof buf,"enter %s %s password:",
- OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
- (enc)?"encryption":"decryption");
+ BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
+ OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+ (enc)?"encryption":"decryption");
strbuf[0]='\0';
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
if (i == 0)
diff --git a/lib/libssl/src/apps/engine.c b/lib/libssl/src/apps/engine.c
index 0e7082abb9e..12283d0aed6 100644
--- a/lib/libssl/src/apps/engine.c
+++ b/lib/libssl/src/apps/engine.c
@@ -122,8 +122,8 @@ static int append_buf(char **buf, const char *s, int *size, int step)
return 0;
if (**buf != '\0')
- strlcat(*buf, ", ", *size);
- strlcat(*buf, s, *size);
+ BUF_strlcat(*buf, ", ", *size);
+ BUF_strlcat(*buf, s, *size);
return 1;
}
diff --git a/lib/libssl/src/apps/ocsp.c b/lib/libssl/src/apps/ocsp.c
index e5f186fd5ea..856b797b532 100644
--- a/lib/libssl/src/apps/ocsp.c
+++ b/lib/libssl/src/apps/ocsp.c
@@ -68,19 +68,6 @@
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
-/* CA index.txt definitions */
-#define DB_type 0
-#define DB_exp_date 1
-#define DB_rev_date 2
-#define DB_serial 3 /* index - unique */
-#define DB_file 4
-#define DB_name 5 /* index - unique for active */
-#define DB_NUMBER 6
-
-#define DB_TYPE_REV 'R'
-#define DB_TYPE_EXP 'E'
-#define DB_TYPE_VAL 'V'
-
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
STACK_OF(OCSP_CERTID) *ids);
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
@@ -89,12 +76,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
STACK *names, STACK_OF(OCSP_CERTID) *ids,
long nsec, long maxage);
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays);
-static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
@@ -143,7 +130,7 @@ int MAIN(int argc, char **argv)
X509 *rca_cert = NULL;
char *ridx_filename = NULL;
char *rca_filename = NULL;
- TXT_DB *rdb = NULL;
+ CA_DB *rdb = NULL;
int nmin = 0, ndays = -1;
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -700,22 +687,9 @@ int MAIN(int argc, char **argv)
if (ridx_filename && !rdb)
{
- BIO *db_bio = NULL;
- db_bio = BIO_new_file(ridx_filename, "r");
- if (!db_bio)
- {
- BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
- goto end;
- }
- rdb = TXT_DB_read(db_bio, DB_NUMBER);
- BIO_free(db_bio);
- if (!rdb)
- {
- BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
- goto end;
- }
- if (!make_serial_index(rdb))
- goto end;
+ rdb = load_index(ridx_filename, NULL);
+ if (!rdb) goto end;
+ if (!index_index(rdb)) goto end;
}
if (rdb)
@@ -899,7 +873,7 @@ end:
X509_free(cert);
X509_free(rsigner);
X509_free(rca_cert);
- TXT_DB_free(rdb);
+ free_index(rdb);
BIO_free_all(cbio);
BIO_free_all(acbio);
BIO_free(out);
@@ -1041,7 +1015,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
}
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays)
@@ -1133,7 +1107,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *d
}
-static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
{
int i;
BIGNUM *bn = NULL;
@@ -1146,7 +1120,7 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
itmp = BN_bn2hex(bn);
row[DB_serial] = itmp;
BN_free(bn);
- rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
OPENSSL_free(itmp);
return rrow;
}
diff --git a/lib/libssl/src/apps/openssl.cnf b/lib/libssl/src/apps/openssl.cnf
index eca51c33228..854d1f164eb 100644
--- a/lib/libssl/src/apps/openssl.cnf
+++ b/lib/libssl/src/apps/openssl.cnf
@@ -38,10 +38,14 @@ dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
+#crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
@@ -58,6 +62,7 @@ cert_opt = ca_default # Certificate field options
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c
index bb446d6b655..71192bdf749 100644
--- a/lib/libssl/src/apps/pkcs12.c
+++ b/lib/libssl/src/apps/pkcs12.c
@@ -557,7 +557,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
- if (!twopass) strlcpy(macpass, pass, sizeof macpass);
+ if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
/* Turn certbags into encrypted authsafe */
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
iter, bags);
@@ -658,7 +658,7 @@ int MAIN(int argc, char **argv)
CRYPTO_pop_info();
#endif
- if (!twopass) strlcpy(macpass, pass, sizeof macpass);
+ if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
if(macver) {
diff --git a/lib/libssl/src/apps/pkcs7.c b/lib/libssl/src/apps/pkcs7.c
index 6c58c67eb27..da4dbe7a07c 100644
--- a/lib/libssl/src/apps/pkcs7.c
+++ b/lib/libssl/src/apps/pkcs7.c
@@ -102,6 +102,9 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ if (!load_config(bio_err, NULL))
+ goto end;
+
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
diff --git a/lib/libssl/src/apps/req.c b/lib/libssl/src/apps/req.c
index c6464e9401e..1a3d1d0dfab 100644
--- a/lib/libssl/src/apps/req.c
+++ b/lib/libssl/src/apps/req.c
@@ -824,7 +824,7 @@ loop:
if ((x509ss=X509_new()) == NULL) goto end;
/* Set version to V3 */
- if(!X509_set_version(x509ss, 2)) goto end;
+ if(extensions && !X509_set_version(x509ss, 2)) goto end;
if (serial)
{
if (!X509_set_serialNumber(x509ss, serial)) goto end;
@@ -1223,7 +1223,7 @@ start: for (;;)
}
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
- if (snprintf(buf,sizeof buf,"%s_default",v->name)
+ if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
>= sizeof buf)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
@@ -1236,21 +1236,21 @@ start: for (;;)
def="";
}
- snprintf(buf,sizeof buf,"%s_value",v->name);
+ BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
value=NULL;
}
- snprintf(buf,sizeof buf,"%s_min",v->name);
+ BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
{
ERR_clear_error();
n_min = -1;
}
- snprintf(buf,sizeof buf,"%s_max",v->name);
+ BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
{
ERR_clear_error();
@@ -1288,7 +1288,7 @@ start2: for (;;)
if ((nid=OBJ_txt2nid(type)) == NID_undef)
goto start2;
- if (snprintf(buf,sizeof buf,"%s_default",type)
+ if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
>= sizeof buf)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
@@ -1303,7 +1303,7 @@ start2: for (;;)
}
- snprintf(buf,sizeof buf,"%s_value",type);
+ BIO_snprintf(buf,sizeof buf,"%s_value",type);
if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
@@ -1311,11 +1311,11 @@ start2: for (;;)
value=NULL;
}
- snprintf(buf,sizeof buf,"%s_min",type);
+ BIO_snprintf(buf,sizeof buf,"%s_min",type);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
n_min = -1;
- snprintf(buf,sizeof buf,"%s_max",type);
+ BIO_snprintf(buf,sizeof buf,"%s_max",type);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
n_max = -1;
@@ -1397,8 +1397,8 @@ start:
(void)BIO_flush(bio_err);
if(value != NULL)
{
- strlcpy(buf,value,sizeof buf);
- strlcat(buf,"\n",sizeof buf);
+ BUF_strlcpy(buf,value,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
BIO_printf(bio_err,"%s\n",value);
}
else
@@ -1420,8 +1420,8 @@ start:
{
if ((def == NULL) || (def[0] == '\0'))
return(1);
- strlcpy(buf,def,sizeof buf);
- strlcat(buf,"\n",sizeof buf);
+ BUF_strlcpy(buf,def,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
}
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
@@ -1455,8 +1455,8 @@ start:
(void)BIO_flush(bio_err);
if (value != NULL)
{
- strlcpy(buf,value,sizeof buf);
- strlcat(buf,"\n",sizeof buf);
+ BUF_strlcpy(buf,value,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
BIO_printf(bio_err,"%s\n",value);
}
else
@@ -1478,8 +1478,8 @@ start:
{
if ((def == NULL) || (def[0] == '\0'))
return(1);
- strlcpy(buf,def,sizeof buf);
- strlcat(buf,"\n",sizeof buf);
+ BUF_strlcpy(buf,def,sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
}
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
diff --git a/lib/libssl/src/apps/rsautl.c b/lib/libssl/src/apps/rsautl.c
index 5a6fd115f41..5db6fe7cd74 100644
--- a/lib/libssl/src/apps/rsautl.c
+++ b/lib/libssl/src/apps/rsautl.c
@@ -97,6 +97,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
+ char *passargin = NULL, *passin = NULL;
int rsa_inlen, rsa_outlen = 0;
int keysize;
@@ -124,6 +125,9 @@ int MAIN(int argc, char **argv)
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1;
keyfile = *(++argv);
+ } else if (!strcmp(*argv,"-passin")) {
+ if (--argc < 1) badarg = 1;
+ passargin= *(++argv);
} else if (strcmp(*argv,"-keyform") == 0) {
if (--argc < 1) badarg = 1;
keyform=str2fmt(*(++argv));
@@ -169,6 +173,10 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
@@ -176,7 +184,7 @@ int MAIN(int argc, char **argv)
switch(key_type) {
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
- NULL, e, "Private Key");
+ passin, e, "Private Key");
break;
case KEY_PUBKEY:
@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if(rsa_in) OPENSSL_free(rsa_in);
if(rsa_out) OPENSSL_free(rsa_out);
+ if(passin) OPENSSL_free(passin);
return ret;
}
@@ -313,6 +322,7 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf (bio_err, "-passin arg pass phrase source\n");
#endif
}
diff --git a/lib/libssl/src/apps/s_socket.c b/lib/libssl/src/apps/s_socket.c
index 3b36d2dff80..9f92bcb3aeb 100644
--- a/lib/libssl/src/apps/s_socket.c
+++ b/lib/libssl/src/apps/s_socket.c
@@ -378,7 +378,7 @@ redoit:
perror("OPENSSL_malloc");
return(0);
}
- strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+ BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
h2=GetHostByName(*host);
if (h2 == NULL)
diff --git a/lib/libssl/src/apps/s_time.c b/lib/libssl/src/apps/s_time.c
index 8a699de0ea1..7d470574657 100644
--- a/lib/libssl/src/apps/s_time.c
+++ b/lib/libssl/src/apps/s_time.c
@@ -502,7 +502,7 @@ int MAIN(int argc, char **argv)
if (s_www_path != NULL)
{
- snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
@@ -557,7 +557,7 @@ next:
if (s_www_path != NULL)
{
- snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while (SSL_read(scon,buf,sizeof(buf)) > 0)
;
@@ -595,7 +595,7 @@ next:
if (s_www_path)
{
- snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c
index ec55b4188cb..24122000092 100644
--- a/lib/libssl/src/apps/speed.c
+++ b/lib/libssl/src/apps/speed.c
@@ -773,6 +773,7 @@ int MAIN(int argc, char **argv)
{
dsa_doit[R_DSA_512]=1;
dsa_doit[R_DSA_1024]=1;
+ dsa_doit[R_DSA_2048]=1;
}
else
#endif
@@ -1006,6 +1007,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_RC5][0]=count;
c[D_CBC_BF][0]=count;
c[D_CBC_CAST][0]=count;
+ c[D_CBC_128_AES][0]=count;
+ c[D_CBC_192_AES][0]=count;
+ c[D_CBC_256_AES][0]=count;
for (i=1; i<SIZE_NUM; i++)
{
@@ -1031,6 +1035,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
+ c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
+ c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
+ c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
}
#ifndef OPENSSL_NO_RSA
rsa_c[R_RSA_512][0]=count/2000;
diff --git a/lib/libssl/src/apps/x509.c b/lib/libssl/src/apps/x509.c
index 64e233e4441..9b95f7bd3fe 100644
--- a/lib/libssl/src/apps/x509.c
+++ b/lib/libssl/src/apps/x509.c
@@ -1022,12 +1022,10 @@ end:
OPENSSL_EXIT(ret);
}
-static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
+static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
{
char *buf = NULL, *p;
- MS_STATIC char buf2[1024];
- ASN1_INTEGER *bs = NULL, *bs2 = NULL;
- BIO *io = NULL;
+ ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
size_t len;
@@ -1038,17 +1036,17 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
if (serialfile == NULL)
{
- strlcpy(buf,CAfile,len);
+ BUF_strlcpy(buf,CAfile,len);
for (p=buf; *p; p++)
if (*p == '.')
{
*p='\0';
break;
}
- strlcat(buf,POSTFIX,len);
+ BUF_strlcat(buf,POSTFIX,len);
}
else
- strlcpy(buf,serialfile,len);
+ BUF_strlcpy(buf,serialfile,len);
serial=BN_new();
bs=ASN1_INTEGER_new();
if ((serial == NULL) || (bs == NULL))
@@ -1057,72 +1055,18 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
goto end;
}
- io=BIO_new(BIO_s_file());
- if (io == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (BIO_read_filename(io,buf) <= 0)
- {
- if (!create)
- {
- perror(buf);
- goto end;
- }
- else
- {
- ASN1_INTEGER_set(bs,1);
- BN_one(serial);
- }
- }
- else
- {
- if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
- {
- BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
- ERR_print_errors(bio_err);
- goto end;
- }
- else
- {
- serial=BN_bin2bn(bs->data,bs->length,serial);
- if (serial == NULL)
- {
- BIO_printf(bio_err,"error converting bin 2 bn");
- goto end;
- }
- }
- }
+ serial = load_serial(buf, create, NULL);
+ if (serial == NULL) goto end;
if (!BN_add_word(serial,1))
{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
- if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
- { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
- if (BIO_write_filename(io,buf) <= 0)
- {
- BIO_printf(bio_err,"error attempting to write serial number file\n");
- perror(buf);
- goto end;
- }
- i2a_ASN1_INTEGER(io,bs2);
- BIO_puts(io,"\n");
- BIO_free(io);
- if (buf) OPENSSL_free(buf);
- ASN1_INTEGER_free(bs2);
- BN_free(serial);
- io=NULL;
- return bs;
+ if (!save_serial(buf, NULL, serial, &bs)) goto end;
- end:
+ end:
if (buf) OPENSSL_free(buf);
- BIO_free(io);
- ASN1_INTEGER_free(bs);
BN_free(serial);
- return NULL;
-
+ return bs;
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
@@ -1144,7 +1088,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
goto end;
}
if (sno) bs = sno;
- else if (!(bs = load_serial(CAfile, serialfile, create)))
+ else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
goto end;
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
diff --git a/lib/libssl/src/certs/vsign3.pem b/lib/libssl/src/certs/vsign3.pem
index aa5bb4c1f32..4b8c0251cb7 100644
--- a/lib/libssl/src/certs/vsign3.pem
+++ b/lib/libssl/src/certs/vsign3.pem
@@ -1,18 +1,17 @@
subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2004 GMT
+notAfter=Aug 1 23:59:59 2028 GMT
-----BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
-----END CERTIFICATE-----
diff --git a/lib/libssl/src/config b/lib/libssl/src/config
index b3bd96bbfcb..25a3703c1fe 100644
--- a/lib/libssl/src/config
+++ b/lib/libssl/src/config
@@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "$HPUXVER" in
1[0-9].*) # HPUX 10 and 11 targets are unified
- echo "${MACHINE}-hp-hpux10"; exit 0
+ echo "${MACHINE}-hp-hpux1x"; exit 0
;;
*)
echo "${MACHINE}-hp-hpux"; exit 0
@@ -410,9 +410,10 @@ if [ "$SYSTEM" = "HP-UX" ];then
GCC_BITS="32"
if [ $GCCVER -ge 30 ]; then
# PA64 support only came in with gcc 3.0.x.
- # We look for the preprocessor symbol __LP64__ indicating
- # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64.
