Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openssl 0.9.7c. security changes are already in place

This commit is contained in:
itojun 2003-11-04 23:25:09 +00:00
parent 6a3911e9ce
commit 6b4e6697c9
58 changed files with 362 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/dist/openssl/Configure vendored
View File

@ -560,6 +560,8 @@ my %table=(
"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
##### Compaq Non-Stop Kernel (Tandem)
"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",

2
crypto/dist/openssl/INSTALL.W32 vendored
View File

@ -225,7 +225,7 @@
$ md c:\openssl\lib
$ md c:\openssl\include
$ md c:\openssl\include\openssl
$ copy /b inc32\* c:\openssl\include\openssl
$ copy /b inc32\openssl\* c:\openssl\include\openssl
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
$ copy /b out32dll\libeay32.lib c:\openssl\lib
$ copy /b out32dll\ssleay32.dll c:\openssl\bin

22
crypto/dist/openssl/Makefile.org vendored
View File

@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAGS=$(CFLAG)
ASFLAG=$(CFLAG)
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@ -194,6 +194,7 @@ MAKE= make -f Makefile.ssl
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
SHELL=/bin/sh
TOP= .
@ -225,7 +226,7 @@ sub_all:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@ -410,7 +411,7 @@ do_svr3-shared:
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@ -435,7 +436,7 @@ do_svr5-shared:
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
${CC} ${SHARED_LDFLAGS} \
@ -831,6 +832,7 @@ install: all install_docs
fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@ -847,33 +849,33 @@ install_docs:
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done

26
crypto/dist/openssl/Makefile.ssl vendored
View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=0.9.7b
VERSION=0.9.7c
MAJOR=0
MINOR=9.7
SHLIB_VERSION_NUMBER=0.9.7
@ -69,7 +69,7 @@ EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
PERL= /usr/local/bin/perl
PERL= /usr/bin/perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
@ -80,7 +80,7 @@ MAKEDEPPROG=makedepend
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAGS=$(CFLAG)
ASFLAG=$(CFLAG)
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@ -196,6 +196,7 @@ MAKE= make -f Makefile.ssl
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
SHELL=/bin/sh
TOP= .
@ -227,7 +228,7 @@ sub_all:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@ -412,7 +413,7 @@ do_svr3-shared:
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@ -437,7 +438,7 @@ do_svr5-shared:
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
${CC} ${SHARED_LDFLAGS} \
@ -833,6 +834,7 @@ install: all install_docs
fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@ -849,33 +851,33 @@ install_docs:
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done

12
crypto/dist/openssl/NEWS vendored
View File

@ -5,6 +5,13 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
o Security: fix various ASN1 parsing bugs.
o New -ignore_err option to OCSP utility.
o Various interop and bug fixes in S/MIME code.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
o Security: counter the Klima-Pokorny-Rosa extension of
@ -73,6 +80,11 @@
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
o Security: fix various ASN1 parsing bugs.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
o Security: counter the Klima-Pokorny-Rosa extension of

2
crypto/dist/openssl/README vendored
View File

@ -1,5 +1,5 @@
OpenSSL 0.9.7b 10 Apr 2003
OpenSSL 0.9.7c 30 Sep 2003
Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

2
crypto/dist/openssl/apps/CA.pl vendored
View File

@ -1,4 +1,4 @@
#!/usr/local/bin/perl
#!/usr/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes

2
crypto/dist/openssl/apps/der_chop vendored
View File

@ -1,4 +1,4 @@
#!/usr/local/bin/perl
#!/usr/bin/perl
#
# der_chop ... this is one total hack that Eric is really not proud of
# so don't look at it and don't ask for support

5
crypto/dist/openssl/apps/ocsp.c vendored
View File

@ -136,6 +136,7 @@ int MAIN(int argc, char **argv)
int accept_count = -1;
int badarg = 0;
int i;
int ignore_err = 0;
STACK *reqnames = NULL;
STACK_OF(OCSP_CERTID) *ids = NULL;
@ -195,6 +196,8 @@ int MAIN(int argc, char **argv)
}
else badarg = 1;
}
else if (!strcmp(*args, "-ignore_err"))
ignore_err = 1;
else if (!strcmp(*args, "-noverify"))
noverify = 1;
else if (!strcmp(*args, "-nonce"))
@ -809,6 +812,8 @@ int MAIN(int argc, char **argv)
{
BIO_printf(out, "Responder Error: %s (%ld)\n",
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
ret = 0;
goto end;
}

