svn commit: r331627 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto...
Jung-uk Kim
jkim at FreeBSD.org
Tue Mar 27 17:18:02 UTC 2018
Author: jkim
Date: Tue Mar 27 17:17:58 2018
New Revision: 331627
URL: https://svnweb.freebsd.org/changeset/base/331627
Log:
Merge OpenSSL 1.0.2o.
Modified:
head/crypto/openssl/CHANGES
head/crypto/openssl/Configure
head/crypto/openssl/LICENSE
head/crypto/openssl/Makefile
head/crypto/openssl/NEWS
head/crypto/openssl/README
head/crypto/openssl/apps/app_rand.c
head/crypto/openssl/apps/apps.c
head/crypto/openssl/apps/ca.c
head/crypto/openssl/apps/ciphers.c
head/crypto/openssl/apps/cms.c
head/crypto/openssl/apps/dgst.c
head/crypto/openssl/apps/dsaparam.c
head/crypto/openssl/apps/ecparam.c
head/crypto/openssl/apps/enc.c
head/crypto/openssl/apps/errstr.c
head/crypto/openssl/apps/ocsp.c
head/crypto/openssl/apps/openssl.c
head/crypto/openssl/apps/passwd.c
head/crypto/openssl/apps/pkcs12.c
head/crypto/openssl/apps/pkcs8.c
head/crypto/openssl/apps/rand.c
head/crypto/openssl/apps/req.c
head/crypto/openssl/apps/s_client.c
head/crypto/openssl/apps/s_server.c
head/crypto/openssl/apps/s_socket.c
head/crypto/openssl/apps/s_time.c
head/crypto/openssl/apps/speed.c
head/crypto/openssl/apps/x509.c
head/crypto/openssl/crypto/asn1/a_gentm.c
head/crypto/openssl/crypto/asn1/a_mbstr.c
head/crypto/openssl/crypto/asn1/a_object.c
head/crypto/openssl/crypto/asn1/a_strex.c
head/crypto/openssl/crypto/asn1/a_time.c
head/crypto/openssl/crypto/asn1/a_utctm.c
head/crypto/openssl/crypto/asn1/asn1.h
head/crypto/openssl/crypto/asn1/asn1_err.c
head/crypto/openssl/crypto/asn1/asn1_lib.c
head/crypto/openssl/crypto/asn1/asn1_par.c
head/crypto/openssl/crypto/asn1/asn_mime.c
head/crypto/openssl/crypto/asn1/t_x509a.c
head/crypto/openssl/crypto/asn1/tasn_dec.c
head/crypto/openssl/crypto/asn1/tasn_prn.c
head/crypto/openssl/crypto/bf/bftest.c
head/crypto/openssl/crypto/bio/b_dump.c
head/crypto/openssl/crypto/bio/b_print.c
head/crypto/openssl/crypto/bio/bio_cb.c
head/crypto/openssl/crypto/bio/bss_bio.c
head/crypto/openssl/crypto/bio/bss_conn.c
head/crypto/openssl/crypto/bio/bss_file.c
head/crypto/openssl/crypto/bn/bn_exp.c
head/crypto/openssl/crypto/bn/bn_lib.c
head/crypto/openssl/crypto/bn/bn_mont.c
head/crypto/openssl/crypto/bn/bn_print.c
head/crypto/openssl/crypto/bn/bntest.c
head/crypto/openssl/crypto/bn/expspeed.c
head/crypto/openssl/crypto/bn/exptest.c
head/crypto/openssl/crypto/conf/conf_def.c
head/crypto/openssl/crypto/conf/conf_mod.c
head/crypto/openssl/crypto/des/destest.c
head/crypto/openssl/crypto/des/ecb_enc.c
head/crypto/openssl/crypto/des/fcrypt.c
head/crypto/openssl/crypto/des/read_pwd.c
head/crypto/openssl/crypto/des/set_key.c
head/crypto/openssl/crypto/dh/dhtest.c
head/crypto/openssl/crypto/dsa/dsatest.c
head/crypto/openssl/crypto/ec/ec_lib.c
head/crypto/openssl/crypto/ec/ec_mult.c
head/crypto/openssl/crypto/ec/ecp_nistp224.c
head/crypto/openssl/crypto/ec/ecp_nistp256.c
head/crypto/openssl/crypto/ec/ecp_nistp521.c
head/crypto/openssl/crypto/ec/ecp_nistz256.c
head/crypto/openssl/crypto/ec/ecp_smpl.c
head/crypto/openssl/crypto/ec/ectest.c
head/crypto/openssl/crypto/ecdh/ecdhtest.c
head/crypto/openssl/crypto/engine/eng_cryptodev.c
head/crypto/openssl/crypto/engine/eng_table.c
head/crypto/openssl/crypto/err/err.c
head/crypto/openssl/crypto/err/err_prn.c
head/crypto/openssl/crypto/evp/bio_b64.c
head/crypto/openssl/crypto/evp/digest.c
head/crypto/openssl/crypto/evp/e_aes.c
head/crypto/openssl/crypto/evp/e_camellia.c
head/crypto/openssl/crypto/evp/evp_enc.c
head/crypto/openssl/crypto/evp/evp_locl.h
head/crypto/openssl/crypto/evp/evp_pbe.c
head/crypto/openssl/crypto/evp/evp_test.c
head/crypto/openssl/crypto/evp/openbsd_hw.c
head/crypto/openssl/crypto/evp/p5_crpt2.c
head/crypto/openssl/crypto/hmac/hmac.c
head/crypto/openssl/crypto/jpake/jpake.c
head/crypto/openssl/crypto/md2/md2_dgst.c
head/crypto/openssl/crypto/md4/md4.c
head/crypto/openssl/crypto/mem_dbg.c
head/crypto/openssl/crypto/o_init.c
head/crypto/openssl/crypto/o_time.c
head/crypto/openssl/crypto/objects/o_names.c
head/crypto/openssl/crypto/objects/obj_dat.c
head/crypto/openssl/crypto/opensslv.h
head/crypto/openssl/crypto/pem/pem_info.c
head/crypto/openssl/crypto/pem/pem_lib.c
head/crypto/openssl/crypto/pkcs7/pk7_doit.c
head/crypto/openssl/crypto/rand/md_rand.c
head/crypto/openssl/crypto/rand/rand_egd.c
head/crypto/openssl/crypto/rand/rand_unix.c
head/crypto/openssl/crypto/rsa/rsa_crpt.c
