svn commit: r331625 - in vendor-crypto/openssl/dist: . apps crypto crypto/asn1 crypto/bf crypto/bio crypto/bn crypto/conf crypto/des crypto/dh crypto/dsa crypto/ec crypto/ecdh crypto/engine crypto/...
Jung-uk Kim
jkim at FreeBSD.org
Tue Mar 27 17:03:04 UTC 2018
Author: jkim
Date: Tue Mar 27 17:03:01 2018
New Revision: 331625
URL: https://svnweb.freebsd.org/changeset/base/331625
Log:
Import OpenSSL 1.0.2o.
Modified:
vendor-crypto/openssl/dist/CHANGES
vendor-crypto/openssl/dist/Configure
vendor-crypto/openssl/dist/FREEBSD-upgrade
vendor-crypto/openssl/dist/LICENSE
vendor-crypto/openssl/dist/Makefile
vendor-crypto/openssl/dist/NEWS
vendor-crypto/openssl/dist/README
vendor-crypto/openssl/dist/apps/app_rand.c
vendor-crypto/openssl/dist/apps/apps.c
vendor-crypto/openssl/dist/apps/ca.c
vendor-crypto/openssl/dist/apps/ciphers.c
vendor-crypto/openssl/dist/apps/cms.c
vendor-crypto/openssl/dist/apps/dgst.c
vendor-crypto/openssl/dist/apps/dsaparam.c
vendor-crypto/openssl/dist/apps/ecparam.c
vendor-crypto/openssl/dist/apps/enc.c
vendor-crypto/openssl/dist/apps/errstr.c
vendor-crypto/openssl/dist/apps/ocsp.c
vendor-crypto/openssl/dist/apps/openssl.c
vendor-crypto/openssl/dist/apps/passwd.c
vendor-crypto/openssl/dist/apps/pkcs12.c
vendor-crypto/openssl/dist/apps/pkcs8.c
vendor-crypto/openssl/dist/apps/rand.c
vendor-crypto/openssl/dist/apps/req.c
vendor-crypto/openssl/dist/apps/s_client.c
vendor-crypto/openssl/dist/apps/s_server.c
vendor-crypto/openssl/dist/apps/s_socket.c
vendor-crypto/openssl/dist/apps/s_time.c
vendor-crypto/openssl/dist/apps/speed.c
vendor-crypto/openssl/dist/apps/x509.c
vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c
vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c
vendor-crypto/openssl/dist/crypto/asn1/a_object.c
vendor-crypto/openssl/dist/crypto/asn1/a_strex.c
vendor-crypto/openssl/dist/crypto/asn1/a_time.c
vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c
vendor-crypto/openssl/dist/crypto/asn1/asn1.h
vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c
vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c
vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c
vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c
vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c
vendor-crypto/openssl/dist/crypto/bf/bftest.c
vendor-crypto/openssl/dist/crypto/bio/b_dump.c
vendor-crypto/openssl/dist/crypto/bio/b_print.c
vendor-crypto/openssl/dist/crypto/bio/bio_cb.c
vendor-crypto/openssl/dist/crypto/bio/bss_bio.c
vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
vendor-crypto/openssl/dist/crypto/bio/bss_file.c
vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
vendor-crypto/openssl/dist/crypto/bn/bn_mont.c
vendor-crypto/openssl/dist/crypto/bn/bn_print.c
vendor-crypto/openssl/dist/crypto/bn/bntest.c
vendor-crypto/openssl/dist/crypto/bn/expspeed.c
vendor-crypto/openssl/dist/crypto/bn/exptest.c
vendor-crypto/openssl/dist/crypto/conf/conf_def.c
vendor-crypto/openssl/dist/crypto/conf/conf_mod.c
vendor-crypto/openssl/dist/crypto/des/destest.c
vendor-crypto/openssl/dist/crypto/des/ecb_enc.c
vendor-crypto/openssl/dist/crypto/des/fcrypt.c
vendor-crypto/openssl/dist/crypto/des/read_pwd.c
vendor-crypto/openssl/dist/crypto/des/set_key.c
vendor-crypto/openssl/dist/crypto/dh/dhtest.c
vendor-crypto/openssl/dist/crypto/dsa/dsatest.c
vendor-crypto/openssl/dist/crypto/ec/ec_lib.c
vendor-crypto/openssl/dist/crypto/ec/ec_mult.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistp224.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistp256.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistp521.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256.c
vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c
vendor-crypto/openssl/dist/crypto/ec/ectest.c
vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c
vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c
vendor-crypto/openssl/dist/crypto/engine/eng_table.c
vendor-crypto/openssl/dist/crypto/err/err.c
vendor-crypto/openssl/dist/crypto/err/err_prn.c
vendor-crypto/openssl/dist/crypto/evp/bio_b64.c