- if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
+ # We check if the preprocessor symbol __LP64__ is defined...
+ if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
+ : # __LP64__ has slipped through, it therefore is not defined
+ else
GCC_BITS="64"
fi
fi
@@ -685,7 +686,7 @@ EOF
if [ $CC = "gcc" ];
then
if [ $GCC_BITS = "64" ]; then
- OUT="hpux64-parisc-gcc"
+ OUT="hpux64-parisc2-gcc"
else
OUT="hpux-parisc-gcc"
fi
@@ -700,7 +701,7 @@ EOF
if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
echo " If you wish to build 32-bit library, the you have to"
- echo " invoke './Configure hpux-ia32-cc' *manually*."
+ echo " invoke './Configure hpux-ia64-cc' *manually*."
if [ "$TEST" = "false" ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
diff --git a/lib/libssl/src/crypto/Makefile.ssl b/lib/libssl/src/crypto/Makefile.ssl
index 3071e3cb864..b9951a46005 100644
--- a/lib/libssl/src/crypto/Makefile.ssl
+++ b/lib/libssl/src/crypto/Makefile.ssl
@@ -50,7 +50,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top:
@(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: buildinf.h lib subdirs shared
+all: shared
buildinf.h: ../Makefile.ssl
( echo "#ifndef MK1MF_BUILD"; \
@@ -96,7 +96,7 @@ lib: $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
-shared:
+shared: buildinf.h lib subdirs
if [ -n "$(SHARED_LIBS)" ]; then \
(cd ..; $(MAKE) $(SHARED_LIB)); \
fi
diff --git a/lib/libssl/src/crypto/aes/aes_cbc.c b/lib/libssl/src/crypto/aes/aes_cbc.c
index 86b27b10d61..1222a21002c 100644
--- a/lib/libssl/src/crypto/aes/aes_cbc.c
+++ b/lib/libssl/src/crypto/aes/aes_cbc.c
@@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, tmp, key);
for(n=0; n < len; ++n)
- out[n] ^= ivec[n];
+ out[n] = tmp[n] ^ ivec[n];
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
diff --git a/lib/libssl/src/crypto/asn1/a_gentm.c b/lib/libssl/src/crypto/asn1/a_gentm.c
index 48b923de1fc..85810078681 100644
--- a/lib/libssl/src/crypto/asn1/a_gentm.c
+++ b/lib/libssl/src/crypto/asn1/a_gentm.c
@@ -220,7 +220,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
return(NULL);
p=(char *)s->data;
- if ((p == NULL) || (s->length < len))
+ if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
@@ -229,8 +229,8 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
s->data=(unsigned char *)p;
}
- snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+ BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+ ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
s->length=strlen(p);
s->type=V_ASN1_GENERALIZEDTIME;
#ifdef CHARSET_EBCDIC_not
diff --git a/lib/libssl/src/crypto/asn1/a_mbstr.c b/lib/libssl/src/crypto/asn1/a_mbstr.c
index c811b11776d..208b3ec395f 100644
--- a/lib/libssl/src/crypto/asn1/a_mbstr.c
+++ b/lib/libssl/src/crypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
- snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
- snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}
diff --git a/lib/libssl/src/crypto/asn1/a_strex.c b/lib/libssl/src/crypto/asn1/a_strex.c
index 8abfdfe5980..bde666a6ff1 100644
--- a/lib/libssl/src/crypto/asn1/a_strex.c
+++ b/lib/libssl/src/crypto/asn1/a_strex.c
@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
-1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */
-1, 1, 1, /* 18-20 */
- -1, 1, -1,-1, /* 21-24 */
+ -1, 1, 1, 1, /* 21-24 */
-1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */
};
diff --git a/lib/libssl/src/crypto/asn1/a_time.c b/lib/libssl/src/crypto/asn1/a_time.c
index b8c031fc8f1..159681fbcb0 100644
--- a/lib/libssl/src/crypto/asn1/a_time.c
+++ b/lib/libssl/src/crypto/asn1/a_time.c
@@ -155,10 +155,10 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
newlen = t->length + 2 + 1;
str = (char *)ret->data;
/* Work out the century and prepend */
- if (t->data[0] >= '5') strlcpy(str, "19", newlen);
- else strlcpy(str, "20", newlen);
+ if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
+ else BUF_strlcpy(str, "20", newlen);
- strlcat(str, (char *)t->data, newlen);
+ BUF_strlcat(str, (char *)t->data, newlen);
return ret;
}
diff --git a/lib/libssl/src/crypto/asn1/a_utctm.c b/lib/libssl/src/crypto/asn1/a_utctm.c
index 41f6d421bb2..999852dae52 100644
--- a/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -200,7 +200,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
return(NULL);
p=(char *)s->data;
- if ((p == NULL) || (s->length < len))
+ if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
@@ -209,8 +209,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
s->data=(unsigned char *)p;
}
- snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+ BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+ ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
s->length=strlen(p);
s->type=V_ASN1_UTCTIME;
#ifdef CHARSET_EBCDIC_not
diff --git a/lib/libssl/src/crypto/asn1/asn1_lib.c b/lib/libssl/src/crypto/asn1/asn1_lib.c
index aed28954006..a74f1368d34 100644
--- a/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
{
char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
- snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
- snprintf(buf2,sizeof buf2,"%d",offset);
+ BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
+ BIO_snprintf(buf2,sizeof buf2,"%d",offset);
ERR_add_error_data(4,"address=",buf1," offset=",buf2);
}
diff --git a/lib/libssl/src/crypto/asn1/asn1_par.c b/lib/libssl/src/crypto/asn1/asn1_par.c
index 17996571417..676d434f034 100644
--- a/lib/libssl/src/crypto/asn1/asn1_par.c
+++ b/lib/libssl/src/crypto/asn1/asn1_par.c
@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p=str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
- snprintf(str,sizeof str,"priv [ %d ] ",tag);
+ BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
- snprintf(str,sizeof str,"cont [ %d ]",tag);
+ BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
- snprintf(str,sizeof str,"appl [ %d ]",tag);
+ BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
else p = ASN1_tag2str(tag);
if (p2 != NULL)
diff --git a/lib/libssl/src/crypto/asn1/asn_moid.c b/lib/libssl/src/crypto/asn1/asn_moid.c
index be20db4bad7..edb44c988f0 100644
--- a/lib/libssl/src/crypto/asn1/asn_moid.c
+++ b/lib/libssl/src/crypto/asn1/asn_moid.c
@@ -87,9 +87,14 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
}
}
return 1;
-}
+ }
+
+static void oid_module_finish(CONF_IMODULE *md)
+ {
+ OBJ_cleanup();
+ }
void ASN1_add_oid_module(void)
{
- CONF_module_add("oid_section", oid_module_init, 0);
+ CONF_module_add("oid_section", oid_module_init, oid_module_finish);
}
diff --git a/lib/libssl/src/crypto/asn1/t_pkey.c b/lib/libssl/src/crypto/asn1/t_pkey.c
index e1c5e5ae138..d15006e6546 100644
--- a/lib/libssl/src/crypto/asn1/t_pkey.c
+++ b/lib/libssl/src/crypto/asn1/t_pkey.c
@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
}
if (x->d == NULL)
- snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
+ BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
else
- strlcpy(str,"modulus:",sizeof str);
+ BUF_strlcpy(str,"modulus:",sizeof str);
if (!print(bp,str,x->n,m,off)) goto err;
s=(x->d == NULL)?"Exponent:":"publicExponent:";
if (!print(bp,s,x->e,m,off)) goto err;
diff --git a/lib/libssl/src/crypto/bf/Makefile.ssl b/lib/libssl/src/crypto/bf/Makefile.ssl
index 7dfdf9d871e..be3ad77a056 100644
--- a/lib/libssl/src/crypto/bf/Makefile.ssl
+++ b/lib/libssl/src/crypto/bf/Makefile.ssl
@@ -22,6 +22,7 @@ BF_ENC= bf_enc.o
#DES_ENC= bx86-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=bftest.c
diff --git a/lib/libssl/src/crypto/bio/b_dump.c b/lib/libssl/src/crypto/bio/b_dump.c
index 983604fb494..f671e722fa3 100644
--- a/lib/libssl/src/crypto/bio/b_dump.c
+++ b/lib/libssl/src/crypto/bio/b_dump.c
@@ -104,41 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
for(i=0;i<rows;i++)
{
buf[0]='\0'; /* start with empty string */
- strlcpy(buf,str,sizeof buf);
- snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
- strlcat(buf,tmp,sizeof buf);
+ BUF_strlcpy(buf,str,sizeof buf);
+ BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
+ BUF_strlcat(buf,tmp,sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
{
- strlcat(buf," ",sizeof buf);
+ BUF_strlcat(buf," ",sizeof buf);
}
else
{
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
- snprintf(tmp,sizeof tmp,"%02x%c",ch,
+ BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
j==7?'-':' ');
- strlcat(buf,tmp,sizeof buf);
+ BUF_strlcat(buf,tmp,sizeof buf);
}
}
- strlcat(buf," ",sizeof buf);
+ BUF_strlcat(buf," ",sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
break;
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
#ifndef CHARSET_EBCDIC
- snprintf(tmp,sizeof tmp,"%c",
+ BIO_snprintf(tmp,sizeof tmp,"%c",
((ch>=' ')&&(ch<='~'))?ch:'.');
#else
- snprintf(tmp,sizeof tmp,"%c",
+ BIO_snprintf(tmp,sizeof tmp,"%c",
((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
? os_toebcdic[ch]
: '.');
#endif
- strlcat(buf,tmp,sizeof buf);
+ BUF_strlcat(buf,tmp,sizeof buf);
}
- strlcat(buf,"\n",sizeof buf);
+ BUF_strlcat(buf,"\n",sizeof buf);
/* if this is the last call then update the ddt_dump thing so that
* we will move the selection point in the debug window
*/
@@ -147,7 +147,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
#ifdef TRUNCATE
if (trunc > 0)
{
- snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
+ BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
len+trunc);
ret+=BIO_write(bio,(char *)buf,strlen(buf));
}
diff --git a/lib/libssl/src/crypto/bio/b_print.c b/lib/libssl/src/crypto/bio/b_print.c
index 2cfc689dd6b..fbff3317968 100644
--- a/lib/libssl/src/crypto/bio/b_print.c
+++ b/lib/libssl/src/crypto/bio/b_print.c
@@ -576,12 +576,12 @@ abs_val(LDOUBLE value)
}
static LDOUBLE
-pow10(int exp)
+pow10(int in_exp)
{
LDOUBLE result = 1;
- while (exp) {
+ while (in_exp) {
result *= 10;
- exp--;
+ in_exp--;
}
return result;
}
@@ -652,8 +652,8 @@ fmtfp(
(caps ? "0123456789ABCDEF"
: "0123456789abcdef")[intpart % 10];
intpart = (intpart / 10);
- } while (intpart && (iplace < sizeof iplace));
- if (iplace == sizeof iplace)
+ } while (intpart && (iplace < sizeof iconvert));
+ if (iplace == sizeof iconvert)
iplace--;
iconvert[iplace] = 0;
@@ -664,7 +664,7 @@ fmtfp(
: "0123456789abcdef")[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace < max);
- if (fplace == sizeof fplace)
+ if (fplace == sizeof fconvert)
fplace--;
fconvert[fplace] = 0;
diff --git a/lib/libssl/src/crypto/bio/b_sock.c b/lib/libssl/src/crypto/bio/b_sock.c
index 5282f8a8f76..c851298d1e6 100644
--- a/lib/libssl/src/crypto/bio/b_sock.c
+++ b/lib/libssl/src/crypto/bio/b_sock.c
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
}
*addr=p;
}
- snprintf(*addr,24,"%d.%d.%d.%d:%d",
- (unsigned char)(l>>24L)&0xff,
- (unsigned char)(l>>16L)&0xff,
- (unsigned char)(l>> 8L)&0xff,
- (unsigned char)(l )&0xff,
- port);
+ BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
+ (unsigned char)(l>>24L)&0xff,
+ (unsigned char)(l>>16L)&0xff,
+ (unsigned char)(l>> 8L)&0xff,
+ (unsigned char)(l )&0xff,
+ port);
end:
return(ret);
}
diff --git a/lib/libssl/src/crypto/bio/bio_cb.c b/lib/libssl/src/crypto/bio/bio_cb.c
index ee9159ebd8f..6f4254a1141 100644
--- a/lib/libssl/src/crypto/bio/bio_cb.c
+++ b/lib/libssl/src/crypto/bio/bio_cb.c
@@ -75,56 +75,56 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
if (BIO_CB_RETURN & cmd)
r=ret;
- snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
+ BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
p= &(buf[14]);
p_maxlen = sizeof buf - 14;
switch (cmd)
{
case BIO_CB_FREE:
- snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
+ BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
break;
case BIO_CB_READ:
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
- snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
+ BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
bio->num,argi,bio->method->name,bio->num);
else
- snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
+ BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
bio->num,argi,bio->method->name);
break;
case BIO_CB_WRITE:
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
- snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
+ BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
bio->num,argi,bio->method->name,bio->num);
else
- snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
+ BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
bio->num,argi,bio->method->name);
break;
case BIO_CB_PUTS:
- snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
+ BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
break;
case BIO_CB_GETS:
- snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
+ BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
break;
case BIO_CB_CTRL:
- snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
+ BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
break;
case BIO_CB_RETURN|BIO_CB_READ:
- snprintf(p,p_maxlen,"read return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_WRITE:
- snprintf(p,p_maxlen,"write return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_GETS:
- snprintf(p,p_maxlen,"gets return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_PUTS:
- snprintf(p,p_maxlen,"puts return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_CTRL:
- snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
+ BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
break;
default:
- snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
+ BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
break;
}
diff --git a/lib/libssl/src/crypto/bio/bss_conn.c b/lib/libssl/src/crypto/bio/bss_conn.c
index 8c694140ed4..f5d0e759e23 100644
--- a/lib/libssl/src/crypto/bio/bss_conn.c
+++ b/lib/libssl/src/crypto/bio/bss_conn.c
@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
char buf[16];
unsigned char *p = ptr;
- snprintf(buf,sizeof buf,"%d.%d.%d.%d",
- p[0],p[1],p[2],p[3]);
+ BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
+ p[0],p[1],p[2],p[3]);
if (data->param_hostname != NULL)
OPENSSL_free(data->param_hostname);
data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
{
char buf[DECIMAL_SIZE(int)+1];
- snprintf(buf,sizeof buf,"%d",*(int *)ptr);
+ BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
if (data->param_port != NULL)
OPENSSL_free(data->param_port);
data->param_port=BUF_strdup(buf);
diff --git a/lib/libssl/src/crypto/bio/bss_file.c b/lib/libssl/src/crypto/bio/bss_file.c
index 0ca603ee0a5..9cdf159f82f 100644
--- a/lib/libssl/src/crypto/bio/bss_file.c
+++ b/lib/libssl/src/crypto/bio/bss_file.c
@@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
if (num & BIO_FP_APPEND)
{
if (num & BIO_FP_READ)
- strlcpy(p,"a+",sizeof p);
- else strlcpy(p,"a",sizeof p);
+ BUF_strlcpy(p,"a+",sizeof p);
+ else BUF_strlcpy(p,"a",sizeof p);
}
else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
- strlcpy(p,"r+",sizeof p);
+ BUF_strlcpy(p,"r+",sizeof p);
else if (num & BIO_FP_WRITE)
- strlcpy(p,"w",sizeof p);
+ BUF_strlcpy(p,"w",sizeof p);
else if (num & BIO_FP_READ)
- strlcpy(p,"r",sizeof p);
+ BUF_strlcpy(p,"r",sizeof p);
else
{
BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
diff --git a/lib/libssl/src/crypto/bn/Makefile.ssl b/lib/libssl/src/crypto/bn/Makefile.ssl
