Resolve conflicts. In particular, prefer OpenSSL's BIO_strl* and
BIO_strncpy over ours.
This commit is contained in:
parent
5a374ad0ce
commit
4b32eb44a7
45
crypto/dist/openssl/CHANGES
vendored
45
crypto/dist/openssl/CHANGES
vendored
@ -2,6 +2,51 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
|
||||
|
||||
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
|
||||
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
|
||||
[Joe Orton, Steve Henson]
|
||||
|
||||
*) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
|
||||
(CAN-2004-0112)
|
||||
[Joe Orton, Steve Henson]
|
||||
|
||||
*) Make it possible to have multiple active certificates with the same
|
||||
subject in the CA index file. This is done only if the keyword
|
||||
'unique_subject' is set to 'no' in the main CA section (default
|
||||
if 'CA_default') of the configuration file. The value is saved
|
||||
with the database itself in a separate index attribute file,
|
||||
named like the index file with '.attr' appended to the name.
|
||||
[Richard Levitte]
|
||||
|
||||
*) X509 verify fixes. Disable broken certificate workarounds when
|
||||
X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
|
||||
keyUsage extension present. Don't accept CRLs with unhandled critical
|
||||
extensions: since verify currently doesn't process CRL extensions this
|
||||
rejects a CRL with *any* critical extensions. Add new verify error codes
|
||||
for these cases.
|
||||
[Steve Henson]
|
||||
|
||||
*) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
|
||||
A clarification of RFC2560 will require the use of OCTET STRINGs and
|
||||
some implementations cannot handle the current raw format. Since OpenSSL
|
||||
copies and compares OCSP nonces as opaque blobs without any attempt at
|
||||
parsing them this should not create any compatibility issues.
|
||||
[Steve Henson]
|
||||
|
||||
*) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
|
||||
calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
|
||||
this HMAC (and other) operations are several times slower than OpenSSL
|
||||
< 0.9.7.
|
||||
[Steve Henson]
|
||||
|
||||
*) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
|
||||
[Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
|
||||
|
||||
*) Use the correct content when signing type "other".
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
|
||||
|
||||
*) Fix various bugs revealed by running the NISCC test suite:
|
||||
|
7
crypto/dist/openssl/FAQ
vendored
7
crypto/dist/openssl/FAQ
vendored
@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.7c was released on September 30, 2003.
|
||||
OpenSSL 0.9.7d was released on March 17, 2004.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@ -116,11 +116,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
|
||||
|
||||
* Where can I get a compiled version of OpenSSL?
|
||||
|
||||
You can finder pointers to binary distributions in
|
||||
http://www.openssl.org/related/binaries.html .
|
||||
|
||||
Some applications that use OpenSSL are distributed in binary form.
|
||||
When using such an application, you don't need to install OpenSSL
|
||||
yourself; the application will include the required parts (e.g. DLLs).
|
||||
|
||||
If you want to install OpenSSL on a Windows system and you don't have
|
||||
If you want to build OpenSSL on a Windows system and you don't have
|
||||
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
|
||||
on how to obtain and install the free GNU C compiler.
|
||||
|
||||
|
33
crypto/dist/openssl/apps/apps.h
vendored
33
crypto/dist/openssl/apps/apps.h
vendored
@ -248,7 +248,38 @@ char *make_config_name(void);
|
||||
/* Functions defined in ca.c and also used in ocsp.c */
|
||||
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
ASN1_GENERALIZEDTIME **pinvtm, char *str);
|
||||
int make_serial_index(TXT_DB *db);
|
||||
|
||||
#define DB_type 0
|
||||
#define DB_exp_date 1
|
||||
#define DB_rev_date 2
|
||||
#define DB_serial 3 /* index - unique */
|
||||
#define DB_file 4
|
||||
#define DB_name 5 /* index - unique when active and not disabled */
|
||||
#define DB_NUMBER 6
|
||||
|
||||
#define DB_TYPE_REV 'R'
|
||||
#define DB_TYPE_EXP 'E'
|
||||
#define DB_TYPE_VAL 'V'
|
||||
|
||||
typedef struct db_attr_st
|
||||
{
|
||||
int unique_subject;
|
||||
} DB_ATTR;
|
||||
typedef struct ca_db_st
|
||||
{
|
||||
DB_ATTR attributes;
|
||||
TXT_DB *db;
|
||||
} CA_DB;
|
||||
|
||||
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
|
||||
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
|
||||
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
|
||||
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
|
||||
int index_index(CA_DB *db);
|
||||
int save_index(char *dbfile, char *suffix, CA_DB *db);
|
||||
int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
|
||||
void free_index(CA_DB *db);
|
||||
int index_name_cmp(const char **a, const char **b);
|
||||
|
||||
X509_NAME *do_subject(char *str, long chtype);
|
||||
|
||||
|
551
crypto/dist/openssl/apps/ca.c
vendored
551
crypto/dist/openssl/apps/ca.c
vendored
@ -122,6 +122,7 @@
|
||||
#define ENV_NEW_CERTS_DIR "new_certs_dir"
|
||||
#define ENV_CERTIFICATE "certificate"
|
||||
#define ENV_SERIAL "serial"
|
||||
#define ENV_CRLNUMBER "crlnumber"
|
||||
#define ENV_CRL "crl"
|
||||
#define ENV_PRIVATE_KEY "private_key"
|
||||
#define ENV_RANDFILE "RANDFILE"
|
||||
@ -143,18 +144,6 @@
|
||||
|
||||
#define ENV_DATABASE "database"
|
||||
|
||||
#define DB_type 0
|
||||
#define DB_exp_date 1
|
||||
#define DB_rev_date 2
|
||||
#define DB_serial 3 /* index - unique */
|
||||
#define DB_file 4
|
||||
#define DB_name 5 /* index - unique for active */
|
||||
#define DB_NUMBER 6
|
||||
|
||||
#define DB_TYPE_REV 'R'
|
||||
#define DB_TYPE_EXP 'E'
|
||||
#define DB_TYPE_VAL 'V'
|
||||
|
||||
/* Additional revocation information types */
|
||||
|
||||
#define REV_NONE 0 /* No addditional information */
|
||||
@ -211,43 +200,36 @@ extern int EF_ALIGNMENT;
|
||||
#endif
|
||||
|
||||
static void lookup_fail(char *name,char *tag);
|
||||
static unsigned long index_serial_hash(const char **a);
|
||||
static int index_serial_cmp(const char **a, const char **b);
|
||||
static unsigned long index_name_hash(const char **a);
|
||||
static int index_name_qual(char **a);
|
||||
static int index_name_cmp(const char **a,const char **b);
|
||||
static BIGNUM *load_serial(char *serialfile);
|
||||
static int save_serial(char *serialfile, BIGNUM *serial);
|
||||
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
||||
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
|
||||
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
|
||||
BIGNUM *serial, char *subj, int email_dn, char *startdate,
|
||||
char *enddate, long days, int batch, char *ext_sect, CONF *conf,
|
||||
int verbose, unsigned long certopt, unsigned long nameopt,
|
||||
int default_op, int ext_copy);
|
||||
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
||||
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
|
||||
TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
|
||||
CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
|
||||
char *startdate, char *enddate, long days, int batch,
|
||||
char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
|
||||
unsigned long nameopt, int default_op, int ext_copy,
|
||||
ENGINE *e);
|
||||
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
||||
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
|
||||
TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
|
||||
CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
|
||||
char *startdate, char *enddate, long days, char *ext_sect,
|
||||
CONF *conf, int verbose, unsigned long certopt,
|
||||
unsigned long nameopt, int default_op, int ext_copy);
|
||||
static int fix_data(int nid, int *type);
|
||||
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
|
||||
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
||||
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
|
||||
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
|
||||
int email_dn, char *startdate, char *enddate, long days, int batch,
|
||||
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
int ext_copy);
|
||||
static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
|
||||
static int get_certificate_status(const char *ser_status, TXT_DB *db);
|
||||
static int do_updatedb(TXT_DB *db);
|
||||
static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
|
||||
static int get_certificate_status(const char *ser_status, CA_DB *db);
|
||||
static int do_updatedb(CA_DB *db);
|
||||
static int check_time_format(char *str);
|
||||
char *make_revocation_str(int rev_type, char *rev_arg);
|
||||
int make_revoked(X509_REVOKED *rev, char *str);
|
||||
@ -259,11 +241,6 @@ static char *section=NULL;
|
||||
static int preserve=0;
|
||||
static int msie_hack=0;
|
||||
|
||||
static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
|
||||
static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
|
||||
static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
|
||||
static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
|
||||
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
@ -300,6 +277,7 @@ int MAIN(int argc, char **argv)
|
||||
char *outfile=NULL;
|
||||
char *outdir=NULL;
|
||||
char *serialfile=NULL;
|
||||
char *crlnumberfile=NULL;
|
||||
char *extensions=NULL;
|
||||
char *extfile=NULL;
|
||||
char *subj=NULL;
|
||||
@ -308,6 +286,7 @@ int MAIN(int argc, char **argv)
|
||||
int rev_type = REV_NONE;
|
||||
char *rev_arg = NULL;
|
||||
BIGNUM *serial=NULL;
|
||||
BIGNUM *crlnumber=NULL;
|
||||
char *startdate=NULL;
|
||||
char *enddate=NULL;
|
||||
long days=0;
|
||||
@ -320,14 +299,13 @@ int MAIN(int argc, char **argv)
|
||||
X509 *x=NULL;
|
||||
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
|
||||
char *dbfile=NULL;
|
||||
TXT_DB *db=NULL;
|
||||
CA_DB *db=NULL;
|
||||
X509_CRL *crl=NULL;
|
||||
X509_REVOKED *r=NULL;
|
||||
ASN1_TIME *tmptm;
|
||||
ASN1_INTEGER *tmpser;
|
||||
char **pp,*p,*f;
|
||||
int i,j;
|
||||
long l;
|
||||
const EVP_MD *dgst=NULL;
|
||||
STACK_OF(CONF_VALUE) *attribs=NULL;
|
||||
STACK_OF(X509) *cert_sk=NULL;
|
||||
@ -339,6 +317,7 @@ int MAIN(int argc, char **argv)
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
char *tofree=NULL;
|
||||
DB_ATTR db_attr;
|
||||
|
||||
#ifdef EFENCE
|
||||
EF_PROTECT_FREE=1;
|
||||
@ -579,8 +558,19 @@ bad:
|
||||
if (configfile == NULL)
|
||||
{
|
||||
const char *s=X509_get_default_cert_area();
|
||||
size_t len;
|
||||
|
||||
asprintf(&tofree, "%s/%s", s, CONFIG_FILE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
len = strlen(s)+sizeof(CONFIG_FILE);
|
||||
tofree=OPENSSL_malloc(len);
|
||||
strcpy(tofree,s);
|
||||
#else
|
||||
len = strlen(s)+sizeof(CONFIG_FILE)+1;
|
||||
tofree=OPENSSL_malloc(len);
|
||||
BUF_strlcpy(tofree,s,len);
|
||||
BUF_strlcat(tofree,"/",len);
|
||||
#endif
|
||||
BUF_strlcat(tofree,CONFIG_FILE,len);
|
||||
configfile=tofree;
|
||||
}
|
||||
|
||||
@ -651,6 +641,39 @@ bad:
|
||||
if (randfile == NULL)
|
||||
ERR_clear_error();
|
||||
app_RAND_load_file(randfile, bio_err, 0);
|
||||
|
||||
db_attr.unique_subject = 1;
|
||||
p = NCONF_get_string(conf, section, "unique_subject");
|
||||
if (p)
|
||||
{
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
|
||||
#endif
|
||||
switch(*p)
|
||||
{
|
||||
case 'f': /* false */
|
||||
case 'F': /* FALSE */
|
||||
case 'n': /* no */
|
||||
case 'N': /* NO */
|
||||
db_attr.unique_subject = 0;
|
||||
break;
|
||||
case 't': /* true */
|
||||
case 'T': /* TRUE */
|
||||
case 'y': /* yes */
|
||||
case 'Y': /* YES */
|
||||
default:
|
||||
db_attr.unique_subject = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
#ifdef RL_DEBUG
|
||||
else
|
||||
BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
|
||||
#endif
|
||||
#ifdef RL_DEBUG
|
||||
BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
|
||||
db_attr.unique_subject);
|
||||
#endif
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
@ -671,17 +694,10 @@ bad:
|
||||
lookup_fail(section,ENV_DATABASE);
|
||||
goto err;
|
||||
}
|
||||
if (BIO_read_filename(in,dbfile) <= 0)
|
||||
{
|
||||
perror(dbfile);
|
||||
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
|
||||
goto err;
|
||||
}
|
||||
db=TXT_DB_read(in,DB_NUMBER);
|
||||
db = load_index(dbfile,&db_attr);
|
||||
if (db == NULL) goto err;
|
||||
|
||||
if (!make_serial_index(db))
|
||||
goto err;
|
||||
if (!index_index(db)) goto err;
|
||||
|
||||
if (get_certificate_status(ser_status,db) != 1)
|
||||
BIO_printf(bio_err,"Error verifying serial %s!\n",
|
||||
@ -841,19 +857,13 @@ bad:
|
||||
lookup_fail(section,ENV_DATABASE);
|
||||
goto err;
|
||||
}
|
||||
if (BIO_read_filename(in,dbfile) <= 0)
|
||||
{
|
||||
perror(dbfile);
|
||||
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
|
||||
goto err;
|
||||
}
|
||||
db=TXT_DB_read(in,DB_NUMBER);
|
||||
db = load_index(dbfile, &db_attr);
|
||||
if (db == NULL) goto err;
|
||||
|
||||
/* Lets check some fields */
|
||||
for (i=0; i<sk_num(db->data); i++)
|
||||
for (i=0; i<sk_num(db->db->data); i++)
|
||||
{
|
||||
pp=(char **)sk_value(db->data,i);
|
||||
pp=(char **)sk_value(db->db->data,i);
|
||||
if ((pp[DB_type][0] != DB_TYPE_REV) &&
|
||||
(pp[DB_rev_date][0] != '\0'))
|
||||
{
|
||||
@ -904,23 +914,13 @@ bad:
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
TXT_DB_write(out,db);
|
||||
TXT_DB_write(out,db->db);
|
||||
BIO_printf(bio_err,"%d entries loaded from the database\n",
|
||||
db->data->num);
|
||||
db->db->data->num);
|
||||
BIO_printf(bio_err,"generating index\n");
|
||||
}
|
||||
|
||||
if (!make_serial_index(db))
|
||||
goto err;
|
||||
|
||||