vendor-crypto/openssl/dist/crypto/evp/digest.c
vendor-crypto/openssl/dist/crypto/evp/e_aes.c
vendor-crypto/openssl/dist/crypto/evp/e_camellia.c
vendor-crypto/openssl/dist/crypto/evp/evp_enc.c
vendor-crypto/openssl/dist/crypto/evp/evp_locl.h
vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c
vendor-crypto/openssl/dist/crypto/evp/evp_test.c
vendor-crypto/openssl/dist/crypto/evp/openbsd_hw.c
vendor-crypto/openssl/dist/crypto/evp/p5_crpt2.c
vendor-crypto/openssl/dist/crypto/hmac/hmac.c
vendor-crypto/openssl/dist/crypto/jpake/jpake.c
vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c
vendor-crypto/openssl/dist/crypto/md4/md4.c
vendor-crypto/openssl/dist/crypto/mem_dbg.c
vendor-crypto/openssl/dist/crypto/o_init.c
vendor-crypto/openssl/dist/crypto/o_time.c
vendor-crypto/openssl/dist/crypto/objects/o_names.c
vendor-crypto/openssl/dist/crypto/objects/obj_dat.c
vendor-crypto/openssl/dist/crypto/opensslv.h
vendor-crypto/openssl/dist/crypto/pem/pem_info.c
vendor-crypto/openssl/dist/crypto/pem/pem_lib.c
vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c
vendor-crypto/openssl/dist/crypto/rand/md_rand.c
vendor-crypto/openssl/dist/crypto/rand/rand_egd.c
vendor-crypto/openssl/dist/crypto/rand/rand_unix.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_crpt.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_test.c
vendor-crypto/openssl/dist/crypto/srp/srp_grps.h
vendor-crypto/openssl/dist/crypto/threads/mttest.c
vendor-crypto/openssl/dist/crypto/ts/Makefile
vendor-crypto/openssl/dist/crypto/ts/ts_rsp_sign.c
vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c
vendor-crypto/openssl/dist/crypto/x509/x509_txt.c
vendor-crypto/openssl/dist/crypto/x509/x509_v3.c
vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_conf.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_info.c
vendor-crypto/openssl/dist/doc/apps/ca.pod
vendor-crypto/openssl/dist/doc/apps/ecparam.pod
vendor-crypto/openssl/dist/doc/apps/s_client.pod
vendor-crypto/openssl/dist/doc/apps/verify.pod
vendor-crypto/openssl/dist/doc/apps/x509.pod
vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_length.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_mem.pod
vendor-crypto/openssl/dist/doc/crypto/BN_zero.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod
vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
vendor-crypto/openssl/dist/doc/crypto/threads.pod
vendor-crypto/openssl/dist/engines/ccgost/README.gost
vendor-crypto/openssl/dist/engines/ccgost/gost_eng.c
vendor-crypto/openssl/dist/engines/e_atalla.c
vendor-crypto/openssl/dist/ssl/Makefile
vendor-crypto/openssl/dist/ssl/bad_dtls_test.c
vendor-crypto/openssl/dist/ssl/d1_lib.c
vendor-crypto/openssl/dist/ssl/d1_pkt.c
vendor-crypto/openssl/dist/ssl/fatalerrtest.c
vendor-crypto/openssl/dist/ssl/kssl.c
vendor-crypto/openssl/dist/ssl/s23_srvr.c
vendor-crypto/openssl/dist/ssl/s2_clnt.c
vendor-crypto/openssl/dist/ssl/s2_enc.c
vendor-crypto/openssl/dist/ssl/s2_lib.c
vendor-crypto/openssl/dist/ssl/s2_srvr.c
vendor-crypto/openssl/dist/ssl/s3_clnt.c
vendor-crypto/openssl/dist/ssl/s3_lib.c
vendor-crypto/openssl/dist/ssl/s3_pkt.c
vendor-crypto/openssl/dist/ssl/s3_srvr.c
vendor-crypto/openssl/dist/ssl/ssl_cert.c
vendor-crypto/openssl/dist/ssl/ssl_lib.c
vendor-crypto/openssl/dist/ssl/ssl_sess.c
vendor-crypto/openssl/dist/ssl/ssltest.c
vendor-crypto/openssl/dist/ssl/t1_enc.c
vendor-crypto/openssl/dist/ssl/t1_lib.c
vendor-crypto/openssl/dist/ssl/t1_trce.c
Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/CHANGES Tue Mar 27 17:03:01 2018 (r331625)
@@ -7,6 +7,21 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
+
+ *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+ Constructed ASN.1 types with a recursive definition (such as can be found
+ in PKCS7) could eventually exceed the stack given malicious input with
+ excessive recursion. This could result in a Denial Of Service attack. There
+ are no such structures used within SSL/TLS that come from untrusted sources
+ so this is considered safe.
+