index 0c6e796d17a..50892ef44c6 100644
--- a/lib/libssl/src/crypto/bn/Makefile.ssl
+++ b/lib/libssl/src/crypto/bn/Makefile.ssl
@@ -120,6 +120,9 @@ asm/ia64-cpp.o: asm/ia64.S
asm/x86_64-gcc.o: asm/x86_64-gcc.c
+asm/pa-risc2W.o: asm/pa-risc2W.s
+ /usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
+
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
diff --git a/lib/libssl/src/crypto/bn/asm/bn-586.pl b/lib/libssl/src/crypto/bn/asm/bn-586.pl
index 9a78f63be13..c4de4a2beec 100644
--- a/lib/libssl/src/crypto/bn/asm/bn-586.pl
+++ b/lib/libssl/src/crypto/bn/asm/bn-586.pl
@@ -11,7 +11,7 @@ require "x86asm.pl";
&bn_div_words("bn_div_words");
&bn_add_words("bn_add_words");
&bn_sub_words("bn_sub_words");
-&bn_sub_part_words("bn_sub_part_words") unless $main'openbsd;
+#&bn_sub_part_words("bn_sub_part_words");
&asm_finish();
diff --git a/lib/libssl/src/crypto/bn/bn_lcl.h b/lib/libssl/src/crypto/bn/bn_lcl.h
index 5614bc6164c..253e195e238 100644
--- a/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -433,19 +433,18 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
int cl, int dl);
-#if 0
-/* bn_mul.c rollback <appro> */
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- int dna,int dnb,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
- int n,int tna,int tnb,BN_ULONG *t);
-#endif
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
+#ifdef BN_RECURSION
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+ int n, BN_ULONG *t);
void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
BN_ULONG *t);
void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
+#endif
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
#ifdef __cplusplus
}
diff --git a/lib/libssl/src/crypto/bn/bn_lib.c b/lib/libssl/src/crypto/bn/bn_lib.c
index 463463cfcb0..e1660450bc0 100644
--- a/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/lib/libssl/src/crypto/bn/bn_lib.c
@@ -145,11 +145,11 @@ char *BN_options(void)
{
init++;
#ifdef BN_LLONG
- snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
- (int)sizeof(BN_ULONG)*8);
+ BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+ (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
#else
- snprintf(data,sizeof data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
- (int)sizeof(BN_ULONG)*8);
+ BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+ (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
#endif
}
return(data);
diff --git a/lib/libssl/src/crypto/bn/bn_print.c b/lib/libssl/src/crypto/bn/bn_print.c
index ad80dab325a..acba7ed7eef 100644
--- a/lib/libssl/src/crypto/bn/bn_print.c
+++ b/lib/libssl/src/crypto/bn/bn_print.c
@@ -140,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
/* We now have a series of blocks, BN_DEC_NUM chars
* in length, where the last one needs truncation.
* The blocks need to be reversed in order. */
- snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
+ BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
while (*p) p++;
while (lp != bn_data)
{
lp--;
- snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
+ BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
while (*p) p++;
}
}
diff --git a/lib/libssl/src/crypto/cast/Makefile.ssl b/lib/libssl/src/crypto/cast/Makefile.ssl
index 2dc1c855ade..98393a37ba5 100644
--- a/lib/libssl/src/crypto/cast/Makefile.ssl
+++ b/lib/libssl/src/crypto/cast/Makefile.ssl
@@ -25,6 +25,7 @@ CAST_ENC=c_enc.o
#CAST_ENC=asm/cx86bdsi.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=casttest.c
diff --git a/lib/libssl/src/crypto/conf/conf_def.c b/lib/libssl/src/crypto/conf/conf_def.c
index b52ee01a3c8..2e9f52f1fd5 100644
--- a/lib/libssl/src/crypto/conf/conf_def.c
+++ b/lib/libssl/src/crypto/conf/conf_def.c
@@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
- strlcpy(section,"default",10);
+ BUF_strlcpy(section,"default",10);
if (_CONF_new_data(conf) == 0)
{
@@ -392,7 +392,7 @@ again:
ERR_R_MALLOC_FAILURE);
goto err;
}
- strlcpy(v->name,pname,strlen(pname)+1);
+ BUF_strlcpy(v->name,pname,strlen(pname)+1);
if (!str_copy(conf,psection,&(v->value),start)) goto err;
if (strcmp(psection,section) != 0)
@@ -447,7 +447,7 @@ err:
if (buff != NULL) BUF_MEM_free(buff);
if (section != NULL) OPENSSL_free(section);
if (line != NULL) *line=eline;
- snprintf(btmp,sizeof btmp,"%ld",eline);
+ BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
ERR_add_error_data(2,"line ",btmp);
if ((h != conf->data) && (conf->data != NULL))
{
diff --git a/lib/libssl/src/crypto/conf/conf_mod.c b/lib/libssl/src/crypto/conf/conf_mod.c
index 5a747e8c846..d45adea8513 100644
--- a/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/lib/libssl/src/crypto/conf/conf_mod.c
@@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
{
char rcode[DECIMAL_SIZE(ret)+1];
CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
- snprintf(rcode, sizeof rcode, "%-8d", ret);
+ BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
}
}
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
if (!file)
return NULL;
- strlcpy(file,X509_get_default_cert_area(),len + 1);
+ BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
#ifndef OPENSSL_SYS_VMS
- strlcat(file,"/",len + 1);
+ BUF_strlcat(file,"/",len + 1);
#endif
- strlcat(file,OPENSSL_CONF,len + 1);
+ BUF_strlcat(file,OPENSSL_CONF,len + 1);
return file;
}
@@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
* be used to parse comma separated lists for example.
*/
-int CONF_parse_list(const char *list, int sep, int nospc,
+int CONF_parse_list(const char *list_, int sep, int nospc,
int (*list_cb)(const char *elem, int len, void *usr), void *arg)
{
int ret;
const char *lstart, *tmpend, *p;
- lstart = list;
+ lstart = list_;
for(;;)
{
diff --git a/lib/libssl/src/crypto/cversion.c b/lib/libssl/src/crypto/cversion.c
index 56471fa74c6..beeeb14013e 100644
--- a/lib/libssl/src/crypto/cversion.c
+++ b/lib/libssl/src/crypto/cversion.c
@@ -74,7 +74,7 @@ const char *SSLeay_version(int t)
#ifdef DATE
static char buf[sizeof(DATE)+11];
- snprintf(buf,sizeof buf,"built on: %s",DATE);
+ BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
return(buf);
#else
return("built on: date not available");
@@ -85,7 +85,7 @@ const char *SSLeay_version(int t)
#ifdef CFLAGS
static char buf[sizeof(CFLAGS)+11];
- snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
+ BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
return(buf);
#else
return("compiler: information not available");
@@ -96,7 +96,7 @@ const char *SSLeay_version(int t)
#ifdef PLATFORM
static char buf[sizeof(PLATFORM)+11];
- snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
+ BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
return(buf);
#else
return("platform: information not available");
diff --git a/lib/libssl/src/crypto/des/Makefile.ssl b/lib/libssl/src/crypto/des/Makefile.ssl
index 45eba0b3c98..0d9ba2b42f2 100644
--- a/lib/libssl/src/crypto/des/Makefile.ssl
+++ b/lib/libssl/src/crypto/des/Makefile.ssl
@@ -22,6 +22,7 @@ DES_ENC= des_enc.o fcrypt_b.o
#DES_ENC= dx86-elf.o yx86-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=destest.c
@@ -157,12 +158,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
cfb64enc.o: cfb64enc.c des_locl.h
-cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb_enc.o: cfb_enc.c des_locl.h
des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -191,13 +193,13 @@ ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
ecb3_enc.o: des_locl.h ecb3_enc.c
-ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
-ecb_enc.o: spr.h
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h
ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
diff --git a/lib/libssl/src/crypto/des/cfb_enc.c b/lib/libssl/src/crypto/des/cfb_enc.c
index 2600bdfc93a..03cabb223cd 100644
--- a/lib/libssl/src/crypto/des/cfb_enc.c
+++ b/lib/libssl/src/crypto/des/cfb_enc.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include "e_os.h"
#include "des_locl.h"
/* The input and output are loaded in multiples of 8 bits.
@@ -64,17 +65,15 @@
* the second. The second 12 bits will come from the 3rd and half the 4th
* byte.
*/
-/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
- * length */
/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
* will not be compatible with any encryption prior to that date. Ben. */
void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
long length, DES_key_schedule *schedule, DES_cblock *ivec,
int enc)
{
- register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
- register unsigned long l=length;
- register int num=numbits;
+ register DES_LONG d0,d1,v0,v1;
+ register unsigned long l=length,n=(numbits+7)/8;
+ register int num=numbits,i;
DES_LONG ti[2];
unsigned char *iv;
unsigned char ovec[16];
@@ -114,10 +113,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
- for(n=0 ; n < 8 ; ++n)
+ for(i=0 ; i < 8 ; ++i)
{
- ovec[n]<<=num%8;
- ovec[n]|=ovec[n+1]>>(8-num%8);
+ ovec[i]<<=num%8;
+ ovec[i]|=ovec[i+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
@@ -152,10 +151,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
- for(n=0 ; n < 8 ; ++n)
+ for(i=0 ; i < 8 ; ++i)
{
- ovec[n]<<=num%8;
- ovec[n]|=ovec[n+1]>>(8-num%8);
+ ovec[i]<<=num%8;
+ ovec[i]|=ovec[i+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
diff --git a/lib/libssl/src/crypto/des/ecb_enc.c b/lib/libssl/src/crypto/des/ecb_enc.c
index c828bdd45d5..784aa5ba23d 100644
--- a/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/lib/libssl/src/crypto/des/ecb_enc.c
@@ -60,6 +60,7 @@
#include "des_ver.h"
#include "spr.h"
#include <openssl/opensslv.h>
+#include <openssl/bio.h>
OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
@@ -97,8 +98,8 @@ const char *DES_options(void)
size="int";
else
size="long";
- snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
- size);
+ BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+ size);
init=0;
}
return(buf);
diff --git a/lib/libssl/src/crypto/dso/dso_lib.c b/lib/libssl/src/crypto/dso/dso_lib.c
index 85ac5103cdf..48d9fdb25e2 100644
--- a/lib/libssl/src/crypto/dso/dso_lib.c
+++ b/lib/libssl/src/crypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
return(0);
}
- strlcpy(copied, filename, strlen(filename) + 1);
+ BUF_strlcpy(copied, filename, strlen(filename) + 1);
if(dso->filename)
OPENSSL_free(dso->filename);
dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
ERR_R_MALLOC_FAILURE);
return(NULL);
}
- strlcpy(result, filename, strlen(filename) + 1);
+ BUF_strlcpy(result, filename, strlen(filename) + 1);
}
return(result);
}
diff --git a/lib/libssl/src/crypto/ec/ecp_smpl.c b/lib/libssl/src/crypto/ec/ecp_smpl.c
index 4666a052bfa..e9a51fb87a1 100644
--- a/lib/libssl/src/crypto/ec/ecp_smpl.c
+++ b/lib/libssl/src/crypto/ec/ecp_smpl.c
@@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
form = buf[0];
y_bit = form & 1;
- form = form & ~1;
+ form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID))
diff --git a/lib/libssl/src/crypto/engine/eng_ctrl.c b/lib/libssl/src/crypto/engine/eng_ctrl.c
index 0d56e69d271..412c73fb0fd 100644
--- a/lib/libssl/src/crypto/engine/eng_ctrl.c
+++ b/lib/libssl/src/crypto/engine/eng_ctrl.c
@@ -160,19 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
return strlen(e->cmd_defns[idx].cmd_name);
case ENGINE_CTRL_GET_NAME_FROM_CMD:
- return snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
- "%s", e->cmd_defns[idx].cmd_name);
+ return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
+ "%s", e->cmd_defns[idx].cmd_name);
case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
if(e->cmd_defns[idx].cmd_desc)
return strlen(e->cmd_defns[idx].cmd_desc);
return strlen(int_no_description);
case ENGINE_CTRL_GET_DESC_FROM_CMD:
if(e->cmd_defns[idx].cmd_desc)
- return snprintf(s,
- strlen(e->cmd_defns[idx].cmd_desc) + 1,
- "%s", e->cmd_defns[idx].cmd_desc);
- return snprintf(s, strlen(int_no_description) + 1,"%s",
- int_no_description);
+ return BIO_snprintf(s,
+ strlen(e->cmd_defns[idx].cmd_desc) + 1,
+ "%s", e->cmd_defns[idx].cmd_desc);
+ return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
+ int_no_description);
case ENGINE_CTRL_GET_CMD_FLAGS:
return e->cmd_defns[idx].cmd_flags;
}
diff --git a/lib/libssl/src/crypto/engine/eng_fat.c b/lib/libssl/src/crypto/engine/eng_fat.c
index 0d7dae00b24..7ccf7022ee3 100644
--- a/lib/libssl/src/crypto/engine/eng_fat.c
+++ b/lib/libssl/src/crypto/engine/eng_fat.c
@@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg)
}
-int ENGINE_set_default_string(ENGINE *e, const char *list)
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
{
unsigned int flags = 0;
- if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags))
+ if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
{
ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
ENGINE_R_INVALID_STRING);
- ERR_add_error_data(2, "str=",list);
+ ERR_add_error_data(2, "str=",def_list);
return 0;
}
return ENGINE_set_default(e, flags);
diff --git a/lib/libssl/src/crypto/engine/engine.h b/lib/libssl/src/crypto/engine/engine.h
index 9c3ab182d37..900f75ce8d6 100644
--- a/lib/libssl/src/crypto/engine/engine.h
+++ b/lib/libssl/src/crypto/engine/engine.h
@@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
* structure will have had its reference count up'd so the caller
* should still free their own reference 'e'. */
int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *list);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
@@ -616,17 +616,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
const dynamic_fns *fns);
#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
- if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
- fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
- return 0; \
- CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
- CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
- CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
- CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
- CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
- if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
- return 0; \
- if(!ERR_set_implementation(fns->err_fns)) return 0; \
+ if (ERR_get_implementation() != fns->err_fns) \
+ { \
+ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+ return 0; \
+ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+ return 0; \
+ if(!ERR_set_implementation(fns->err_fns)) return 0; \
+ } \
if(!fn(e,id)) return 0; \
return 1; }
diff --git a/lib/libssl/src/crypto/engine/hw_cryptodev.c b/lib/libssl/src/crypto/engine/hw_cryptodev.c
index 2fe84a50029..21de0a9fdd0 100644
--- a/lib/libssl/src/crypto/engine/hw_cryptodev.c
+++ b/lib/libssl/src/crypto/engine/hw_cryptodev.c
@@ -1257,14 +1257,17 @@ ENGINE_load_cryptodev(void)
if (engine == NULL)
return;
- if ((fd = get_dev_crypto()) < 0)
+ if ((fd = get_dev_crypto()) < 0) {
+ ENGINE_free(engine);
return;
+ }
/*
* find out what asymmetric crypto algorithms we support
*/
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
close(fd);
+ ENGINE_free(engine);
return;
}
close(fd);
diff --git a/lib/libssl/src/crypto/err/err.c b/lib/libssl/src/crypto/err/err.c
index 6ab119c1ef6..792f3296009 100644
--- a/lib/libssl/src/crypto/err/err.c
+++ b/lib/libssl/src/crypto/err/err.c
@@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...)