if (!TXT_DB_create_index(db, DB_name, index_name_qual,
|
||||
LHASH_HASH_FN(index_name_hash),
|
||||
LHASH_COMP_FN(index_name_cmp)))
|
||||
{
|
||||
BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
|
||||
db->error,db->arg1,db->arg2);
|
||||
goto err;
|
||||
}
|
||||
if (!index_index(db)) goto err;
|
||||
|
||||
/*****************************************************************/
|
||||
/* Update the db file for expired certificates */
|
||||
@ -943,62 +943,9 @@ bad:
|
||||
}
|
||||
else
|
||||
{
|
||||
out = BIO_new(BIO_s_file());
|
||||
if (out == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto err;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
|
||||
#else
|
||||
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
|
||||
#endif
|
||||
if (j < 0 || j >= sizeof buf[0])
|
||||
{
|
||||
BIO_printf(bio_err, "file name too long\n");
|
||||
goto err;
|
||||
}
|
||||
if (BIO_write_filename(out,buf[0]) <= 0)
|
||||
{
|
||||
perror(dbfile);
|
||||
BIO_printf(bio_err,"unable to open '%s'\n",
|
||||
dbfile);
|
||||
goto err;
|
||||
}
|
||||
j=TXT_DB_write(out,db);
|
||||
if (j <= 0) goto err;
|
||||
|
||||
BIO_free(out);
|
||||
out = NULL;
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
|
||||
#else
|
||||
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
|
||||
#endif
|
||||
if (j < 0 || j >= sizeof buf[1])
|
||||
{
|
||||
BIO_printf(bio_err, "file name too long\n");
|
||||
goto err;
|
||||
}
|
||||
if (rename(dbfile,buf[1]) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"unable to rename %s to %s\n",
|
||||
dbfile, buf[1]);
|
||||
perror("reason");
|
||||
goto err;
|
||||
}
|
||||
if (rename(buf[0],dbfile) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"unable to rename %s to %s\n",
|
||||
buf[0],dbfile);
|
||||
perror("reason");
|
||||
rename(buf[1],dbfile);
|
||||
goto err;
|
||||
}
|
||||
if (!save_index(dbfile,"new",db)) goto err;
|
||||
|
||||
if (!rotate_index(dbfile,"new","old")) goto err;
|
||||
|
||||
if (verbose) BIO_printf(bio_err,
|
||||
"Done. %d entries marked as expired\n",i);
|
||||
@ -1159,7 +1106,7 @@ bad:
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((serial=load_serial(serialfile)) == NULL)
|
||||
if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"error while loading serial number\n");
|
||||
goto err;
|
||||
@ -1293,38 +1240,9 @@ bad:
|
||||
|
||||
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
|
||||
|
||||
if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
|
||||
{
|
||||
BIO_printf(bio_err,"file name too long\n");
|
||||
goto err;
|
||||
}
|
||||
if (!save_serial(serialfile,"new",serial,NULL)) goto err;
|
||||
|
||||
strlcpy(buf[0],serialfile, sizeof(buf[0]));
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
strlcat(buf[0],"-new", sizeof(buf[0]));
|
||||
#else
|
||||
strlcat(buf[0], ".new", sizeof(buf[0]));
|
||||
#endif
|
||||
|
||||
if (!save_serial(buf[0],serial)) goto err;
|
||||
|
||||
strlcpy(buf[1], dbfile, sizeof(buf[1]));
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
strlcat(buf[1], "-new", sizeof(buf[1]));
|
||||
#else
|
||||
strlcat(buf[1], ".new", sizeof(buf[1]));
|
||||
#endif
|
||||
|
||||
if (BIO_write_filename(out,buf[1]) <= 0)
|
||||
{
|
||||
perror(dbfile);
|
||||
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
|
||||
goto err;
|
||||
}
|
||||
l=TXT_DB_write(out,db);
|
||||
if (l <= 0) goto err;
|
||||
if (!save_index(dbfile, "new", db)) goto err;
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
@ -1332,7 +1250,7 @@ bad:
|
||||
for (i=0; i<sk_X509_num(cert_sk); i++)
|
||||
{
|
||||
int k;
|
||||
unsigned char *n;
|
||||
char *n;
|
||||
|
||||
x=sk_X509_value(cert_sk,i);
|
||||
|
||||
@ -1348,17 +1266,19 @@ bad:
|
||||
strlcpy(buf[2], outdir, sizeof(buf[2]));
|
||||
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
strlcat(buf[2], "/", sizeof(buf[2]));
|
||||
BUF_strlcat(buf[2],"/",sizeof(buf[2]));
|
||||
#endif
|
||||
|
||||
n=(unsigned char *)&(buf[2][strlen(buf[2])]);
|
||||
n=(char *)&(buf[2][strlen(buf[2])]);
|
||||
if (j > 0)
|
||||
{
|
||||
for (k=0; k<j; k++)
|
||||
{
|
||||
snprintf((char *)n,
|
||||
sizeof(buf[2]) - ((char *)n - &buf[2][0]),
|
||||
"%02X",(unsigned char)*(p++));
|
||||
if (n >= &(buf[2][sizeof(buf[2])]))
|
||||
break;
|
||||
BIO_snprintf(n,
|
||||
&buf[2][0] + sizeof(buf[2]) - n,
|
||||
"%02X",(unsigned char)*(p++));
|
||||
n+=2;
|
||||
}
|
||||
}
|
||||
@ -1384,59 +1304,10 @@ bad:
|
||||
if (sk_X509_num(cert_sk))
|
||||
{
|
||||
/* Rename the database and the serial file */
|
||||
strncpy(buf[2],serialfile,BSIZE-4);
|
||||
buf[2][BSIZE-4]='\0';
|
||||
if (!rotate_serial(serialfile,"new","old")) goto err;
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
strcat(buf[2],"-old");
|
||||
#else
|
||||
strcat(buf[2],".old");
|
||||
#endif
|
||||
if (!rotate_index(dbfile,"new","old")) goto err;
|
||||
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
in=NULL;
|
||||
out=NULL;
|
||||
if (rename(serialfile,buf[2]) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to rename %s to %s\n",
|
||||
serialfile,buf[2]);
|
||||
perror("reason");
|
||||
goto err;
|
||||
}
|
||||
if (rename(buf[0],serialfile) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to rename %s to %s\n",
|
||||
buf[0],serialfile);
|
||||
perror("reason");
|
||||
rename(buf[2],serialfile);
|
||||
goto err;
|
||||
}
|
||||
|
||||
strncpy(buf[2],dbfile,BSIZE-4);
|
||||
buf[2][BSIZE-4]='\0';
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
strcat(buf[2],"-old");
|
||||
#else
|
||||
strcat(buf[2],".old");
|
||||
#endif
|
||||
|
||||
if (rename(dbfile,buf[2]) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to rename %s to %s\n",
|
||||
dbfile,buf[2]);
|
||||
perror("reason");
|
||||
goto err;
|
||||
}
|
||||
if (rename(buf[1],dbfile) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to rename %s to %s\n",
|
||||
buf[1],dbfile);
|
||||
perror("reason");
|
||||
rename(buf[2],dbfile);
|
||||
goto err;
|
||||
}
|
||||
BIO_printf(bio_err,"Data Base Updated\n");
|
||||
}
|
||||
}
|
||||
@ -1467,6 +1338,14 @@ bad:
|
||||
}
|
||||
}
|
||||
|
||||
if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
|
||||
!= NULL)
|
||||
if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"error while loading CRL number\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!crldays && !crlhours)
|
||||
{
|
||||
if (!NCONF_get_number(conf,section,
|
||||
@ -1495,9 +1374,9 @@ bad:
|
||||
|
||||
ASN1_TIME_free(tmptm);
|
||||
|
||||
for (i=0; i<sk_num(db->data); i++)
|
||||
for (i=0; i<sk_num(db->db->data); i++)
|
||||
{
|
||||
pp=(char **)sk_value(db->data,i);
|
||||
pp=(char **)sk_value(db->db->data,i);
|
||||
if (pp[DB_type][0] == DB_TYPE_REV)
|
||||
{
|
||||
if ((r=X509_REVOKED_new()) == NULL) goto err;
|
||||
@ -1543,14 +1422,24 @@ bad:
|
||||
|
||||
/* Add any extensions asked for */
|
||||
|
||||
if (crl_ext)
|
||||
if (crl_ext || crlnumberfile != NULL)
|
||||
{
|
||||
X509V3_CTX crlctx;
|
||||
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
|
||||
X509V3_set_nconf(&crlctx, conf);
|
||||
|
||||
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
|
||||
crl_ext, crl)) goto err;
|
||||
if (crl_ext)
|
||||
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
|
||||
crl_ext, crl)) goto err;
|
||||
if (crlnumberfile != NULL)
|
||||
{
|
||||
tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
|
||||
if (!tmpser) goto err;
|
||||
X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
|
||||
ASN1_INTEGER_free(tmpser);
|
||||
crl_v2 = 1;
|
||||
if (!BN_add_word(crlnumber,1)) goto err;
|
||||
}
|
||||
}
|
||||
if (crl_ext || crl_v2)
|
||||
{
|
||||
@ -1558,9 +1447,17 @@ bad:
|
||||
goto err; /* version 2 CRL */
|
||||
}
|
||||
|
||||
|
||||
if (crlnumberfile != NULL) /* we have a CRL number that need updating */
|
||||
if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
|
||||
|
||||
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
|
||||
|
||||
PEM_write_bio_X509_CRL(Sout,crl);
|
||||
|
||||
if (crlnumberfile != NULL) /* Rename the crlnumber file */
|
||||
if (!rotate_serial(crlnumberfile,"new","old")) goto err;
|
||||
|
||||
}
|
||||
/*****************************************************************/
|
||||
if (dorevoke)
|
||||
@ -1581,50 +1478,10 @@ bad:
|
||||
if (j <= 0) goto err;
|
||||
X509_free(revcert);
|
||||
|
||||
if(strlen(dbfile) > BSIZE-5)
|
||||
{
|
||||
BIO_printf(bio_err,"filename too long\n");
|
||||
goto err;
|
||||
}
|
||||
if (!save_index(dbfile, "new", db)) goto err;
|
||||
|
||||
if (!rotate_index(dbfile, "new", "old")) goto err;
|
||||
|
||||
strlcpy(buf[0] ,dbfile, sizeof(buf[0]));
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
strlcat(buf[0], ".new", sizeof(buf[0]));
|
||||
#else
|
||||
strlcat(buf[0], "-new", sizeof(buf[0]));
|
||||
#endif
|
||||
if (BIO_write_filename(out,buf[0]) <= 0)
|
||||
{
|
||||
perror(dbfile);
|
||||
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
|
||||
goto err;
|
||||
}
|
||||
j=TXT_DB_write(out,db);
|
||||
if (j <= 0) goto err;
|
||||
BIO_free_all(out);
|
||||
out = NULL;
|
||||
BIO_free_all(in);
|
||||
in = NULL;
|
||||
strncpy(buf[1],dbfile,BSIZE-4);
|
||||
buf[1][BSIZE-4]='\0';
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
strlcat(buf[1], ".old", sizeof(buf[1]));
|
||||
#else
|
||||
strlcat(buf[1], "-old", sizeof(buf[1]));
|
||||
#endif
|
||||
if (rename(dbfile,buf[1]) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
|
||||
perror("reason");
|
||||
goto err;
|
||||
}
|
||||
if (rename(buf[0],dbfile) < 0)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
|
||||
perror("reason");
|
||||
rename(buf[1],dbfile);
|
||||
goto err;
|
||||
}
|
||||
BIO_printf(bio_err,"Data Base Updated\n");
|
||||
}
|
||||
}
|
||||
@ -1646,7 +1503,7 @@ err:
|
||||
if (free_key && key)
|
||||
OPENSSL_free(key);
|
||||
BN_free(serial);
|
||||
TXT_DB_free(db);
|
||||
free_index(db);
|
||||
EVP_PKEY_free(pkey);
|
||||
X509_free(x509);
|
||||
X509_CRL_free(crl);
|
||||
@ -1661,106 +1518,8 @@ static void lookup_fail(char *name, char *tag)
|
||||
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
|
||||
}
|
||||
|
||||
static unsigned long index_serial_hash(const char **a)
|
||||
{
|
||||
const char *n;
|
||||
|
||||
n=a[DB_serial];
|
||||
while (*n == '0') n++;
|
||||
return(lh_strhash(n));
|
||||
}
|
||||
|
||||
static int index_serial_cmp(const char **a, const char **b)
|
||||
{
|
||||
const char *aa,*bb;
|
||||
|
||||
for (aa=a[DB_serial]; *aa == '0'; aa++);
|
||||
for (bb=b[DB_serial]; *bb == '0'; bb++);
|
||||
return(strcmp(aa,bb));
|
||||
}
|
||||
|
||||
static unsigned long index_name_hash(const char **a)
|
||||
{ return(lh_strhash(a[DB_name])); }
|
||||
|
||||
static int index_name_qual(char **a)
|
||||
{ return(a[0][0] == 'V'); }
|
||||
|
||||
static int index_name_cmp(const char **a, const char **b)
|
||||
{ return(strcmp(a[DB_name],
|
||||
b[DB_name])); }
|
||||
|
||||
static BIGNUM *load_serial(char *serialfile)
|
||||
{
|
||||
BIO *in=NULL;
|
||||
BIGNUM *ret=NULL;
|
||||
MS_STATIC char buf[1024];
|
||||
ASN1_INTEGER *ai=NULL;
|
||||
|
||||
if ((in=BIO_new(BIO_s_file())) == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (BIO_read_filename(in,serialfile) <= 0)
|
||||
{
|
||||
perror(serialfile);
|
||||
goto err;
|
||||
}
|
||||
ai=ASN1_INTEGER_new();
|
||||
if (ai == NULL) goto err;
|
||||
if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
|
||||
{
|
||||
BIO_printf(bio_err,"unable to load number from %s\n",
|
||||
serialfile);
|
||||
goto err;
|
||||
}
|
||||
ret=ASN1_INTEGER_to_BN(ai,NULL);
|
||||
if (ret == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
|
||||
goto err;
|
||||
}
|
||||
err:
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (ai != NULL) ASN1_INTEGER_free(ai);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
static int save_serial(char *serialfile, BIGNUM *serial)
|
||||
{
|
||||
BIO *out;
|
||||
int ret=0;
|
||||
ASN1_INTEGER *ai=NULL;
|
||||
|
||||
out=BIO_new(BIO_s_file());
|
||||
if (out == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto err;
|
||||
}
|
||||
if (BIO_write_filename(out,serialfile) <= 0)
|
||||
{
|
||||
perror(serialfile);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
|
||||
goto err;
|
||||
}
|
||||
i2a_ASN1_INTEGER(out,ai);
|
||||
BIO_puts(out,"\n");
|
||||
ret=1;
|
||||
err:
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (ai != NULL) ASN1_INTEGER_free(ai);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
||||
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
|
||||
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
@ -1822,7 +1581,7 @@ err:
|
||||
}
|
||||
|
||||
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
||||
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
|
||||
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
@ -1876,7 +1635,7 @@ err:
|
||||
}
|
||||
|
||||
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
||||
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
|
||||
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
|
||||
int email_dn, char *startdate, char *enddate, long days, int batch,
|
||||
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
@ -1894,7 +1653,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
||||
int ok= -1,i,j,last,nid;
|
||||
char *p;
|
||||
CONF_VALUE *cv;
|
||||
char *row[DB_NUMBER],**rrow,**irow=NULL;
|
||||
char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
|
||||
char buf[25];
|
||||
|
||||
tmptm=ASN1_UTCTIME_new();
|
||||
@ -2131,15 +1890,19 @@ again2:
|
||||
goto err;
|
||||
}
|
||||
|
||||
rrow=TXT_DB_get_by_index(db,DB_name,row);
|
||||
if (rrow != NULL)
|
||||
if (db->attributes.unique_subject)
|
||||
{
|
||||
BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
|
||||
row[DB_name]);
|
||||
rrow=TXT_DB_get_by_index(db->db,DB_name,row);
