From 2b3ef38d58c1bb0abff4bf611177fc76e78325fa Mon Sep 17 00:00:00 2001 From: "sangwan.kwon" Date: Fri, 18 Dec 2015 11:39:57 +0900 Subject: Imported Upstream version 1.0.2e Change-Id: Ib2b4a8546eecf9f4d4a80d8f91b48dbf50bff173 --- apps/Makefile | 2 +- apps/app_rand.c | 3 --- apps/apps.c | 9 +++++---- apps/asn1pars.c | 4 ++-- apps/ca.c | 14 +++++--------- apps/ecparam.c | 7 +++---- apps/engine.c | 5 ----- apps/md4.c | 2 +- apps/ocsp.c | 4 ++-- apps/pkcs12.c | 14 +++++++------- apps/s_cb.c | 5 +++++ apps/s_client.c | 11 +++++++++++ apps/s_server.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 13 files changed, 93 insertions(+), 38 deletions(-) (limited to 'apps') diff --git a/apps/Makefile b/apps/Makefile index cafe554..8c3297e 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/apps/app_rand.c b/apps/app_rand.c index 595fc78..7f40bba 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -124,10 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) char buffer[200]; #ifdef OPENSSL_SYS_WINDOWS - BIO_printf(bio_e, "Loading 'screen' into random state -"); - BIO_flush(bio_e); RAND_screen(); - BIO_printf(bio_e, " done\n"); #endif if (file == NULL) diff --git a/apps/apps.c b/apps/apps.c index 7478fc3..2e77805 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -119,9 +119,6 @@ #include #include #include -#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && !defined(NETWARE_CLIB) -# include -#endif #include #include #include @@ -1352,7 +1349,11 @@ int set_name_ex(unsigned long *flags, const char *arg) {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, {NULL, 0, 0} }; - return set_multi_opts(flags, arg, ex_tbl); + if (set_multi_opts(flags, arg, ex_tbl) == 0) + return 0; + if ((*flags & XN_FLAG_SEP_MASK) == 0) + *flags |= XN_FLAG_SEP_CPLUS_SPC; + return 1; } int set_ext_copy(int *copy_type, const char *arg) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 11b0787..0a6b990 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -313,9 +313,9 @@ int MAIN(int argc, char **argv) } typ = ASN1_TYPE_get(at); if ((typ == V_ASN1_OBJECT) + || (typ == V_ASN1_BOOLEAN) || (typ == V_ASN1_NULL)) { - BIO_printf(bio_err, "Can't parse %s type\n", - typ == V_ASN1_NULL ? "NULL" : "OBJECT"); + BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ)); ERR_print_errors(bio_err); goto end; } diff --git a/apps/ca.c b/apps/ca.c index 3b7336c..0b66095 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -99,25 +99,19 @@ #undef PROG #define PROG ca_main -#define BASE_SECTION "ca" -#define CONFIG_FILE "openssl.cnf" +#define BASE_SECTION "ca" +#define CONFIG_FILE "openssl.cnf" #define ENV_DEFAULT_CA "default_ca" -#define STRING_MASK "string_mask" +#define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define ENV_DIR "dir" -#define ENV_CERTS "certs" -#define ENV_CRL_DIR "crl_dir" -#define ENV_CA_DB "CA_DB" #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" #define ENV_CRLNUMBER "crlnumber" -#define ENV_CRL "crl" #define ENV_PRIVATE_KEY "private_key" -#define ENV_RANDFILE "RANDFILE" #define ENV_DEFAULT_DAYS "default_days" #define ENV_DEFAULT_STARTDATE "default_startdate" #define ENV_DEFAULT_ENDDATE "default_enddate" @@ -2538,6 +2532,8 @@ static int do_updatedb(CA_DB *db) char **rrow, *a_tm_s; a_tm = ASN1_UTCTIME_new(); + if (a_tm == NULL) + return -1; /* get actual time and make a string */ a_tm = X509_gmtime_adj(a_tm, 0); diff --git a/apps/ecparam.c b/apps/ecparam.c index 06ac77b..71b67f4 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -416,14 +416,13 @@ int MAIN(int argc, char **argv) } if (check) { - if (group == NULL) - BIO_printf(bio_err, "no elliptic curve parameters\n"); BIO_printf(bio_err, "checking elliptic curve parameters: "); if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); - } else - BIO_printf(bio_err, "ok\n"); + goto end; + } + BIO_printf(bio_err, "ok\n"); } diff --git a/apps/engine.c b/apps/engine.c index 3d70cac..460ec60 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -99,8 +99,6 @@ static void identity(char *ptr) static int append_buf(char **buf, const char *s, int *size, int step) { - int l = strlen(s); - if (*buf == NULL) { *size = step; *buf = OPENSSL_malloc(*size); @@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step) **buf = '\0'; } - if (**buf != '\0') - l += 2; /* ", " */ - if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { *size += step; *buf = OPENSSL_realloc(*buf, *size); diff --git a/apps/md4.c b/apps/md4.c index 7f457b2..03269af 120000 --- a/apps/md4.c +++ b/apps/md4.c @@ -1 +1 @@ -../crypto/md4/md4.c \ No