11
crypto/dist/openssl/apps/pkcs8.c vendored
View File

@ -235,7 +235,7 @@ int MAIN(int argc, char **argv)
return (1);
}
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -259,8 +259,7 @@ int MAIN(int argc, char **argv)
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
p8pass, strlen(p8pass),
NULL, 0, iter, p8inf))) {
BIO_printf(bio_err, "Error encrypting key\n",
outfile);
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -303,7 +302,7 @@ int MAIN(int argc, char **argv)
}
if (!p8) {
BIO_printf (bio_err, "Error reading key\n", outfile);
BIO_printf (bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -317,13 +316,13 @@ int MAIN(int argc, char **argv)
}
if (!p8inf) {
BIO_printf(bio_err, "Error decrypting key\n", outfile);
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
return (1);
}
if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
return (1);
}

8
crypto/dist/openssl/apps/s_apps.h vendored
View File

@ -112,6 +112,14 @@
#include <sys/types.h>
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_MSDOS
#define _kbhit kbhit
#endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */

38
crypto/dist/openssl/apps/s_client.c vendored
View File

@ -136,10 +136,6 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
@ -221,7 +217,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err," only \"smtp\" is supported.\n");
BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
@ -251,7 +247,7 @@ int MAIN(int argc, char **argv)
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
int smtp_starttls = 0;
int starttls_proto = 0;
int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
@ -260,7 +256,7 @@ int MAIN(int argc, char **argv)
char *engine_id=NULL;
ENGINE *e=NULL;
#endif
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
@ -415,7 +411,9 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
++argv;
if (strcmp(*argv,"smtp") == 0)
smtp_starttls = 1;
starttls_proto = 1;
else if (strcmp(*argv,"pop3") == 0)
starttls_proto = 2;
else
goto bad;
}
@ -587,12 +585,18 @@ re_start:
sbuf_off=0;
/* This is an ugly hack that does a lot of assumptions */
if (smtp_starttls)
if (starttls_proto == 1)
{
BIO_read(sbio,mbuf,BUFSIZZ);
BIO_printf(sbio,"STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
if (starttls_proto == 2)
{
BIO_read(sbio,mbuf,BUFSIZZ);
BIO_printf(sbio,"STLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
for (;;)
{
@ -613,11 +617,11 @@ re_start:
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
if (smtp_starttls)
if (starttls_proto)
{
BIO_printf(bio_err,"%s",mbuf);
/* We don't need to know any more */
smtp_starttls = 0;
starttls_proto = 0;
}
if (reconnect)
@ -636,7 +640,7 @@ re_start:
if (!ssl_pending)
{
#ifndef OPENSSL_SYS_WINDOWS
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
@ -663,8 +667,8 @@ re_start:
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we make the assumption that we can
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
/* Under Windows/DOS we make the assumption that we can
* always write to the tty: therefore if we need to
* write to the tty we just fall through. Otherwise
* we timeout the select every second and see if there
@ -678,7 +682,7 @@ re_start:
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
#ifdef OPENSSL_SYS_WINCE
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if(!i && (!_kbhit() || !read_tty) ) continue;
#else
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
@ -847,8 +851,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
}
}
#ifdef OPENSSL_SYS_WINDOWS
#ifdef OPENSSL_SYS_WINCE
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
#else
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))

20
crypto/dist/openssl/apps/s_server.c vendored
View File

@ -140,10 +140,6 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
@ -917,7 +913,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
@ -991,7 +987,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (!read_from_sslcon)
{
FD_ZERO(&readfds);
#ifndef OPENSSL_SYS_WINDOWS
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
@ -1001,8 +997,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we can't select on stdin: only
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
/* Under DOS (non-djgpp) and Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
@ -1263,7 +1259,13 @@ static int init_ssl_connection(SSL *con)
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
#ifndef OPENSSL_NO_KRB5
if (con->kssl_ctx->client_princ != NULL)
{
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
con->kssl_ctx->client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
return(1);
}

2
crypto/dist/openssl/apps/x509.c vendored
View File

@ -1145,7 +1145,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
else if (!(bs = load_serial(CAfile, serialfile, create)))
goto end;
if (!X509_STORE_add_cert(ctx,x)) goto end;
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
/* NOTE: this certificate can/should be self signed, unless it was
* a certificate request in which case it is not. */

2
crypto/dist/openssl/bugs/SSLv3 vendored
View File

@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
doing a re-connect, always takes the first cipher in the cipher list.
If we accept a netscape connection, demand a client cert, have a
non-self-sighed CA which does not have it's CA in netscape, and the
non-self-signed CA which does not have it's CA in netscape, and the
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
Netscape browsers do not really notice the server sending a