|
||||
if (rrow != NULL)
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"ERROR:There is already a certificate for %s\n",
|
||||
row[DB_name]);
|
||||
}
|
||||
}
|
||||
else
|
||||
if (rrow == NULL)
|
||||
{
|
||||
rrow=TXT_DB_get_by_index(db,DB_serial,row);
|
||||
rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
|
||||
if (rrow != NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
|
||||
@ -2346,7 +2109,7 @@ again2:
|
||||
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
strlcpy(row[DB_file], "unknown", sizeof(row[DB_file]));
|
||||
BUF_strlcpy(row[DB_file],"unknown",8);
|
||||
row[DB_type][0]='V';
|
||||
row[DB_type][1]='\0';
|
||||
|
||||
@ -2363,10 +2126,10 @@ again2:
|
||||
}
|
||||
irow[DB_NUMBER]=NULL;
|
||||
|
||||
if (!TXT_DB_insert(db,irow))
|
||||
if (!TXT_DB_insert(db->db,irow))
|
||||
{
|
||||
BIO_printf(bio_err,"failed to update database\n");
|
||||
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
|
||||
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
|
||||
goto err;
|
||||
}
|
||||
ok=1;
|
||||
@ -2417,7 +2180,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
|
||||
}
|
||||
|
||||
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
||||
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
|
||||
long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
|
||||
unsigned long nameopt, int default_op, int ext_copy)
|
||||
@ -2596,7 +2359,7 @@ static int check_time_format(char *str)
|
||||
return(ASN1_UTCTIME_check(&tm));
|
||||
}
|
||||
|
||||
static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
|
||||
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
|
||||
{
|
||||
ASN1_UTCTIME *tm=NULL;
|
||||
char *row[DB_NUMBER],**rrow,**irow;
|
||||
@ -2621,10 +2384,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
|
||||
/* We have to lookup by serial number because name lookup
|
||||
* skips revoked certs
|
||||
*/
|
||||
rrow=TXT_DB_get_by_index(db,DB_serial,row);
|
||||
rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
|
||||
if (rrow == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
|
||||
BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
|
||||
|
||||
/* We now just add it to the database */
|
||||
row[DB_type]=(char *)OPENSSL_malloc(2);
|
||||
@ -2647,7 +2410,7 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
|
||||
BIO_printf(bio_err,"Memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
strlcpy(row[DB_file],"unknown", sizeof(row[DB_file]));
|
||||
BUF_strlcpy(row[DB_file],"unknown",8);
|
||||
row[DB_type][0]='V';
|
||||
row[DB_type][1]='\0';
|
||||
|
||||
@ -2664,10 +2427,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
|
||||
}
|
||||
irow[DB_NUMBER]=NULL;
|
||||
|
||||
if (!TXT_DB_insert(db,irow))
|
||||
if (!TXT_DB_insert(db->db,irow))
|
||||
{
|
||||
BIO_printf(bio_err,"failed to update database\n");
|
||||
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
|
||||
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -2712,7 +2475,7 @@ err:
|
||||
return(ok);
|
||||
}
|
||||
|
||||
static int get_certificate_status(const char *serial, TXT_DB *db)
|
||||
static int get_certificate_status(const char *serial, CA_DB *db)
|
||||
{
|
||||
char *row[DB_NUMBER],**rrow;
|
||||
int ok=-1,i;
|
||||
@ -2753,7 +2516,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db)
|
||||
ok=1;
|
||||
|
||||
/* Search for the certificate */
|
||||
rrow=TXT_DB_get_by_index(db,DB_serial,row);
|
||||
rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
|
||||
if (rrow == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"Serial %s not present in db.\n",
|
||||
@ -2800,7 +2563,7 @@ err:
|
||||
return(ok);
|
||||
}
|
||||
|
||||
static int do_updatedb (TXT_DB *db)
|
||||
static int do_updatedb (CA_DB *db)
|
||||
{
|
||||
ASN1_UTCTIME *a_tm = NULL;
|
||||
int i, cnt = 0;
|
||||
@ -2826,9 +2589,9 @@ static int do_updatedb (TXT_DB *db)
|
||||
else
|
||||
a_y2k = 0;
|
||||
|
||||
for (i = 0; i < sk_num(db->data); i++)
|
||||
for (i = 0; i < sk_num(db->db->data); i++)
|
||||
{
|
||||
rrow = (char **) sk_value(db->data, i);
|
||||
rrow = (char **) sk_value(db->db->data, i);
|
||||
|
||||
if (rrow[DB_type][0] == 'V')
|
||||
{
|
||||
@ -2971,16 +2734,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
|
||||
|
||||
if (!str) return NULL;
|
||||
|
||||
strlcpy(str, (char *)revtm->data, i);
|
||||
BUF_strlcpy(str, (char *)revtm->data, i);
|
||||
if (reason)
|
||||
{
|
||||
strlcat(str, ",", i);
|
||||
strlcat(str, reason, i);
|
||||
BUF_strlcat(str, ",", i);
|
||||
BUF_strlcat(str, reason, i);
|
||||
}
|
||||
if (other)
|
||||
{
|
||||
strlcat(str, ",", i);
|
||||
strlcat(str, other, i);
|
||||
BUF_strlcat(str, ",", i);
|
||||
BUF_strlcat(str, other, i);
|
||||
}
|
||||
ASN1_UTCTIME_free(revtm);
|
||||
return str;
|
||||
@ -3315,17 +3078,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int make_serial_index(TXT_DB *db)
|
||||
{
|
||||
if (!TXT_DB_create_index(db, DB_serial, NULL,
|
||||
LHASH_HASH_FN(index_serial_hash),
|
||||
LHASH_COMP_FN(index_serial_cmp)))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"error creating serial number index:(%ld,%ld,%ld)\n",
|
||||
db->error,db->arg1,db->arg2);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
5
crypto/dist/openssl/apps/dgst.c
vendored
5
crypto/dist/openssl/apps/dgst.c
vendored
@ -347,8 +347,9 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
if(!out_bin)
|
||||
{
|
||||
tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
|
||||
sprintf(tmp,"%s(%s)= ",name,argv[i]);
|
||||
size_t len = strlen(name)+strlen(argv[i])+5;
|
||||
tmp=tofree=OPENSSL_malloc(len);
|
||||
BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
|
||||
}
|
||||
else
|
||||
tmp="";
|
||||
|
6
crypto/dist/openssl/apps/enc.c
vendored
6
crypto/dist/openssl/apps/enc.c
vendored
@ -373,9 +373,9 @@ bad:
|
||||
{
|
||||
char buf[200];
|
||||
|
||||
snprintf(buf, sizeof(buf), "enter %s %s password:",
|
||||
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
|
||||
(enc)?"encryption":"decryption");
|
||||
BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
|
||||
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
|
||||
(enc)?"encryption":"decryption");
|
||||
strbuf[0]='\0';
|
||||
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
|
||||
if (i == 0)
|
||||
|
42
crypto/dist/openssl/apps/req.c
vendored
42
crypto/dist/openssl/apps/req.c
vendored
@ -824,7 +824,7 @@ loop:
|
||||
if ((x509ss=X509_new()) == NULL) goto end;
|
||||
|
||||
/* Set version to V3 */
|
||||
if(!X509_set_version(x509ss, 2)) goto end;
|
||||
if(extensions && !X509_set_version(x509ss, 2)) goto end;
|
||||
if (serial)
|
||||
{
|
||||
if (!X509_set_serialNumber(x509ss, serial)) goto end;
|
||||
@ -1223,34 +1223,34 @@ start: for (;;)
|
||||
}
|
||||
/* If OBJ not recognised ignore it */
|
||||
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
|
||||
|
||||
if(strlen(v->name) > sizeof buf-9)
|
||||
if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
|
||||
>= sizeof buf)
|
||||
{
|
||||
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s_default", v->name);
|
||||
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
def="";
|
||||
}
|
||||
snprintf(buf, sizeof(buf), "%s_value", v->name);
|
||||
|
||||
BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
|
||||
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
value=NULL;
|
||||
}
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s_min", v->name);
|
||||
BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
|
||||
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
|
||||
{
|
||||
ERR_clear_error();
|
||||
n_min = -1;
|
||||
}
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s_max", v->name);
|
||||
BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
|
||||
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
|
||||
{
|
||||
ERR_clear_error();
|
||||
@ -1288,13 +1288,13 @@ start2: for (;;)
|
||||
if ((nid=OBJ_txt2nid(type)) == NID_undef)
|
||||
goto start2;
|
||||
|
||||
if(strlen(v->name) > sizeof buf-9)
|
||||
if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
|
||||
>= sizeof buf)
|
||||
{
|
||||
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s_default", type);
|
||||
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
|
||||
== NULL)
|
||||
{
|
||||
@ -1303,7 +1303,7 @@ start2: for (;;)
|
||||
}
|
||||
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s_value", type);
|
||||
BIO_snprintf(buf,sizeof buf,"%s_value",type);
|
||||
if ((value=NCONF_get_string(req_conf,attr_sect,buf))
|
||||
== NULL)
|
||||
{
|
||||
@ -1311,11 +1311,11 @@ start2: for (;;)
|
||||
value=NULL;
|
||||
}
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s_min", type);
|
||||
BIO_snprintf(buf,sizeof buf,"%s_min",type);
|
||||
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
|
||||
n_min = -1;
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s_max", type);
|
||||
BIO_snprintf(buf,sizeof buf,"%s_max",type);
|
||||
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
|
||||
n_max = -1;
|
||||
|
||||
@ -1397,9 +1397,8 @@ start:
|
||||
(void)BIO_flush(bio_err);
|
||||
if(value != NULL)
|
||||
{
|
||||
OPENSSL_assert(strlen(value) < sizeof buf-2);
|
||||
strlcpy(buf, value, sizeof(buf));
|
||||
strlcat(buf, "\n", sizeof(buf));
|
||||
BUF_strlcpy(buf,value,sizeof buf);
|
||||
BUF_strlcat(buf,"\n",sizeof buf);
|
||||
BIO_printf(bio_err,"%s\n",value);
|
||||
}
|
||||
else
|
||||
@ -1421,8 +1420,8 @@ start:
|
||||
{
|
||||
if ((def == NULL) || (def[0] == '\0'))
|
||||
return(1);
|
||||
strlcpy(buf, def, sizeof(buf));
|
||||
strlcat(buf, "\n", sizeof(buf));
|
||||
BUF_strlcpy(buf,def,sizeof buf);
|
||||
BUF_strlcat(buf,"\n",sizeof buf);
|
||||
}
|
||||
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
|
||||
|
||||
@ -1456,9 +1455,8 @@ start:
|
||||
(void)BIO_flush(bio_err);
|
||||
if (value != NULL)
|
||||
{
|
||||
OPENSSL_assert(strlen(value) < sizeof buf-2);
|
||||
strlcpy(buf, value, sizeof(buf));
|
||||
strlcat(buf, "\n", sizeof(buf));
|
||||
BUF_strlcpy(buf,value,sizeof buf);
|
||||
BUF_strlcat(buf,"\n",sizeof buf);
|
||||
BIO_printf(bio_err,"%s\n",value);
|
||||
}
|
||||
else
|
||||
@ -1480,8 +1478,8 @@ start:
|
||||
{
|
||||
if ((def == NULL) || (def[0] == '\0'))
|
||||
return(1);
|
||||
strlcpy(buf, def, sizeof(buf));
|
||||
strlcat(buf, "\n", sizeof(buf));
|
||||
BUF_strlcpy(buf,def,sizeof buf);
|
||||
BUF_strlcat(buf,"\n",sizeof buf);
|
||||
}
|
||||
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
|
||||
|
||||
|
9
crypto/dist/openssl/apps/s_time.c
vendored
9
crypto/dist/openssl/apps/s_time.c
vendored
@ -502,8 +502,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (s_www_path != NULL)
|
||||
{
|
||||
snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
|
||||
s_www_path);
|
||||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
SSL_write(scon,buf,strlen(buf));
|
||||
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
|
||||
bytes_read+=i;
|
||||
@ -558,8 +557,7 @@ next:
|
||||
|
||||
if (s_www_path != NULL)
|
||||
{
|
||||
snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
|
||||
s_www_path);
|
||||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
SSL_write(scon,buf,strlen(buf));
|
||||
while (SSL_read(scon,buf,sizeof(buf)) > 0)
|
||||
;
|
||||
@ -597,8 +595,7 @@ next:
|
||||
|
||||
if (s_www_path)
|
||||
{
|
||||
snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
|
||||
s_www_path);
|
||||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
SSL_write(scon,buf,strlen(buf));
|
||||
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
|
||||
bytes_read+=i;
|
||||
|
7
crypto/dist/openssl/apps/speed.c
vendored
7
crypto/dist/openssl/apps/speed.c
vendored
@ -773,6 +773,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
dsa_doit[R_DSA_512]=1;
|
||||
dsa_doit[R_DSA_1024]=1;
|
||||
dsa_doit[R_DSA_2048]=1;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@ -1006,6 +1007,9 @@ int MAIN(int argc, char **argv)
|
||||
c[D_CBC_RC5][0]=count;
|
||||
c[D_CBC_BF][0]=count;
|
||||
c[D_CBC_CAST][0]=count;
|
||||
c[D_CBC_128_AES][0]=count;
|
||||
c[D_CBC_192_AES][0]=count;
|
||||
c[D_CBC_256_AES][0]=count;
|
||||
|
||||
for (i=1; i<SIZE_NUM; i++)
|
||||
{
|
||||
@ -1031,6 +1035,9 @@ int MAIN(int argc, char **argv)
|
||||
c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
|
||||
c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
|
||||
c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
|
||||
c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
|
||||
c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
|
||||
c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
|
||||
}
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
rsa_c[R_RSA_512][0]=count/2000;
|
||||
|
9
crypto/dist/openssl/crypto/asn1/a_gentm.c
vendored
9
crypto/dist/openssl/crypto/asn1/a_gentm.c
vendored
@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
|
||||
char *p;
|
||||
struct tm *ts;
|
||||
struct tm data;
|
||||
size_t len = 20;
|
||||
|
||||
if (s == NULL)
|
||||
s=M_ASN1_GENERALIZEDTIME_new();
|
||||
@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
|
||||
return(NULL);
|
||||
|
||||
p=(char *)s->data;
|
||||
if ((p == NULL) || (s->length < 16))
|
||||
if ((p == NULL) || ((size_t)s->length < len))
|
||||
{
|
||||
p=OPENSSL_malloc(20);
|
||||
p=OPENSSL_malloc(len);
|
||||
if (p == NULL) return(NULL);
|
||||
if (s->data != NULL)
|
||||
OPENSSL_free(s->data);
|
||||
s->data=(unsigned char *)p;
|
||||
}
|
||||
|
||||
snprintf(p, 20, "%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
|
||||
ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec);
|
||||
BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
|
||||
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