else
str=p;
}
- strlcat(str,a,s+1);
+ BUF_strlcat(str,a,s+1);
}
}
ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
diff --git a/lib/libssl/src/crypto/evp/digest.c b/lib/libssl/src/crypto/evp/digest.c
index b22eed44211..0623ddf1f05 100644
--- a/lib/libssl/src/crypto/evp/digest.c
+++ b/lib/libssl/src/crypto/evp/digest.c
@@ -248,6 +248,7 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
{
+ unsigned char *tmp_buf;
if ((in == NULL) || (in->digest == NULL))
{
EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
@@ -262,15 +263,22 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
}
#endif
+ if (out->digest == in->digest)
+ {
+ tmp_buf = out->md_data;
+ EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
+ }
+ else tmp_buf = NULL;
EVP_MD_CTX_cleanup(out);
memcpy(out,in,sizeof *out);
if (out->digest->ctx_size)
{
- out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+ if (tmp_buf) out->md_data = tmp_buf;
+ else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}
-
+
if (out->digest->copy)
return out->digest->copy(out,in);
@@ -308,7 +316,8 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
if (ctx->digest && ctx->digest->cleanup
&& !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
ctx->digest->cleanup(ctx);
- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
{
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
diff --git a/lib/libssl/src/crypto/evp/evp.h b/lib/libssl/src/crypto/evp/evp.h
index 5d8a07d33cb..f9b48792ce4 100644
--- a/lib/libssl/src/crypto/evp/evp.h
+++ b/lib/libssl/src/crypto/evp/evp.h
@@ -275,6 +275,8 @@ struct env_md_ctx_st
* once only */
#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
* cleaned */
+#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
+ * in EVP_MD_CTX_cleanup */
struct evp_cipher_st
{
diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c
index be0758a8796..8ea5aa935dd 100644
--- a/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/lib/libssl/src/crypto/evp/evp_enc.c
@@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
#endif
ctx->cipher=cipher;
- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+ if (ctx->cipher->ctx_size)
+ {
+ ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+ if (!ctx->cipher_data)
+ {
+ EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ else
+ {
+ ctx->cipher_data = NULL;
+ }
ctx->key_len = cipher->key_len;
ctx->flags = 0;
if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
diff --git a/lib/libssl/src/crypto/evp/evp_pbe.c b/lib/libssl/src/crypto/evp/evp_pbe.c
index bc98e633632..91e545a1416 100644
--- a/lib/libssl/src/crypto/evp/evp_pbe.c
+++ b/lib/libssl/src/crypto/evp/evp_pbe.c
@@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
if (i == -1) {
char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
- if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
+ if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0;
diff --git a/lib/libssl/src/crypto/evp/evp_pkey.c b/lib/libssl/src/crypto/evp/evp_pkey.c
index 30b6fbb03dd..eb481ec661d 100644
--- a/lib/libssl/src/crypto/evp/evp_pkey.c
+++ b/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
#endif
default:
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
- if (!a->algorithm) strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
+ if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
ERR_add_error_data(2, "TYPE=", obj_tmp);
EVP_PKEY_free (pkey);
diff --git a/lib/libssl/src/crypto/mem.c b/lib/libssl/src/crypto/mem.c
index bb862db4997..dd86733b770 100644
--- a/lib/libssl/src/crypto/mem.c
+++ b/lib/libssl/src/crypto/mem.c
@@ -252,7 +252,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
void *ret = NULL;
extern unsigned char cleanse_ctr;
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
@@ -293,7 +293,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
void *ret = NULL;
extern unsigned char cleanse_ctr;
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
@@ -324,7 +324,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
if (str == NULL)
return CRYPTO_malloc(num, file, line);
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
@@ -346,7 +346,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
if (str == NULL)
return CRYPTO_malloc(num, file, line);
- if (num < 0) return NULL;
+ if (num <= 0) return NULL;
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
diff --git a/lib/libssl/src/crypto/mem_dbg.c b/lib/libssl/src/crypto/mem_dbg.c
index 9221df00bdb..e212de27e48 100644
--- a/lib/libssl/src/crypto/mem_dbg.c
+++ b/lib/libssl/src/crypto/mem_dbg.c
@@ -606,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
{
lcl = localtime(&m->time);
- snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
+ BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
bufp += strlen(bufp);
}
- snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
+ BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
m->order,m->file,m->line);
bufp += strlen(bufp);
if (options & V_CRYPTO_MDEBUG_THREAD)
{
- snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
+ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
bufp += strlen(bufp);
}
- snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
+ BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
m->num,(unsigned long)m->addr);
bufp += strlen(bufp);
@@ -643,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
ami_cnt++;
memset(buf,'>',ami_cnt);
- snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
+ BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
" thread=%lu, file=%s, line=%d, info=\"",
amip->thread, amip->file, amip->line);
buf_len=strlen(buf);
@@ -655,11 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
}
else
{
- strlcpy(buf + buf_len, amip->info,
- sizeof buf - buf_len);
+ BUF_strlcpy(buf + buf_len, amip->info,
+ sizeof buf - buf_len);
buf_len = strlen(buf);
}
- snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
+ BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
BIO_puts(l->bio,buf);
diff --git a/lib/libssl/src/crypto/objects/obj_dat.c b/lib/libssl/src/crypto/objects/obj_dat.c
index ae97108e93d..4534dc09856 100644
--- a/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/lib/libssl/src/crypto/objects/obj_dat.c
@@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
if (i > 2) i=2;
l-=(long)(i*40);
- snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
+ BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
i=strlen(tbuf);
BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
@@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
for (; idx<len; idx++) {
l|=p[idx]&0x7f;
if (!(p[idx] & 0x80)) {
- snprintf(tbuf,sizeof tbuf,".%lu",l);
+ BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
i=strlen(tbuf);
if (buf_len > 0)
BUF_strlcpy(buf,tbuf,buf_len);
diff --git a/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/lib/libssl/src/crypto/ocsp/ocsp_ext.c
index d6c8899f58e..57399433fc4 100644
--- a/lib/libssl/src/crypto/ocsp/ocsp_ext.c
+++ b/lib/libssl/src/crypto/ocsp/ocsp_ext.c
@@ -305,6 +305,8 @@ err:
/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
* a random nonce will be generated.
+ * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
+ * nonce, previous versions used the raw nonce.
*/
static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
@@ -313,20 +315,28 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
ASN1_OCTET_STRING os;
int ret = 0;
if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
- if (val) tmpval = val;
+ /* Create the OCTET STRING manually by writing out the header and
+ * appending the content octets. This avoids an extra memory allocation
+ * operation in some cases. Applications should *NOT* do this because
+ * it relies on library internals.
+ */
+ os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+ os.data = OPENSSL_malloc(os.length);
+ if (os.data == NULL)
+ goto err;
+ tmpval = os.data;
+ ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+ if (val)
+ memcpy(tmpval, val, len);
else
- {
- if (!(tmpval = OPENSSL_malloc(len))) goto err;
RAND_pseudo_bytes(tmpval, len);
- }
- os.data = tmpval;
- os.length = len;
if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE))
goto err;
ret = 1;
err:
- if(!val) OPENSSL_free(tmpval);
+ if (os.data)
+ OPENSSL_free(os.data);
return ret;
}
diff --git a/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/lib/libssl/src/crypto/ocsp/ocsp_lib.c
index 3875af165c7..9e87fc78957 100644
--- a/lib/libssl/src/crypto/ocsp/ocsp_lib.c
+++ b/lib/libssl/src/crypto/ocsp/ocsp_lib.c
@@ -253,6 +253,7 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
err:
+ if (buf) OPENSSL_free(buf);
if (*ppath) OPENSSL_free(*ppath);
if (*pport) OPENSSL_free(*pport);
if (*phost) OPENSSL_free(*phost);
diff --git a/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
index 1f5fda7ca31..3d58dfb06cf 100644
--- a/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
+++ b/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
@@ -3,7 +3,7 @@
* project 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -272,7 +272,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
for (i = 1; i < idcount; i++)
{
- tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
/* Check to see if IDs match */
if (OCSP_id_issuer_cmp(cid, tmpid))
{
@@ -330,7 +330,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
OCSP_CERTID *tmpid;
for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
{
- tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
ret = ocsp_match_issuerid(cert, tmpid, NULL);
if (ret <= 0) return ret;
}
diff --git a/lib/libssl/src/crypto/opensslv.h b/lib/libssl/src/crypto/opensslv.h
index e226d9de796..02f1710fb3f 100644
--- a/lib/libssl/src/crypto/opensslv.h
+++ b/lib/libssl/src/crypto/opensslv.h
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090703fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
+#define OPENSSL_VERSION_NUMBER 0x0090704fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d 17 Mar 2004"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c
index 3bec2d7e9f4..7785039b993 100644
--- a/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/lib/libssl/src/crypto/pem/pem_lib.c
@@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
else
str="BAD-TYPE";
- strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
- strlcat(buf,str,PEM_BUFSIZE);
- strlcat(buf,"\n",PEM_BUFSIZE);
+ BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
+ BUF_strlcat(buf,str,PEM_BUFSIZE);
+ BUF_strlcat(buf,"\n",PEM_BUFSIZE);
}
void PEM_dek_info(char *buf, const char *type, int len, char *str)
@@ -142,9 +142,9 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
long i;
int j;
- strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
- strlcat(buf,type,PEM_BUFSIZE);
- strlcat(buf,",",PEM_BUFSIZE);
+ BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
+ BUF_strlcat(buf,type,PEM_BUFSIZE);
+ BUF_strlcat(buf,",",PEM_BUFSIZE);
j=strlen(buf);
if (j + (len * 2) + 1 > PEM_BUFSIZE)
return;
@@ -535,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
long len)
{
int nlen,n,i,j,outl;
- unsigned char *buf;
+ unsigned char *buf = NULL;
EVP_ENCODE_CTX ctx;
int reason=ERR_R_BUF_LIB;
@@ -555,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
goto err;
}
- buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
+ buf = OPENSSL_malloc(PEM_BUFSIZE*8);
if (buf == NULL)
{
reason=ERR_R_MALLOC_FAILURE;
@@ -576,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
EVP_EncodeFinal(&ctx,buf,&outl);