12
crypto/dist/openssl/crypto/aes/aes_cbc.c vendored
View File

@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
if (AES_ENCRYPT == enc) {
while (len >= AES_BLOCK_SIZE) {
for(n=0; n < sizeof tmp; ++n)
for(n=0; n < AES_BLOCK_SIZE; ++n)
tmp[n] = in[n] ^ ivec[n];
AES_encrypt(tmp, out, key);
memcpy(ivec, out, AES_BLOCK_SIZE);
@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
for(n=len; n < AES_BLOCK_SIZE; ++n)
tmp[n] = ivec[n];
AES_encrypt(tmp, tmp, key);
memcpy(out, tmp, len);
memcpy(ivec, tmp, sizeof tmp);
memcpy(out, tmp, AES_BLOCK_SIZE);
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
} else {
while (len >= AES_BLOCK_SIZE) {
memcpy(tmp, in, sizeof tmp);
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(in, out, key);
for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
out += AES_BLOCK_SIZE;
}
if (len) {
memcpy(tmp, in, sizeof tmp);
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, tmp, key);
for(n=0; n < len; ++n)
out[n] ^= ivec[n];
memcpy(ivec, tmp, sizeof tmp);
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
}

54
crypto/dist/openssl/crypto/aes/aes_ctr.c vendored
View File

@ -62,19 +62,49 @@
/* NOTE: CTR mode is big-endian. The rest of the AES code
* is endian-neutral. */
/* increment counter (128-bit int) by 2^64 */
/* increment counter (128-bit int) by 1 */
static void AES_ctr128_inc(unsigned char *counter) {
unsigned long c;
/* Grab 3rd dword of counter and increment */
/* Grab bottom dword of counter and increment */
#ifdef L_ENDIAN
c = GETU32(counter + 8);
c = GETU32(counter + 0);
c++;
PUTU32(counter + 8, c);
PUTU32(counter + 0, c);
#else
c = GETU32(counter + 4);
c = GETU32(counter + 12);
c++;
PUTU32(counter + 4, c);
PUTU32(counter + 12, c);
#endif
/* if no overflow, we're done */
if (c)
return;
/* Grab 1st dword of counter and increment */
#ifdef L_ENDIAN
c = GETU32(counter + 4);
c++;
PUTU32(counter + 4, c);
#else
c = GETU32(counter + 8);
c++;
PUTU32(counter + 8, c);
#endif
/* if no overflow, we're done */
if (c)
return;
/* Grab 2nd dword of counter and increment */
#ifdef L_ENDIAN
c = GETU32(counter + 8);
c++;
PUTU32(counter + 8, c);
#else
c = GETU32(counter + 4);
c++;
PUTU32(counter + 4, c);
#endif
/* if no overflow, we're done */
@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) {
* encrypted counter is kept in ecount_buf. Both *num and
* ecount_buf must be initialised with zeros before the first
* call to AES_ctr128_encrypt().
*
* This algorithm assumes that the counter is in the x lower bits
* of the IV (ivec), and that the application has full control over
* overflow and the rest of the IV. This implementation takes NO
* responsability for checking that the counter doesn't overflow
* into the rest of the IV when incremented.
*/
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char counter[AES_BLOCK_SIZE],
unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num) {
@ -117,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
while (l--) {
if (n == 0) {
AES_encrypt(counter, ecount_buf, key);
AES_ctr128_inc(counter);
AES_encrypt(ivec, ecount_buf, key);
AES_ctr128_inc(ivec);
}
*(out++) = *(in++) ^ ecount_buf[n];
n = (n+1) % AES_BLOCK_SIZE;

2
crypto/dist/openssl/crypto/asn1/a_strex.c vendored
View File

@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
* otherwise it is the number of bytes per character
*/
const static char tag2nbyte[] = {
const static signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 0-4 */
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */

2
crypto/dist/openssl/crypto/bio/b_print.c vendored
View File

@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
* had the buffer been large enough.) */
return -1;
else
return (retlen <= INT_MAX) ? retlen : -1;
return (retlen <= INT_MAX) ? (int)retlen : -1;
}

1
crypto/dist/openssl/crypto/bio/bf_buff.c vendored
View File

@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
if (i <= 0)
{
BIO_copy_next_retry(b);
*buf='\0';
if (i < 0) return((num > 0)?num:i);
if (i == 0) return(num);
}

1
crypto/dist/openssl/crypto/bn/Makefile.ssl vendored
View File

@ -22,6 +22,7 @@ BN_ASM= bn_asm.o
#BN_ASM= bn86-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=bntest.c exptest.c