head/crypto/openssl/crypto/rsa/rsa_gen.c
head/crypto/openssl/crypto/rsa/rsa_pss.c
head/crypto/openssl/crypto/rsa/rsa_test.c
head/crypto/openssl/crypto/srp/srp_grps.h
head/crypto/openssl/crypto/threads/mttest.c
head/crypto/openssl/crypto/ts/Makefile
head/crypto/openssl/crypto/ts/ts_rsp_sign.c
head/crypto/openssl/crypto/ui/ui_openssl.c
head/crypto/openssl/crypto/x509/x509_txt.c
head/crypto/openssl/crypto/x509/x509_v3.c
head/crypto/openssl/crypto/x509/x509_vpm.c
head/crypto/openssl/crypto/x509v3/v3_alt.c
head/crypto/openssl/crypto/x509v3/v3_conf.c
head/crypto/openssl/crypto/x509v3/v3_info.c
head/crypto/openssl/doc/apps/ca.pod
head/crypto/openssl/doc/apps/ecparam.pod
head/crypto/openssl/doc/apps/s_client.pod
head/crypto/openssl/doc/apps/verify.pod
head/crypto/openssl/doc/apps/x509.pod
head/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
head/crypto/openssl/doc/crypto/BIO_s_mem.pod
head/crypto/openssl/doc/crypto/BN_zero.pod
head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
head/crypto/openssl/doc/crypto/threads.pod
head/crypto/openssl/engines/ccgost/README.gost
head/crypto/openssl/engines/ccgost/gost_eng.c
head/crypto/openssl/engines/e_atalla.c
head/crypto/openssl/ssl/Makefile
head/crypto/openssl/ssl/bad_dtls_test.c
head/crypto/openssl/ssl/d1_lib.c
head/crypto/openssl/ssl/d1_pkt.c
head/crypto/openssl/ssl/fatalerrtest.c
head/crypto/openssl/ssl/kssl.c
head/crypto/openssl/ssl/s23_srvr.c
head/crypto/openssl/ssl/s2_clnt.c
head/crypto/openssl/ssl/s2_enc.c
head/crypto/openssl/ssl/s2_lib.c
head/crypto/openssl/ssl/s2_srvr.c
head/crypto/openssl/ssl/s3_clnt.c
head/crypto/openssl/ssl/s3_lib.c
head/crypto/openssl/ssl/s3_pkt.c
head/crypto/openssl/ssl/s3_srvr.c
head/crypto/openssl/ssl/ssl_cert.c
head/crypto/openssl/ssl/ssl_lib.c
head/crypto/openssl/ssl/ssl_sess.c
head/crypto/openssl/ssl/ssltest.c
head/crypto/openssl/ssl/t1_enc.c
head/crypto/openssl/ssl/t1_lib.c
head/crypto/openssl/ssl/t1_trce.c
head/secure/lib/libcrypto/Makefile.inc
head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_length.3
head/secure/lib/libcrypto/man/ASN1_STRING_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
head/secure/lib/libcrypto/man/ASN1_TIME_set.3
head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
head/secure/lib/libcrypto/man/BIO_ctrl.3
head/secure/lib/libcrypto/man/BIO_f_base64.3
head/secure/lib/libcrypto/man/BIO_f_buffer.3
head/secure/lib/libcrypto/man/BIO_f_cipher.3
head/secure/lib/libcrypto/man/BIO_f_md.3
head/secure/lib/libcrypto/man/BIO_f_null.3
head/secure/lib/libcrypto/man/BIO_f_ssl.3
head/secure/lib/libcrypto/man/BIO_find_type.3
head/secure/lib/libcrypto/man/BIO_new.3
head/secure/lib/libcrypto/man/BIO_new_CMS.3
head/secure/lib/libcrypto/man/BIO_push.3
head/secure/lib/libcrypto/man/BIO_read.3
head/secure/lib/libcrypto/man/BIO_s_accept.3
head/secure/lib/libcrypto/man/BIO_s_bio.3
head/secure/lib/libcrypto/man/BIO_s_connect.3
head/secure/lib/libcrypto/man/BIO_s_fd.3
head/secure/lib/libcrypto/man/BIO_s_file.3
head/secure/lib/libcrypto/man/BIO_s_mem.3
head/secure/lib/libcrypto/man/BIO_s_null.3
head/secure/lib/libcrypto/man/BIO_s_socket.3
head/secure/lib/libcrypto/man/BIO_set_callback.3
head/secure/lib/libcrypto/man/BIO_should_retry.3
head/secure/lib/libcrypto/man/BN_BLINDING_new.3
head/secure/lib/libcrypto/man/BN_CTX_new.3
head/secure/lib/libcrypto/man/BN_CTX_start.3
head/secure/lib/libcrypto/man/BN_add.3
head/secure/lib/libcrypto/man/BN_add_word.3
head/secure/lib/libcrypto/man/BN_bn2bin.3
head/secure/lib/libcrypto/man/BN_cmp.3
head/secure/lib/libcrypto/man/BN_copy.3
head/secure/lib/libcrypto/man/BN_generate_prime.3
head/secure/lib/libcrypto/man/BN_mod_inverse.3
head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
head/secure/lib/libcrypto/man/BN_new.3
head/secure/lib/libcrypto/man/BN_num_bytes.3
head/secure/lib/libcrypto/man/BN_rand.3
head/secure/lib/libcrypto/man/BN_set_bit.3
head/secure/lib/libcrypto/man/BN_swap.3
head/secure/lib/libcrypto/man/BN_zero.3
head/secure/lib/libcrypto/man/CMS_add0_cert.3
head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
head/secure/lib/libcrypto/man/CMS_add1_signer.3
head/secure/lib/libcrypto/man/CMS_compress.3
head/secure/lib/libcrypto/man/CMS_decrypt.3
head/secure/lib/libcrypto/man/CMS_encrypt.3
head/secure/lib/libcrypto/man/CMS_final.3
head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
head/secure/lib/libcrypto/man/CMS_get0_type.3
head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