|
||||
s->length=strlen(p);
|
||||
s->type=V_ASN1_GENERALIZEDTIME;
|
||||
#ifdef CHARSET_EBCDIC_not
|
||||
|
4
crypto/dist/openssl/crypto/asn1/a_mbstr.c
vendored
4
crypto/dist/openssl/crypto/asn1/a_mbstr.c
vendored
@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
|
||||
if((minsize > 0) && (nchar < minsize)) {
|
||||
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
|
||||
snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
|
||||
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
|
||||
ERR_add_error_data(2, "minsize=", strbuf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if((maxsize > 0) && (nchar > maxsize)) {
|
||||
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
|
||||
snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
|
||||
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
|
||||
ERR_add_error_data(2, "maxsize=", strbuf);
|
||||
return -1;
|
||||
}
|
||||
|
9
crypto/dist/openssl/crypto/asn1/a_utctm.c
vendored
9
crypto/dist/openssl/crypto/asn1/a_utctm.c
vendored
@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
||||
char *p;
|
||||
struct tm *ts;
|
||||
struct tm data;
|
||||
size_t len = 20;
|
||||
|
||||
if (s == NULL)
|
||||
s=M_ASN1_UTCTIME_new();
|
||||
@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
||||
return(NULL);
|
||||
|
||||
p=(char *)s->data;
|
||||
if ((p == NULL) || (s->length < 14))
|
||||
if ((p == NULL) || ((size_t)s->length < len))
|
||||
{
|
||||
p=OPENSSL_malloc(20);
|
||||
p=OPENSSL_malloc(len);
|
||||
if (p == NULL) return(NULL);
|
||||
if (s->data != NULL)
|
||||
OPENSSL_free(s->data);
|
||||
s->data=(unsigned char *)p;
|
||||
}
|
||||
|
||||
snprintf(p, 20, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year%100,
|
||||
ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec);
|
||||
BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
|
||||
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
|
||||
s->length=strlen(p);
|
||||
s->type=V_ASN1_UTCTIME;
|
||||
#ifdef CHARSET_EBCDIC_not
|
||||
|
4
crypto/dist/openssl/crypto/asn1/asn1_lib.c
vendored
4
crypto/dist/openssl/crypto/asn1/asn1_lib.c
vendored
@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
|
||||
{
|
||||
char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
|
||||
|
||||
snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address);
|
||||
snprintf(buf2, sizeof(buf2), "%d", offset);
|
||||
BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
|
||||
BIO_snprintf(buf2,sizeof buf2,"%d",offset);
|
||||
ERR_add_error_data(4,"address=",buf1," offset=",buf2);
|
||||
}
|
||||
|
||||
|
6
crypto/dist/openssl/crypto/asn1/asn1_par.c
vendored
6
crypto/dist/openssl/crypto/asn1/asn1_par.c
vendored
@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
|
||||
|
||||
p=str;
|
||||
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
|
||||
snprintf(str, sizeof(str), "priv [ %d ] ", tag);
|
||||
BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
|
||||
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
|
||||
snprintf(str, sizeof(str), "cont [ %d ]", tag);
|
||||
BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
|
||||
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
|
||||
snprintf(str, sizeof(str), "appl [ %d ]", tag);
|
||||
BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
|
||||
else p = ASN1_tag2str(tag);
|
||||
|
||||
if (p2 != NULL)
|
||||
|
5
crypto/dist/openssl/crypto/asn1/t_pkey.c
vendored
5
crypto/dist/openssl/crypto/asn1/t_pkey.c
vendored
@ -139,10 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
|
||||
}
|
||||
|
||||
if (x->d == NULL)
|
||||
snprintf(str, sizeof(str), "Modulus (%d bit):",
|
||||
BN_num_bits(x->n));
|
||||
BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
|
||||
else
|
||||
strlcpy(str,"modulus:", sizeof(str));
|
||||
BUF_strlcpy(str,"modulus:",sizeof str);
|
||||
if (!print(bp,str,x->n,m,off)) goto err;
|
||||
s=(x->d == NULL)?"Exponent:":"publicExponent:";
|
||||
if (!print(bp,s,x->e,m,off)) goto err;
|
||||
|
35
crypto/dist/openssl/crypto/bio/b_dump.c
vendored
35
crypto/dist/openssl/crypto/bio/b_dump.c
vendored
@ -104,40 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
|
||||
for(i=0;i<rows;i++)
|
||||
{
|
||||
buf[0]='\0'; /* start with empty string */
|
||||
strlcpy(buf, str, sizeof(buf));
|
||||
snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
|
||||
strlcat(buf, tmp, sizeof(tmp));
|
||||
BUF_strlcpy(buf,str,sizeof buf);
|
||||
BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
|
||||
BUF_strlcat(buf,tmp,sizeof buf);
|
||||
for(j=0;j<dump_width;j++)
|
||||
{
|
||||
if (((i*dump_width)+j)>=len)
|
||||
{
|
||||
strlcat(buf, " ", sizeof(buf));
|
||||
BUF_strlcat(buf," ",sizeof buf);
|
||||
}
|
||||
else
|
||||
{
|
||||
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
|
||||
snprintf(tmp, sizeof(tmp), "%02x%c", ch,
|
||||
j == 7 ? '-' : ' ');
|
||||
strlcat(buf, tmp, sizeof(buf));
|
||||
BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
|
||||
j==7?'-':' ');
|
||||
BUF_strlcat(buf,tmp,sizeof buf);
|
||||
}
|
||||
}
|
||||
strlcat(buf, " ", sizeof(buf));
|
||||
BUF_strlcat(buf," ",sizeof buf);
|
||||
for(j=0;j<dump_width;j++)
|
||||
{
|
||||
if (((i*dump_width)+j)>=len)
|
||||
break;
|
||||
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
|
||||
#ifndef CHARSET_EBCDIC
|
||||
snprintf(tmp, sizeof(tmp), "%c",
|
||||
((ch >= ' ') && (ch <= '~')) ? ch : '.');
|
||||
BIO_snprintf(tmp,sizeof tmp,"%c",
|
||||
((ch>=' ')&&(ch<='~'))?ch:'.');
|
||||
#else
|
||||
snprintf(tmp, sizeof(tmp), "%c",
|
||||
((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
|
||||
? os_toebcdic[ch] : '.');
|
||||
BIO_snprintf(tmp,sizeof tmp,"%c",
|
||||
((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
|
||||
? os_toebcdic[ch]
|
||||
: '.');
|
||||
#endif
|
||||
strlcat(buf, tmp, sizeof(buf));
|
||||
BUF_strlcat(buf,tmp,sizeof buf);
|
||||
}
|
||||
strlcat(buf, "\n", sizeof(buf));
|
||||
BUF_strlcat(buf,"\n",sizeof buf);
|
||||
/* if this is the last call then update the ddt_dump thing so that
|
||||
* we will move the selection point in the debug window
|
||||
*/
|
||||
@ -146,8 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
|
||||
#ifdef TRUNCATE
|
||||
if (trunc > 0)
|
||||
{
|
||||
snprintf(buf, sizeof(buf), "%s%04x - <SPACES/NULS>\n", str,
|
||||
len + trunc);
|
||||
BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
|
||||
len+trunc);
|
||||
ret+=BIO_write(bio,(char *)buf,strlen(buf));
|
||||
}
|
||||
#endif
|
||||
|
12
crypto/dist/openssl/crypto/bio/b_sock.c
vendored
12
crypto/dist/openssl/crypto/bio/b_sock.c
vendored
@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
|
||||
}
|
||||
*addr=p;
|
||||
}
|
||||
snprintf(*addr,24,"%d.%d.%d.%d:%d",
|
||||
(unsigned char)(l>>24L)&0xff,
|
||||
(unsigned char)(l>>16L)&0xff,
|
||||
(unsigned char)(l>> 8L)&0xff,
|
||||
(unsigned char)(l )&0xff,
|
||||
port);
|
||||
BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
|
||||
(unsigned char)(l>>24L)&0xff,
|
||||
(unsigned char)(l>>16L)&0xff,
|
||||
(unsigned char)(l>> 8L)&0xff,
|
||||
(unsigned char)(l )&0xff,
|
||||
port);
|
||||
end:
|
||||
return(ret);
|
||||
}
|
||||
|
49
crypto/dist/openssl/crypto/bio/bio_cb.c
vendored
49
crypto/dist/openssl/crypto/bio/bio_cb.c
vendored
@ -70,68 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
|
||||
MS_STATIC char buf[256];
|
||||
char *p;
|
||||
long r=1;
|
||||
size_t p_maxlen;
|
||||
|
||||
if (BIO_CB_RETURN & cmd)
|
||||
r=ret;
|
||||
|
||||
snprintf(buf, sizeof(buf), "BIO[%08lX]:", (unsigned long)bio);
|
||||
BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
|
||||
p= &(buf[14]);
|
||||
p_maxlen = sizeof buf - 14;
|
||||
switch (cmd)
|
||||
{
|
||||
case BIO_CB_FREE:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "Free - %s\n",
|
||||
bio->method->name);
|
||||
BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
|
||||
break;
|
||||
case BIO_CB_READ:
|
||||
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
|
||||
snprintf(p, sizeof(buf) - (p - buf),
|
||||
"read(%d,%d) - %s fd=%d\n", bio->num, argi,
|
||||
bio->method->name,bio->num);
|
||||
BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
|
||||
bio->num,argi,bio->method->name,bio->num);
|
||||
else
|
||||
snprintf(p, sizeof(buf) - (p - buf),
|
||||
"read(%d,%d) - %s\n", bio->num, argi,
|
||||
bio->method->name);
|
||||
BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
|
||||
bio->num,argi,bio->method->name);
|
||||
break;
|
||||
case BIO_CB_WRITE:
|
||||
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
|
||||
snprintf(p, sizeof(buf) - (p - buf),
|
||||
"write(%d,%d) - %s fd=%d\n", bio->num, argi,
|
||||
bio->method->name,bio->num);
|
||||
BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
|
||||
bio->num,argi,bio->method->name,bio->num);
|
||||
else
|
||||
snprintf(p, sizeof(buf) - (p - buf),
|
||||
"write(%d,%d) - %s\n", bio->num, argi,
|
||||
bio->method->name);
|
||||
BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
|
||||
bio->num,argi,bio->method->name);
|
||||
break;
|
||||
case BIO_CB_PUTS:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "puts() - %s\n",
|
||||
bio->method->name);
|
||||
BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
|
||||
break;
|
||||
case BIO_CB_GETS:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "gets(%d) - %s\n",
|
||||
argi, bio->method->name);
|
||||
BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
|
||||
break;
|
||||
case BIO_CB_CTRL:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "ctrl(%d) - %s\n",
|
||||
argi, bio->method->name);
|
||||
BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
|
||||
break;
|
||||
case BIO_CB_RETURN|BIO_CB_READ:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "read return %ld\n", ret);
|
||||
BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
|
||||
break;
|
||||
case BIO_CB_RETURN|BIO_CB_WRITE:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "write return %ld\n", ret);
|
||||
BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
|
||||
break;
|
||||
case BIO_CB_RETURN|BIO_CB_GETS:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "gets return %ld\n", ret);
|
||||
BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
|
||||
break;
|
||||
case BIO_CB_RETURN|BIO_CB_PUTS:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "puts return %ld\n", ret);
|
||||
BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
|
||||
break;
|
||||
case BIO_CB_RETURN|BIO_CB_CTRL:
|
||||
snprintf(p, sizeof(buf) - (p - buf), "ctrl return %ld\n", ret);
|
||||
BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
|
||||
break;
|
||||
default:
|
||||
snprintf(p, sizeof(buf) - (p - buf),
|
||||
"bio callback - unknown type (%d)\n", cmd);
|
||||
BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
|
||||
break;
|
||||
}
|
||||
|
||||
|
6
crypto/dist/openssl/crypto/bio/bss_conn.c
vendored
6
crypto/dist/openssl/crypto/bio/bss_conn.c
vendored
@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
char buf[16];
|
||||
unsigned char *p = ptr;
|
||||
|
||||
snprintf(buf, sizeof(buf), "%d.%d.%d.%d",
|
||||
p[0], p[1], p[2], p[3]);
|
||||
BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
|
||||
p[0],p[1],p[2],p[3]);
|
||||
if (data->param_hostname != NULL)
|
||||
OPENSSL_free(data->param_hostname);
|
||||
data->param_hostname=BUF_strdup(buf);
|
||||
@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
{
|
||||
char buf[DECIMAL_SIZE(int)+1];
|
||||
|
||||
snprintf(buf, sizeof(buf), "%d", *(int *)ptr);
|
||||
BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
|
||||
if (data->param_port != NULL)
|
||||
OPENSSL_free(data->param_port);
|
||||
data->param_port=BUF_strdup(buf);
|
||||
|
10
crypto/dist/openssl/crypto/bio/bss_file.c
vendored
10
crypto/dist/openssl/crypto/bio/bss_file.c
vendored
@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
if (num & BIO_FP_APPEND)
|
||||
{
|
||||
if (num & BIO_FP_READ)
|
||||
strlcpy(p, "a+", sizeof(p));
|
||||
else strlcpy(p, "a", sizeof(p));
|
||||
BUF_strlcpy(p,"a+",sizeof p);
|
||||
else BUF_strlcpy(p,"a",sizeof p);
|
||||
}
|
||||
else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
|
||||
strlcpy(p, "r+", sizeof(p));
|
||||
BUF_strlcpy(p,"r+",sizeof p);
|
||||
else if (num & BIO_FP_WRITE)
|
||||
strlcpy(p, "w", sizeof(p));
|
||||
BUF_strlcpy(p,"w",sizeof p);
|
||||
else if (num & BIO_FP_READ)
|
||||
strlcpy(p, "r", sizeof(p));
|
||||
BUF_strlcpy(p,"r",sizeof p);
|
||||
else
|
||||
{
|
||||
BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
|
||||
|
8
crypto/dist/openssl/crypto/bn/bn_lib.c
vendored
8
crypto/dist/openssl/crypto/bn/bn_lib.c
vendored
@ -145,11 +145,11 @@ char *BN_options(void)
|
||||
{
|
||||
init++;
|
||||
#ifdef BN_LLONG
|
||||
snprintf(data, sizeof(data), "bn(%d,%d)",
|
||||
(int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
|
||||
BIO_snprintf(data,sizeof data,"bn(%d,%d)",
|
||||
(int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
|
||||
#else
|
||||
snprintf(data, sizeof(data), "bn(%d,%d)",
|
||||
(int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
|
||||
BIO_snprintf(data,sizeof data,"bn(%d,%d)",
|
||||
(int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
|
||||
#endif
|
||||
}
|
||||
return(data);
|
||||
|
5
crypto/dist/openssl/crypto/bn/bn_print.c
vendored
5
crypto/dist/openssl/crypto/bn/bn_print.c
vendored
@ -119,6 +119,7 @@ char *BN_bn2dec(const BIGNUM *a)
|
||||
}
|
||||
if ((t=BN_dup(a)) == NULL) goto err;
|
||||
|
||||
#define BUF_REMAIN (num+3 - (size_t)(p - buf))
|
||||
p=buf;
|
||||
lp=bn_data;
|
||||
if (t->neg) *(p++)='-';
|
||||
@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
|
||||
/* We now have a series of blocks, BN_DEC_NUM chars
|
||||
* in length, where the last one needs truncation.