4
crypto/dist/openssl/crypto/bn/bn_mul.c vendored
View File

@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
int n, BN_ULONG *t)
{
int i,j,n2=n*2;
unsigned int c1,c2,neg,zero;
int c1,c2,neg,zero;
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
/* The overflow will stop before we over write
* words we should not overwrite */
if (ln < c1)
if (ln < (BN_ULONG)c1)
{
do {
p++;

84
crypto/dist/openssl/crypto/des/cfb_enc.c vendored
View File

@ -64,32 +64,22 @@
* the second. The second 12 bits will come from the 3rd and half the 4th
* byte.
*/
/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
* length */
/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
* will not be compatible with any encryption prior to that date. Ben. */
void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
long length, DES_key_schedule *schedule, DES_cblock *ivec,
int enc)
{
register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
register DES_LONG mask0,mask1;
register unsigned long l=length;
register int num=numbits;
DES_LONG ti[2];
unsigned char *iv;
unsigned char ovec[16];
if (num > 64) return;
if (num > 32)
{
mask0=0xffffffffL;
if (num == 64)
mask1=mask0;
else mask1=(1L<<(num-32))-1;
}
else
{
if (num == 32)
mask0=0xffffffffL;
else mask0=(1L<<num)-1;
mask1=0x00000000L;
}
iv = &(*ivec)[0];
c2l(iv,v0);
c2l(iv,v1);
@ -103,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
c2ln(in,d0,d1,n);
in+=n;
d0=(d0^ti[0])&mask0;
d1=(d1^ti[1])&mask1;
d0^=ti[0];
d1^=ti[1];
l2cn(d0,d1,out,n);
out+=n;
/* 30-08-94 - eay - changed because l>>32 and
@ -113,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
{ v0=v1; v1=d0; }
else if (num == 64)
{ v0=d0; v1=d1; }
else if (num > 32) /* && num != 64 */
else
{
v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
}
else /* num < 32 */
{
v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
iv=&ovec[0];
l2c(v0,iv);
l2c(v1,iv);
l2c(d0,iv);
l2c(d1,iv);
/* shift ovec left most of the bits... */
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
for(n=0 ; n < 8 ; ++n)
{
ovec[n]<<=num%8;
ovec[n]|=ovec[n+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
c2l(iv,v1);
}
}
}
@ -141,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
{ v0=v1; v1=d0; }
else if (num == 64)
{ v0=d0; v1=d1; }
else if (num > 32) /* && num != 64 */
else
{
v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
iv=&ovec[0];
l2c(v0,iv);
l2c(v1,iv);
l2c(d0,iv);
l2c(d1,iv);
/* shift ovec left most of the bits... */
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
for(n=0 ; n < 8 ; ++n)
{
ovec[n]<<=num%8;
ovec[n]|=ovec[n+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
c2l(iv,v1);
}
else /* num < 32 */
{
v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
}
d0=(d0^ti[0])&mask0;
d1=(d1^ti[1])&mask1;
d0^=ti[0];
d1^=ti[1];
l2cn(d0,d1,out,n);
out+=n;
}

13
crypto/dist/openssl/crypto/ec/ec_mult.c vendored
View File

@ -175,12 +175,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B
* (thus the boundaries should be increased)
*/
#define EC_window_bits_for_scalar_size(b) \
((b) >= 2000 ? 6 : \
(b) >= 800 ? 5 : \
(b) >= 300 ? 4 : \
(b) >= 70 ? 3 : \
(b) >= 20 ? 2 : \
1)
((size_t) \
((b) >= 2000 ? 6 : \
(b) >= 800 ? 5 : \
(b) >= 300 ? 4 : \
(b) >= 70 ? 3 : \
(b) >= 20 ? 2 : \
1))
/* Compute
* \sum scalars[i]*points[i],

1
crypto/dist/openssl/crypto/engine/hw_ubsec.c vendored
View File

@ -561,7 +561,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
return 0;
}
memset(r->d, 0, BN_num_bytes(m));
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0;