+ This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+ project.
+ (CVE-2018-0739)
+ [Matt Caswell]
+
Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
*) Read/write after SSL object in error state
@@ -2012,8 +2027,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]
- *) Add SRP support.
- [Tom Wu <tjw at cs.stanford.edu> and Ben Laurie]
+ *) A long standing patch to add support for SRP from EdelWeb (Peter
+ Sylvester and Christophe Renou) was integrated.
+ [Christophe Renou <christophe.renou at edelweb.fr>, Peter Sylvester
+ <peter.sylvester at edelweb.fr>, Tom Wu <tjw at cs.stanford.edu>, and
+ Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]
Modified: vendor-crypto/openssl/dist/Configure
==============================================================================
--- vendor-crypto/openssl/dist/Configure Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/Configure Tue Mar 27 17:03:01 2018 (r331625)
@@ -354,7 +354,7 @@ my %table=(
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# DEC Alpha OSF/1/Tru64 targets.
#
@@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; }
-if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{
$cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
@@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
-my $ecc = $cc;
-$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+my %predefined;
+# collect compiler pre-defines from gcc or gcc-alike...
+open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
+while (<PIPE>) {
+ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+ $predefined{$1} = defined($2) ? $2 : "";
+}
+close(PIPE);
+
if ($strict_warnings)
{
my $wopt;
- die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+ die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
- if ($ecc eq "clang")
+ if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
@@ -1723,15 +1730,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Mar 27 17:03:01 2018 (r331625)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/V
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base"
-setenv OSSLVER 1.0.2n
-# OSSLTAG format: v1_0_2n
+setenv OSSLVER 1.0.2o
+# OSSLTAG format: v1_0_2o
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
Modified: vendor-crypto/openssl/dist/LICENSE
==============================================================================
--- vendor-crypto/openssl/dist/LICENSE Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/LICENSE Tue Mar 27 17:03:01 2018 (r331625)
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Modified: vendor-crypto/openssl/dist/Makefile
==============================================================================
--- vendor-crypto/openssl/dist/Makefile Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/Makefile Tue Mar 27 17:03:01 2018 (r331625)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2n
+VERSION=1.0.2o
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -73,7 +73,7 @@ NM= nm
PERL= /usr/bin/perl
TAR= tar
TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
+MAKEDEPPROG= cc
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
Modified: vendor-crypto/openssl/dist/NEWS
==============================================================================
--- vendor-crypto/openssl/dist/NEWS Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/NEWS Tue Mar 27 17:03:01 2018 (r331625)
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
+
+ o Constructed ASN.1 types with a recursive definition could exceed the
+ stack (CVE-2018-0739)
+
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
o Read/write after SSL object in error state (CVE-2017-3737)
Modified: vendor-crypto/openssl/dist/README
==============================================================================
--- vendor-crypto/openssl/dist/README Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/README Tue Mar 27 17:03:01 2018 (r331625)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2n 7 Dec 2017
+ OpenSSL 1.0.2o 27 Mar 2018