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
OPENSSL_free(buf);
+ buf = NULL;
if ( (BIO_write(bp,"-----END ",9) != 9) ||
(BIO_write(bp,name,nlen) != nlen) ||
(BIO_write(bp,"-----\n",6) != 6))
goto err;
return(i+outl);
err:
+ if (buf)
+ OPENSSL_free(buf);
PEMerr(PEM_F_PEM_WRITE_BIO,reason);
return(0);
}
diff --git a/lib/libssl/src/crypto/pem/pem_pkey.c b/lib/libssl/src/crypto/pem/pem_pkey.c
index d96ecf69406..f77c949e87b 100644
--- a/lib/libssl/src/crypto/pem/pem_pkey.c
+++ b/lib/libssl/src/crypto/pem/pem_pkey.c
@@ -87,6 +87,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
if(!p8inf) goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
+ if(x) {
+ if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+ *x = ret;
+ }
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 190ca0e9bf5..35c7dcd0b3e 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -91,17 +91,19 @@ static int PKCS7_type_is_other(PKCS7* p7)
}
-static int PKCS7_type_is_octet_string(PKCS7* p7)
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
{
- if ( 0==PKCS7_type_is_other(p7) )
- return 0;
-
- return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
+ if ( PKCS7_type_is_data(p7))
+ return p7->d.data;
+ if ( PKCS7_type_is_other(p7) && p7->d.other
+ && (p7->d.other->type == V_ASN1_OCTET_STRING))
+ return p7->d.other->value.octet_string;
+ return NULL;
}
BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
{
- int i,j;
+ int i;
BIO *out=NULL,*btmp=NULL;
X509_ALGOR *xa;
const EVP_MD *evp_md;
@@ -159,8 +161,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
goto err;
}
- j=OBJ_obj2nid(xa->algorithm);
- evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+ evp_md=EVP_get_digestbyobj(xa->algorithm);
if (evp_md == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -250,29 +251,22 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
btmp=NULL;
}
- if (bio == NULL) {
+ if (bio == NULL)
+ {
if (PKCS7_is_detached(p7))
bio=BIO_new(BIO_s_null());
- else {
- if (PKCS7_type_is_signed(p7) ) {
- if ( PKCS7_type_is_data(p7->d.sign->contents)) {
- ASN1_OCTET_STRING *os;
- os=p7->d.sign->contents->d.data;
- if (os->length > 0)
- bio = BIO_new_mem_buf(os->data, os->length);
- }
- else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
- ASN1_OCTET_STRING *os;
- os=p7->d.sign->contents->d.other->value.octet_string;
- if (os->length > 0)
- bio = BIO_new_mem_buf(os->data, os->length);
- }
- }
- if(bio == NULL) {
+ else
+ {
+ ASN1_OCTET_STRING *os;
+ os = PKCS7_get_octet_string(p7->d.sign->contents);
+ if (os && os->length > 0)
+ bio = BIO_new_mem_buf(os->data, os->length);
+ if(bio == NULL)
+ {
bio=BIO_new(BIO_s_mem());
BIO_set_mem_eof_return(bio,0);
+ }
}
- }
}
BIO_push(out,bio);
bio=NULL;
@@ -311,7 +305,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
switch (i)
{
case NID_pkcs7_signed:
- data_body=p7->d.sign->contents->d.data;
+ data_body=PKCS7_get_octet_string(p7->d.sign->contents);
md_sk=p7->d.sign->md_algs;
break;
case NID_pkcs7_signedAndEnveloped:
@@ -319,7 +313,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
md_sk=p7->d.signed_and_enveloped->md_algs;
data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
- evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+ evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -331,7 +325,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
rsk=p7->d.enveloped->recipientinfo;
enc_alg=p7->d.enveloped->enc_data->algorithm;
data_body=p7->d.enveloped->enc_data->enc_data;
- evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+ evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
@@ -357,7 +351,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}
j=OBJ_obj2nid(xa->algorithm);
- evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+ evp_md=EVP_get_digestbynid(j);
if (evp_md == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
@@ -531,9 +525,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_signed:
si_sk=p7->d.sign->signer_info;
- os=p7->d.sign->contents->d.data;
+ os=PKCS7_get_octet_string(p7->d.sign->contents);
/* If detached data then the content is excluded */
- if(p7->detached) {
+ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
p7->d.sign->contents->d.data = NULL;
}
diff --git a/lib/libssl/src/crypto/rand/Makefile.ssl b/lib/libssl/src/crypto/rand/Makefile.ssl
index df807023736..e5cbe5319c3 100644
--- a/lib/libssl/src/crypto/rand/Makefile.ssl
+++ b/lib/libssl/src/crypto/rand/Makefile.ssl
@@ -101,7 +101,8 @@ md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
md_rand.o: md_rand.c rand_lcl.h
-rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
+rand_egd.o: ../../include/openssl/opensslconf.h
rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
rand_egd.o: rand_egd.c
rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
@@ -186,8 +187,9 @@ rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
-randfile.o: ../../e_os.h ../../include/openssl/crypto.h
-randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+randfile.o: ../../e_os.h ../../include/openssl/buffer.h
+randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h
randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/lib/libssl/src/crypto/rand/rand_egd.c b/lib/libssl/src/crypto/rand/rand_egd.c
index 895967476ea..6f742900a0a 100644
--- a/lib/libssl/src/crypto/rand/rand_egd.c
+++ b/lib/libssl/src/crypto/rand/rand_egd.c
@@ -56,6 +56,7 @@
#include <openssl/e_os2.h>
#include <openssl/rand.h>
+#include <openssl/buffer.h>
/*
* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
@@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
addr.sun_family = AF_UNIX;
if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
- strlcpy(addr.sun_path,path,sizeof addr.sun_path);
+ BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) return (-1);
diff --git a/lib/libssl/src/crypto/rand/rand_win.c b/lib/libssl/src/crypto/rand/rand_win.c
index 263068d2569..3584842224c 100644
--- a/lib/libssl/src/crypto/rand/rand_win.c
+++ b/lib/libssl/src/crypto/rand/rand_win.c
@@ -646,7 +646,7 @@ static void readtimer(void)
* Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
*
* Code adapted from
- * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
+ * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
* the original copyright message is:
*
* (C) Copyright Microsoft Corp. 1993. All rights reserved.
diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c
index cfbec2ac1fd..d88ee0d780b 100644
--- a/lib/libssl/src/crypto/rand/randfile.c
+++ b/lib/libssl/src/crypto/rand/randfile.c
@@ -56,6 +56,9 @@
* [including the GNU Public Licence.]
*/
+/* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#define _XOPEN_SOURCE 1
+
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@@ -64,6 +67,7 @@
#include "e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
+#include <openssl/buffer.h>
#ifdef OPENSSL_SYS_VMS
#include <unixio.h>
@@ -106,6 +110,7 @@ int RAND_load_file(const char *file, long bytes)
in=fopen(file,"rb");
if (in == NULL) goto err;
+#if defined(S_IFBLK) && defined(S_IFCHR)
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
/* this file is a device. we don't want read an infinite number
* of bytes from a random device, nor do we want to use buffered
@@ -114,6 +119,7 @@ int RAND_load_file(const char *file, long bytes)
bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
}
+#endif
for (;;)
{
if (bytes > 0)
@@ -147,6 +153,7 @@ int RAND_write_file(const char *file)
i=stat(file,&sb);
if (i != -1) {
+#if defined(S_IFBLK) && defined(S_IFCHR)
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
/* this file is a device. we don't write back to it.
* we "succeed" on the assumption this is some sort
@@ -155,6 +162,7 @@ int RAND_write_file(const char *file)
*/
return(1);
}
+#endif
}
#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
@@ -219,13 +227,15 @@ const char *RAND_file_name(char *buf, size_t size)
{
char *s=NULL;
int ok = 0;
+#ifdef __OpenBSD__
struct stat sb;
+#endif
if (issetugid() == 0)
s=getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size)
{
- if (strlcpy(buf,s,size) >= size)
+ if (BUF_strlcpy(buf,s,size) >= size)
return NULL;
}
else
@@ -240,11 +250,11 @@ const char *RAND_file_name(char *buf, size_t size)
#endif
if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
{
- strlcpy(buf,s,size);
+ BUF_strlcpy(buf,s,size);
#ifndef OPENSSL_SYS_VMS
- strlcat(buf,"/",size);
+ BUF_strlcat(buf,"/",size);
#endif
- strlcat(buf,RFILE,size);
+ BUF_strlcat(buf,RFILE,size);
ok = 1;
}
else
@@ -260,11 +270,11 @@ const char *RAND_file_name(char *buf, size_t size)
*/
if (!ok)
- if (strlcpy(buf,"/dev/arandom",size) >= size) {
+ if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
if (stat(buf,&sb) == -1)
- if (strlcpy(buf,"/dev/arandom",size) >= size) {
+ if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
diff --git a/lib/libssl/src/crypto/rc4/Makefile.ssl b/lib/libssl/src/crypto/rc4/Makefile.ssl
index 9f9e16068fd..3e602662be2 100644
--- a/lib/libssl/src/crypto/rc4/Makefile.ssl
+++ b/lib/libssl/src/crypto/rc4/Makefile.ssl
@@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o
#RC4_ENC=asm/rx86bdsi.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=rc4test.c
diff --git a/lib/libssl/src/crypto/rc5/Makefile.ssl b/lib/libssl/src/crypto/rc5/Makefile.ssl
index a86f202f7b2..3f9632f8f75 100644
--- a/lib/libssl/src/crypto/rc5/Makefile.ssl
+++ b/lib/libssl/src/crypto/rc5/Makefile.ssl
@@ -22,6 +22,7 @@ RC5_ENC= rc5_enc.o
#DES_ENC= r586-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=rc5test.c
diff --git a/lib/libssl/src/crypto/ripemd/Makefile.ssl b/lib/libssl/src/crypto/ripemd/Makefile.ssl
index d85515353b2..f22ac790aed 100644
--- a/lib/libssl/src/crypto/ripemd/Makefile.ssl
+++ b/lib/libssl/src/crypto/ripemd/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
RIP_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=rmdtest.c
diff --git a/lib/libssl/src/crypto/sha/Makefile.ssl b/lib/libssl/src/crypto/sha/Makefile.ssl
index d52fb62b4f0..4ba201c787d 100644
--- a/lib/libssl/src/crypto/sha/Makefile.ssl
+++ b/lib/libssl/src/crypto/sha/Makefile.ssl
@@ -20,6 +20,7 @@ AR= ar r
SHA1_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=shatest.c sha1test.c
diff --git a/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/lib/libssl/src/crypto/sha/asm/sha1-586.pl
index fe51fd07945..e00f7095538 100644
--- a/lib/libssl/src/crypto/sha/asm/sha1-586.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha1-586.pl
@@ -1,5 +1,30 @@
#!/usr/local/bin/perl
+# It was noted that Intel IA-32 C compiler generates code which
+# performs ~30% *faster* on P4 CPU than original *hand-coded*
+# SHA1 assembler implementation. To address this problem (and
+# prove that humans are still better than machines:-), the
+# original code was overhauled, which resulted in following
+# performance changes:
+#
+# compared with original compared with Intel cc
+# assembler impl. generated code
+# Pentium -25% +37%
+# PIII/AMD +8% +16%
+# P4 +85%(!) +45%
+#
+# As you can see Pentium came out as looser:-( Yet I reckoned that
+# improvement on P4 outweights the loss and incorporate this
+# re-tuned code to 0.9.7 and later.
+# ----------------------------------------------------------------
+# Those who for any particular reason absolutely must score on
+# Pentium can replace this module with one from 0.9.6 distribution.
+# This "offer" shall be revoked the moment programming interface to
+# this module is changed, in which case this paragraph should be
+# removed.
