summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBen Laurie <ben@openssl.org>2012-06-08 09:18:47 +0000
committerBen Laurie <ben@openssl.org>2012-06-08 09:18:47 +0000
commitaf454b5bb09bf647b4854dc277f2eefc151b2608 (patch)
treedc263a92a0e3e5c73ec5ea049a92411f51e0eb57
parent5b2bbf37fa2f90ac1b6ab381179d739ae376723b (diff)
Reduce version skew.
Diffstat
-rw-r--r--apps/ca.c1
-rw-r--r--apps/dgst.c4
-rw-r--r--apps/dsaparam.c9
-rw-r--r--apps/s_cb.c4
-rw-r--r--apps/s_client.c4
-rw-r--r--apps/s_server.c14
-rw-r--r--apps/speed.c4
-rw-r--r--apps/srp.c30
-rw-r--r--apps/verify.c11
-rw-r--r--apps/x509.c4
-rw-r--r--crypto/aes/aes_misc.c1
-rw-r--r--crypto/bio/bss_dgram.c10
-rw-r--r--crypto/bn/bn_div.c2
-rw-r--r--crypto/bn/bn_gcd.c1
-rw-r--r--crypto/camellia/cmll_misc.c1
-rw-r--r--crypto/cast/c_skey.c1
-rw-r--r--crypto/cms/cms_enc.c2
-rw-r--r--crypto/cms/cms_lib.c2
-rw-r--r--crypto/cryptlib.c1
-rw-r--r--crypto/cryptlib.h2
-rw-r--r--crypto/crypto.h4
-rw-r--r--crypto/des/set_key.c3
-rw-r--r--crypto/des/str2key.c2
-rw-r--r--crypto/ec/ec.h20
-rw-r--r--crypto/ec/ec_pmeth.c2
-rw-r--r--crypto/ec/ecp_mont.c1
-rw-r--r--crypto/ec/ectest.c2
-rw-r--r--crypto/ecdh/ech_key.c3
-rw-r--r--crypto/err/err_all.c13
-rw-r--r--crypto/evp/Makefile2
-rw-r--r--crypto/evp/digest.c1
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c1
-rw-r--r--crypto/evp/e_rc4.c1
-rw-r--r--crypto/evp/evp.h7
-rw-r--r--crypto/evp/m_dss.c2
-rw-r--r--crypto/evp/m_dss1.c2
-rw-r--r--crypto/evp/m_md4.c2
-rw-r--r--crypto/evp/m_md5.c1
-rw-r--r--crypto/evp/m_mdc2.c2
-rw-r--r--crypto/evp/m_ripemd.c1
-rw-r--r--crypto/evp/m_sha.c1
-rw-r--r--crypto/evp/m_sha1.c2
-rw-r--r--crypto/evp/m_wp.c1
-rw-r--r--crypto/evp/p_sign.c2
-rw-r--r--crypto/evp/p_verify.c2
-rw-r--r--crypto/idea/i_skey.c1
-rw-r--r--crypto/mdc2/mdc2dgst.c2
-rw-r--r--crypto/mem.c2
-rw-r--r--crypto/modes/asm/ghash-x86.pl6
-rw-r--r--crypto/modes/gcm128.c2
-rw-r--r--crypto/pem/pem_lib.c27
-rw-r--r--crypto/pem/pem_seal.c6
-rw-r--r--crypto/perlasm/cbc.pl2
-rw-r--r--crypto/perlasm/x86masm.pl1
-rw-r--r--crypto/pkcs12/p12_key.c24
-rw-r--r--crypto/pkcs7/bio_pk7.c2
-rw-r--r--crypto/rand/md_rand.c2
-rw-r--r--crypto/rand/rand_lib.c6
-rw-r--r--crypto/rand/randfile.c2
-rw-r--r--crypto/rc2/rc2_skey.c1
-rw-r--r--crypto/rsa/rsa.h2
-rw-r--r--crypto/rsa/rsa_eay.c6
-rw-r--r--crypto/seed/seed.c1
-rw-r--r--crypto/sha/asm/sha1-ia64.pl3
-rw-r--r--crypto/sha/asm/sha1-sparcv9a.pl2
-rw-r--r--crypto/sha/asm/sha512-586.pl16
-rw-r--r--crypto/sha/sha1_one.c2
-rw-r--r--crypto/sha/sha1dgst.c2
-rw-r--r--crypto/sha/sha_dgst.c2
-rw-r--r--crypto/srp/srp_vfy.c5
-rw-r--r--crypto/ui/ui_openssl.c6
-rw-r--r--crypto/whrlpool/asm/wp-mmx.pl2
-rw-r--r--crypto/x509/x509_cmp.c15
-rw-r--r--crypto/x86cpuid.pl4
-rw-r--r--ssl/dtls1.h8
-rw-r--r--ssl/s2_srvr.c16
-rw-r--r--ssl/s3_both.c12
-rw-r--r--ssl/s3_clnt.c1
-rw-r--r--ssl/s3_pkt.c2
-rw-r--r--ssl/s3_srvr.c4
-rw-r--r--ssl/ssl.h7
-rw-r--r--ssl/ssl3.h6
-rw-r--r--ssl/ssl_lib.c2
-rw-r--r--ssl/ssl_rsa.c14
-rw-r--r--ssl/ssltest.c2
-rw-r--r--ssl/tls_srp.c3
86 files changed, 241 insertions, 178 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 2a83d1936e..1cf50e0029 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1408,6 +1408,7 @@ bad:
if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_HOURS, &crlhours))