15
crypto/dist/openssl/crypto/evp/Makefile.ssl vendored
View File

@ -185,13 +185,14 @@ c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

38
crypto/dist/openssl/crypto/evp/bio_b64.c vendored
View File

@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl)
ret_code=0;
while (outl > 0)
{
if (ctx->cont <= 0) break;
if (ctx->cont <= 0)
break;
i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
B64_BLOCK_SIZE-ctx->tmp_len);
@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl)
/* Should be continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
/* else we should continue when called again */
break;
/* If buffer empty break */
if(ctx->tmp_len == 0)
break;
/* Fall through and process what we have */
else
i = 0;
}
/* else we retry and add more data to buffer */
else
break;
}
i+=ctx->tmp_len;
ctx->tmp_len = i;
/* We need to scan, a line at a time until we
* have a valid line if we are starting. */
@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl)
* reading until a new line. */
if (p == (unsigned char *)&(ctx->tmp[0]))
{
ctx->tmp_nl=1;
ctx->tmp_len=0;
/* Check buffer full */
if (i == B64_BLOCK_SIZE)
{
ctx->tmp_nl=1;
ctx->tmp_len=0;
}
}
else if (p != q) /* finished on a '\n' */
{
@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl)
else
ctx->tmp_len=0;
}
/* If buffer isn't full and we can retry then
* restart to read in more data.
*/
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
continue;
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl)
i=EVP_DecodeUpdate(&(ctx->base64),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)ctx->tmp,i);
ctx->tmp_len = 0;
}
ctx->cont=i;
ctx->buf_off=0;
if (i < 0)
{
@ -484,10 +505,7 @@ again:
{
i=b64_write(b,NULL,0);
if (i < 0)
{
ret=i;
break;
}
return i;
}
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{

3
crypto/dist/openssl/crypto/evp/c_all.c vendored
View File

@ -59,6 +59,9 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#if 0
#undef OpenSSL_add_all_algorithms

3
crypto/dist/openssl/crypto/md5/Makefile.ssl vendored
View File

@ -6,7 +6,7 @@ DIR= md5
TOP= ../..
CC= cc
CPP= $(CC) -E
INCLUDES=
INCLUDES=-I.. -I$(TOP) -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
@ -20,6 +20,7 @@ AR= ar r
MD5_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=md5test.c

2
crypto/dist/openssl/crypto/md5/asm/md5-586.pl vendored
View File

@ -293,7 +293,7 @@ sub md5_block
&mov(&DWP(12,$tmp2,"",0),$D);
&cmp($tmp1,$X) unless $normal; # check count
&jge(&label("start")) unless $normal;
&jae(&label("start")) unless $normal;
&pop("eax"); # pop the temp variable off the stack
&pop("ebx");

4
crypto/dist/openssl/crypto/md5/asm/md5-sparcv9.S vendored
View File

@ -34,10 +34,12 @@
*
* or if above fails (it does if you have gas):
*
* gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
* gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
* as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
*/
#include <openssl/e_os2.h>
#define A %o0
#define B %o1
#define C %o2

2
crypto/dist/openssl/crypto/o_time.c vendored
View File

@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
{
struct tm *ts = NULL;
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX)
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
/* should return &data, but doesn't on some systems,
so we don't even look at the return value */
gmtime_r(timer,result);

4
crypto/dist/openssl/crypto/opensslv.h vendored
View File

@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x0090702fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7b 10 Apr 2003"
#define OPENSSL_VERSION_NUMBER 0x0090703fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

3
crypto/dist/openssl/crypto/perlasm/x86ms.pl vendored
View File

@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
sub main'ja { &out1("ja",@_); }
sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jnz { &out1("jnz",@_); }

3
crypto/dist/openssl/crypto/perlasm/x86nasm.pl vendored
View File

@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); }
sub main'jz { &out1("jz NEAR",@_); }
sub main'jge { &out1("jge NEAR",@_); }
sub main'jl { &out1("jl NEAR",@_); }
sub main'ja { &out1("ja NEAR",@_); }
sub main'jae { &out1("jae NEAR",@_); }
sub main'jb { &out1("jb NEAR",@_); }
sub main'jbe { &out1("jbe NEAR",@_); }
sub main'jc { &out1("jc NEAR",@_); }
sub main'jnc { &out1("jnc NEAR",@_); }
sub main'jnz { &out1("jnz NEAR",@_); }

3
crypto/dist/openssl/crypto/perlasm/x86unix.pl vendored
View File

@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
sub main'ja { &out1("ja",@_); }
sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jno { &out1("jno",@_); }

5
crypto/dist/openssl/crypto/pkcs7/pk7_doit.c vendored
View File

@ -767,6 +767,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
if (EVP_MD_CTX_type(mdc) == md_type)
break;
/* Workaround for some broken clients that put the signature
* OID instead of the digest OID in digest_alg->algorithm
*/
if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
break;
btmp=BIO_next(btmp);
}