head/secure/lib/libcrypto/man/CMS_sign.3
head/secure/lib/libcrypto/man/CMS_sign_receipt.3
head/secure/lib/libcrypto/man/CMS_uncompress.3
head/secure/lib/libcrypto/man/CMS_verify.3
head/secure/lib/libcrypto/man/CMS_verify_receipt.3
head/secure/lib/libcrypto/man/CONF_modules_free.3
head/secure/lib/libcrypto/man/CONF_modules_load_file.3
head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
head/secure/lib/libcrypto/man/DH_generate_key.3
head/secure/lib/libcrypto/man/DH_generate_parameters.3
head/secure/lib/libcrypto/man/DH_get_ex_new_index.3
head/secure/lib/libcrypto/man/DH_new.3
head/secure/lib/libcrypto/man/DH_set_method.3
head/secure/lib/libcrypto/man/DH_size.3
head/secure/lib/libcrypto/man/DSA_SIG_new.3
head/secure/lib/libcrypto/man/DSA_do_sign.3
head/secure/lib/libcrypto/man/DSA_dup_DH.3
head/secure/lib/libcrypto/man/DSA_generate_key.3
head/secure/lib/libcrypto/man/DSA_generate_parameters.3
head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/DSA_new.3
head/secure/lib/libcrypto/man/DSA_set_method.3
head/secure/lib/libcrypto/man/DSA_sign.3
head/secure/lib/libcrypto/man/DSA_size.3
head/secure/lib/libcrypto/man/EC_GFp_simple_method.3
head/secure/lib/libcrypto/man/EC_GROUP_copy.3
head/secure/lib/libcrypto/man/EC_GROUP_new.3
head/secure/lib/libcrypto/man/EC_KEY_new.3
head/secure/lib/libcrypto/man/EC_POINT_add.3
head/secure/lib/libcrypto/man/EC_POINT_new.3
head/secure/lib/libcrypto/man/ERR_GET_LIB.3
head/secure/lib/libcrypto/man/ERR_clear_error.3
head/secure/lib/libcrypto/man/ERR_error_string.3
head/secure/lib/libcrypto/man/ERR_get_error.3
head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
head/secure/lib/libcrypto/man/ERR_load_strings.3
head/secure/lib/libcrypto/man/ERR_print_errors.3
head/secure/lib/libcrypto/man/ERR_put_error.3
head/secure/lib/libcrypto/man/ERR_remove_state.3
head/secure/lib/libcrypto/man/ERR_set_mark.3
head/secure/lib/libcrypto/man/EVP_BytesToKey.3
head/secure/lib/libcrypto/man/EVP_DigestInit.3
head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
head/secure/lib/libcrypto/man/EVP_EncodeInit.3
head/secure/lib/libcrypto/man/EVP_EncryptInit.3
head/secure/lib/libcrypto/man/EVP_OpenInit.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
head/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
head/secure/lib/libcrypto/man/EVP_SealInit.3
head/secure/lib/libcrypto/man/EVP_SignInit.3
head/secure/lib/libcrypto/man/EVP_VerifyInit.3
head/secure/lib/libcrypto/man/OBJ_nid2obj.3
head/secure/lib/libcrypto/man/OPENSSL_Applink.3
head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
head/secure/lib/libcrypto/man/OPENSSL_config.3
head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
head/secure/lib/libcrypto/man/PKCS12_create.3
head/secure/lib/libcrypto/man/PKCS12_parse.3
head/secure/lib/libcrypto/man/PKCS7_decrypt.3
head/secure/lib/libcrypto/man/PKCS7_encrypt.3
head/secure/lib/libcrypto/man/PKCS7_sign.3
head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
head/secure/lib/libcrypto/man/PKCS7_verify.3
head/secure/lib/libcrypto/man/RAND_add.3
head/secure/lib/libcrypto/man/RAND_bytes.3
head/secure/lib/libcrypto/man/RAND_cleanup.3
head/secure/lib/libcrypto/man/RAND_egd.3
head/secure/lib/libcrypto/man/RAND_load_file.3
head/secure/lib/libcrypto/man/RAND_set_rand_method.3
head/secure/lib/libcrypto/man/RSA_blinding_on.3
head/secure/lib/libcrypto/man/RSA_check_key.3
head/secure/lib/libcrypto/man/RSA_generate_key.3
head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/RSA_new.3
head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
head/secure/lib/libcrypto/man/RSA_print.3
head/secure/lib/libcrypto/man/RSA_private_encrypt.3
head/secure/lib/libcrypto/man/RSA_public_encrypt.3
head/secure/lib/libcrypto/man/RSA_set_method.3
head/secure/lib/libcrypto/man/RSA_sign.3
head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
head/secure/lib/libcrypto/man/RSA_size.3
head/secure/lib/libcrypto/man/SMIME_read_CMS.3
head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
head/secure/lib/libcrypto/man/SMIME_write_CMS.3
head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
head/secure/lib/libcrypto/man/X509_check_host.3
head/secure/lib/libcrypto/man/X509_check_private_key.3
head/secure/lib/libcrypto/man/X509_new.3
head/secure/lib/libcrypto/man/X509_verify_cert.3
head/secure/lib/libcrypto/man/bio.3
head/secure/lib/libcrypto/man/blowfish.3
head/secure/lib/libcrypto/man/bn.3
head/secure/lib/libcrypto/man/bn_internal.3