crlhours = 0;
+ ERR_clear_error();
}
if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
{
diff --git a/apps/dgst.c b/apps/dgst.c
index b08e9a7c78..81bd870f99 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -216,10 +216,10 @@ int MAIN(int argc, char **argv)
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
- else if (strcmp(*argv,"-non-fips-allow") == 0)
- non_fips_allow=1;
else if (!strcmp(*argv,"-fips-fingerprint"))
hmac_key = "etaonrishdlcupfm";
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow=1;
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index fe72c1d3df..683d51391b 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -326,6 +326,7 @@ bad:
goto end;
}
#endif
+ ERR_print_errors(bio_err);
BIO_printf(bio_err,"Error, DSA key generation failed\n");
goto end;
}
@@ -429,13 +430,19 @@ bad:
assert(need_rand);
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
- if (!DSA_generate_key(dsakey)) goto end;
+ if (!DSA_generate_key(dsakey))
+ {
+ ERR_print_errors(bio_err);
+ DSA_free(dsakey);
+ goto end;
+ }
if (outformat == FORMAT_ASN1)
i=i2d_DSAPrivateKey_bio(out,dsakey);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
+ DSA_free(dsakey);
goto end;
}
DSA_free(dsakey);
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 2cd73376df..160b5bd59d 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -237,8 +237,8 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
/* If we are using DSA, we can copy the parameters from
* the private key */
-
-
+
+
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
diff --git a/apps/s_client.c b/apps/s_client.c
index fc806eb672..95d23e8608 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -357,7 +357,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -status - request certificate status from server\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
+# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
# endif
#endif
@@ -536,7 +536,7 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
return SSL_TLSEXT_ERR_OK;
}
-# endif
+# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
#endif
enum
diff --git a/apps/s_server.c b/apps/s_server.c
index 3f9b3704c6..7125afafc3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1206,13 +1206,13 @@ int MAIN(int argc, char *argv[])
{
if (--argc < 1) goto bad;
srp_verifier_file = *(++argv);
- meth=TLSv1_server_method();
+ meth = TLSv1_server_method();
}
else if (strcmp(*argv, "-srpuserseed") == 0)
{
if (--argc < 1) goto bad;
srpuserseed = *(++argv);
- meth=TLSv1_server_method();
+ meth = TLSv1_server_method();
}
#endif
else if (strcmp(*argv,"-www") == 0)
@@ -1730,7 +1730,7 @@ bad:
}
#endif
- if (!set_cert_key_stuff(ctx,s_cert,s_key))
+ if (!set_cert_key_stuff(ctx, s_cert, s_key))
goto end;
#ifndef OPENSSL_NO_TLSEXT
if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
@@ -1738,7 +1738,7 @@ bad:
#endif
if (s_dcert != NULL)
{
- if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
+ if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
goto end;
}
@@ -2433,6 +2433,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
if (next_proto_neg)
@@ -2701,6 +2702,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
}
BIO_puts(io,"\n");
+ BIO_printf(io,
+ "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ?