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: vendor-crypto/openssl/dist/apps/app_rand.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/app_rand.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/app_rand.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, i
#endif
if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
+ file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) {
/*
* we try if the given filename is an EGD socket. if it is, we don't
@@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
return 0;
if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
+ file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n");
return 0;
Modified: vendor-crypto/openssl/dist/apps/apps.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/apps.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/apps.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM
BUF_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
#ifdef RL_DEBUG
@@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
@@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err;
#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+ BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
#else
- BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+ BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
#endif
dbattr_conf = NCONF_new(NULL);
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
@@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
@@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_s
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
@@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *c
JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx);
- BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+ BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
(void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a);
}
@@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *c
JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx);
- BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+ BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
(void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b);
}
@@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
char buf[10240];
int l;
- l = BIO_gets(bconn, buf, sizeof buf);
+ l = BIO_gets(bconn, buf, sizeof(buf));
assert(l > 0);
assert(buf[l - 1] == '\n');
buf[l - 1] = '\0';
@@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *
int l;
JPAKE_STEP3A_init(&s3a);
- l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
- assert(l == sizeof s3a.hhk);
+ l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
+ assert(l == sizeof(s3a.hhk));
if (!JPAKE_STEP3A_process(ctx, &s3a)) {
ERR_print_errors(bio_err);
exit(1);
@@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *
int l;
JPAKE_STEP3B_init(&s3b);
- l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
- assert(l == sizeof s3b.hk);
+ l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
+ assert(l == sizeof(s3b.hk));
if (!JPAKE_STEP3B_process(ctx, &s3b)) {
ERR_print_errors(bio_err);
exit(1);
Modified: vendor-crypto/openssl/dist/apps/ca.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ca.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/ca.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
- X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
- NULL;
+ X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
ASN1_UTCTIME *tm, *tmptm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
@@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
- if (push != NULL)
- X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
goto err;
}
- if (verbose)
- BIO_printf(bio_err,
- "The subject name appears to be ok, checking data base for clashes\n");
-
- /* Build the correct Subject if no e-mail is wanted in the subject */
- /*
- * and add it later on because of the method extensions are added
- * (altName)
- */
-
- if (email_dn)
- dn_subject = subject;
- else {
- X509_NAME_ENTRY *tmpne;
- /*
- * Its best to dup the subject DN and then delete any email addresses
- * because this retains its structure.