|
||||
* The blocks need to be reversed in order. */
|
||||
snprintf(p, num + 3 - (p - buf), BN_DEC_FMT1, *lp);
|
||||
BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
|
||||
while (*p) p++;
|
||||
while (lp != bn_data)
|
||||
{
|
||||
lp--;
|
||||
snprintf(p, num + 3 - (p - buf), BN_DEC_FMT2, *lp);
|
||||
BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
|
||||
while (*p) p++;
|
||||
}
|
||||
}
|
||||
|
5
crypto/dist/openssl/crypto/conf/conf_def.c
vendored
5
crypto/dist/openssl/crypto/conf/conf_def.c
vendored
@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
strlcpy(section, "default", 10);
|
||||
BUF_strlcpy(section,"default",10);
|
||||
|
||||
if (_CONF_new_data(conf) == 0)
|
||||
{
|
||||
@ -392,6 +392,7 @@ again:
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
BUF_strlcpy(v->name,pname,strlen(pname)+1);
|
||||
if (!str_copy(conf,psection,&(v->value),start)) goto err;
|
||||
|
||||
if (strcmp(psection,section) != 0)
|
||||
@ -446,7 +447,7 @@ err:
|
||||
if (buff != NULL) BUF_MEM_free(buff);
|
||||
if (section != NULL) OPENSSL_free(section);
|
||||
if (line != NULL) *line=eline;
|
||||
snprintf(btmp, sizeof(btmp), "%ld", eline);
|
||||
BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
|
||||
ERR_add_error_data(2,"line ",btmp);
|
||||
if ((h != conf->data) && (conf->data != NULL))
|
||||
{
|
||||
|
12
crypto/dist/openssl/crypto/conf/conf_mod.c
vendored
12
crypto/dist/openssl/crypto/conf/conf_mod.c
vendored
@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
|
||||
{
|
||||
char rcode[DECIMAL_SIZE(ret)+1];
|
||||
CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
|
||||
snprintf(rcode, sizeof(rcode), "%-8d", ret);
|
||||
BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
|
||||
ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
|
||||
}
|
||||
}
|
||||
@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
|
||||
|
||||
if (!file)
|
||||
return NULL;
|
||||
strlcpy(file, X509_get_default_cert_area(), len + 1);
|
||||
BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
strlcat(file, "/", len + 1);
|
||||
BUF_strlcat(file,"/",len + 1);
|
||||
#endif
|
||||
strlcat(file, OPENSSL_CONF, len + 1);
|
||||
BUF_strlcat(file,OPENSSL_CONF,len + 1);
|
||||
|
||||
return file;
|
||||
}
|
||||
@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
|
||||
* be used to parse comma separated lists for example.
|
||||
*/
|
||||
|
||||
int CONF_parse_list(const char *list, int sep, int nospc,
|
||||
int CONF_parse_list(const char *list_, int sep, int nospc,
|
||||
int (*list_cb)(const char *elem, int len, void *usr), void *arg)
|
||||
{
|
||||
int ret;
|
||||
const char *lstart, *tmpend, *p;
|
||||
lstart = list;
|
||||
lstart = list_;
|
||||
|
||||
for(;;)
|
||||
{
|
||||
|
8
crypto/dist/openssl/crypto/cversion.c
vendored
8
crypto/dist/openssl/crypto/cversion.c
vendored
@ -61,7 +61,9 @@
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#ifndef NO_WINDOWS_BRAINDEATH
|
||||
#include "buildinf.h"
|
||||
#endif
|
||||
|
||||
const char *SSLeay_version(int t)
|
||||
{
|
||||
@ -72,7 +74,7 @@ const char *SSLeay_version(int t)
|
||||
#ifdef DATE
|
||||
static char buf[sizeof(DATE)+11];
|
||||
|
||||
snprintf(buf, sizeof(buf), "built on: %s", DATE);
|
||||
BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
|
||||
return(buf);
|
||||
#else
|
||||
return("built on: date not available");
|
||||
@ -83,7 +85,7 @@ const char *SSLeay_version(int t)
|
||||
#ifdef CFLAGS
|
||||
static char buf[sizeof(CFLAGS)+11];
|
||||
|
||||
snprintf(buf, sizeof(buf), "compiler: %s", CFLAGS);
|
||||
BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
|
||||
return(buf);
|
||||
#else
|
||||
return("compiler: information not available");
|
||||
@ -94,7 +96,7 @@ const char *SSLeay_version(int t)
|
||||
#ifdef PLATFORM
|
||||
static char buf[sizeof(PLATFORM)+11];
|
||||
|
||||
snprintf(buf, sizeof(buf), "platform: %s", PLATFORM);
|
||||
BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
|
||||
return(buf);
|
||||
#else
|
||||
return("platform: information not available");
|
||||
|
5
crypto/dist/openssl/crypto/des/ecb_enc.c
vendored
5
crypto/dist/openssl/crypto/des/ecb_enc.c
vendored
@ -60,6 +60,7 @@
|
||||
#include "des_ver.h"
|
||||
#include "spr.h"
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/bio.h>
|
||||
|
||||
OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
|
||||
OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
|
||||
@ -97,8 +98,8 @@ const char *DES_options(void)
|
||||
size="int";
|
||||
else
|
||||
size="long";
|
||||
snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc,
|
||||
unroll, size);
|
||||
BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
|
||||
size);
|
||||
init=0;
|
||||
}
|
||||
return(buf);
|
||||
|
27
crypto/dist/openssl/crypto/engine/engine.h
vendored
27
crypto/dist/openssl/crypto/engine/engine.h
vendored
@ -495,7 +495,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
|
||||
* structure will have had its reference count up'd so the caller
|
||||
* should still free their own reference 'e'. */
|
||||
int ENGINE_set_default_RSA(ENGINE *e);
|
||||
int ENGINE_set_default_string(ENGINE *e, const char *list);
|
||||
int ENGINE_set_default_string(ENGINE *e, const char *def_list);
|
||||
/* Same for the other "methods" */
|
||||
int ENGINE_set_default_DSA(ENGINE *e);
|
||||
int ENGINE_set_default_DH(ENGINE *e);
|
||||
@ -598,17 +598,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
|
||||
const dynamic_fns *fns);
|
||||
#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
|
||||
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
|
||||
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
|
||||
fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
|
||||
return 0; \
|
||||
CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
|
||||
CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
|
||||
CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
|
||||
CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
|
||||
CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
|
||||
if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
|
||||
return 0; \
|
||||
if(!ERR_set_implementation(fns->err_fns)) return 0; \
|
||||
if (ERR_get_implementation() != fns->err_fns) \
|
||||
{ \
|
||||
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
|
||||
fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
|
||||
return 0; \
|
||||
CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
|
||||
CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
|
||||
CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
|
||||
CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
|
||||
CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
|
||||
if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
|
||||
return 0; \
|
||||
if(!ERR_set_implementation(fns->err_fns)) return 0; \
|
||||
} \
|
||||
if(!fn(e,id)) return 0; \
|
||||
return 1; }
|
||||
|
||||
|
@ -12,9 +12,6 @@
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the author nor the names of contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
@ -874,7 +871,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
goto err;
|
||||
}
|
||||
|
||||
printf("bar\n");
|
||||
memset(&kop, 0, sizeof kop);
|
||||
kop.crk_op = CRK_DSA_SIGN;
|
||||
|
||||
@ -1054,14 +1050,17 @@ ENGINE_load_cryptodev(void)
|
||||
|
||||
if (engine == NULL)
|
||||
return;
|
||||
if ((fd = get_dev_crypto()) < 0)
|
||||
if ((fd = get_dev_crypto()) < 0) {
|
||||
ENGINE_free(engine);
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* find out what asymmetric crypto algorithms we support
|
||||
*/
|
||||
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
|
||||
close(fd);
|
||||
ENGINE_free(engine);
|
||||
return;
|
||||
}
|
||||
close(fd);
|
||||
|
2
crypto/dist/openssl/crypto/err/err.c
vendored
2
crypto/dist/openssl/crypto/err/err.c
vendored
@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...)