+ "" : " NOT");
+
/* The following is evil and should not really
* be done */
BIO_printf(io,"Ciphers supported in s_server binary\n");
diff --git a/apps/speed.c b/apps/speed.c
index 8358b12fdd..9886ca3766 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -254,7 +254,7 @@ static const char *names[ALGOR_NUM]={
"aes-128 cbc","aes-192 cbc","aes-256 cbc",
"camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
"evp","sha256","sha512","whirlpool",
- "aes-128 ige","aes-192 ige","aes-256 ige","ghash"};
+ "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
#ifndef OPENSSL_NO_RSA
@@ -299,7 +299,7 @@ static SIGRETTYPE sig_done(int sig)
#if defined(_WIN32)
#if !defined(SIGALRM)
-#define SIGALRM
+# define SIGALRM
#endif
static unsigned int lapse,schlock;
static void alarm_win32(unsigned int secs) { lapse = secs*1000; }
diff --git a/apps/srp.c b/apps/srp.c
index 80e1b8a660..9c7ae184db 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -125,13 +125,13 @@ static int get_index(CA_DB *db, char* id, char type)
if (type == DB_SRP_INDEX)
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
- if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
+ pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
+ if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
return i;
}
else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+ pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
return i;
@@ -145,7 +145,7 @@ static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
if (indx >= 0 && verbose)
{
int j;
- char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx);
+ char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
for (j = 0; j < DB_NUMBER; j++)
{
@@ -163,7 +163,7 @@ static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
{
if (verbose > 0)
{
- char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
if (pp[DB_srptype][0] != 'I')
{
@@ -517,7 +517,7 @@ bad:
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+ pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX)
{
@@ -533,8 +533,8 @@ bad:
if (gNindex >= 0)
{
- gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
- print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ;
+ gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
+ print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
}
else if (maxgN > 0 && !SRP_get_default_gN(gN))
{
@@ -587,7 +587,7 @@ bad:
if (userindex >= 0)
{
/* reactivation of a new user */
- char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
row[DB_srptype][0] = 'V';
@@ -634,7 +634,7 @@ bad:
else
{
- char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
char type = row[DB_srptype][0];
if (type == 'v')
{
@@ -664,9 +664,9 @@ bad:
if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
{
- BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
- errors++;
- goto err;
+ BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
+ errors++;
+ goto err;
}
row[DB_srptype][0] = 'v';
@@ -689,7 +689,7 @@ bad:
}
else
{
- char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+ char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
xpp[DB_srptype][0] = 'R';
@@ -714,7 +714,7 @@ bad:
/* Lets check some fields */
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+ pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
if (pp[DB_srptype][0] == 'v')
{
diff --git a/apps/verify.c b/apps/verify.c
index b9749dcd36..0f34b865ad 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -235,13 +235,16 @@ end:
BIO_printf(bio_err," [-engine e]");
#endif
BIO_printf(bio_err," cert1 cert2 ...\n");
+
BIO_printf(bio_err,"recognized usages:\n");
- for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+ for(i = 0; i < X509_PURPOSE_get_count(); i++)
+ {
X509_PURPOSE *ptmp;
ptmp = X509_PURPOSE_get0(i);
- BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
- X509_PURPOSE_get0_name(ptmp));
- }
+ BIO_printf(bio_err, "\t%-10s\t%s\n",
+ X509_PURPOSE_get0_sname(ptmp),
+ X509_PURPOSE_get0_name(ptmp));
+ }
}
if (vpm) X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
diff --git a/apps/x509.c b/apps/x509.c
index e6e5e0d4e5..3863ab968d 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -288,7 +288,7 @@ int MAIN(int argc, char **argv)
days=atoi(*(++argv));
if (days == 0)
{
- BIO_printf(STDout,"bad number of days\n");
+ BIO_printf(bio_err,"bad number of days\n");
goto bad;
}
}
@@ -912,7 +912,7 @@ bad:
}
else if (text == i)
{
- X509_print_ex(out,x,nmflag, certflag);
+ X509_print_ex(STDout,x,nmflag, certflag);
}
else if (startdate == i)
{
diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
index f083488ecb..6c181cae8d 100644
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@@ -50,7 +50,6 @@
*/
#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
#include <openssl/aes.h>
#include "aes_locl.h"
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 1b1e4bec81..46cbe8a407 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -81,6 +81,16 @@
#define IP_MTU 14 /* linux is lame */
#endif
+#ifdef __FreeBSD__
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a) \
+ (((a)->s6_addr32[0] == 0) && \
+ ((a)->s6_addr32[1] == 0) && \
+ ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+
#ifdef WATT32
#define sock_write SockWrite /* Watt-32 uses same names */
#define sock_read SockRead
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 52b