head/secure/lib/libcrypto/man/buffer.3
head/secure/lib/libcrypto/man/crypto.3
head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
head/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
head/secure/lib/libcrypto/man/d2i_DHparams.3
head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_ECPKParameters.3
head/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
head/secure/lib/libcrypto/man/d2i_PrivateKey.3
head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_X509.3
head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
head/secure/lib/libcrypto/man/d2i_X509_CRL.3
head/secure/lib/libcrypto/man/d2i_X509_NAME.3
head/secure/lib/libcrypto/man/d2i_X509_REQ.3
head/secure/lib/libcrypto/man/d2i_X509_SIG.3
head/secure/lib/libcrypto/man/des.3
head/secure/lib/libcrypto/man/dh.3
head/secure/lib/libcrypto/man/dsa.3
head/secure/lib/libcrypto/man/ec.3
head/secure/lib/libcrypto/man/ecdsa.3
head/secure/lib/libcrypto/man/engine.3
head/secure/lib/libcrypto/man/err.3
head/secure/lib/libcrypto/man/evp.3
head/secure/lib/libcrypto/man/hmac.3
head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
head/secure/lib/libcrypto/man/lh_stats.3
head/secure/lib/libcrypto/man/lhash.3
head/secure/lib/libcrypto/man/md5.3
head/secure/lib/libcrypto/man/mdc2.3
head/secure/lib/libcrypto/man/pem.3
head/secure/lib/libcrypto/man/rand.3
head/secure/lib/libcrypto/man/rc4.3
head/secure/lib/libcrypto/man/ripemd.3
head/secure/lib/libcrypto/man/rsa.3
head/secure/lib/libcrypto/man/sha.3
head/secure/lib/libcrypto/man/threads.3
head/secure/lib/libcrypto/man/ui.3
head/secure/lib/libcrypto/man/ui_compat.3
head/secure/lib/libcrypto/man/x509.3
head/secure/lib/libssl/man/SSL_CIPHER_get_name.3
head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
head/secure/lib/libssl/man/SSL_CONF_CTX_new.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
head/secure/lib/libssl/man/SSL_CONF_cmd.3
head/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
head/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_session.3
head/secure/lib/libssl/man/SSL_CTX_ctrl.3
head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
head/secure/lib/libssl/man/SSL_CTX_free.3
head/secure/lib/libssl/man/SSL_CTX_get0_param.3
head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
head/secure/lib/libssl/man/SSL_CTX_new.3
head/secure/lib/libssl/man/SSL_CTX_sess_number.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
head/secure/lib/libssl/man/SSL_CTX_sessions.3
head/secure/lib/libssl/man/SSL_CTX_set1_curves.3
head/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
head/secure/lib/libssl/man/SSL_CTX_set_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_options.3
head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
head/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
head/secure/lib/libssl/man/SSL_CTX_set_timeout.3
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_verify.3
head/secure/lib/libssl/man/SSL_CTX_use_certificate.3
head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
head/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
head/secure/lib/libssl/man/SSL_SESSION_free.3
head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_SESSION_get_time.3
head/secure/lib/libssl/man/SSL_accept.3
head/secure/lib/libssl/man/SSL_alert_type_string.3
head/secure/lib/libssl/man/SSL_check_chain.3
head/secure/lib/libssl/man/SSL_clear.3
head/secure/lib/libssl/man/SSL_connect.3
head/secure/lib/libssl/man/SSL_do_handshake.3
head/secure/lib/libssl/man/SSL_export_keying_material.3
head/secure/lib/libssl/man/SSL_free.3
head/secure/lib/libssl/man/SSL_get_SSL_CTX.3
head/secure/lib/libssl/man/SSL_get_ciphers.3
head/secure/lib/libssl/man/SSL_get_client_CA_list.3
head/secure/lib/libssl/man/SSL_get_current_cipher.3
head/secure/lib/libssl/man/SSL_get_default_timeout.3
head/secure/lib/libssl/man/SSL_get_error.3
head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
head/secure/lib/libssl/man/SSL_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_get_fd.3
head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
head/secure/lib/libssl/man/SSL_get_peer_certificate.3
head/secure/lib/libssl/man/SSL_get_psk_identity.3
head/secure/lib/libssl/man/SSL_get_rbio.3
head/secure/lib/libssl/man/SSL_get_session.3
head/secure/lib/libssl/man/SSL_get_verify_result.3
head/secure/lib/libssl/man/SSL_get_version.3
head/secure/lib/libssl/man/SSL_library_init.3
head/secure/lib/libssl/man/SSL_load_client_CA_file.3