newline at end of file +openssl-1.0.2e/../crypto/md4/md4.c \ No newline at end of file diff --git a/apps/ocsp.c b/apps/ocsp.c index 926083d..6ed255d 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1261,8 +1261,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path, return NULL; } - if (BIO_get_fd(cbio, &fd) <= 0) { - BIO_puts(err, "Can't get connection fd\n"); + if (BIO_get_fd(cbio, &fd) < 0) { + BIO_puts(bio_err, "Can't get connection fd\n"); goto err; } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 4ff6449..e41b445 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -134,13 +134,6 @@ int MAIN(int argc, char **argv) apps_startup(); -# ifdef OPENSSL_FIPS - if (FIPS_mode()) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -# endif - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - enc = EVP_des_ede3_cbc(); if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -148,6 +141,13 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +# ifdef OPENSSL_FIPS + if (FIPS_mode()) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +# endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + args = argv + 1; while (*args) { diff --git a/apps/s_cb.c b/apps/s_cb.c index dd3aa74..5b5e711 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -981,6 +981,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, extname = "next protocol"; break; #endif +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + case TLSEXT_TYPE_application_layer_protocol_negotiation: + extname = "application layer protocol negotiation"; + break; +#endif case TLSEXT_TYPE_padding: extname = "TLS padding"; diff --git a/apps/s_client.c b/apps/s_client.c index e55f2c5..f80711f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -424,6 +424,14 @@ static void sc_usage(void) " -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err, " -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n"); + BIO_printf(bio_err, + " -curves arg - Elliptic curves to advertise (colon-separated list)\n"); + BIO_printf(bio_err, + " -sigalgs arg - Signature algorithms to support (colon-separated list)\n"); + BIO_printf(bio_err, + " -client_sigalgs arg - Signature algorithms to support for client\n"); + BIO_printf(bio_err, + " certificate authentication (colon-separated list)\n"); #endif #ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err, @@ -2065,6 +2073,9 @@ int MAIN(int argc, char **argv) sk_X509_pop_free(chain, X509_free); if (pass) OPENSSL_free(pass); +#ifndef OPENSSL_NO_SRP + OPENSSL_free(srp_arg.srppassin); +#endif if (vpm) X509_VERIFY_PARAM_free(vpm); ssl_excert_free(exc); diff --git a/apps/s_server.c b/apps/s_server.c index acef382..f19532b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -652,6 +652,12 @@ static void sv_usage(void) " -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + BIO_printf(bio_err, + " -sigalgs arg - Signature algorithms to support (colon-separated list)\n"); + BIO_printf(bio_err, + " -client_sigalgs arg - Signature algorithms to support for client \n"); + BIO_printf(bio_err, + " certificate authentication (colon-separated list)\n"); # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); @@ -2881,6 +2887,21 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) goto err; } else { BIO_printf(bio_s_out, "read R BLOCK\n"); +#ifndef OPENSSL_NO_SRP + if (BIO_should_io_special(io) + && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + srp_callback_parm.user = + SRP_VBASE_get_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + continue; + } +#endif #if defined(OPENSSL_SYS_NETWARE) delay(1000); #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) @@ -3211,6 +3232,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) ERR_print_errors(bio_err); goto end; } +#ifndef OPENSSL_NO_SRP + if (BIO_should_io_special(io) + && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during accept\n"); + srp_callback_parm.user = + SRP_VBASE_get_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + continue; + } +#endif } BIO_printf(bio_err, "CONNECTION ESTABLISHED\n"); print_ssl_summary(bio_err, con); @@ -3224,6 +3260,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) goto err; } else { BIO_printf(bio_s_out, "read R BLOCK\n"); +#ifndef OPENSSL_NO_SRP + if (BIO_should_io_special(io) + && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + srp_callback_parm.user = + SRP_VBASE_get_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + continue; + } +#endif #if defined(OPENSSL_SYS_NETWARE) delay(1000); #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) -- cgit v1.2.3