+# ----------------------------------------------------------------
+# <appro@fy.chalmers.se>
+
$normal=0;
push(@INC,"perlasm","../../perlasm");
@@ -77,54 +102,21 @@ sub BODY_00_15
{
local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
-return if $n & 1;
&comment("00_15 $n");
- &mov($f,$c);
-
- &mov($tmp1,$a);
- &xor($f,$d); # F2
-
- &rotl($tmp1,5); # A2
-
- &and($f,$b); # F3
- &add($tmp1,$e);
-
- &rotr($b,1); # B1 <- F
- &mov($e,&swtmp($n)); # G1
-
- &rotr($b,1); # B1 <- F
- &xor($f,$d); # F4
-
- &lea($tmp1,&DWP($K,$tmp1,$e,1));
-
-############################
-# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
-# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
-$n++;
- local($n0,$n1,$n2,$n3,$np)=&Na($n);
- ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
-
- &mov($f,$c);
-
- &add($a,$tmp1); # MOVED DOWN
- &xor($f,$d); # F2
-
&mov($tmp1,$a);
- &and($f,$b); # F3
-
- &rotl($tmp1,5); # A2
-
- &add($tmp1,$e);
- &mov($e,&swtmp($n)); # G1
-
- &rotr($b,1); # B1 <- F
- &xor($f,$d); # F4
-
- &rotr($b,1); # B1 <- F
- &lea($tmp1,&DWP($K,$tmp1,$e,1));
-
- &add($f,$tmp1);
+ &mov($f,$c); # f to hold F_00_19(b,c,d)
+ &rotl($tmp1,5); # tmp1=ROTATE(a,5)
+ &xor($f,$d);
+ &and($f,$b);
+ &rotr($b,2); # b=ROTATE(b,30)
+ &add($tmp1,$e); # tmp1+=e;
+ &mov($e,&swtmp($n)); # e becomes volatile and
+ # is loaded with xi
+ &xor($f,$d); # f holds F_00_19(b,c,d)
+ &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
+
+ &add($f,$tmp1); # f+=tmp1
}
sub BODY_16_19
@@ -132,66 +124,24 @@ sub BODY_16_19
local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
local($n0,$n1,$n2,$n3,$np)=&Na($n);
-return if $n & 1;
&comment("16_19 $n");
- &nop() if ($pos < 0);
-&mov($tmp1,&swtmp($n0)); # X1
- &mov($f,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&xor($f,$tmp1); # X7 - slot
- &mov($tmp1,$c); # F1
-&rotl($f,1); # X8 - slot
- &xor($tmp1,$d); # F2
-&mov(&swtmp($n0),$f); # X9 - anytime
- &and($tmp1,$b); # F3
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &xor($tmp1,$d); # F4
-&mov($e,$a); # A1
- &add($f,$tmp1); # tot+=F();
-
-&rotl($e,5); # A2
-
-&rotr($b,1); # B1 <- F
- &add($f,$e); # tot+=a
-
-############################
-# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
-# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
-$n++;
- local($n0,$n1,$n2,$n3,$np)=&Na($n);
- ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
-
-
-&mov($f,&swtmp($n0)); # X1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN
- &xor($f,$tmp1); # X7 - slot
-&rotl($f,1); # X8 - slot
- &mov($tmp1,$c); # F1
-&xor($tmp1,$d); # F2
- &mov(&swtmp($n0),$f); # X9 - anytime
-&and($tmp1,$b); # F3
- &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
-
-&xor($tmp1,$d); # F4
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-&rotr($b,1); # B1 <- F
- &add($f,$e); # tot+=a
-
-&rotr($b,1); # B1 <- F
- &add($f,$tmp1); # tot+=F();
-
+ &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd)
+ &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d)
+ &xor($f,&swtmp($n0));
+ &xor($tmp1,$d);
+ &xor($f,&swtmp($n2));
+ &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d)
+ &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
+ &rotr($b,2); # b=ROTATE(b,30)
+ &xor($tmp1,$d); # tmp1=F_00_19(b,c,d)
+ &rotl($f,1); # f=ROATE(f,1)
+ &mov(&swtmp($n0),$f); # xi=f
+ &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e
+ &mov($e,$a); # e becomes volatile
+ &add($f,$tmp1); # f+=F_00_19(b,c,d)
+ &rotl($e,5); # e=ROTATE(a,5)
+ &add($f,$e); # f+=ROTATE(a,5)
}
sub BODY_20_39
@@ -201,42 +151,21 @@ sub BODY_20_39
&comment("20_39 $n");
local($n0,$n1,$n2,$n3,$np)=&Na($n);
-&mov($f,&swtmp($n0)); # X1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&xor($f,$tmp1); # X7 - slot
- &mov($tmp1,$b); # F1
-&rotl($f,1); # X8 - slot
- &xor($tmp1,$c); # F2
-&mov(&swtmp($n0),$f); # X9 - anytime
- &xor($tmp1,$d); # F3
-
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-if ($n != 79) # last loop
- {
- &rotr($b,1); # B1 <- F
- &add($e,$tmp1); # tmp1=F()+a
-
- &rotr($b,1); # B2 <- F
- &add($f,$e); # tot+=tmp1;
- }
-else
- {
- &add($e,$tmp1); # tmp1=F()+a
- &mov($tmp1,&wparam(0));
-
- &rotr($b,1); # B1 <- F
- &add($f,$e); # tot+=tmp1;
-
- &rotr($b,1); # B2 <- F
- }
+ &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
+ &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d)
+ &xor($f,&swtmp($n1));
+ &rotr($b,2); # b=ROTATE(b,30)
+ &xor($f,&swtmp($n2));
+ &xor($tmp1,$c);
+ &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
+ &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d)
+ &rotl($f,1); # f=ROTATE(f,1)
+ &mov(&swtmp($n0),$f); # xi=f
+ &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e
+ &mov($e,$a); # e becomes volatile
+ &rotl($e,5); # e=ROTATE(a,5)
+ &add($f,$tmp1); # f+=F_20_39(b,c,d)
+ &add($f,$e); # f+=ROTATE(a,5)
}
sub BODY_40_59
@@ -244,70 +173,27 @@ sub BODY_40_59
local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
&comment("40_59 $n");
- return if $n & 1;
local($n0,$n1,$n2,$n3,$np)=&Na($n);
-&mov($f,&swtmp($n0)); # X1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&xor($f,$tmp1); # X7 - slot
- &mov($tmp1,$b); # F1
-&rotl($f,1); # X8 - slot
- &or($tmp1,$c); # F2
-&mov(&swtmp($n0),$f); # X9 - anytime
- &and($tmp1,$d); # F3
-
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &mov($e,$b); # F4
-
-&rotr($b,1); # B1 <- F
- &and($e,$c); # F5
-
-&or($tmp1,$e); # F6
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-&add($tmp1,$e); # tmp1=F()+a
-
-############################
-# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
-# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
-$n++;
- local($n0,$n1,$n2,$n3,$np)=&Na($n);
- ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f);
-
- &mov($f,&swtmp($n0)); # X1
-&add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1
- &mov($tmp1,&swtmp($n1)); # X2
-&xor($f,$tmp1); # X3
- &mov($tmp1,&swtmp($n2)); # X4
-&xor($f,$tmp1); # X5
- &mov($tmp1,&swtmp($n3)); # X6
-&rotr($c,1); # B2 <- F # moved was rotr b,1
- &xor($f,$tmp1); # X7 - slot
-&rotl($f,1); # X8 - slot
- &mov($tmp1,$b); # F1
-&mov(&swtmp($n0),$f); # X9 - anytime
- &or($tmp1,$c); # F2
-&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e
- &mov($e,$b); # F4
-&and($tmp1,$d); # F3
- &and($e,$c); # F5
-
-&or($tmp1,$e); # F6
- &mov($e,$a); # A1
-
-&rotl($e,5); # A2
-
-&rotr($b,1); # B1 <- F
- &add($tmp1,$e); # tmp1=F()+a
-
-&rotr($b,1); # B2 <- F
- &add($f,$tmp1); # tot+=tmp1;
+ &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd)
+ &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d)
+ &xor($f,&swtmp($n1));
+ &or($tmp1,$c);
+ &xor($f,&swtmp($n2));
+ &and($tmp1,$d);
+ &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd
+ &rotl($f,1); # f=ROTATE(f,1)
+ &mov(&swtmp($n0),$f); # xi=f
+ &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e
+ &mov($e,$b); # e becomes volatile and is used
+ # to calculate F_40_59(b,c,d)
+ &rotr($b,2); # b=ROTATE(b,30)
+ &and($e,$c);
+ &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d)
+ &mov($e,$a);
+ &rotl($e,5); # e=ROTATE(a,5)
+ &add($tmp1,$e); # tmp1+=ROTATE(a,5)
+ &add($f,$tmp1); # f+=tmp1;
}
sub BODY_60_79
@@ -495,8 +381,7 @@ sub sha1_block_data
# C -> E
# D -> T
- # The last 2 have been moved into the last loop
- # &mov($tmp1,&wparam(0));
+ &mov($tmp1,&wparam(0));
&mov($D, &DWP(12,$tmp1,"",0));
&add($D,$B);
diff --git a/lib/libssl/src/crypto/threads/mttest.c b/lib/libssl/src/crypto/threads/mttest.c
index 8973921778a..7588966cb21 100644
--- a/lib/libssl/src/crypto/threads/mttest.c
+++ b/lib/libssl/src/crypto/threads/mttest.c
@@ -243,7 +243,7 @@ bad:
goto end;
}
- if (cipher == NULL && issetugid() == 0)
+ if (cipher == NULL && OPENSSL_issetugid() == 0)
cipher=getenv("SSL_CIPHER");
SSL_load_error_strings();
diff --git a/lib/libssl/src/crypto/ui/ui_lib.c b/lib/libssl/src/crypto/ui/ui_lib.c
index 33c86d76ef2..dbc9711a2de 100644
--- a/lib/libssl/src/crypto/ui/ui_lib.c
+++ b/lib/libssl/src/crypto/ui/ui_lib.c
@@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
len += sizeof(prompt3) - 1;
prompt = (char *)OPENSSL_malloc(len + 1);
- strlcpy(prompt, prompt1, len + 1);
- strlcat(prompt, object_desc, len + 1);
+ BUF_strlcpy(prompt, prompt1, len + 1);
+ BUF_strlcat(prompt, object_desc, len + 1);
if (object_name)
{
- strlcat(prompt, prompt2, len + 1);
- strlcat(prompt, object_name, len + 1);
+ BUF_strlcat(prompt, prompt2, len + 1);
+ BUF_strlcat(prompt, object_name, len + 1);
}
- strlcat(prompt, prompt3, len + 1);
+ BUF_strlcat(prompt, prompt3, len + 1);
}
return prompt;
}
@@ -865,8 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
return -1;
}
- strlcpy(uis->result_buf, result,
- uis->_.string_data.result_maxsize + 1);
+ BUF_strlcpy(uis->result_buf, result,
+ uis->_.string_data.result_maxsize + 1);
break;
case UIT_BOOLEAN:
{
diff --git a/lib/libssl/src/crypto/x509/by_dir.c b/lib/libssl/src/crypto/x509/by_dir.c
index a5c306f1fde..6207340472e 100644
--- a/lib/libssl/src/crypto/x509/by_dir.c
+++ b/lib/libssl/src/crypto/x509/by_dir.c
@@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
k=0;
for (;;)
{
- snprintf(b->data,b->max,"%s/%08lx.%s%d",ctx->dirs[i],h,
- postfix,k);
+ char c = '/';
+#ifdef OPENSSL_SYS_VMS
+ c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
+ if (c != ':' && c != '>' && c != ']')
+ {
+ /* If no separator is present, we assume the
+ directory specifier is a logical name, and
+ add a colon. We really should use better
+ VMS routines for merging things like this,
+ but this will do for now...
+ -- Richard Levitte */
+ c = ':';
+ }
+ else
+ {
+ c = '\0';
+ }
+#endif
+ if (c == '\0')
+ {
+ /* This is special. When c == '\0', no
+ directory separator should be added. */
+ BIO_snprintf(b->data,b->max,
+ "%s%08lx.%s%d",ctx->dirs[i],h,
+ postfix,k);
+ }
+ else
+ {
+ BIO_snprintf(b->data,b->max,
+ "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
+ postfix,k);
+ }
k++;
if (stat(b->data,&st) < 0)
break;
diff --git a/lib/libssl/src/crypto/x509/x509.h b/lib/libssl/src/crypto/x509/x509.h
index eaad5685a8f..8d0c7e2e179 100644
--- a/lib/libssl/src/crypto/x509/x509.h
+++ b/lib/libssl/src/crypto/x509/x509.h
@@ -810,10 +810,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-#ifndef OPENSSL_NO_RSA
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-#endif
#endif /* !SSLEAY_MACROS */
diff --git a/lib/libssl/src/crypto/x509/x509_txt.c b/lib/libssl/src/crypto/x509/x509_txt.c
index 9d09ae17e82..e31ebc6741a 100644
--- a/lib/libssl/src/crypto/x509/x509_txt.c
+++ b/lib/libssl/src/crypto/x509/x509_txt.c
@@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n)
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
return("unhandled critical extension");
+ case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+ return("key usage does not include CRL signing");
+
+ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+ return("unhandled critical CRL extension");
+
default:
- snprintf(buf,sizeof buf,"error number %ld",n);
+ BIO_snprintf(buf,sizeof buf,"error number %ld",n);
return(buf);
}
}
diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c
index 2bb21b443ec..2e4d0b823ab 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
/* Check all untrusted certificates */
for (i = 0; i < ctx->last_untrusted; i++)
{
+ int ret;
x = sk_X509_value(ctx->chain, i);
if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
&& (x->ex_flags & EXFLAG_CRITICAL))
@@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
ok=cb(0,ctx);
if (!ok) goto end;
}
- if (!X509_check_purpose(x, ctx->purpose, i))
+ ret = X509_check_purpose(x, ctx->purpose, i);
+ if ((ret == 0)
+ || ((ctx->flags & X509_V_FLAG_X509_STRICT)
+ && (ret != 1)))
{
if (i)
ctx->error = X509_V_ERR_INVALID_CA;
@@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
if(issuer)
{
+ /* Check for cRLSign bit if keyUsage present */
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+ !(issuer->ex_kusage & KU_CRL_SIGN))
+ {
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+ ok = ctx->verify_cb(0, ctx);
+ if(!ok) goto err;
+ }
/* Attempt to get issuer certificate public key */
ikey = X509_get_pubkey(issuer);
@@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
{
int idx, ok;
X509_REVOKED rtmp;
+ STACK_OF(X509_EXTENSION) *exts;
+ X509_EXTENSION *ext;
/* Look for serial number of certificate in CRL */
rtmp.serialNumber = X509_get_serialNumber(x);
idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
- /* Not found: OK */
- if(idx == -1) return 1;
- /* Otherwise revoked: want something cleverer than
+ /* If found assume revoked: want something cleverer than
* this to handle entry extensions in V2 CRLs.
*/
- ctx->error = X509_V_ERR_CERT_REVOKED;
- ok = ctx->verify_cb(0, ctx);
- return ok;
+ if(idx >= 0)
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok) return 0;
+ }
+
+ if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ return 1;
+
+ /* See if we have any critical CRL extensions: since we
+ * currently don't handle any CRL extensions the CRL must be
+ * rejected.
+ * This code accesses the X509_CRL structure directly: applications
+ * shouldn't do this.
+ */
+
+ exts = crl->crl->extensions;
+
+ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
+ {
+ ext = sk_X509_EXTENSION_value(exts, idx);
+ if (ext->critical > 0)
+ {
+ ctx->error =
+ X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+ ok = ctx->verify_cb(0, ctx);
+ if(!ok) return 0;
+ break;
+ }
+ }
+ return 1;
}
static int internal_verify(X509_STORE_CTX *ctx)
diff --git a/lib/libssl/src/crypto/x509/x509_vfy.h b/lib/libssl/src/crypto/x509/x509_vfy.h
index f0be21f4525..198495884cf 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.h
+++ b/lib/libssl/src/crypto/x509/x509_vfy.h
@@ -304,17 +304,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
+#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
+#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
/* Certificate verify flags */
-#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */
-#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
-#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */
-#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */
-#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */
+/* Send issuer+subject checks to verify_cb */
+#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
+/* Use check time instead of current time */
+#define X509_V_FLAG_USE_CHECK_TIME 0x2
+/* Lookup CRLs */
+#define X509_V_FLAG_CRL_CHECK 0x4
+/* Lookup CRLs for whole chain */
+#define X509_V_FLAG_CRL_CHECK_ALL 0x8
+/* Ignore unhandled critical extensions */
+#define X509_V_FLAG_IGNORE_CRITICAL 0x10
+/* Disable workarounds for broken certificates */
+#define X509_V_FLAG_X509_STRICT 0x20
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name);
diff --git a/lib/libssl/src/crypto/x509/x509type.c b/lib/libssl/src/crypto/x509/x509type.c
index f78c2a6b438..c25959a7428 100644
--- a/lib/libssl/src/crypto/x509/x509type.c
+++ b/lib/libssl/src/crypto/x509/x509type.c
@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
break;
}
- if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
+ if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
for, not bytes */
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
diff --git a/lib/libssl/src/crypto/x509v3/v3_alt.c b/lib/libssl/src/crypto/x509v3/v3_alt.c
index 0fae31a3a66..58b935a3b6b 100644
--- a/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -137,8 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
X509V3_add_value("IP Address","<invalid>", &ret);
break;
}
- snprintf(oline, sizeof oline, "%d.%d.%d.%d", p[0], p[1], p[2],
- p[3]);
+ BIO_snprintf(oline, sizeof oline,
+ "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
X509V3_add_value("IP Address",oline, &ret);
break;
diff --git a/lib/libssl/src/crypto/x509v3/v3_crld.c b/lib/libssl/src/crypto/x509v3/v3_crld.c
index 894a8b94d80..f90829c574e 100644
--- a/lib/libssl/src/crypto/x509v3/v3_crld.c
+++ b/lib/libssl/src/crypto/x509v3/v3_crld.c
@@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = {
IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/lib/libssl/src/crypto/x509v3/v3_info.c b/lib/libssl/src/crypto/x509v3/v3_info.c
index 28cc00686ad..53e3f488590 100644
--- a/lib/libssl/src/crypto/x509v3/v3_info.c
+++ b/lib/libssl/src/crypto/x509v3/v3_info.c
@@ -121,9 +121,9 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
ERR_R_MALLOC_FAILURE);
return NULL;
}
- strlcpy(ntmp, objtmp, nlen);
- strlcat(ntmp, " - ", nlen);
- strlcat(ntmp, vtmp->name, nlen);
+ BUF_strlcpy(ntmp, objtmp, nlen);
+ BUF_strlcat(ntmp, " - ", nlen);
+ BUF_strlcat(ntmp, vtmp->name, nlen);
OPENSSL_free(vtmp->name);
vtmp->name = ntmp;
diff --git a/lib/libssl/src/crypto/x509v3/v3_purp.c b/lib/libssl/src/crypto/x509v3/v3_purp.c
index 4d145f71fd0..b3d1ae5d1cc 100644
--- a/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -3,7 +3,7 @@
* project 2001.