head/secure/lib/libssl/man/SSL_new.3
head/secure/lib/libssl/man/SSL_pending.3
head/secure/lib/libssl/man/SSL_read.3
head/secure/lib/libssl/man/SSL_rstate_string.3
head/secure/lib/libssl/man/SSL_session_reused.3
head/secure/lib/libssl/man/SSL_set_bio.3
head/secure/lib/libssl/man/SSL_set_connect_state.3
head/secure/lib/libssl/man/SSL_set_fd.3
head/secure/lib/libssl/man/SSL_set_session.3
head/secure/lib/libssl/man/SSL_set_shutdown.3
head/secure/lib/libssl/man/SSL_set_verify_result.3
head/secure/lib/libssl/man/SSL_shutdown.3
head/secure/lib/libssl/man/SSL_state_string.3
head/secure/lib/libssl/man/SSL_want.3
head/secure/lib/libssl/man/SSL_write.3
head/secure/lib/libssl/man/d2i_SSL_SESSION.3
head/secure/lib/libssl/man/ssl.3
head/secure/usr.bin/openssl/man/CA.pl.1
head/secure/usr.bin/openssl/man/asn1parse.1
head/secure/usr.bin/openssl/man/ca.1
head/secure/usr.bin/openssl/man/ciphers.1
head/secure/usr.bin/openssl/man/cms.1
head/secure/usr.bin/openssl/man/crl.1
head/secure/usr.bin/openssl/man/crl2pkcs7.1
head/secure/usr.bin/openssl/man/dgst.1
head/secure/usr.bin/openssl/man/dhparam.1
head/secure/usr.bin/openssl/man/dsa.1
head/secure/usr.bin/openssl/man/dsaparam.1
head/secure/usr.bin/openssl/man/ec.1
head/secure/usr.bin/openssl/man/ecparam.1
head/secure/usr.bin/openssl/man/enc.1
head/secure/usr.bin/openssl/man/errstr.1
head/secure/usr.bin/openssl/man/gendsa.1
head/secure/usr.bin/openssl/man/genpkey.1
head/secure/usr.bin/openssl/man/genrsa.1
head/secure/usr.bin/openssl/man/nseq.1
head/secure/usr.bin/openssl/man/ocsp.1
head/secure/usr.bin/openssl/man/openssl.1
head/secure/usr.bin/openssl/man/passwd.1
head/secure/usr.bin/openssl/man/pkcs12.1
head/secure/usr.bin/openssl/man/pkcs7.1
head/secure/usr.bin/openssl/man/pkcs8.1
head/secure/usr.bin/openssl/man/pkey.1
head/secure/usr.bin/openssl/man/pkeyparam.1
head/secure/usr.bin/openssl/man/pkeyutl.1
head/secure/usr.bin/openssl/man/rand.1
head/secure/usr.bin/openssl/man/req.1
head/secure/usr.bin/openssl/man/rsa.1
head/secure/usr.bin/openssl/man/rsautl.1
head/secure/usr.bin/openssl/man/s_client.1
head/secure/usr.bin/openssl/man/s_server.1
head/secure/usr.bin/openssl/man/s_time.1
head/secure/usr.bin/openssl/man/sess_id.1
head/secure/usr.bin/openssl/man/smime.1
head/secure/usr.bin/openssl/man/speed.1
head/secure/usr.bin/openssl/man/spkac.1
head/secure/usr.bin/openssl/man/ts.1
head/secure/usr.bin/openssl/man/tsget.1
head/secure/usr.bin/openssl/man/verify.1
head/secure/usr.bin/openssl/man/version.1
head/secure/usr.bin/openssl/man/x509.1
head/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
head/crypto/openssl/ (props changed)
Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/CHANGES Tue Mar 27 17:17:58 2018 (r331627)
@@ -7,6 +7,21 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
+
+ *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+ Constructed ASN.1 types with a recursive definition (such as can be found
+ in PKCS7) could eventually exceed the stack given malicious input with
+ excessive recursion. This could result in a Denial Of Service attack. There
+ are no such structures used within SSL/TLS that come from untrusted sources
+ so this is considered safe.
+
+ This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+ project.
+ (CVE-2018-0739)
+ [Matt Caswell]
+
Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
*) Read/write after SSL object in error state
@@ -2012,8 +2027,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]
- *) Add SRP support.
- [Tom Wu <tjw at cs.stanford.edu> and Ben Laurie]
+ *) A long standing patch to add support for SRP from EdelWeb (Peter
+ Sylvester and Christophe Renou) was integrated.
+ [Christophe Renou <christophe.renou at edelweb.fr>, Peter Sylvester
+ <peter.sylvester at edelweb.fr>, Tom Wu <tjw at cs.stanford.edu>, and
+ Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]
Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/Configure Tue Mar 27 17:17:58 2018 (r331627)
@@ -354,7 +354,7 @@ my %table=(
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# DEC Alpha OSF/1/Tru64 targets.
#
@@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; }
-if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{
$cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
@@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
-my $ecc = $cc;
-$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+my %predefined;
+# collect compiler pre-defines from gcc or gcc-alike...