- */
- if (!(dn_subject = X509_NAME_dup(subject))) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
- }
- while ((i = X509_NAME_get_index_by_NID(dn_subject,
- NID_pkcs9_emailAddress,
- -1)) >= 0) {
- tmpne = X509_NAME_get_entry(dn_subject, i);
- X509_NAME_delete_entry(dn_subject, i);
- X509_NAME_ENTRY_free(tmpne);
- }
- }
-
- if (BN_is_zero(serial))
- row[DB_serial] = BUF_strdup("00");
- else
- row[DB_serial] = BN_bn2hex(serial);
- if (row[DB_serial] == NULL) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
- }
-
- if (db->attributes.unique_subject) {
- OPENSSL_STRING *crow = row;
-
- rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
- if (rrow != NULL) {
- BIO_printf(bio_err,
- "ERROR:There is already a certificate for %s\n",
- row[DB_name]);
- }
- }
- if (rrow == NULL) {
- rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
- if (rrow != NULL) {
- BIO_printf(bio_err,
- "ERROR:Serial number %s has already been issued,\n",
- row[DB_serial]);
- BIO_printf(bio_err,
- " check the database/serial_file for corruption\n");
- }
- }
-
- if (rrow != NULL) {
- BIO_printf(bio_err, "The matching entry has the following details\n");
- if (rrow[DB_type][0] == 'E')
- p = "Expired";
- else if (rrow[DB_type][0] == 'R')
- p = "Revoked";
- else if (rrow[DB_type][0] == 'V')
- p = "Valid";
- else
- p = "\ninvalid type, Data base error\n";
- BIO_printf(bio_err, "Type :%s\n", p);;
- if (rrow[DB_type][0] == 'R') {
- p = rrow[DB_exp_date];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Was revoked on:%s\n", p);
- }
- p = rrow[DB_exp_date];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Expires on :%s\n", p);
- p = rrow[DB_serial];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Serial Number :%s\n", p);
- p = rrow[DB_file];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "File name :%s\n", p);
- p = rrow[DB_name];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Subject Name :%s\n", p);
- ok = -1; /* This is now a 'bad' error. */
- goto err;
- }
-
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,
@@ -2056,12 +1955,126 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
goto err;
}
- /* Set the right value for the noemailDN option */
- if (email_dn == 0) {
- if (!X509_set_subject_name(ret, dn_subject))
+ if (verbose)
+ BIO_printf(bio_err,
+ "The subject name appears to be ok, checking data base for clashes\n");
+
+ /* Build the correct Subject if no e-mail is wanted in the subject */
+
+ if (!email_dn) {
+ X509_NAME_ENTRY *tmpne;
+ X509_NAME *dn_subject;
+
+ /*
+ * Its best to dup the subject DN and then delete any email addresses
+ * because this retains its structure.
+ */
+ if (!(dn_subject = X509_NAME_dup(subject))) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
+ }
+ while ((i = X509_NAME_get_index_by_NID(dn_subject,
+ NID_pkcs9_emailAddress,
+ -1)) >= 0) {
+ tmpne = X509_NAME_get_entry(dn_subject, i);
+ X509_NAME_delete_entry(dn_subject, i);
+ X509_NAME_ENTRY_free(tmpne);
+ }
+
+ if (!X509_set_subject_name(ret, dn_subject)) {
+ X509_NAME_free(dn_subject);
+ goto err;
+ }
+ X509_NAME_free(dn_subject);
}
+ row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+ if (row[DB_name] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ if (BN_is_zero(serial))
+ row[DB_serial] = BUF_strdup("00");
+ else
+ row[DB_serial] = BN_bn2hex(serial);
+ if (row[DB_serial] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ if (row[DB_name][0] == '\0') {
+ /*
+ * An empty subject! We'll use the serial number instead. If
+ * unique_subject is in use then we don't want different entries with
+ * empty subjects matching each other.