14
crypto/dist/openssl/crypto/rand/rand_win.c vendored
View File

@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@ -431,7 +432,7 @@ int RAND_poll(void)
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
@ -440,6 +441,7 @@ int RAND_poll(void)
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
CLOSETOOLHELP32SNAPSHOT close_snap;
HANDLE handle;
HEAP32FIRST heap_first;
@ -457,6 +459,8 @@ int RAND_poll(void)
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
close_snap = (CLOSETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
@ -472,7 +476,7 @@ int RAND_poll(void)
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
!= NULL)
!= INVALID_HANDLE_VALUE)
{
/* heap list and heap walking */
/* HEAPLIST32 contains 3 fields that will change with
@ -534,8 +538,10 @@ int RAND_poll(void)
do
RAND_add(&m, m.dwSize, 9);
while (module_next(handle, &m));
CloseHandle(handle);
if (close_snap)
close_snap(handle);
else
CloseHandle(handle);
}
FreeLibrary(kernel);

5
crypto/dist/openssl/crypto/x509/x509type.c vendored
View File

@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
case EVP_PKEY_RSA:
ret|=EVP_PKS_RSA;
break;
case EVP_PKS_DSA:
case EVP_PKEY_DSA:
ret|=EVP_PKS_DSA;
break;
default:
break;
}
if (EVP_PKEY_size(pk) <= 512)
if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
for, not bytes */
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
return(ret);

2
crypto/dist/openssl/crypto/x509v3/v3_conf.c vendored
View File

@ -236,7 +236,7 @@ static int v3_check_critical(char **value)
static int v3_check_generic(char **value)
{
char *p = *value;
if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
p+=4;
while (isspace((unsigned char)*p)) p++;
*value = p;

24
crypto/dist/openssl/crypto/x509v3/v3_cpols.c vendored
View File

@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *polstrs, int ia5org);
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org);
static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
X509V3_EXT_METHOD v3_cpols = {
NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
qual = notice_section(ctx, unot, ia5org);
X509V3_section_free(ctx, unot);
if(!qual) goto err;
if(!pol->qualifiers) pol->qualifiers =
sk_POLICYQUALINFO_new_null();
if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
goto merr;
} else {
@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org)
{
int i;
int i, ret;
CONF_VALUE *cnf;
USERNOTICE *not;
POLICYQUALINFO *qual;
@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
if(!(nref = NOTICEREF_new())) goto merr;
not->noticeref = nref;
} else nref = not->noticeref;
if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
else nref->organization = M_ASN1_VISIBLESTRING_new();
if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
else nref->organization->type = V_ASN1_VISIBLESTRING;
if(!ASN1_STRING_set(nref->organization, cnf->value,
strlen(cnf->value))) goto merr;
} else if(!strcmp(cnf->name, "noticeNumbers")) {
@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
X509V3_conf_err(cnf);
goto err;
}
nref->noticenos = nref_nos(nos);
ret = nref_nos(nref->noticenos, nos);
sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
if(!nref->noticenos) goto err;
if (!ret)
goto err;
} else {
X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
X509V3_conf_err(cnf);
goto err;
}
@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
return NULL;
}
static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
{
STACK_OF(ASN1_INTEGER) *nnums;
CONF_VALUE *cnf;
ASN1_INTEGER *aint;
int i;
if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
cnf = sk_CONF_VALUE_value(nos, i);
if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
}
if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
}
return nnums;
return 1;
merr:
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
err:
sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
return NULL;
return 0;
}

1
crypto/dist/openssl/crypto/x509v3/v3_lib.c vendored
View File

@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
if(OBJ_obj2nid(ex->object) == nid) {
if(idx) {
*idx = i;
found_ex = ex;
break;
} else if(found_ex) {
/* Found more than one */

2
crypto/dist/openssl/crypto/x509v3/v3_prn.c vendored
View File

@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
j=X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
return 0;
if(!X509V3_EXT_print(bp, ex, flag, 12))
if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
{
BIO_printf(bp, "%*s", indent + 4, "");
M_ASN1_OCTET_STRING_print(bp,ex->value);

5
crypto/dist/openssl/doc/crypto/BIO_f_base64.pod vendored
View File

@ -55,16 +55,15 @@ to standard output:
Read Base64 encoded data from standard input and write the decoded
data to standard output:
BIO *bio, *b64, bio_out;
BIO *bio, *b64, *bio_out;
char inbuf[512];
int inlen;
char message[] = "Hello World \n";
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
bio = BIO_push(b64, bio);
while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0)
while((inlen = BIO_read(bio, inbuf, 512) > 0)
BIO_write(bio_out, inbuf, inlen);
BIO_free_all(bio);