+open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
+while (<PIPE>) {
+ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+ $predefined{$1} = defined($2) ? $2 : "";
+}
+close(PIPE);
+
if ($strict_warnings)
{
my $wopt;
- die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+ die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
- if ($ecc eq "clang")
+ if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
@@ -1723,15 +1730,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
Modified: head/crypto/openssl/LICENSE
==============================================================================
--- head/crypto/openssl/LICENSE Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/LICENSE Tue Mar 27 17:17:58 2018 (r331627)
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Modified: head/crypto/openssl/Makefile
==============================================================================
--- head/crypto/openssl/Makefile Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/Makefile Tue Mar 27 17:17:58 2018 (r331627)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2n
+VERSION=1.0.2o
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -73,7 +73,7 @@ NM= nm
PERL= /usr/bin/perl
TAR= tar
TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
+MAKEDEPPROG= cc
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/NEWS Tue Mar 27 17:17:58 2018 (r331627)
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
+
+ o Constructed ASN.1 types with a recursive definition could exceed the
+ stack (CVE-2018-0739)
+
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
o Read/write after SSL object in error state (CVE-2017-3737)
Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/README Tue Mar 27 17:17:58 2018 (r331627)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2n 7 Dec 2017
+ OpenSSL 1.0.2o 27 Mar 2018
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: head/crypto/openssl/apps/app_rand.c
==============================================================================
--- head/crypto/openssl/apps/app_rand.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/app_rand.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, i
#endif
if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
+ file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) {
/*
* we try if the given filename is an EGD socket. if it is, we don't
@@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
return 0;
if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
+ file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n");
return 0;
Modified: head/crypto/openssl/apps/apps.c
==============================================================================
--- head/crypto/openssl/apps/apps.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/apps.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM
BUF_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
#ifdef RL_DEBUG
@@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
@@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err;
#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+ BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
#else
- BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+ BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
#endif
dbattr_conf = NCONF_new(NULL);
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
@@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
@@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_s
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
@@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *c
JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx);
- BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+ BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
(void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a);
}
@@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *c
JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx);
- BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+ BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
(void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b);
}
@@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
char buf[10240];
int l;
- l = BIO_gets(bconn, buf, sizeof buf);
+ l = BIO_gets(bconn, buf, sizeof(buf));
assert(l > 0);
assert(buf[l - 1] == '\n');
buf[l - 1] = '\0';
@@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *
int l;
JPAKE_STEP3A_init(&s3a);
- l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
- assert(l == sizeof s3a.hhk);
+ l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
+ assert(l == sizeof(s3a.hhk));
if (!JPAKE_STEP3A_process(ctx, &s3a)) {
ERR_print_errors(bio_err);
exit(1);
@@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *
int l;
JPAKE_STEP3B_init(&s3b);
- l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
- assert(l == sizeof s3b.hk);
+ l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
+ assert(l == sizeof(s3b.hk));
if (!JPAKE_STEP3B_process(ctx, &s3b)) {
ERR_print_errors(bio_err);
exit(1);
Modified: head/crypto/openssl/apps/ca.c
==============================================================================
--- head/crypto/openssl/apps/ca.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/ca.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
- X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
- NULL;
+ X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
ASN1_UTCTIME *tm, *tmptm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
@@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
- if (push != NULL)
- X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
goto err;
}
- if (verbose)
- BIO_printf(bio_err,
- "The subject name appears to be ok, checking data base for clashes\n");
-
- /* Build the correct Subject if no e-mail is wanted in the subject */
- /*
- * and add it later on because of the method extensions are added
- * (altName)
- */
-
- if (email_dn)
- dn_subject = subject;
- else {
- X509_NAME_ENTRY *tmpne;
- /*
- * Its best to dup the subject DN and then delete any email addresses
- * because this retains its structure.
- */
- if (!(dn_subject = X509_NAME_dup(subject))) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
- }
- while ((i = X509_NAME_get_index_by_NID(dn_subject,
- NID_pkcs9_emailAddress,
- -1)) >= 0) {
- tmpne = X509_NAME_get_entry(dn_subject, i);
- X509_NAME_delete_entry(dn_subject, i);
- X509_NAME_ENTRY_free(tmpne);
- }
- }
-
- if (BN_is_zero(serial))
- row[DB_serial] = BUF_strdup("00");
- else
- row[DB_serial] = BN_bn2hex(serial);
- if (row[DB_serial] == NULL) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
- }
-
- if (db->attributes.unique_subject) {
- OPENSSL_STRING *crow = row;
-
- rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
- if (rrow != NULL) {
- BIO_printf(bio_err,
- "ERROR:There is already a certificate for %s\n",
- row[DB_name]);
- }
- }
- if (rrow == NULL) {
- rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
- if (rrow != NULL) {
- BIO_printf(bio_err,
- "ERROR:Serial number %s has already been issued,\n",
- row[DB_serial]);
- BIO_printf(bio_err,
- " check the database/serial_file for corruption\n");
- }
- }
-
- if (rrow != NULL) {
- BIO_printf(bio_err, "The matching entry has the following details\n");
- if (rrow[DB_type][0] == 'E')
- p = "Expired";
- else if (rrow[DB_type][0] == 'R')
- p = "Revoked";
- else if (rrow[DB_type][0] == 'V')
- p = "Valid";
- else
- p = "\ninvalid type, Data base error\n";
- BIO_printf(bio_err, "Type :%s\n", p);;
- if (rrow[DB_type][0] == 'R') {
- p = rrow[DB_exp_date];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Was revoked on:%s\n", p);
- }
- p = rrow[DB_exp_date];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Expires on :%s\n", p);
- p = rrow[DB_serial];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Serial Number :%s\n", p);
- p = rrow[DB_file];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "File name :%s\n", p);
- p = rrow[DB_name];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Subject Name :%s\n", p);
- ok = -1; /* This is now a 'bad' error. */
- goto err;
- }
-
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,
@@ -2056,12 +1955,126 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
goto err;
}
- /* Set the right value for the noemailDN option */
- if (email_dn == 0) {
- if (!X509_set_subject_name(ret, dn_subject))
+ if (verbose)
+ BIO_printf(bio_err,
+ "The subject name appears to be ok, checking data base for clashes\n");
+
+ /* Build the correct Subject if no e-mail is wanted in the subject */
+
+ if (!email_dn) {
+ X509_NAME_ENTRY *tmpne;
+ X509_NAME *dn_subject;
+
+ /*
+ * Its best to dup the subject DN and then delete any email addresses
+ * because this retains its structure.