|
||||
else
|
||||
str=p;
|
||||
}
|
||||
strlcat(str, a, s + 1);
|
||||
BUF_strlcat(str,a,s+1);
|
||||
}
|
||||
}
|
||||
ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
|
||||
|
2
crypto/dist/openssl/crypto/evp/evp.h
vendored
2
crypto/dist/openssl/crypto/evp/evp.h
vendored
@ -278,6 +278,8 @@ struct env_md_ctx_st
|
||||
* once only */
|
||||
#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
|
||||
* cleaned */
|
||||
#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
|
||||
* in EVP_MD_CTX_cleanup */
|
||||
|
||||
struct evp_cipher_st
|
||||
{
|
||||
|
6
crypto/dist/openssl/crypto/evp/evp_pbe.c
vendored
6
crypto/dist/openssl/crypto/evp/evp_pbe.c
vendored
@ -87,10 +87,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
||||
if (i == -1) {
|
||||
char obj_tmp[80];
|
||||
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
|
||||
if (!pbe_obj)
|
||||
strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
|
||||
else
|
||||
i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
|
||||
if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
|
||||
else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
|
||||
ERR_add_error_data(2, "TYPE=", obj_tmp);
|
||||
return 0;
|
||||
}
|
||||
|
6
crypto/dist/openssl/crypto/evp/evp_pkey.c
vendored
6
crypto/dist/openssl/crypto/evp/evp_pkey.c
vendored
@ -210,10 +210,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
|
||||
#endif
|
||||
default:
|
||||
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
|
||||
if (!a->algorithm)
|
||||
strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
|
||||
else
|
||||
i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
|
||||
if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
|
||||
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
|
||||
ERR_add_error_data(2, "TYPE=", obj_tmp);
|
||||
EVP_PKEY_free (pkey);
|
||||
return NULL;
|
||||
|
19
crypto/dist/openssl/crypto/mem_dbg.c
vendored
19
crypto/dist/openssl/crypto/mem_dbg.c
vendored
@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
|
||||
struct tm *lcl = NULL;
|
||||
unsigned long ti;
|
||||
|
||||
#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
|
||||
|
||||
if(m->addr == (char *)l->bio)
|
||||
return;
|
||||
|
||||
@ -604,23 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
|
||||
{
|
||||
lcl = localtime(&m->time);
|
||||
|
||||
snprintf(bufp, sizeof(buf) - (bufp - buf), "[%02d:%02d:%02d] ",
|
||||
BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
|
||||
lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
|
||||
bufp += strlen(bufp);
|
||||
}
|
||||
|
||||
snprintf(bufp, sizeof(buf) - (bufp - buf), "%5lu file=%s, line=%d, ",
|
||||
BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
|
||||
m->order,m->file,m->line);
|
||||
bufp += strlen(bufp);
|
||||
|
||||
if (options & V_CRYPTO_MDEBUG_THREAD)
|
||||
{
|
||||
snprintf(bufp, sizeof(buf) - (bufp - buf), "thread=%lu, ",
|
||||
m->thread);
|
||||
BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
|
||||
bufp += strlen(bufp);
|
||||
}
|
||||
|
||||
snprintf(bufp, sizeof(buf) - (bufp - buf), "number=%d, address=%08lX\n",
|
||||
BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
|
||||
m->num,(unsigned long)m->addr);
|
||||
bufp += strlen(bufp);
|
||||
|
||||
@ -642,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
|
||||
|
||||
ami_cnt++;
|
||||
memset(buf,'>',ami_cnt);
|
||||
snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
|
||||
BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
|
||||
" thread=%lu, file=%s, line=%d, info=\"",
|
||||
amip->thread, amip->file, amip->line);
|
||||
buf_len=strlen(buf);
|
||||
@ -654,11 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
|
||||
}
|
||||
else
|
||||
{
|
||||
strlcpy(buf + buf_len, amip->info,
|
||||
sizeof(buf) - buf_len);
|
||||
BUF_strlcpy(buf + buf_len, amip->info,
|
||||
sizeof buf - buf_len);
|
||||
buf_len = strlen(buf);
|
||||
}
|
||||
snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
|
||||
BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
|
||||
|
||||
BIO_puts(l->bio,buf);
|
||||
|
||||
|
4
crypto/dist/openssl/crypto/objects/obj_dat.c
vendored
4
crypto/dist/openssl/crypto/objects/obj_dat.c
vendored
@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
|
||||
if (i > 2) i=2;
|
||||
l-=(long)(i*40);
|
||||
|
||||
snprintf(tbuf, sizeof(tbuf), "%d.%lu", i, l);
|
||||
BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
|
||||
i=strlen(tbuf);
|
||||
BUF_strlcpy(buf,tbuf,buf_len);
|
||||
buf_len-=i;
|
||||
@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
|
||||
for (; idx<len; idx++) {
|
||||
l|=p[idx]&0x7f;
|
||||
if (!(p[idx] & 0x80)) {
|
||||
snprintf(tbuf, sizeof(tbuf), ".%lu", l);
|
||||
BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
|
||||
i=strlen(tbuf);
|
||||
if (buf_len > 0)
|
||||
BUF_strlcpy(buf,tbuf,buf_len);
|
||||
|
21
crypto/dist/openssl/crypto/pem/pem_lib.c
vendored
21
crypto/dist/openssl/crypto/pem/pem_lib.c
vendored
@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
|
||||
else
|
||||
str="BAD-TYPE";
|
||||
|
||||
strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
|
||||
strlcat(buf, str, PEM_BUFSIZE);
|
||||
strlcat(buf, "\n", PEM_BUFSIZE);
|
||||
BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
|
||||
BUF_strlcat(buf,str,PEM_BUFSIZE);
|
||||
BUF_strlcat(buf,"\n",PEM_BUFSIZE);
|
||||
}
|
||||
|
||||
void PEM_dek_info(char *buf, const char *type, int len, char *str)
|
||||
@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
|
||||
long i;
|
||||
int j;
|
||||
|
||||
strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
|
||||
strlcat(buf, type, PEM_BUFSIZE);
|
||||
strlcat(buf, ",", PEM_BUFSIZE);
|
||||
BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
|
||||
BUF_strlcat(buf,type,PEM_BUFSIZE);
|
||||
BUF_strlcat(buf,",",PEM_BUFSIZE);
|
||||
j=strlen(buf);
|
||||
if (j + (len * 2) + 1 > PEM_BUFSIZE)
|
||||
return;
|
||||
for (i=0; i<len; i++)
|
||||
{
|
||||
buf[j+i*2] =map[(str[i]>>4)&0x0f];
|
||||
@ -533,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
|
||||
long len)
|
||||
{
|
||||
int nlen,n,i,j,outl;
|
||||
unsigned char *buf;
|
||||
unsigned char *buf = NULL;
|
||||
EVP_ENCODE_CTX ctx;
|
||||
int reason=ERR_R_BUF_LIB;
|
||||
|
||||
@ -553,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
|
||||
goto err;
|
||||
}
|
||||
|
||||
buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
|
||||
buf = OPENSSL_malloc(PEM_BUFSIZE*8);
|
||||
if (buf == NULL)
|
||||
{
|
||||
reason=ERR_R_MALLOC_FAILURE;
|
||||
@ -574,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
|
||||
EVP_EncodeFinal(&ctx,buf,&outl);
|
||||
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
|
||||
OPENSSL_free(buf);
|
||||
buf = NULL;
|
||||
if ( (BIO_write(bp,"-----END ",9) != 9) ||
|
||||
(BIO_write(bp,name,nlen) != nlen) ||
|
||||
(BIO_write(bp,"-----\n",6) != 6))
|
||||
goto err;
|
||||
return(i+outl);
|
||||
err:
|
||||
if (buf)
|
||||
OPENSSL_free(buf);
|
||||
PEMerr(PEM_F_PEM_WRITE_BIO,reason);
|
||||
return(0);
|
||||
}
|
||||
|
3
crypto/dist/openssl/crypto/rand/rand_egd.c
vendored
3
crypto/dist/openssl/crypto/rand/rand_egd.c
vendored
@ -56,6 +56,7 @@
|
||||
|
||||
#include <openssl/e_os2.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
/*
|
||||
* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
|
||||
@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
|
||||
addr.sun_family = AF_UNIX;
|
||||
if (strlen(path) >= sizeof(addr.sun_path))
|
||||
return (-1);
|
||||
strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
|
||||
BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
|
||||
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
|
||||
fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (fd == -1) return (-1);
|
||||
|
86
crypto/dist/openssl/crypto/rand/randfile.c
vendored
86
crypto/dist/openssl/crypto/rand/randfile.c
vendored
@ -56,6 +56,9 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
/* We need to define this to get macros like S_IFBLK and S_IFCHR */
|
||||
#define _XOPEN_SOURCE 1
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -64,6 +67,7 @@
|
||||
#include "e_os.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#include <unixio.h>
|
||||
@ -106,15 +110,16 @@ int RAND_load_file(const char *file, long bytes)
|
||||
|
||||
in=fopen(file,"rb");
|
||||
if (in == NULL) goto err;
|
||||
#if defined(S_IFBLK) && defined(S_IFCHR)
|
||||
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
|
||||
/*
|
||||
* this file is a device. we don't want read an infinite number
|
||||
* of bytes from a random device, nor do we want to use buffered
|
||||
* I/O because we will waste system entropy.
|
||||
*/
|
||||
bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
|
||||
setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
|
||||
/* this file is a device. we don't want read an infinite number
|
||||
* of bytes from a random device, nor do we want to use buffered
|
||||
* I/O because we will waste system entropy.
|
||||
*/
|
||||
bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
|
||||
setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
|
||||
}
|
||||
#endif
|
||||
for (;;)
|
||||
{
|
||||
if (bytes > 0)
|
||||
@ -145,20 +150,21 @@ int RAND_write_file(const char *file)
|
||||
FILE *out = NULL;
|
||||
int n;
|
||||
struct stat sb;
|
||||
|
||||
i=stat(file,&sb);
|
||||
if (i != -1) {
|
||||
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
|
||||
/*
|
||||
* this file is a device. we don't write back to it.
|
||||
* we "succeed" on the assumption this is some sort
|
||||
* of random device. Otherwise attempting to write to
|
||||
* and chmod the device causes problems.
|
||||
*/
|
||||
return(1);
|
||||
}
|
||||
}
|
||||
|
||||
i=stat(file,&sb);
|
||||
if (i != -1) {
|
||||
#if defined(S_IFBLK) && defined(S_IFCHR)
|
||||
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
|
||||
/* this file is a device. we don't write back to it.
|
||||
* we "succeed" on the assumption this is some sort
|
||||
* of random device. Otherwise attempting to write to
|
||||
* and chmod the device causes problems.
|
||||
*/
|
||||
return(1);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
|
||||
/* For some reason Win32 can't write to files created this way */
|
||||
|
||||
@ -220,17 +226,17 @@ err:
|
||||
const char *RAND_file_name(char *buf, size_t size)
|
||||
{
|
||||
char *s=NULL;
|
||||
char *ret=NULL;
|
||||
int ok = 0;
|
||||
#ifdef __OpenBSD__
|
||||
struct stat sb;
|
||||
#endif
|
||||
|
||||
if (OPENSSL_issetugid() == 0)
|
||||
s=getenv("RANDFILE");
|
||||
if (s != NULL && *s && strlen(s) + 1 < size)
|
||||
{
|
||||
if(strlen(s) >= size)
|
||||
if (BUF_strlcpy(buf,s,size) >= size)
|
||||
return NULL;
|
||||
strlcpy(buf, s, size);
|
||||
ret=buf;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -242,36 +248,36 @@ const char *RAND_file_name(char *buf, size_t size)
|
||||
s = DEFAULT_HOME;
|
||||
}
|
||||
#endif
|
||||
if (s != NULL && *s && (strlen(s)+strlen(RFILE)+2 < size))
|
||||
if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
|
||||
{
|
||||
strlcpy(buf, s, size);
|
||||
BUF_strlcpy(buf,s,size);
|
||||
#ifndef OPENSSL_SYS_VMS
|
||||
strlcat(buf, "/", size);
|
||||
BUF_strlcat(buf,"/",size);
|
||||
#endif
|
||||
strlcat(buf,RFILE,size);
|
||||
ret=buf;
|
||||
BUF_strlcat(buf,RFILE,size);
|
||||
ok = 1;
|
||||
}
|
||||
else
|
||||
buf[0] = '\0'; /* no file name */
|
||||
}
|
||||
|
||||
#ifdef DEVRANDOM
|
||||
#ifdef __OpenBSD__
|
||||
/* given that all random loads just fail if the file can't be
|
||||
* seen on a stat, we stat the file we're returning, if it
|
||||
* fails, use DEVRANDOM instead. the allows the user to
|
||||
* fails, use /dev/arandom instead. this allows the user to
|
||||
* use their own source for good random data, but defaults
|
||||
* to something hopefully decent if that isn't available.
|
||||
*/
|
||||
|
||||
if (ret == NULL)
|
||||
ret = DEVRANDOM;
|
||||
if (!ok)
|
||||
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
|
||||
return(NULL);
|
||||
}
|
||||
if (stat(buf,&sb) == -1)
|
||||
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
if (stat(ret,&sb) == -1)
|
||||
ret = DEVRANDOM;
|
||||
#else
|
||||
/* old behavior */
|
||||
if (ret == NULL)
|
||||
ret = RFILE;
|
||||
#endif
|
||||
return(ret);
|
||||
return(buf);
|
||||
}
|
||||
|
3
crypto/dist/openssl/crypto/threads/mttest.c
vendored
3
crypto/dist/openssl/crypto/threads/mttest.c
vendored
@ -243,7 +243,8 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
|
||||
if (cipher == NULL && OPENSSL_issetugid() == 0)
|
||||
cipher=getenv("SSL_CIPHER");
|
||||
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
13
crypto/dist/openssl/crypto/ui/ui_lib.c
vendored
13
crypto/dist/openssl/crypto/ui/ui_lib.c
vendored
@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
|
||||
len += sizeof(prompt3) - 1;
|
||||
|
||||
prompt = (char *)OPENSSL_malloc(len + 1);
|
||||
strlcpy(prompt, prompt1, len + 1);
|
||||
strlcat(prompt, object_desc, len + 1);
|
||||
BUF_strlcpy(prompt, prompt1, len + 1);
|
||||
BUF_strlcat(prompt, object_desc, len + 1);
|
||||
if (object_name)
|
||||
{
|
||||
strlcat(prompt, prompt2, len + 1);
|
||||
strlcat(prompt, object_name, len + 1);
|
||||
BUF_strlcat(prompt, prompt2, len + 1);
|
||||
BUF_strlcat(prompt, object_name, len + 1);
|
||||
}
|
||||
strlcat(prompt, prompt3, len + 1);
|
||||
BUF_strlcat(prompt, prompt3, len + 1);
|
||||
}
|
||||
return prompt;
|
||||
}
|
||||
@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
|
||||
return -1;
|
||||
}
|
||||
|
||||
strcpy(uis->result_buf, result);
|
||||
BUF_strlcpy(uis->result_buf, result,
|
||||
uis->_.string_data.result_maxsize + 1);
|
||||
break;
|
||||
case UIT_BOOLEAN:
|
||||
{
|
||||
|
34
crypto/dist/openssl/crypto/x509/by_dir.c
vendored
34
crypto/dist/openssl/crypto/x509/by_dir.c
vendored
@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
|
||||
k=0;
|
||||
for (;;)
|
||||
{
|
||||
snprintf(b->data, b->max, "%s/%08lx.%s%d",
|
||||
ctx->dirs[i], h, postfix, k);
|
||||
char c = '/';
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
|
||||
if (c != ':' && c != '>' && c != ']')
|
||||
{
|
||||
/* If no separator is present, we assume the
|
||||
directory specifier is a logical name, and
|
||||
add a colon. We really should use better
|
||||
VMS routines for merging things like this,
|
||||
but this will do for now...
|
||||
-- Richard Levitte */
|
||||
c = ':';
|
||||
}
|
||||
else
|
||||
{
|
||||
c = '\0';
|
||||
}
|
||||
#endif
|
||||
if (c == '\0')
|
||||
{
|
||||
/* This is special. When c == '\0', no
|
||||
directory separator should be added. */
|
||||
BIO_snprintf(b->data,b->max,
|
||||
"%s%08lx.%s%d",ctx->dirs[i],h,
|
||||
postfix,k);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_snprintf(b->data,b->max,
|
||||
"%s%c%08lx.%s%d",ctx->dirs[i],c,h,
|
||||
postfix,k);
|
||||
}
|
||||
k++;
|
||||
if (stat(b->data,&st) < 0)
|
||||
break;
|
||||
|
2
crypto/dist/openssl/crypto/x509/x509.h
vendored
2
crypto/dist/openssl/crypto/x509/x509.h
vendored
@ -769,8 +769,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
|
||||
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
|
||||
X509_NAME *X509_NAME_dup(X509_NAME *xn);
|
||||
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
|
||||
RSA *RSAPublicKey_dup(RSA *rsa);
|
||||
RSA *RSAPrivateKey_dup(RSA *rsa);
|
||||
|
||||
#endif /* !SSLEAY_MACROS */
|
||||
|
||||
|
8
crypto/dist/openssl/crypto/x509/x509_txt.c
vendored
8
crypto/dist/openssl/crypto/x509/x509_txt.c
vendored
@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n)
|
||||
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
|
||||
return("unhandled critical extension");
|
||||
|
||||
case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
|
||||
return("key usage does not include CRL signing");
|
||||
|
||||
case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
|
||||
return("unhandled critical CRL extension");
|
||||
|
||||
default:
|
||||
snprintf(buf, sizeof(buf), "error number %ld", n);
|
||||
BIO_snprintf(buf,sizeof buf,"error number %ld",n);
|
||||
return(buf);
|
||||
}
|
||||
}
|
||||
|
55
crypto/dist/openssl/crypto/x509/x509_vfy.c
vendored
55
crypto/dist/openssl/crypto/x509/x509_vfy.c
vendored
@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
|
||||
/* Check all untrusted certificates */
|
||||
for (i = 0; i < ctx->last_untrusted; i++)
|
||||
{
|
||||
int ret;
|
||||
x = sk_X509_value(ctx->chain, i);
|
||||
if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
|
||||
&& (x->ex_flags & EXFLAG_CRITICAL))
|
||||
@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
|
||||
ok=cb(0,ctx);
|
||||
if (!ok) goto end;
|
||||
}
|
||||
if (!X509_check_purpose(x, ctx->purpose, i))
|
||||
ret = X509_check_purpose(x, ctx->purpose, i);
|
||||
if ((ret == 0)
|
||||
|| ((ctx->flags & X509_V_FLAG_X509_STRICT)
|
||||
&& (ret != 1)))
|
||||
{
|
||||
if (i)
|
||||
ctx->error = X509_V_ERR_INVALID_CA;
|
||||
@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
|
||||
|
||||
if(issuer)
|
||||
{
|
||||
/* Check for cRLSign bit if keyUsage present */
|
||||
if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
|
||||
!(issuer->ex_kusage & KU_CRL_SIGN))
|
||||
{
|
||||
ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
|
||||
ok = ctx->verify_cb(0, ctx);
|
||||
if(!ok) goto err;
|
||||
}
|
||||
|
||||
/* Attempt to get issuer certificate public key */
|
||||
ikey = X509_get_pubkey(issuer);
|
||||
@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
|
||||
{
|
||||
int idx, ok;
|
||||
X509_REVOKED rtmp;
|
||||
STACK_OF(X509_EXTENSION) *exts;
|
||||
X509_EXTENSION *ext;
|
||||
/* Look for serial number of certificate in CRL */
|
||||
rtmp.serialNumber = X509_get_serialNumber(x);
|
||||
idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
|
||||
/* Not found: OK */
|
||||
if(idx == -1) return 1;
|
||||
/* Otherwise revoked: want something cleverer than
|
||||
/* If found assume revoked: want something cleverer than
|
||||
* this to handle entry extensions in V2 CRLs.