6
crypto/dist/openssl/doc/ssl/SSL_CTX_set_verify.pod vendored
View File

@ -135,9 +135,9 @@ process is immediately stopped with "verification failed" state. If
SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
the verification process is continued. If B<verify_callback> always returns
1, the TLS/SSL handshake will never be terminated because of this application
experiencing a verification failure. The calling process can however
retrieve the error code of the last verification error using
1, the TLS/SSL handshake will not be terminated with respect to verification
failures and the connection will be established. The calling process can
however retrieve the error code of the last verification error using
L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its
own error storage managed by B<verify_callback>.

4
crypto/dist/openssl/doc/ssl/SSL_CTX_use_certificate.pod vendored
View File

@ -68,7 +68,9 @@ should be preferred.
SSL_CTX_use_certificate_chain_file() loads a certificate chain from
B<file> into B<ctx>. The certificates must be in PEM format and must
be sorted starting with the certificate to the highest level (root CA).
be sorted starting with the subject's certificate (actual client or server
certificate), followed by intermediate CA certificates if applicable, and
ending at the highest level (root) CA.
There is no corresponding function working on a single SSL object.
SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.

3
crypto/dist/openssl/doc/ssl/SSL_accept.pod vendored
View File

@ -28,7 +28,8 @@ should be called again.
If the underlying BIO is B<non-blocking>, SSL_accept() will also return
when the underlying BIO could not satisfy the needs of SSL_accept()
to continue the handshake. In this case a call to SSL_get_error() with the
to continue the handshake, indicating the problem by the return value -1.
In this case a call to SSL_get_error() with the
return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of SSL_accept().

3
crypto/dist/openssl/doc/ssl/SSL_connect.pod vendored
View File

@ -25,7 +25,8 @@ handshake has been finished or an error occurred.
If the underlying BIO is B<non-blocking>, SSL_connect() will also return
when the underlying BIO could not satisfy the needs of SSL_connect()
to continue the handshake. In this case a call to SSL_get_error() with the
to continue the handshake, indicating the problem by the return value -1.
In this case a call to SSL_get_error() with the
return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of SSL_connect().

20
crypto/dist/openssl/openssl.spec vendored
View File

@ -1,7 +1,7 @@
%define libmaj 0
%define libmin 9
%define librel 7
%define librev b
%define librev c
Release: 1
%define openssldir /var/ssl
@ -83,18 +83,18 @@ documentation and POD files from which the man pages were produced.
%build
%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr
%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
perl util/perlpath.pl /usr/bin/perl
%ifarch i386 i486 i586 i686
./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared
./Configure %{CONFIG_FLAGS} linux-elf shared
%endif
%ifarch ppc
./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared
./Configure %{CONFIG_FLAGS} linux-ppc shared
%endif
%ifarch alpha
./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared
./Configure %{CONFIG_FLAGS} linux-alpha shared
%endif
LD_LIBRARY_PATH=`pwd` make
LD_LIBRARY_PATH=`pwd` make rehash
@ -102,12 +102,7 @@ LD_LIBRARY_PATH=`pwd` make test
%install
rm -rf $RPM_BUILD_ROOT
make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install
# Rename manpages
for x in $RPM_BUILD_ROOT/usr/man/man*/*
do mv ${x} ${x}ssl
done
make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
# Make backwards-compatibility symlink to ssleay
ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
@ -135,6 +130,7 @@ rm -rf $RPM_BUILD_ROOT
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
%attr(0644,root,root) /usr/lib/*.a
%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
%attr(0644,root,root) /usr/include/openssl/*
%attr(0644,root,root) /usr/man/man[3]/*
@ -150,6 +146,8 @@ ldconfig
ldconfig
%changelog
* Wed May 7 2003 Richard Levitte <richard@levitte.org>
- Add /usr/lib/pkgconfig/openssl.pc to the development section.
* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
- Removed redundant subsection that re-installed libcrypto.a and libssl.a
as well. Also remove RSAref stuff completely, since it's not needed