*/
/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
* 1 is a CA
* 2 basicConstraints absent so "maybe" a CA
* 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
*/
#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
@@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
} else {
if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
/* If key usage present it must have certSign so tolerate it */
- else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
+ else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
else return 2;
}
}
diff --git a/lib/libssl/src/doc/apps/config.pod b/lib/libssl/src/doc/apps/config.pod
index ce874a42ce1..8f823fa6d69 100644
--- a/lib/libssl/src/doc/apps/config.pod
+++ b/lib/libssl/src/doc/apps/config.pod
@@ -10,7 +10,8 @@ config - OpenSSL CONF library configuration files
The OpenSSL CONF library can be used to read configuration files.
It is used for the OpenSSL master configuration file B<openssl.cnf>
and in a few other places like B<SPKAC> files and certificate extension
-files for the B<x509> utility.
+files for the B<x509> utility. OpenSSL applications can also use the
+CONF library for their own purposes.
A configuration file is divided into a number of sections. Each section
starts with a line B<[ section_name ]> and ends when a new section is
@@ -51,13 +52,146 @@ or the B<\> character. By making the last character of a line a B<\>
a B<value> string can be spread across multiple lines. In addition
the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
+=head1 OPENSSL LIBRARY CONFIGURATION
+
+In OpenSSL 0.9.7 and later applications can automatically configure certain
+aspects of OpenSSL using the master OpenSSL configuration file, or optionally
+an alternative configuration file. The B<openssl> utility includes this
+functionality: any sub command uses the master OpenSSL configuration file
+unless an option is used in the sub command to use an alternative configuration
+file.
+
+To enable library configuration the default section needs to contain an
+appropriate line which points to the main configuration section. The default
+name is B<openssl_conf> which is used by the B<openssl> utility. Other
+applications may use an alternative name such as B<myapplicaton_conf>.
+
+The configuration section should consist of a set of name value pairs which
+contain specific module configuration information. The B<name> represents
+the name of the I<configuration module> the meaning of the B<value> is
+module specific: it may, for example, represent a further configuration
+section containing configuration module specific information. E.g.
+
+ openssl_conf = openssl_init
+
+ [openssl_init]
+
+ oid_section = new_oids
+ engines = engine_section
+
+ [new_oids]
+
+ ... new oids here ...
+
+ [engine_section]
+
+ ... engine stuff here ...
+
+Currently there are two configuration modules. One for ASN1 objects another
+for ENGINE configuration.
+
+=head2 ASN1 OBJECT CONFIGURATION MODULE
+
+This module has the name B<oid_section>. The value of this variable points
+to a section containing name value pairs of OIDs: the name is the OID short
+and long name, the value is the numerical form of the OID. Although some of
+the B<openssl> utility sub commands already have their own ASN1 OBJECT section
+functionality not all do. By using the ASN1 OBJECT configuration module
+B<all> the B<openssl> utility sub commands can see the new objects as well
+as any compliant applications. For example:
+
+ [new_oids]
+
+ some_new_oid = 1.2.3.4
+ some_other_oid = 1.2.3.5
+
+=head2 ENGINE CONFIGURATION MODULE
+
+This ENGINE configuration module has the name B<engines>. The value of this
+variable points to a section containing further ENGINE configuration
+information.
+
+The section pointed to by B<engines> is a table of engine names (though see
+B<engine_id> below) and further sections containing configuration informations
+specific to each ENGINE.
+
+Each ENGINE specific section is used to set default algorithms, load
+dynamic, perform initialization and send ctrls. The actual operation performed
+depends on the I<command> name which is the name of the name value pair. The
+currently supported commands are listed below.
+
+For example:
+
+ [engine_section]
+
+ # Configure ENGINE named "foo"
+ foo = foo_section
+ # Configure ENGINE named "bar"
+ bar = bar_section
+
+ [foo_section]
+ ... foo ENGINE specific commands ...
+
+ [bar_section]
+ ... "bar" ENGINE specific commands ...
+
+The command B<engine_id> is used to give the ENGINE name. If used this
+command must be first. For example:
+
+ [engine_section]
+ # This would normally handle an ENGINE named "foo"
+ foo = foo_section
+
+ [foo_section]
+ # Override default name and use "myfoo" instead.
+ engine_id = myfoo
+
+The command B<dynamic_path> loads and adds an ENGINE from the given path. It
+is equivalent to sending the ctrls B<SO_PATH> with the path argument followed
+by B<LIST_ADD> with value 2 and B<LOAD> to the dynamic ENGINE. If this is
+not the required behaviour then alternative ctrls can be sent directly
+to the dynamic ENGINE using ctrl commands.
+
+The command B<init> determines whether to initialize the ENGINE. If the value
+is B<0> the ENGINE will not be initialized, if B<1> and attempt it made to
+initialized the ENGINE immediately. If the B<init> command is not present
+then an attempt will be made to initialize the ENGINE after all commands in
+its section have been processed.
+
+The command B<default_algorithms> sets the default algorithms an ENGINE will
+supply using the functions B<ENGINE_set_default_string()>
+
+If the name matches none of the above command names it is assumed to be a
+ctrl command which is sent to the ENGINE. The value of the command is the
+argument to the ctrl command. If the value is the string B<EMPTY> then no
+value is sent to the command.
+
+For example:
+
+
+ [engine_section]
+
+ # Configure ENGINE named "foo"
+ foo = foo_section
+
+ [foo_section]
+ # Load engine from DSO
+ dynamic_path = /some/path/fooengine.so
+ # A foo specific ctrl.
+ some_ctrl = some_value
+ # Another ctrl that doesn't take a value.
+ other_ctrl = EMPTY
+ # Supply all default algorithms
+ default_algorithms = ALL
+
=head1 NOTES
If a configuration file attempts to expand a variable that doesn't exist
then an error is flagged and the file will not load. This can happen
if an attempt is made to expand an environment variable that doesn't
-exist. For example the default OpenSSL master configuration file used
-the value of B<HOME> which may not be defined on non Unix systems.
+exist. For example in a previous version of OpenSSL the default OpenSSL
+master configuration file used the value of B<HOME> which may not be
+defined on non Unix systems and would cause an error.
This can be worked around by including a B<default> section to provide
a default value: then if the environment lookup fails the default value
diff --git a/lib/libssl/src/doc/apps/openssl.pod b/lib/libssl/src/doc/apps/openssl.pod
index 07dd80eabe5..dc0f49ddca6 100644
--- a/lib/libssl/src/doc/apps/openssl.pod
+++ b/lib/libssl/src/doc/apps/openssl.pod
@@ -329,7 +329,8 @@ L<passwd(1)|passwd(1)>,
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
-L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
+L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
diff --git a/lib/libssl/src/doc/apps/s_client.pod b/lib/libssl/src/doc/apps/s_client.pod
index d061326c1fc..8d19079973a 100644
--- a/lib/libssl/src/doc/apps/s_client.pod
+++ b/lib/libssl/src/doc/apps/s_client.pod
@@ -8,7 +8,7 @@ s_client - SSL/TLS client program
=head1 SYNOPSIS
B<openssl> B<s_client>
-[B<-connect> host:port>]
+[B<-connect host:port>]
[B<-verify depth>]
[B<-cert filename>]
[B<-key filename>]
@@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page.
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
-B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried
+B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
in case it is a buggy server. In particular you should play with these
options B<before> submitting a bug report to an OpenSSL mailing list.
@@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it
requests a certificate. By using B<s_client> the CA list can be viewed
and checked. However some servers only request client authentication
after a specific URL is requested. To obtain the list in this case it
-is necessary to use the B<-prexit> command and send an HTTP request
+is necessary to use the B<-prexit> option and send an HTTP request
for an appropriate page.
If a certificate is specified on the command line using the B<-cert>
diff --git a/lib/libssl/src/doc/apps/smime.pod b/lib/libssl/src/doc/apps/smime.pod
index 2453dd2738d..84b673f791e 100644
--- a/lib/libssl/src/doc/apps/smime.pod
+++ b/lib/libssl/src/doc/apps/smime.pod
@@ -17,6 +17,9 @@ B<openssl> B<smime>
[B<-rc2-40>]
[B<-rc2-64>]
[B<-rc2-128>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
[B<-in file>]
[B<-certfile file>]
[B<-signer file>]
@@ -126,11 +129,11 @@ B<-verify>. This directory must be a standard certificate directory: that
is a hash of each subject name (using B<x509 -hash>) should be linked
to each certificate.
-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
+=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256>
-the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
-or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
-used. Only used with B<-encrypt>.
+the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
+40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not
+specified 40 bit RC2 is used. Only used with B<-encrypt>.
=item B<-nointern>
diff --git a/lib/libssl/src/doc/crypto/BIO_f_ssl.pod b/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
index a56ee2b92f2..f0b731731f5 100644
--- a/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
+++ b/lib/libssl/src/doc/crypto/BIO_f_ssl.pod
@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
return 0;
}
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
BIO_puts(sbio, "--------------------------------------------------\r\n");
for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
}
BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "</pre>\r\n");
+ BIO_puts(sbio, "\r\n");
/* Since there is a buffering BIO present we had better flush it */
BIO_flush(sbio);
diff --git a/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod b/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
index 5ce4add0821..016381f3e99 100644
--- a/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
+++ b/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
@@ -2,7 +2,7 @@
=head1 NAME
- EVP_BytesToKey - password based encryption routine
+EVP_BytesToKey - password based encryption routine
=head1 SYNOPSIS
diff --git a/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 58afd8f0b8f..faa992286b1 100644
--- a/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -4,7 +4,7 @@
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
diff --git a/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod b/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
index 7c71bcbf3db..279b29c873c 100644
--- a/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
+++ b/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod
@@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
=head1 SYNOPSIS
#include <openssl/rsa.h>
+ #include <openssl/x509.h>
RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
@@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
structure.
-d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a
-SubjectPublicKeyInfo (certificate public key) structure.
+d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
structure.
diff --git a/lib/libssl/src/doc/crypto/des.pod b/lib/libssl/src/doc/crypto/des.pod
index 528c73acac6..6f0cf1cc5e5 100644
--- a/lib/libssl/src/doc/crypto/des.pod
+++ b/lib/libssl/src/doc/crypto/des.pod
@@ -283,7 +283,7 @@ DES_cbc_encrypt is used.
=head1 NOTES
Single-key DES is insecure due to its short key size. ECB mode is
-not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
+not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
The L<evp(3)|evp(3)> library provides higher-level encryption functions.
diff --git a/lib/libssl/src/doc/crypto/pem.pod b/lib/libssl/src/doc/crypto/pem.pod
index a4f8cc33376..8613114452e 100644
--- a/lib/libssl/src/doc/crypto/pem.pod
+++ b/lib/libssl/src/doc/crypto/pem.pod
@@ -330,7 +330,7 @@ most of them are set to 0 or NULL.
Read a certificate in PEM format from a BIO:
X509 *x;
- x = PEM_read_bio(bp, NULL, 0, NULL);
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
if (x == NULL)
{
/* Error */
@@ -459,12 +459,12 @@ returned by EVP_bytestokey().
The PEM read routines in some versions of OpenSSL will not correctly reuse
an existing structure. Therefore the following:
- PEM_read_bio(bp, &x, 0, NULL);
+ PEM_read_bio_X509(bp, &x, 0, NULL);
where B<x> already contains a valid certificate, may not work, whereas:
X509_free(x);
- x = PEM_read_bio(bp, NULL, 0, NULL);
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
is guaranteed to work.
diff --git a/lib/libssl/src/doc/crypto/ui.pod b/lib/libssl/src/doc/crypto/ui.pod
index 2b3535a7461..6df68d604a8 100644
--- a/lib/libssl/src/doc/crypto/ui.pod
+++ b/lib/libssl/src/doc/crypto/ui.pod
@@ -5,7 +5,7 @@
UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-UI_add_error_string, UI_dup_error_string, UI_construct_prompt
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
diff --git a/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod b/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod
index 2a987391147..42fa66b1975 100644
--- a/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/lib/libssl/src/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
=over 4
-=item 1
+=item 0
The operation succeeded.
-=item 0
+=item 1
The operation failed. Check the error queue to find out the reason.
diff --git a/lib/libssl/src/doc/ssleay.txt b/lib/libssl/src/doc/ssleay.txt
index d19da310eb2..d44d2f04a02 100644
--- a/lib/libssl/src/doc/ssleay.txt
+++ b/lib/libssl/src/doc/ssleay.txt
@@ -6245,7 +6245,7 @@ SSL_get_app_data
void SSL_CTX_set_default_verify
/* This callback, if set, totaly overrides the normal SSLeay verification
- * functions and should return 1 on successs and 0 on failure */
+ * functions and should return 1 on success and 0 on failure */
void SSL_CTX_set_cert_verify_callback
/* The following are the same as the equivilent SSL_xxx functions.
diff --git a/lib/libssl/src/openssl.spec b/lib/libssl/src/openssl.spec
index 9ce236e0d21..6a272f69698 100644
--- a/lib/libssl/src/openssl.spec
+++ b/lib/libssl/src/openssl.spec
@@ -1,7 +1,7 @@
%define libmaj 0
%define libmin 9
%define librel 7
-%define librev c
+%define librev d
Release: 1
%define openssldir /var/ssl
diff --git a/lib/libssl/src/os2/OS2-EMX.cmd b/lib/libssl/src/os2/OS2-EMX.cmd
index acab99ac393..5924b50b6d0 100644
--- a/lib/libssl/src/os2/OS2-EMX.cmd
+++ b/lib/libssl/src/os2/OS2-EMX.cmd
@@ -64,3 +64,39 @@ echo RC5\32
cd crypto\rc5\asm
perl rc5-586.pl a.out > r5-os2.asm
cd ..\..\..
+
+cd os2
+
+if exist noname\backward_ssl.def goto nomkdir
+mkdir noname
+:nomkdir
+
+perl backwardify.pl crypto.def >backward_crypto.def
+perl backwardify.pl ssl.def >backward_ssl.def
+perl backwardify.pl -noname crypto.def >noname\backward_crypto.def
+perl backwardify.pl -noname ssl.def >noname\backward_ssl.def
+
+echo Creating backward compatibility forwarder dlls:
+echo crypto.dll
+gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085
+echo ssl.dll
+gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085
+
+echo Creating smaller backward compatibility forwarder dlls:
+echo These DLLs are not good for runtime resolution of symbols.