+ */
+ if (!(dn_subject = X509_NAME_dup(subject))) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
+ }
+ while ((i = X509_NAME_get_index_by_NID(dn_subject,
+ NID_pkcs9_emailAddress,
+ -1)) >= 0) {
+ tmpne = X509_NAME_get_entry(dn_subject, i);
+ X509_NAME_delete_entry(dn_subject, i);
+ X509_NAME_ENTRY_free(tmpne);
+ }
+
+ if (!X509_set_subject_name(ret, dn_subject)) {
+ X509_NAME_free(dn_subject);
+ goto err;
+ }
+ X509_NAME_free(dn_subject);
}
+ row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+ if (row[DB_name] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ if (BN_is_zero(serial))
+ row[DB_serial] = BUF_strdup("00");
+ else
+ row[DB_serial] = BN_bn2hex(serial);
+ if (row[DB_serial] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ if (row[DB_name][0] == '\0') {
+ /*
+ * An empty subject! We'll use the serial number instead. If
+ * unique_subject is in use then we don't want different entries with
+ * empty subjects matching each other.
+ */
+ OPENSSL_free(row[DB_name]);
+ row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+ if (row[DB_name] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+
+ if (db->attributes.unique_subject) {
+ OPENSSL_STRING *crow = row;
+
+ rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
+ }
+ if (rrow == NULL) {
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
+ BIO_printf(bio_err,
+ " check the database/serial_file for corruption\n");
+ }
+ }
+
+ if (rrow != NULL) {
+ BIO_printf(bio_err, "The matching entry has the following details\n");
+ if (rrow[DB_type][0] == 'E')
+ p = "Expired";
+ else if (rrow[DB_type][0] == 'R')
+ p = "Revoked";
+ else if (rrow[DB_type][0] == 'V')
+ p = "Valid";
+ else
+ p = "\ninvalid type, Data base error\n";
+ BIO_printf(bio_err, "Type :%s\n", p);;
+ if (rrow[DB_type][0] == 'R') {
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Was revoked on:%s\n", p);
+ }
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Expires on :%s\n", p);
+ p = rrow[DB_serial];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Serial Number :%s\n", p);
+ p = rrow[DB_file];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "File name :%s\n", p);
+ p = rrow[DB_name];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Subject Name :%s\n", p);
+ ok = -1; /* This is now a 'bad' error. */
+ goto err;
+ }
+
if (!default_op) {
BIO_printf(bio_err, "Certificate Details:\n");
/*
@@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8);
- row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) ||
- (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+ (row[DB_file] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
irow = NULL;
ok = 1;
err:
- if (irow != NULL) {
+ if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
- OPENSSL_free(irow);
}
+ OPENSSL_free(irow);
if (CAname != NULL)
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
- if ((dn_subject != NULL) && !email_dn)
- X509_NAME_free(dn_subject);
if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm);
if (ok <= 0) {
@@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type,
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
+ if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+ /* Entries with empty Subjects actually use the serial number instead */
+ OPENSSL_free(row[DB_name]);
+ row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+ }
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
Modified: head/crypto/openssl/apps/ciphers.c
==============================================================================
--- head/crypto/openssl/apps/ciphers.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/ciphers.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -217,7 +217,7 @@ int MAIN(int argc, char **argv)
BIO_printf(STDout, "%s - ", nm);
}
#endif
- BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
+ BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
Modified: head/crypto/openssl/apps/cms.c
==============================================================================
--- head/crypto/openssl/apps/cms.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/cms.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -977,12 +977,16 @@ int MAIN(int argc, char **argv)
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate");
- if (!signer)
+ if (!signer) {
+ ret = 2;
goto end;
+ }
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
- if (!key)
+ if (!key) {
+ ret = 2;
goto end;
+ }
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
Modified: head/crypto/openssl/apps/dgst.c
==============================================================================
--- head/crypto/openssl/apps/dgst.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/dgst.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -145,7 +145,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
- program_name(argv[0], pname, sizeof pname);
+ program_name(argv[0], pname, sizeof(pname));
md = EVP_get_digestbyname(pname);
Modified: head/crypto/openssl/apps/dsaparam.c
==============================================================================
--- head/crypto/openssl/apps/dsaparam.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/dsaparam.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -382,6 +382,9 @@ int MAIN(int argc, char **argv)
printf("\treturn(dsa);\n\t}\n");
}
+ if (outformat == FORMAT_ASN1 && genkey)
+ noout = 1;
+
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
Modified: head/crypto/openssl/apps/ecparam.c
==============================================================================
--- head/crypto/openssl/apps/ecparam.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/ecparam.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -546,6 +546,9 @@ int MAIN(int argc, char **argv)
BIO_printf(out, "\treturn(group);\n\t}\n");
}
+ if (outformat == FORMAT_ASN1 && genkey)
+ noout = 1;
+
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
@@ -581,6 +584,9 @@ int MAIN(int argc, char **argv)
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
+
+ if (new_form)
+ EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
EC_KEY_free(eckey);
Modified: head/crypto/openssl/apps/enc.c
==============================================================================
--- head/crypto/openssl/apps/enc.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/enc.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -114,7 +114,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
static const char magic[] = "Salted__";
- char mbuf[sizeof magic - 1];
+ char mbuf[sizeof(magic) - 1];
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
@@ -154,7 +154,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
- program_name(argv[0], pname, sizeof pname);
+ program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0)
base64 = 1;
#ifdef ZLIB
@@ -247,7 +247,7 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0] = '\0';
- if (!fgets(buf, sizeof buf, infile)) {
+ if (!fgets(buf, sizeof(buf), infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad;