35
crypto/dist/openssl/ssl/kssl.c vendored
View File

@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
"bad ticket from krb5_rd_req.\n");
}
else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
&krb5ticket->enc_part2->client->realm,
krb5ticket->enc_part2->client->data))
&krb5ticket->enc_part2->client->realm,
krb5ticket->enc_part2->client->data,
krb5ticket->enc_part2->client->length))
{
kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
"kssl_ctx_setprinc() fails.\n");
@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
}
/* Given a (krb5_data *) entity (and optional realm),
/* Given an array of (krb5_data *) entity (and optional realm),
** set the plain (char *) client_princ or service_host member
** of the kssl_ctx struct.
*/
krb5_error_code
kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
krb5_data *realm, krb5_data *entity)
krb5_data *realm, krb5_data *entity, int nentities)
{
char **princ;
int length;
int i;
if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR;
@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
}
if (*princ) free(*princ);
length = entity->length + ((realm)? realm->length + 2: 1);
/* Add up all the entity->lengths */
length = 0;
for (i=0; i < nentities; i++)
{
length += entity[i].length;
}
/* Add in space for the '/' character(s) (if any) */
length += nentities-1;
/* Space for the ('@'+realm+NULL | NULL) */
length += ((realm)? realm->length + 2: 1);
if ((*princ = calloc(1, length)) == NULL)
return KSSL_CTX_ERR;
else
{
strncpy(*princ, entity->data, entity->length);
(*princ)[entity->length]='\0';
{
for (i = 0; i < nentities; i++)
{
strncat(*princ, entity[i].data, entity[i].length);
if (i < nentities-1)
{
strcat (*princ, "/");
}
}
if (realm)
{
strcat (*princ, "@");
(void) strncat(*princ, realm->data, realm->length);
(*princ)[entity->length+1+realm->length]='\0';
}
}

2
crypto/dist/openssl/ssl/kssl.h vendored
View File

@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void);
KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
void kssl_ctx_show(KSSL_CTX *kssl_ctx);
krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
krb5_data *realm, krb5_data *entity);
krb5_data *realm, krb5_data *entity, int nentities);
krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
krb5_data *authenp, KSSL_ERR *kssl_err);
krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,

5
crypto/dist/openssl/ssl/ssl_lib.c vendored
View File

@ -473,6 +473,11 @@ void SSL_free(SSL *s)
if (s->method != NULL) s->method->ssl_free(s);
#ifndef OPENSSL_NO_KRB5
if (s->kssl_ctx != NULL)
kssl_ctx_free(s->kssl_ctx);
#endif /* OPENSSL_NO_KRB5 */
OPENSSL_free(s);
}

4
crypto/dist/openssl/ssl/ssl_rsa.c vendored
View File

@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
ok=1;
else
#endif
if (!X509_check_private_key(c->pkeys[i].x509,pkey))
if (!X509_check_private_key(c->pkeys[i].x509,pkey))
{
if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
{
@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
return(0);
}
ERR_clear_error(); /* make sure no error from X509_check_private_key()
* is left if we have chosen to ignore it */
if (c->pkeys[i].privatekey != NULL)
EVP_PKEY_free(c->pkeys[i].privatekey);
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);

2
crypto/dist/openssl/tools/c_rehash vendored
View File

@ -1,4 +1,4 @@
#!/usr/local/bin/perl
#!/usr/bin/perl
# Perl c_rehash script, scan all files in a directory

4
crypto/dist/openssl/util/extract-names.pl vendored
View File

@ -9,8 +9,8 @@ while(<STDIN>) {
} elsif ($name) {
if (/ - /) {
s/ - .*//;
s/[ \t,]+/ /g;
push @words, split ' ';
s/,[ \t]+/,/g;
push @words, split ',';
}
}
if (/^=head1 *NAME *$/) {

2
crypto/dist/openssl/util/libeay.num vendored
View File

@ -2801,3 +2801,5 @@ BIO_indent 3242 EXIST::FUNCTION:
BUF_strlcpy 3243 EXIST::FUNCTION:
OpenSSLDie 3244 EXIST::FUNCTION:
OPENSSL_cleanse 3245 EXIST::FUNCTION:
ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH

2
crypto/dist/openssl/util/pl/Mingw32.pl vendored
View File

@ -85,7 +85,7 @@ sub do_lib_rule
($Name=$name) =~ tr/a-z/A-Z/;
$ret.="$target: \$(${Name}OBJ)\n";
$ret.="\t\$(RM) $target\n";
$ret.="\tif exist $target \$(RM) $target\n";
$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
$ret.="\t\$(RANLIB) $target\n\n";
}

6
crypto/dist/openssl/util/point.sh vendored
View File

@ -1,10 +1,10 @@
#!/bin/sh
rm -f $2
rm -f "$2"
if test "$OSTYPE" = msdosdjgpp; then
cp $1 $2
cp "$1" "$2"
else
ln -s $1 $2
ln -s "$1" "$2"
fi
echo "$2 => $1"