+ */
+ OPENSSL_free(row[DB_name]);
+ row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+ if (row[DB_name] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+
+ if (db->attributes.unique_subject) {
+ OPENSSL_STRING *crow = row;
+
+ rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
+ }
+ if (rrow == NULL) {
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
+ BIO_printf(bio_err,
+ " check the database/serial_file for corruption\n");
+ }
+ }
+
+ if (rrow != NULL) {
+ BIO_printf(bio_err, "The matching entry has the following details\n");
+ if (rrow[DB_type][0] == 'E')
+ p = "Expired";
+ else if (rrow[DB_type][0] == 'R')
+ p = "Revoked";
+ else if (rrow[DB_type][0] == 'V')
+ p = "Valid";
+ else
+ p = "\ninvalid type, Data base error\n";
+ BIO_printf(bio_err, "Type :%s\n", p);;
+ if (rrow[DB_type][0] == 'R') {
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Was revoked on:%s\n", p);
+ }
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Expires on :%s\n", p);
+ p = rrow[DB_serial];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Serial Number :%s\n", p);
+ p = rrow[DB_file];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "File name :%s\n", p);
+ p = rrow[DB_name];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Subject Name :%s\n", p);
+ ok = -1; /* This is now a 'bad' error. */
+ goto err;
+ }
+
if (!default_op) {
BIO_printf(bio_err, "Certificate Details:\n");
/*
@@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8);
- row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) ||
- (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+ (row[DB_file] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
irow = NULL;
ok = 1;
err:
- if (irow != NULL) {
+ if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
- OPENSSL_free(irow);
}
+ OPENSSL_free(irow);
if (CAname != NULL)
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
- if ((dn_subject != NULL) && !email_dn)
- X509_NAME_free(dn_subject);
if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm);
if (ok <= 0) {
@@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type,
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
+ if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+ /* Entries with empty Subjects actually use the serial number instead */
+ OPENSSL_free(row[DB_name]);
+ row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+ }
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
Modified: vendor-crypto/openssl/dist/apps/ciphers.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ciphers.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/ciphers.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -217,7 +217,7 @@ int MAIN(int argc, char **argv)
BIO_printf(STDout, "%s - ", nm);
}
#endif
- BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
+ BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
Modified: vendor-crypto/openssl/dist/apps/cms.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/cms.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/cms.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -977,12 +977,16 @@ int MAIN(int argc, char **argv)
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate");
- if (!signer)
+ if (!signer) {
+ ret = 2;
goto end;
+ }
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
- if (!key)
+ if (!key) {
+ ret = 2;
goto end;
+ }
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
Modified: vendor-crypto/openssl/dist/apps/dgst.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/dgst.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/dgst.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -145,7 +145,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
- program_name(argv[0], pname, sizeof pname);
+ program_name(argv[0], pname, sizeof(pname));
md = EVP_get_digestbyname(pname);
Modified: vendor-crypto/openssl/dist/apps/dsaparam.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/dsaparam.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/dsaparam.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -382,6 +382,9 @@ int MAIN(int argc, char **argv)
printf("\treturn(dsa);\n\t}\n");
}
+ if (outformat == FORMAT_ASN1 && genkey)
+ noout = 1;
+
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
Modified: vendor-crypto/openssl/dist/apps/ecparam.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ecparam.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/ecparam.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -546,6 +546,9 @@ int MAIN(int argc, char **argv)
BIO_printf(out, "\treturn(group);\n\t}\n");
}
+ if (outformat == FORMAT_ASN1 && genkey)
+ noout = 1;
+
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
@@ -581,6 +584,9 @@ int MAIN(int argc, char **argv)
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
+
+ if (new_form)
+ EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
EC_KEY_free(eckey);
Modified: vendor-crypto/openssl/dist/apps/enc.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/enc.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/enc.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -114,7 +114,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
static const char magic[] = "Salted__";
- char mbuf[sizeof magic - 1];
+ char mbuf[sizeof(magic) - 1];
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
@@ -154,7 +154,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
- program_name(argv[0], pname, sizeof pname);
+ program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0)
base64 = 1;
#ifdef ZLIB
@@ -247,7 +247,7 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0] = '\0';
- if (!fgets(buf, sizeof buf, infile)) {
+ if (!fgets(buf, sizeof(buf), infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad;
}
@@ -432,7 +432,7 @@ int MAIN(int argc, char **argv)
for (;;) {
char buf[200];
- BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
+ BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