}
@@ -432,7 +432,7 @@ int MAIN(int argc, char **argv)
for (;;) {
char buf[200];
- BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
+ BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
@@ -517,31 +517,31 @@ int MAIN(int argc, char **argv)
else {
if (enc) {
if (hsalt) {
- if (!set_hex(hsalt, salt, sizeof salt)) {
+ if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
- } else if (RAND_bytes(salt, sizeof salt) <= 0)
+ } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end;
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
- sizeof magic - 1) != sizeof magic - 1
+ sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
- sizeof salt) != sizeof salt)) {
+ sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
- } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+ } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
- sizeof salt) != sizeof salt) {
+ sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
- } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+ } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
@@ -564,7 +564,7 @@ int MAIN(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
- } else if (!set_hex(hiv, iv, sizeof iv)) {
+ } else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
Modified: head/crypto/openssl/apps/errstr.c
==============================================================================
--- head/crypto/openssl/apps/errstr.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/errstr.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
for (i = 1; i < argc; i++) {
if (sscanf(argv[i], "%lx", &l)) {
- ERR_error_string_n(l, buf, sizeof buf);
+ ERR_error_string_n(l, buf, sizeof(buf));
printf("%s\n", buf);
} else {
printf("%s: bad error code\n", argv[i]);
Modified: head/crypto/openssl/apps/ocsp.c
==============================================================================
--- head/crypto/openssl/apps/ocsp.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/ocsp.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcb
*pcbio = cbio;
for (;;) {
- len = BIO_gets(cbio, inbuf, sizeof inbuf);
+ len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
Modified: head/crypto/openssl/apps/openssl.c
==============================================================================
--- head/crypto/openssl/apps/openssl.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/openssl.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[])
prog = prog_init();
/* first check the program name */
- program_name(Argv[0], pname, sizeof pname);
+ program_name(Argv[0], pname, sizeof(pname));
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
@@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[])
for (;;) {
ret = 0;
p = buf;
- n = sizeof buf;
+ n = sizeof(buf);
i = 0;
for (;;) {
p[0] = '\0';
@@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void)
/* Purely so it looks nice when the user hits ? */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
- qsort(functions, i, sizeof *functions, SortFnByName);
+ qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new()) == NULL)
return (NULL);
Modified: head/crypto/openssl/apps/passwd.c
==============================================================================
--- head/crypto/openssl/apps/passwd.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/passwd.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
/* ignore rest of line */
char trash[BUFSIZ];
do
- r = BIO_gets(in, trash, sizeof trash);
+ r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n')));
}
@@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
- EVP_DigestUpdate(&md, buf, sizeof buf);
+ for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf))
+ EVP_DigestUpdate(&md, buf, sizeof(buf));
EVP_DigestUpdate(&md, buf, i);
n = passwd_len;
@@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *
for (i = 0; i < 1000; i++) {
EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
+ (i & 1) ? passwd_len : sizeof(buf));
if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
- (i & 1) ? sizeof buf : passwd_len);
+ (i & 1) ? sizeof(buf) : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
}
EVP_MD_CTX_cleanup(&md2);
@@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *
{
/* transform buf into output string */
- unsigned char buf_perm[sizeof buf];
+ unsigned char buf_perm[sizeof(buf)];
int dest, source;
char *output;
@@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
- assert(16 == sizeof buf_perm);
+ assert(16 == sizeof(buf_perm));
# endif
output = salt_out + salt_len;
Modified: head/crypto/openssl/apps/pkcs12.c
==============================================================================
--- head/crypto/openssl/apps/pkcs12.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/pkcs12.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read MAC password");
# endif
if (EVP_read_pw_string
- (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+ (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -629,13 +629,13 @@ int MAIN(int argc, char **argv)
# endif
if (!noprompt &&
- EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
+ EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
if (!twopass)
- BUF_strlcpy(macpass, pass, sizeof macpass);
+ BUF_strlcpy(macpass, pass, sizeof(macpass));
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -698,7 +698,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read import password");
# endif
if (!noprompt
- && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
+ && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
@@ -708,7 +708,7 @@ int MAIN(int argc, char **argv)
# endif
if (!twopass)
- BUF_strlcpy(macpass, pass, sizeof macpass);
+ BUF_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && p12->mac)
BIO_printf(bio_err, "MAC Iteration %ld\n",
Modified: head/crypto/openssl/apps/pkcs8.c
==============================================================================
--- head/crypto/openssl/apps/pkcs8.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/pkcs8.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -277,7 +277,7 @@ int MAIN(int argc, char **argv)
else {
p8pass = pass;
if (EVP_read_pw_string
- (pass, sizeof pass, "Enter Encryption Password:", 1))
+ (pass, sizeof(pass), "Enter Encryption Password:", 1))
goto end;
}
app_RAND_load_file(NULL, bio_err, 0);
@@ -331,7 +331,7 @@ int MAIN(int argc, char **argv)
p8pass = passin;
else {
p8pass = pass;
- EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
+ EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0);
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}
Modified: head/crypto/openssl/apps/rand.c
==============================================================================
--- head/crypto/openssl/apps/rand.c Tue Mar 27 17:04:01 2018 (r331626)
+++ head/crypto/openssl/apps/rand.c Tue Mar 27 17:17:58 2018 (r331627)
@@ -198,7 +198,7 @@ int MAIN(int argc, char **argv)
chunk = num;
if (chunk > (int)sizeof(buf))
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list