+echo noname\crypto.dll
+gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085
+echo noname\ssl.dll
+gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085
+
+echo Compressing forwarders (it is ok if lxlite is not found):
+lxlite *.dll noname/*.dll
+
+cd ..
+
+echo Now run:
+echo For static build:
+echo make -f OS2-EMX.mak
+echo For dynamic build:
+echo make -f OS2-EMX-DLL.mak
+echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll
diff --git a/lib/libssl/src/ssl/Makefile.ssl b/lib/libssl/src/ssl/Makefile.ssl
index e48b5cedfb4..3ae3561ac1b 100644
--- a/lib/libssl/src/ssl/Makefile.ssl
+++ b/lib/libssl/src/ssl/Makefile.ssl
@@ -55,14 +55,14 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: lib shared
+all: shared
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
-shared:
+shared: lib
if [ -n "$(SHARED_LIBS)" ]; then \
(cd ..; $(MAKE) $(SHARED_LIB)); \
fi
@@ -280,84 +280,82 @@ s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
s23_srvr.o: ssl_locl.h
-s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
-s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
-s2_enc.o: ssl_locl.h
-s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
-s2_lib.o: ssl_locl.h
+s2_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
+s2_clnt.o: ssl_locl.h
+s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
+s2_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -383,58 +381,57 @@ s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
-s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
-s2_pkt.o: ssl_locl.h
-s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
+s2_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
+s2_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
+s2_srvr.o: ssl_locl.h
s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -461,32 +458,32 @@ s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
s3_both.o: ssl_locl.h
-s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
+s3_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_clnt.o: s3_clnt.c ssl_locl.h
s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -587,16 +584,15 @@ s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
-s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
-s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+s3_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
@@ -639,32 +635,32 @@ ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
-ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
+ssl_asn1.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
+ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_asn1.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
+ssl_asn1.o: ssl_locl.h
ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -766,33 +762,32 @@ ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
-ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
-ssl_lib.o: ssl_lib.c ssl_locl.h
+ssl_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ssl_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -818,32 +813,32 @@ ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
-ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
-ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h
-ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
+ssl_sess.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_sess.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ssl_sess.c
ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
diff --git a/lib/libssl/src/ssl/kssl.c b/lib/libssl/src/ssl/kssl.c
index 7c45f8ff4e6..51378897f6e 100644
--- a/lib/libssl/src/ssl/kssl.c
+++ b/lib/libssl/src/ssl/kssl.c
@@ -953,7 +953,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
printf("%s, authdata==0\n", label);
return;
}
- printf("%s [%p]\n", label, adata);
+ printf("%s [%p]\n", label, (void *)adata);
#if 0
{
int i;
@@ -1725,7 +1725,7 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
return;
}
else
- printf("%p\n", kssl_ctx);
+ printf("%p\n", (void *)kssl_ctx);
printf("\tservice:\t%s\n",
(kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index d51b60e3439..36f4a8b4c3b 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1946,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
if (algs & SSL_kRSA)
{
if (rsa == NULL
- || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+ || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
@@ -1958,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
- || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+ || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index 559924d3681..92efb9597d3 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -199,10 +199,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
COMP_METHOD *comp;
const EVP_MD *m;
EVP_MD_CTX md;
- int exp,n,i,j,k,cl;
+ int is_exp,n,i,j,k,cl;
int reuse_dd = 0;
- exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+ is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
if (s->s3->tmp.new_compression == NULL)
@@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
- j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+ j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
@@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_MD_CTX_init(&md);
memcpy(mac_secret,ms,i);
- if (exp)
+ if (is_exp)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index 4ae84582594..913bd40eea4 100644
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value);
const char *SSL_alert_desc_string_long(int value);
const char *SSL_alert_desc_string(int value);
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
int SSL_add_client_CA(SSL *ssl,X509 *x);
diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c
index da90078a378..2cfb6158787 100644
--- a/lib/libssl/src/ssl/ssl_cert.c
+++ b/lib/libssl/src/ssl/ssl_cert.c
@@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
return(i);
}
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
{
if (*ca_list != NULL)
sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
- *ca_list=list;
+ *ca_list=name_list;
}
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
return(ret);
}
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
{
- set_client_CA_list(&(s->client_CA),list);
+ set_client_CA_list(&(s->client_CA),name_list);
}
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
{
- set_client_CA_list(&(ctx->client_CA),list);
+ set_client_CA_list(&(ctx->client_CA),name_list);
}
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index 532fb4e80d6..2d6eab20c38 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -340,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
}
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
- int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+ int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
- int i, list_num;
+ int i, co_list_num;
SSL_CIPHER *c;
/*
@@ -354,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
*/
/* Get the initial list of ciphers */
- list_num = 0; /* actual count of ciphers */
+ co_list_num = 0; /* actual count of ciphers */
for (i = 0; i < num_of_ciphers; i++)
{
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid && !(c->algorithms & mask))
{
- list[list_num].cipher = c;
- list[list_num].next = NULL;
- list[list_num].prev = NULL;
- list[list_num].active = 0;
- list_num++;
+ co_list[co_list_num].cipher = c;
+ co_list[co_list_num].next = NULL;
+ co_list[co_list_num].prev = NULL;
+ co_list[co_list_num].active = 0;
+ co_list_num++;
#ifdef KSSL_DEBUG
printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
#endif /* KSSL_DEBUG */
@@ -378,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
/*
* Prepare linked list from list entries
*/
- for (i = 1; i < list_num - 1; i++)
+ for (i = 1; i < co_list_num - 1; i++)
{
- list[i].prev = &(list[i-1]);
- list[i].next = &(list[i+1]);
+ co_list[i].prev = &(co_list[i-1]);
+ co_list[i].next = &(co_list[i+1]);
}
- if (list_num > 0)
+ if (co_list_num > 0)
{
- (*head_p) = &(list[0]);
+ (*head_p) = &(co_list[0]);
(*head_p)->prev = NULL;
- (*head_p)->next = &(list[1]);
- (*tail_p) = &(list[list_num - 1]);
- (*tail_p)->prev = &(list[list_num - 2]);
+ (*head_p)->next = &(co_list[1]);
+ (*tail_p) = &(co_list[co_list_num - 1]);
+ (*tail_p)->prev = &(co_list[co_list_num - 2]);
(*tail_p)->next = NULL;
}
}
@@ -435,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long mask_strength,
- int rule, int strength_bits, CIPHER_ORDER *list,
+ int rule, int strength_bits, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -530,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
*tail_p = tail;
}
-static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p)
+static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+ CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p)
{
int max_strength_bits, i, *number_uses;
CIPHER_ORDER *curr;
@@ -576,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
- list, head_p, tail_p);
+ co_list, head_p, tail_p);
OPENSSL_free(number_uses);
return(1);
}
static int ssl_cipher_process_rulestr(const char *rule_str,
- CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+ CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
{
unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -708,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
ok = 0;
if ((buflen == 8) &&
!strncmp(buf, "STRENGTH", 8))
- ok = ssl_cipher_strength_sort(list,
+ ok = ssl_cipher_strength_sort(co_list,
head_p, tail_p);
else
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -728,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
{
ssl_cipher_apply_rule(algorithms, mask,
algo_strength, mask_strength, rule, -1,
- list, head_p, tail_p);
+ co_list, head_p, tail_p);
}
else
{
@@ -750,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
unsigned long disabled_mask;
STACK_OF(SSL_CIPHER) *cipherstack;
const char *rule_p;
- CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+ CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
SSL_CIPHER **ca_list = NULL;
/*
@@ -780,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
#ifdef KSSL_DEBUG
printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
#endif /* KSSL_DEBUG */
- list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
- if (list == NULL)
+ co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+ if (co_list == NULL)
{
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
- list, &head, &tail);
+ co_list, &head, &tail);
/*
* We also need cipher aliases for selecting based on the rule_str.
@@ -804,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
if (ca_list == NULL)
{
- OPENSSL_free(list);
+ OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
@@ -820,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
if (strncmp(rule_str,"DEFAULT",7) == 0)
{
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
- list, &head, &tail, ca_list);
+ co_list, &head, &tail, ca_list);
rule_p += 7;
if (*rule_p == ':')
rule_p++;
}
if (ok && (strlen(rule_p) > 0))
- ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+ ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
ca_list);
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok)
{ /* Rule processing failure */
- OPENSSL_free(list);
+ OPENSSL_free(co_list);
return(NULL);
}
/*
@@ -843,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
{
- OPENSSL_free(list);
+ OPENSSL_free(co_list);
return(NULL);
}
@@ -861,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
#endif
}
}
- OPENSSL_free(list); /* Not needed any longer */
+ OPENSSL_free(co_list); /* Not needed any longer */
/*
* The following passage is a little bit odd. If pointer variables
@@ -911,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
- char *ver,*exp;
+ char *ver,*exp_str;
char *kx,*au,*enc,*mac;
unsigned long alg,alg2,alg_s;
#ifdef KSSL_DEBUG
@@ -927,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
is_export=SSL_C_IS_EXPORT(cipher);
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
- exp=is_export?" export":"";
+ exp_str=is_export?" export":"";
if (alg & SSL_SSLV2)
ver="SSLv2";
@@ -1046,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
return("Buffer too small");
#ifdef KSSL_DEBUG
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
+ BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
#else
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+ BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
#endif /* KSSL_DEBUG */
return(buf);
}
@@ -1135,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
MemCheck_on();
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
- return(0);
+ return(1);
}
else
{
MemCheck_on();
- return(1);
+ return(0);
}
}
diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c
index 84c25d2c30a..033f309ffe5 100644
--- a/lib/libssl/src/ssl/ssltest.c
+++ b/lib/libssl/src/ssl/ssltest.c
@@ -565,7 +565,14 @@ bad:
if (cm != NULL)
{
if (cm->type != NID_undef)
- SSL_COMP_add_compression_method(comp, cm);
+ {
+ if (SSL_COMP_add_compression_method(comp, cm) != 0)
+ {
+ fprintf(stderr,
+ "Failed to add compression method\n");
+ ERR_print_errors_fp(stderr);
+ }
+ }
else
{
fprintf(stderr,
diff --git a/lib/libssl/src/util/mk1mf.pl b/lib/libssl/src/util/mk1mf.pl
index c538f9dffb1..b4bc0457e54 100644
--- a/lib/libssl/src/util/mk1mf.pl
+++ b/lib/libssl/src/util/mk1mf.pl
@@ -277,6 +277,8 @@ $defs= <<"EOF";
EOF
+$defs .= $preamble if defined $preamble;
+
if ($platform eq "VC-CE")
{
$defs.= <<"EOF";
diff --git a/lib/libssl/src/util/mkdef.pl b/lib/libssl/src/util/mkdef.pl
index cdd2164c4e2..01a1bfda197 100644
--- a/lib/libssl/src/util/mkdef.pl
+++ b/lib/libssl/src/util/mkdef.pl
@@ -1116,27 +1116,55 @@ sub print_test_file
}
}
+sub get_version {
+ local *MF;
+ my $v = '?';
+ open MF, 'Makefile.ssl' or return $v;
+ while (<MF>) {
+ $v = $1, last if /^VERSION=(.*?)\s*$/;
+ }
+ close MF;
+ return $v;
+}
+
sub print_def_file
{
(*OUT,my $name,*nums,my @symbols)=@_;
my $n = 1; my @e; my @r; my @v; my $prev="";
my $liboptions="";
+ my $libname = $name;
+ my $http_vendor = 'www.openssl.org/';
+ my $version = get_version();
+ my $what = "OpenSSL: implementation of Secure Socket Layer";
+ my $description = "$what $version, $name - http://$http_vendor";
if ($W32)
- { $name.="32"; }
+ { $libname.="32"; }
elsif ($W16)
- { $name.="16"; }
+ { $libname.="16"; }
elsif ($OS2)
- { $liboptions = "INITINSTANCE\nDATA NONSHARED"; }
+ { # DLL names should not clash on the whole system.
+ # However, they should not have any particular relationship
+ # to the name of the static library. Chose descriptive names
+ # (must be at most 8 chars).
+ my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
+ $libname = $translate{$name} || $name;
+ $liboptions = <<EOO;
+INITINSTANCE
+DATA MULTIPLE NONSHARED
+EOO
+ # Vendor field can't contain colon, drat; so we omit http://
+ $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
+ }
print OUT <<"EOF";
;
; Definition file for the DLL version of the $name library from OpenSSL
;
-LIBRARY $name $liboptions
+LIBRARY $libname $liboptions
-DESCRIPTION 'OpenSSL $name - http://www.openssl.org/'
+DESCRIPTION '$description'
EOF
diff --git a/lib/libssl/src/util/pl/OS2-EMX.pl b/lib/libssl/src/util/pl/OS2-EMX.pl
index d695dda623d..ddb35242108 100644
--- a/lib/libssl/src/util/pl/OS2-EMX.pl
+++ b/lib/libssl/src/util/pl/OS2-EMX.pl
@@ -3,10 +3,12 @@
# OS2-EMX.pl - for EMX GCC on OS/2
#
-$o='\\';
-$cp='copy';
+$o='/';
+$cp='cp';
$rm='rm -f';
+$preamble = "SHELL=sh\n";
+
# C compiler stuff
$cc='gcc';
@@ -48,24 +50,24 @@ $bf_enc_src="";
if (!$no_asm)
{
- $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj";
- $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm";
- $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj";
- $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm";
- $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj";
- $bf_enc_src="crypto\\bf\\asm\\b-os2.asm";
- $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj";
- $cast_enc_src="crypto\\cast\\asm\\c-os2.asm";
- $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj";
- $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm";
- $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj";
- $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm";
- $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj";
- $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm";
- $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj";
- $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm";
- $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj";
- $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm";
+ $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
+ $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
+ $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
+ $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
+ $bf_enc_obj="crypto/bf/asm/b-os2$obj";
+ $bf_enc_src="crypto/bf/asm/b-os2.asm";
+ $cast_enc_obj="crypto/cast/asm/c-os2$obj";
+ $cast_enc_src="crypto/cast/asm/c-os2.asm";
+ $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
+ $rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
+ $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
+ $rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
+ $md5_asm_obj="crypto/md5/asm/m5-os2$obj";
+ $md5_asm_src="crypto/md5/asm/m5-os2.asm";
+ $sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
+ $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
+ $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
+ $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
}
if ($shlib)