@@ -517,31 +517,31 @@ int MAIN(int argc, char **argv)
else {
if (enc) {
if (hsalt) {
- if (!set_hex(hsalt, salt, sizeof salt)) {
+ if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
- } else if (RAND_bytes(salt, sizeof salt) <= 0)
+ } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end;
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
- sizeof magic - 1) != sizeof magic - 1
+ sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
- sizeof salt) != sizeof salt)) {
+ sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
- } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+ } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
- sizeof salt) != sizeof salt) {
+ sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
- } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+ } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
@@ -564,7 +564,7 @@ int MAIN(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
- } else if (!set_hex(hiv, iv, sizeof iv)) {
+ } else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
Modified: vendor-crypto/openssl/dist/apps/errstr.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/errstr.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/errstr.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
for (i = 1; i < argc; i++) {
if (sscanf(argv[i], "%lx", &l)) {
- ERR_error_string_n(l, buf, sizeof buf);
+ ERR_error_string_n(l, buf, sizeof(buf));
printf("%s\n", buf);
} else {
printf("%s: bad error code\n", argv[i]);
Modified: vendor-crypto/openssl/dist/apps/ocsp.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ocsp.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/ocsp.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcb
*pcbio = cbio;
for (;;) {
- len = BIO_gets(cbio, inbuf, sizeof inbuf);
+ len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
Modified: vendor-crypto/openssl/dist/apps/openssl.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/openssl.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/openssl.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[])
prog = prog_init();
/* first check the program name */
- program_name(Argv[0], pname, sizeof pname);
+ program_name(Argv[0], pname, sizeof(pname));
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
@@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[])
for (;;) {
ret = 0;
p = buf;
- n = sizeof buf;
+ n = sizeof(buf);
i = 0;
for (;;) {
p[0] = '\0';
@@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void)
/* Purely so it looks nice when the user hits ? */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
- qsort(functions, i, sizeof *functions, SortFnByName);
+ qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new()) == NULL)
return (NULL);
Modified: vendor-crypto/openssl/dist/apps/passwd.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/passwd.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/passwd.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
/* ignore rest of line */
char trash[BUFSIZ];
do
- r = BIO_gets(in, trash, sizeof trash);
+ r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n')));
}
@@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
- EVP_DigestUpdate(&md, buf, sizeof buf);
+ for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf))
+ EVP_DigestUpdate(&md, buf, sizeof(buf));
EVP_DigestUpdate(&md, buf, i);
n = passwd_len;
@@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *
for (i = 0; i < 1000; i++) {
EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
+ (i & 1) ? passwd_len : sizeof(buf));
if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
- (i & 1) ? sizeof buf : passwd_len);
+ (i & 1) ? sizeof(buf) : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
}
EVP_MD_CTX_cleanup(&md2);
@@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *
{
/* transform buf into output string */
- unsigned char buf_perm[sizeof buf];
+ unsigned char buf_perm[sizeof(buf)];
int dest, source;
char *output;
@@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
- assert(16 == sizeof buf_perm);
+ assert(16 == sizeof(buf_perm));
# endif
output = salt_out + salt_len;
Modified: vendor-crypto/openssl/dist/apps/pkcs12.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/pkcs12.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/pkcs12.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read MAC password");
# endif
if (EVP_read_pw_string
- (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+ (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -629,13 +629,13 @@ int MAIN(int argc, char **argv)
# endif
if (!noprompt &&
- EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
+ EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
if (!twopass)
- BUF_strlcpy(macpass, pass, sizeof macpass);
+ BUF_strlcpy(macpass, pass, sizeof(macpass));
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -698,7 +698,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read import password");
# endif
if (!noprompt
- && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
+ && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
@@ -708,7 +708,7 @@ int MAIN(int argc, char **argv)
# endif
if (!twopass)
- BUF_strlcpy(macpass, pass, sizeof macpass);
+ BUF_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && p12->mac)
BIO_printf(bio_err, "MAC Iteration %ld\n",
Modified: vendor-crypto/openssl/dist/apps/pkcs8.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/pkcs8.c Tue Mar 27 16:38:32 2018 (r331624)
+++ vendor-crypto/openssl/dist/apps/pkcs8.c Tue Mar 27 17:03:01 2018 (r331625)
@@ -277,7 +277,7 @@ int MAIN(int argc, char **argv)
else {
p8pass = pass;
if (EVP_read_pw_string
- (pass, sizeof pass, "Enter Encryption Password:", 1))
+ (pass, sizeof(pass), "Enter Encryption Password:", 1))
goto end;
}
app_RAND_load_file(NULL, bio_err, 0);
@@ -331,7 +331,7 @@ int MAIN(int argc, char **argv)
p8pass = passin;
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list