|
||||
*/
|
||||
ctx->error = X509_V_ERR_CERT_REVOKED;
|
||||
ok = ctx->verify_cb(0, ctx);
|
||||
return ok;
|
||||
if(idx >= 0)
|
||||
{
|
||||
ctx->error = X509_V_ERR_CERT_REVOKED;
|
||||
ok = ctx->verify_cb(0, ctx);
|
||||
if (!ok) return 0;
|
||||
}
|
||||
|
||||
if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
|
||||
return 1;
|
||||
|
||||
/* See if we have any critical CRL extensions: since we
|
||||
* currently don't handle any CRL extensions the CRL must be
|
||||
* rejected.
|
||||
* This code accesses the X509_CRL structure directly: applications
|
||||
* shouldn't do this.
|
||||
*/
|
||||
|
||||
exts = crl->crl->extensions;
|
||||
|
||||
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
|
||||
{
|
||||
ext = sk_X509_EXTENSION_value(exts, idx);
|
||||
if (ext->critical > 0)
|
||||
{
|
||||
ctx->error =
|
||||
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
|
||||
ok = ctx->verify_cb(0, ctx);
|
||||
if(!ok) return 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int internal_verify(X509_STORE_CTX *ctx)
|
||||
|
19
crypto/dist/openssl/crypto/x509/x509_vfy.h
vendored
19
crypto/dist/openssl/crypto/x509/x509_vfy.h
vendored
@ -302,17 +302,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
|
||||
|
||||
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
|
||||
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
|
||||
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
|
||||
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
|
||||
|
||||
/* The application is not happy */
|
||||
#define X509_V_ERR_APPLICATION_VERIFICATION 50
|
||||
|
||||
/* Certificate verify flags */
|
||||
|
||||
#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */
|
||||
#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
|
||||
#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */
|
||||
#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */
|
||||
#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */
|
||||
/* Send issuer+subject checks to verify_cb */
|
||||
#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
|
||||
/* Use check time instead of current time */
|
||||
#define X509_V_FLAG_USE_CHECK_TIME 0x2
|
||||
/* Lookup CRLs */
|
||||
#define X509_V_FLAG_CRL_CHECK 0x4
|
||||
/* Lookup CRLs for whole chain */
|
||||
#define X509_V_FLAG_CRL_CHECK_ALL 0x8
|
||||
/* Ignore unhandled critical extensions */
|
||||
#define X509_V_FLAG_IGNORE_CRITICAL 0x10
|
||||
/* Disable workarounds for broken certificates */
|
||||
#define X509_V_FLAG_X509_STRICT 0x20
|
||||
|
||||
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
|
||||
X509_NAME *name);
|
||||
|
4
crypto/dist/openssl/crypto/x509v3/v3_alt.c
vendored
4
crypto/dist/openssl/crypto/x509v3/v3_alt.c
vendored
@ -137,8 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
|
||||
X509V3_add_value("IP Address","<invalid>", &ret);
|
||||
break;
|
||||
}
|
||||
snprintf(oline, sizeof(oline), "%d.%d.%d.%d",
|
||||
p[0], p[1], p[2], p[3]);
|
||||
BIO_snprintf(oline, sizeof oline,
|
||||
"%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
|
||||
X509V3_add_value("IP Address",oline, &ret);
|
||||
break;
|
||||
|
||||
|
12
crypto/dist/openssl/crypto/x509v3/v3_info.c
vendored
12
crypto/dist/openssl/crypto/x509v3/v3_info.c
vendored
@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
|
||||
STACK_OF(CONF_VALUE) *ret)
|
||||
{
|
||||
ACCESS_DESCRIPTION *desc;
|
||||
int i;
|
||||
int i,nlen;
|
||||
char objtmp[80], *ntmp;
|
||||
CONF_VALUE *vtmp;
|
||||
size_t l;
|
||||
@ -115,16 +115,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
|
||||
if(!ret) break;
|
||||
vtmp = sk_CONF_VALUE_value(ret, i);
|
||||
i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
|
||||
l = strlen(objtmp) + strlen(vtmp->name) + 5;
|
||||
ntmp = OPENSSL_malloc(l);
|
||||
nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
|
||||
ntmp = OPENSSL_malloc(nlen);
|
||||
if(!ntmp) {
|
||||
X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
strlcpy(ntmp, objtmp, l);
|
||||
strlcat(ntmp, " - ", l);
|
||||
strlcat(ntmp, vtmp->name, l);
|
||||
BUF_strlcpy(ntmp, objtmp, nlen);
|
||||
BUF_strlcat(ntmp, " - ", nlen);
|
||||
BUF_strlcat(ntmp, vtmp->name, nlen);
|
||||
OPENSSL_free(vtmp->name);
|
||||
vtmp->name = ntmp;
|
||||
|
||||
|
5
crypto/dist/openssl/crypto/x509v3/v3_purp.c
vendored
5
crypto/dist/openssl/crypto/x509v3/v3_purp.c
vendored
@ -3,7 +3,7 @@
|
||||
* project 2001.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
|
||||
* 1 is a CA
|
||||
* 2 basicConstraints absent so "maybe" a CA
|
||||
* 3 basicConstraints absent but self signed V1.
|
||||
* 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||
*/
|
||||
|
||||
#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
|
||||
@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
|
||||
} else {
|
||||
if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
|
||||
/* If key usage present it must have certSign so tolerate it */
|
||||
else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
|
||||
else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
|
||||
else return 2;
|
||||
}
|
||||
}
|
||||
|
3
crypto/dist/openssl/doc/apps/openssl.pod
vendored
3
crypto/dist/openssl/doc/apps/openssl.pod
vendored
@ -329,7 +329,8 @@ L<passwd(1)|passwd(1)>,
|
||||
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
|
||||
L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
|
||||
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
|
||||
L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
|
||||
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
|
||||
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
|
||||
L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
|
||||
L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
|
||||
|
||||
|
6
crypto/dist/openssl/doc/apps/s_client.pod
vendored
6
crypto/dist/openssl/doc/apps/s_client.pod
vendored
@ -8,7 +8,7 @@ s_client - SSL/TLS client program
|
||||
=head1 SYNOPSIS
|
||||
|
||||
B<openssl> B<s_client>
|
||||
[B<-connect> host:port>]
|
||||
[B<-connect host:port>]
|
||||
[B<-verify depth>]
|
||||
[B<-cert filename>]
|
||||
[B<-key filename>]
|
||||
@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page.
|
||||
|
||||
If the handshake fails then there are several possible causes, if it is
|
||||
nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
|
||||
B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried
|
||||
B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
|
||||
in case it is a buggy server. In particular you should play with these
|
||||
options B<before> submitting a bug report to an OpenSSL mailing list.
|
||||
|
||||
@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it
|
||||
requests a certificate. By using B<s_client> the CA list can be viewed
|
||||
and checked. However some servers only request client authentication
|
||||
after a specific URL is requested. To obtain the list in this case it
|
||||
is necessary to use the B<-prexit> command and send an HTTP request
|
||||
is necessary to use the B<-prexit> option and send an HTTP request
|
||||
for an appropriate page.
|
||||
|
||||
If a certificate is specified on the command line using the B<-cert>
|
||||
|
11
crypto/dist/openssl/doc/apps/smime.pod
vendored
11
crypto/dist/openssl/doc/apps/smime.pod
vendored
@ -17,6 +17,9 @@ B<openssl> B<smime>
|
||||
[B<-rc2-40>]
|
||||
[B<-rc2-64>]
|
||||
[B<-rc2-128>]
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-in file>]
|
||||
[B<-certfile file>]
|
||||
[B<-signer file>]
|
||||
@ -126,11 +129,11 @@ B<-verify>. This directory must be a standard certificate directory: that
|
||||
is a hash of each subject name (using B<x509 -hash>) should be linked
|
||||
to each certificate.
|
||||
|
||||
=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
|
||||
=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256>
|
||||
|
||||
the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
|
||||
or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
|
||||
used. Only used with B<-encrypt>.
|
||||
the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
|
||||
40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not
|
||||
specified 40 bit RC2 is used. Only used with B<-encrypt>.
|
||||
|
||||
=item B<-nointern>
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
|
||||
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
|
||||
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
|
||||
EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
|
||||
EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
|
||||
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
|
||||
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
|
||||
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
|
||||
|
@ -36,7 +36,7 @@ None of the functions return a value.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
A typical application will will call OpenSSL_add_all_algorithms() initially and
|
||||
A typical application will call OpenSSL_add_all_algorithms() initially and
|
||||
EVP_cleanup() before exiting.
|
||||
|
||||
An application does not need to add algorithms to use them explicitly, for example
|
||||
|
2
crypto/dist/openssl/doc/crypto/RSA_print.pod
vendored
2
crypto/dist/openssl/doc/crypto/RSA_print.pod
vendored
@ -44,6 +44,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
|
||||
|
||||
RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
|
||||
DH_print_fp() are available in all versions of SSLeay and OpenSSL.
|
||||
DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
|
||||
DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
|
||||
|
||||
=cut
|
||||
|
2
crypto/dist/openssl/doc/crypto/des.pod
vendored
2
crypto/dist/openssl/doc/crypto/des.pod
vendored
@ -283,7 +283,7 @@ DES_cbc_encrypt is used.
|
||||
=head1 NOTES
|
||||
|
||||
Single-key DES is insecure due to its short key size. ECB mode is
|
||||
not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
|
||||
not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
|
||||
|
||||
The L<evp(3)|evp(3)> library provides higher-level encryption functions.
|
||||
|
||||
|
2
crypto/dist/openssl/doc/ssleay.txt
vendored
2
crypto/dist/openssl/doc/ssleay.txt
vendored
@ -6245,7 +6245,7 @@ SSL_get_app_data
|
||||
void SSL_CTX_set_default_verify
|
||||
|
||||
/* This callback, if set, totaly overrides the normal SSLeay verification
|
||||
* functions and should return 1 on sucesss and 0 on failure */
|
||||
* functions and should return 1 on success and 0 on failure */
|
||||
void SSL_CTX_set_cert_verify_callback
|
||||
|
||||
/* The following are the same as the equivilent SSL_xxx functions.
|
||||
|
1
crypto/dist/openssl/ssl/s2_clnt.c
vendored
1
crypto/dist/openssl/ssl/s2_clnt.c
vendored
@ -116,7 +116,6 @@
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl2_get_client_method(int ver);
|
||||
static int get_server_finished(SSL *s);
|
||||
|
3
crypto/dist/openssl/ssl/s2_lib.c
vendored
3
crypto/dist/openssl/ssl/s2_lib.c
vendored
@ -63,7 +63,6 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static long ssl2_default_timeout(void );
|
||||
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
|
||||
@ -139,7 +138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
/* IDEA_128_CBC_WITH_MD5 */
|
||||
#if 0
|
||||
#if 0 /* XXX - we can use OPENSSL_NO_IDEA now. */
|
||||
{
|
||||
1,
|
||||
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
|
||||
|
1
crypto/dist/openssl/ssl/s2_srvr.c
vendored
1
crypto/dist/openssl/ssl/s2_srvr.c
vendored
@ -116,7 +116,6 @@
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl2_get_server_method(int ver);
|
||||
static int get_client_master_key(SSL *s);
|
||||
|
5
crypto/dist/openssl/ssl/s3_clnt.c
vendored
5
crypto/dist/openssl/ssl/s3_clnt.c
vendored
@ -117,7 +117,6 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl3_get_client_method(int ver);
|
||||
static int ssl3_client_hello(SSL *s);
|
||||
@ -1947,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
|
||||
if (algs & SSL_kRSA)
|
||||
{
|
||||
if (rsa == NULL
|
||||
|| RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
|| RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
|
||||
goto f_err;
|
||||
@ -1959,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
|
||||
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
|
||||
{
|
||||
if (dh == NULL
|
||||
|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
|
||||
goto f_err;
|
||||
|
2
crypto/dist/openssl/ssl/s3_lib.c
vendored
2
crypto/dist/openssl/ssl/s3_lib.c
vendored
@ -271,7 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
/* Cipher 07 */
|
||||
#if 0
|
||||
#if 0 /* XXX - we can use OPENSSL_NO_IDEA now. */
|
||||
{
|
||||
1,
|
||||
SSL3_TXT_RSA_IDEA_128_SHA,
|
||||
|
8
crypto/dist/openssl/ssl/s3_pkt.c
vendored
8
crypto/dist/openssl/ssl/s3_pkt.c
vendored
@ -1086,6 +1086,14 @@ start:
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Check we have a cipher to change to */
|
||||
if (s->s3->tmp.new_cipher == NULL)
|
||||
{
|
||||
i=SSL_AD_UNEXPECTED_MESSAGE;
|
||||
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
|
||||
goto err;
|
||||
}
|
||||
|
||||
rr->length=0;
|
||||
|
||||
if (s->msg_callback)
|
||||
|
19
crypto/dist/openssl/ssl/s3_srvr.c
vendored
19
crypto/dist/openssl/ssl/s3_srvr.c
vendored
@ -121,9 +121,10 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
#include <openssl/krb5_asn.h>
|
||||
#endif
|
||||
#include <openssl/md5.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
static SSL_METHOD *ssl3_get_server_method(int ver);
|
||||
static int ssl3_get_client_hello(SSL *s);
|
||||
@ -1587,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
|
||||
|
||||
n2s(p,i);
|
||||
enc_ticket.length = i;
|
||||
|
||||
if (n < enc_ticket.length + 6)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_DATA_LENGTH_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
|
||||
enc_ticket.data = (char *)p;
|
||||
p+=enc_ticket.length;
|
||||
|
||||
n2s(p,i);
|
||||
authenticator.length = i;
|
||||
|
||||
if (n < enc_ticket.length + authenticator.length + 6)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_DATA_LENGTH_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
|
||||
authenticator.data = (char *)p;
|
||||
p+=authenticator.length;
|
||||
|
||||
|
4
crypto/dist/openssl/ssl/ssl.h
vendored
4
crypto/dist/openssl/ssl/ssl.h
vendored
@ -1295,8 +1295,8 @@ const char *SSL_alert_type_string(int value);
|
||||
const char *SSL_alert_desc_string_long(int value);
|
||||
const char *SSL_alert_desc_string(int value);
|
||||
|
||||
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
|
||||
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
|
||||
STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
|
||||
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
|
||||
int SSL_add_client_CA(SSL *ssl,X509 *x);
|
||||
|
1
crypto/dist/openssl/ssl/ssl_asn1.c
vendored
1
crypto/dist/openssl/ssl/ssl_asn1.c
vendored
@ -62,7 +62,6 @@
|
||||
#include <openssl/asn1_mac.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include "cryptlib.h"
|
||||
|
||||
typedef struct ssl_session_asn1_st
|
||||
{
|
||||
|
12
crypto/dist/openssl/ssl/ssl_cert.c
vendored
12
crypto/dist/openssl/ssl/ssl_cert.c
vendored
@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
|
||||
return(i);
|
||||
}
|
||||
|
||||
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
|
||||
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
|
||||
{
|
||||
if (*ca_list != NULL)
|
||||
sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
|
||||
|
||||
*ca_list=list;
|
||||
*ca_list=name_list;
|
||||
}
|
||||
|
||||
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
|
||||
@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
|
||||
void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
|
||||
{
|
||||
set_client_CA_list(&(s->client_CA),list);
|
||||
set_client_CA_list(&(s->client_CA),name_list);
|
||||
}
|
||||
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
|
||||
{
|
||||
set_client_CA_list(&(ctx->client_CA),list);
|
||||
set_client_CA_list(&(ctx->client_CA),name_list);
|
||||
}
|
||||
|
||||
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
|
||||
|
85
crypto/dist/openssl/ssl/ssl_ciph.c
vendored
85
crypto/dist/openssl/ssl/ssl_ciph.c
vendored
@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={
|
||||
{0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
{0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
{0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
#endif
|
||||
{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
|
||||
{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
{0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
|
||||
@ -166,8 +168,12 @@ static void load_ciphers(void)
|
||||
EVP_get_cipherbyname(SN_rc4);
|
||||
ssl_cipher_methods[SSL_ENC_RC2_IDX]=
|
||||
EVP_get_cipherbyname(SN_rc2_cbc);
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
|
||||
EVP_get_cipherbyname(SN_idea_cbc);
|
||||
#else
|
||||
ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
|
||||
#endif
|
||||
ssl_cipher_methods[SSL_ENC_AES128_IDX]=
|
||||
EVP_get_cipherbyname(SN_aes_128_cbc);
|
||||
ssl_cipher_methods[SSL_ENC_AES256_IDX]=
|
||||
@ -334,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
|
||||
}
|
||||
|
||||
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
|
||||
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
|
||||
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
|
||||
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
|
||||
{
|
||||
int i, list_num;
|
||||
int i, co_list_num;
|
||||
SSL_CIPHER *c;
|
||||
|
||||
/*
|
||||
@ -348,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
|
||||
*/
|
||||
|
||||
/* Get the initial list of ciphers */
|
||||
list_num = 0; /* actual count of ciphers */
|
||||
co_list_num = 0; /* actual count of ciphers */
|
||||
for (i = 0; i < num_of_ciphers; i++)
|
||||
{
|
||||
c = ssl_method->get_cipher(i);
|
||||
/* drop those that use any of that is not available */
|
||||
if ((c != NULL) && c->valid && !(c->algorithms & mask))
|
||||
{
|
||||
list[list_num].cipher = c;
|
||||
list[list_num].next = NULL;
|
||||
list[list_num].prev = NULL;
|
||||
list[list_num].active = 0;
|
||||
list_num++;
|
||||
co_list[co_list_num].cipher = c;
|
||||
co_list[co_list_num].next = NULL;
|
||||
co_list[co_list_num].prev = NULL;
|
||||
co_list[co_list_num].active = 0;
|
||||
co_list_num++;
|
||||
#ifdef KSSL_DEBUG
|
||||
printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
|
||||
#endif /* KSSL_DEBUG */
|
||||
@ -372,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
|
||||
/*
|
||||
* Prepare linked list from list entries
|
||||
*/
|
||||
for (i = 1; i < list_num - 1; i++)
|
||||
for (i = 1; i < co_list_num - 1; i++)
|
||||
{
|
||||
list[i].prev = &(list[i-1]);
|
||||
list[i].next = &(list[i+1]);
|
||||
co_list[i].prev = &(co_list[i-1]);
|
||||
co_list[i].next = &(co_list[i+1]);
|
||||
}
|
||||
if (list_num > 0)
|
||||
if (co_list_num > 0)
|
||||
{
|
||||
(*head_p) = &(list[0]);
|
||||
(*head_p) = &(co_list[0]);
|
||||
(*head_p)->prev = NULL;
|
||||
(*head_p)->next = &(list[1]);
|
||||
(*tail_p) = &(list[list_num - 1]);
|
||||
(*tail_p)->prev = &(list[list_num - 2]);
|
||||
(*head_p)->next = &(co_list[1]);
|
||||
(*tail_p) = &(co_list[co_list_num - 1]);
|
||||
(*tail_p)->prev = &(co_list[co_list_num - 2]);
|
||||
(*tail_p)->next = NULL;
|
||||
}
|
||||
}
|
||||
@ -429,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
|
||||
|
||||
static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
|
||||
unsigned long algo_strength, unsigned long mask_strength,
|
||||
int rule, int strength_bits, CIPHER_ORDER *list,
|
||||
int rule, int strength_bits, CIPHER_ORDER *co_list,
|
||||
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
|
||||
{
|
||||
CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
|
||||
@ -524,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
|
||||
*tail_p = tail;
|
||||
}
|
||||
|
||||
static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER **tail_p)
|
||||
static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
|
||||
CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER **tail_p)
|
||||
{
|
||||
int max_strength_bits, i, *number_uses;
|
||||
CIPHER_ORDER *curr;
|
||||
@ -570,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
|
||||
for (i = max_strength_bits; i >= 0; i--)
|
||||
if (number_uses[i] > 0)
|
||||
ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
|
||||
list, head_p, tail_p);
|
||||
co_list, head_p, tail_p);
|
||||
|
||||
OPENSSL_free(number_uses);
|
||||
return(1);
|
||||
}
|
||||
|
||||
static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
CIPHER_ORDER *list, CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
|
||||
CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
|
||||
{
|
||||
unsigned long algorithms, mask, algo_strength, mask_strength;
|
||||
@ -702,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
ok = 0;
|
||||
if ((buflen == 8) &&
|
||||
!strncmp(buf, "STRENGTH", 8))
|
||||
ok = ssl_cipher_strength_sort(list,
|
||||
ok = ssl_cipher_strength_sort(co_list,
|
||||
head_p, tail_p);
|
||||
else
|
||||
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
|
||||
@ -722,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
{
|
||||
ssl_cipher_apply_rule(algorithms, mask,
|
||||
algo_strength, mask_strength, rule, -1,
|
||||
list, head_p, tail_p);
|
||||
co_list, head_p, tail_p);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -744,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
unsigned long disabled_mask;
|
||||
STACK_OF(SSL_CIPHER) *cipherstack;
|
||||
const char *rule_p;
|
||||
CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||
SSL_CIPHER **ca_list = NULL;
|
||||
|
||||
/*
|
||||
@ -774,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
#ifdef KSSL_DEBUG
|
||||
printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
|
||||
#endif /* KSSL_DEBUG */
|
||||
list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
|
||||
if (list == NULL)
|
||||
co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
|
||||
if (co_list == NULL)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
|
||||
return(NULL); /* Failure */
|
||||
}
|
||||
|
||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
|
||||
list, &head, &tail);
|
||||
co_list, &head, &tail);
|
||||
|
||||
/*
|
||||
* We also need cipher aliases for selecting based on the rule_str.
|
||||
@ -798,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
|
||||
if (ca_list == NULL)
|
||||
{
|
||||
OPENSSL_free(list);
|
||||
OPENSSL_free(co_list);
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
|
||||
return(NULL); /* Failure */
|
||||
}
|
||||
@ -814,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
if (strncmp(rule_str,"DEFAULT",7) == 0)
|
||||
{
|
||||
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
|
||||
list, &head, &tail, ca_list);
|
||||
co_list, &head, &tail, ca_list);
|
||||
rule_p += 7;
|
||||
if (*rule_p == ':')
|
||||
rule_p++;
|
||||
}
|
||||
|
||||
if (ok && (strlen(rule_p) > 0))
|
||||
ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
|
||||
ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
|
||||
ca_list);
|
||||
|
||||
OPENSSL_free(ca_list); /* Not needed anymore */
|
||||
|
||||
if (!ok)
|
||||
{ /* Rule processing failure */
|
||||
OPENSSL_free(list);
|
||||
OPENSSL_free(co_list);
|
||||
return(NULL);
|
||||
}
|
||||
/*
|
||||
@ -837,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
|
||||
{
|
||||
OPENSSL_free(list);
|
||||
OPENSSL_free(co_list);
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
@ -855,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
#endif
|
||||
}
|
||||
}
|
||||
OPENSSL_free(list); /* Not needed any longer */
|
||||
OPENSSL_free(co_list); /* Not needed any longer */
|
||||
|
||||
/*
|
||||
* The following passage is a little bit odd. If pointer variables
|
||||
@ -905,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
{
|
||||
int is_export,pkl,kl;
|
||||
char *ver,*exp;
|
||||
char *ver,*exp_str;
|
||||
char *kx,*au,*enc,*mac;
|
||||
unsigned long alg,alg2,alg_s;
|
||||
#ifdef KSSL_DEBUG
|
||||
@ -921,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
is_export=SSL_C_IS_EXPORT(cipher);
|
||||
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
|
||||
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
|
||||
exp=is_export?" export":"";
|
||||
exp_str=is_export?" export":"";
|
||||
|
||||
if (alg & SSL_SSLV2)
|
||||
ver="SSLv2";
|
||||
@ -1040,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
return("Buffer too small");
|
||||
|
||||
#ifdef KSSL_DEBUG
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
|
||||
#else
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
|
||||
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
|
||||
#endif /* KSSL_DEBUG */
|
||||
return(buf);
|
||||
}
|
||||
@ -1129,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
|
||||
{
|
||||
MemCheck_on();
|
||||
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
|
||||
return(0);
|
||||
return(1);
|
||||
}
|
||||
else
|
||||
{
|
||||
MemCheck_on();
|
||||
return(1);
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
|
1
crypto/dist/openssl/ssl/ssl_sess.c
vendored
1
crypto/dist/openssl/ssl/ssl_sess.c
vendored
@ -60,7 +60,6 @@
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "cryptlib.h"
|
||||
|
||||
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
|
||||
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
|
||||
|
9
crypto/dist/openssl/ssl/ssltest.c
vendored
9
crypto/dist/openssl/ssl/ssltest.c
vendored
@ -564,7 +564,14 @@ bad:
|
||||
if (cm != NULL)
|
||||
{
|
||||
if (cm->type != NID_undef)
|
||||
SSL_COMP_add_compression_method(comp, cm);
|
||||
{
|
||||
if (SSL_COMP_add_compression_method(comp, cm) != 0)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Failed to add compression method\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
fprintf(stderr,
|
||||
|
38
crypto/dist/openssl/util/mkdef.pl
vendored
38
crypto/dist/openssl/util/mkdef.pl
vendored
@ -1116,27 +1116,55 @@ sub print_test_file
|
||||
}
|
||||
}
|
||||
|
||||
sub get_version {
|
||||
local *MF;
|
||||
my $v = '?';
|
||||
open MF, 'Makefile.ssl' or return $v;
|
||||
while (<MF>) {
|
||||
$v = $1, last if /^VERSION=(.*?)\s*$/;
|
||||
}
|
||||
close MF;
|
||||
return $v;
|
||||
}
|
||||
|
||||
sub print_def_file
|
||||
{
|
||||
(*OUT,my $name,*nums,my @symbols)=@_;
|
||||
my $n = 1; my @e; my @r; my @v; my $prev="";
|
||||
my $liboptions="";
|
||||
my $libname = $name;
|
||||
my $http_vendor = 'www.openssl.org/';
|
||||
my $version = get_version();
|
||||
my $what = "OpenSSL: implementation of Secure Socket Layer";
|
||||
my $description = "$what $version, $name - http://$http_vendor";
|
||||
|
||||
if ($W32)
|
||||
{ $name.="32"; }
|
||||
{ $libname.="32"; }
|
||||
elsif ($W16)
|
||||
{ $name.="16"; }
|
||||
{ $libname.="16"; }
|
||||
elsif ($OS2)
|
||||
{ $liboptions = "INITINSTANCE\nDATA NONSHARED"; }
|
||||
{ # DLL names should not clash on the whole system.
|
||||
# However, they should not have any particular relationship
|
||||
# to the name of the static library. Chose descriptive names
|
||||
# (must be at most 8 chars).
|
||||
my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
|
||||
$libname = $translate{$name} || $name;
|
||||
$liboptions = <<EOO;
|
||||
INITINSTANCE
|
||||
DATA MULTIPLE NONSHARED
|
||||
EOO
|
||||
# Vendor field can't contain colon, drat; so we omit http://
|
||||
$description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
|
||||
}
|
||||
|
||||
print OUT <<"EOF";
|
||||
;
|
||||
; Definition file for the DLL version of the $name library from OpenSSL
|
||||
;
|
||||
|
||||
LIBRARY $name $liboptions
|
||||
LIBRARY $libname $liboptions
|
||||
|
||||
DESCRIPTION 'OpenSSL $name - http://www.openssl.org/'
|
||||
DESCRIPTION '$description'
|
||||
|
||||
EOF
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user